qos laboratory guide
TRANSCRIPT
-
8/12/2019 QoS Laboratory Guide
1/11
Laboratory to implement the NBAR QOS for IP Services
QoS: Differentiated Services
The Differentiated Services model provides the ability to classify network traffic and offermany levels of QoS while being highly scalable.
The Differentiated Services model describes services associated with trafficclasses.
Complex traffic classification and conditioning is performed at the network edge,resulting in a per-packet DSCP.
No per-flow state in the core.
The core only performs simple per-hop behaviors on traffic aggregates.
The goal is scalability.
DSCP Encoding:
DiffServ field: The IP version 4 header ToS octet or the IPv6 traffic class octet,when interpreted in conformance with the definition given in RFC 2474
DSCP: The first six bits of the DiffServ field, used to select a PHB (forwarding andqueuing method).
How Can a QoS Service Class Be Used to Implement a QoS Policy?
-
8/12/2019 QoS Laboratory Guide
2/11
QoS Baseline Expansion
Example Application:
-
8/12/2019 QoS Laboratory Guide
3/11
Configuring Classification Using IP Precedence
Configuring Classification Using DSCPrvice Classes:
class-map Voicematch ip dscp ef cs5!class-map Mission-Critical
match ip dscp af31 af32 af33 cs3!class-map Transactional (LABORATORY HTTP)
match ip dscp af21 af22 af23 cs2!
class-map Bulk
-
8/12/2019 QoS Laboratory Guide
4/11
match ip dscp af11 af12 af13 cs1!class-map Best-Effort
match ip dscp default
Configuring Class-Based Marking
class-map Well-known-servicesmatch access-group 100!class-map Unknown-services
match not class-mapWell-known-services!
policy-map set-DSCPclass Well-known-servicesset DSCP AF21class Unknown-servicesset DSCP 0!access-list 100 permit tcp any any lt 1024access-list 100 permit tcp any lt 1024 any!Interface ethernet 0/0
service-policy input set-DSCP
-
8/12/2019 QoS Laboratory Guide
5/11
Monitoring Class-Based Marking
Network-Based Application Recognition
NBAR solves the problem of how to classify modern client/server and web-based
applications.
NBAR performs the following functions:
Identification of applications and protocols (Layer 4 to Layer 7)
Protocol discovery
Provides traffic statistics
NBAR enables downstream actions based on QoS policies via random early
detection, class-based queuing, and policing, by selecting traffic which can then be
marked to trigger downstream per-hop behaviors.
New applications are easily supported by loading PDLM.
-
8/12/2019 QoS Laboratory Guide
6/11
NBAR Application Support
NBAR can classify applications that use: Statically assigned TCP and UDP port numbers
Non-UDP and non-TCP IP protocols
Dynamically assigned TCP and UDP port numbers negotiated during connection
establishment (requires stateful inspection)
Subport classification: classification of HTTP (URLs, MIME, or host names) and
Citrix applications (ICA traffic based on published application name)
Classification based on deep packet inspection and multiple application specific
attributes (RTP payload classification).
Protocol Discovery
Protocol discovery analyzes application traffic patterns in real time and discovers
which traffic is running on the network.
Provides bidirectional, per-interface, per-protocol statistics:
5-minute bit rate (bps)
Packet counts
-
8/12/2019 QoS Laboratory Guide
7/11
Byte counts.
Monitoring Protocol Discovery
QoS Implemented:
To implement the NBAR QOS:
We have Computer (desktop) with following configurations
1. Pentium 4 2.8 GHZ Intel Core 2 Duo.2. 3.0 GB DDR2 RAM3. 500 GB SATA HDD with 7500 RPM4 1 Realtek Fast Ethernet Card5. XP SP26. VMware Server or client 1.0.6
CUCM VM---------1. 512 MB of RAM2. 80 GB of HDD with files splited into 2GB files Size (helps in Memory management)
3. Ethernet Card - Custome VMNET1 HOST ONLY .Connected to HQ Router on GNS3.
Server de aplicaciones
-
8/12/2019 QoS Laboratory Guide
8/11
4. IP Address Subnet - 192.168.2.X 255.255.255.0 (/24)
XP VM-------1. 256 MB of RAM2. 80 GB of HDD with files splited into 2GB files Size (helps in Memory management)3. Ethernet Card - Custome VMNET2 HOST ONLY. Connected to Branch router on GNS3.4. IP Address Subnet - 10.10.210.X 255.255.255.0 (/24).
