流量策略和整型--策略篇_第1张图片
 
Policing and Shaping
拓扑描述
R1: f1/0  10.1.1.1/24
R2: f0/0  10.1.2.2/24
R3: f0/0 10.1.2.3/24  f1/0 10.1.1.3/24 s2/0 10.1.3.3/24
R4: s2/0 10.1.3.4/24
全网启用RIPv2
 
初始配置
R1
conf t
int f1/0
ip ad 10.1.1.1 255.255.255.0
no shut
router rip
ver 2
no au
net 10.0.0.0
end
 
R2
conf t
int f 0/0
ip ad  10.1.2.2 255.255.255.0
no shut
router rip
ver 2
no au
net 10.0.0.0
end
 
R3
conf t
int f 0/0
ip ad 10.1.2.3 255.255.255.0
no shut
int f1/0
ip ad 10.1.1.3 255.255.255.0
no shut
int s2/0
ip ad 10.1.3.3 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.3.4 304 b
no shut
router rip
ver 2
no au
net 10.0.0.0
end

R4
conf t
int s2/0
ip ad 10.1.3.4 255.255.255.0
encap f
no arp f
no frame inver
frame map ip 10.1.3.3 403 b
no shut
router rip
ver 2
no au
net 10.0.0.0
end

1,Traffic Policing
在R3上对从R1到R4流量实施策略,CIR为8000bps,Bc为2000bytes,Be为4000bytes,conform-action为transmit,exceed-action设置qos group 为4并transmit,violate-action为drop

R3
conf t
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255
class-map PS
match access-group 100
exit
policy-map policy
class PS
police cir 8000 bc 2000 be 4000
conform-action transmit
exceed-action set-qos-transmit 4
violate-action drop
int s2/0
service-policy output policy
end
 
校验
R3#sh policy int s2/0
 Serial2/0
  Service-policy output: policy
    Class-map: PS (match-all)
      5 packets, 520 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 8000 bps, bc 2000 bytes, be 4000 bytes
        conformed 5 packets, 520 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          set-qos-transmit 4
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps
 
2 Two Rate Policer
在R3上对R1到R4的的流量实施策略,CIR为50000bps Bc为10000bytes,PIR为100000bps Be为10000bytes,conform action: transmit . exceed action: 设置ip precedence为2然后传输,violate action: drop
R3
conf t
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255
class-map TWO_RATE
match access-group 100
exit
policy-map policy
class TWO_RATE
police cir 50000 bc 10000 pir 100000 be 10000
conform-action transmit
exceed-action set-prec-transmit 2
violate-action drop
int s2/0
service-policy output policy
end
校验
R3#sh policy int s2/0
 Serial2/0
  Service-policy output: policy
    Class-map: TWO_RATE (match-all)
      35 packets, 3640 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 50000 bps, bc 10000 bytes
          pir 100000 bps, be 10000 bytes
        conformed 35 packets, 3640 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          set-prec-transmit 2
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps
 
3,Policer enhancement: Multiple Actions
在R3上对R2到R4的流量实施策略,CIR为100000bps,PIR为200000bps,exceed  action: 设置ip precedence为4并传输,并设置DE位,violate action设置ip precedence 为2并传输,并设置DE位
在R3上对R2到R1的流量实施策略,CIR为100000bps PIR为200000bps,exceed action :设置ip precedence 为4并传输,violate action设置ip precedence 为2并传输
R3
conf t
access-list 100 permit ip 10.1.2.0 0.0.0.255 any
class-map MULTIPLE_ACTION
match access-group 100
policy-map R2_R1
class MULTIPLE_ACTION
police cir 100000 pir 200000
exceed-action set-prec-transmit 4
violate-action set-prec-transmit 2
policy-map R2_R4
class MULTIPLE_ACTION
police cir 100000 pir 200000
exceed-action set-prec-transmit 4
exceed-action set-frde-transmit
violate-action set-prec-transmit 2
violate-action set-frde-transmit
int s2/0
service-policy output R2_R4
int f1/0
service-policy output R2_R1
end
校验
R3#sh policy-map int f1/0
 FastEthernet1/0
  Service-policy output: R2_R1
    Class-map: MUTLIPLE_ACTION (match-all)
      5 packets, 570 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 100000 bps, bc 3125 bytes
          pir 200000 bps, be 6250 bytes
        conformed 5 packets, 570 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          set-prec-transmit 4
        violated 0 packets, 0 bytes; actions:
          set-prec-transmit 2
        conformed 0 bps, exceed 0 bps, violate 0 bps
R3#sh policy-map int s2/0
 Serial2/0
  Service-policy output: R2_R4
    Class-map: MUTLIPLE_ACTION (match-all)
      5 packets, 520 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 100000 bps, bc 3125 bytes
          pir 200000 bps, be 6250 bytes
        conformed 5 packets, 520 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          set-prec-transmit 4
          set-frde-transmit
        violated 0 packets, 0 bytes; actions:
          set-prec-transmit 2
          set-frde-transmit
        conformed 0 bps, exceed 0 bps, violate 0 bps
 
