1 / 66

H-QoS 設計のイメージ

H-QoS 設計のイメージ. C7604. QoS Action. QoS 分類. QoS Action (parent). QoS Action (child). QoS 分類. Int Vlan 10. MPLS VPN ユーザ. WAN I/F. LAN I/F. DSCP: EF. DSCP: EF & VLAN: 10. EXP: 5 (top most). VLAN: 10. DSCP: default ( CIR+BE 範囲内) DSCP: 1 ( CIR+BE 範囲外). Priority

dympna
Download Presentation

H-QoS 設計のイメージ

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. H-QoS 設計のイメージ C7604 QoS Action QoS 分類 QoS Action (parent) QoS Action (child) QoS 分類 Int Vlan 10 MPLS VPN ユーザ WAN I/F LAN I/F DSCP: EF DSCP: EF & VLAN: 10 EXP: 5 (top most) VLAN: 10 DSCP: default(CIR+BE範囲内) DSCP: 1 (CIR+BE範囲外) Priority Percent 10% Int Vlan 900 EoMPLS ユーザ VLAN: 900 & DSCP: AF41 Shape average 100Mb DSCP: CS4 Input VLAN:900 Gi 4/0/1 (E-MPB) Gi 4/1/1.90 (Sub I/F) DSCP: (default) VLAN: 900 Bandwidth 10Mb Input VLAN:800 Int Vlan 800 VPLS ユーザ Bandwidth 5Mb DSCP: CS3 VLAN: 800 & DSCP: AF41 VLAN: 800 COS: 1 ※Input I/F における、EoMPLS,VPLSユーザのQoS分類は本シナリオ上意味はありません。(動作確認目的)

  2. 検証結果に関する前提および制限事項 • Customer/Core I/F 共にSIP-400を想定 • ※当初、X6724などLAN LC系でも検討が進んでいた時期があり、一部動作確認を行い、ほぼ可能であることを確認(注) • 検証範囲として、SIP(CWAN)系 LC 利用環境におけるQoS の Classification、内部処理ならびに Marking の動作を確認するものであり、実際のQoS 精度については後日の確認とする (注)PFC QoSのPolicer上限は1024。SIP-400のPolicer上限は16K。

  3. 結論(検証結果に基づく) • MPLS-VPN(L3) と、EoMPLS/VPLS(L2) の設計を変える必要がある • E-MPB によりSIP-400 をLAN LC のSwitchport に似た設計が可能になるが、SIP-400 のSVI では動作する機能としないものがある • MPLS-VPN (L3 VPN) • ・Ingress でVLAN ID の識別に対応 (物理I/Fに対する設定可) • ※SIP-400の場合のみ検証 • ・Egress はExp bit(8段階) でのQoS 設計のみ対応(仕様) • ・Ingress にてPolicing を適用し、トラフィックの上限を制限 • ・上記Policing はBC,BE を超えたものについてマークダウン可能 • EoMPLS/VPLS (L2 VPN) • ・Ingress でVLAN ID の識別に対応 (物理I/Fに対する設定可) • ・Egress でIngress VLAN ID の参照が可能 (VPN毎の帯域制御が可能) • ・Ingress においてACLベースのClassify には非対応 • ・Ingress でDSCPベースのClassify に対応 (注)コア側のI/Fは常にSIP-400 を想定。

  4. 検証環境および 検証パターン

  5. 社内テスト環境 (MPLS-VPN) int vlan 10 (MPLS-VPN) int vlan 10 Egress QoS Egress QoS .1 10.10.1.0/30 .1 10.10.10.0/30 C7609 Gi9/2/0.91 Gi4/1/1.91 C7604 .2 .2 172.16.129.0/30 G4/0/1 G0/1 G0/1 G1/24 .2 172.16.128.0/30 .1 .1 .2 Gi9/2/0.90 Gi4/1/1.90 (EoMPLS VPN) int vlan 900 (EoMPLS VPN) int vlan 900 10.10.100.0/30 .1 .2 (VPLS) int vlan 800 (VPLS) int vlan 800 10.10.80.0/30 Cat 2960 Cat 3560 ToS: 184 = ef(46) 136 = af41(34)

  6. 動作確認構成 – C7609側 (config-if)#do show module Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL1206FDF5 5 2 Route Switch Processor 720 (Active) RSP720-3C-GE JAE1140YDUS 9 0 4-subslot SPA Interface Processor-400 7600-SIP-400 JAE1140Z0DO Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 1 001e.f7c9.50b4 to 001e.f7c9.50cb 3.1 12.2(18r)S1 12.2(33)SRD Ok 5 001c.584c.3398 to 001c.584c.339b 5.2 12.2(33r)SRB 12.2(33)SRD Ok 9 001b.d4d9.8820 to 001b.d4d9.889f 2.5 12.2(33)SRD 12.2(33)SRD Ok Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 1 Distributed Forwarding Card WS-F6700-DFC3C SAL1205ESY6 1.0 Ok 5 Policy Feature Card 3 7600-PFC3C JAE1140YY0C 1.1 Ok 5 C7600 MSFC4 Daughterboard 7600-MSFC4 JAE1139Y0SX 1.1 Ok 9/0 2xGE V2 SPA SPA-2X1GE-V2 JAE1133UAJL 1.0 Ok 9/1 2xGE V2 SPA SPA-2X1GE-V2 JAB112804Y6 1.0 Ok 9/2 2xGE V2 SPA SPA-2X1GE-V2 JAE1133UALI 1.0 Ok 9/3 2xGE V2 SPA SPA-2X1GE-V2 JAE1133UAII 1.0 Ok (config-if)#do show ver Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9- M), Version 12.2(33)SRD, RELEASE SOFTWARE (fc2) (snip) ※C7604はRSPとSIP-400のみで構成

