When we implement Quality of Service (QoS) the first step
is classification, by default our router does not care about what kind of IP
packets it is. Our router just looks at the routing table to find the correct
destination IP address and forwards.
When we configure QoS technologies like queuing, policing, or shaping before doing first we have to identify what kind of traffic is
running on our routers so we can figure out what kind of application it
belongs to. This is classification.
What
is Quality of Service (QOS)?
What
is Modular Quality of service CLI (MQC)?
What
is Classification and marking? What are IP Precedence and DSCP Values? What is
AF and EF?
Once we identify our traffic (classify). Now we can mark and
apply QoS policy to it.
There are a few methods on IOS routers for classification:
Header inspection It is a simple classification method and it works really good but has some disadvantages. Let’s say we configure our router all the applications run TCP and its destination is HTTP port 80. Anyhow some other applications are also using TCP port 80. The router is going to perform the same action on both.
Payload inspection This is reliable and it will do deep packet inspection. This
method will look at the content of the payload and recognize the application. On
our Cisco IOS, this is done with the help of NBAR (network-based application
recognition)
NBAR router inspects incoming IP packets and matches them with
attributes and signatures in the (packet description language module) PDLM. NBAR is commonly
used to block websites and it’s very popular for classification
NBAR classification modern client-server and web-based
applications. Perform identification of applications and protocols (layers
4-7) NBAR Performs protocol discovery and provides traffic statistics. NBAR enables downstream action based on QoS policies via
(RED), class-based queuing, and policing. New applications are easily supported by loading a PDLM.
NBAR can classify applications that use Statically assigned TCP and UDP port numbers. Non-UDP and non-TCP IP protocols. Dynamically assigned TCP and UDP port numbers negotiated
during connection establishing (requires stateful inspection)
NBAR2 is the next generation of NBAR, enhancing the
application recognition engine to support more than 1000 applications. NBAR2
functionality requires an advanced license
Packet description language module
PDLMs allow NBAR to recognize new protocol-matching text
patterns in data packets without requiring a new Cisco IOS software image or a
router reload. An external PDLM can be loaded at run time to extend the
NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol
recognition capability. PDLMs must be produced by Cisco engineers.
NBAR Protocol Discovery
Analyze application traffic patterns in real-time and discover which traffic is running on the
network. Provides bidirectional, per-interface, and per-protocol
statistics. Important monitoring tool supported by Cisco QoS management
tools Generates real-time application statistics Provides traffic distribution information at key network
locations.
let's see the configuration: -
Topology:
- configure the topology as per our diagram
- assign the IP address to their respective interfaces
- configure EIGRP AS65100
- configure outbound MQC
- configure IP precedence of 1 to ICMP packets, IP precedence of 2 HTTP packets and configure DSCP EF TO VoIP.
R1(config)#interface serial 4/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no keepalive
R1(config-if)#no shutdown
R1(config-if)#exit
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
Serial4/0 192.168.10.1 YES manual up up
R2(config)#interface serial 4/0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#no keepalive
R2(config-if)#exit
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.1 YES manual up up
Serial4/0 192.168.10.2 YES manual up up
R1(config)#router eigrp 65100
R1(config-router)#network 192.168.10.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit
R2(config)#router eigrp 65100
R2(config-router)#network 192.168.10.0
R2(config-router)#network 192.168.10.0
R2(config-router)#network 20.1.1.1
R2(config-router)#no auto-summary
R2(config-router)#exit
*Oct 11 18:22:53.123: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.10.1 (Serial4/0) is up: new adjacency
R1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 20.0.0.0/8 [90/2172416] via 192.168.10.2, 00:00:21, Serial4/0
R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.10.2 Se4/0 13 00:00:31 54 324 0 4
R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
D 10.0.0.0/8 [90/2172416] via 192.168.10.1, 00:00:42, Serial4/0
R2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 192.168.10.1 Se4/0 11 00:00:46 44 264 0 3
R1(config)#class-map HTTP
R1(config-cmap)#match protocol http
R1(config-cmap)#exit
R1(config)#class-map VoIP
R1(config-cmap)#match access-group name VOICE
R1(config-cmap)#exit
R1(config)#class-map ICMP
R1(config-cmap)#match protocol icmp
R1(config-cmap)#exit
R1(config)#ip access-list extended VOICE
R1(config-ext-nacl)#permit udp any any range 16380 32760
R1(config-ext-nacl)#exit
R1(config)#policy-map INTERNETWORKS
R1(config-pmap)#class ICMP
R1(config-pmap-c)#set ip precedence 1
R1(config-pmap-c)#exit
R1(config-pmap)#class HTTP
R1(config-pmap-c)#set ip precedence 2
R1(config-pmap-c)#exit
R1(config-pmap)#class VoIP
R1(config-pmap-c)#set ip dscp ef
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#exit
R1#show run policy-map
Building configuration...
Current configuration : 132 bytes
!
policy-map INTERNETWORKS
class ICMP
set ip precedence 1
class HTTP
set ip precedence 2
class VoIP
set ip dscp ef
!
end
R1#show run class-map
Building configuration...
Current configuration : 156 bytes
!
class-map match-all ICMP
match protocol icmp
class-map match-all HTTP
match protocol http
class-map match-all VoIP
match access-group name VOICE
end
R1(config)#interface serial 4/0
R1(config-if)#service-policy output INTERNETWORKS
R1(config-if)#EXIT
R1(config)#END
R1#show policy-map interface serial 4/0
Serial4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol icmp
QoS Set
precedence 1
Packets marked 0
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
QoS Set
precedence 2
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
QoS Set
dscp ef
Packets marked 0
Class-map: class-default (match-any)
7 packets, 368 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
R1#ping 20.1.1.1 source 10.1.1.1 repeat 16
Type escape sequence to abort.
Sending 16, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!!!!!!!!!!!!
Success rate is 100 percent (16/16), round-trip min/avg/max = 32/46/52 ms
R1#show policy-map interface serial 4/0
Serial4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
16 packets, 1664 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: protocol icmp
QoS Set
precedence 1
Packets marked 16
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
QoS Set
precedence 2
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
QoS Set
dscp ef
Packets marked 0
Class-map: class-default (match-any)
20 packets, 1313 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
R1#ping 20.1.1.1 source 10.1.1.1 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!
Success rate is 100 percent (4/4), round-trip min/avg/max = 44/49/52 ms
R1#show policy-map interface serial 4/0
Serial4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
20 packets, 2080 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol icmp
QoS Set
precedence 1
Packets marked 20
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
QoS Set
precedence 2
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
QoS Set
dscp ef
Packets marked 0
Class-map: class-default (match-any)
26 packets, 1617 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
No comments:
Post a Comment