Wednesday, December 24, 2008

Mark and Police



In this post i bring together a number of QOS features to implement an end to end QOS marking and policing scenario.

On R2 i mark all traffic destined to UDP port 3333 with an IP precednce of 3. On R3 i ensure all traffic with an IP precednce of 3 utilises no more than 100,000 bps of the bandwidth between R3 and R4.

In order to test this scenario i make use of the IP SLA feature. R1 generates the traffic to the loopback 0 on R4 with a UDP dest port of 3333. On R4 i configure an IP SLA responder to ensure these packets are answered.

Here is the config i used....

R1
ip sla monitor 1
type udpEcho dest-ipaddr 99.99.99.99 dest-port 3333
request-data-size 1500
timeout 2000
frequency 15
ip sla monitor schedule 1 life forever start-time now



R2

access-list 100 permit udp any any eq 3333

class-map match-all SLA
match access-group 100

policy-map MARK
class SLA
set precedence 3

interface FastEthernet1/0
service-policy output MARK



R3
access-list rate-limit 1 mask 08

interface FastEthernet1/0
rate-limit output access-group rate-limit 1 100000 18750 37500 conform-action transmit exceed-action drop


R4
ip sla monitor responder type udpEcho ipaddress 99.99.99.99 port 3333


For verification i used the following commands on each of the routers

R1
s ip sla monitor stat
Round trip time (RTT) Index 1
Latest RTT: 160 ms
Latest operation start time: *06:04:24.763 UTC Thu Dec 25 2008
Latest operation return code: OK
Number of successes: 152
Number of failures: 24
Operation time to live: Forever

R2
s policy-map int fa1/0
FastEthernet1/0

Service-policy output: MARK

Class-map: SLA (match-all)
296 packets, 233248 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group 100
QoS Set
precedence 3
Packets marked 296

Class-map: class-default (match-any)
451 packets, 38519 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any


R3
#s int fa1/0 rate-limit
FastEthernet1/0
Output
matches: access-group rate-limit 1
params: 96000 bps, 18750 limit, 37500 extended limit
conformed 100 packets, 78800 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
last packet: 7788ms ago, current burst: 14 bytes
last cleared 00:12:48 ago, conformed 0 bps, exceeded 0 bps

R4
show ip sla monitor responder
IP SLA Monitor Responder is: Enabled
Number of control message received: 4 Number of errors: 0
Recent sources:
10.0.0.1 [06:10:24.379 UTC Thu Dec 25 2008]
10.0.0.1 [06:10:09.391 UTC Thu Dec 25 2008]
10.0.0.1 [06:09:54.395 UTC Thu Dec 25 2008]
10.0.0.1 [06:09:39.371 UTC Thu Dec 25 2008]
Recent error sources:

udpEcho Responder:
IP Address Port
99.99.99.99 3333


It works! :-)

No comments: