Lab4-5.net file for Dynamips:
##################################################
#
# CCNP Version 5.0: Optimizing Converged Cisco Networks
# Lab 4.5 Class-based Queuing and NBAR
# By Happy Peter http://blog.xuite.net/juilin77/happy
#
##################################################
autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.11.0/UTS/CCNP4/lab4-5/workingconfig/
[[2621]]
# Specify 2621 IOS image on Linux here:
image = /opt/dynamips/images/C2600-TS.BIN
ram = 128
# Choose an idlepc value from the below
idlepc = 0x803f37cc
mmap = true
ghostios = true
confreg = 0x2102
[[3725]]
# Specify 3725 IOS image on Linux here:
image = /opt/dynamips/images/c3725-ad.bin
ram = 256
idlepc = 0x60bf8d58
mmap = true
ghostios = true
confreg = 0x2102
###########################
#
# Define router instances 1
#
###########################
[[Router R1]]
model = 3725
console = 2001
slot1 = NM-4T
s1/0 = R2 s1/0
F0/0 = TGN F0/0
[[Router R2]]
model = 3725
console = 2002
slot1 = NM-4T
s1/1 = R3 s1/1
[[Router R3]]
model = 3725
console = 2003
slot1 = NM-4T
F0/0 = TGN F0/1
[[Router TGN]]
# tgn: 407554012371
model = 2621
console = 2004
Learning Objectives
‧ Utilize NBAR for protocol detection
‧ Mark IP Precedence
‧ Allocate bandwidth using the Modular QoS Command-Line Interface
‧ Configure CBWFQ and LLQ queuing strategies
Preparation:
TGN(config)#interface fastEthernet 0/0
TGN(config-if)#ip address 172.16.10.4 255.255.255.0
TGN(config-if)#no shutdown
TGN(config)#interface fastEthernet 0/1
TGN(config-if)#ip address 172.16.20.4 255.255.255.0
TGN(config-if)#no shutdown
TGN to start generating traffic.
TGN#tgn
Loading these configurations:
fastethernet0/0
add tcp
rate 1000
l2-dest $R1 F0/0 MAC$
l3-src 172.16.10.4
l3-dest 172.16.20.4
l4-dest 23
length random 16 to 1500
burst on
burst duration off 1000 to 2000
burst duration on 1000 to 3000
add fastethernet0/0 1
l4-dest 80
data ascii 0 GET /index.html HTTP/1.1
add fastethernet0/0 1
l4-dest 21
add fastethernet0/0 1
l4-dest 123
add fastethernet0/0 1
l4-dest 110
add fastethernet0/0 1
l4-dest 25
add fastethernet0/0 1
l4-dest 22
add fastethernet0/0 1
l4-dest 6000
!
end
TGN#tgn start
Step 1: Configure the Physical Interfaces
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 172.16.10.1 255.255.255.0
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#no shutdown
R1(config)#interface serial 1/0
R1(config-if)#ip address 172.16.12.1 255.255.255.0
R1(config-if)#bandwidth 800
R1(config-if)#clock rate 806400
R1(config-if)#no shutdown
R2(config)#interface serial 1/0
R2(config-if)#ip address 172.16.12.2 255.255.255.0
R2(config-if)#bandwidth 800
R2(config-if)#no shutdown
R2(config)#interface serial 1/1
R2(config-if)#ip address 172.16.23.2 255.255.255.0
R2(config-if)#bandwidth 128
R2(config-if)#clock rate 128000
R2(config-if)#no shutdown
R3(config)#interface fastEthernet 0/0
R3(config-if)#ip address 172.16.20.3 255.255.255.0
R3(config-if)#speed 100
R3(config-if)#duplex full
R3(config-if)#no shutdown
R3(config)#interface serial 1/1
R3(config-if)#ip address 172.16.23.3 255.255.255.0
R3(config-if)#bandwidth 128
R3(config-if)#no shutdown
Step 2: Configure EIGRP AS 1
R1(config)#router eigrp 1
R1(config-router)#network 172.16.0.0
R1(config-router)#no auto-summary
R2(config)#router eigrp 1
R2(config-router)#network 172.16.0.0
R2(config-router)#no auto-summary
R3(config)#router eigrp 1
R3(config-router)#network 172.16.0.0
R3(config-router)#no auto-summary
Step 3: Configure NBAR Protocol Discovery
For this lab, configure NBAR Protocol Discovery on the Fast Ethernet 0/0 interface on R1.
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nbar protocol-discovery
After protocol discovery has been enabled for a minute or two, you can see the information it has collected by using the command show ip nbar protocol-discovery.
