Friday, July 26, 2013

MPLS QoS




Elements

We are going to examine QoS configuration through our MPLS backbone and across the L3VPN connection implemented to maintain connectivity between site #1(R4, R6) and site #2 (R5, R7)
ISIS level-2 will be the IGP used inside our MPLS backbone, and BGP will be the PE-CE routing protocol, OSPF will be the CE-C routing protocol

Configuration

R1

vrf definition MSSK
 rd 100:1
 !
 address-family ipv4
  route-target export 100:1
  route-target import 100:1

mpls label protocol ldp
mpls ldp router-id Loopback0 force

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 1

interface FastEthernet1/0
 ip address 192.1.13.1 255.255.255.0
 ip router isis 1
 speed 100
 duplex full
 mpls ip

interface FastEthernet1/1
 vrf forwarding MSSK
 ip address 192.1.14.1 255.255.255.0
 speed 100
 duplex full

router isis 1
 net 49.0001.0000.0000.0001.00
 is-type level-2-only

router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0

address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both

address-family ipv4 vrf MSSK
  network 192.1.14.0
  neighbor 192.1.14.4 remote-as 200
  neighbor 192.1.14.4 activate
  neighbor 192.1.14.4 as-override




R2

vrf definition MSSK
 rd 100:1

address-family ipv4
  route-target export 100:1
  route-target import 100:1
 exit-address-family

mpls label protocol ldp
mpls ldp router-id Loopback0 force

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 1

interface FastEthernet1/0
 ip address 192.1.23.2 255.255.255.0
 ip router isis 1
 speed 100
 duplex full
 mpls ip
 no shut

interface FastEthernet1/1
 vrf forwarding MSSK
 ip address 192.1.25.2 255.255.255.0
 speed 100
 duplex full
 no shut

router isis 1
 net 49.0001.0000.0000.0002.00
 is-type level-2-only

router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0

 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both

 address-family ipv4 vrf MSSK
  network 192.1.25.0
  neighbor 192.1.25.5 remote-as 200
  neighbor 192.1.25.5 activate
  neighbor 192.1.25.5 as-override

R3

mpls label protocol ldp
mpls ldp router-id Loopback0 force

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 1

interface FastEthernet1/0
 ip address 192.1.13.3 255.255.255.0
 ip router isis 1
 speed 100
 duplex full
 mpls ip
 no shut

interface FastEthernet1/1
 ip address 192.1.23.3 255.255.255.0
 ip router isis 1
 speed 100
 duplex full
 mpls ip
 no shut

router isis 1
 net 49.0001.0000.0000.0003.00
 is-type level-2-only

router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0

address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
  neighbor 1.1.1.1 route-reflector-client
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 route-reflector-client

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255

interface FastEthernet1/0
 ip address 192.1.14.4 255.255.255.0
 speed 100
 duplex full
 no shut

interface FastEthernet1/1
 ip address 192.1.46.4 255.255.255.0
 speed 100
 duplex full
 no shut

router ospf 1
 router-id 4.4.4.4
 redistribute bgp 200 subnets
 network 192.1.46.4 0.0.0.0 area 0

router bgp 200
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 192.1.14.1 remote-as 100

address-family ipv4
  network 4.4.4.4 mask 255.255.255.255
  redistribute ospf 1
  neighbor 192.1.14.1 activate
 exit-address-family

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255

interface FastEthernet1/0
 ip address 192.1.25.5 255.255.255.0
 speed 100
 duplex full
 no shut

interface FastEthernet1/1
 ip address 192.1.57.5 255.255.255.0
 speed 100
 duplex full
 no shut

router ospf 1
 router-id 5.5.5.5
 redistribute bgp 200 subnets
 network 192.1.57.5 0.0.0.0 area 0

router bgp 200
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 192.1.25.2 remote-as 100

address-family ipv4
  network 5.5.5.5 mask 255.255.255.255
  redistribute ospf 1
  neighbor 192.1.25.2 activate
 exit-address-family

R6

interface Loopback0
 ip address 6.6.6.6 255.255.255.255

interface FastEthernet1/0
 ip address 192.1.46.6 255.255.255.0
 speed 100
 duplex full
 no shut

router ospf 1
 router-id 6.6.6.6
 network 6.6.6.6 0.0.0.0 area 0
 network 192.1.46.6 0.0.0.0 area 0

