Cisco路由器QoS配置過(guò)程

Cisco路由器QoS配置過(guò)程對(duì)不同IP組進(jìn)行流量限制實(shí)例:Cisco(config)#ipaccess-listextendedBOSSCisco(config-ext-nacl)#permitiphostanyCisco(config-ext-nacl)#permitiphost8anyCisco(config-ext-nacl)#permitiphost8anyCisco(config-ext-nacl)#permitiphost8anyCisco(config-ext-nacl)#permitiphost8anyCisco(config-ext-nacl)#permitiphost8anyCisco(config-ext-nacl)#endCisco#configtCisco(config)#ipaccess-listextendedCOMMONCisco(config-ext-nacl)#denyiphostanyCisco(config-ext-nacl)#denyiphost8anyCisco(config-ext-nacl)#denyiphost8anyCisco(config-ext-nacl)#denyiphost8anyCisco(config-ext-nacl)#denyiphost8anyCisco(config-ext-nacl)#denyiphost8anyCisco(config-ext-nacl)#permitip55anyCisco(config-ext-nacl)#endCisco#configtCisco(config)#route-mapQoSpermit10Cisco(config-route-map)#matchipaddressBOSSCisco(config-route-map)#setipprecedence?<0-7>PrecedencevaluecriticalSetcriticalprecedence(5)flashSetflashprecedence(3)flash-overrideSetflashoverrideprecedence(4)immediateSetimmediateprecedence(2)internetSetinternetworkcontrolprecedence(6)networkSetnetworkcontrolprecedence(7)prioritySetpriorityprecedence(1)routineSetroutineprecedence(0)<cr>Cisco(config-route-map)#setipprecedencecriticalCisco(config-route-map)#exitCisco(config)#route-mapQoSpermit20Cisco(config-route-map)#matchipaddressCOMMONCisco(config-route-map)#setipprecedencepriorityCisco(config-route-map)#exitCisco(config)#class-mapmatch-anyNORMALCisco(config-cmap)#matchipprecedence012Cisco(config-cmap)#class-mapmatch-anyPREMIUM

Cisco(config-cmap)#matchipprecedence012Cisco(config-cmap)#exitCisco(config)#policy-mapQoS_OUTPUTCisco(config-pmap)#classPREMIUMCisco(config-pmap-c)#bandwidth2048Cisco(config-pmap-c)#police2048000bc1920038400Cisco(config-pmap-c-police)#conform-actiontransmitCisco(config-pmap-c-police)#exceed-actiontransmitCisco(config-pmap-c-police)#classNORMALCisco(config-pmap-c)#bandwidth512Cisco(config-pmap-c)#policecir51000bc1200be1200Cisco(config-pmap-c-police)#conform-actiontransmitCisco(config-pmap-c-police)#exceed-actiondropCisco(config-pmap-c-police)#endCisco#configtCisco(config)#interfaceG0/0Cisco(config-if)#ipnatinsideCisco(config-if)#ippolicyroute-mapQoSCisco(config)#interfaceG0/1Cisco(config-if)#ipnatoutsideCisco(config-if)#service-policyoutputQoS_OUTPUTmarking