R1#show ip nbar protocol-discovery
FastEthernet0/0
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
xwindows 62064 0
48379115 0
805000 0
805000 0
ssh 61900 0
48167807 0
802000 0
802000 0
http 61738 0
48385936 0
790000 0
790000 0
pop3 59695 0
46657660 0
779000 0
779000 0
telnet 59104 0
45967689 0
776000 0
776000 0
ntp 58480 0
45484441 0
760000 0
760000 0
ftp 57658 0
45128794 0
751000 0
751000 0
smtp 56541 0
43846921 0
724000 0
724000 0
eigrp 0 73
0 5402
0 0
0 0
Issue the show ip nbar port-map command to view the protocol-to-port mappings.
R1#show ip nbar port-map
port-map bgp udp 179
port-map bgp tcp 179
port-map bittorrent tcp 6881 6882 6883 6884 6885 6886 6887 6888 6889
port-map citrix udp 1604
port-map citrix tcp 1494
port-map cuseeme udp 7648 7649 24032
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map directconnect tcp 411 412 413
port-map dns udp 53
port-map dns tcp 53
port-map edonkey tcp 4662
port-map exchange tcp 135
port-map fasttrack tcp 1214
port-map finger tcp 79
port-map ftp tcp 21
port-map gnutella udp 6346 6347 6348
port-map gnutella tcp 6346 6347 6348 6349 6355 5634
port-map gopher udp 70
port-map gopher tcp 70
port-map h323 udp 1300 1718 1719 1720 11720
port-map h323 tcp 1300 1718 1719 1720 11000 - 11999
port-map http tcp 80
Step 4: Classify and Mark Packets
You will apply this QoS policy outbound on R1’s Serial 1/0 interface.
Create three traffic classes:
Critical: EIGRP or Network Time Protocol (NTP) traffic. These protocols are used for network control.
Interactive: Telnet, SSH, and XWindows traffic. These protocols are used for remote administration.
Web: HTTP, POP3, and SMTP traffic. These protocols are used for web and email access.
R1(config)#class-map match-any critical
R1(config-cmap)#match protocol eigrp
R1(config-cmap)#match protocol ntp
R1(config-cmap)#exit
R1(config)#class-map match-any interactive
R1(config-cmap)#match protocol telnet
R1(config-cmap)#match protocol ssh
R1(config-cmap)#match protocol xwindows
R1(config-cmap)#exit
R1(config)#class-map match-any web
R1(config-cmap)#match protocol http
R1(config-cmap)#match protocol pop3
R1(config-cmap)#match protocol smtp
You can verify created class-maps with the command show class-map.
R1#show class-map
Class Map match-any critical (id 1)
Match protocol eigrp
Match protocol ntp
Class Map match-any class-default (id 0)
Match any
Class Map match-any interactive (id 2)
Match protocol telnet
Match protocol ssh
Match protocol xwindows
Class Map match-any web (id 3)
Match protocol http
Match protocol pop3
Match protocol smtp
R1#
The next task will be to define the QoS policy in a policy map. Create a policy map in global configuration mode using the policy-map name command.
R1(config)#policy-map markingpolicy
Create a new policy named “markingpolicy” and set the IP Precedence for matched packets as follows:
Critical: Set the IP Precedence to Network Control, represented by the value 7.
Interactive: Set the IP Precedence to Critical, represented by the value 5.
Web: Set the IP Precedence to Flash, represented by the value 3.
All other traffic: Set the IP Precedence of all other traffic to Routine, represented by the value 0. This value is the default value for IP Precedence.
R1(config-pmap)#class critical
R1(config-pmap-c)#set precedence 7
R1(config-pmap-c)#exit
R1(config-pmap)#class interactive
R1(config-pmap-c)#set precedence 5
R1(config-pmap-c)#exit
R1(config-pmap)#class web
R1(config-pmap-c)#set precedence 3
R1(config-pmap-c)#exit
R1(config-pmap)#class class-default
R1(config-pmap-c)#set precedence 0
Verify the policy map configuration using the show policy-map command.
R1#show policy-map
Policy Map markingpolicy
Class critical
set precedence 7
Class interactive
set precedence 5
Class web
set precedence 3
Class class-default
set precedence 0
R1#
Finally, apply the configuration outbound towards R2 with the interface-level command service-policy direction name.
R1(config)#interface serial 1/0
R1(config-if)#service-policy output markingpolicy
Once a policy map is applied to an interface, you can use an extended form of the show policy-map command by issuing the show policy-map interface interface-name command.
