This article is just a summarization of 2 other articles that I put on itbundle.net. This time we will try to utilize information about QoS with simple lab.
Recently I added 2 parts about QoS and I thought that would be nice to practice a little bit. This way I add the lab with QoS. If you are not familiar with QoS at all I highly recommend reading these posts regarding QoS.
The lab consists of 2 FTP servers (just Win XP with Mozilla FTP server) and the Client that is placed somewhere in the Internet. The goal, that we want to achieve is to assign higher priority on R1 ( I used cisco c7200 image) for server 22.214.171.124 over 126.96.36.199. In plain words, the Clients will be downloading much faster from 188.8.131.52 server than 184.108.40.206
Firstly we have to classify interesting traffic. For us, it will be traffic that will be going from servers to the client. Next we create the Modular QoS CLI, Class-map with match statement that relates to interesting traffic. Next we configure Policy-map where we set up dscp to AF33 and AF11 this is the marking. At the end with Service-policy we apply policy-map in ‘input’ direction (according how packets flows are going)
access-list 100 permit tcp host 220.127.116.11 any
access-list 110 permit tcp host 18.104.22.168 any
match access-group 100
match access-group 110
set ip dscp af33
set ip dscp af11
service-policy input FTP-POLICY
service-policy input FTP-POLICY
Congestion management and policing
In the first part we actually only marked 2 packets flows. Now we will make decision what we are going to do with them. Our bottleneck will be interface FA0/0 (outside). We have marked packets from 22.214.171.124 with dscp 33 from 126.96.36.199 with dscp 188.8.131.52. In order to do something with these flows we have to ‘match‘ these 2 marks in 2 Class-maps.
class-map match-all Flow-184.108.40.206
match ip dscp af33
class-map match-all Flow-220.127.116.11
match ip dscp af11
Now, in Policy-map we take action that we want. I’ve decided to set up bandwidth for 18.104.22.168 to 2000000 kb/sec (kilo bits). For flow 22.214.171.124 I used LLQ and policing, I’ve set up CIR to 100000, what means that traffic above 100000 b/s (bits per second) will be rejected. And we apply Policy-map to the interface FA0/0
police cir 100000
service-policy output POLICY
There is one command that allows us to verify that everything was configured correctly ‘show policy-map interface [interface name]‘, but we also may see for ourselves. After applying above configuration when I wanted to download 5 MB files from 2 FTPs in case of 126.96.36.199 it lasted 4 seconds, in case of 188.8.131.52 I got notification tha it will take 5 hours :). So IT works!
Firstly let’s check how packets are marked on interfaces FA1/0 and FA2/0. We see the counters with marked packets, also what access-list are attached to particular class-map.
Now let’s go over the outside interface FA0/0 where we applied policy. I have to mention, that this screenshot has been made 5 seconds after I started download files from 184.108.40.206 and 220.127.116.11. In case of 18.104.22.168 we see 3749 packets downloaded also applied priority value, in case 22.214.171.124 we see only 64 packets (48 transmitted and 16 dropped) and applied policy : CIR 100000 bps (100 kbits).