The (Unofficial) CCNP-SP Study Guide
  • About
    • About the Author
    • About This Study Guide
  • MPLS
    • LDP
      • LDP Transport Address
      • LDP Conditional Advertisement
      • LDP Authentication
      • LDP/IGP Sync
      • LDP Session Protection
    • MPLS-TE
      • MPLS-TE Basics, Pt. 1 (TED)
      • MPLS-TE Basics, Pt.2 (RSVP)
      • MPLS-TE Basics, Pt.3 (CSPF)
      • MPLS-TE Basics, Pt.4 (Routing)
      • MPLS-TE Fast Reroute (FRR)
      • MPLS-TE with OSPF
    • Unified MPLS
    • Segment Routing
      • Introduction, Theory Pt.1
      • Introduction, Lab (OSPF) Pt.2
      • Introduction, Lab (ISIS) Pt. 3
      • Multi-Area/Level Segment Routing
      • Segment Routing using BGP
      • Migrating LDP to SR
      • LDP/SR Interworking
      • TI-LFA Pt. 1 (Theory)
      • TI-LFA Pt. 2 (Implementation)
      • TI-LFA Pt. 3 (Node and SRLG Protection)
      • SR-TE Pt. 1 (Overview)
      • SR-TE Pt. 2 (Creating an SR-TE Policy)
      • SR-TE Pt. 3 (Using a PCE)
      • SR-TE Pt. 4 (Automated Steering)
      • SR-TE Pt. 5 (On-Demand Nexthop)
      • SR-TE Pt. 6 (Flex Algo)
    • MPLS OAM
      • Classic Traceroute Behavior in MPLS Networks
      • LSP Ping
      • LSP Traceroute
  • Routing
    • BGP
      • BGP Synchronization
      • BGP Load Sharing (Multipath)
      • An Intuitive Look at Path Attributes
      • AS Path Prepending on XE and XR
      • RPL
    • BGP Security
      • BGP TTL Security, Pt. 1
      • BGP TTL Security, Pt. 2 (IOS-XE)
      • BGP TTL Security, Pt. 3 (IOS-XR)
      • BGP MD5 Authentication
      • BGP Maximum Prefixes
      • BGP RFD (Route Flap Dampening)
      • RTBH
      • Flowspec
      • BGPsec
    • L3VPN
      • An In-Depth Look at RD and RT, Pt. 1
      • An In-Depth Look at RD and RT, Pt. 2
      • An In-Depth Look at RD and RT, Pt. 3
      • An In-Depth Look at RD and RT, Pt. 4
      • Inter-AS L3VPN Pt. 1, Overview
      • Inter-AS L3VPN Pt. 2, Option A
      • Inter-AS L3VPN Pt. 3, Option B
      • Inter-AS L3VPN Pt. 4, Option C
      • CSC (Carrier Supporting Carrier)
      • PE NAT
    • OSPF
      • Type 7 to Type 5 Translation
      • OSPF Authentication
      • Troubleshooting OSPF Adjacencies
      • OSPFv3 LSA Types
      • OSPFv3 LSAs Example (Single Area)
    • ISIS
      • The Potential for Asymmetric Routing with Multi-Area ISIS
      • Interarea Routing is Distance-Vector
      • Basic ISIS - LSPDB
      • Multitopology
      • What is the role of CLNS and CLNP in ISIS?
      • Troubleshooting ISIS Adjacencies
    • IPv6 Transition
      • Overview
      • NAT64
      • 6to4
      • 6RD (IPv6 Rapid Deployment)
      • DS Lite (Dual Stack Lite)
      • MAP (Mapping of Address and Port)
      • Tunneling IPv6 Dynamic Routing Protocols over IPv4
    • Multicast
      • Introduction
      • IP and MAC Addressing
      • Tree Formation and Packet Forwarding
      • IGMP
      • PIM-DM (Dense Mode)
      • PIM-SM (Sparse Mode)
      • PIM-SM SPT Switchover
      • PIM-SM Tunnel Interfaces
      • PIM DR and the Assert Message
      • PIM-SM RP Discovery
      • PIM-BiDir
      • PIM-SSM (Source-Specific Multicast)
      • Interdomain Multicast (PIM-SM)
      • IPv6 Multicast
      • mVPN Introduction
      • mVPN Profile 0
      • mVPN Profile 1
      • Multicast Routing on IOS-XR
  • L2VPN & Ethernet
    • IOS-XE Ethernet Services
      • Service Instances
      • E-Line
      • E-LAN (VPLS)
      • E-Tree
      • E-Access
      • VPLS with BGP Autodiscovery
      • Martini/Kompella Circuits
    • EVPN
      • Introduction to EVPN
      • Learning EVPN VXLAN First
      • E-Line (EVPN VPWS)
      • E-Line (EVPN VPWS) on IOS-XR
      • E-Line (EVPN VPWS) Multi-Homed
      • E-LAN (EVPN Single-Homed)
    • Carrier Ethernet
      • 802.1ah (MAC-in-MAC)
      • 802.3ah (Ethernet OAM)
      • 802.1ag (CFM)
      • Cisco REP (Resilient Ethernet Protocol)
      • ITU G.8032 ERPS (Ethernet Ring Protection Switching)
  • Security
    • CoPP (Control Plane Policing)
    • LPTS (Local Packet Transport Services)
  • Misc
    • QoS
      • QoS Introduction (Part 1)
      • QoS Tools Overview and QoS Models (Part 2)
      • QoS Classification and Marking (Part 3)
      • QoS Queuing/Congestion Management (Part 4)
      • QoS Shaping and Policing (Part 5)
      • QoS for IPv6
      • MPLS QoS Basics
      • MPLS QoS Modes
      • MPLS TE QoS (DS-TE)
      • MPLS TE CBTS/PBTS
    • Automation and Assurance
      • NSO
      • NSO Command Cheat Sheet
      • Intro to YANG/NETCONF
      • YANG In-Depth
      • NETCONF In-Depth
      • RESTCONF
      • Model-Driven Telemetry
      • Automation Tool Comparison
      • Netflow
      • SNMP
    • Virtualization
      • NFV (Network Function Virtualization)
      • OpenStack
    • Transport
      • xPON
      • SONET/SDH
      • WDM
      • 4G and 5G RAN
    • High Availability (HA)
      • NSF/GR
      • NSR
      • NSF/NSR Whitepapers
      • BFD
      • Link Aggregation on IOS-XE
      • Link Aggregation on IOS-XR
    • IOS Software Overview
  • Labs
    • Lab Challenges
      • How to Use These Labs
      • Basic LDP
      • Advanced LDP
      • BGP Security
      • Unified MPLS
      • BGP Fundamentals
      • Ethernet Services
      • L3VPN Extranet
      • Multicast
      • Inter-area OSPF
      • ISIS
      • MPLS-TE
      • Control Plane Policing
      • QoS
Powered by GitBook
On this page
  1. Labs
  2. Lab Challenges

