We have all have seen QoS in our networking life. And from the deployment perspective many networks administrators complain is a technology too complex to use. The truth is that QoS can be as simple as you want and as complex as you don't want.
Now, lets start by saying that QoS is not a protocol but a concept. Quality-of-Service is a concept that has been applied in various methods from Layer2 to Layer 7.
Here I will generate an example that will cover the basics of two concepts: service policy and NBAR. Service policy allows us to do policing to an interface. NBAR or Network Based Application Recognition is a Cisco proprietary feature to detect application based on their signature (i.e. mime-type, header, etc).
This example goals are to do service policing having the end result of:
Now, lets start by saying that QoS is not a protocol but a concept. Quality-of-Service is a concept that has been applied in various methods from Layer2 to Layer 7.
Here I will generate an example that will cover the basics of two concepts: service policy and NBAR. Service policy allows us to do policing to an interface. NBAR or Network Based Application Recognition is a Cisco proprietary feature to detect application based on their signature (i.e. mime-type, header, etc).
This example goals are to do service policing having the end result of:
- Gold customers will have a (CIR) of the 50% of the interface bandwidth
- Telnet traffic that transit the selected interface from/to the management network will have a CIR of 128Kbps
- Everything else goes as normal
!
ip access-list standard CustomerA_Networks
remark CustomerA Networks
permit 10.10.10.0 0.0.0.255
!
ip access-list standard CustomerB_Networks
remark CustomerB Networks
permit 10.20.30.0 0.0.0.255
permit 192.168.45.0 0.0.0.255
!
ip access-list standard Management_Stations
remark IT LAN
permit 100.15.30.0 0.0.0.255
remark Ronald Workstation
permit host 100.16.1.30
!
Now, lets define our two classes:
!
class-map match-any Gold
match access-group name CustomerA_Networks
match access-group name CustomerB_Networks
!
class-map match-all Management
match protocol telnet
match access-group name Management_Stations
!
You should notice the "match-all" and "match-any" keyword before the name of the class. That is setting the "how to" do the "match"-ing. A "match-any" is a logical "OR", meaning, anyone of the statements should. A "match-all" is a logical "AND", meaning, all the statements must match.
You may also notice the "match protocol telnet". That is the "NBAR" part of the map. Instead of using an access-list I will do the matching using NBAR classification.
Now lets create the actual policy-map: (Note: This is an example policy-map not recommended for actual deployment).
!
policy-map GeneralPolicy
class Gold
shape average percent 50
class Management
police cir 128000
conform-action transmit
exceed-action drop
class class-default
fair-queue
random-detect
!
What we have accomplished here are exactly our goals. Now, some explanations are in place.
The first thing I want you to notice is that you can "shape" and "police" the traffic. In the real world you might not want to mix both. Remember, this is an example to present various general concepts in a concise matter. I could have used "shape" or "police" in both, the Gold and Management traffic and it would have work.
The "fair-queue" and "random-detect" entries at the default class is to allow for a better flow based weighted fair queuing (WFQ) and to use WRED (Weighted Random Early Detection) for packets discard during saturation of this class. I recommend both settings for class-default.
Now that we have all the elements, lets apply it to the interface. You can apply it in the outgoing or incoming direction.
!
interface FastEthernet1/0
description WAN Ethernet Link
ip address 10.200.50.15 255.255.255.0
ip nbar protocol-discovery
service-policy output GeneralPolicy
!
The "ip nbar protocol-discovery" is not needed for the NBAR magic for application classification. It just to maintain statistics of the applications discovered. Those can be seen with "show ip nbar protocol-discovery", The "service-policy" statement applies the policy-map we defined. In this case, in the outgoing direction.
You can verify the results with the "show policy-map interface FastEthernet1/0" command:
R2#sh policy-map interface f1/0
FastEthernet1/0
Service-policy output: GeneralPolicy
Class-map: Gold (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name CustomerA_Networks
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CustomerB_Networks
0 packets, 0 bytes
5 minute rate 0 bps
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
50 (%) 0 (ms) 0 (ms)
50000000/50000000 312500 1250000 1250000 25 156250
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no
Class-map: Management (match-all)
149 packets, 8437 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol telnet
Match: access-group name Management_Stations
police:
cir 128000 bps, bc 4000 bytes
conformed 149 packets, 8437 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
2387 packets, 231709 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 0/0/0
exponential weight: 9
class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 897/120692 0/0 0/0 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 1490/111017 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
At the colored entries you may see the results of our policy. You may also see the amount of packets that have been matched by the different classes.
For more information on NBAR visit this link. For information on shaping vs policing visit this link.
Hope you have found this example useful. If you have any comments, complains, questions on this topic, please post your comments below.
I never knew that Using QoS and NBAR can solve the problem of daily work..You've mentioned all the stuff in very good manner.Thanks for sharing this article with us.keep posting
ReplyDelete