QoS

Lab file

56KB

Challenge - QoS.yaml

Open

Startup configs

22KB

qos_initial_configs.zip

archive

Open

IP addressing, IGP in the core (ISIS), Segment Routing, IGP at the customer sites (OSPF), BGP vpnv4, PE-CE routing (which uses OSPF) is all pre-configured.

Configure the CEs to mark traffic on input from the C routers:
Protocol
Marking
ICMP
IPP2
Telnet
IPP3
SSH
IPP4
On both C routers, generate ICMP, telnet, and SSH traffic and verify that the IPP value is set correctly. Use the pre-configured policy-map applied to Gi1 of both C routers to verify hits on the correct IPP values. Telnet and SSH are already enabled on the C routers, however you need to generate the crypto key (crypto key gen rsa). The login is cisco/cisco.
In the service provider core, configure the following outbound queuing policy and apply to all core interfaces. Classification should be based on the EXP value. The IPP of the customer traffic is automatically mapped to the EXP value at the ingress PE.
IPP Value
Action
0
WFQ
2
Police at 256Kbps. If over 256Kbps but under 512Kbps, mark down to IPP0. If over 512Kbps, discard.
3
Allocate 5 Mbps of bandwidth gauranteed
4
LLQ with a policer set at 10 Mbps

Also ensure that a PE router will see the marking of the topmost label in the core. In case a P router changes the topmost label, we want the PE router to be able to use the topmost EXP value. Additionally ensure that the PE routers make egress queuing decisions towards the CEs based on the MPLS EXP and not the customer’s IP traffic.

Generate customer traffic again and verify hits on the policies on the core routers.

3. On PE1 and PE4 enforce 100M symmetrical bandwidth but continue using the queuing policy.

Answers

You can use NBAR (match protocol) or ACLs (match access-group) to match traffic. Use a policy-map to set the IPP value.

class-map ICMP
 match protocol icmp
!
class-map TELNET
 match protocol telnet
!
class-map SSH
 match protocol SSH
!
policy-map mark-traffic
 class ICMP
  set ip precedence 2
 class TELNET
  set ip precedence 3
 class SSH
  set ip precedence 4
!
int Gi1
 service-policy input mark-traffic

On the C routers, generate traffic and use the following command to ensure that traffic is being marked to the correct IPP value.

#C2
ping 1.1.1.1
telnet 1.1.1.1
ssh -l cisco 1.1.1.1

C1#show policy-map int gi1 | sec IPP2
    Class-map: IPP2 (match-all)  
      5 packets, 570 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 2 

C1#show policy-map int gi1 | sec IPP3
    Class-map: IPP3 (match-all)  
      30 packets, 1661 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 3 

C1#show policy-map int gi1 | sec IPP4
    Class-map: IPP4 (match-all)  
      21 packets, 2014 bytes
      5 minute offered rate 1000 bps
      Match: ip precedence 4

2. IOS-XE

class-map EXP2
 match mpls experimental topmost 2
!
class-map EXP3
 match mpls experimental topmost 3
!
class-map EXP4
 match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
 class EXP2
  police cir 256 k pir 512 k
   exceed-action set-prec-transmit 0
   violate-action drop
 !
 class EXP3
  bandwidth 5000
 !
 class EXP4
  priority 10000
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*

IOS-XR:

class-map EXP2
 match mpls experimental topmost 2
!
class-map EXP3
 match mpls experimental topmost 3
!
class-map EXP4
 match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
 class EXP2
  police rate 256 k peak-rate 512 k
   exceed-action set precedence 0
   violate-action drop
 class EXP3
  ! IOS-XRv is not allowing a min bandwidth. Instead just "do nothing."
 class EXP4
  priority level 1
  ! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
  ! Instead we manually add a policer
  police rate 10 m
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*

To ensure that the EXP value of the top (transport) label is received at the egress PE, you must advertise the prefix SID with an explicit null.

#PE1
segment-routing mpls
 set-attributes
  address-family ipv4
   explicit-null

P2#show mpls forwarding 1.1.1.1
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16001      explicit-n 1.1.1.1/32       137           Gi1        10.1.2.1


#PE4
router isis 1
 int lo0
  address-family ipv4 unicast
   prefix-sid index 4 explicit-null

RP/0/0/CPU0:P3#show mpls forwarding prefix 4.4.4.4/32
Wed Nov 16 14:22:43.135 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16004  Exp-Null-v4 SR Pfx (idx 4)     Gi0/0/0/0    10.3.4.4        0

To queue traffic outbound on the interface facing the CEs, the PEs must associate the EXP value with a QoS-group and then preform policy based on the QoS-group.

#PE1
policy-map EXP-TO-QOSGROUP
 class EXP2
  set qos-group 2
 class EXP3
  set qos-group 3
 class EXP4
  set qos-group 4
!
int Gi2
 service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
 match qos-group 2
!
class-map QOSGROUP3
 match qos-group 3
!
class-map QOSGROUP4
 match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
 class QOSGROUP2
  police cir 256 k pir 512 k
   exceed-action set-prec-transmit 0
   violate-action drop
 !
 class QOSGROUP3
  bandwidth 5000
 !
 class QOSGROUP4
  priority 10000
!
int Gi1
 service-policy output MPLS-CORE-OUTPUT-QOSGROUP

#PE4
policy-map EXP-TO-QOSGROUP
 class EXP2
  set qos-group 2
 class EXP3
  set qos-group 3
 class EXP4
  set qos-group 4
!
int Gi0/0/0/1
 service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
 match qos-group 2
!
class-map QOSGROUP3
 match qos-group 3
!
class-map QOSGROUP4
 match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
 class QOSGROUP2
  police rate 256 k peak-rate 512 k
   exceed-action set precedence 0
   violate-action drop
 class QOSGROUP3
 class QOSGROUP4
  priority level 1
  ! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
  ! Instead we manually add a policer
  police rate 10 m
!
int Gi0/0/0/0
 service-policy output MPLS-CORE-OUTPUT-QOSGROUP

3. On the PEs, create a service-policy that shapes and polices at 100M. On the shaper, nest the queuing policy.

#PE1 and PE4
policy-map 100M-POLICER
 class class-default
  police cir 100 m
!
policy-map 100M-SHAPER
 class class-default
  service-policy MPLS-CORE-OUTPUT-QOSGROUP
  shape average 100 m
!
int Gi1   ! int Gi0/0/0/0 for PE4
 no service-policy output MPLS-CORE-OUTPUT-QOSGROUP
 service-policy output 100M-SHAPER
 service-policy input 100M-POLICER

PreviousControl Plane Policing

Last updated 3 years ago