QoS

PreviousControl Plane Policing

Last updated 2 years ago

Lab file

Startup configs

IP addressing, IGP in the core (ISIS), Segment Routing, IGP at the customer sites (OSPF), BGP vpnv4, PE-CE routing (which uses OSPF) is all pre-configured.

  1. Configure the CEs to mark traffic on input from the C routers:

    Protocol

    Marking

    ICMP

    IPP2

    Telnet

    IPP3

    SSH

    IPP4

    On both C routers, generate ICMP, telnet, and SSH traffic and verify that the IPP value is set correctly. Use the pre-configured policy-map applied to Gi1 of both C routers to verify hits on the correct IPP values. Telnet and SSH are already enabled on the C routers, however you need to generate the crypto key (crypto key gen rsa). The login is cisco/cisco.

  2. In the service provider core, configure the following outbound queuing policy and apply to all core interfaces. Classification should be based on the EXP value. The IPP of the customer traffic is automatically mapped to the EXP value at the ingress PE.

    IPP Value

    Action

    0

    WFQ

    2

    Police at 256Kbps. If over 256Kbps but under 512Kbps, mark down to IPP0. If over 512Kbps, discard.

    3

    Allocate 5 Mbps of bandwidth gauranteed

    4

    LLQ with a policer set at 10 Mbps

Also ensure that a PE router will see the marking of the topmost label in the core. In case a P router changes the topmost label, we want the PE router to be able to use the topmost EXP value. Additionally ensure that the PE routers make egress queuing decisions towards the CEs based on the MPLS EXP and not the customer’s IP traffic.

Generate customer traffic again and verify hits on the policies on the core routers.

3. On PE1 and PE4 enforce 100M symmetrical bandwidth but continue using the queuing policy.

Answers

  1. You can use NBAR (match protocol) or ACLs (match access-group) to match traffic. Use a policy-map to set the IPP value.

class-map ICMP
 match protocol icmp
!
class-map TELNET
 match protocol telnet
!
class-map SSH
 match protocol SSH
!
policy-map mark-traffic
 class ICMP
  set ip precedence 2
 class TELNET
  set ip precedence 3
 class SSH
  set ip precedence 4
!
int Gi1
 service-policy input mark-traffic

On the C routers, generate traffic and use the following command to ensure that traffic is being marked to the correct IPP value.

