8/12/2019 QoS Laboratory Guide

1/11

Laboratory to implement the NBAR QOS for IP Services

QoS: Differentiated Services

The Differentiated Services model provides the ability to classify network traffic and offermany levels of QoS while being highly scalable.

The Differentiated Services model describes services associated with trafficclasses.

Complex traffic classification and conditioning is performed at the network edge,resulting in a per-packet DSCP.

No per-flow state in the core.

The core only performs simple per-hop behaviors on traffic aggregates.

The goal is scalability.

DSCP Encoding:

DiffServ field: The IP version 4 header ToS octet or the IPv6 traffic class octet,when interpreted in conformance with the definition given in RFC 2474

DSCP: The first six bits of the DiffServ field, used to select a PHB (forwarding andqueuing method).

How Can a QoS Service Class Be Used to Implement a QoS Policy?

8/12/2019 QoS Laboratory Guide

2/11

QoS Baseline Expansion

Example Application:

8/12/2019 QoS Laboratory Guide

3/11

Configuring Classification Using IP Precedence

Configuring Classification Using DSCPrvice Classes:

class-map Voicematch ip dscp ef cs5!class-map Mission-Critical

match ip dscp af31 af32 af33 cs3!class-map Transactional (LABORATORY HTTP)

match ip dscp af21 af22 af23 cs2!

class-map Bulk

8/12/2019 QoS Laboratory Guide

4/11

match ip dscp af11 af12 af13 cs1!class-map Best-Effort

match ip dscp default

Configuring Class-Based Marking

class-map Well-known-servicesmatch access-group 100!class-map Unknown-services

match not class-mapWell-known-services!

policy-map set-DSCPclass Well-known-servicesset DSCP AF21class Unknown-servicesset DSCP 0!access-list 100 permit tcp any any lt 1024access-list 100 permit tcp any lt 1024 any!Interface ethernet 0/0

service-policy input set-DSCP

8/12/2019 QoS Laboratory Guide

5/11

Monitoring Class-Based Marking

Network-Based Application Recognition

NBAR solves the problem of how to classify modern client/server and web-based

applications.

NBAR performs the following functions:

Identification of applications and protocols (Layer 4 to Layer 7)

Protocol discovery

Provides traffic statistics

NBAR enables downstream actions based on QoS policies via random early

detection, class-based queuing, and policing, by selecting traffic which can then be

marked to trigger downstream per-hop behaviors.

New applications are easily supported by loading PDLM.

8/12/2019 QoS Laboratory Guide

6/11

NBAR Application Support

NBAR can classify applications that use: Statically assigned TCP and UDP port numbers

Non-UDP and non-TCP IP protocols

Dynamically assigned TCP and UDP port numbers negotiated during connection

establishment (requires stateful inspection)

Subport classification: classification of HTTP (URLs, MIME, or host names) and

Citrix applications (ICA traffic based on published application name)

Classification based on deep packet inspection and multiple application specific

attributes (RTP payload classification).

Protocol Discovery

Protocol discovery analyzes application traffic patterns in real time and discovers

which traffic is running on the network.

Provides bidirectional, per-interface, per-protocol statistics:

5-minute bit rate (bps)

Packet counts

8/12/2019 QoS Laboratory Guide

7/11

Byte counts.

Monitoring Protocol Discovery

QoS Implemented:

To implement the NBAR QOS:

We have Computer (desktop) with following configurations

1. Pentium 4 2.8 GHZ Intel Core 2 Duo.2. 3.0 GB DDR2 RAM3. 500 GB SATA HDD with 7500 RPM4 1 Realtek Fast Ethernet Card5. XP SP26. VMware Server or client 1.0.6

CUCM VM---------1. 512 MB of RAM2. 80 GB of HDD with files splited into 2GB files Size (helps in Memory management)

3. Ethernet Card - Custome VMNET1 HOST ONLY .Connected to HQ Router on GNS3.

Server de aplicaciones

8/12/2019 QoS Laboratory Guide

8/11

4. IP Address Subnet - 192.168.2.X 255.255.255.0 (/24)

XP VM-------1. 256 MB of RAM2. 80 GB of HDD with files splited into 2GB files Size (helps in Memory management)3. Ethernet Card - Custome VMNET2 HOST ONLY. Connected to Branch router on GNS3.4. IP Address Subnet - 10.10.210.X 255.255.255.0 (/24).