  7. QoS 検証パターン① • Ingress LC がLAN系(6724)の場合 • - VLAN 情報を基にトラフィックを分類する方法の確認(検証1-2) • - Input Policer がVLAN I/F で動作することの確認(検証3) • - 上記VLAN I/F において、Policer によるQoS マークダウンが可能なことの確認(検証4) • Ingress LC がCWAN系(SIP-400)の場合 • - 上記「検証4」について、Ingress VLAN I/F での動作を確認(結果:動作しない) (検証5) • - 物理I/F および Sub-I/F に対して、match vlan、および match ip dscp でのclassify が可能なことを確認(検証6) • - 物理 I/F およびSub-I/F に対して、Mark down のPolicing を目的としたQoS設定を行い、Egress I/F のマッチングにて動作を確認(検証7) • (次スライドへ)

  8. QoS 検証パターン② • Ingress LC がCWAN系(SIP-400)の場合 (前スライドの続き) • - MPLS-VPN トラフィックに対して、DSCP および VLAN ID によるclassify の動作を確認 (検証8) • - MPLS-VPN トラフィックに対して、VLAN ID のみによるclassify の動作を確認 (検証9) • - EoMPLS トラフィックに対して、DSCP および VLAN ID によるclassify およびEgress でのマッチングの動作を確認 (検証10) • - EoMPLS トラフィックに対して、VLAN ID のみによるclassify およびEgress でのマッチングの動作を確認 (検証11) • - VPLS トラフィックに対して、DSCP および VLAN ID によるclassify およびEgress でのマッチングの動作を確認 (検証12) • - VPLS トラフィックに対して、VLAN ID のみによるclassify およびEgress でのマッチングの動作を確認 (検証13)

  9. 検証パターン① Ingress I/F が 6724の 場合

  10. (1) mls qos vlan-based 無し (1) • 目的 VLAN ベース QoS の設定を行わない状態において、 物理 I/F に対して設定された Service Policy では、Input Packet に対して VLAN 情報を基に QoS を適用できないことを確認

  11. (1) mls qos vlan-based 無し (1) (config-if)#do show run int gi1/24 Building configuration... Current configuration : 198 bytes ! interface GigabitEthernet1/24 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk end (config-if)#do show run int vlan 10 Building configuration... Current configuration : 91 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.10.2 255.255.255.252 end (config-if)#do show class-map INPUT_TEST Class Map match-all INPUT_TEST (id 8) Match vlan 10 (config-if)#do show policy-map INPUT_TEST Policy Map INPUT_TEST Class INPUT_TEST police cir 100000 bc 12500 conform-action transmit exceed-action drop (config-if)# (config-if)# int gi1/24 (config-if)# service-policy input INPUT_TEST Match vlan is not supported for this interface (config-if)# Match VLAN が設定できないため、VLAN 毎に (カスタマーのアドレスをケアせずに) 物理 I/F に対してService Policy を適用することは不可能

  12. (2) mls qos vlan-based 無し (2) • 目的 VLAN ベース QoS の設定を行わない状態において、VLAN I/F に対して設定された Service Policy は動作しないことを確認

  13. (2) mls qos vlan-based 無し (2) • 設定 (config-if)#do show run int gi1/24 Building configuration... Current configuration : 198 bytes ! interface GigabitEthernet1/24 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk switchport nonegotiate spanning-tree portfast trunk end (config-if)#do show run int vlan 10 Building configuration... Current configuration : 124 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.10.2 255.255.255.252 service-policy input INPUT_TEST end (config-if)#do show class-map INPUT_TEST Class Map match-all INPUT_TEST (id 8) Match any (config-if)#do show policy-map INPUT_TEST Policy Map INPUT_TEST Class INPUT_TEST police cir 100000 bc 12500 conform-action transmit exceed-action drop (config-if)#

  14. (2) mls qos vlan-based 無し (2) • 結果 (config-if)#do show policy-map inter vlan 10 Vlan10 Service-policy input: INPUT_TEST class-map: INPUT_TEST (match-all) Match: any police : 96000 bps 12000 limit 12000 extended limit Earl in slot 1 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 5 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps (config-if)# Cat3560#ping ip Target IP address: 10.10.1.1 Repeat count [5]: 1000 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 300-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/9 ms Cat3560#

  15. (3) mls qos vlan-based 有り (1) • 目的 VLAN ベース QoS の設定において、入力側 VLAN I/F にてPolicing が動作することを確認

