Published 6月 14, 2018 by with 0 comment

CCNP-ONT-v5.0 Lab 4.6: Class-based Marking, Shaping, and Policing


Lab4-6.net file for Dynamips:

##################################################
#
# CCNP Version 5.0: Optimizing Converged Cisco Networks
# Lab 4.6 Class-based Marking, Shaping, and Policing
# By Happy Peter  http://blog.xuite.net/juilin77/happy
#
##################################################

autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.11.0/UTS/CCNP4/lab4-6/workingconfig/

[[2621]]
 # Specify 2621 IOS image on Linux here:
 image = /opt/dynamips/images/C2600-TS.BIN
 ram = 128
 # Choose an idlepc value from the below
 idlepc = 0x803f37cc
 mmap = true
 ghostios = true
 confreg = 0x2102

[[3725]]
# Specify 3725 IOS image on Linux here:
 image = /opt/dynamips/images/c3725-ad.bin
 ram = 256
 idlepc = 0x60bf8d58
 mmap = true
 ghostios = true
 confreg = 0x2102

###########################
#
# Define router instances 1
#
###########################

 [[Router R1]]
  model = 3725
  console = 2001

 [[Router R2]]
  model = 3725
  console = 2002
  slot1 = NM-4T

 [[Router R3]]
  model = 3725
  console = 2003
  slot1 = NM-4T
  s1/0 = R2 s1/0
  s1/1 = TGN s0/0

 [[Router SW1]]
  model = 3725
  console = 2004
  slot1 = NM-16ESW
  f1/1 = R1 f0/0
  f1/2 = R1 f0/1
  f1/3 = R2 f0/0
  f1/7 = TGN f0/0
  f1/8 = TGN f0/1

 [[Router TGN]]
  # tgn: 407554012371
  model = 2621
  console = 2005
  WIC0/0 = WIC-1T



Learning Objectives
‧ Mark packets with DSCP values
‧ Implement class-based TCP Header Compression
‧ Configure class-based traffic shaping and policing
‧ Create and apply nested service policies


Preparation:

ALS1:
ALS1(config)#no ip routing
ALS1(config)#no ip domain lookup
ALS1(config)#line console 0
ALS1(config-line)#logging synchronous

ALS1#vlan database
ALS1(vlan)#vlan 10 name VL10
ALS1(vlan)#vlan 20 name VL20
ALS1(vlan)#vlan 30 name VL30
ALS1(vlan)#apply
ALS1(vlan)#exit

ALS1(config)#interface fastEthernet 1/1
ALS1(config-if)#description To_R1F0/0
ALS1(config-if)#switchport mode access
ALS1(config-if)#switchport access vlan 10

ALS1(config)#interface fastEthernet 1/2
ALS1(config-if)#description To_R1F0/1   
ALS1(config-if)#switchport mode access  
ALS1(config-if)#switchport access vlan 30

ALS1(config)#interface fastEthernet 1/3
ALS1(config-if)#description To_R2F0/0   
ALS1(config-if)#switchport mode access  
ALS1(config-if)#switchport access vlan 20

ALS1(config)#interface fastEthernet 1/7
ALS1(config-if)#description To_TGNF0/0  
ALS1(config-if)#switchport mode trunk
ALS1(config-if)#switchport trunk encapsulation dot1q

ALS1(config)#interface fastEthernet 1/8         
ALS1(config-if)#description To_TGNF0/1             
ALS1(config-if)#switchport mode access             
ALS1(config-if)#switchport access vlan 30

TGN:
TGN(config)#no ip domain-lookup
TGN(config)#line con 0
TGN(config-line)#logg synchronous

TGN(config)#ip cef
TGN(config)#ip vrf PAGENT
TGN(config-vrf)#rd 100:1
TGN(config-vrf)#route-target both 1:100

TGN(config)#interface fastEthernet 0/0
TGN(config-if)#no shutdown

TGN(config)#interface fastEthernet 0/0.10
TGN(config-subif)#description Interface generating traffic
TGN(config-subif)#encapsulation dot1Q 10
TGN(config-subif)#ip vrf forwarding PAGENT
TGN(config-subif)#ip address 172.16.10.4 255.255.255.0

TGN(config)#interface fastEthernet 0/0.20
TGN(config-subif)#description capturing traffic
TGN(config-subif)#encapsulation dot1Q 20
TGN(config-subif)#ip vrf forwarding PAGENT
TGN(config-subif)#ip address 172.16.20.4 255.255.255.0

TGN(config)#interface fastEthernet 0/1
TGN(config-if)#ip address 172.16.14.4 255.255.255.0
TGN(config-if)#no shutdown

TGN(config)#interface serial 0/0
TGN(config-if)#ip address 172.16.34.4 255.255.255.0
TGN(config-if)#bandwidth 800
TGN(config-if)#no shutdown