：定義class-map.class-map[match-all/match-any]{map-name}默認(rèn)不打的話是match-all定義匹配命令matchmatchaccess-group{NO}class-map嵌套源macclass-map嵌套源mac地址目的mac地址matchclass-map{map-name}matchsource-address{mac-address}matchdestination-address{mac-address}matchvlan{vlan-ID}matchipdscp{DSCP}matchipprecedencc{precedence}matchprotocol{protocol}Router(config)class-mapFOORouter(config-cmap)#match?access-groupanyAccessgroupAnypacketsclass-mapcosclass-mapcospriorityvaluesdestination-addressinput-interfaceipmplsvaluesnotprotocolqos-groupsource-address定義優(yōu)先級(jí)流量的帶寬以及突定義保留帶寬啟用WREDClassmapIEEE802.1Q/ISLclassofservice/userDestinationaddressSelectaninputinterfacetomatchIPspecificvaluesMultiProtocolLabelSwitchingspecificNegatethismatchresultProtocolQos-groupSourceaddress設(shè)置policy-mappolicy-map{policy-name}調(diào)用class-mapclass-map{map-name}設(shè)置標(biāo)記setipdscp{DSCP}setipprecedence{PRECEDENCE}setcos{COS}priority{Kbps|percentPERCENT}[bc]發(fā)流量bandwidth{Kbps|percentPERCENT}random-detectpolice{CIRBCBE}conform-action{action}exceed-action{action}[violated-action{action}]使用令牌桶限速queue-limit{PACKETS}定義隊(duì)列中數(shù)據(jù)報(bào)的最大個(gè)數(shù)service-policy{policy-name} 調(diào)用其它的策略進(jìn)行嵌套shape{average|peak}{CIR[BC][BE]} 整形drop在接口模式下調(diào)用policy-mapservice-policy[input|ouput]{POLICY-NAME}察看命令：showpolicy-map[policy-name]showpolicy-mapinterface[INTERFACE]showclass-map[class-name]showipnbarpdlmshowipnbarport-map顯示NBAR使用的協(xié)議到端口的映射NBAR應(yīng)用：使用限制：快速以太網(wǎng)信道隧道接口或加密的接口3.SVI（交換虛擬接口）撥號(hào)接口多鏈路PPP（MLP）使用前先要敲命令：ipcefclass-map{name}matchprotocol...ipnbarpdlmflash://bittorrent.pdlm加載bittorrent.pdlm到路由器閃存里（事先要把pdlm復(fù)制到flash中）matchprocotolhttpurl"*.jpeg|*.jpg"（匹配url中帶有jpeg和jpg的連接）matchprocotolhttpurl"*.gif"（匹配url中有g(shù)if的連接）擁塞管理WFQ：特點(diǎn)：基于流（5元素）分類，隊(duì)列數(shù)N可以配置出隊(duì)后按IP優(yōu)先級(jí)來(lái)分配帶寬，優(yōu)先級(jí)越低則帶寬越小在其它隊(duì)列空閑時(shí)搶占它們的帶寬，又有流量時(shí)歸還帶寬是低于2.048Mbps串行接口的默認(rèn)配置配置命令：接口模式下fair-queueshowqueueingfairshowqueue[interface]PQ:缺點(diǎn):1.只能靜態(tài)配置,不能適應(yīng)網(wǎng)絡(luò)拓?fù)涞淖兓?.不支持隧道接口3.