QoS配置案例 2020-06-27 网络 暂无评论 3147 次阅读 QOS 必要命令解释: ``` plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2 ``` cir为承诺的带宽速率,即需要保证的带宽速率,单位为bps; bc 为普通突发,单位为bytes; be为最高突发,单位为bytes; set-prec-transmit,表示设置IP优先级并转发 数据包; 上面整体命令解释为:承诺带宽365Mbps,普通突发为450Mbps,最高突发为500Mbps。当速率小于450Mbps是转发 数据包,当超过450Mbps小于500Mbps是重写IP优先级为3并转发数据包,当超过500Mbps是重写IP优先级为2并转发数据包。 一、描述 QOS:策略设置,一般分为几个步骤 第一:分类 流量 1.1.1、根据IP地址分类,配制的时候使用ACL访问控制列表 1.1.2、根据思科NBAR[nba:]来分类,它可以根据七层来识别 ``` Router(config)#class-map map名 Router(config-cmap)#match ? access-group Access group any Any packets class-map Class map cos IEEE 802.1Q/ISL class of service/user priority values destination-address Destination address input-interface Select an input interface to match ip IP specific values mpls Multi Protocol Label Switching specific values not Negate this match result protocol Protocol /NBAR qos-group Qos-group source-address Source address ``` 第二:标记 流量(marking) 标记可以基于二层ip precedenc(IP优先级)也可以基于三层DSCP来标记识别的流量 一般在标记的时候分为几大块:语音流、视频流、重要业务流、其它业务流分为从0-7这么几个级别 7和6保留0也 保留 级别 流量种类 dscp标记 实例 5 语音 ef voip 4 流媒体 af4x 视频会议等 3 业务流量 af3x ERP、SQL等办公系统 2 传统流量 af2x mail、ftp、web等 1 垃圾流量 af1x 抢占带宽的流量例:bt,迅雷,ppstream等 注:x代表 (1-9)是同一个级别内在分类 设置 ``` policy-map 名称 class-map 名称 set ip dscp {DSCP} set ip precedence {PRECEDENCE} set cos {COS} ``` 设置标记 第三:设置 策略 在policy-map下,匹配class-map后 ``` priority {Kbps|percent PERCENT} [bc] 定 义优先级流量的带宽以及突发流量 bandwidth {Kbps|percent PERCENT} 定义保留带宽 random- detect 启用WRED police {CIR BC BE} conform- action {action} exceed-action {action} [violated-action {action}] 使用令牌桶 限速 queue-limit {PACKETS} 定义队列中数据报的最大个数 service- policy {policy-name} 调用其它的策略进行嵌套 shape {average|peak} {CIR [BC] [BE]} 整 形 drop 丢弃 ``` 第四:在接口 上应用 ``` Router(config-if)#service- policy {input|output} {policy_map名字} input 设置在进口上 output 设置在出口上 ``` 二、拓扑 ![cisco-qos-experiment.jpg](https://blog.moper.net/usr/uploads/2020/06/706881661.jpg) 图 中,COM路由器接内网,ISP路由器是模拟的外网,R2属于边界路由器 三、实验说明 我 们在R2的s1/0和s1/1口上配制接口带宽为 16Kbit/s,然后在s1/0即进口上做标记, 标 记为,满足条件打20的标记,超出的打10的标记。 在s1/1出口上做策略对于打了10标记的流量,做相应的drop 四、配制 基本配制 ``` R1: interface Serial1/1 ip address 10.1.1.2 255.255.255.0 no sh ! ip route 20.1.1.0 255.255.255.0 10.1.1.1 R2: access-list 100 permit ip 10.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255 16000为带宽限制,2000为BC,3000为BE class-map in-put match access-group 100 exit policy-map in-put class in-put police 16000 2000 3000 conform-action set-dscp-transmit 20 exceed-action set-dscp-transmit 10 exit class-map out-put 对于超出的流量做drop match ip dscp 10 exit policy-map out-put class out-put police 8000 1500 3000 conform-action transmit exceed-action drop exit int s1/0 bandwidth 16 ip address 10.1.1.1 255.255.255.0 clock rate 64000 service-policy input in-put no sh ! interface Serial1/1 bandwidth 16 ip address 20.1.1.1 255.255.255.0 clock rate 64000 service-policy output out-put no sh ! R3: interface Serial1/0 ip address 20.1.1.2 255.255.255.0 no sh ! ip route 10.1.1.0 255.255.255.0 20.1.1.1 ! ``` 验证 ``` R1#ping ip Target IP address: 20.1.1.2 Repeat count [5]: 10 Datagram size [100]: 2000 Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 10, 2000-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds: !.!..!!.!! Success rate is 60 percent (6/10), round-trip min/avg/max = 204/457/596 ms R2#show policy-map Policy Map out-put Class out-put police cir 8000 bc 1500 be 3000 conform-action transmit exceed-action drop Policy Map in-put Class in-put police cir 16000 bc 2000 be 3000 conform-action set-dscp-transmit af22 exceed-action set-dscp-transmit af11 ``` 从`show policy-map`我们就可以知道,我们先前设置的 ``` police 16000 2000 3000 conform-action set-dscp-transmit 20 exceed-action set-dscp-transmit 10 police 8000 1500 3000 conform-action transmit exceed-action drop ``` 语名的意义 16000是CAR承诺接入速率 其中bc是令牌桶 be是当信令在bc放满后放到be中 ``` R2#show policy-map int s1/0 Serial1/0 Class-map: in-put (match-all) 405 packets, 460260 bytes 5 minute offered rate 1000 bps, drop rate 0 bps Match: access-group 100 police: cir 16000 bps, bc 2000 bytes conformed 175 packets, 137072 bytes; actions: set-dscp-transmit af22 exceeded 230 packets, 323188 bytes; actions: set-dscp-transmit af11 conformed 1000 bps, exceed 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any R2#show policy-map int s1/1 Serial1/1 Class-map: out-put (match-all) 165 packets, 231820 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp af11 (10) police: cir 8000 bps, bc 1500 bytes conformed 88 packets, 117892 bytes; actions: transmit exceeded 77 packets, 113928 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 261 packets, 122786 bytes 5 minute offered rate 1000 bps, drop rate 0 bps ``` 标签: cisco, qos 本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可。