s08 - ip qos modular qos cli

IP QoS - Modular QoS CLI Classification - 6 Implementing QoS by using the MQC consists of three steps: Step 1 Configuring classification by using the class-map command Step 2 Configur

Trang 1

command-It includes the following topics:

n Introduction to Modular QoS CLI

n Classification Options

n Network Based Application Recognition (NBAR)

Objectives

Upon completion of this module, you will be able to perform the following tasks:

n Describe the classification element of the Modular QoS CLI

n Describe and configure all currently supported classification options within the MQC

n Understand Network-based Application Recognition (NBAR)

n Monitor and troubleshoot class maps

Trang 2

Introduction to Modular QoS CLI

Objectives

Upon completion of this lesson, you will be able to perform the following tasks:

n Describe the MQC concepts and structure

n Configure class maps

n Monitor and troubleshoot class maps

Trang 3

Copyright  2001, Cisco Systems, Inc IP QoS—Modular QoS CLI Classification 8-3

Modular QoS CLI

• The Modular QoS CLI ( MQC ) provides a modular approach to configuration of QoS mechanisms

• Classification is configured separately from the QoS service policy

• MQC also provides modularity to implementation of QoS mechanisms in the Cisco IOS:

options

by older QoS mechanisms

The Quality of Service mechanisms that have been added to the Cisco IOS all had their own set of classification options For example:

n Committed Access Rate (CAR) can classify packets by using:

– Access lists

– QoS group

– DSCP

– Rate limit access list

n Traffic Shaping (GTS) can classify packets by using access lists

n Priority Queuing (PQ) and Custom Queuing (CQ) can classify packets by using:

to allow any supported classification to be used with any QoS mechanism

The separation of classification from the QoS mechanism allows new IOS versions

to introduce new QoS mechanisms and reuse all available classification options On the other hand, old QoS mechanisms can benefit from new classification options Another important benefit of the MQC is the reusability of configuration MQC allows the same QoS policy to be applied to multiple interfaces CAR, for example,

Trang 4

required entire configurations to be copy-pasted between interfaces and modifying configurations was tiresome

The Modular QoS CLI, therefore, is a consolidation of all the QoS mechanisms that have so far only been available as standalone mechanisms

This module focuses on the classification element of the Modular QoS CLI

Trang 5

Implementing QoS by using the MQC consists of three steps:

Step 1 Configuring classification by using the class-map command

Step 2 Configuring traffic policy by associa ting the traffic class with one or more QOS

features using the policy-map command

Step 3 Attaching the traffic policy to inbound or outbound traffic on interfaces,

subinterfaces or virtual circuits by using the service -policy command

Class maps are used to create classification templates that are later used in policy maps where QoS mechanisms are bound to classes

Routers can be configured with a large number of class maps (currently limited to 256) Each traffic policy, however, may support a limited number of classes (for example: Class-based Weighted Fair Queuing and Class-based Low-latency Queuing are limited to 64 classes)

The figure illustrates an implementation where traffic is classified into N classes Each class is handled by one or more QoS mechanisms (for example, Class-based Weighted Fair Queuing, Class-based Low-latency Queuing, Class-based Policing)

Trang 6

Class Maps

• Each class is identified using a Class Map

• Each Class Map is identified by a sensitive name

case-• Class maps can operate in two modes– Match All – all conditions have to succeed

– Match Any – at least one condition must succeed

• The default mode is Match all

A class map is created using the class-map global configuration command Class

maps are identified by case-sensitive names Each class map contains one or more conditions that determine if the packet belongs to the class

There are two ways of processing conditions when there is more than one condition in a class map:

n Match all—all conditions have to be met to bind a packet to the class

n Match any—at least one condition has to be met to bind the packet to the

class The default match strategy of class maps is “Match all”

Trang 7

Classification using Class Maps

Match Mode?

Match all conditions?

Match at least one condition?

No Yes

The process goes through the list of conditions and:

n Returns a “match” result if one of the conditions is met and the match-any strategy is used

n Returns a “match” result if all conditions are met and the match-all strategy is used

n Otherwise it returns “no match”

Trang 8

Classification Using Match All

No Match

Match

More Conditions?

Class Map

name

No Yes

The figure illustrates a simplified flowchart for the match-all strategy

The processing of a match-all class map can be divided into the following steps:

Step 1 Evaluate a condition

Step 2 Return a “no match” result and stop processing the class map if the condition is

not met

Step 3 Go to Step 1 if there are more conditions

Step 4 Returns a “match” result

Trang 9

Classification Using Match Any

No Match

Match Class Map

name

No Yes

More Conditions?

