CISCOOPENLAB

Thuy Nguyen

MQC classification using model
Introduce how to configure MQC model
MQC structure model is configured using the command, but was held in blocks (modules) provide the convenient configuration or troubleshooting. Further reduce the level of QoS features using MQC model is easy to provide maximum extension of the user when configuring QoS on a Cisco router.

There are three main commands used in the MQC model
Class-map command: used to classify the data traffic according to the user, can be used in conjunction with tools such as ACL or sorting mechanism using NBAR ...
Policy-map command: used to specify the behavior for each type of traffic has been classified, the behavior may simply classify the data, or marks may be used in other QoS mechanisms , noting that exists a kind of class-map configuration named class-default to classify all traffic not classified by the class-map before.
Service-policy command: This command is used to apply the policy-map configured on an interface, respectively, each interface / port only apply a policy-map towards the and / or facing.

Map:

Figure 76

In this lab, will guide the categorization of data used in configuring QoS using MQC model.

Implementation
Initial configuration of the system:

R1 configuration:

R1 # sh run
Building configuration ...

Current configuration: 1149 bytes
!
Version 4.12
!
hostname R1
!
!
CEF ip
!
ip dhcp pool 10
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 203.162.4.1 203.162.4.190 203.162.4.191
!
!
interface FastEthernet0 / 0
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0 / 1
ip address 10.10.20.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1/0
ip address 192.1.1.1 255.255.255.0
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.1.1.2
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
no login
!
end

R2 configuration

R2 # sh run
Building configuration ...

Current configuration: 1178 bytes
!
Version 4.12
!
hostname R2
!
CEF ip
!
interface FastEthernet0 / 0
ip address 20.20.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0 / 1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/1/0
ip address 192.1.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 10.10.0.0 255.255.0.0 192.1.1.1
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0 / 1 overload
!
access-list 1 permit 10.10.0.0 0.0.255.255
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
privilege level 15
logging synchronous
no login
!
scheduler cấp phát 20000 1000
!
end

Configuration on the device C2600-1:
c2600_1 # sh run
Building configuration ...

Current configuration: 832 bytes
!
Version 3.12
!
hostname c2600_1
!
ip subnet-zero
CEF ip
!
interface Ethernet0 / 0
ip address 10.10.10.2 255.255.255.0
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
voice-port 1/0/0
!
voice-port 1/0/1
!
dial-peer voice 1 pots
destination-pattern 1111
port 1/0/0
!
dial-peer voice 2 voip
destination-pattern 2222
session target ipv4: 20.20.20.2
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
no login
!
!
end

C2600_2 configured on the device:
c2600_2 # sh run
Building configuration ...

Current configuration: 854 bytes
!
Version 3.12
!
hostname c2600_2
!
ip subnet-zero
CEF ip
!
interface Ethernet0 / 0
ip address 20.20.20.2 255.255.255.0
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!
voice-port 1/0/0
!
voice-port 1/0/1
!
dial-peer voice 1 pots
destination-pattern 2222
port 1/0/0
!
dial-peer voice 2 voip
destination-pattern 1111
session target ipv4: 10.10.10.2
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
logging synchronous
no login
!
!
end

Step 1: Using ACL to select traffic

Select web traffic
R1 (config) # access-list 100 remark *** *** web traffic to port 80 <- note the use of ACL
R1 (config) # access-list 100 permit tcp any any eq 80
R1 (config) # access-list 100 permit tcp any any eq 80

Select TELNET traffic
R1 (config) # access-list 101 remark **** *** telnet
R1 (config) # access-list 101 permit tcp any any eq 23

Select ICMP traffic
R1 (config) # access-list 102 remark *** **** icmp echo request
R1 (config) # access-list 102 permit icmp any any echo?
echo echo-reply
R1 (config) # access-list 102 permit icmp any any echo

Class-map configured to select traffic from ACL tools:

Select web traffic
R1 (config) # class-map web
R1 (config-CMap) # match access-group 100
R1 (config-CMap) # exit

Select TELNET traffic
R1 (config) # class-map telnet
R1 (config-CMap) # match access-group 101
R1 (config-CMap) # exit

Select ICMP traffic
R1 (config) # class-map icmp
R1 (config-CMap) # match access-group 102
R1 (config-CMap) # exit
R1 (config) #

Show class-map command to check the configuration information

R1 # show class-map
!
class-map match-all telnet
match access-group 101
class-map match-all icmp
match access-group 102
class-map match-all web
match access-group 100

Check the configuration information about ACL

R1 # show run | include access-list
!
access-list 100 remark *** *** web traffic to port 80
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq www
access-list 101 remark **** *** telnet
access-list 101 permit tcp any any eq telnet
access-list 102 remark *** **** icmp echo request
access-list 102 permit icmp any any echo