要通過(guò)數(shù)據(jù)分類卡,比FIFO慢配置:定義優(yōu)先級(jí)隊(duì)列，可以基于協(xié)議和基于進(jìn)站接口基于協(xié)議?riority-list{list-number}protocol{PROTOCOL-NAME}{high|medium|normal|low}基于進(jìn)站接口?riority-list{list-number}interface{interface}{high|medium|normal|low}定義默認(rèn)優(yōu)先級(jí)隊(duì)列，未被分類的數(shù)據(jù)報(bào)被送到此處，默認(rèn)級(jí)別為normalpriority-list{list-number}default{high|medium|normal|low}定義每個(gè)隊(duì)列中數(shù)據(jù)報(bào)的個(gè)數(shù)，從高到低，默認(rèn)為20，40，60，80priority-list{list-number}queue-limit{high-limitmedium-limitnormal-limitlow-limit}把優(yōu)先級(jí)隊(duì)列運(yùn)用在接口上priority-group{list-number}察看命令:showqueue[interface]showqueueingpriorityRTP（RealTimeProtocol）支持端口號(hào)為偶數(shù)的udp報(bào)文可以進(jìn)行限速，超過(guò)的可丟棄，也可以配置帶寬，不會(huì)占用超出規(guī)定的帶寬命令：iprtppriority{starting-rtp-port-numberport-number-range}{bandwidth}max-reserved-bandwidthPERCENTshowqueue[interface]debugpriorityCRTP(壓縮實(shí)時(shí)協(xié)議)：用來(lái)壓縮ip/udp/rtp報(bào)頭壓縮分為三種：鏈路壓縮，有效負(fù)載壓縮，報(bào)頭壓縮二層報(bào)頭--tcp/ip報(bào)頭--有效負(fù)載鏈路壓縮：對(duì)整個(gè)分組進(jìn)行壓縮，包括報(bào)頭和有效負(fù)載。獨(dú)立于協(xié)議的。只適用于點(diǎn)到點(diǎn)鏈路。兩種算法：Predictor和STAC有效負(fù)載壓縮：只壓縮數(shù)據(jù)部分，對(duì)報(bào)頭沒(méi)有影響。適用于frame-relay或ATM網(wǎng)絡(luò)。tcp/ip報(bào)頭壓縮：針對(duì)協(xié)議的，適用于幾個(gè)字節(jié)數(shù)據(jù)的小型分組。配置：對(duì)HDLC,LAPB：compress[predictor|stac|mppc]對(duì)ppp：ipcompress[predictor|stac]對(duì)frame-relay點(diǎn)到點(diǎn)接口或子接口啟用stac壓縮：frame-relaypayload-compress啟用crtp：iprtpheader-compression[passive]若不啟用passive，則對(duì)所有RTP數(shù)據(jù)流壓縮；若啟用passive，則只有當(dāng)進(jìn)入端口的RTP分組被壓縮時(shí)，軟件才能對(duì)離開(kāi)該接口的RTP分組壓縮iprtpcompression-connections{NUMBER}更改CRTP壓縮的條數(shù)，默認(rèn)為16條啟用tcp報(bào)頭壓縮：iptcpheader-compression[passive]若沒(méi)有啟用passive,則必須指定關(guān)鍵字active，將對(duì)所有IP/UDP/RTP包頭進(jìn)行壓縮iptcpcompression-connections{NUMBER}frame-relay中的crtp：在物理接口上啟用CRTP，則在它的子接口上將繼承特性frame-relayiprtpheader-compression[passive]frame-relayiprtpcompression-connections{NUMBER}只針對(duì)特定的PVC啟用CRTP：frame-relaymapip{ip-address}{dlci}[broadcast]rtpheader-compression[active|passive][connectionsnumber]察看命令：showiprtpheader-compression[interface][detail]showframe-relayiprtpheader-compression[interface]WRR(weightedround-robin)一種隊(duì)列調(diào)度機(jī)制，根據(jù)每個(gè)出站隊(duì)列的權(quán)值來(lái)分配帶寬，權(quán)值與帶寬成正比僅當(dāng)發(fā)生擁塞時(shí)才會(huì)使用WRR，不擁塞時(shí)不會(huì)分配帶寬。步驟：全局啟用mlsqos進(jìn)入接口模式通過(guò)COS將數(shù)據(jù)報(bào)分配到不同的隊(duì)列中去。wrr-queuecos-mapQUEUE-IDTHROSHOLDCOS1...COSn它用于配置cos值到出站隊(duì)列的映射關(guān)系。對(duì)隊(duì)列進(jìn)行編號(hào)時(shí)，從低優(yōu)先級(jí)開(kāi)始，到嚴(yán)格優(yōu)先級(jí)結(jié)束。