In today's blog I'll be covering how Cisco marks traffic. While most people might turn NBAR on and run AutoQoS, that doesn't cut it for a CCIE. A deeper understanding of the tools and methodology is what separates the men from the boys.
Cisco's MQC was a long-overdue integration of multiple QoS configuration methods into a better organized set of processes. Now you have names that all start with "Class Based," which indicates you are configuring some QoS item with MQC. Those tool names include: CB Marking, CB Weighted Fair-Queuing, CB Shaping, CB Policing, and CB Header Compression.
MQC separates the marking functionality from the PHB (policy) function. This gives us 3 configuration areas in MQC: class maps for marking, policy maps for PHB setup, and the service-policy command to implement the policy config on an interface.
The class-map command uses the sub-command match to identify packets for marking. There are multiple syntax options for this command-
match [ip] precedence precedence_value [precedence_value precedence_value]
Matches IPv4 packets when the ip parameter is included, or IPv4 and IPv6 commands when not used
match access-group [access-group | name access-group-name]
Matches packets via an access list name or number
match any
match class-map class-map-name
Matches based on another class-map
match cos cos-value [cos-value cos-value]
Matches based on CoS value
match destination-address mac mac-address
Matches based on destination MAC address
match fr-dlci dlci-number
Matches based on Frame Relay DLCI number
match input-interface interface-name
Matches packets that ingress a particular interface
match [ip] dscp ip-dscp-value [ip-dscp-value ip-dscp-value]
Matches IPv4 packets only if ip command used; otherwise both IPv4 and v6 are matched.
match ip rtp starting-port-number port-range
The port-range option tells you how many ports are covered by this match; it is NOT the ending port number
match mpls experimental number
Matches an experimental number value
match mpls experimental topmost number
Used when multiple labels are applied to match only the topmost or outermost label EXP value
match not match-criteria
Reverses the matching logic
match packet length {max max-length-value [min minimum-length-value] | min minimum-length-value [ max max-length-value]}
Matches based on max length, minimum length, or both
match protocol citrix app app-name-string
Matches Citrix applications
match protocol http [ url url-string | host hostname-string | mime mime-type ]
Matches a hostname, URL, or MIME type
match protocol protocol-name
Matches an NBAR protocol type (hence, NBAR must be enabled)
match protocol rtp [ audio | video | payload-type payload-string ]
Matches RTP traffic based on the payload type (audio, video, etc)
match qos-group group-value
Matches a QoS group value, which is a locally defined value that offers additional flexibility for PHB setup. Basically you assign a value through a class map and can then identify those packets by the group value and perform special behavior modification on only them. Works well in a complex environment.
match source-address mac source-mac-address
Matches a source mac address for packets.
If you need to match >1 item in a packet to classify it, class maps can use multiple match commands as well as nest inside each other. Up to four (CoS or IPP) or eight (DSCP) values can be specified in a particular match cos, match precedence, or match dscp command, respectively.
match any is the default behavior on a class map. match all defines a logical AND for the match statements.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfmcli2.html#wp1020290
The above is a decent reference for MQC configuration, particularly syntax options that may appear on the test.
NBAR
NBAR helps to classify traffic, particularly where it is difficult to use normal methods to do so. Some examples include ephemeral ports, P2P file sharing, and MIME types. This is called deep packet inspection and looks beyond just the header information. Separately from QoS, NBAR functions include tracking traffic (counters) and use by the NAT process.
Class Based Marking
Major points to remember about CB Marking:
set [ip] precedence precedence-value
set [ip] dscp dscp-value
set cos cos-value
set qos-group group-id
set atm-clp
set fr-de
EXEC Command Reference for CB Marking
show policy-map policy-map-name
Shows the configuration information about a policy-map
show policy-map interface-spec [ input | output ] class class-name
Displays the statistics about a policy map that is enabled on an interface
Cisco's MQC was a long-overdue integration of multiple QoS configuration methods into a better organized set of processes. Now you have names that all start with "Class Based," which indicates you are configuring some QoS item with MQC. Those tool names include: CB Marking, CB Weighted Fair-Queuing, CB Shaping, CB Policing, and CB Header Compression.
