QOS

必要命令解释:

plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2

cir为承诺的带宽速率,即需要保证的带宽速率,单位为bps;
bc 为普通突发,单位为bytes;
be为最高突发,单位为bytes;
set-prec-transmit,表示设置IP优先级并转发 数据包;
上面整体命令解释为:承诺带宽365Mbps,普通突发为450Mbps,最高突发为500Mbps。当速率小于450Mbps是转发 数据包,当超过450Mbps小于500Mbps是重写IP优先级为3并转发数据包,当超过500Mbps是重写IP优先级为2并转发数据包。

一、描述
QOS:策略设置,一般分为几个步骤
第一:分类 流量
1.1.1、根据IP地址分类,配制的时候使用ACL访问控制列表
1.1.2、根据思科NBAR[nba:]来分类,它可以根据七层来识别

Router(config)#class-map map名
Router(config-cmap)#match ?
    access-group          Access group
    any                   Any packets
    class-map             Class map
    cos                   IEEE 802.1Q/ISL class of service/user priority values
    destination-address   Destination address
    input-interface       Select an input interface to match
    ip                    IP specific values
    mpls                  Multi Protocol Label Switching specific values
    not                   Negate this match result
    protocol              Protocol         /NBAR
    qos-group             Qos-group
    source-address        Source address

第二:标记 流量(marking)
标记可以基于二层ip precedenc(IP优先级)也可以基于三层DSCP来标记识别的流量
一般在标记的时候分为几大块:语音流、视频流、重要业务流、其它业务流分为从0-7这么几个级别
7和6保留0也 保留
级别 流量种类 dscp标记 实例
5 语音 ef voip
4 流媒体 af4x 视频会议等
3 业务流量 af3x ERP、SQL等办公系统
2 传统流量 af2x mail、ftp、web等
1 垃圾流量 af1x 抢占带宽的流量例:bt,迅雷,ppstream等
注:x代表 (1-9)是同一个级别内在分类
设置

policy-map 名称
  class-map 名称
      set ip dscp {DSCP}
      set ip precedence {PRECEDENCE}
      set cos {COS}

设置标记

第三:设置 策略
在policy-map下,匹配class-map后

priority {Kbps|percent PERCENT} [bc]    定 义优先级流量的带宽以及突发流量
bandwidth {Kbps|percent PERCENT}        定义保留带宽
random- detect                           启用WRED
police {CIR BC BE} conform- action {action} exceed-action {action} [violated-action {action}]  使用令牌桶 限速
queue-limit {PACKETS}                   定义队列中数据报的最大个数
service- policy {policy-name}            调用其它的策略进行嵌套
shape {average|peak} {CIR [BC] [BE]}    整 形
drop                                    丢弃

第四:在接口 上应用

Router(config-if)#service- policy {input|output} {policy_map名字}
  input    设置在进口上
  output   设置在出口上

二、拓扑
cisco-qos-experiment.jpg
图 中,COM路由器接内网,ISP路由器是模拟的外网,R2属于边界路由器

三、实验说明
我 们在R2的s1/0和s1/1口上配制接口带宽为 16Kbit/s,然后在s1/0即进口上做标记,
标 记为,满足条件打20的标记,超出的打10的标记。
在s1/1出口上做策略对于打了10标记的流量,做相应的drop
四、配制
基本配制

R1:
interface Serial1/1
 ip address 10.1.1.2 255.255.255.0
 no sh
!
ip route 20.1.1.0 255.255.255.0 10.1.1.1

R2:
access-list 100 permit ip 10.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255
16000为带宽限制,2000为BC,3000为BE
class-map in-put
 match access-group 100
exit
policy-map in-put
 class in-put
   police 16000 2000 3000 conform-action set-dscp-transmit 20 exceed-action set-dscp-transmit 10
exit
class-map out-put
对于超出的流量做drop
match ip dscp 10
exit
policy-map out-put
 class out-put
   police 8000 1500 3000 conform-action transmit  exceed-action drop
exit
int s1/0
 bandwidth 16
 ip address 10.1.1.1 255.255.255.0
 clock rate 64000
 service-policy input in-put
 no sh
!
interface Serial1/1
 bandwidth 16
 ip address 20.1.1.1 255.255.255.0
 clock rate 64000
 service-policy output out-put
 no sh
!
R3:

interface Serial1/0
 ip address 20.1.1.2 255.255.255.0
 no sh
!
ip route 10.1.1.0 255.255.255.0 20.1.1.1
!

验证

R1#ping ip
Target IP address: 20.1.1.2
Repeat count [5]: 10
Datagram size [100]: 2000
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10, 2000-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds:
!.!..!!.!!
Success rate is 60 percent (6/10), round-trip min/avg/max = 204/457/596 ms



R2#show policy-map
  Policy Map out-put
    Class out-put
     police cir 8000 bc 1500 be 3000
       conform-action transmit
       exceed-action drop

  Policy Map in-put
    Class in-put
     police cir 16000 bc 2000 be 3000
       conform-action set-dscp-transmit af22
       exceed-action set-dscp-transmit af11

show policy-map我们就可以知道,我们先前设置的

police 16000 2000 3000 conform-action set-dscp-transmit 20 exceed-action set-dscp-transmit 10
police 8000 1500 3000 conform-action transmit  exceed-action drop

语名的意义 16000是CAR承诺接入速率 其中bc是令牌桶 be是当信令在bc放满后放到be中

R2#show policy-map int s1/0
 Serial1/0

    Class-map: in-put (match-all)
      405 packets, 460260 bytes
      5 minute offered rate 1000 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 16000 bps, bc 2000 bytes
        conformed 175 packets, 137072 bytes; actions:
          set-dscp-transmit af22
        exceeded 230 packets, 323188 bytes; actions:
          set-dscp-transmit af11
        conformed 1000 bps, exceed 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
R2#show policy-map int s1/1
 Serial1/1

    Class-map: out-put (match-all)
      165 packets, 231820 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip dscp af11 (10)
      police:
          cir 8000 bps, bc 1500 bytes
        conformed 88 packets, 117892 bytes; actions:
          transmit
        exceeded 77 packets, 113928 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
      261 packets, 122786 bytes
      5 minute offered rate 1000 bps, drop rate 0 bps