R7

interface Loopback0
 ip address 7.7.7.7 255.255.255.255

interface FastEthernet1/0
 ip address 192.1.57.7 255.255.255.0
 speed 100
 duplex full
 no shut

router ospf 1
 router-id 7.7.7.7
 network 7.7.7.7 0.0.0.0 area 0
 network 192.1.57.7 0.0.0.0 area 0

Verification

R1#show bgp vpnv4 unicast all         
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf MSSK)
 *>  4.4.4.4/32       192.1.14.4               0             0 200 i
 *>i 5.5.5.5/32       2.2.2.2                  0    100      0 200 i
 *>  6.6.6.6/32       192.1.14.4               2             0 200 ?
 *>i 7.7.7.7/32       2.2.2.2                  2    100      0 200 ?
 *>  192.1.14.0       0.0.0.0                  0         32768 i
 *>i 192.1.25.0       2.2.2.2                  0    100      0 i
 *>  192.1.46.0       192.1.14.4               0             0 200 ?
 *>i 192.1.57.0       2.2.2.2                  0    100      0 200 ?
 
R2#show bgp vpnv4 unicast all         
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf MSSK)
 *>i 4.4.4.4/32       1.1.1.1                  0    100      0 200 i
 *>  5.5.5.5/32       192.1.25.5               0             0 200 i
 *>i 6.6.6.6/32       1.1.1.1                  2    100      0 200 ?
 *>  7.7.7.7/32       192.1.25.5               2             0 200 ?
 *>i 192.1.14.0       1.1.1.1                  0    100      0 i
 *>  192.1.25.0       0.0.0.0                  0         32768 i
 *>i 192.1.46.0       1.1.1.1                  0    100      0 200 ?
 *>  192.1.57.0       192.1.25.5               0             0 200 ?
 
R4#show ip bgp 
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 
     Network          Next Hop            Metric LocPrf Weight Path
 *>  4.4.4.4/32       0.0.0.0                  0         32768 i
 *>  5.5.5.5/32       192.1.14.1                             0 100 100 i
 *>  6.6.6.6/32       192.1.46.6               2         32768 ?
 *>  7.7.7.7/32       192.1.14.1                             0 100 100 ?
 r>  192.1.14.0       192.1.14.1               0             0 100 i
 *>  192.1.25.0       192.1.14.1                             0 100 i
 *>  192.1.46.0       0.0.0.0                  0         32768 ?
 *>  192.1.57.0       192.1.14.1                             0 100 100 ?
 
R4#ping 5.5.5.5 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/65/132 ms
 
R5#sh ip bgp 
BGP table version is 9, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 
     Network          Next Hop            Metric LocPrf Weight Path
 *>  4.4.4.4/32       192.1.25.2                             0 100 100 i
 *>  5.5.5.5/32       0.0.0.0                  0         32768 i
 *>  6.6.6.6/32       192.1.25.2                             0 100 100 ?
 *>  7.7.7.7/32       192.1.57.7               2         32768 ?
 *>  192.1.14.0       192.1.25.2                             0 100 i
 r>  192.1.25.0       192.1.25.2               0             0 100 i
 *>  192.1.46.0       192.1.25.2                             0 100 100 ?
 *>  192.1.57.0       0.0.0.0                  0         32768 ?
 
R5#ping 4.4.4.4 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/88 ms
 
R6#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
 
Gateway of last resort is not set
 
      4.0.0.0/32 is subnetted, 1 subnets
O E2     4.4.4.4 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
      5.0.0.0/32 is subnetted, 1 subnets
O E2     5.5.5.5 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
      7.0.0.0/32 is subnetted, 1 subnets
O E2     7.7.7.7 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
O E2  192.1.25.0/24 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
O E2  192.1.57.0/24 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
 
R6#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/85/140 ms
 
R7#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
 
Gateway of last resort is not set
 
      4.0.0.0/32 is subnetted, 1 subnets
O E2     4.4.4.4 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
      5.0.0.0/32 is subnetted, 1 subnets
O E2     5.5.5.5 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
      6.0.0.0/32 is subnetted, 1 subnets
O E2     6.6.6.6 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
O E2  192.1.14.0/24 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
O E2  192.1.46.0/24 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
 
R7#ping 6.6.6.6 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/72/96 ms
 
Now, as reachability is in place let us start diving in configuring MPLS QoS
We will start from the C routers and configure it for IP Precedence classification
Let us choose precedence values 1, 2, 3 and 6
We will depend on MQC model to for our purposes
 
