This post will provide a quick overview on how QoS can be implemented using Classifications and Marking. This is one of the methods that are used to provide treatment on IP packets. Following the below steps, I will be configuring a Cisco routers to classify telnet and http traffic and marked them accordingly based on IP Precedence values and DSCP values.
Steps:
1. Create the access-list to permit/deny the type of traffics to allow.
2. Create the class-map and associate the Access-List.
3. Create the policy-map and associate the class-map
4. Apply the service-policy on the interface ( Either inbound or Outbound)
Simplified diagram below:
Objective:
1. Apply QoS on R2
2. Classify Telnet and HTTP traffic
3. Enable HTTP server and Telnet access on R3
4. Test the connectivity from R1
I will be using BGP as my routing protocol in order to established the connectivity.
|
R1:
R1#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet1/0 192.168.12.1 YES manual up up
GigabitEthernet2/0 unassigned YES unset administratively down down
Loopback0 1.1.1.1 YES manual up up
R1#
R1#show run | sec bgp
ipv6 multicast rpf use-bgp
router bgp 1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 192.168.12.2 remote-as 2
R1#
R1#show ip bgp summary
BGP router identifier 192.168.12.1, local AS number 1
BGP table version is 5, main routing table version 5
4 network entries using 576 bytes of memory
4 path entries using 320 bytes of memory
3/3 BGP path/bestpath attribute entries using 408 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1352 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.2 4 2 31 31 5 0 0 00:26:06 3
R1#show ip route bgp
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 192.168.12.2, 00:24:34
B 192.168.23.0/24 [20/0] via 192.168.12.2, 00:24:59
R1#
|
|
R2:
R2#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet1/0 192.168.12.2 YES manual up up
GigabitEthernet2/0 192.168.23.2 YES manual up up
R2#show run | sec bgp
ipv6 multicast rpf use-bgp
router bgp 2
bgp log-neighbor-changes
network 192.168.12.0
network 192.168.23.0
neighbor 192.168.12.1 remote-as 1
neighbor 192.168.23.3 remote-as 3
R2#
R2#show ip bgp summary
BGP router identifier 192.168.12.2, local AS number 2
BGP table version is 5, main routing table version 5
4 network entries using 576 bytes of memory
4 path entries using 320 bytes of memory
3/3 BGP path/bestpath attribute entries using 408 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1352 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.1 4 1 33 34 5 0 0 00:26:35 1
192.168.23.3 4 3 30 34 5 0 0 00:24:39 1
R2#
R2#show ip route bgp
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 192.168.12.1, 00:23:50
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 192.168.23.3, 00:24:24
R2#
|
|
R3:
R3#show ip int brief
*May 25 10:46:35.143: %SYS-5-CONFIG_I: Configured from console by console
R3#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
GigabitEthernet1/0 unassigned YES unset administratively down down
GigabitEthernet2/0 192.168.23.3 YES manual up up
Loopback0 3.3.3.3 YES manual up up
R3#show run | sec bgp
ipv6 multicast rpf use-bgp
router bgp 3
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 192.168.23.2 remote-as 2
R3#show ip bgp summary
BGP router identifier 192.168.23.3, local AS number 3
BGP table version is 5, main routing table version 5
4 network entries using 576 bytes of memory
4 path entries using 320 bytes of memory
3/3 BGP path/bestpath attribute entries using 408 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1352 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.23.2 4 2 36 32 5 0 0 00:25:40 3
R3#show ip route bgp
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 192.168.23.2, 00:24:49
B 192.168.12.0/24 [20/0] via 192.168.23.2, 00:25:24
|
|
QoS Configurations :
So as seen above all the layer 3 connectivity are established and we should be ready to proceed with the QoS Configurations:
First, I will be creating an access-list to allow telnet and http on R2.
R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip access-list extended PERMIT_TELNET
R2(config-ext-nacl)#permit tcp any any eq telnet
R2(config-ext-nacl)#
R2(config-ext-nacl)#ip access-list extended PERMIT_HTTP
R2(config-ext-nacl)#permit tcp any any eq 80
R2(config-ext-nacl)#
Second, I will be creating a class-map for both telnet and http:
R2(config)#class-map PERMIT_TELNET_CLASS-MAP
R2(config-cmap)#match access-group name PERMIT_TELNET
R2(config-cmap)#
R2(config-cmap)#class-map PERMIT_HTTP_CMAP
R2(config-cmap)#match access-group name PERMIT_HTTP
Note: as seen below, there are different options to match the traffic. Since I have created an access-list, I will be using access-group to match the ACL I have defined in step 1.