#C2
ping 1.1.1.1
telnet 1.1.1.1
ssh -l cisco 1.1.1.1

C1#show policy-map int gi1 | sec IPP2
    Class-map: IPP2 (match-all)  
      5 packets, 570 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 2 

C1#show policy-map int gi1 | sec IPP3
    Class-map: IPP3 (match-all)  
      30 packets, 1661 bytes
      5 minute offered rate 0000 bps
      Match: ip precedence 3 

C1#show policy-map int gi1 | sec IPP4
    Class-map: IPP4 (match-all)  
      21 packets, 2014 bytes
      5 minute offered rate 1000 bps
      Match: ip precedence 4

2. IOS-XE

class-map EXP2
 match mpls experimental topmost 2
!
class-map EXP3
 match mpls experimental topmost 3
!
class-map EXP4
 match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
 class EXP2
  police cir 256 k pir 512 k
   exceed-action set-prec-transmit 0
   violate-action drop
 !
 class EXP3
  bandwidth 5000
 !
 class EXP4
  priority 10000
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*

IOS-XR:

class-map EXP2
 match mpls experimental topmost 2
!
class-map EXP3
 match mpls experimental topmost 3
!
class-map EXP4
 match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
 class EXP2
  police rate 256 k peak-rate 512 k
   exceed-action set precedence 0
   violate-action drop
 class EXP3
  ! IOS-XRv is not allowing a min bandwidth. Instead just "do nothing."
 class EXP4
  priority level 1
  ! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
  ! Instead we manually add a policer
  police rate 10 m
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*

To ensure that the EXP value of the top (transport) label is received at the egress PE, you must advertise the prefix SID with an explicit null.

#PE1
segment-routing mpls
 set-attributes
  address-family ipv4
   explicit-null

P2#show mpls forwarding 1.1.1.1
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16001      explicit-n 1.1.1.1/32       137           Gi1        10.1.2.1


#PE4
router isis 1
 int lo0
  address-family ipv4 unicast
   prefix-sid index 4 explicit-null

RP/0/0/CPU0:P3#show mpls forwarding prefix 4.4.4.4/32
Wed Nov 16 14:22:43.135 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16004  Exp-Null-v4 SR Pfx (idx 4)     Gi0/0/0/0    10.3.4.4        0
   

To queue traffic outbound on the interface facing the CEs, the PEs must associate the EXP value with a QoS-group and then preform policy based on the QoS-group.

#PE1
policy-map EXP-TO-QOSGROUP
 class EXP2
  set qos-group 2
 class EXP3
  set qos-group 3
 class EXP4
  set qos-group 4
!
int Gi2
 service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
 match qos-group 2
!
class-map QOSGROUP3
 match qos-group 3
!
class-map QOSGROUP4
 match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
 class QOSGROUP2
  police cir 256 k pir 512 k
   exceed-action set-prec-transmit 0
   violate-action drop
 !
 class QOSGROUP3
  bandwidth 5000
 !
 class QOSGROUP4
  priority 10000
!
int Gi1
 service-policy output MPLS-CORE-OUTPUT-QOSGROUP
#PE4
policy-map EXP-TO-QOSGROUP
 class EXP2
  set qos-group 2
 class EXP3
  set qos-group 3
 class EXP4
  set qos-group 4
!
int Gi0/0/0/1
 service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
 match qos-group 2
!
class-map QOSGROUP3
 match qos-group 3
!
class-map QOSGROUP4
 match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
 class QOSGROUP2
  police rate 256 k peak-rate 512 k
   exceed-action set precedence 0
   violate-action drop
 class QOSGROUP3
 class QOSGROUP4
  priority level 1
  ! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
  ! Instead we manually add a policer
  police rate 10 m
!
int Gi0/0/0/0
 service-policy output MPLS-CORE-OUTPUT-QOSGROUP

3. On the PEs, create a service-policy that shapes and polices at 100M. On the shaper, nest the queuing policy.

#PE1 and PE4
policy-map 100M-POLICER
 class class-default
  police cir 100 m
!
policy-map 100M-SHAPER
 class class-default
  service-policy MPLS-CORE-OUTPUT-QOSGROUP
  shape average 100 m
!
int Gi1   ! int Gi0/0/0/0 for PE4
 no service-policy output MPLS-CORE-OUTPUT-QOSGROUP
 service-policy output 100M-SHAPER
 service-policy input 100M-POLICER
56KB
Challenge - QoS.yaml
22KB
qos_initial_configs.zip
archive