Published 6月 14, 2018 by with 0 comment

CCNP-ONT-v5.0 Lab 4.5: Class-based Queuing and NBAR


Lab4-5.net file for Dynamips:

##################################################
#
# CCNP Version 5.0: Optimizing Converged Cisco Networks
# Lab 4.5 Class-based Queuing and NBAR
# By Happy Peter  http://blog.xuite.net/juilin77/happy
#
##################################################

autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.11.0/UTS/CCNP4/lab4-5/workingconfig/

[[2621]]
 # Specify 2621 IOS image on Linux here:
 image = /opt/dynamips/images/C2600-TS.BIN
 ram = 128
 # Choose an idlepc value from the below
 idlepc = 0x803f37cc
 mmap = true
 ghostios = true
 confreg = 0x2102

[[3725]]
# Specify 3725 IOS image on Linux here:
 image = /opt/dynamips/images/c3725-ad.bin
 ram = 256
 idlepc = 0x60bf8d58
 mmap = true
 ghostios = true
 confreg = 0x2102

###########################
#
# Define router instances 1
#
###########################

 [[Router R1]]
  model = 3725
  console = 2001
  slot1 = NM-4T
  s1/0 = R2 s1/0
  F0/0 = TGN F0/0

 [[Router R2]]
  model = 3725
  console = 2002
  slot1 = NM-4T
  s1/1 = R3 s1/1

 [[Router R3]]
  model = 3725
  console = 2003
  slot1 = NM-4T
  F0/0 = TGN F0/1

 [[Router TGN]]
  # tgn: 407554012371
  model = 2621
  console = 2004



Learning Objectives
‧ Utilize NBAR for protocol detection
‧ Mark IP Precedence
‧ Allocate bandwidth using the Modular QoS Command-Line Interface
‧ Configure CBWFQ and LLQ queuing strategies


Preparation:

TGN(config)#interface fastEthernet 0/0
TGN(config-if)#ip address 172.16.10.4 255.255.255.0
TGN(config-if)#no shutdown

TGN(config)#interface fastEthernet 0/1
TGN(config-if)#ip address 172.16.20.4 255.255.255.0
TGN(config-if)#no shutdown

TGN to start generating traffic.
TGN#tgn

Loading these configurations:
fastethernet0/0
add tcp
rate 1000
l2-dest $R1 F0/0 MAC$
l3-src 172.16.10.4
l3-dest 172.16.20.4
l4-dest 23
length random 16 to 1500
burst on
burst duration off 1000 to 2000
burst duration on 1000 to 3000
add fastethernet0/0 1
l4-dest 80
data ascii 0 GET /index.html HTTP/1.1
add fastethernet0/0 1
l4-dest 21
add fastethernet0/0 1
l4-dest 123
add fastethernet0/0 1
l4-dest 110
add fastethernet0/0 1
l4-dest 25
add fastethernet0/0 1
l4-dest 22
add fastethernet0/0 1
l4-dest 6000
!
end

TGN#tgn start


Step 1: Configure the Physical Interfaces

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 172.16.10.1 255.255.255.0
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#no shutdown

R1(config)#interface serial 1/0
R1(config-if)#ip address 172.16.12.1 255.255.255.0
R1(config-if)#bandwidth 800
R1(config-if)#clock rate 806400
R1(config-if)#no shutdown

R2(config)#interface serial 1/0
R2(config-if)#ip address 172.16.12.2 255.255.255.0
R2(config-if)#bandwidth 800
R2(config-if)#no shutdown

R2(config)#interface serial 1/1
R2(config-if)#ip address 172.16.23.2 255.255.255.0
R2(config-if)#bandwidth 128
R2(config-if)#clock rate 128000
R2(config-if)#no shutdown

R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 172.16.20.3 255.255.255.0
R3(config-if)#speed 100
R3(config-if)#duplex full
R3(config-if)#no shutdown

R3(config)#interface serial 1/1
R3(config-if)#ip address 172.16.23.3 255.255.255.0
R3(config-if)#bandwidth 128
R3(config-if)#no shutdown


Step 2: Configure EIGRP AS 1
R1(config)#router eigrp 1
R1(config-router)#network 172.16.0.0 
R1(config-router)#no auto-summary

R2(config)#router eigrp 1
R2(config-router)#network 172.16.0.0
R2(config-router)#no auto-summary

R3(config)#router eigrp 1
R3(config-router)#network 172.16.0.0
R3(config-router)#no auto-summary


Step 3: Configure NBAR Protocol Discovery
For this lab, configure NBAR Protocol Discovery on the Fast Ethernet 0/0 interface on R1.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nbar protocol-discovery

After protocol discovery has been enabled for a minute or two, you can see the information it has collected by using the command show ip nbar protocol-discovery.