  16. (3) mls qos vlan-based 有り (1) • 設定 (config-if)#do show run int gi1/24 Building configuration... Current configuration : 218 bytes ! interface GigabitEthernet1/24 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk switchport nonegotiate mls qos vlan-based spanning-tree portfast trunk end (config-if)#do show run int vlan 10 Building configuration... Current configuration : 124 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.10.2 255.255.255.252 service-policy input INPUT_TEST end (config-if)#do show class-map INPUT_TEST Class Map match-all INPUT_TEST (id 8) Match any (config-if)#do show policy-map INPUT_TEST Policy Map INPUT_TEST Class INPUT_TEST police cir 100000 bc 12500 conform-action transmit exceed-action drop (config-if)#

  17. (3) mls qos vlan-based 有り (1) • 結果 (config-if)#do show policy-map inter vlan 10 Vlan10 Service-policy input: INPUT_TEST class-map: INPUT_TEST (match-all) Match: any police : 96000 bps 12000 limit 12000 extended limit Earl in slot 1 : 318000 bytes 5 minute offered rate 6888 bps aggregate-forwarded 311004 bytes action: transmit exceeded 6996 bytes action: drop aggregate-forward 0 bps exceed 0 bps Earl in slot 5 : 0 bytes 5 minute offered rate 0 bps aggregate-forwarded 0 bytes action: transmit exceeded 0 bytes action: drop aggregate-forward 0 bps exceed 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps (config-if)# Cat3560#ping ip Target IP address: 10.10.1.1 Repeat count [5]: 1000 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 300-byte ICMP Echos to 10.10.1.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!.!!! Success rate is 97 percent (978/1000), round-trip min/avg/max = 1/3/34 ms Cat3560#

  18. (4) mls qos vlan-based 有り (2) • 目的 VLAN ベース QoS の設定において、入力側 VLAN I/F にて (指定した帯域を超えた場合に)QoS マーキング が動作することを確認

  19. (4) mls qos vlan-based 有り (2) • 設定(Input 側) (config)#do show run int gi1/24 Building configuration... Current configuration : 218 bytes ! interface GigabitEthernet1/24 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 10 switchport mode trunk switchport nonegotiate mls qos vlan-based spanning-tree portfast trunk (config)#do show run int vlan 10 Building configuration... Current configuration : 124 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.10.2 255.255.255.252 load-interval 30 service-policy input INPUT_MARK (config)# (config)#do show access-list HOST-A Extended IP access list HOST-A 10 permit ip any host 10.10.1.1 (2 matches) (config)#do show access-list HOST-B Extended IP access list HOST-B 10 permit ip any host 10.10.1.2 (config)#do show class-map TO-HOST-A Class Map match-all TO-HOST-A (id 10) Match access-group name HOST-A (config)#do show class-map TO-HOST-B Class Map match-all TO-HOST-B (id 11) Match access-group name HOST-B (config)#do show policy-map INPUT_MARK Policy Map INPUT_MARK Class TO-HOST-A police cir 100000 bc 12500 be 12500 conform-action set-dscp-transmit ef exceed-action transmit violate-action transmit Class TO-HOST-B police cir 100000 bc 12500 be 12500 conform-action set-dscp-transmit af41 exceed-action policed-dscp-transmit violate-action policed-dscp-transmit (config)#do show run | inc max-burst mls qos map policed-dscp max-burst 34 46 to 9 (config)#

  20. (4) mls qos vlan-based 有り (2) • 結果(Input 側(1)) Cat3560#ping ip Target IP address: 10.10.1.2 → Host_B Repeat count [5]: 1000 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 300-byte ICMP Echos to 10.10.1.2, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/92/806 ms Cat3560#

  21. (4) mls qos vlan-based 有り (2) • 結果(Input 側 (2)) (config)#do show policy-map inter vlan 10 Vlan10 Service-policy input: INPUT_MARK class-map: TO-HOST-A (match-all) Match: access-group name HOST-A police : 96000 bps 12000 limit 12000 extended limit Earl in slot 1 : 0 bytes 30 second offered rate 0 bps aggregate-forwarded 0 bytes action: set-dscp-transmit exceeded 0 bytes action: transmit aggregate-forward 0 bps exceed 0 bps Earl in slot 5 : 0 bytes 30 second offered rate 0 bps aggregate-forwarded 0 bytes action: set-dscp-transmit exceeded 0 bytes action: transmit aggregate-forward 0 bps exceed 0 bps class-map: TO-HOST-B (match-all) Match: access-group name HOST-B police : 96000 bps 12000 limit 12000 extended limit Earl in slot 1 : 318000 bytes 30 second offered rate 11960 bps aggregate-forwarded 318000 bytes action: set-dscp-transmit exceeded 77592 bytes action: policed-dscp-transmit aggregate-forward 0 bps exceed 0 bps Earl in slot 5 : 0 bytes 30 second offered rate 0 bps aggregate-forwarded 0 bytes action: set-dscp-transmit exceeded 0 bytes action: policed-dscp-transmit aggregate-forward 0 bps exceed 0 bps Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any 0 packets, 0 bytes 30 second rate 0 bps (config)#

