Escolar Documentos
Profissional Documentos
Cultura Documentos
(http://labs.ine.com/workbook/toc/rsv5workbook) CCIE
R&S v5 Advanced Technology Labs QoS
MQC Classification and Marking
CONTENTS
ISATAP Tunneling (/workbook/view/rsv5workbook/task/isataptunnelingMjI4Nw%3D%3D) | MQC Bandwidth Reservations and
CBWFQ (/workbook/view/rsv5workbook/task/mqcbandwidthreservationsandcbwfqMjMwMw%3D%3D)
Last updated: April 2, 2015
Note:
You must load the initial configuration files for the section, QoS Initial, which can be found in
CCIE R&S v5 Topology Diagrams & Initial Configurations (http://labs.ine.com/workbook/view/rs
v5workbook/task/cciersv5topologydiagramsinitialconfigurationsMTk3Ng==). Reference
the Advanced Technology Labs With Addressing Diagram to complete this task.
Task
Configure an outbound MQC policy on R4’s Ethernet link to R5 according to the following requirements:
HTTP traffic from servers on VLAN 146 should be marked with an IP Precedence of 2.
VoIP packets with UDP ports in the destination range of 16384–32767 and a Layer 3 packet size of 60
bytes should be marked with DSCP EF.
ICMP packets larger than 1000 bytes should be marked with IP precedence of 0.
All other packets that come from any of R4’s links with an IP precedence of 0 should be remarked
with an IP precedence of 1.
Do not use an accesslist to classify ICMP packets.
Configuration Click to collapse
R4:
ip access‐list extended HTTP
permit tcp 155.1.146.0 0.0.0.255 eq www any
!
ip access‐list extended VOICE
permit udp any any range 16384 32767
!
class‐map HTTP
match access‐group name HTTP
CONTENTS
!
class‐map match‐all LARGE_ICMP
match protocol icmp
match packet length min 1001
!
class‐map match‐all VOICE
match access‐group name VOICE
match packet length min 60 max 60
!
class‐map match‐all SCAVENGER
match ip precedence 0
!
policy‐map ETHERNET_LINK_TO_R5
class VOICE
set ip dscp ef
class HTTP
set ip precedence 2
class LARGE_ICMP
set ip precedence 0
class SCAVENGER
set ip precedence 1
!
interface GigabitEthernet1.45
service‐policy output ETHERNET_LINK_TO_R5
Verification
The Modular Quality of Service Command Line Interface (MQC), also known as ClassBased Weighted Fair
Queueing (CBWFQ), unifies all IOS QoS features under a single interface. MQC allows the implementation of
a full suite of QoS tools, including classification, congestion management, traffic metering, marking, traffic
shaping, and link efficiency. The main advantage of using the MQC over the legacy methods is that multiple
QoS features can be applied to the same interface in the same direction. For example, with legacy QoS, you
cannot apply custom queueing and priority queueing at the same time, but with MQC you can.
Classification in MQC uses casesensitive classmaps (not to be confused with a framerelay mapclass) to
group criteria. Each classmap performs a logical AND (matchall) or a logical OR (matchany) on its criteria.
In other words, in a matchall classmap, all matches must be TRUE for the class to be TRUE. Classmaps
can be nested inside other maps to build complicated classification “ANDOR” logic gates. If multiple match
criteria appear on the same line (for example, match ip dscp, or match ip precedence), they are treated as a
logical OR match.
CONTENTS
Different IOS versions and platforms support different matches in the classmap, but as a general rule the
following classification criteria are supported:
Named and numbered accesslists: allows matching of IP addresses, TCP/UDP ports, IP protocol numbers,
etc.
Layer 3 packet length
Layer 2 addresses: source/destination MAC address, FrameRelay DLCI, etc.
Packet marking: Layer 2 CoS, Layer 3 DSCP/IP precedence, Frame Relay DE, ATM CLP, MPLS EXP, etc.
NetworkBased Application Recognition (NBAR)
Inverse logical matching (logical NOT)
Note
On recent versions of IOS and IOSXE, NBAR no longer classifies ICMP traffic originated from
pings by using the match protocol icmp syntax. In newer releases, match protocol ping is
required for the NBAR engine to properly match ICMP traffic originated from pings.
When you apply a logical NOT to a nested classmap or multiple criteria in a single line, De Morgan’s law
applies, where NOT (X AND Y) = (NOT X) OR (NOT Y), and NOT (X OR Y) = (NOT X) AND (NOT Y).