Yes No

The figure illustrates a simplified flowchart for the match-any strategy

The processing of a match-all class map can be divided into the following steps:

Step 1 Evaluate a condition

Step 2 Return a “match” result and stop processing the class map if the condition is met

Step 3 Go to Step 1 if there are more conditions

Step 4 Return a “no match” result

Trang 10

• Protocol (including NBAR)

Class maps can classify packets by using the following classification tools:

n Access lists for any protocol can be used within the class-map configuration mode The Modular QoS CLI can be used for other protocols, not only IP

n IP packets can be classified directly by specifying IP precedence values

n IP packets can also be classified directly by specifying IP DSCP (differentiated services code point) values DiffServ enabled networks can have up to 64 classes if DSCP is used to mark packets

n A QoS group parameter can be used to classify packets in situations where up

to 100 classes are needed or the QoS group parameter is used as an intermediary marker (for example, MPLS to QoS group translation on input and QoS group to class translation on output)

n Packets can also be matched based on the value in the experimental bits of the MPLS header of labeled packets

n Classification can be performed by identifying a Layer-3 or Layer-4 protocol

Trang 11

Other Classification Options

The other classification options include the following:

• Input interface

There are many other classification options:

n Another class map can used to implement template-based configurations

n Packets can be matched based on the underlying Frame Relay DE bit

n Packets can be matched based on the information contained in the three Class

of Service bits (when using IEEE 802.1Q encapsulation) or Priority bits (when using the ISL encapsulation)

n Packets can be classified according to the input interface

n Packets can be matched based on their source or destination MAC addresses

n RTP (real-time protocol) packets can be matched based on a range of UDP port numbers

n MQC can also be used to implement a QoS mechanism for all traffic in which case classification will put all packets into one class

Trang 12

Configuring Class Maps

class-map [{match-all | match-any}] name class-map [{match-all | match-any}] name

router(config)#

• Enter the class-map configuration mode

• Specify the matching strategy

• Match-all is the default matching strategy

match condition match condition

• The description has no operational meaning

Use the class-map global configuration command to create a class map and enter

the class map configuration mode A class map is identified by a case-sensitive name; therefore, all subsequent references to the class map must use exactly the same name

At least one match command should be used within the class-map configuration

mode (match none is the default)

The description command is used for documenting a comment about the

class-map

Trang 13

Configuring Class Maps

rename new-name

router(config-cmap)#

• Complex class-maps can easily be renamed by using the rename class-map command

• All references to the class map are also renamed

Large implementations may use a number of class maps and there are many references to the class maps Renaming a class map would normally require a

change to all references to the class map as well The rename command can be

used to rename class maps and all references to it

Trang 14

Class Map Example

• This example simply illustrates how maps are configured

class-• Class-maps on their own have no function

class-map match-any Test1 match access-group 101 match access-group 102 class-map match-all Test2 match access-group 101 match access-group 102

The example shows two class maps with two conditions:

n Class map Test1 matches all packets that are permitted by at least one of the

access lists

n Class map Test2 matches only those packets that are permitted by both

access lists

Trang 15

Monitoring and Troubleshooting

Match access-group 102 Class Map match-any Test1 (id 1) Match access-group 101

Match access-group 102 Router#

Class Map match-all Test2 (id 0) Match access-group 101

Match access-group 102 Class Map match-any Test1 (id 1) Match access-group 101

Match access-group 102 Router#

n The show class-map command lists all class maps with their match

statements

n The show class-map command with a name of a class map displays the

configuration of the selected class map

Trang 16

Summary

The Modular QoS CLI (MQC) is used to separate the classification from the QoS service policy A unified classification tool can be used by multiple different QoS mechanisms

The classification is configured using class maps, which are used within policy maps to apply QoS mechanisms to classes

Review Questions

Answer the following questions:

n What are the benefits of the Modular QoS CLI?

n Which two matching strategies do class maps support?

n Which classification options do class maps support?