  22. (4) mls qos vlan-based 有り (2) • 結果(Output 側 (3)) (config)#do show policy-map inter gi9/2/0.90 GigabitEthernet9/2/0.90 Service-policy output: OUTPUT_PARENT Counters last updated 00:00:00 ago Class-map: class-default (match-any) 1122 packets, 331907 bytes 30 second offered rate 5000 bps, drop rate 0000 bps Match: any Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1124/332067 bandwidth 100000 kbps Service-policy : OUTPUT_TEST Counters last updated 00:00:00 ago queue stats for all priority classes: Queueing priority level 1 queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 queue stats for all priority classes: Queueing priority level 2 queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 756/243432 Class-map: EXP-5 (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: mpls experimental topmost 5 Priority: 10000 kbps, burst bytes 250000, b/w exceed drops: 0 Priority Level: 1 Class-map: EXP-4 (match-all) 756 packets, 243432 bytes 30 second offered rate 5000 bps, drop rate 0000 bps Match: mpls experimental topmost 4 Priority: Strict, b/w exceed drops: 0

  23. (4) mls qos vlan-based 有り (2) • 結果(Output 側 (4)) queue stats for all priority classes: Queueing priority level 2 queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 756/243432 Class-map: EXP-5 (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: mpls experimental topmost 5 Priority: 10000 kbps, burst bytes 250000, b/w exceed drops: 0 Priority Level: 1 Class-map: EXP-4 (match-all) 756 packets, 243432 bytes 30 second offered rate 5000 bps, drop rate 0000 bps Match: mpls experimental topmost 4 Priority: Strict, b/w exceed drops: 0 Priority Level: 2 Class-map: EXP-1 (match-all) 244 packets, 78568 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: mpls experimental topmost 1 Queueing queue limit 18000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 244/78568 bandwidth remaining 80% Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets (snip) Class-map: class-default (match-any) 122 packets, 9907 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any queue limit 2 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 124/10067 Exp-weight-constant: 9 (1/512) Mean queue depth: 0 packets (snip)

  24. 注意事項 本環境では、Input VLAN I/F に適用したPolicer(2つ)が消費 • 利用可能な Policer の数 RT-2# show platform hardware capacity qos QoS Policer Resources Aggregate policers: Module Total Used %Used 1 1024 3 1% 5 1024 3 1% Microflow policer configurations: Module Total Used %Used 1 64 1 1% 5 64 1 1% RT-2# 対応案: Input I/F としてSIP-200/400 を利用する。Aggregate Policer については非対応だが、 2-color Marker 付き Policer には対応。

  25. 検証パターン②-1 Ingress I/F が SIP-400 の場合

  26. (5) SIP-400 における Input Policer 例 (config-if)#do show policy-map INPUT_MARK Policy Map INPUT_MARK Class TO-HOST-A police cir 100000 bc 12500 be 12500 conform-action set-dscp-transmit ef exceed-action transmit violate-action transmit Class TO-HOST-B police cir 100000 bc 12500 be 12500 conform-action set-dscp-transmit af41 exceed-action policed-dscp-transmit violate-action policed-dscp-transmit (config-if)#do show run int gi4/0/1.10 Building configuration... Current configuration : 89 bytes ! interface GigabitEthernet4/0/1.10 encapsulation dot1Q 10 bridge-domain 10 dot1q end (config-if)#do show run int vlan 10 Building configuration... Current configuration : 123 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.1.2 255.255.255.252 service-policy input INPUT_MARK (config-if)#do show policy-map inter vlan 10 Vlan10 Service-policy input: INPUT_MARK class-map: TO-HOST-A (match-all) Match: access-group name HOST-A police : 96000 bps 12000 limit 12000 extended limit class-map: TO-HOST-B (match-all) Match: access-group name HOST-B police : 96000 bps 12000 limit 12000 extended limit Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps 設定は入るが、動作しない例!!

  27. (6) SIP-400 における Input Policer • 目的 SIP-400 において、入力側 I/F にてどのようなQoS設定が可能かを確認(VPNベースでのQoSを意識) 今回の例では、Match DSCP、およびMatch vlan によって動作を確認した。

  28. (6) SIP-400 における Input Policer • 設定 (config-pmap-c)#do show class-map TEST_INPUT_DSCP Class Map match-all TEST_INPUT_DSCP (id 10) Match ip dscp ef (46) Match vlan 10 (config-pmap-c)#do show policy-map INPUT_MARK_SIP Policy Map INPUT_MARK_SIP Class TEST_INPUT_DSCP police cir 96000 bc 12500 be 12500 conform-action transmit exceed-action set-dscp-transmit default violate-action set-dscp-transmit default (config-pmap-c)#do show run int gi4/0/1 Building configuration... Current configuration : 166 bytes ! interface GigabitEthernet4/0/1 no ip address media-type rj45 speed 1000 no negotiation auto no snmp trap link-status service-policy input INPUT_MARK_SIP end (config-pmap-c)#do show run int gi4/0/1.10 Building configuration... Current configuration : 89 bytes ! interface GigabitEthernet4/0/1.10 encapsulation dot1Q 10 bridge-domain 10 dot1q end (config-pmap-c)#do show run int vlan 10 Building configuration... Current configuration : 107 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.1.2 255.255.255.252 mls qos bridged end (config-pmap-c)#