Config Router HQ:

================Would you like to enter the initial configuration dialog? [yes/no]: no

Router > en ; habilitar el router (de enable)Router > erase flash: ; borramos la flash, le damos " y "Router > format flash: ; formateo del disco interno del router le damos " y " dosvecesRouter > conf t ; configuracion del routerRouter(config) > hostname Inictel-HQ-RTRinictel-HQ-RTR (config) > no ip domain loinictel-HQ-RTR (config) > no logging console 0inictel-HQ-RTR (config) > line console 0inictel-HQ-RTR (config-line) > logging synchronousinictel-HQ-RTR (config-line) > exec-timeout 0 0inictel-HQ-RTR (config-line) > privilege level 15inictel-HQ-RTR (config-line) > exitinictel-HQ-RTR (config) > do wr ; grabamos la configuracion en la memoria flash?

inictel-HQ-RTR (config) > int lo 0inictel-HQ-RTR (config-if) > description *** HQ-RTR 10.10.32.1 ***inictel-HQ-RTR (config-if) > ip address 10.10.32.1 255.255.255.255inictel-HQ-RTR (config-if) > ip ospf network point-to-pointinictel-HQ-RTR (config-if) > no shut

inictel-HQ-RTR (config) > int f0/0inictel-HQ-RTR (config-if) > description *** Connected to CUCM ***inictel-HQ-RTR (config-if) > ip address 192.168.2.20 255.255.255.0inictel-HQ-RTR (config-if) > no shutinictel-HQ-RTR (config-if) > exit

inictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > int s0/0inictel-HQ-RTR (config-if) > description *** Connected to Port-1 FRSW ***inictel-HQ-RTR (config-if) > encapsulation frame-relay ietfinictel-HQ-RTR (config-if) > frame-relay lmi-type ansiinictel-HQ-RTR (config-if) > no shutinictel-HQ-RTR (config-if) > exitinictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > int s0/0.1 point-to-pointinictel-HQ-RTR (config-subif) > description *** Connected to BR-RTR Via FR ***inictel-HQ-RTR (config-subif) > ip address 10.10.33.1 255.255.255.128inictel-HQ-RTR (config-subif) > ip ospf mtu-ignoreinictel-HQ-RTR (config-subif) > frame-relay interface-dlci 102inictel-HQ-RTR (config-fr-dlci) > no shutinictel-HQ-RTR (config-subif) > exitinictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > do sh ip int bri ; para mostrar las interfaces y direcciones ip

inictel-HQ-RTR (config) > router ospf 1inictel-HQ-RTR (config-router) > log-adjacency-changesinictel-HQ-RTR (config-router) > network 10.10.32.1 0.0.0.0 area 0inictel-HQ-RTR (config-router) > network 192.168.2.0 0.0.0.255 area 0inictel-HQ-RTR (config-router) > network 10.10.33.0 0.0.0.127 area 0inictel-HQ-RTR (config-router) > exitinictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > do sh ip rou

8/12/2019 QoS Laboratory Guide

9/11

Probar conectividad:

inictel-HQ-RTR (config) > exitinictel-HQ-RTR > ping 192.168.2.3inictel-HQ-RTR > ping 10.10.210.20--------------------

inictel-HQ-RTR > conf tinictel-HQ-RTR (config) > class-map Match_HTTPSinictel-HQ-RTR (config-cmap) > match protocol secure-http

inictel-HQ-RTR (config-cmap) > exitinictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > policy-map Mark_HTTPSinictel-HQ-RTR (config-pmap) > class-map Match_HTTPSinictel-HQ-RTR (config-pmap-c) > set dscp af21inictel-HQ-RTR (config-pmap-c) > exitinictel-HQ-RTR (config) > do wr

inictel-HQ-RTR (config) > do show class-map conf tinictel-HQ-RTR (config) > do show policy-map

inictel-HQ-RTR (config) > int f0/0inictel-HQ-RTR (config-if) > ip nbar protocol-discoveryinictel-HQ-RTR (config-if) > load interval 60inictel-HQ-RTR (config-if) > service-policy input Mark_HTTPS

inictel-HQ-RTR (config-if) > exitinictel-HQ-RTR (config) > do wrinictel-HQ-RTR (config) > exit

inictel-HQ-RTR > show ip nbar protocol-discovery stats bit-rate top-n 5 .. para ver losinput y out

inictel-HQ-RTR > config tinictel-HQ-RTR (config) > alias exec traffic show ip nbar proinictel-HQ-RTR (config) > do wrinictel-HQ-RTR (config) > exitinictel-HQ-RTR > show ip nbar protocol-discovery stats bit-rate top-n 5

inictel-HQ-RTR > show aliaseswrinictel-HQ-RTR (config) > config t

inictel-HQ-RTR (config) > $ow ip nbar protocol-discovery stats bit-rate top-n 5inictel-HQ-RTR (config) > exitinictel-HQ-RTR > wrinictel-HQ-RTR > traffic .....varias veces para ver trafico cruzado http o ftpinictel-HQ-RTR > show ip nbar unclassified-port-stats 5inictel-HQ-RTR > debug ip nbar unclassified-port-statsinictel-HQ-RTR > show ip nbar unclassified-port-stats 5inictel-HQ-RTR > traffic

