Tài liệu Classification and Marking docx

Objectives Upon completion of this module, you will be able to: n Describe Policy-based routing and how it is used to classify and mark IP packets n Describe QoS Policy Propagation th

Trang 1

Classification and Marking

Overview

This module describes the mechanisms that are used to classify and mark IP packets This module builds on the knowledge acquired from the introductory module where classification and marking is discussed Theoretical knowledge is supplemented by detailing Policy-based routing (PBR) and QoS Policy Propagation through BGP (QPPB) mechanisms

Objectives

Upon completion of this module, you will be able to:

n Describe Policy-based routing and how it is used to classify and mark IP packets

n Describe QoS Policy Propagation through BGP and how it is used to classify and mark IP packets

n List other mechanisms that also support classification and marking capabilities (Committed Access Rate, Class-based Policing and Class-based Marking)

Trang 2

2-2 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc

Traffic Classification and Marking

Classification is the term used for identifying a Behavior Aggregate to which a

packet belongs A Behavior Aggregate is a collection of flows requiring the same quality of service

Marking is the term used for coloring packets by applying a class-identifying

value to one of the following markers: IP precedence, DSCP, QoS group (value is local to a router), MPLS experimental bits (can be used only in MPLS-enabled networks), ATM CLP bit (value can be used only within ATM networks), Frame Relay DE bit (value can be used only within Frame Relay networks), IEEE 802.1q

or ISL cos/priority bits (value can be used on within LAN-switched networks)

Trang 3

Copyright  2001, Cisco Systems, Inc IP QoS Classification and Marking 2-3

Traffic Classification and Marking

• This module describes the two mechanisms that are used for classification and marking only:

– Policy-based Routing (PBR) – QoS Policy Propagation through BGP (QPPB)

• Other classification and/or marking mechanisms are described in other QoS modules

This module describes the two QoS mechanisms that are used purely for classification and marking purposes:

n Policy-based Routing (PBR)

n QoS Policy Propagation through BGP (QPPB)

There are other QoS mechanisms that also support classification and marking:

n Committed Access Rate (CAR) – this mechanism is described in the “IP

QoS – Traffic Shaping and Policing” module

n Class-based Policing (CB-Policing) – this mechanism is described in the

“IP QoS – Modular QoS CLI (Chapter 2)” module

n Class-based Marking (CB-Marking) – this mechanism is described in the

“IP QoS – Modular QoS CLI (Chapter 2)” module

Trang 4

Policy-based Routing

Objectives

Upon completion of this lesson, you will be able to:

n Describe Policy Based Routing (PBR)

n Configure PBR on Cisco routers

n Monitor and troubleshoot PBR

Trang 5

process packets

• Route maps are applied to interfaces for processing of inbound packets (forwarding and/or marking )

The primary function of Policy-based Routing (PBR) is to bypass the destination-based forwarding functionality of routers by using a route map to make

a forwarding decision based on other information

One additional feature of Policy Based Routing is the ability to modify IP packets

by marking them with IP precedence or QoS group

Trang 6

PBR “match” and “set” Options

PBR has two primary applications:

• Implementation of more complex routing paradigms than a simple destination-based forwarding

• Classification and marking of packets for QoS purposes

• ToS field (QoS marking)

• IP precedence (QoS marking)

• QoS group (QoS marking)

Output interface Input

interface

IP

PBR classifies packets based on standard or extended access lists, the length of packets and the incoming router interface (a route map is applied to an input interface)

The route map sets the following parameters:

n Output interface: force the router to forward packets to an interface even if it would not provide for optimal routing

n Next-hop address: to make a forwarding decision by using a different next-hop address than the one determined by the routing table

n ToS value: the ToS value in this case applies to bits 4,3,2 and 1 of the ToS field

n IP precedence: three-bit field used to identify a class of service

n QoS group: the local parameter with an expanded value range The first two parameters (output interface and next-hop address) are used to bypass the default destination-based routing The other three parameters are used for QoS purposes (ToS value is less commonly used)

Trang 7

Inbound or Locally-originated

Forwarding

Queuing

PBR can only classify and mark inbound or locally- originated packets

The figure illustrates the “full” QoS building-block scheme showing that PBR works only on input and that it supports only classification and marking The