R6
 
class-map PRECEDENCE_6
 match ip precedence 6 
class-map PRECEDENCE_3
 match ip precedence 3 
class-map PRECEDENCE_2
 match ip precedence 2 
class-map PRECEDENCE_1
 match ip precedence 1
 
policy-map MATCH
 class PRECEDENCE_1
 class PRECEDENCE_2
 class PRECEDENCE_3
 class PRECEDENCE_6
 
interface FastEthernet1/0
service-policy input MATCH
 
R7
 
class-map PRECEDENCE_6
 match ip precedence 6 
class-map PRECEDENCE_3
 match ip precedence 3 
class-map PRECEDENCE_2
 match ip precedence 2 
class-map PRECEDENCE_1
 match ip precedence 1
 
policy-map MATCH
 class PRECEDENCE_1
 class PRECEDENCE_2
 class PRECEDENCE_3
 class PRECEDENCE_6
 
interface FastEthernet1/0
service-policy input MATCH
 
 
R6#ping 7.7.7.7 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 48/85/156 ms
 
R6#show policy-map interface fastEthernet 1/0 
 FastEthernet1/0 
 
  Service-policy input: MATCH
 
    Class-map: PRECEDENCE_1 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 1 
 
    Class-map: PRECEDENCE_2 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 2 
 
    Class-map: PRECEDENCE_3 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 3 
 
    Class-map: PRECEDENCE_6 (match-all)  
      2 packets, 188 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 6 
          
    Class-map: class-default (match-any)  
      10 packets, 1140 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
 
R7#show policy-map interface fastEthernet 1/0 
 FastEthernet1/0 
 
  Service-policy input: MATCH
 
    Class-map: PRECEDENCE_1 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 1 
 
    Class-map: PRECEDENCE_2 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 2 
 
    Class-map: PRECEDENCE_3 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 3 
 
    Class-map: PRECEDENCE_6 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 6 
          
    Class-map: class-default (match-any)  
      10 packets, 1140 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
 
As we can see the ICMP packets fall in the class-default, and the PRECEDENCE_6 class counts as it relates to routing updates and keepalives and so on
 
Now, let us choose three applications: TELNET, TFTP and ICMP
We will configure CE routers to assign these applications precedence values as they are leaving toward the MPLS backbone
 
R4
 
ip access-list extended TELNET
 permit tcp any any eq telnet
 permit tcp any eq telnet any
 
ip access-list extended TFTP
 permit udp any any eq 69
 
ip access-list extended ICMP
 permit icmp any any
 
class-map ICMP_CLASS
 match access-group name ICMP
class-map TFTP_CLASS
 match access-group name TFTP
class-map TELNET_CLASS
 match access-group name TELNET
 
policy-map MARK
 class TELNET_CLASS
  set ip precedence 1
 class TFTP_CLASS
  set ip precedence 2
 class ICMP_CLASS
  set ip precedence 3
 class class-default
  set ip precedence 6
 
interface FastEthernet1/0
service-policy output MARK
 
R5
 
ip access-list extended TELNET
 permit tcp any any eq telnet
 permit tcp any eq telnet any
 
ip access-list extended TFTP
 permit udp any any eq 69
 
ip access-list extended ICMP
 permit icmp any any
 
class-map ICMP_CLASS
 match access-group name ICMP
class-map TFTP_CLASS
 match access-group name TFTP
class-map TELNET_CLASS
 match access-group name TELNET
 
policy-map MARK
 class TELNET_CLASS
  set ip precedence 1
 class TFTP_CLASS
  set ip precedence 2
 class ICMP_CLASS
  set ip precedence 3
 class class-default
  set ip precedence 6
 
interface FastEthernet1/0
service-policy output MARK
 
 
To enable telnet access
 
R6, R7
 
line vty 0 4
password cisco
login 
 
enable secret cisco
 
For TFTP R7 will be the server and R6 will be the client
 
R7
 
tftp-server nvram:underlying-config
 
R4#show policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: MARK
 
    Class-map: TELNET_CLASS (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name TELNET
      QoS Set
        precedence 1
          Packets marked 0
 
    Class-map: TFTP_CLASS (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name TFTP
      QoS Set
        precedence 2
          Packets marked 0
 
    Class-map: ICMP_CLASS (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name ICMP
      QoS Set
        precedence 3
          Packets marked 0
 
    Class-map: class-default (match-any)  
      3 packets, 495 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any 
      QoS Set
        precedence 6
          Packets marked 0
 