MQC separates the marking functionality from the PHB (policy) function. This gives us 3 configuration areas in MQC: class maps for marking, policy maps for PHB setup, and the service-policy command to implement the policy config on an interface.
The class-map command uses the sub-command match to identify packets for marking. There are multiple syntax options for this command-
match [ip] precedence precedence_value [precedence_value precedence_value]
Matches IPv4 packets when the ip parameter is included, or IPv4 and IPv6 commands when not used
match access-group [access-group | name access-group-name]
Matches packets via an access list name or number
match any
match class-map class-map-name
Matches based on another class-map
match cos cos-value [cos-value cos-value]
Matches based on CoS value
match destination-address mac mac-address
Matches based on destination MAC address
match fr-dlci dlci-number
Matches based on Frame Relay DLCI number
match input-interface interface-name
Matches packets that ingress a particular interface
match [ip] dscp ip-dscp-value [ip-dscp-value ip-dscp-value]
Matches IPv4 packets only if ip command used; otherwise both IPv4 and v6 are matched.
match ip rtp starting-port-number port-range
The port-range option tells you how many ports are covered by this match; it is NOT the ending port number
match mpls experimental number
Matches an experimental number value
match mpls experimental topmost number
Used when multiple labels are applied to match only the topmost or outermost label EXP value
match not match-criteria
Reverses the matching logic
match packet length {max max-length-value [min minimum-length-value] | min minimum-length-value [ max max-length-value]}
Matches based on max length, minimum length, or both
match protocol citrix app app-name-string
Matches Citrix applications
match protocol http [ url url-string | host hostname-string | mime mime-type ]
Matches a hostname, URL, or MIME type
match protocol protocol-name
Matches an NBAR protocol type (hence, NBAR must be enabled)
match protocol rtp [ audio | video | payload-type payload-string ]
Matches RTP traffic based on the payload type (audio, video, etc)
match qos-group group-value
Matches a QoS group value, which is a locally defined value that offers additional flexibility for PHB setup. Basically you assign a value through a class map and can then identify those packets by the group value and perform special behavior modification on only them. Works well in a complex environment.
match source-address mac source-mac-address
Matches a source mac address for packets.
If you need to match >1 item in a packet to classify it, class maps can use multiple match commands as well as nest inside each other. Up to four (CoS or IPP) or eight (DSCP) values can be specified in a particular match cos, match precedence, or match dscp command, respectively.
match any is the default behavior on a class map. match all defines a logical AND for the match statements.
http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfmcli2.html#wp1020290
The above is a decent reference for MQC configuration, particularly syntax options that may appear on the test.
NBAR
NBAR helps to classify traffic, particularly where it is difficult to use normal methods to do so. Some examples include ephemeral ports, P2P file sharing, and MIME types. This is called deep packet inspection and looks beyond just the header information. Separately from QoS, NBAR functions include tracking traffic (counters) and use by the NAT process.
Class Based Marking
Major points to remember about CB Marking:
- It requires CEF
- It is applied using the subinterface command service-policy in | out policy-map-name
- CB marking is applied sequentially, like an ACL
- You can configure multiple set commands in a single class map to mark the packet in several fields (ex: CoS and DSCP)
- Packets that don't match a class are considered to match the class-default class
- If any class doesn't have a set command configured, packets matching that class won't be marked
set [ip] precedence precedence-value
set [ip] dscp dscp-value
set cos cos-value
set qos-group group-id
set atm-clp
set fr-de
EXEC Command Reference for CB Marking
show policy-map policy-map-name
Shows the configuration information about a policy-map
show policy-map interface-spec [ input | output ] class class-name
Displays the statistics about a policy map that is enabled on an interface
she or he carrying a golden-fringed cloak of green silk by means of which a crimson Download Videos Tips satin smock peeped at the openings. She responded to his questions, but she didn't inform him the entire fact; for, certainly, she would now not have enough money to.
ReplyDelete