“Forwarding” box could be colored as well since PBR can be used to make a forwarding decision PBR contains no mechanism for metering or dropping of data packets

Trang 8

Configuring Classification and

Marking Using PBR

Configuring Classification and

Marking Using PBR

• Create a route map

• Apply the route map to an incoming interface and/or

• Apply the route map to locally originated traffic

• Monitor and debug policy routing

Configuring PBR involves the following steps:

n Creating a route map where the match statement is used to match with the

source or destination IP address or with any other parameter that can be matched by an access list (standard or extended) It can also match packets based on their size

n Applying the route-map to:

n An input interface to process inbound packets on that interface or

n To locally originated packets

Trang 9

Route Map Rules

• Route maps are identified by a case sensitive name

• Route maps can have multiple statements (same name, different sequence number)

• Packets are processed in the specified sequence

• Packets not matched by the route map are forwarded using the default destination-based forwarding

• If packets are matched by the “match” condition but the route map statement is using the “deny” option, the default

destination-based forwarding is applied to the packet

route-map <name> [permit | deny] [<sequence-number>] match <condition>

set <parameter>

Router(config)#

A brief refresher about route maps:

n Route maps can have one or more statements A route map, or a set of

route-map statements with the same name is identified by a case-sensitive name

n Individual route-map statements are identified by their name and sequence number When packets are processed by a route map they are evaluated in

the order specified by sequence numbers

n A route map is basically made to be a filtering mechanism When used for PBR:

n pe rmit means “do whatever the set commands says”

n deny means “do not do anything”

n When a packet is matched by one of the route-map statements it is processed

by that statement and the processing of the packet ends Ordering route-map statements correctly is therefore necessary

Trang 10

match length <min> <max>

policy-n match ip address is used to examine the packet’s headers with a standard or

an extended access list

n match length is used to mach packets based on their length

Trang 11

PBR Marking

set ip precedence <precedence>

Router(config-route-map)#

• Set the specified IP precedence to packets matched by the route map

• IP precedence supports 8 classes, two are reserved (6 and 7)

set ip tos <tos>

• Set the low-order 4 bits of the Type-of-service (ToS) field

• These bits are used to specify the delay, throughput and reliability parameters (specified in RFC 791, no longer used after RFC 1812)

set ip qos-group <qos-group>

• Classify using a range of packet lengths that will be matched by the route map statement

• QoS group supports 100 classes (0-99)

The following marking options are available with route maps:

n IP precedence

n QoS group

n ToS value (the four bits below IP precedence in the ToS field) used for

Delay, Throughput, Reliability and Monetary Cost

IP precedence is encoded into the three high-order bits of the ToS field in the IP

header It supports eight classes of which two are reserved and should not be used for user-defined classes (IP precedence 6 and 7) Ip precedence 0 is the default value and is usually used for the best-effort class

QoS group has one major advantage over IP precedence and one major

drawback:

n QoS group supports up to 100 classes Values 0 to 99 can be used to mark packets

n QoS group is a parameter that is local to the router where it is set It is not part

of any header It is usually set on input interface and later examined (matched)

on output interfaces Once the packet is transmitted, the QoS-group information is lost, and the next router must reclassify and mark the packet

ToS value is encoded into bits 4,3,2 and 1 of the ToS field (according to older

RFCs 791 and 1349) This value was made obsolete by the introduction of the DiffServ Code Point, which does not take into account compatibility with these bits

Trang 12

Applying a Route Map

ip policy-map <route-map-name>

Router(config-if)#

• Specifies the route map used to set QoS and other policy-routing parameters for packets received

through the specified interface

ip local policy-map <route-map-name>

Router(config)#

• Specifies the route map used to set QoS and other policy-routing parameters for packets generated by the router

Once a route map is configured it must be applied to either packets coming into the router through an interface or to packets being generated by the router

The first command (ip policy-map) is used for forwarded packets

The second command (ip local policy-map) is used for packets generated by a

router and is typically used for tunneling packets (e.g DLSw)

Note Policy-based routing is a mechanism that puts interfaces into Process Switching

mode This will significantly degrade performance PBR has been available in

the fast-switching path since Cisco IOS version 11.3 The ip route-cache policy

command can be used on an interface to enable caching for PBR This command has been available since Cisco IOS software version 12.0