  29. (6) SIP-400 における Input Policer • 結果1 (config-pmap-c)#do show policy-map inter gi4/0/1 GigabitEthernet4/0/1 Service-policy input: INPUT_MARK_SIP Counters last updated 00:00:00 ago Class-map: TEST_INPUT_DSCP (match-all) 111 packets, 35298 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: ip dscp ef (46) Match: vlan 10 police: cir 96000 bps, bc 12500 bytes, be 12500 bytes conformed 55 packets, 17490 bytes; actions: transmit exceeded 39 packets, 12402 bytes; actions: set-dscp-transmit default violated 17 packets, 5406 bytes; actions: set-dscp-transmit default conformed 0 bps, exceed 0 bps, violate 0 bps Class-map: class-default (match-any) 6 packets, 3612 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any (config-pmap-c)# cat2960#ping ip Target IP address: 10.10.10.1 Repeat count [5]: 111 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 184 Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 111, 300-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (111/111), round-trip min/avg/max = 1/4/9 ms cat2960#

  30. (6) SIP-400 における Input Policer • 結果2 (config-subif)#do show policy-map inter gi4/0/1.10 GigabitEthernet4/0/1.10 Service-policy input: INPUT_MARK_SIP Counters last updated 00:00:00 ago Class-map: TEST_INPUT_DSCP (match-all) 111 packets, 35298 bytes 5 minute offered rate 2000 bps, drop rate 0 bps Match: ip dscp ef (46) Match: vlan 10 police: cir 96000 bps, bc 12500 bytes, be 12500 bytes conformed 51 packets, 16218 bytes; actions: transmit exceeded 39 packets, 12402 bytes; actions: set-dscp-transmit default violated 21 packets, 6678 bytes; actions: set-dscp-transmit default conformed 2000 bps, exceed 2000 bps, violate 2000 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any RT-1_yfukudom(config-subif)# cat2960#ping ip Target IP address: 10.10.10.1 Repeat count [5]: 111 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 184 Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 111, 300-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (111/111), round-trip min/avg/max = 1/4/9 ms cat2960# 物理 I/F、Sub I/F の両方で同様の動作となることを確認

  31. (7) SIP-400 における Input Policer • 目的 SIP-400 において、入力側 I/F にてPolicing を目的としたQoS設定を行い、出力側 I/F にて確認(VPNベースでのQoSを意識)

  32. (7) SIP-400 における Input Policer • 設定(Input) RT-1#show class-map TEST_INPUT_DSCP Class Map match-all TEST_INPUT_DSCP (id 10) Match ip dscp ef (46) Match vlan 10 RT-1#show policy-map INPUT_MARK_SIP Policy Map INPUT_MARK_SIP Class TEST_INPUT_DSCP police cir 96000 bc 25000 be 25000 conform-action transmit exceed-action set-dscp-transmit af41 violate-action set-dscp-transmit af41 RT-1#show run int gi4/0/1 Building configuration... Current configuration : 129 bytes ! interface GigabitEthernet4/0/1 no ip address media-type rj45 speed 1000 no negotiation auto no snmp trap link-status end RT-1#show run int gi4/0/1.10 Building configuration... Current configuration : 126 bytes ! interface GigabitEthernet4/0/1.10 encapsulation dot1Q 10 bridge-domain 10 dot1q service-policy input INPUT_MARK_SIP end RT-1#show run int vlan 10 Building configuration... Current configuration : 107 bytes ! interface Vlan10 ip vrf forwarding Test-VPN ip address 10.10.1.2 255.255.255.252 mls qos bridged end

  33. (7) SIP-400 における Input Policer • 設定(Output) RT-1#show policy-map OUTPUT_PARENT Policy Map OUTPUT_PARENT Class class-default bandwidth 100000 (kbps) service-policy OUTPUT RT-1#show policy-map OUTPUT Policy Map OUTPUT Class MATCH_VLAN_10 bandwidth 10000 (kbps) set mpls experimental topmost 4 Class MATCH_VLAN_900 set mpls experimental topmost 5 bandwidth 15000 (kbps) Class TEST_INPUT bandwidth 9000 (kbps) Class MATCH_EXP_4 bandwidth 10000 (kbps) RT-1#show class-map MATCH_EXP_4 Class Map match-any MATCH_EXP_4 (id 11) Match mpls experimental topmost 4 RT-1# RT-1#show run int gi4/1/1 Building configuration... Current configuration : 141 bytes ! interface GigabitEthernet4/1/1 mtu 1548 no ip address load-interval 30 media-type sfp negotiation auto no snmp trap link-status end RT-1#show run int gi4/1/1.90 Building configuration... Current configuration : 165 bytes ! interface GigabitEthernet4/1/1.90 encapsulation dot1Q 90 ip address 172.16.128.1 255.255.255.252 ip mtu 1530 mpls ip service-policy output OUTPUT_PARENT end