R2(config-cmap)#match ?
access-group Access group
any Any packets
atm Match on ATM info
class-map Class map
cos IEEE 802.1Q/ISL class of service/user priority values
destination-address Destination address
discard-class Discard behavior identifier
dscp Match DSCP in IPv4 and IPv6 packets
fr-de Match on Frame-relay DE bit
fr-dlci Match on fr-dlci
group-object Match object-group
input-interface Select an input interface to match
ip IP specific values
mpls Multi Protocol Label Switching specific values
not Negate this match result
packet Layer 3 Packet length
precedence Match Precedence in IPv4 and IPv6 packets
protocol Protocol
qos-group Qos-group
source-address Source address
vlan VLANs to match
Third, I will be creating a policy-map and select the corresponding Precedence and DSCP values to enable QoS.
R2(config)#policy-map ?
WORD policy-map name
type type of the policy-map
R2(config)#policy-map ALLOW_HTTP_TELNET_POLICY-MAP
R2(config-pmap)#?
Policy-map configuration commands:
class policy criteria
description Policy-Map description
exit Exit from policy-map configuration mode
no Negate or set default values of a command
R2(config-pmap)#
R2(config-pmap)#class ?
WORD class-map name
class-default System default class matching otherwise unclassified packets
Since I have defined two different class-map above for telnet and http traffic, I will be using both on my policy-map.
R2(config-pmap-c)#?
Policy-map class configuration commands:
bandwidth Bandwidth
exit Exit from QoS class action configuration mode
fair-queue Enable Flow-based Fair Queuing in this Class
netflow-sampler NetFlow action
no Negate or set default values of a command
police Police
priority Strict Scheduling Priority for this Class
queue-limit Queue Max Threshold for Tail Drop
random-detect Enable Random Early Detection as drop policy
service-policy Configure QoS Service Policy
set Set QoS values
shape Traffic Shaping
Next is to set the QoS values using the “set” command.
R2(config-pmap-c)#set ?
atm-clp Set ATM CLP bit to 1
cos Set IEEE 802.1Q/ISL class of service/user priority
discard-class Discard behavior identifier
dscp Set DSCP in IP(v4) and IPv6 packets
fr-de Set FR DE bit to 1
fr-fecn-becn SET FR FECN-BECN
ip Set IP specific values
mpls Set MPLS specific values
precedence Set precedence in IP(v4) and IPv6 packets
qos-group Set QoS Group
As seen above there are several options but we’re interested on using the precedence and dscp. As mentioned on the objectives, telnet should be using precedence values while http will be using dscp values.
So here are the available options for precedence. Just for sake of exploring we could set telnet as a priority traffic.
R2(config-pmap-c)#set precedence ?
Precedence value
critical Match packets with critical precedence (5)
flash Match packets with flash precedence (3)
flash-override Match packets with flash override precedence (4)
immediate Match packets with immediate precedence (2)
internet Match packets with internetwork control precedence (6)
network Match Packets with network control precedence (7)
priority Match packets with priority precedence (1)
routine Match packets with routine precedence (0)
tunnel Set tunnel packet precedence
R2(config-pmap-c)#set precedence priority
By this time, lets apply QoS using dscp values for HTTP traffic,
R2(config-pmap-c)#policy-map ALLOW_HTTP_TELNET_POLICY-MAP
R2(config-pmap)#class PERMIT_HTTP_CMAP
R2(config-pmap-c)#set dscp
R2(config-pmap-c)#set dscp ?
Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
tunnel set tunnel packet dscp
I will choose af31 for this example.
To sum up the policy-map configurations:
policy-map ALLOW_HTTP_TELNET_POLICY-MAP
class PERMIT_TELNET_CLASS-MAP
set precedence 1
class PERMIT_HTTP_CMAP
set dscp af31
And finally the last step is to apply the policy-map on the interface. So since traffic will be initiated from R1 , we need to apply inbound the policy map on R2. This could be accomplished using the command “service-policy”under interface mode.