Config Router HQ:
================Would you like to enter the initial configuration dialog? [yes/no]: no
Router > en ; habilitar el router (de enable)Router > erase flash: ; borramos la flash, le damos " y "Router > format flash: ; formateo del disco interno del router le damos " y " dosvecesRouter > conf t ; configuracion del routerRouter(config) > hostname Inictel-HQ-RTRinictel-HQ-RTR (config) > no ip domain loinictel-HQ-RTR (config) > no logging console 0inictel-HQ-RTR (config) > line console 0inictel-HQ-RTR (config-line) > logging synchronousinictel-HQ-RTR (config-line) > exec-timeout 0 0inictel-HQ-RTR (config-line) > privilege level 15inictel-HQ-RTR (config-line) > exitinictel-HQ-RTR (config) > do wr ; grabamos la configuracion en la memoria flash?
inictel-HQ-RTR (config) > int lo 0inictel-HQ-RTR (config-if) > description *** HQ-RTR 10.10.32.1 ***inictel-HQ-RTR (config-if) > ip address 10.10.32.1 255.255.255.255inictel-HQ-RTR (config-if) > ip ospf network point-to-pointinictel-HQ-RTR (config-if) > no shut
inictel-HQ-RTR (config) > int f0/0inictel-HQ-RTR (config-if) > description *** Connected to CUCM ***inictel-HQ-RTR (config-if) > ip address 192.168.2.20 255.255.255.0inictel-HQ-RTR (config-if) > no shutinictel-HQ-RTR (config-if) > exit
inictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > int s0/0inictel-HQ-RTR (config-if) > description *** Connected to Port-1 FRSW ***inictel-HQ-RTR (config-if) > encapsulation frame-relay ietfinictel-HQ-RTR (config-if) > frame-relay lmi-type ansiinictel-HQ-RTR (config-if) > no shutinictel-HQ-RTR (config-if) > exitinictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > int s0/0.1 point-to-pointinictel-HQ-RTR (config-subif) > description *** Connected to BR-RTR Via FR ***inictel-HQ-RTR (config-subif) > ip address 10.10.33.1 255.255.255.128inictel-HQ-RTR (config-subif) > ip ospf mtu-ignoreinictel-HQ-RTR (config-subif) > frame-relay interface-dlci 102inictel-HQ-RTR (config-fr-dlci) > no shutinictel-HQ-RTR (config-subif) > exitinictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > do sh ip int bri ; para mostrar las interfaces y direcciones ip
inictel-HQ-RTR (config) > router ospf 1inictel-HQ-RTR (config-router) > log-adjacency-changesinictel-HQ-RTR (config-router) > network 10.10.32.1 0.0.0.0 area 0inictel-HQ-RTR (config-router) > network 192.168.2.0 0.0.0.255 area 0inictel-HQ-RTR (config-router) > network 10.10.33.0 0.0.0.127 area 0inictel-HQ-RTR (config-router) > exitinictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > do sh ip rou
-
8/12/2019 QoS Laboratory Guide
9/11
Probar conectividad:
inictel-HQ-RTR (config) > exitinictel-HQ-RTR > ping 192.168.2.3inictel-HQ-RTR > ping 10.10.210.20--------------------
inictel-HQ-RTR > conf tinictel-HQ-RTR (config) > class-map Match_HTTPSinictel-HQ-RTR (config-cmap) > match protocol secure-http
inictel-HQ-RTR (config-cmap) > exitinictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > policy-map Mark_HTTPSinictel-HQ-RTR (config-pmap) > class-map Match_HTTPSinictel-HQ-RTR (config-pmap-c) > set dscp af21inictel-HQ-RTR (config-pmap-c) > exitinictel-HQ-RTR (config) > do wr
inictel-HQ-RTR (config) > do show class-map conf tinictel-HQ-RTR (config) > do show policy-map
inictel-HQ-RTR (config) > int f0/0inictel-HQ-RTR (config-if) > ip nbar protocol-discoveryinictel-HQ-RTR (config-if) > load interval 60inictel-HQ-RTR (config-if) > service-policy input Mark_HTTPS
inictel-HQ-RTR (config-if) > exitinictel-HQ-RTR (config) > do wrinictel-HQ-RTR (config) > exit
inictel-HQ-RTR > show ip nbar protocol-discovery stats bit-rate top-n 5 .. para ver losinput y out
inictel-HQ-RTR > config tinictel-HQ-RTR (config) > alias exec traffic show ip nbar proinictel-HQ-RTR (config) > do wrinictel-HQ-RTR (config) > exitinictel-HQ-RTR > show ip nbar protocol-discovery stats bit-rate top-n 5
