一般的QoS配置不外乎四個步驟:
1,設置ACL匹配應用流量;
2,設置class-map匹配相應ACL或者相應端口等等,不過一般式匹配ACL;
3,設置policy-map匹配class-map,然後定一規則動作;
4,將policy-map綁定到相應的接口上。
1,設置ACL匹配應用流量;
2,設置class-map匹配相應ACL或者相應端口等等,不過一般式匹配ACL;
3,設置policy-map匹配class-map,然後定一規則動作;
4,將policy-map綁定到相應的接口上。
下面使用一個比較典型的案例來說明QoS的配置步驟:
需求:路徑帶寬爲622Mbps,四種應用流量,需要保證如下幾點:
流量1,某一具體應用流量,永遠優先傳輸,最小帶寬保證爲365Mbps;
流量2,某一具體應用流量,次優先傳輸,最小帶寬保證爲200Mbps;
流量3,此爲業務流量,保證在1和2後的其餘帶寬下傳輸即可;
流量4,某一具體應用流量,保證在123流量外的帶寬下傳輸即可。
流量1,某一具體應用流量,永遠優先傳輸,最小帶寬保證爲365Mbps;
流量2,某一具體應用流量,次優先傳輸,最小帶寬保證爲200Mbps;
流量3,此爲業務流量,保證在1和2後的其餘帶寬下傳輸即可;
流量4,某一具體應用流量,保證在123流量外的帶寬下傳輸即可。
具體配置如下:
第一步,定義ACL匹配應用流量:
ip access-list extended tra1_acl
permit tcp 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.255 eq 8818
ip access-list extended tra2_acl
permit tcp 1.1.3.0 0.0.0.255 1.1.4.0 0.0.0.255 eq 901
ip access-list extended tra4_acl
permit ip 1.1.5.0 0.0.0.255 1.1.6.0 0.0.0.255
第二步,定義class-map匹配相關ACL:
class-map match-all tra1_cmap
match access-group name tra1_acl
class-map match-all tra2_cmap
match access-group name tra2_acl
class-map match-all tra4_cmap
match access-group name tra4_acl
第三步,定義policy-map:
policy-map tra_pmap
class tra1_cmap
set precedence 5
plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
bandwitch 365000
class tra2_cmap
set precedence 4
policy cir 200000000 bc 30000000 be 33000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
class tra4_cmap
set precedence 1
class class-default
set precedence 2
第四步,綁定policy-map於相應的接口:
int pos1/0/0
service-policy output tra_pmap
至此,配置完畢。
第一步,定義ACL匹配應用流量:
ip access-list extended tra1_acl
permit tcp 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.255 eq 8818
ip access-list extended tra2_acl
permit tcp 1.1.3.0 0.0.0.255 1.1.4.0 0.0.0.255 eq 901
ip access-list extended tra4_acl
permit ip 1.1.5.0 0.0.0.255 1.1.6.0 0.0.0.255
第二步,定義class-map匹配相關ACL:
class-map match-all tra1_cmap
match access-group name tra1_acl
class-map match-all tra2_cmap
match access-group name tra2_acl
class-map match-all tra4_cmap
match access-group name tra4_acl
第三步,定義policy-map:
policy-map tra_pmap
class tra1_cmap
set precedence 5
plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
bandwitch 365000
class tra2_cmap
set precedence 4
policy cir 200000000 bc 30000000 be 33000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
class tra4_cmap
set precedence 1
class class-default
set precedence 2
第四步,綁定policy-map於相應的接口:
int pos1/0/0
service-policy output tra_pmap
至此,配置完畢。
通過命令查看policy-map的匹配情況:
switch-a#sh policy-map interface pos1/0/0
POS1/0/0
switch-a#sh policy-map interface pos1/0/0
POS1/0/0
Service-policy output: tra_map
Class-map: tra1_cmap (match-all)
66639423781 packets, 74849682635166 bytes
30 second offered rate 260369000 bps, drop rate 0 bps //匹配此class-map的流量速率
Match: access-group name tra1_acl
Queueing
queue limit 91250 (packets)
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts queued/bytes queued) 66639405294/74849695040832
QoS Set
ip precedence 5
Packets marked 66639423781
police:
cir 365000000 bps, bc 45000000 bytes, be 50000000 bytes //注意cir、bc和be的單位
conformed 66191701966 packets, 74341131469597 bytes; action: transmit
exceeded 218369922 packets, 232627302399 bytes; action: set-prec-transmit 4
violated 229208950 packets, 275718927918 bytes; action: set-prec-transmit 3
conformed 256761000 bps, exceed 1656000 bps, violate 1939000 bps //每個action的流量速率,注意這三個值總和應該大致等於上面的總速率;
bandwidth 365000 kbps
66639423781 packets, 74849682635166 bytes
30 second offered rate 260369000 bps, drop rate 0 bps //匹配此class-map的流量速率
Match: access-group name tra1_acl
Queueing