R2(config)#int g1/0
R2(config-if)#service-policy input ALLOW_HTTP_TELNET_POLICY-MAP
|
|
Verifications:
As seen below, we can see that the policy-maps applied on Gi1/0 having the two class-map we have defined and with the default class-map.
R2#show policy-map int gigabitEthernet 1/0
GigabitEthernet1/0
Service-policy input: ALLOW_HTTP_TELNET_POLICY-MAP
Class-map: PERMIT_TELNET_CLASS-MAP (match-all)
69 packets, 4149 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_TELNET
QoS Set
precedence 1
Packets marked 69
Class-map: PERMIT_HTTP_CMAP (match-all)
14 packets, 840 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_HTTP
QoS Set
dscp af31
Packets marked 14
Class-map: class-default (match-any)
122 packets, 7944 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
I have as well the below extended-access list:
R2#show ip access-lists
Extended IP access list PERMIT_HTTP
10 permit tcp any any eq www
Extended IP access list PERMIT_TELNET
10 permit tcp any any eq telnet
R2#
I will test the policy applied by this time from R1.
R1#telnet 3.3.3.3
Trying 3.3.3.3 … Open
User Access Verification
Password:
R3>ena
Password:
R3#
So from R2, we can see a hits on the ACL defined for Telnet traffic:
R2#show ip access-lists
Extended IP access list PERMIT_HTTP
10 permit tcp any any eq www
Extended IP access list PERMIT_TELNET
10 permit tcp any any eq telnet (38 matches)
R2#
We can also see packets are increasing for PERMIT_TELNET_CLASS-MAP
(increased from 69 packets to 107 packets)
R2#show policy-map interface gigabitEthernet 1/0
GigabitEthernet1/0
Service-policy input: ALLOW_HTTP_TELNET_POLICY-MAP
Class-map: PERMIT_TELNET_CLASS-MAP (match-all)
107 packets, 6438 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_TELNET
QoS Set
precedence 1
Packets marked 107
Class-map: PERMIT_HTTP_CMAP (match-all)
14 packets, 840 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_HTTP
QoS Set
dscp af31
Packets marked 14
Class-map: class-default (match-any)
133 packets, 8682 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Let’s test HTTP traffic by this time:
R1#telnet 3.3.3.3 80
Trying 3.3.3.3, 80 … Open
We could see three matches for the HTTP traffic that is traversing on R2:
R2#show ip access-lists
Extended IP access list PERMIT_HTTP
10 permit tcp any any eq www (3 matches)
Extended IP access list PERMIT_TELNET
10 permit tcp any any eq telnet (52 matches)
Similarly, we can check that PERMIT_HTTP_CMAP traffic have increased from 14 packets to 17 packets
R2#show policy-map interface gigabitEthernet 1/0
GigabitEthernet1/0
Service-policy input: ALLOW_HTTP_TELNET_POLICY-MAP
Class-map: PERMIT_TELNET_CLASS-MAP (match-all)
121 packets, 7278 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_TELNET
QoS Set
precedence 1
Packets marked 121
Class-map: PERMIT_HTTP_CMAP (match-all)
17 packets, 1020 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name PERMIT_HTTP
QoS Set
dscp af31
Packets marked 17
Class-map: class-default (match-any)
137 packets, 8948 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
|
|
From the above example, we have observed how QoS can be applied using Classifications and Marking based on the type of traffic. There are different options on how we could treat the traffic once it enters the router ingress interface.
The following precedence values and dscp values would determine how to treat the traffic we have classify with the ACL.
R2(config-pmap-c)#set precedence ?
Precedence value
critical Match packets with critical precedence (5)
flash Match packets with flash precedence (3)
flash-override Match packets with flash override precedence (4)
immediate Match packets with immediate precedence (2)
internet Match packets with internetwork control precedence (6)
network Match Packets with network control precedence (7)
priority Match packets with priority precedence (1)
routine Match packets with routine precedence (0)
tunnel Set tunnel packet precedence
R2(config-pmap-c)#set dscp ?
Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
tunnel set tunnel packet dscp
The basic rule for using precedence, is the higher the value set, the traffic will have higher priority and more important the packet is.
Above also shows the possible DSCP values, we have both the Assured Forwarding (AF) and Class Selector (CS) values. Below is some notes for both AF and CS and how a packet could be treated.   ########################END OF POST###################################
|
NETWORK LESSON 
Leave a comment