配置嚴(yán)格優(yōu)先級(jí)隊(duì)列：wrr-queuepriority-queue配置WRR隊(duì)列的權(quán)重wrr-queuebandwidthWEIGHT1WEIGHT2WEIGHT3WEIGHT4計(jì)算每個(gè)隊(duì)列的方法是：example：wrr-queuebandwith1234則帶寬:隊(duì)列1：權(quán)重1/總權(quán)重=1/10定義傳輸隊(duì)列長(zhǎng)度的比例，取值為1-100%wrr-queuequeue-limitLOW-PRIORITY-QUEUE-WEIGHTMEDIUM-PRIORITY-QUEUE-WEIGHTSHIGH-PRIORITY-QUEUE-WEIGHTS高優(yōu)先級(jí)隊(duì)列因?yàn)檠訒r(shí)小，數(shù)據(jù)量小，所以不需要太大的緩存區(qū)。往往將大部分緩沖區(qū)用于低優(yōu)先級(jí)隊(duì)列。擁塞避免尾丟棄對(duì)所有通信流平等對(duì)待，將導(dǎo)致TCP全局同步wrr-queuethresholdQUEUE-IDTHR1%100% THR1%是開(kāi)始丟棄通信流時(shí)輸出隊(duì)列的填滿程度，后面一個(gè)是100%是尾丟棄WREDWRED與RED的區(qū)別在于前者引入IP優(yōu)先權(quán)DSCP值來(lái)區(qū)別丟棄策略，可以為不同IP優(yōu)先級(jí)DSCP設(shè)定不同的隊(duì)列長(zhǎng)度、隊(duì)列閾值、丟棄概率。并且RED只對(duì)TCP流量有用通過(guò)對(duì)隊(duì)列數(shù)據(jù)流傳輸速度的平均值計(jì)算來(lái)決定是否丟棄，防止了對(duì)突發(fā)流量的不公平待遇。WRED和LLQ矛盾WRED往往和WRR一起使用。WRED可以在接口上進(jìn)行配置，也可以在policy上進(jìn)行配置，可以針對(duì)于precedence進(jìn)行RED，也可以針對(duì)于DSCP值進(jìn)行RED，當(dāng)然，兩者之間只能選擇一個(gè)?；贒SCPrandom-detectdscp-basedrandom-detectdscp{DSCP}{minmaxmark}基于ipprecedencerandom-detectrandom-detectprecedence{PRECEDENCE}{minmaxmark}WRED與WRR連用：wrr-queuerandom-detectmin-throsholdQUEUE-IDTHR1%[THR2%[THR3%...]]wrr-queuerandom-detectmax-throsholdQUEUE-IDTHR1%[THR2%[THR3%...]]min-throshold表示開(kāi)始丟棄某些數(shù)據(jù)包時(shí)的最大填滿程度max-throshold表示丟棄所有數(shù)據(jù)包時(shí)的最大填滿程度example:intG1/1wrr-queuebandwidth5075wrr-queuequeue-limit10050wrr-queuerandom-detectmin-throshold15070wrr-queuerandom-detectmax-throshold175100wrr-queuecos-map1102wrr-queuecos-map123wrr-queuecos-map214wrr-queuecos-map226priority-queuecos-map1157rcv-queuecos-map110switchport解釋：共有兩個(gè)隊(duì)列。當(dāng)隊(duì)列1的填滿程度達(dá)到50%和70%時(shí)，交換機(jī)分別對(duì)映射到閘值1和閘值2的數(shù)據(jù)包進(jìn)行WRED（即開(kāi)始丟棄），當(dāng)隊(duì)列1的填滿程度達(dá)到75%和100%時(shí)，交換機(jī)分別對(duì)映射到閘值1和閘值2的數(shù)據(jù)包全部丟棄。注意：隊(duì)列2沒(méi)有采取WRED?；诹鞯腤RED（WRED和WFQ結(jié)合起來(lái)使用）小的流丟棄的概率小，大的流丟棄的概率大，保護(hù)小的流。命令：?jiǎn)⒂没诹鞯腤RED。random-detectflow設(shè)置平均深度因素（averagedepthfactor）的值，值必須為2的幕，默認(rèn)值為可選:random-detectflowaverage-depth-factor{scaling-factor}這個(gè)參數(shù)是改變一個(gè)乘法的比例因數(shù).從而改變隊(duì)列的大小，其實(shí)就是改變隊(duì)列的長(zhǎng)度。3?設(shè)置基于流的WRED的數(shù)據(jù)流數(shù)目，默認(rèn)值為256random-detectflowcount{number}流量策略qos的流程：1.基于流或基于類的分類；2.