TGN to start generating traffic.
TGN#tgn

Loading these configurations:
fastethernet0/0
add tcp
rate 1000
datalink ios-dependent fastethernet0/0.10
l2-arp-for 172.16.10.1
l3-src 172.16.10.4
l3-dest 172.16.20.4
l4-dest 23
length random 16 to 1500
burst on
burst duration off 1000 to 2000
burst duration on 1000 to 3000
add fastethernet0/0 1
l4-dest 80
data ascii 0 GET /index.html HTTP/1.1
add fastethernet0/0 1
l4-dest 21
add fastethernet0/0 1
l4-dest 123
add fastethernet0/0 1
l4-dest 110
add fastethernet0/0 1
l4-dest 25
add fastethernet0/0 1
l4-dest 22
add fastethernet0/0 1
l4-dest 6000
!
end

TGN#tgn start


Step 1: Configure the Physical Interfaces

R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 172.16.10.1 255.255.255.0
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#no shutdown

R1(config)#interface fastEthernet 0/1
R1(config-if)#ip address 172.16.14.1 255.255.255.0
R1(config-if)#speed 100
R1(config-if)#duplex full
R1(config-if)#no shutdown

R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 172.16.20.2 255.255.255.0
R2(config-if)#speed 100
R2(config-if)#duplex full
R2(config-if)#no shutdown

R2(config)#interface serial 1/0
R2(config-if)#ip address 172.16.23.2 255.255.255.0
R2(config-if)#clock rate 806400
R2(config-if)#bandwidth 800
R2(config-if)#no shutdown

R3(config)#interface serial 1/0
R3(config-if)#ip address 172.16.23.3 255.255.255.0    
R3(config-if)#bandwidth 800
R3(config-if)#no shutdown

R3(config)#interface serial 1/1
R3(config-if)#ip address 172.16.34.3 255.255.255.0
R3(config-if)#clock rate 806400
R3(config-if)#bandwidth 800
R3(config-if)#no shutdown


Step 2: Configure Routing
Establish adjacencies for routing with Open Shortest Path First (OSPF). Include all connected subnets within the 172.16.0.0/16 major network for all four routers.

R1(config)#router ospf 1
R1(config-router)#network 172.16.0.0 0.0.255.255 area 0

R2(config)#router ospf 1
R2(config-router)#network 172.16.0.0 0.0.255.255 area 0

R3(config)#router ospf 1
R3(config-router)#network 172.16.0.0 0.0.255.255 area 0

TGN(config)#router ospf 1
TGN(config-router)#network 172.16.0.0 0.0.255.255 area 0


Step 3: Mark Packets with DSCP
For this scenario, R1 will classify via NBAR and mark packets with the EF and AF DSCP markings. All QoS actions will be performed within the MQC, so you will need to create traffic classes on each router.
Classify traffic on R1 as follows:
Create three traffic classes:
Critical: OSPF or Network Time Protocol (NTP) traffic. These protocols are used for network control. Mark with DSCP value EF.
Interactive: Telnet, SSH, and X-Windows traffic. These protocols are used for remote administration. Mark with DSCP value AF41.
Web: HTTP, POP3, and SMTP traffic. These protocols are used for web and e-mail access. Mark with DSCP value AF32.

R1(config)#class-map match-any critical
R1(config-cmap)#match protocol ospf
R1(config-cmap)#match protocol ntp        

R1(config)#class-map match-any interactive
R1(config-cmap)#match protocol telnet        
R1(config-cmap)#match protocol ssh 
R1(config-cmap)#match protocol xwindows

R1(config)#class-map match-any web      
R1(config-cmap)#match protocol http   
R1(config-cmap)#match protocol pop3
R1(config-cmap)#match protocol smtp

Mark all other traffic with the default DSCP of 0. Create the QoS policy map named “markingpolicy” and apply it outbound towards R4 on the Fast Ethernet 0/1 interface.

R1(config)#policy-map markingpolicy
R1(config-pmap)#class critical
R1(config-pmap-c)#set dscp ef
R1(config-pmap-c)#exit
R1(config-pmap)#class interactive
R1(config-pmap-c)#set dscp af41
R1(config-pmap-c)#exit
R1(config-pmap)#class web
R1(config-pmap-c)#set dscp af32
R1(config-pmap-c)#exit
R1(config-pmap)#class class-default
R1(config-pmap-c)#set dscp default

R1(config)#interface fastEthernet 0/1
R1(config-if)#service-policy output markingpolicy

Verify the QoS configuration with the show policy-map command.