  34. (7) SIP-400 における Input Policer • 結果 RT-1#show policy-map inter GigabitEthernet4/0/1.10 Service-policy input: INPUT_MARK_SIP Counters last updated 00:00:10 ago Class-map: TEST_INPUT_DSCP (match-all) 900 packets, 286200 bytes 5 minute offered rate 8000 bps, drop rate 0 bps Match: ip dscp ef (46) Match: vlan 10 police: cir 96000 bps, bc 25000 bytes, be 25000 bytes conformed 189packets, 60102 bytes; actions: transmit exceeded 78 packets, 24804 bytes; actions: set-dscp-transmit af41 violated 633 packets, 201294 bytes; actions: set-dscp-transmit af41 conformed 0 bps, exceed 0 bps, violate 6000 bps Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any GigabitEthernet4/1/1.90 Service-policy output: OUTPUT_PARENT Counters last updated 00:00:08 ago Class-map: class-default (match-any) 935 packets, 292703 bytes 30 second offered rate 32000 bps, drop rate 0 bps Match: any Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 932/292445 bandwidth 100000 kbps (次スライドへ) 物理 I/F、Sub I/F の両方で同様の動作となることを確認

  35. (7) SIP-400 における Input Policer • 結果 Service-policy : OUTPUT Counters last updated 00:00:08 ago (snip) Class-map: MATCH_EXP_4 (match-any) 711 packets, 228942 bytes 30 second offered rate 26000 bps, drop rate 0 bps Match: mpls experimental topmost 4 Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 711/228942 bandwidth 10000 kbps Class-map: class-default (match-any) 224 packets, 63761 bytes 30 second offered rate 6000 bps, drop rate 0 bps Match: any queue limit 14000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 221/63503 RT-1# cat2960#ping ip Target IP address: 10.10.10.1 Repeat count [5]: 900 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 184 <- af41 Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 900, 300-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! (snip) !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (900/900), round-trip min/avg/max = 1/3/9 ms cat2960# 入力側PolicingでMarkingしたDSCPを基に出力側MPLS EXP bitへ正しくマーキングされた

  36. (7) メモ • SIP-400 がIngress LC である場合に、Input ポリシーとしてMatch VLAN と Match access-group を同一ポリシー内に共存させることは出来ない

  37. 検証パターン②-2 Ingress I/F が SIP-400 の場合 Output I/F においてMPLS Exp bit や、Input VLAN ベースのClass-map での マッチングを行うことで、より実際に近い設定にて動作を確認。

  38. H-QoS動作確認環境 確認 パターン ①~⑥ C7604 QoS Action QoS 分類 QoS Action (parent) QoS Action (child) QoS 分類 Int Vlan 10 MPLS VPN ユーザ DSCP: EF DSCP: EF & VLAN: 10 ① EXP: 5 (top most) VLAN: 10 ② DSCP: default(CIR+BE範囲内) DSCP: 1 (CIR+BE範囲外) Priority Percent 10% Int Vlan 900 EoMPLS ユーザ VLAN: 900 & DSCP: AF41 ③ Shape average 100Mb DSCP: CS4 Input VLAN:900 Gi 4/0/1 (E-MPB) Gi 4/1/1.90 (Sub I/F) DSCP: (default) VLAN: 900 ④ Bandwidth 10Mb Input VLAN:800 Int Vlan 800 VPLS ユーザ Bandwidth 5Mb DSCP: CS3 VLAN: 800 & DSCP: AF41 ⑤ VLAN: 800 ⑥ COS: 1 ※Input I/F における、EoMPLS,VPLSユーザのQoS分類は本シナリオ上意味はありません。(動作確認目的)

  39. (8) 確認パターン ① MPLS-VPN: DSCP(EF)+VLAN-ID • 設定 class-map match-all PRIORITY match mpls experimental topmost 5 class-map match-all MPLS_VPN_1_OTHERS match vlan 10 class-map match-all MPLS_VPN_1_PRIORITY match ip dscp ef match vlan 10 class-map match-all EoMPLS_1 match input vlan 900 class-map match-all VPLS_1 match input vlan 800 policy-map MPLS_VPN_1 class MPLS_VPN_1_PRIORITY set ip dscp ef class MPLS_VPN_1_OTHERS police cir 96000 bc 25000 be 25000 conform-action transmit exceed-action transmit violate-action set-dscp-transmit 1 policy-map OUTPUT class PRIORITY priority percent 10 class EoMPLS_1 bandwidth 10000 class VPLS_1 bandwidth 5000 class EXP_4 policy-map OUTPUT_PARENT class class-default shape average 100000000 service-policy OUTPUT interface GigabitEthernet4/0/1 no ip address load-interval 30 media-type rj45 speed 1000 no negotiation auto ! interface GigabitEthernet4/0/1.10 encapsulation dot1Q 10 bridge-domain 10 dot1q service-policy input MPLS_VPN_1 interface GigabitEthernet4/1/1 mtu 1548 no ip address load-interval 30 negotiation auto ! interface GigabitEthernet4/1/1.90 encapsulation dot1Q 90 ip address 172.16.128.1 255.255.255.252 ip mtu 1530 mpls ip service-policy output OUTPUT_PARENT