queue limit 91250 (packets)
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts queued/bytes queued) 66639405294/74849695040832
QoS Set
ip precedence 5
Packets marked 66639423781
police:
cir 365000000 bps, bc 45000000 bytes, be 50000000 bytes //注意cir、bc和be的單位
conformed 66191701966 packets, 74341131469597 bytes; action: transmit
exceeded 218369922 packets, 232627302399 bytes; action: set-prec-transmit 4
violated 229208950 packets, 275718927918 bytes; action: set-prec-transmit 3
conformed 256761000 bps, exceed 1656000 bps, violate 1939000 bps //每個action的流量速率,注意這三個值總和應該大致等於上面的總速率;
bandwidth 365000 kbps
Class-map: tra2_cmap (match-all)
11315788699 packets, 7283900643868 bytes
30 second offered rate 10753000 bps, drop rate 0 bps
Match: access-group tra2_acl
Queueing
queue limit 50000 (packets)
(queue depth/total drops/no-buffer drops) 1/0/0
(pkts queued/bytes queued) 11315783713/7283897663316
QoS Set
ip precedence 4
Packets marked 11315788699
police:
cir 200000000 bps, bc 30000000 bytes, be 33000000 bytes
conformed 11315784826 packets, 7283898283723 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-prec-transmit 3
violated 0 packets, 0 bytes; action: set-prec-transmit 2
conformed 10753000 bps, exceed 0 bps, violate 0 bps
bandwidth 200000 kbps
11315788699 packets, 7283900643868 bytes
30 second offered rate 10753000 bps, drop rate 0 bps
Match: access-group tra2_acl
Queueing
queue limit 50000 (packets)
(queue depth/total drops/no-buffer drops) 1/0/0
(pkts queued/bytes queued) 11315783713/7283897663316
QoS Set
ip precedence 4
Packets marked 11315788699
police:
cir 200000000 bps, bc 30000000 bytes, be 33000000 bytes
conformed 11315784826 packets, 7283898283723 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-prec-transmit 3
violated 0 packets, 0 bytes; action: set-prec-transmit 2
conformed 10753000 bps, exceed 0 bps, violate 0 bps
bandwidth 200000 kbps
Class-map: tra4_cmap (match-all)
1751296887 packets, 2633425803184 bytes
30 second offered rate 149000 bps, drop rate 0 bps
Match: access-group name tra4_acl
QoS Set
ip precedence 1
Packets marked 1751296887
1751296887 packets, 2633425803184 bytes
30 second offered rate 149000 bps, drop rate 0 bps
Match: access-group name tra4_acl
QoS Set
ip precedence 1
Packets marked 1751296887
Class-map: class-default (match-any)
22956539608 packets, 17721898306471 bytes
30 second offered rate 196094000 bps, drop rate 528000 bps
Match: any
queue limit 14250 (packets)
(queue depth/total drops/no-buffer drops) 0/9004701/0
(pkts queued/bytes queued) 24700897941/20350618920708
QoS Set
ip precedence 2
Packets marked 22958504481
switch-a#
22956539608 packets, 17721898306471 bytes
30 second offered rate 196094000 bps, drop rate 528000 bps
Match: any
queue limit 14250 (packets)
(queue depth/total drops/no-buffer drops) 0/9004701/0
(pkts queued/bytes queued) 24700897941/20350618920708
QoS Set
ip precedence 2
Packets marked 22958504481
switch-a#
必要命令解釋:
plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
cir爲承諾的帶寬速率,即需要保證的帶寬速率,單位爲bps;
bc爲普通突發,單位爲bytes;
be爲最高突發,單位爲bytes;
set-prec-transmit,表示設置IP優先級並轉發數據包;
上面整體命令解釋爲:承諾帶寬365Mbps,普通突發爲450Mbps,最高突發爲500Mbps。當速率小於450Mbps是轉發數據包,當超過450Mbps小於500Mbps是重寫IP優先級爲3並轉發數據包,當超過500Mbps是重寫IP優先級爲2並轉發數據包。
plicy cir 365000000 bc 45000000 be 50000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
cir爲承諾的帶寬速率,即需要保證的帶寬速率,單位爲bps;
bc爲普通突發,單位爲bytes;
be爲最高突發,單位爲bytes;
set-prec-transmit,表示設置IP優先級並轉發數據包;
上面整體命令解釋爲:承諾帶寬365Mbps,普通突發爲450Mbps,最高突發爲500Mbps。當速率小於450Mbps是轉發數據包,當超過450Mbps小於500Mbps是重寫IP優先級爲3並轉發數據包,當超過500Mbps是重寫IP優先級爲2並轉發數據包。