Trang 13

Monitoring and Troubleshooting

route-The show route-map command is used to display the route map with its match

and set options

The debug ip policy command is used to display all packets being processed by

PBR

The show ip policy command is used to see a list of all interfaces that are enabled

for PBR The output also displays the corresponding route maps

The show ip local policy command is used to display the configured parameters

for local PBR with a number of packets and bytes that have been policy-routed by the local PBR

Trang 14

Monitoring and Debugging

ip address (access-lists): 199 Set clauses:

ip precedence flash-override Policy routing matches: 3418 packets, 412108 bytes route-map CPE, permit, sequence 20

Match clauses:

ip address (access-lists): MatchPing Set clauses:

ip precedence priority Policy routing matches: 82 packets, 31045 bytes Router#show access-list MatchPing

Extended IP access list MatchPing permit icmp any any echo (25 matches) Router#

Router# show route-map CPE route-map CPE, permit, sequence 10 Match clauses:

ip address (access-lists): 199 Set clauses:

ip precedence flash-override Policy routing matches: 3418 packets, 412108 bytes route-map CPE, permit, sequence 20

Match clauses:

ip address (access-lists): MatchPing Set clauses:

ip precedence priority Policy routing matches: 82 packets, 31045 bytes Router# show access-list MatchPing

Extended IP access list MatchPing permit icmp any any echo (25 matches) Router#

The figure shows a sample output of the show route-map and show access-list

commands

Trang 15

Monitoring and Debugging Policy-based Routing

Router#debug ip policy Policy routing debugging is on Router#ping 192.168.1.1 Type escape sequence to abort.

Sending 5, 100 -byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

Router # debug ip policy

Policy routing debugging is on Router # ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round -trip min/avg/max = 28/31/32 ms Router #

2d02h: IP: s=192.168.1.2 (local), d=192.168.1.1, len 100, policy match

2d02h: IP: route map CPE, item 20, permit

The debug ip policy command is similar to the debug ip packet except that the debug ip policy only displays policy-routed packets This command should be

used with caution as it may produce too much output

Trang 16

• Ethernet0 is the front office with the real time transactions

• Ethernet1 is the back office with non-real time transactions (like e-mail)

• The network provides different services to two classes:

• Business traffic (marked with IP precedence 2)

• Other traffic (marked with IP precedence 0)

• Packets coming from Ethernet 0 should be classified and marked as Business traffic

• Packets coming from Ethernet 1 should be classified and marked as Other traffic

The case study involves a bank branch office where a single router connects two LANs to the corporate network via one serial interface This case study focuses

on the classification and marking part of a larger QoS solution, which includes other QoS mechanisms

Trang 17

Core

WAN core

Branch office

ip policy -map set-prec-0

! route-map set-prec-2 permit 10 set ip precedence 2

! route-map set-prec-0 permit 10 set ip precedence 0

interface ethernet 0

ip policy-map set -prec -2

! interface ethernet 1

ip policy-map set -prec -0

! route-map set -prec -2 permit 10 set ip precedence 2

! route-map set -prec -0 permit 10 set ip precedence 0

Mark all traffic with precedence 2

Mark all traffic with precedence 0

Policy-based routing can be used to mark packets with IP precedence values All packets from Ethernet 0 are marked with IP precedence 2 Since matching is

applied to all packets no “match” command is needed in the route map The other

route map is applied to the other Ethernet interface and it marks packets with IP precedence 0

Trang 18

• Transaction traffic (marked with IP precedence 2)

• Business traffic (marked with IP precedence 1)

• Other traffic (marked with IP precedence 0)

• TN3270 should be marked as Transaction traffic

• Internal HTTP should be marked as Business traffic

• All other traffic should be marked as Other traffic

The second case study is more complicated because classification is not done based on the input interface Instead, classification if performed based on application (TCP or UDP port numbers)

Trang 19

Core

WAN core

Branch office

Mark IP precedence:

Telnet = 2 Corporate Web = 1 everything else = 0

Mark IP precedence:

