This article is just a summarization of 2 other articles that I put on itbundle.net. This time we will try to utilize information about QoS with simple lab.
Recently I added 2 parts about QoS and I thought that would be nice to practice a little bit. This way I add the lab with QoS. If you are not familiar with QoS at all I highly recommend reading these posts regarding QoS.
The lab consists of 2 FTP servers (just Win XP with Mozilla FTP server) and the Client that is placed somewhere in the Internet. The goal, that we want to achieve is to assign higher priority on R1 ( I used cisco c7200 image) for server 1.1.1.1 over 2.2.2.2. In plain words, the Clients will be downloading much faster from 1.1.1.1 server than 2.2.2.2
Firstly we have to classify interesting traffic. For us, it will be traffic that will be going from servers to the client. Next we create the Modular QoS CLI, Class-map with match statement that relates to interesting traffic. Next we configure Policy-map where we set up dscp to AF33 and AF11 this is the marking. At the end with Service-policy we apply policy-map in ‘input’ direction (according how packets flows are going)
access-list 100 permit tcp host 1.1.1.1 any
access-list 110 permit tcp host 2.2.2.2 any
class-map FTP-CLASS-1.1.1.1
match access-group 100
class-map FTP-CLASS-2.2.2.2
match access-group 110
policy-map FTP-POLICY
class FTP-CLASS-1.1.1.1
set ip dscp af33
class FTP-CLASS-2.2.2.2
set ip dscp af11
interface fa1/0
service-policy input FTP-POLICY
interface fa2/0
service-policy input FTP-POLICY
Congestion management and policing
In the first part we actually only marked 2 packets flows. Now we will make decision what we are going to do with them. Our bottleneck will be interface FA0/0 (outside). We have marked packets from 1.1.1.1 with dscp 33 from 2.2.2.2 with dscp 2.2.2.2. In order to do something with these flows we have to ‘match‘ these 2 marks in 2 Class-maps.
class-map match-all Flow-1.1.1.1
match ip dscp af33
class-map match-all Flow-2.2.2.2
match ip dscp af11
Now, in Policy-map we take action that we want. I’ve decided to set up bandwidth for 1.1.1.1 to 2000000 kb/sec (kilo bits). For flow 2.2.2.2 I used LLQ and policing, I’ve set up CIR to 100000, what means that traffic above 100000 b/s (bits per second) will be rejected. And we apply Policy-map to the interface FA0/0
policy-map POLICY
class Flow-1.1.1.1
priority 2000000
class Flow-2.2.2.2
police cir 100000
interface fa0/0
service-policy output POLICY
VERIFICATION
There is one command that allows us to verify that everything was configured correctly ‘show policy-map interface [interface name]‘, but we also may see for ourselves. After applying above configuration when I wanted to download 5 MB files from 2 FTPs in case of 1.1.1.1 it lasted 4 seconds, in case of 2.2.2.2 I got notification tha it will take 5 hours :). So IT works!
Firstly let’s check how packets are marked on interfaces FA1/0 and FA2/0. We see the counters with marked packets, also what access-list are attached to particular class-map.
Now let’s go over the outside interface FA0/0 where we applied policy. I have to mention, that this screenshot has been made 5 seconds after I started download files from 1.1.1.1 and 2.2.2.2. In case of 1.1.1.1 we see 3749 packets downloaded also applied priority value, in case 2.2.2.2 we see only 64 packets (48 transmitted and 16 dropped) and applied policy : CIR 100000 bps (100 kbits).