  40. (8) 確認パターン ① MPLS-VPN: DSCP(EF)+VLAN-ID • 通信 cat2960#ping ip Target IP address: 10.10.10.1 Repeat count [5]: 1000 Datagram size [100]: 500 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 184 Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 500-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/9 ms cat2960#

  41. (8) 確認パターン ① MPLS-VPN: DSCP(EF)+VLAN-ID • 結果 : 期待通りに分類・マーキングされることを確認 RT-1_yfukudom#show policy-map inter GigabitEthernet4/0/1.10 Service-policy input: MPLS_VPN_1 Counters last updated 00:00:01 ago Class-map: MPLS_VPN_1_PRIORITY (match-all) 1000 packets, 518000 bytes 30 second offered rate 61000 bps, drop rate 0000 bps Match: ip dscp ef (46) Match: vlan 10 QoS Set dscp ef Packets marked 1000 Class-map: MPLS_VPN_1_OTHERS (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: vlan 10 police: cir 96000 bps, bc 25000 bytes, be 25000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: transmit violated 0 packets, 0 bytes; actions: set-dscp-transmit 1 conformed 0000 bps, exceed 0000 bps, violate 0000 bps Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any (snip&次スライドへ) ここでは同じ値にマーキングしているが、他の値に変更してちゃんとマーキングされることを確認済み

  42. (8) 確認パターン ① MPLS-VPN: DSCP(EF)+VLAN-ID • 結果(続き) GigabitEthernet4/1/1.90 Service-policy output: OUTPUT_PARENT Counters last updated 00:00:06 ago Class-map: class-default (match-any) 1059 packets, 526855 bytes 30 second offered rate 61000 bps, drop rate 0000 bps Match: any Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1059/526842 shape (average) cir 100000000, bc 400000, be 400000 target shape rate 100000000 Service-policy : OUTPUT Counters last updated 00:00:06 ago queue stats for all priority classes: Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1000/522000 Class-map: PRIORITY (match-all) 1000 packets, 522000 bytes 30 second offered rate 61000 bps, drop rate 0000 bps Match: mpls experimental topmost 5 Priority: 10% (10000 kbps), burst bytes 250000, b/w exceed drops: 0 Class-map: EoMPLS_1 (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: input vlan 900 Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 10000 kbps (snip) Class-map: class-default (match-any) 59 packets, 4855 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any queue limit 18750 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 59/4842

  43. (9) 確認パターン ② MPLS-VPN: VLAN-ID • 設定 class-map match-all PRIORITY match mpls experimental topmost 5 class-map match-all MPLS_VPN_1_OTHERS match vlan 10 class-map match-all MPLS_VPN_1_PRIORITY match ip dscp ef match vlan 10 class-map match-all EoMPLS_1 match input vlan 900 class-map match-all VPLS_1 match input vlan 800 policy-map MPLS_VPN_1 class MPLS_VPN_1_PRIORITY set ip dscp ef class MPLS_VPN_1_OTHERS police cir 96000 bc 25000 be 25000 conform-action transmit exceed-action transmit violate-action set-dscp-transmit 1 policy-map OUTPUT class PRIORITY priority percent 10 class EoMPLS_1 bandwidth 10000 class VPLS_1 bandwidth 5000 class EXP_4 policy-map OUTPUT_PARENT class class-default shape average 100000000 service-policy OUTPUT interface GigabitEthernet4/0/1 no ip address load-interval 30 media-type rj45 speed 1000 no negotiation auto ! interface GigabitEthernet4/0/1.10 encapsulation dot1Q 10 bridge-domain 10 dot1q service-policy input MPLS_VPN_1 interface GigabitEthernet4/1/1 mtu 1548 no ip address load-interval 30 negotiation auto ! interface GigabitEthernet4/1/1.90 encapsulation dot1Q 90 ip address 172.16.128.1 255.255.255.252 ip mtu 1530 mpls ip service-policy output OUTPUT_PARENT

  44. (9) 確認パターン ② MPLS-VPN: VLAN-ID • 設定 cat2960#ping ip Target IP address: 10.10.10.1 Repeat count [5]: 1000 Datagram size [100]: 500 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 136 ← AF41(34) Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 500-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/9 ms cat2960#

  45. (9) 確認パターン ② MPLS-VPN: VLAN-ID • 結果 : 期待通りに分類・マーキングされることを確認 RT-1#show policy-map inter GigabitEthernet4/0/1.10 Service-policy input: MPLS_VPN_1 Counters last updated 00:00:05 ago Class-map: MPLS_VPN_1_PRIORITY (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: ip dscp ef (46) Match: vlan 10 QoS Set dscp ef Packets marked 0 Class-map: MPLS_VPN_1_OTHERS (match-all) 1000 packets, 518000 bytes 30 second offered rate 40000 bps, drop rate 0000 bps Match: vlan 10 police: cir 96000 bps, bc 25000 bytes, be 25000 bytes conformed 127 packets, 65786 bytes; actions: transmit exceeded 48 packets, 24864 bytes; actions: transmit violated 825 packets, 427350 bytes; actions: set-dscp-transmit 1 conformed 4000 bps, exceed 0000 bps, violate 32000 bps (snip) GigabitEthernet4/1/1.90 Service-policy output: OUTPUT_PARENT Counters last updated 00:00:04 ago Class-map: class-default (match-any) 1053 packets, 526383 bytes 30 second offered rate 26000 bps, drop rate 0000 bps Match: any Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1053/526369 shape (average) cir 100000000, bc 400000, be 400000 target shape rate 100000000 Service-policy : OUTPUT Counters last updated 00:00:04 ago queue stats for all priority classes: Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 (snip)