When classification is configured in a classmap, actions are defined for the different classes in a case
sensitive policymap. A policy map is an ordered list of classmaps with their corresponding actions, similar to
a routemap. The router matches packets entering/leaving the interface against all classmap entries in the
respective input/output policymap on the interface in a topdown fashion. This means that the first match in a
classmap is used for classification, which implies that the order of the classes called in the policymap is
significant. The policymap actions include marking, shaping, policing, assigning queue weight, compressing,
etc. Any unclassified traffic in a policymap falls into the classdefault category, which is covered in depth,
along with the policymap actions, in the following sections.
Pitfall
Correct traffic flow classification within the classmap, and the correct order of operations in the
policymap, is important in the implementation of an MQC policy. In this task, you are asked to
classify traffic flows from web servers in VLAN 146, which means that they will be using source port
80 in their responses to clients. Additionally, the SCAVENGER classmap, which matches IP
Precedence 0 traffic, may overlap other traffic classes, such as the HTTP class, which makes it
important that SCAVENGER is called last in the policymap to match any unclassified traffic up to
that point.
To verify this configuration, start by shutting down R5’s DMVPN Tunnel. Next, enable the HTTP server
service on R1 as well as HTTP authentication, and start transferring an IOS image from R1 to R8. Start an IP
SLA jitter operation on R6 to source “voicelike” packets with the G.729 codec (60 bytes each), and finally
send a large number of ICMP packets from R6 to R5, each larger than 1000 bytes. Also, be sure to tune down
CONTENTS
the load interval on R4's GigabitEthernet1 interface to get faster statistics.
R1:
username admin privilege 15 password cisco
ip http authentication local
ip http server
ip http path bootflash:
R4:
interface GigabitEthernet1
CONTENTS
load‐interval 30
R5:
interface Tunnel0
shutdown
!
ip sla responder
R6:
ip sla 1
udp‐jitter 155.1.45.5 16384 codec g729a control enable
threshold 1000
timeout 1000
frequency 1
!
ip sla schedule 1 life forever start‐time now
R8#copy http://admin:cisco@155.1.146.1/csr1000v‐mono‐universalk9.03.11.01.S.154‐1.S1‐std.SPA.pkg null:
Accessing http://*****:*****@155.1.146.1/csr1000v‐mono‐universalk9.03.11.01.S.154‐1.S1‐std.SPA.pkg...
Loading http://***********@155.1.146.1/csr1000v‐mono‐universalk9.03.11.01.S.154‐1.S1‐std.SPA.pkg !!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R6#ping 155.1.45.5 repeat 100 size 1004 timeout 0
Type escape sequence to abort.
Sending 100, 1004‐byte ICMP Echos to 155.1.45.5, timeout is 0 seconds:
.!..............!.................................!........!..........
........................!.....
Success rate is 5 percent (5/100), round‐trip min/avg/max = 1/1/3 ms
Check the statistics to see the policymap matches. Note that all MQC configurations use the same unified
syntax for configuration and verification.
R4#show policy‐map interface GigabitEthernet1.45
GigabitEthernet1.45
Service‐policy output: ETHERNET_LINK_TO_R5
Class‐map: VOICE (match‐all)
625 packets, 48750 bytes
30 second offered rate 13000 bps, drop rate 0000 bps
Match: access‐group name VOICE
CONTENTS
Match: packet length min 60 max 60
QoS Set
ip dscp ef
Marker statistics: Disabled
Class‐map: HTTP (match‐all)
6828 packets, 3821396 bytes
30 second offered rate 1019000 bps, drop rate 0000 bps
Match: access‐group name HTTP
QoS Set
ip precedence 2
Marker statistics: Disabled
Class‐map: LARGE_ICMP (match‐all)
100 packets, 102200 bytes
30 second offered rate 27000 bps, drop rate 0000 bps
Match: packet length min 1001
Match: protocol icmp
QoS Set
ip precedence 0
Marker statistics: Disabled
Class‐map: SCAVENGER (match‐all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: ip precedence 0
QoS Set
ip precedence 1
Marker statistics: Disabled
Class‐map: class‐default (match‐any)
3 packets, 234 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any
ISATAP Tunneling (/workbook/view/rsv5workbook/task/isataptunnelingMjI4Nw%3D%3D) | MQC Bandwidth
Reservations and CBWFQ (/workbook/view/rsv5workbook/task/mqcbandwidthreservationsandcbwfq
MjMwMw%3D%3D)