R4#show policy-map interface fastEthernet 1/0 | inc Class|marked
    Class-map: TELNET_CLASS (match-all)  
          Packets marked 0
    Class-map: TFTP_CLASS (match-all)  
          Packets marked 0
    Class-map: ICMP_CLASS (match-all)  
          Packets marked 0
    Class-map: class-default (match-any)  
          Packets marked 0
 
R6#ping 7.7.7.7 repeat 20
Type escape sequence to abort.
Sending 20, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20), round-trip min/avg/max = 44/71/128 ms
 
R6#telnet 7.7.7.7
Trying 7.7.7.7 ... Open
 
User Access Verification
 
Password: 
R7>en
Password: 
R7#exit
 
[Connection to 7.7.7.7 closed by foreign host]
 
R6#copy tftp://7.7.7.7/underlying-config null:
Accessing tftp://7.7.7.7/underlying-config...
Loading underlying-config from 7.7.7.7 (via FastEthernet1/0): !
[OK - 233 bytes]
 
233 bytes copied in 0.252 secs (925 bytes/sec)
 
R4#show policy-map interface fastEthernet 1/0 | inc Class|marked
    Class-map: TELNET_CLASS (match-all)  
          Packets marked 34
    Class-map: TFTP_CLASS (match-all)  
          Packets marked 4
    Class-map: ICMP_CLASS (match-all)  
          Packets marked 20
    Class-map: class-default (match-any)  
          Packets marked 8
 
R5#show policy-map interface fastEthernet 1/0 | inc Class|marked
    Class-map: TELNET_CLASS (match-all)  
          Packets marked 27
    Class-map: TFTP_CLASS (match-all)  
          Packets marked 0
    Class-map: ICMP_CLASS (match-all)  
          Packets marked 20
    Class-map: class-default (match-any)  
          Packets marked 8
 
As we can see the count appears, but for TFTP traffic it’s a one way as one of the routers is acting as a server and the other one is acting as a client
 
Now, let us implement some queuing and policing 
Let us focus on ICMP traffic, we will configure a 3 rate policer as below (as traffic is leaving toward the MPLS backbone)
 
Conform action: transmit
Exceed action: set the MPLS EXP bit to 5
Violate action: drop
 
R1
 
class-map EXP_CLASS
 match mpls experimental topmost 3
 
policy-map EXP_POLICY
 class EXP_CLASS
  police 64000 conform-action transmit  exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
 
interface FastEthernet1/0
service-policy output EXP_POLICY
 
R1#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: EXP_POLICY
 
    Class-map: EXP_CLASS (match-all)  
      20 packets, 2440 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: mpls experimental topmost 3 
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 20 packets, 2440 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          set-mpls-exp-topmost-transmit 5
        violated 0 packets, 0 bytes; actions:
          drop 
        conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
 
    Class-map: class-default (match-any)  
      56172 packets, 21716570 bytes
      5 minute offered rate 2000 bps, drop rate 0000 bps
      Match: any
 
Now, let us configure on the P router (R3) MQC in order to check for the policy we configured
 
R3
 
class-map match-all PRECEDENCE_6
 match mpls experimental topmost 6 
class-map match-all PRECEDENCE_5
 match mpls experimental topmost 5 
class-map match-all PRECEDENCE_3
 match mpls experimental topmost 3 
class-map match-all PRECEDENCE_2
 match mpls experimental topmost 2 
class-map match-all PRECEDENCE_1
 match mpls experimental topmost 1
 
policy-map MATCH
 class PRECEDENCE_1
 class PRECEDENCE_2
 class PRECEDENCE_3
 class PRECEDENCE_6
 class PRECEDENCE_5
 
interface FastEthernet1/0
 ip address 192.1.13.3 255.255.255.0
 ip router isis 1
 speed 100
 duplex full
 mpls ip
 service-policy input MATCH
 
Now , we will generate some traffic from R6 toward R7 (we will influence the size of ICMP packets in order to see the dropped packets)
 
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!!.!!!.!!.!!!.!
Success rate is 75 percent (15/20), round-trip min/avg/max = 76/88/108 ms
 
R1#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: EXP_POLICY
 
    Class-map: EXP_CLASS (match-all)  
      40 packets, 33280 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: mpls experimental topmost 3 
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 30 packets, 18060 bytes; actions:
          transmit 
        exceeded 5 packets, 7610 bytes; actions:
          set-mpls-exp-topmost-transmit 5
        violated 5 packets, 7610 bytes; actions:
          drop 
        conformed 1000 bps, exceeded 1000 bps, violated 1000 bps
 