R1#show ip nbar protocol-discovery

 FastEthernet0/0
                            Input                    Output                
                            -----                    ------                
   Protocol                 Packet Count             Packet Count          
                            Byte Count               Byte Count            
                            5min Bit Rate (bps)      5min Bit Rate (bps)   
                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
   ------------------------ ------------------------ ------------------------
   xwindows                 62064                    0                     
                            48379115                 0                     
                            805000                   0                     
                            805000                   0                     
   ssh                      61900                    0                     
                            48167807                 0                     
                            802000                   0                     
                            802000                   0                     
   http                     61738                    0                     
                            48385936                 0                     
                            790000                   0                     
                            790000                   0                     
   pop3                     59695                    0                     
                            46657660                 0                     
                            779000                   0                     
                            779000                   0                     
   telnet                   59104                    0                     
                            45967689                 0                     
                            776000                   0                     
                            776000                   0                     
   ntp                      58480                    0                     
                            45484441                 0                     
                            760000                   0                     
                            760000                   0                     
   ftp                      57658                    0                     
                            45128794                 0                     
                            751000                   0                     
                            751000                   0                     
   smtp                     56541                    0                     
                            43846921                 0                     
                            724000                   0                     
                            724000                   0                     
   eigrp                    0                        73                    
                            0                        5402                  
                            0                        0                     
                            0                        0                     

Issue the show ip nbar port-map command to view the protocol-to-port mappings.
R1#show ip nbar port-map
port-map bgp                      udp 179
port-map bgp                      tcp 179
port-map bittorrent               tcp 6881 6882 6883 6884 6885 6886 6887 6888 6889
port-map citrix                   udp 1604
port-map citrix                   tcp 1494
port-map cuseeme                  udp 7648 7649 24032
port-map cuseeme                  tcp 7648 7649
port-map dhcp                     udp 67 68
port-map directconnect            tcp 411 412 413
port-map dns                      udp 53
port-map dns                      tcp 53
port-map edonkey                  tcp 4662
port-map exchange                 tcp 135
port-map fasttrack                tcp 1214
port-map finger                   tcp 79
port-map ftp                      tcp 21
port-map gnutella                 udp 6346 6347 6348
port-map gnutella                 tcp 6346 6347 6348 6349 6355 5634
port-map gopher                   udp 70
port-map gopher                   tcp 70
port-map h323                     udp 1300 1718 1719 1720 11720
port-map h323                     tcp 1300 1718 1719 1720 11000 - 11999
port-map http                     tcp 80


Step 4: Classify and Mark Packets
You will apply this QoS policy outbound on R1’s Serial 1/0 interface.
Create three traffic classes:
Critical: EIGRP or Network Time Protocol (NTP) traffic. These protocols are used for network control.
Interactive: Telnet, SSH, and XWindows traffic. These protocols are used for remote administration.
Web: HTTP, POP3, and SMTP traffic. These protocols are used for web and email access.

R1(config)#class-map match-any critical
R1(config-cmap)#match protocol eigrp
R1(config-cmap)#match protocol ntp 
R1(config-cmap)#exit
R1(config)#class-map match-any interactive
R1(config-cmap)#match protocol telnet        
R1(config-cmap)#match protocol ssh 
R1(config-cmap)#match protocol xwindows
R1(config-cmap)#exit
R1(config)#class-map match-any web  
R1(config-cmap)#match protocol http
R1(config-cmap)#match protocol pop3
R1(config-cmap)#match protocol smtp

You can verify created class-maps with the command show class-map.
R1#show class-map
 Class Map match-any critical (id 1)
   Match protocol eigrp
   Match protocol ntp

 Class Map match-any class-default (id 0)
   Match any

 Class Map match-any interactive (id 2)
   Match protocol telnet
   Match protocol ssh
   Match protocol xwindows

 Class Map match-any web (id 3)
   Match protocol http
   Match protocol pop3
   Match protocol smtp

R1#

The next task will be to define the QoS policy in a policy map. Create a policy map in global configuration mode using the policy-map name command.