inictel-HQ-RTR > show aliaseswrinictel-HQ-RTR (config) > config t
inictel-HQ-RTR (config) > $ow ip nbar protocol-discovery stats bit-rate top-n 5inictel-HQ-RTR (config) > exitinictel-HQ-RTR > wrinictel-HQ-RTR > traffic .....varias veces para ver trafico cruzado http o ftpinictel-HQ-RTR > show ip nbar unclassified-port-stats 5inictel-HQ-RTR > debug ip nbar unclassified-port-statsinictel-HQ-RTR > show ip nbar unclassified-port-stats 5inictel-HQ-RTR > traffic
Config Router BR:================
Would you like to enter the initial configuration dialog? [yes/no]: no
Router > en ; habilitar el routerRouter > erase flash: ; borramos la flash
Router > format flash: ; formateo del disco interno del routerRouter > conf t ; configuracion del routerRouter(config) ># hostname inictel-BR-RTRinictel-BR-RTR (config) > no ip domain loinictel-BR-RTR (config) > no logging console 0inictel-BR-RTR (config) > line console 0inictel-BR-RTR (config-line) > logging synchronousinictel-BR-RTR (config-line) > exec-timeout 0 0inictel-BR-RTR (config-line) > privilege level 15inictel-BR-RTR (config-line) > do wr
inictel-BR-RTR (config) > int lo 0inictel-BR-RTR (config-if) > description *** BR-RTR 10.10.32.2 ***inictel-BR-RTR (config-if) > ip address 10.10.32.2 255.255.255.255inictel-BR-RTR (config-if) > ip ospf network point-to-point
inictel-BR-RTR (config-if) > no shut
-
8/12/2019 QoS Laboratory Guide
10/11
inictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr
inictel-BR-RTR (config) > int f0/0inictel-BR-RTR (config-if) > description *** Connected to XP ***inictel-BR-RTR (config-if) > ip address 10.10.210.1 255.255.255.0inictel-BR-RTR (config-if) > no shutinictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr
inictel-BR-RTR (config) > int s0/0inictel-BR-RTR (config-if) > description *** Connected to Port-2 FRSW ***inictel-BR-RTR (config-if) > encapsulation frame-relay ietfinictel-BR-RTR (config-if) > frame-relay lmi-type ansiinictel-BR-RTR (config-if) > no shutinictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr
inictel-BR-RTR (config) > int s0/0.1 point-to-pointinictel-BR-RTR (config-subif) > description *** Connected to HQ-RTR Via FR ***inictel-BR-RTR (config-subif) > ip address 10.10.33.2 255.255.255.128inictel-BR-RTR (config-subif) > ip ospf mtu-ignoreinictel-BR-RTR (config-subif) > frame-relay interface-dlci 201inictel-BR-RTR (config-fr-dlci) > no shutinictel-BR-RTR (config-subif) > exit
inictel-BR-RTR (config) > do wr
inictel-BR-RTR (config) > do sh ip int briinictel-BR-RTR (config) > router ospf 1
inictel-BR-RTR (config-router) > log-adjacency-changesinictel-BR-RTR (config-router) > network 10.10.32.2 0.0.0.0 area 0inictel-BR-RTR (config-router) > network 10.10.33.0 0.0.0.127 area 0inictel-BR-RTR (config-router) > network 10.10.210.0 0.0.0.255 area 0inictel-BR-RTR (config-router) > exitinictel-BR-RTR (config) > do wr
inictel-BR-RTR (config) > do sh ip rou
Probar conectividad:
-------------------inictel-BR-RTR (config) > exitinictel-BR-RTR > ping 10.10.210.1inictel-BR-RTR > ping 10.10.210.20inictel-BR-RTR > ping 192.168.2.3
En XP:-----cmd:
ping 10.10.210.1ping 10.10.32.1ping 192.168.2.20ping 192.168.2.3tracert 192.168.2.3
Cisco Unified CM Console:=========================https://192.168.2.3username: cmmadminCUCM7 login: inictel
password: inicteluni
admin: show network eth0
admin: set network gateway 192.168.2.20
continue (y/n) y
admin: utils network ping 192.168.2.3
admin: utils network ping 192.168.2.20
admin: utils network ping 10.10.32.2
admin: utils network ping 10.10.210.1
-
8/12/2019 QoS Laboratory Guide
11/11
admin: utils network ping 10.10.210.20