    Class-map: class-default (match-any)  
      17 packets, 6964 bytes
      5 minute offered rate 2000 bps, drop rate 0000 bps
      Match: any
 
R3#show policy-map interface fastEthernet 1/0 | inc Class|packets
    Class-map: PRECEDENCE_1 (match-all)  
      0 packets, 0 bytes
    Class-map: PRECEDENCE_2 (match-all)  
      0 packets, 0 bytes
    Class-map: PRECEDENCE_3 (match-all)  
      40 packets, 18480 bytes
    Class-map: PRECEDENCE_6 (match-all)  
      0 packets, 0 bytes
    Class-map: PRECEDENCE_5 (match-all)  
      10 packets, 7820 bytes
    Class-map: class-default (match-any)  
      10 packets, 725 bytes
 
As we can see the PRECEDENCE_5 class is counting
 
Now, let us move our policy toward the customer side (toward R5), R5 does not understand EXP bit as the disposition happens at its PE router: R2, so how we will apply the same policy and queuing mechanism? We will configure what so called QoS groups
 
R2
 
class-map match-all INPUT_CLASS
 match mpls experimental topmost 3
 
policy-map INPUT_POLICY
 class INPUT_CLASS
  set qos-group 3
 
interface FastEthernet1/0
service-policy input INPUT_POLICY
 
class-map match-all OUTPUT_CLASS
 match qos-group 3
 
policy-map OUTPUT_POLICY
 class OUTPUT_CLASS
  police 64000 conform-action transmit  exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
 
interface FastEthernet1/1
service-policy output OUTPUT_POLICY
 
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!.!!.!!.!!.!!!.
Success rate is 70 percent (14/20), round-trip min/avg/max = 64/87/128 ms
 
R1#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: EXP_POLICY
 
    Class-map: EXP_CLASS (match-all)  
      40 packets, 33280 bytes
      5 minute offered rate 3000 bps, drop rate 1000 bps
      Match: mpls experimental topmost 3 
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 28 packets, 19156 bytes; actions:
          transmit 
        exceeded 9 packets, 9558 bytes; actions:
          set-mpls-exp-topmost-transmit 5
        violated 3 packets, 4566 bytes; actions:
          drop 
        conformed 2000 bps, exceeded 1000 bps, violated 1000 bps
 
    Class-map: class-default (match-any)  
      25 packets, 10724 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: any
 
R4#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: MARK
 
    Class-map: TELNET_CLASS (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name TELNET
      QoS Set
        precedence 1
          Packets marked 0
 
    Class-map: TFTP_CLASS (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name TFTP
      QoS Set
        precedence 2
          Packets marked 0
 
    Class-map: ICMP_CLASS (match-all)  
      40 packets, 32960 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name ICMP
      QoS Set
        precedence 3
          Packets marked 40
 
    Class-map: class-default (match-any)  
      12 packets, 1380 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any 
      QoS Set
        precedence 6
          Packets marked 2
 
R1#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy output: EXP_POLICY
 
    Class-map: EXP_CLASS (match-all)  
      40 packets, 33280 bytes
      5 minute offered rate 3000 bps, drop rate 1000 bps
      Match: mpls experimental topmost 3 
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 28 packets, 19156 bytes; actions:
          transmit 
        exceeded 9 packets, 9558 bytes; actions:
          set-mpls-exp-topmost-transmit 5
        violated 3 packets, 4566 bytes; actions:
          drop 
        conformed 2000 bps, exceeded 1000 bps, violated 1000 bps
 
    Class-map: class-default (match-any)  
      25 packets, 10724 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: any
 
R2#sh policy-map interface fastEthernet 1/0
 FastEthernet1/0 
 
  Service-policy input: INPUT_POLICY
 
    Class-map: INPUT_CLASS (match-all)  
      54 packets, 29212 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: mpls experimental topmost 3 
      QoS Set
        qos-group 3
          Packets marked 54
 
    Class-map: class-default (match-any)  
      33 packets, 2430 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any 
 