R1#show policy-map
  Policy Map markingpolicy
    Class critical
      set dscp ef
    Class interactive
      set dscp af41
    Class web
      set dscp af32
    Class class-default
      set dscp default

R1#show policy-map interface fastEthernet 0/1
 FastEthernet0/1

  Service-policy output: markingpolicy

    Class-map: critical (match-any)
      17135 packets, 13109986 bytes
      5 minute offered rate 280000 bps, drop rate 0 bps
      Match: protocol ospf
        21 packets, 1902 bytes
        5 minute rate 0 bps
      Match: protocol ntp
        17114 packets, 13108084 bytes
        5 minute rate 280000 bps
      QoS Set
        dscp ef
          Packets marked 17135

    Class-map: interactive (match-any)
      53024 packets, 40667677 bytes
      5 minute offered rate 836000 bps, drop rate 0 bps
      Match: protocol telnet
        17739 packets, 13584156 bytes
        5 minute rate 270000 bps
      Match: protocol ssh
        18320 packets, 14028533 bytes
        5 minute rate 299000 bps
      Match: protocol xwindows
        16965 packets, 13054988 bytes
        5 minute rate 280000 bps
      QoS Set
        dscp af41
          Packets marked 53027

    Class-map: web (match-any)
      50036 packets, 38407145 bytes
      5 minute offered rate 787000 bps, drop rate 0 bps
      Match: protocol http
        17332 packets, 13285103 bytes
        5 minute rate 277000 bps
      Match: protocol pop3
        16622 packets, 12819273 bytes
        5 minute rate 267000 bps
      Match: protocol smtp
        16082 packets, 12302769 bytes
        5 minute rate 261000 bps
      QoS Set
        dscp af32
          Packets marked 50039

    Class-map: class-default (match-any)
      16026 packets, 12168644 bytes
      5 minute offered rate 260000 bps, drop rate 0 bps
      Match: any
      QoS Set
        dscp default
          Packets marked 16009


Step 4: Configuring Class-Based Shaping
In this step, shape all traffic traveling from R4 to R3 across the serial link to a peak rate. Create a policy map and classify traffic only into the default class; then shape peak egress rate of the default class on R4.

TGN(config)#policy-map shapingpolicy
TGN(config-pmap)#class class-default
TGN(config-pmap-c)#shape peak 400000

TGN(config)#interface serial 0/0
TGN(config-if)#service-policy output shapingpolicy

Verify the configuration using the show commands for policy-maps.
TGN#show policy-map
  Policy Map shapingpolicy
    Class class-default
      Traffic Shaping
         Peak Rate Traffic Shaping
                 CIR 400000 (bps) Max. Buffers Limit 1000 (Packets)


TGN#show policy-map interface serial 0/0
 Serial0/0

  Service-policy output: shapingpolicy

    Class-map: class-default (match-any)
      3426 packets, 2624406 bytes
      5 minute offered rate 57000 bps, drop rate 135000 bps
      Match: any
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
           800000/400000    2500   10000     10000     25        2500   

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      68        773       484806    638       385515    yes
TGN#


Step 5: Configure Nested Service Policies
Create another policy (with appropriate classes) as shown below that shapes EF traffic to 40kbps, AF41 traffic should get 80kpbs, and AF32 traffic should get shaped to 120kbps. Apply this new policy inside the class configuration of the policy created in Step 4 using the service-policy name command.

TGN(config)#class-map ef
TGN(config-cmap)#match dscp ef

TGN(config)#class-map af41
TGN(config-cmap)#match dscp af41

TGN(config)#class-map af32
TGN(config-cmap)#match dscp af32

TGN(config)#policy-map innerpolicy
TGN(config-pmap)#class ef
TGN(config-pmap-c)#shape peak 40000
TGN(config-pmap-c)#exit
TGN(config-pmap)#class af41
TGN(config-pmap-c)#shape peak 80000
TGN(config-pmap-c)#exit
TGN(config-pmap)#class af32
TGN(config-pmap-c)#shape peak 120000

TGN(config)#policy-map shapingpolicy
TGN(config-pmap)#class class-default
TGN(config-pmap-c)#service-policy innerpolicy

!!!!!!!!!!!!! Dynamips does not support this, so use another way!!!!!

TGN(config)#class-map ef
TGN(config-cmap)#match dscp ef

TGN(config)#class-map af41
TGN(config-cmap)#match dscp af41

TGN(config)#class-map af32
TGN(config-cmap)#match dscp af32

TGN(config)# policy-map shapingpolicy
TGN(config-pmap)#class ef
TGN(config-pmap-c)#shape peak 40000
TGN(config-pmap-c)#exit
TGN(config-pmap-c)#class af41
TGN(config-pmap-c)#shape peak 80000
TGN(config-pmap-c)#exit
TGN(config-pmap-c)#class af32
TGN(config-pmap-c)#shape peak 120000
TGN(config-pmap-c)#exit
TGN(config-pmap-c)#class class-default
TGN(config-pmap-c)#shape peak 400000


Verify with the show policy-map command and the show policy-map interface serial 0/0 command.

