Tuesday, April 21, 2009

Marking using NBAR

Command List

Use the following commands to complete this exercise:

Command

Description

no service-policy {input | output} policy-map-name

Removes a service policy from an input or output interface.

show ip cef

Displays the state of Cisco Express Forwarding (CEF).

ip nbar protocol-discovery

Configures NBAR to discover traffic for all protocols known to NBAR on a particular interface.

clear ip nbar protocol-discovery

Clears NBAR protocol discovery statistics.

show ip nbar protocol-discovery [interface interface-spec]

Displays the statistics gathered by the NBAR protocol discovery feature.

ip access-list {standard | extended} access-list-name

Defines an IP access list by name.

permit tcp source source-wildcard destination destination-wildcard [operator [port]]

Sets conditions to allow a TCP packet to pass a named IP access list.

permit udp source source-wildcard destination destination-wildcard [operator [port]]

Sets conditions to allow a UDP packet to pass a named IP access list.

class-map class-map-name

Creates a class map to be used for matching packets to a specified class.

match protocol protocol-name

Configures the match criteria for a class map on the basis of the specified protocol.

match access-group {access-group | name access-group-name}

Configures the match criteria for a class map on the basis of the specified access list.

policy-map policy-map-name

Creates or modifies a policy map that can be attached to one or more interfaces.

class {class-name | class-default}

Specifies the name of the class whose policy you want to create or change or to specify the default class.

set dscp dscp-value

Marks a packet by setting the differentiated services code point (DSCP).

service-policy {input | output} policy-map-name

Attaches a policy map to an input, or an output interface.

show class-map class-map-name

Displays all class maps and their matching criteria.

show policy-map policy-map

Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps.

show policy-map interface interface-name [input | output] [class class-map-name]

Displays the packet statistics of all classes that are configured for all service policies on the specified interface.

Table 1: Configuration and monitoring commands used in this Lab exercise

Complete Solution;

ip access-list extended VoIP-RTCP
permit udp any any range 16384 32767
!
ip access-list extended Voice-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
!
class-map match-any real-time

match protocol rtp
match protocol icmp
match access-group name VoIP-RTCP
class-map match-any mission-critical
match protocol sqlnet
match access-group name Voice-Control
class-map match-all interactive
match protocol citrix
class-map match-all bulk
match protocol ftp
class-map match-any scavenger
match protocol kazaa2
match protocol napster
!
policy-map mark-nbar
class real-time
set dscp ef
class mission-critical
set dscp af31
class interactive
set dscp af21
class bulk
set dscp af11
class scavenger
set dscp cs1
class class-default
set dscp default
!
interface fastethernet0/0
service-policy input mark-nbar


----------------------------------------------------------

Configuration 12: Configuration description
Step 18 The following commands need to be entered on R1 router.
R1#show policy-map interface fastethernet0/0
FastEthernet0/0
Service-policy input: mark-nbar
Class-map: real-time (match-any)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol rtp
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol icmp
5 packets, 570 bytes
5 minute rate 0 bps
Match: access-group name VoIP-RTCP
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
dscp ef
Packets marked 5
Class-map: mission-critical (match-any)
7298 packets, 770942 bytes
5 minute offered rate 27000 bps, drop rate 0 bps
Match: protocol sqlnet
6596 packets, 694955 bytes
5 minute rate 22000 bps
Match: access-group name Voice-Control
702 packets, 75987 bytes
5 minute rate 6000 bps

at No comments:

Tuesday, April 14, 2009

QOS - MQC and class Based Markings Demystified

The 6-bit DSCP field (described in RFC 2474) defines the per-hop behavior (PHB). A PHB is an externally observable
forwarding behavior or QoS treatment performed by a network device such as a router or a switch.

The four different DiffServ PHBs are Best Effort (BE), Class Selector (CS), Assured Forwarding (AF), and Expedited
Forwarding (EF):

n BE is indicated when all 6 bits of the DS field are zero, and it has no specific QoS treatment.
n CS is used for backward compatibility with IP Precedence, and when using this PHB, the last 3 bits of the DSCP
field are zero.
n AF (defined in RFC 2597) specifies four different classes, along with three different drop precedences.
When using AF, the first 3 bits of the DS field define the queuing class (1 to 4), and the last 3 bits define the drop
precedence (the likelihood of the packet being dropped [1 to 3]). AF PHB names are often written in the AFxy
format, where x is the queuing class and y is the drop precedence.
n EF (RFC 3246) specifies a low delay, low jitter, and low packet-loss QoS treatment with a bandwidth guarantee.


Follow the sequence of commands mentioned above to configure class based marking of trafficStep 1 The following commands need to be entered on R1 router.

access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq ftp-data

Configuration 1: Configuration description

Step 2 The following commands need to be entered on R1 router.
access-list 102 permit tcp any any eq www

Configuration 2: Configuration description


Step 3 The following commands need to be entered on R1 router.
class-map match-ftp
match access-group 101
!
class-map match-www
match access-group 102

Configuration 3:
Configuration description
Step 4 The following commands need to be entered on R1 router.
policy-map mark-apps
class match-ftp
set dscp af11

class match-www
set dscp default

Configuration 4: Configuration description

Step 5 The following commands need to be entered on R1 router.
interface fastethernet0/0
service-policy input mark-apps

Configuration 5: Configuration description

Step 6 Class FTP: matched_ 1749__ marked_ 1749__
Class WWW: matched_ 1028__ marked_ 1028__
Class class-default: matched_ 28733_
at No comments:
Subscribe to: Posts (Atom)