R1#show policy-map interface serial 1/0
Serial1/0
Service-policy output: markingpolicy
Class-map: critical (match-any)
9610 packets, 7311800 bytes
5 minute offered rate 174000 bps, drop rate 0 bps
Match: protocol eigrp
11 packets, 704 bytes
5 minute rate 0 bps
Match: protocol ntp
9599 packets, 7311096 bytes
5 minute rate 174000 bps
QoS Set
precedence 7
Packets marked 9611
Class-map: interactive (match-any)
28569 packets, 22024085 bytes
5 minute offered rate 521000 bps, drop rate 0 bps
Match: protocol telnet
9012 packets, 6964728 bytes
5 minute rate 173000 bps
Match: protocol ssh
9745 packets, 7498818 bytes
5 minute rate 185000 bps
Match: protocol xwindows
9812 packets, 7560539 bytes
5 minute rate 183000 bps
QoS Set
precedence 5
Packets marked 28577
Class-map: web (match-any)
31023 packets, 23932926 bytes
5 minute offered rate 548000 bps, drop rate 0 bps
Match: protocol http
9418 packets, 7306815 bytes
5 minute rate 174000 bps
Match: protocol pop3
11005 packets, 8466185 bytes
5 minute rate 198000 bps
Match: protocol smtp
10600 packets, 8159926 bytes
5 minute rate 193000 bps
QoS Set
precedence 3
Packets marked 31026
Class-map: class-default (match-any)
8632 packets, 6644515 bytes
5 minute offered rate 158000 bps, drop rate 41216000 bps
Match: any
QoS Set
precedence 0
Packets marked 8629
R1#
Step 5: Shape Traffic and Queue with CBWFQ and LLQ
On R2, create a policy map to be applied on its Serial 1/1 interface.You must reclassify and mark EIGRP packets because each of the EIGRP packets is link-local traffic and the EIGRP packets which you marked on ingress at R1 were not sent to R2. The new packets for the link between R1 and R2 must now be classified by an access list or NBAR. However, any NTP packets traversing the link will already be marked with IP precedence 7. You should to treat EIGRP and NTP packets in the same traffic class for consistency.
R2(config)#class-map prec0
R2(config-cmap)#match precedence 0
R2(config-cmap)#exit
R2(config)#class-map prec3
R2(config-cmap)#match precedence 3
R2(config-cmap)#exit
R2(config)#class-map prec5
R2(config-cmap)#match precedence 5
R2(config-cmap)#exit
R2(config)#class-map match-any prec7
R2(config-cmap)#match precedence 7
R2(config-cmap)#match protocol eigrp
Next, create the QoS policy to shape and queue the traffic.
Create a policy named “llqpolicy” on R2. The policy should allocate 10 percent of traffic to the “prec7” traffic class, 15 percent to the “prec5” traffic class, 30 percent to the “prec3” traffic class, and 20 percent to the “prec0” traffic class. Expedite traffic that falls into the “prec7” traffic class. Also, select weighted fair-queuing as the queuing method in the default traffic class with the fair-queue command.
R2(config)#policy-map llqpolicy
R2(config-pmap)#class prec7
R2(config-pmap-c)#priority percent 10
R2(config-pmap-c)#exit
R2(config-pmap)#class prec5
R2(config-pmap-c)#bandwidth percent 15
R2(config-pmap-c)#exit
R2(config-pmap)#class prec3
R2(config-pmap-c)#bandwidth percent 30
R2(config-pmap-c)#exit
R2(config-pmap)#class prec0
R2(config-pmap-c)#bandwidth percent 20
R2(config-pmap-c)#exit
R2(config-pmap)#class class-default
R2(config-pmap-c)#fair-queue
Verify your QoS policy configuration using the show policy-map command.
R2#show policy-map
Policy Map llqpolicy
Class prec7
Strict Priority
Bandwidth 10 (%)
Class prec5
Bandwidth 15 (%) Max Threshold 64 (packets)
Class prec3
Bandwidth 30 (%) Max Threshold 64 (packets)
Class prec0
Bandwidth 20 (%) Max Threshold 64 (packets)
Class class-default
Flow based Fair Queueing
Bandwidth 0 (kbps) Max Threshold 64 (packets)
R2#
Use the same service-policy command from earlier to apply this policy map to the Serial 1/1 interface on R2 in an outbound direction.
R2(config)#interface serial 1/1
R2(config-if)#service-policy output llqpolicy
Verify using the interface-specific version of show policy-map.