  46. (9) 確認パターン ② MPLS-VPN: VLAN-ID • 結果(続き) Class-map: PRIORITY (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: mpls experimental topmost 5 Priority: 10% (10000 kbps), burst bytes 250000, b/w exceed drops: 0 Class-map: EoMPLS_1 (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: input vlan 900 Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 10000 kbps Class-map: VPLS_1 (match-all) 1 packets, 100 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: input vlan 800 Queueing queue limit 1250 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1/86 bandwidth 5000 kbps Class-map: EXP_4 (match-all) 175 packets, 91350 bytes 30 second offered rate 4000 bps Match: mpls experimental topmost 4 Class-map: class-default (match-any) 877 packets, 434933 bytes 30 second offered rate 22000 bps, drop rate 0000 bps Match: any queue limit 18750 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1052/526283 RT-1#

  47. (10) 確認パターン ③ EoMPLS: DSCP(AF41)+VLAN-ID • 設定 class-map match-all PRIORITY match mpls experimental topmost 5 class-map match-all VLAN_900_DSCP_OTHER match vlan 900 class-map match-all VLAN_900_DSCP_AF41 match ip dscp af41 match vlan 900 class-map match-all EoMPLS_1 match input vlan 900 policy-map EoMPLS class VLAN_900_DSCP_AF41 set dscp cs4 class VLAN_900_DSCP_OTHER set dscp default policy-map OUTPUT class PRIORITY priority percent 10 class EoMPLS_1 bandwidth 10000 class VPLS_1 bandwidth 5000 class EXP_4 policy-map OUTPUT_PARENT class class-default shape average 100000000 service-policy OUTPUT interface GigabitEthernet4/0/1 no ip address load-interval 30 media-type rj45 speed 1000 no negotiation auto ! interface GigabitEthernet4/0/1.900 encapsulation dot1Q 900 bridge-domain 900 dot1q service-policy input EoMPLS interface GigabitEthernet4/1/1 mtu 1548 no ip address load-interval 30 negotiation auto ! interface GigabitEthernet4/1/1.90 encapsulation dot1Q 90 ip address 172.16.128.1 255.255.255.252 ip mtu 1530 mpls ip service-policy output OUTPUT_PARENT

  48. (10) 確認パターン ③ EoMPLS: DSCP(AF41)+VLAN-ID • 通信 cat2960#ping ip Target IP address: 10.10.100.2 Repeat count [5]: 1000 Datagram size [100]: 500 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: Type of service [0]: 136 ← AF41(34) Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1000, 500-byte ICMP Echos to 10.10.100.2, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/3/9 ms cat2960#

  49. (10) 確認パターン ③ EoMPLS: DSCP(AF41)+VLAN-ID • 結果 : 期待通りに分類・マーキングされることを確認 RT-1#show policy-map inter (snip) GigabitEthernet4/0/1.900 Service-policy input: EoMPLS Counters last updated 00:00:06 ago Class-map: VLAN_900_DSCP_AF41 (match-all) 1000 packets, 518000 bytes 30 second offered rate 92000 bps, drop rate 0000 bps Match: ip dscp af41 (34) Match: vlan 900 QoS Set dscp cs4 Packets marked 1000 Class-map: VLAN_900_DSCP_OTHER (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: vlan 900 QoS Set dscp default Packets marked 0 Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any (snip) GigabitEthernet4/1/1.90 Service-policy output: OUTPUT_PARENT Counters last updated 00:00:08 ago Class-map: class-default (match-any) 1051 packets, 558216 bytes 30 second offered rate 98000 bps, drop rate 0000 bps Match: any Queueing queue limit 25000 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1052/544296 shape (average) cir 100000000, bc 400000, be 400000 target shape rate 100000000 Service-policy : OUTPUT Counters last updated 00:00:08 ago queue stats for all priority classes: Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 (snip)

  50. (10) 確認パターン ③ EoMPLS: DSCP(AF41)+VLAN-ID • 結果 Class-map: PRIORITY (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: mpls experimental topmost 5 Priority: 10% (10000 kbps), burst bytes 250000, b/w exceed drops: 0 Class-map: EoMPLS_1 (match-all) 1000 packets, 554000 bytes 30 second offered rate 98000 bps, drop rate 0000 bps Match: input vlan 900 Queueing queue limit 2500 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 1000/540000 bandwidth 10000 kbps Class-map: VPLS_1 (match-all) 0 packets, 0 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: input vlan 800 Queueing queue limit 1250 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth 5000 kbps Class-map: class-default (match-any) 51 packets, 4216 bytes 30 second offered rate 0000 bps, drop rate 0000 bps Match: any queue limit 18750 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 52/4296 RT-1#

More Related