4,Percentage-based Policing and Shaping
在R3上实施R1到R4流量的策略,CIR 占带宽的20%,burst time为300ms;PIR占带宽的40%,burst time为400ms
在R3上实施R1到R2流量的修整,CIR占带宽的30%,burst time为500 ms;PIR 的burst time为600ms
R3
conf t
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255
access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255
class-map PBPS
match access-group 100
class-map PBPS2
match access-group 101
policy-map R1_R4
class PBPS
police cir percent 20 bc 300 ms pir percent 40 be 400 ms
policy-map R1_R2
class PBPS2
shape average percent 30 500 ms 600 ms
int s2/0
service-policy output PBPS
int f 0/0
service-policy output PBPS2
end
校验
R3#SH POLICY-MAP INT S2/0
 Serial2/0
  Service-policy output: R1_R4
    Class-map: PBPS (match-all)
      10 packets, 1040 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 20 % bc 300 ms
          cir 308500 bps, bc 11580 bytes
          pir 40 % be 400 ms
          pir 617500 bps, be 30880 bytes
        conformed 10 packets, 1040 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        violated 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps, violate 0 bps

R3#SH POLICY-MAP INT F 0/0
 FastEthernet0/0
  Service-policy output: R1_R2
    Class-map: PBPS2 (match-all)
      10 packets, 1140 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 101
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes) 
               30 (%)              500 (ms)    600 (ms)
         30000000/30000000  366903 2115098   820130    70        264387  
        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         10        1140      0         0         no

5,MQC的3层结构策略
在R3上从任意位置到R4的流量实施策略,
level1:对所有流量限速100000bps
level2:对ip precedence 为1 ,2 ,3的流量限速20000bps
level3:对ip precedence 为2的流量限速10000bps
R3
conf t
access-list 100 permit ip any host 10.1.3.4
class-map LEVEL1
match access-group 100
class-map match-all LEVEL2
match ip precedence 1 2 3
match access-group 100
class-map match-all LEVEL3
match access-group 100
match ip precedence 2
policy MQC3
class LEVEL3
police 10000
policy MQC2
class LEVEL2
police 20000
service-policy MQC1
policy MQC1
class LEVEL1
police 100000
service-policy MQC2

校验
R3#SH POLICY-MAP INT S2/0
 Serial2/0
  Service-policy output: MQC_LEVEL1
    Class-map: LEVEL1 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
      police:
          cir 100000 bps, bc 3125 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps
      Service-policy : MQC_LEVEL2
        Class-map: LEVEL2 (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group 100
          Match: ip precedence 1  2  3
          police:
              cir 20000 bps, bc 1500 bytes
            conformed 0 packets, 0 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps
          Service-policy : MQC_LEVEL3
            Class-map: LEVEL3 (match-all)
              0 packets, 0 bytes
              5 minute offered rate 0 bps, drop rate 0 bps
              Match: access-group 100
              Match: ip precedence 2
              police:
                  cir 10000 bps, bc 1500 bytes
                conformed 0 packets, 0 bytes; actions:
                  transmit
                exceeded 0 packets, 0 bytes; actions:
                  drop
                conformed 0 bps, exceed 0 bps
            Class-map: class-default (match-any)
              0 packets, 0 bytes
              5 minute offered rate 0 bps, drop rate 0 bps
              Match: any
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any