R1(config)#policy-map markingpolicy

Create a new policy named “markingpolicy” and set the IP Precedence for matched packets as follows:
Critical: Set the IP Precedence to Network Control, represented by the value 7.
Interactive: Set the IP Precedence to Critical, represented by the value 5.
Web: Set the IP Precedence to Flash, represented by the value 3.
All other traffic: Set the IP Precedence of all other traffic to Routine, represented by the value 0. This value is the default value for IP Precedence.

R1(config-pmap)#class critical
R1(config-pmap-c)#set precedence 7
R1(config-pmap-c)#exit
R1(config-pmap)#class interactive
R1(config-pmap-c)#set precedence 5
R1(config-pmap-c)#exit
R1(config-pmap)#class web       
R1(config-pmap-c)#set precedence 3
R1(config-pmap-c)#exit
R1(config-pmap)#class class-default
R1(config-pmap-c)#set precedence 0 

Verify the policy map configuration using the show policy-map command.

R1#show policy-map
  Policy Map markingpolicy
    Class critical
      set precedence 7
    Class interactive
      set precedence 5
    Class web
      set precedence 3
    Class class-default
      set precedence 0

R1#

Finally, apply the configuration outbound towards R2 with the interface-level command service-policy direction name.

R1(config)#interface serial 1/0
R1(config-if)#service-policy output markingpolicy

Once a policy map is applied to an interface, you can use an extended form of the show policy-map command by issuing the show policy-map interface interface-name command.

R1#show policy-map interface serial 1/0
 Serial1/0

  Service-policy output: markingpolicy

    Class-map: critical (match-any)
      9610 packets, 7311800 bytes
      5 minute offered rate 174000 bps, drop rate 0 bps
      Match: protocol eigrp
        11 packets, 704 bytes
        5 minute rate 0 bps
      Match: protocol ntp
        9599 packets, 7311096 bytes
        5 minute rate 174000 bps
      QoS Set
        precedence 7
          Packets marked 9611

    Class-map: interactive (match-any)
      28569 packets, 22024085 bytes
      5 minute offered rate 521000 bps, drop rate 0 bps
      Match: protocol telnet
        9012 packets, 6964728 bytes
        5 minute rate 173000 bps
      Match: protocol ssh
        9745 packets, 7498818 bytes
        5 minute rate 185000 bps
      Match: protocol xwindows
        9812 packets, 7560539 bytes
        5 minute rate 183000 bps
      QoS Set
        precedence 5
          Packets marked 28577

    Class-map: web (match-any)
      31023 packets, 23932926 bytes
      5 minute offered rate 548000 bps, drop rate 0 bps
      Match: protocol http
        9418 packets, 7306815 bytes
        5 minute rate 174000 bps
      Match: protocol pop3
        11005 packets, 8466185 bytes
        5 minute rate 198000 bps
      Match: protocol smtp
        10600 packets, 8159926 bytes
        5 minute rate 193000 bps
      QoS Set
        precedence 3
          Packets marked 31026

    Class-map: class-default (match-any)
      8632 packets, 6644515 bytes
      5 minute offered rate 158000 bps, drop rate 41216000 bps
      Match: any
      QoS Set
        precedence 0
          Packets marked 8629
R1#


Step 5: Shape Traffic and Queue with CBWFQ and LLQ
On R2, create a policy map to be applied on its Serial 1/1 interface.You must reclassify and mark EIGRP packets because each of the EIGRP packets is link-local traffic and the EIGRP packets which you marked on ingress at R1 were not sent to R2. The new packets for the link between R1 and R2 must now be classified by an access list or NBAR. However, any NTP packets traversing the link will already be marked with IP precedence 7. You should to treat EIGRP and NTP packets in the same traffic class for consistency.

R2(config)#class-map prec0
R2(config-cmap)#match precedence 0
R2(config-cmap)#exit
R2(config)#class-map prec3 
R2(config-cmap)#match precedence 3
R2(config-cmap)#exit            
R2(config)#class-map prec5 
R2(config-cmap)#match precedence 5
R2(config-cmap)#exit            
R2(config)#class-map match-any prec7
R2(config-cmap)#match precedence 7
R2(config-cmap)#match protocol eigrp

Next, create the QoS policy to shape and queue the traffic.
Create a policy named “llqpolicy” on R2. The policy should allocate 10 percent of traffic to the “prec7” traffic class, 15 percent to the “prec5” traffic class, 30 percent to the “prec3” traffic class, and 20 percent to the “prec0” traffic class. Expedite traffic that falls into the “prec7” traffic class. Also, select weighted fair-queuing as the queuing method in the default traffic class with the fair-queue command.

R2(config)#policy-map llqpolicy
R2(config-pmap)#class prec7
R2(config-pmap-c)#priority percent 10
R2(config-pmap-c)#exit
R2(config-pmap)#class prec5      
R2(config-pmap-c)#bandwidth percent 15
R2(config-pmap-c)#exit
R2(config-pmap)#class prec3
R2(config-pmap-c)#bandwidth percent 30
R2(config-pmap-c)#exit
R2(config-pmap)#class prec0       
R2(config-pmap-c)#bandwidth percent 20
R2(config-pmap-c)#exit
R2(config-pmap)#class class-default
R2(config-pmap-c)#fair-queue

Verify your QoS policy configuration using the show policy-map command.

R2#show policy-map
  Policy Map llqpolicy
    Class prec7
      Strict Priority
      Bandwidth 10 (%)
    Class prec5
      Bandwidth 15 (%) Max Threshold 64 (packets)
    Class prec3
      Bandwidth 30 (%) Max Threshold 64 (packets)
    Class prec0
      Bandwidth 20 (%) Max Threshold 64 (packets)
    Class class-default
      Flow based Fair Queueing
      Bandwidth 0 (kbps) Max Threshold 64 (packets)

R2#

Use the same service-policy command from earlier to apply this policy map to the Serial 1/1 interface on R2 in an outbound direction.

R2(config)#interface serial 1/1
R2(config-if)#service-policy output llqpolicy

Verify using the interface-specific version of show policy-map.

R2#show policy-map interface serial 1/1
 Serial1/1

  Service-policy output: llqpolicy

    Class-map: prec7 (match-any)
      992 packets, 549517 bytes
      5 minute offered rate 19000 bps, drop rate 18000 bps
      Match:  precedence 7
        985 packets, 549069 bytes
        5 minute rate 19000 bps
      Match: protocol eigrp
        7 packets, 448 bytes
        5 minute rate 0 bps
      Queueing
        Strict Priority
        Output Queue: Conversation 40
        Bandwidth 10 (%)
        Bandwidth 12 (kbps) Burst 300 (Bytes)
        (pkts matched/bytes matched) 974/546763
        (total drops/bytes drops) 769/519823

    Class-map: prec5 (match-all)
      2755 packets, 1480664 bytes
      5 minute offered rate 40000 bps, drop rate 6000 bps
      Match:  precedence 5
      Queueing
        Output Queue: Conversation 41
        Bandwidth 15 (%)
        Bandwidth 19 (kbps)Max Threshold 64 (packets)
        (pkts matched/bytes matched) 2737/1469251
        (depth/total drops/no-buffer drops) 63/330/0

    Class-map: prec3 (match-all)
      2318 packets, 1225278 bytes
      5 minute offered rate 36000 bps, drop rate 4000 bps
      Match:  precedence 3
      Queueing
        Output Queue: Conversation 42
        Bandwidth 30 (%)
        Bandwidth 38 (kbps)Max Threshold 64 (packets)
        (pkts matched/bytes matched) 2305/1221501
        (depth/total drops/no-buffer drops) 1/42/0