TGN#show policy-map
TGN#show policy-map interface serial 0/0


Step 6: Configure Traffic Policing
Create a new policy map to police traffic passing from R3 to R2. Police the total rate of egress traffic exiting R3’s Serial 0/1 interface to 400 kbps.

R3(config)#policy-map policingpolicy
R3(config-pmap)#class class-default
R3(config-pmap-c)#police rate 400000 bps

R3(config)#interface serial 1/0
R3(config-if)#service-policy output policingpolicy


Step 7: Configure Class-Based TCP Header Compression
Configure TCP header compression on R4 for only AF32 traffic heading towards R3 using the existing policy-maps.

TGN(config)#policy-map innerpolicy
TGN(config-pmap)#class af32
TGN(config-pmap-c)#compression header ip tcp

!!!! Another way !!!
TGN(config)#policy-map shapingpolicy
TGN(config-pmap)#class af32
TGN(config-pmap-c)#compression header ip tcp

TGN#show policy-map interface


Final Configurations:
R1:
hostname R1
!
no ip domain lookup
!
class-map match-any critical
 match protocol ospf
 match protocol ntp
class-map match-any interactive
 match protocol telnet
 match protocol ssh
 match protocol xwindows
class-map match-any web
 match protocol http
 match protocol pop3
 match protocol smtp
!
policy-map markingpolicy
 class critical
  set dscp ef
 class interactive
  set dscp af41
 class web
  set dscp af32
 class class-default
  set dscp default
!
interface FastEthernet0/0
 ip address 172.16.10.1 255.255.255.0
 speed 100
 full-duplex
 no shutdown
!
interface FastEthernet0/1
 ip address 172.16.14.1 255.255.255.0
 speed 100
 full-duplex
 service-policy output markingpolicy
 no shutdown
!
router ospf 1
 network 172.16.0.0 0.0.255.255 area 0
!
line con 0
 logging synchronous
!
end


R2:
hostname R2
!
no ip domain lookup
!
interface FastEthernet0/0
 ip address 172.16.20.2 255.255.255.0
 speed 100
 full-duplex
 no shutdown
!
interface Serial1/0
 bandwidth 800
 ip address 172.16.23.2 255.255.255.0
 clock rate 806400
 no shutdown
!
router ospf 1
 network 172.16.0.0 0.0.255.255 area 0
!
line con 0
 logging synchronous
!
end


R3:
hostname R3
!
no ip domain lookup
!
policy-map policingpolicy
 class class-default
   police rate 400000 bps
!
interface Serial1/0
 bandwidth 800
 ip address 172.16.23.3 255.255.255.0
 service-policy output policingpolicy
 no shutdown
!
interface Serial1/1
 bandwidth 800
 ip address 172.16.34.3 255.255.255.0
 clock rate 806400
 no shutdown
!
router ospf 1
 network 172.16.0.0 0.0.255.255 area 0
!
line con 0
 logging synchronous
!
end


TGN:
hostname TGN
!
no ip domain lookup
!
ip vrf PAGENT
 rd 100:1
 route-target export 1:100
 route-target import 1:100
!       
ip cef
!
 class-map match-all af41
  match  dscp af41
 class-map match-all ef
  match  dscp ef
 class-map match-all af32
  match  dscp af32
!
 policy-map shapingpolicy
  class ef
   shape peak 40000
  class af41
   shape peak 80000
  class af32
   shape peak 120000
   compress header ip tcp
  class class-default
   shape peak 400000
 policy-map innerpolicy
  class ef
   shape peak 40000
  class af41
   shape peak 80000
  class af32
   shape peak 120000
   compress header ip tcp
!
interface FastEthernet0/0.10
 description Interface generating traffic
 encapsulation dot1Q 10
 ip vrf forwarding PAGENT
 ip address 172.16.10.4 255.255.255.0
 no shutdown
!
interface FastEthernet0/0.20
 description capturing traffic
 encapsulation dot1Q 20
 ip vrf forwarding PAGENT
 ip address 172.16.20.4 255.255.255.0
 no shutdown
!
interface Serial0/0
 bandwidth 800
 ip address 172.16.34.4 255.255.255.0
 service-policy output shapingpolicy
 no shutdown
!
interface FastEthernet0/1
 ip address 172.16.14.4 255.255.255.0
 no shutdown
!
router ospf 1
 network 172.16.0.0 0.0.255.255 area 0
!
line con 0
 logging synchronous
!
end


Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html

CCNP Version 5.0: Optimizing Converged Cisco Networks
Student Lab Manual


最初發表 / 最後更新: 2009.04.30 / 2018.06.14

0 comments:

張貼留言