QOS的模型:
Best-Effort Service 尽力而为服务模型
Integrated Service 综合服务模型,简称Intserv
Differentiated Service 区分服务模型,简称Diffserv
我们在这主要讨论的是Diffserv,要提供区分服务的QOS,就必须先将数据分为不同的类别,或者将数据设置为不同的优先级。将数据分为不同的类别,称为分类(classification),分类并不修改原来的数据包。将数据设置为不同的优先级称为标记(marking),而标记会修改原来的数据包。分类和标记是实施QOS的前提,也是基础。
QOS的流程:
Marking is the QOS feather component that colors a packet so it can be identified and distinguished from other packts in QOS treatment 也就是说为数据包打上颜色 以至于QOS可以把它和其他的包分别对待。
CLASSIFICATION:
incoming interface
ip precedence
DSCP
SOURCE dan destination
application
marking方法:
network layer :(基于数据包tos位)
ip precedence
DSCP
link layer :
COS (ISL 802.1P)
MPLS EXP BIT
Frame relay DE bit
vlan
Inter-Switch Link (ISL)帧中,预留有1-byte的IEEE 802.1p字段,其中有3 bits可以标记CoS。
IEEE 802.1Q帧中,预留有2-byte字段,其中同样只有3 bits可以标记CoS,
而IEEE 802.1Q帧中,native VLAN是不能被标记的,因为没有额外封装。
CoS中由于只有3 bit可以标记,所以只能标记出0-7共8类数据,默认标为0,然而6和7是被保留的,因此只有0-5共6类可供用户标记使用。
帧中继可丢弃指标符(DE)位 在帧中继数据包中,有额外的一个字段可以用来指示该数据包的优先级,这个字段被称为可丢弃指标符Discard eligible (DE)位,默认为0,设置为1表示该数据不重要而优先被丢弃
af11 Match packets with AF11 dscp (001010) 分两块001 是1 010 是1
af12 Match packets with AF12 dscp (001100) 001 100 是2
af13 Match packets with AF13 dscp (001110)001 110 3
af21 Match packets with AF21 dscp (010010)010 2 010 1
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010) 在af41 af42 af43中af41的优先级最高
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000) 后三位全部置0相当于ip优先级
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
ip 优先级 Precedence
<0-7> Precedence value
critical Set packets with critical precedence (5)
flash Set packets with flash precedence (3)
flash-override Set packets with flash override precedence (4)
immediate Set packets with immediate precedence (2)
internet Set packets with internetwork control precedence (6)
network Set packets with network control precedence (7)
priority Set packets with priority precedence (1)
routine Set packets with routine precedence (0)
我们可以设置ip precedence 或者DSCP 只是分类方法的不同,标志不同的优先级,DSCP比ip precedence有更加细化了优先级类别,我们看下三者的联系
分类基于 ACL NBAR
标记 :PBR CBMARKING
PBR 可以基于源ip 进行转发,而路由转发只是基于目的ip进行转发,看个例子
由于r4和r3之间是以太网链路默认r5的流量走r4到r2
我们在r3上做pbr让r5的loopback0 5.5.5.5 走R1 loopback1 走r4
access-list 100 permit ip host 5.5.5.5 host 2.2.2.2
access-list 101 permit ip host 9.9.9.9 host 2.2.2.2
route-map PBR permit 10
match ip address 100
set interface Serial1/1
route-map PBR permit 20
match ip address 101
set ip next-hop 34.1.1.4
interface Serial1/3
ip address 35.1.1.3 255.255.255.0
ip policy route-map PBR
在r3开启debug
*Mar 1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
r3#
*Mar 1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:22:59.287: fibidb->namestring: Serial1/1
*Mar 1 00:22:59.287: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar 1 00:22:59.287: adj 0x0, NULL
*Mar 1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2 (Serial1/1), len 100, FIB policy routed
*Mar 1 00:22:59.431: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:22:59.431: fibidb->namestring: Serial1/1
*Mar 1 00:22:59.431: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar 1 00:22:59.431: adj 0x0, NULL
我们只是设置了permit 10 和20 而r5的源流量
*Mar 1 00:21:42.731: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.851: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.919: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.975: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:43.015: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
总结:pbr在数据层面没有permit正常转发,而路由层(重分布)面直接deny
pbr打标记只能基于入口,不能设置DSCP
r3(config)#route-map PBR permit 10
r3(config-route-map)#match ip add 101
r3(config-route-map)#set ip ?
address Specify IP address
default Set default information
df Set DF bit
next-hop Next hop address
precedence Set precedence field
qos-group Set QOS Group ID
tos Set type of service field
r3(config-route-map)#set ip tos ?
<0-15> Type of service value
max-reliability Set max reliable TOS (2)
max-throughput Set max throughput(吞吐量) TOS (4)
min-delay Set min delay TOS (8)
min-monetary-cost Set min monetary cost TOS (1)
normal Set normal TOS (0)
以上是手工命令行的形式打标记,我们还可以基于模版是的打标记就是MQC
ip access-list extended tel
permit tcp any any eq telnet
ip access-list extended www
permit tcp any any eq www
class-map match-all(默认) www class map 调用ACL what traffic do we care about
match access-group name www match all 一个class map 可能匹配多个流量只有都满足才执行
class-map match-all tel
match access-group name tel
policy-map CBMARK polic map 调用class-map what will be done to this traffic
class tel
set dscp af11
class www
set dscp af41
interface FastEthernet0/0
service-policy input CBMARK 在接口下调用 (出入口都行)
Router# show policy-map int f0/0