Config Router BR:================

Would you like to enter the initial configuration dialog? [yes/no]: no

Router > en ; habilitar el routerRouter > erase flash: ; borramos la flash

Router > format flash: ; formateo del disco interno del routerRouter > conf t ; configuracion del routerRouter(config) ># hostname inictel-BR-RTRinictel-BR-RTR (config) > no ip domain loinictel-BR-RTR (config) > no logging console 0inictel-BR-RTR (config) > line console 0inictel-BR-RTR (config-line) > logging synchronousinictel-BR-RTR (config-line) > exec-timeout 0 0inictel-BR-RTR (config-line) > privilege level 15inictel-BR-RTR (config-line) > do wr

inictel-BR-RTR (config) > int lo 0inictel-BR-RTR (config-if) > description *** BR-RTR 10.10.32.2 ***inictel-BR-RTR (config-if) > ip address 10.10.32.2 255.255.255.255inictel-BR-RTR (config-if) > ip ospf network point-to-point

inictel-BR-RTR (config-if) > no shut

8/12/2019 QoS Laboratory Guide

10/11

inictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr

inictel-BR-RTR (config) > int f0/0inictel-BR-RTR (config-if) > description *** Connected to XP ***inictel-BR-RTR (config-if) > ip address 10.10.210.1 255.255.255.0inictel-BR-RTR (config-if) > no shutinictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr

inictel-BR-RTR (config) > int s0/0inictel-BR-RTR (config-if) > description *** Connected to Port-2 FRSW ***inictel-BR-RTR (config-if) > encapsulation frame-relay ietfinictel-BR-RTR (config-if) > frame-relay lmi-type ansiinictel-BR-RTR (config-if) > no shutinictel-BR-RTR (config-if) > exitinictel-BR-RTR (config) > do wr

inictel-BR-RTR (config) > int s0/0.1 point-to-pointinictel-BR-RTR (config-subif) > description *** Connected to HQ-RTR Via FR ***inictel-BR-RTR (config-subif) > ip address 10.10.33.2 255.255.255.128inictel-BR-RTR (config-subif) > ip ospf mtu-ignoreinictel-BR-RTR (config-subif) > frame-relay interface-dlci 201inictel-BR-RTR (config-fr-dlci) > no shutinictel-BR-RTR (config-subif) > exit

inictel-BR-RTR (config) > do wr

inictel-BR-RTR (config) > do sh ip int briinictel-BR-RTR (config) > router ospf 1

inictel-BR-RTR (config-router) > log-adjacency-changesinictel-BR-RTR (config-router) > network 10.10.32.2 0.0.0.0 area 0inictel-BR-RTR (config-router) > network 10.10.33.0 0.0.0.127 area 0inictel-BR-RTR (config-router) > network 10.10.210.0 0.0.0.255 area 0inictel-BR-RTR (config-router) > exitinictel-BR-RTR (config) > do wr

inictel-BR-RTR (config) > do sh ip rou

Probar conectividad:

-------------------inictel-BR-RTR (config) > exitinictel-BR-RTR > ping 10.10.210.1inictel-BR-RTR > ping 10.10.210.20inictel-BR-RTR > ping 192.168.2.3

En XP:-----cmd:

ping 10.10.210.1ping 10.10.32.1ping 192.168.2.20ping 192.168.2.3tracert 192.168.2.3

Cisco Unified CM Console:=========================https://192.168.2.3username: cmmadminCUCM7 login: inictel

password: inicteluni

admin: show network eth0

admin: set network gateway 192.168.2.20

continue (y/n) y

admin: utils network ping 192.168.2.3

admin: utils network ping 192.168.2.20

admin: utils network ping 10.10.32.2

admin: utils network ping 10.10.210.1

8/12/2019 QoS Laboratory Guide

11/11

admin: utils network ping 10.10.210.20