R2#sh policy-map interface fastEthernet 1/1
 FastEthernet1/1 
 
  Service-policy output: OUTPUT_POLICY
 
    Class-map: OUTPUT_CLASS (match-all)  
      54 packets, 28996 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: qos-group 3
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 44 packets, 15452 bytes; actions:
          transmit 
        exceeded 7 packets, 9074 bytes; actions:
          set-mpls-exp-topmost-transmit 5
        violated 3 packets, 4470 bytes; actions:
          drop 
        conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
 
    Class-map: class-default (match-any)  
      16 packets, 1603 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
 
Now, let us change the exceed action on R2
 
R2
 
policy-map OUTPUT_POLICY
 class OUTPUT_CLASS
no police 64000 conform-action transmit  exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
police 64000 conform-action transmit  exceed-action set-prec-transmit 5 violate-action drop
 
Configure R7 to catch PRECEDENCE_5
 
R7
 
class-map PRECEDENCE_5
match ip precedence 5
 
policy-map MATCH
class PRECEDENCE_5
 
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!!.!!.!!.!!!.!!
Success rate is 75 percent (15/20), round-trip min/avg/max = 60/93/148 ms
 
R2#sh policy-map interface fastEthernet 1/1
 FastEthernet1/1 
 
  Service-policy output: OUTPUT_POLICY
 
    Class-map: OUTPUT_CLASS (match-all)  
      104 packets, 54896 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: qos-group 3
      police:
          cir 64000 bps, bc 2000 bytes, be 2000 bytes
        conformed 44 packets, 16960 bytes; actions:
          transmit 
        exceeded 6 packets, 8940 bytes; actions:
          set-prec-transmit 5
        violated 0 packets, 0 bytes; actions:
          drop 
        conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
 
    Class-map: class-default (match-any)  
      47 packets, 4792 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
 
R7#show policy-map interface fastEthernet 1/0 | inc Class|packet
    Class-map: PRECEDENCE_1 (match-all)  
      0 packets, 0 bytes
    Class-map: PRECEDENCE_2 (match-all)  
      0 packets, 0 bytes
    Class-map: PRECEDENCE_3 (match-all)  
      44 packets, 16960 bytes
    Class-map: PRECEDENCE_6 (match-all)  
      3 packets, 282 bytes
    Class-map: PRECEDENCE_5 (match-all)  
      6 packets, 8940 bytes
    Class-map: class-default (match-any)  
      0 packets, 0 bytes
 
 
.net File
 
autostart = False
version = 0.8.3
[localhost:7202]
    workingdir = /tmp
    udp = 10200
    [[7200]]
        image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
        ghostios = True
    [[ROUTER R5]]
        console = 2005
        aux = 2505
        slot1 = PA-2FE-TX
        f1/0 = R2 f1/1
        f1/1 = R7 f1/0
        x = 144.0
        y = 12.0
        z = 1.0
    [[ROUTER R6]]
        console = 2006
        aux = 2506
        slot1 = PA-2FE-TX
        f1/0 = R4 f1/1
        x = -287.0
        y = 121.0
        z = 1.0
[localhost:7203]
    workingdir = /tmp
    udp = 10300
    [[7200]]
        image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
        ghostios = True
    [[ROUTER R7]]
        console = 2007
        aux = 2507
        slot1 = PA-2FE-TX
        f1/0 = R5 f1/1
        x = 147.0
        y = 130.0
        z = 1.0
[localhost:7200]
    workingdir = /tmp
    udp = 10000
    [[7200]]
        image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
        ghostios = True
    [[ROUTER R1]]
        console = 2001
        aux = 2501
        slot1 = PA-2FE-TX
        f1/0 = R3 f1/0
        f1/1 = R4 f1/0
        x = -177.0
        y = -82.0
        z = 1.0
    [[ROUTER R2]]
        console = 2002
        aux = 2502
        slot1 = PA-2FE-TX
        f1/0 = R3 f1/1
        f1/1 = R5 f1/0
        x = 33.0
        y = -77.0
        z = 1.0
[localhost:7201]
    workingdir = /tmp
    udp = 10100
    [[7200]]
        image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
        ghostios = True
    [[ROUTER R4]]
        console = 2004
        aux = 2504
        slot1 = PA-2FE-TX
        f1/0 = R1 f1/1
        f1/1 = R6 f1/0
        x = -290.0
        y = 3.0
        z = 1.0
    [[ROUTER R3]]
        console = 2003
        aux = 2503
        slot1 = PA-2FE-TX
        f1/0 = R1 f1/0
        f1/1 = R2 f1/0
        x = -74.0
        y = -166.0
        z = 1.0

No comments:

Post a Comment