    Class-map: prec0 (match-all)
      265 packets, 112776 bytes
      5 minute offered rate 8000 bps, drop rate 0 bps
      Match:  precedence 0
      Queueing
        Output Queue: Conversation 43
        Bandwidth 20 (%)
        Bandwidth 25 (kbps)Max Threshold 64 (packets)
        (pkts matched/bytes matched) 265/112776
        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)
      4 packets, 394 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      Queueing
        Flow Based Fair Queueing
        Maximum Number of Hashed Queues 32
        (total queued/total drops/no-buffer drops) 0/0/0
R2#

Challenge: Verifying IP Precedence
The topic of IP accounting is outside the scope of this curriculum. However, it is a useful tool for the verification of a marking policy. Issue the ip accounting precedence direction command in interface configuration mode to enable IP accounting on an interface. Apply this command on R3 for the Serial 1/1 interface that shows incoming markings from R2. View the accounting records for IP precedence by issuing the show interfaces precedence command.

R3(config)#interface serial 1/1
R3(config-if)#ip accounting precedence input

R3#show interfaces precedence
Serial1/1
  Input
    Precedence 0:  60 packets, 25724 bytes
    Precedence 3:  750 packets, 326573 bytes
    Precedence 5:  920 packets, 475399 bytes
    Precedence 6:  2 packets, 128 bytes
    Precedence 7:  80 packets, 9857 bytes
R3#


Final Configurations:
R1:
hostname R1
!
no ip domain lookup
!
class-map match-any critical
 match protocol eigrp
 match protocol ntp
class-map match-any interactive
 match protocol telnet
 match protocol ssh
 match protocol xwindows
class-map match-any web
 match protocol http
 match protocol pop3
 match protocol smtp
!
policy-map markingpolicy
 class critical
  set precedence 7
 class interactive
  set precedence 5
 class web
  set precedence 3
 class class-default
  set precedence 0
!
interface FastEthernet0/0
 ip address 172.16.10.1 255.255.255.0
 ip nbar protocol-discovery
 speed 100
 full-duplex
 no shutdown
!
interface Serial1/0
 bandwidth 800
 ip address 172.16.12.1 255.255.255.0
 clock rate 806400
 service-policy output markingpolicy
 no shutdown
!
router eigrp 1
 network 172.16.0.0
 no auto-summary
!
line con 0
 logging synchronous
!
end


R2:
hostname R2
!
no ip domain lookup
!
class-map match-all prec5
 match  precedence 5
class-map match-any prec7
 match  precedence 7
 match protocol eigrp
class-map match-all prec0
 match  precedence 0
class-map match-all prec3
 match  precedence 3
!
policy-map llqpolicy
 class prec7
  priority percent 10
 class prec5
  bandwidth percent 15
 class prec3
  bandwidth percent 30
 class prec0
  bandwidth percent 20
 class class-default
  fair-queue
!
interface Serial1/0
 bandwidth 800
 ip address 172.16.12.2 255.255.255.0
 no shutdown
!
interface Serial1/1
 bandwidth 128
 ip address 172.16.23.2 255.255.255.0
 clock rate 128000
 service-policy output llqpolicy
 no shutdown
!
router eigrp 1
 network 172.16.0.0
 no auto-summary
!
line con 0
 logging synchronous
!
end


R3:
hostname R3
!
no ip domain lookup
!
interface FastEthernet0/0
 ip address 172.16.20.3 255.255.255.0
 speed 100
 full-duplex
 no shutdown
!
interface Serial1/1
 bandwidth 128
 ip address 172.16.23.3 255.255.255.0
 ip accounting precedence input
 no shutdown
!
router eigrp 1
 network 172.16.0.0
 no auto-summary
!
line con 0
 logging synchronous
!
end

TGN:
hostname TGN
!
no ip domain lookup
!
interface FastEthernet0/0
 ip address 172.16.10.4 255.255.255.0
 no shutdown
!
interface FastEthernet0/1
 ip address 172.16.20.4 255.255.255.0
 no shutdown
!
line con 0
 logging synchronous
!
end


Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html

CCNP Version 5.0: Optimizing Converged Cisco Networks
Student Lab Manual


最初發表 / 最後更新: 2009.04.13 / 2018.06.14

0 comments:

張貼留言