結(jié)合令牌桶進(jìn)行policing或shaping（CAR或GTS）；3.擁塞避免（尾丟棄或WRED）；4.擁塞管理（各種隊(duì)列機(jī)制）；出隊(duì)。標(biāo)記在什么地方進(jìn)行？？（標(biāo)記可以在進(jìn)行CAR的時(shí)候進(jìn)行，CAR也可以進(jìn)行重新標(biāo)記）CAR（CommittedAccessRate）CAR通過(guò)使用令牌桶TC來(lái)進(jìn)行流量控制。分類后，不需要流控的流量直接繼續(xù)發(fā)送，而需要進(jìn)行流控的流量就要經(jīng)過(guò)令牌桶。只有當(dāng)令牌桶中有令牌時(shí)，相應(yīng)的流量才能通過(guò)。若沒(méi)有足夠的令牌，要么流量被直接丟棄（policing），要么緩存起來(lái)（shaping），等有了足夠的令牌后再發(fā)送出去。CAR還可以用來(lái)做mark或remark（即可以用來(lái)設(shè)置ip優(yōu)先級(jí)或重新設(shè)置ip優(yōu)先級(jí)）

CAR可以為不同類別的報(bào)文設(shè)置不同的流量特性和標(biāo)記特性，即可以對(duì)每個(gè)類進(jìn)行CAR。CAR的策略還可以串聯(lián)處理，比如先對(duì)總的流量進(jìn)行一次限速，然后再對(duì)各個(gè)類進(jìn)行小范圍的限速。CAR—般用在網(wǎng)絡(luò)邊界路由器上?？梢栽谝粋€(gè)接口上設(shè)置多個(gè)CAR策略，數(shù)據(jù)包依次和多個(gè)CAR策略匹配，若沒(méi)有匹配的，則默認(rèn)操作時(shí)轉(zhuǎn)發(fā)數(shù)據(jù)包。CAR的使用有以下限制：1.只能對(duì)IP流量限速；2.不支持fastEtherChannel;3.不支持隧道接口；4?不支持ISDNPRI接口。命令：rate-limit{output|input}{CIRBCBE}conform-action{action}exceed-action{action}注意：CIR單位是bit/s;而B(niǎo)C和BE的單位是byte/s。conform-action的條件是指當(dāng)要發(fā)的數(shù)據(jù)小于正常突發(fā)(be)的時(shí)候。exceed-action是指要發(fā)的數(shù)據(jù)大于普通突發(fā)，小于最大突發(fā)(be)的時(shí)候。action的選項(xiàng)共有如下這些：continuedroptranmsitset-prec-continue{precedence}action的選項(xiàng)共有如下這些：continuedroptranmsitset-prec-continue{precedence}語(yǔ)句set-prec-transmit{precedence}set-dscp-continue{dscp}set-dscp-transmit{dscp}繼續(xù)執(zhí)行下一條CAR語(yǔ)句丟棄數(shù)據(jù)包轉(zhuǎn)發(fā)數(shù)據(jù)包設(shè)置IP優(yōu)先級(jí)并繼續(xù)執(zhí)行下一條CAR設(shè)置IP優(yōu)先級(jí)并轉(zhuǎn)發(fā)數(shù)據(jù)包設(shè)置dscp值并繼續(xù)執(zhí)行下一條CAR語(yǔ)句設(shè)置dscp值并轉(zhuǎn)發(fā)數(shù)據(jù)包上面都是只能基于整個(gè)接口的流量進(jìn)行CAR，下面的可以分別針對(duì)某個(gè)流量或ipprecedence或dscp值或MAC地址進(jìn)行CAR擴(kuò)展的配置針對(duì)dscp值進(jìn)行CARrate-limit{output|input}[dscpDSCP]{CARBCBE}conform-action{action}exceed-action{action}針對(duì)ACL進(jìn)行CARrate-limit{output|input}access-group{ACLNUM}{CARBCBE}conform-action{action}exceed-action{action}針對(duì)限速ACL進(jìn)行CARrate-limit{output|input}access-grouprate-limit{ACLNUM}{CARBCBE}conform-action{action}exceed-action{action}限速ACL只是一種調(diào)用關(guān)系：access-listrate-limit{ACLNUM}{precedence|mac-address} 可以匹配優(yōu)先級(jí)，也可以匹配MAC地址察看命令：查看限速ACL：showaccess-listsrate-limit[ACL]查看接口的限速信息：showinterfaces[interface]rate-limitpolicymap中CAR操作police{CIRBCBE}conform-actio