Check the configuration information for policy-map

R1 # show policy-map
!
policy-map classify_ACL
Web class
telnet class
icmp class

Applied to port

R1 (config) # int s0/1/0
R1 (config-if) # service-policy output classify_ACL
R1 (config-if) #

Checking status information without sending the traffic through the system

R1 # sh policy-map interface s0/1/0
Serial0/1/0

Service-policy output: classify_ACL

Class-map: web (match-all)
0 packets, 0 bytes
5 minute rate 0 bps Offered
Match: access-group 100

Class-map: telnet (match-all)
0 packets, 0 bytes
5 minute rate 0 bps Offered
Match: access-group 101

Class-map: icmp (match-all)
0 packets, 0 bytes
5 minute rate 0 bps Offered
Match: access-group 102

Class-map: class-default (match-any) <<class class-default
2009 packets, 129196 bytes
Offered 5 minute rate 8000 bps, drop rate 0 bps
Match: any

Proceed to traffic runs through the web browser:

Implemented through the device telnet 20.20.20.2

Figure 77

Figure 78

R1 # sh policy-map interface s0/1/0
Serial0/1/0

Service-policy output: classify_ACL

Class-map: web (match-all)
5 packets, 681 bytes
5 minute rate 0 bps Offered
Match: access-group 100

Class-map: telnet (match-all)
15 packets, 709 bytes <<telnet traffic increases
5 minute rate 0 bps Offered
Match: access-group 101

Class-map: icmp (match-all)
0 packets, 0 bytes
5 minute rate 0 bps Offered
Match: access-group 102

Class-map: class-default (match-any)
4034 packets, 259712 bytes
Offered 5 minute rate 16000 bps, drop rate 0 bps
Match: any

Perform ping from PC to device package with 5 20.20.20.2

Figure 79

R1 # sh policy-map interface s0/1/0
Serial0/1/0

Service-policy output: classify_ACL

Class-map: web (match-all)
15 packets, 2043 bytes
5 minute rate 0 bps Offered
Match: access-group 100

Class-map: telnet (match-all)
70 packets, 3162 bytes
5 minute rate 0 bps Offered
Match: access-group 101

Class-map: icmp (match-all)
5 packets, 320 bytes <<icmp traffic increases
5 minute rate 0 bps Offered
Match: access-group 102

Class-map: class-default (match-any)
9832 packets, 633316 bytes
Offered 5 minute rate 25000 bps, drop rate 0 bps
Match: any
R1 #

Step 2: We can also classified based on DSCP value of packets

Requirements:
Delete the service-policy configured on the port before
To classify packets based on DSCP value EF

R1 # conf t
R1 (config) # class-map ef
R1 (config-CMap) # match ip DSCP EF <<classification based on DSCP value of ef
R1 (config-CMap) # exit

R1 (config) # policy-map classify_DSCP
R1 (config-pmap) # class ef
R1 (config-pmap) # exit
R1 (config) #

R1 (config) # int s0/1/0
R1 (config-if) # service-policy output classify_DSCP
R1 (config-if) #

R1 # sh policy-map
Policy-map classify_ACL
Web class
telnet class
icmp class

Map classify_DSCP Policy
Class ef

Check by ping 20.20.20.2 set DSCP value of ef

Check the information before running the ping packets

R1 # sh policy-map interface s0/1/0
Serial0/1/0

Service-policy output: classify_DSCP

Class-map: EF (match-all)
0 packets, 0 bytes <0 is the initial information
Offered 5 minute rate 20000 bps
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
1 packets, 340 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any
R1 #

Conducted four ping packets and set DSCP = EF value (10111000 = 184)

Figure 80

R1 # sh policy-map interface s0/1/0
Serial0/1/0

Service-policy output: classify_DSCP

Class-map: EF (match-all)
4 packets, 256 bytes <<numbers increase proportionally
Offered 5 minute rate 10000 bps
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
8 packets, 528 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Delete the configuration on the port and service-policy policy-map to prepare for the next lab.

Step 3: Use a logical match-all and match-any

In the case of using the command class-map default, this command will use the logical AND (match-all), ie if more than identical conditions, all conditions must be satisfied, users can also adjust this logic by adding the following keywords match-any class-map command. Match-any case, if there are more conditions than the class-map match will use OR logic to check, ie if more than duplicate the conditions if at least a satisfactory condition will be considered traffic class-map as agreed.

