Wednesday, February 15, 2012

QOS MQC

MQC
----


The MQC as previously posted is command line interface that allows multiple QOS methods per
interface direction


The first step in the mqc is to classify your traffic
Using class map and match commands when you specify the class map the defaul is match all
so all paramaters or matches must match inorder for it to classified in that class we can
match on alot of things i have provided some samples below


Class-map xyz
match access-group
match source-address mac
match destination-address mac
match input-inteface
match ip dscp/ip prec

A popular method is using nbar. NBAR is Network Based Application recognition. This is tool
that will inspect not just port numbers but actual packet formats etc to make match. So for
example if someone was trying to telnet over port 80 NBAR would not see this as a match as it
it does have the correct port but not the correct packet format. It inspect the packet.

Some of NBAR applications have not fully been implemented in this way and will only match port

You can do advance things with NBAR match inside http packets urls etc

match protocol http url host www.cisco.com

this would match all traffic to cisco.com by looking inside the http packets inspecting for
the string cisco.com


we can use this to match protocols for classifying in qos using

match protocol http/citrix/exchange

NBAR can also used to collect stats in regard to the network we can enable interfaces

int fa0/1
ip nbar protocol-discovery

it will keep stats on traffic coming in and out of the interface

we can view the stats with

sh ip nbar protocol discovery

NBAR has a list of ports to applications for example http = port 80

to view this list we can use the command

sh ip nbar port-map

if we want to edit we can so for example we use custom port for http 80 and 8080

we can add this with

ip nbar port-map http tcp 80 8080


Once our traffic is defined the second stage of MQC is to apply the policy so what we want to do with the traffic this will be
covered in alot more detail on other topics in QOS but an example

Policy-map TEST
class "configured classmap"
fair-que

so this is saying for the class we will use fair queing method so policy map brings the class togther with an action


the last stage is to apply the policy map to the interface this can be on inbound or outbound direction depending what we want
to achieve. For example traffic shaping can not be put inbound for logically reason it would be impossible to shape traffic
before it gets to you.

to apply a policy

int fa0/0


LAB
---

OK for the lab we will look a applying just a default policy for http using nbar we wont do anything to the traffic


r4>>>>r5>>>>>s2

So r4 http server while s2 is going to download from the http server and r5 will be in the transit so we will set up MQC on that


r5
===

First step of MQC is to create the class map i will create a class map http

r5(config)#class-map HTTP
r5(config-cmap)#match ?
  access-group         Access group
  any                  Any packets
  class-map            Class map
  cos                  IEEE 802.1Q/ISL class of service/user priority values
  destination-address  Destination address
  discard-class        Discard behavior identifier
  dscp                 Match DSCP in IP(v4) and IPv6 packets
  flow                 Flow based QoS parameters
  fr-de                Match on Frame-relay DE bit
  fr-dlci              Match on fr-dlci
  input-interface      Select an input interface to match
  ip                   IP specific values
  mpls                 Multi Protocol Label Switching specific values
  not                  Negate this match result
  packet               Layer 3 Packet length
  precedence           Match Precedence in IP(v4) and IPv6 packets
  protocol             Protocol
  qos-group            Qos-group
  source-address       Source address
  vlan                 VLANs to match


r5(config-cmap)#match protocol http

in the class map we will match http

r5#sh ip nbar port-map HTTP
port-map http                     tcp 80
r5#


2nd Step of MQC is to create a policy-map typically for the actions we are going use it to bring in our class map ready to apply to the interface


r5(config)#policy-map WEB
r5(config-pmap)#class HTTP
r5(config-pmap-c)#exit
r5(config-pmap)#


Last step of MQC is to apply to the interface

r5(config-if)#int fa0/0
r5(config-if)#service-policy input WEB
r5(config-if)#


ok so we have the input direction the matching of http


r5#sh policy-map int
 FastEthernet0/0

  Service-policy input: WEB

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps
      Match: protocol http

    Class-map: class-default (match-any)
      15 packets, 1084 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
r5#


we can see here the class-default is picking our eigrp packets


We can also put nbar on interface to get stats

r5(config)#int fa0/0
r5(config-if)#ip nbar protocol-discovery
r5(config-if)#

r5#sh ip nbar protocol-discovery

 FastEthernet0/0
                            Input                    Output
                            -----                    ------
   Protocol                 Packet Count             Packet Count
                            Byte Count               Byte Count
                            5min Bit Rate (bps)      5min Bit Rate (bps)
                            5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
   ------------------------ ------------------------ ------------------------
   eigrp                    14                       7
                            1036                     518
                            0                        0
                            0                        0
   bgp                      0                        0




r4
---

we will setup the http server and the default http directory to be flash

r4(config)#ip http server
r4(config)#ip http path flash:
r4(config)#


we will create a new username for connecting called cisco and give it privilige 15

r4(config)#username cisco password cisco
r4(config)#username cisco priv 15
r4(config)#



s2
---
OK on s2 we can test the http connectivity by telnetting to port 80 on r4

s2#telnet 4.4.4.4 80
Trying 4.4.4.4, 80 ... Open


This telnet on port 80 did not get picked up by the class map


r5
---

r5#sh policy-map int
 FastEthernet0/0

  Service-policy input: WEB

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps
      Match: protocol http

    Class-map: class-default (match-any)
      117 packets, 8075 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
r5#



S2
===

s2#copy http://cisco:cisco@4.4.4.4/c1841-adventerprisek9-mz.124-9.T1.bin null:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


so i am connecting to r4 and downloading it ios over http the null: means do not save it anywhere


r5
---

we can see on r5 our class map http is being matched

r5#sh policy-map int
 FastEthernet0/0

  Service-policy input: WEB

    Class-map: HTTP (match-all)
      69738 packets, 4184644 bytes
      5 minute offered rate 113000 bps
      Match: protocol http

    Class-map: class-default (match-any)
      242 packets, 16849 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
r5#

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)