Trang 17

Classification Options

Objectives

Upon completion of this lesson, you will be able to perform the following tasks:

n Describe and configure classification using access lists

n Describe and configure classification using the IP precedence

n Describe and configure classification using the DSCP

n Describe and configure classification using the QoS group

n Describe and configure classification using the MPLS experimental bits

n Describe and configure classification based on the input interface

n Describe and configure classification based on the source MAC address

n Describe and configure classification based on the destination MAC address

n Describe and configure classification based on IEEE 802.1Q/ISL CoS

n Describe and configure classification using another class map, negation or any keyword

n Describe and configure classification based on the Frame Relay DE bit

n Describe and configure classification based on RTP port

Trang 18

Classification Using Access Lists

• Access lists are the oldest classification tool that has been used with QoS mechanisms

• Class Maps support all types of access lists

• Class Maps are multi protocol

• Class Maps can use named access lists and numbered access lists (in the range from 1 to 2699) for all protocols

Access lists were originally used for filtering of inbound or outbound packets on interfaces They were later reused for filtering of routing updates and also for classification with early QoS tools (for example, Priority Queuing, Custom Queuing and Traffic Shaping)

Access lists are still one of the most powerful classification tools Class maps can use any type of access list (not only IP access lists)

Access lists, on the other hand, also have a drawback Compared to other classification tools they are one of the most CPU-intensive For this reason it is not recommended that access lists for classification be used on high-speed links where they could severely impact performance of routers Access lists are typically used

on low-speed links at network edges where packets are classified and marked (for example, with IP precedence) Classification in the core is done based on the IP precedence value

Trang 19

Keep All Graphics Inside This Box

Configuring Classification Using

Access Lists

match access-group {number | name name}

Router(config-cmap)#

• Select an access list to be used for classification

class-map Telnet match access-group 100

! class-map IPX_Printers match access-group IPX

! access-list 100 permit tcp any any eq 23 access-list 100 permit tcp any eq 23 any

! ipx access-list extended IPX permit netbios any

!

class-map Telnet match access-group 100

! class-map IPX_Printers match access-group IPX

! access-list 100 permit tcp any any eq 23 access-list 100 permit tcp any eq 23 any

! ipx access-list extended IPX permit netbios any

!

Use the match access-group command to attach an access list to a class-map

The example in the figure shows how numbered or named access list can be used for classification

Trang 20

IP Precedence

match ip precedence precedence [prec [prec [prec]]]

precedence values are matched by this class map

! class-map Gold match ip precedence 3 4

! class-map Silver match ip precedence 1 2

! class-map Bronze match ip precedence routine

!

class -map VoIP match ip precedence 5

! class -map Gold match ip precedence 3 4

! class -map Silver match ip precedence 1 2

! class -map Bronze match ip precedence routine

!

A much faster method of classification is by matching the IP precedence Up to four IP precedence values or names can be used to classify packets based on the

IP precedence field in the IP header

The figure contains a mapping between IP precedence values and names The running configuration, however, only shows IP precedence values (not names)

Trang 21

values are matched by this class map

IP packets can also be classified based on the IP DSCP field A QoS design can

be based on IP precedence marking or DSCP marking DSCP marking can include backward compatibility with IP precedence by using the Class Selector (CS) values (most significant three bits of the DSCP value)

A sample design that includes backward compatibility would use the following values to mark packets belonging to class Gold, which is guaranteed Assured Forwarding (AF) Per-hop Behavior (PHB):

n af11 marks low-drop packets

n af12 marks medium-drop packets

n af13 marks high-drop packets

n cs4 marks low-drop packets (for backward compatibility with IP precedence 4)

n cs3 marks high-drop packets (for backward compatibility with IP precedence 5)

A sample configuration on the next page shows implementation of a similar design

Trang 22

DSCP

class-map Voice match ip dscp ef

! class-map Gold match ip dscp af11 af12 af13 cs3 cs4

! class-map Silver match ip dscp af21 af22 af23 cs1 cs2

! class-map Bronze match ip dscp af31 af32 af33

! class-map Best-effort match ip dscp default

!

class-map Voice match ip dscp ef

! class-map Gold match ip dscp af11 af12 af13 cs3 cs4

! class-map Silver match ip dscp af21 af22 af23 cs1 cs2

! class-map Bronze match ip dscp af31 af32 af33

! class-map Best-effort match ip dscp default

!

The figure illustrates implementation of a design with five classes:

n Voice, which is identified by DSCP value ef, which looks like IP precedence

value 5 in non-DSCP compliant devices

n Gold, which is identified by DSCP values af11, af12 and af13 The class is

also identified by IP precedence values 3 and 4

n Silver, which is identified by DSCP values af21, af22 and af23 The class is

also identified by IP precedence values 1 and 2

n Bronze , which is identified by DSCP values af31, af32 and af33

n Best Effort, which is identified by the default DSCP value that is equal to the

default IP precedence value (0)