Check the ACL has been configured

R1 (config) # sh access-list by
Extended IP access list 100
10 permit tcp any any eq www (2304 matches)
20 permit tcp any any eq www
Extended IP access list 101
10 permit tcp any any eq telnet (72 matches)
Extended IP access list 102
10 permit icmp any any echo (5 matches)

Check the operation of the match-all principle by creating a class-map PING_AND_EF agreed the following two conditions: that icmp packets and DSCP = EF value

R1 (config) # class-map PING_AND_EF <<default is match-all
R1 (config-CMap) # match access-group 102
R1 (config-CMap) # match ip DSCP EF
R1 (config-CMap) # exit

General who create policy-map

R1 (config) # policy-map classify
R1 (config-pmap) # class PING_AND_EF
R1 (config-pmap-c) # exit
R1 (config-pmap) # end

Check the configuration

R1 # sh policy-map
Map classify Policy
Class PING_AND_EF

Applied to port

R1 # conf t
R1 (config) # int s0/1/0
R1 (config-if) # service-policy output classify
R1 (config-if) # end

Checking status information:

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: PING_AND_EF (match-all)
0 packets, 0 byte
5 minute rate 0 bps Offered
Match: access-group 102
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
1 packets, 24 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Perform ping 20.20.20.2 from pc to echo with 4 packages

Figure 81

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: PING_AND_EF (match-all)
0 packets, 0 bytes <<no value
5 minute rate 0 bps Offered
Match: access-group 102
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
29 packets, 2610 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Statistics do not show up because just the icmp echo packets, the DSCP value may be set to 0, class-map will not be classified this traffic.

Perform ping from pc to 20.20.20.2 with four echo packets and set DSCP with ef information, check the configuration:

Figure 82

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: PING_AND_EF (match-all)
4 packets, 256 bytes <<up to 4 packs
5 minute rate 0 bps Offered
Match: access-group 102
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
60 packets, 5669 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: PING_AND_EF (match-all)
4 packets, 256 bytes
5 minute rate 0 bps Offered
Match: access-group 102
Match: ip DSCP EF (46)

Class-map: class-default (match-any)
60 packets, 5669 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Packets have been counted or classified by the agreement all the matching conditions.

Step 4: Transfer to match any logic

Requirements:

Traffic classification is the EF DSCP value to be statistics or Telnet

Remove the old configuration

R1 # conf t
R1 (config) # int s0/1/0
R1 (config-if) # no service-policy output classify

ACL check

R1 # sh access-lists
Extended IP access list 100
10 permit tcp any any eq www (2304 matches)
20 any permit tcp any eq www
Extended IP access list 101
10 permit tcp any any eq telnet (72 matches)
Extended IP access list 102
10 permit icmp any any echo (13 matches)
R1 #

R1 (config) # policy-map
R1 (config) # class-map match-any TELNET_OR_EF
R1 (config-CMap) # match access-group 101
R1 (config-CMap) # match ip DSCP EF
R1 (config-CMap) # end

Tweaked new configuration
!
R1 # conf t
Enter configuration commands, one per line. End with CNTL / Z.
R1 (config) # policy-map
R1 (config) # policy-map classify
R1 (config-pmap) # no class PING_AND_EF
R1 (config-pmap) # class TELNET_OR_EF
R1 (config-pmap-c) # end
R1 # conf t
Enter configuration commands, one per line. End with CNTL / Z.
R1 (config) #
R1 (config) # int s0/1/0
R1 (config-if) # service-policy output classify
R1 (config-if) #

Check the configuration before proceeding to send traffic and see some

Delete the previous statistical information

R1 # clear counters
Clear "show interface" counters on all interfaces [confirm]

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: TELNET_OR_EF (match-any)
0 packets, 0 bytes <<Information in 0
5 minute rate 0 bps Offered
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip DSCP EF (46)
0 packets, 0 bytes
5 minute rate 0 bps

Class-map: class-default (match-any)
1 packets, 24 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Start sending traffic, carried 4 ping packets DSCP value EF

Figure 83

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: TELNET_OR_EF (match-any)
4 packets, 256 bytes <number increased because of the conditions agreed ef
5 minute rate 0 bps Offered
Match: access-group 101
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip DSCP EF (46)
4 packets, 256 bytes
5 minute rate 0 bps

Class-map: class-default (match-any)
11 packets, 1141 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

Then proceed to telnet 20.20.20.2

R1 # sh policy-map int s0/1/0
Serial0/1/0

Service-policy output: classify

Class-map: TELNET_OR_EF (match-any)
17 packets, 875 bytes <number increased because of the conditions agreed telnet
5 minute rate 0 bps Offered
Match: access-group 101
13 packets, 619 bytes
5 minute rate 0 bps
Match: ip DSCP EF (46)
4 packets, 256 bytes
5 minute rate 0 bps

Class-map: class-default (match-any)
25 packets, 2354 bytes
Offered 5 minute rate 0 bps, drop rate 0 bps
Match: any

CISCOOPENLAB

Search This Blog

Oct 23, 2010

MQC classification using model