R2#show policy-map interface serial 1/1
Serial1/1
Service-policy output: llqpolicy
Class-map: prec7 (match-any)
992 packets, 549517 bytes
5 minute offered rate 19000 bps, drop rate 18000 bps
Match: precedence 7
985 packets, 549069 bytes
5 minute rate 19000 bps
Match: protocol eigrp
7 packets, 448 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 40
Bandwidth 10 (%)
Bandwidth 12 (kbps) Burst 300 (Bytes)
(pkts matched/bytes matched) 974/546763
(total drops/bytes drops) 769/519823
Class-map: prec5 (match-all)
2755 packets, 1480664 bytes
5 minute offered rate 40000 bps, drop rate 6000 bps
Match: precedence 5
Queueing
Output Queue: Conversation 41
Bandwidth 15 (%)
Bandwidth 19 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 2737/1469251
(depth/total drops/no-buffer drops) 63/330/0
Class-map: prec3 (match-all)
2318 packets, 1225278 bytes
5 minute offered rate 36000 bps, drop rate 4000 bps
Match: precedence 3
Queueing
Output Queue: Conversation 42
Bandwidth 30 (%)
Bandwidth 38 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 2305/1221501
(depth/total drops/no-buffer drops) 1/42/0
Class-map: prec0 (match-all)
265 packets, 112776 bytes
5 minute offered rate 8000 bps, drop rate 0 bps
Match: precedence 0
Queueing
Output Queue: Conversation 43
Bandwidth 20 (%)
Bandwidth 25 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 265/112776
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
4 packets, 394 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 32
(total queued/total drops/no-buffer drops) 0/0/0
R2#
Challenge: Verifying IP Precedence
The topic of IP accounting is outside the scope of this curriculum. However, it is a useful tool for the verification of a marking policy. Issue the ip accounting precedence direction command in interface configuration mode to enable IP accounting on an interface. Apply this command on R3 for the Serial 1/1 interface that shows incoming markings from R2. View the accounting records for IP precedence by issuing the show interfaces precedence command.
R3(config)#interface serial 1/1
R3(config-if)#ip accounting precedence input
R3#show interfaces precedence
Serial1/1
Input
Precedence 0: 60 packets, 25724 bytes
Precedence 3: 750 packets, 326573 bytes
Precedence 5: 920 packets, 475399 bytes
Precedence 6: 2 packets, 128 bytes
Precedence 7: 80 packets, 9857 bytes
R3#
Final Configurations:
R1:
hostname R1
!
no ip domain lookup
!
class-map match-any critical
match protocol eigrp
match protocol ntp
class-map match-any interactive
match protocol telnet
match protocol ssh
match protocol xwindows
class-map match-any web
match protocol http
match protocol pop3
match protocol smtp
!
policy-map markingpolicy
class critical
set precedence 7
class interactive
set precedence 5
class web
set precedence 3
class class-default
set precedence 0
!
interface FastEthernet0/0
ip address 172.16.10.1 255.255.255.0
ip nbar protocol-discovery
speed 100
full-duplex
no shutdown
!
interface Serial1/0
bandwidth 800
ip address 172.16.12.1 255.255.255.0
clock rate 806400
service-policy output markingpolicy
no shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
!
line con 0
logging synchronous
!
end
R2:
hostname R2
!
no ip domain lookup
!
class-map match-all prec5
match precedence 5
class-map match-any prec7
match precedence 7
match protocol eigrp
class-map match-all prec0
match precedence 0
class-map match-all prec3
match precedence 3
!
policy-map llqpolicy
class prec7
priority percent 10
class prec5
bandwidth percent 15
class prec3
bandwidth percent 30
class prec0
bandwidth percent 20
class class-default
fair-queue
!
interface Serial1/0
bandwidth 800
ip address 172.16.12.2 255.255.255.0
no shutdown
!
interface Serial1/1
bandwidth 128
ip address 172.16.23.2 255.255.255.0
clock rate 128000
service-policy output llqpolicy
no shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
!
line con 0
logging synchronous
!
end
R3:
hostname R3
!
no ip domain lookup
!
interface FastEthernet0/0
ip address 172.16.20.3 255.255.255.0
speed 100
full-duplex
no shutdown
!
interface Serial1/1
bandwidth 128
ip address 172.16.23.3 255.255.255.0
ip accounting precedence input
no shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
!
line con 0
logging synchronous
!
end
TGN:
hostname TGN
!
no ip domain lookup
!
interface FastEthernet0/0
ip address 172.16.10.4 255.255.255.0
no shutdown
!
interface FastEthernet0/1
ip address 172.16.20.4 255.255.255.0
no shutdown
!
line con 0
logging synchronous
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Optimizing Converged Cisco Networks
Student Lab Manual
最初發表 / 最後更新: 2009.04.13 / 2018.06.14
0 comments:
張貼留言