From a non-DSCP compliant device the design looks slightly different:

n Voice—IP precedence 5

n Gold—IP precedence 3 and 4

Trang 23

n AF2 (010xx0) looks like IP precedence 2 Therefore, class Silver correctly

appears as class Silver in a non-DSCP compliant device

n AF3 (011xx0) looks like IP precedence 3 Therefore, class Bronze appears as

class Gold in a non-DSCP compliant device

n EF (101110) looks like IP precedence 5, which is also used for voice in a

non-DSCP compliant device

As can be seen from the example it is very important to understand the impact of DSCP on non-DSCP compliant devices A DiffServ-based QoS design should include the impact of DSCP on parts of the networks where all routers are not DSCP compliant

The example shows that a network core, if upgraded to support DSCP, can correctly handle packets classified by edge devices that have not yet been upgraded

Trang 24

• Select the QoS group identifying the class

• Allowed values are from 0 to 99

• All packets marked with the QoS group value are matched by this class map

• The QoS group is a prameter local to the router; it has to be set

by some other QoS mechanism (CAR, PBR, Marking, Policing, QPPB)

CB-class-map QoS1 match qos-group 1

! class-map QoS2 match qos-group 2

!

class-map QoS1 match qos-group 1

! class-map QoS2 match qos-group 2

!

A QoS group is another marker with support for a large number of classes Up to

100 classes can be configured by using the QoS group parameter The main drawback of QoS-group marking is that it has to be performed on every hop since this parameter is not part of any header The QoS group is an internal parameter in the router and it is lost the moment a packet is sent

The QoS group parameter can be used in situations where one parameter can be seen on input, but not on output where another parameter has to be set For example:

n Match MPLS experimental bits on input and set QoS group based on the value

n Match QoS group on output and set IP DSCP based on the value Matching on QoS group can also be used in combination with QoS Policy Propagation through BGP (QPPB) where up to 100 classes are propagated by BGP and marked by QoS group values on all BGP-enabled routers Class maps are then used to match on QoS group values

Trang 25

MPLS experimental bits are matched by this class map

class-map MPLS1 match mpls experimental 3 4

! class-map MPLS2 match mpls experimental 1 2

!

class-map MPLS1 match mpls experimental 3 4

! class-map MPLS2 match mpls experimental 1 2

!

Class maps can also be used in MPLS-enabled networks where all packets are labeled There are three experimental bits in the label header that are currently being used for IP precedence When an IP packet is labeled, the IP precedence value is copied into MPLS experimental bits

A transparent design can be created where class maps can match on both the IP precedence value and the MPLS experimental bits:

class-map match-any Voice match ip precedence 5 match mpls experimental 5

! class-map match-any Gold match ip precedence 3 4 match mpls experimental 3 4

! class-map match-any Silver match ip precedence 1 2 match mpls experimental 1 2

! class-map Best-effort match ip precedence 0 match mpls experimental 0

!

Trang 26

interface are matched by this class map

class-map match-any Ethernets match input-interface Ethernet0/0 match input-interface Ethernet0/1

! class-map match-any FastEthernets match input-interface FastEthernet1/0 match input-interface FastEthernet1/1

! class-map match-any Serials match input-interface Serial2/0 match input-interface Serial2/1 match input-interface Serial2/2 match input-interface Serial2/3

!

class -map match -any Ethernets match input-interface Ethernet0/0 match input-interface Ethernet0/1

! class -map match -any FastEthernets match input-interface FastEthernet1/0 match input-interface FastEthernet1/1

! class -map match -any Serials match input-interface Serial2/0 match input-interface Serial2/1 match input-interface Serial2/2 match input-interface Serial2/3

!

A packet can also be classified based on the input interface

Trang 27

• Classifies packets based on the source MAC address

• This classification option can only be used on interfaces using MAC addresses (e.g Ethernet, FastEthernet)

match destination-address mac mac-address match destination-address mac mac-address

• Classifies packets based on the destination MAC address

• This classification option can only be used on interfaces using MAC addresses (e.g Ethernet, FastEthernet)

class-map RTR1_dst match destination-address mac 00f0.64e2.2860

! class-map RTR2_src match source-address mac 00f0.64e2 3321

!

class-map RTR1_dst match destination -address mac 00f0.64e2.2860

! class-map RTR2_src match source -address mac 00f0.64e2.3321

!

Classification can be done based on source or destination MAC addresses This type of classification is only possible on interfaces that use MAC addresses (for example, Ethernet or FastEthernet)

It is especially useful in situations where packets from a certain device have to be matched but the device does not have a static IP address (for example, DHCP-derived IP address) or it has too many IP addresses

Định dạng
Số trang	54
Dung lượng	1,93 MB