Telnet = 2 Corporate Web = 1 everything else = 0

route-map set-prec permit 20 match ip address TN3270 set ip precedence 2 route-map set-prec permit 30 set ip precedence 0

route-map set -prec permit 20 match ip address TN3270 set ip precedence 2 route-map set -prec permit 30 set ip precedence 0

!

ip access-list extended CorporateWebTraffic permit tcp any 10.1.1.0 0.0.0.255 eq www

ip access-list extended TN3270 permit tcp any any eq telnet

A route map is created with three statements, one for each application:

n The first statement uses an access list to identify corporate web traffic (destination port 80) IP precedence 1 is applied to these packets

n The second statement uses another access list to identify outbound telnet sessions IP precedence 2 is applied to these packets

n The last statement sets IP precedence 0 to all other packets

Trang 20

Route Map - Review

• Policy routing with route maps can classify and mark IP packets based on a wide variety

of conditions

• No metering, shaping or dropping is possible

• Performance depends on the IOS version

– Policy routing is fast -switched in 11.3 and 12.0

– (d)CEF or Net Flow-switched in 12.0(3)T

Policy-based Routing features:

n Static classification and marking (no metering, shaping, policing or dropping is possible)

n PBR has performance limitations due to implementation (complex access lists can degrade performance, sub-optimal order of statements can also degrade performance due to sequential processing) and the IOS version (newer IOS versions support fast-switched operation of PBR)

Trang 21

Summary

Policy based routing is used for two purposes:

n Bypassing the traditional destination-based forwarding

n Marking of IP packets with Ip precedence or QoS group

Lesson Review

n What are the applications of Policy-based Routing?

n What configuration tool is used to implement PBR?

n How can PBR be applied to IP traffic?

n Describe the classification options with PBR

n Describe the marking options with PBR

Trang 22

QoS Policy Propagation through BGP (QPPB)

Objectives

Upon completion of this lesson, you will be able to:

n Describe the QPPB mechanism

n Configure the QPPB mechanism on Cisco routers

n Monitor and troubleshoot QPPB

Trang 23

IP QoS Policy Propagation Through BGP (QPPB)

• QPPB uses BGP attributes to advertise class of service to other routers in the network

• BGP Communities are usually used to propagate class of service information bound to IP networks

• Packet classification policy can be propagated via BGP without having to use complex access lists at each of a large number of border (edge) routers

• A route map is used to translate BGP information (e.g BGP Community value) into IP precedence or QoS group

QoS Policy Propagation through BGP is a mechanism that can be split into two parts:

n Policy propagation via BGP, where a QoS policy is encoded into a BGP attribute BGP Communities are typically used to encode a QoS policy

n Marking of packets with IP precedence or QoS group based on the QoS policy learned via BGP

BGP Policy is usually set on ingress routers (ingress for route propagation, egress for packet forwarding) in an Autonomous System BGP then carries the

information to other routers in the AS and translates (using a route map) this information into IP precedence or QoS group Marking is then enabled on per-interface basis

Trang 24

QPPB Capabilities

Inbound or Locally-originated

Classifier Marker Dropper

Meter

Outbound

Dropper Meter

Forwarding

Queuing

QPPB can only classify and mark inbound packets

Similar to PBR, QPPB also supports classification and marking only on the input interface

Trang 25

• any other BGP attribute

2 Translate the selected BGP attribute into either:

Meter

QoS policy can be applied to source or destination IP addresses or networks When BGP entries are inserted into the routing table a route map is used to translate a certain BGP parameter or attribute into IP precedence or QoS group Packet marking is then enabled on input interfaces

Trang 26

Cisco Express Forwarding

Review

Cisco Express Forwarding

Review

• The two main components of CEF operation

– Forwarding Information Base

– Adjacency Tables

• CEF was first introduced on the following platforms:

– Cisco 7x00 series in 11.1CC

– All RISC-based platforms in IOS 12.0

• QPPB is only supported on high-end routers (Cisco 7x00 and above)

QPPB has the following requirements:

n Cisco Express Forwarding (CEF)

n A high end platform (Cisco 7x000 routers)

Tiêu đề	Classification and Marking Overview
Trường học	Cisco Systems Inc.
Chuyên ngành	Information Technology
Thể loại	Bài luận
Năm xuất bản	2001

Định dạng
Số trang	53
Dung lượng	2,52 MB