QOS的模型:
Best-Effort Service 盡力而為服務模型
Integrated Service 綜合服務模型,簡稱Intserv
Differentiated Service 區分服務模型,簡稱Diffserv
我們在這主要讨論的是Diffserv,要提供區分服務的QOS,就必須先将資料分為不同的類别,或者将資料設定為不同的優先級。将資料分為不同的類别,稱為分類(classification),分類并不修改原來的資料包。将資料設定為不同的優先級稱為标記(marking),而标記會修改原來的資料包。分類和标記是實施QOS的前提,也是基礎。
QOS的流程:
<a target="_blank" href="http://blog.51cto.com/attachment/201104/101332930.png"></a>
Marking is the QOS feather component that colors a packet so it can be identified and distinguished from other packts in QOS treatment 也就是說為資料包打上顔色 以至于QOS可以把它和其他的包分别對待。
CLASSIFICATION:
incoming interface
ip precedence
DSCP
SOURCE dan destination
application
marking方法:
network layer :(基于資料包tos位)
link layer :
COS (ISL 802.1P)
MPLS EXP BIT
Frame relay DE bit
vlan
<a target="_blank" href="http://blog.51cto.com/attachment/201104/102901871.png"></a>
Inter-Switch Link (ISL)幀中,預留有1-byte的IEEE 802.1p字段,其中有3 bits可以标記CoS。
IEEE 802.1Q幀中,預留有2-byte字段,其中同樣隻有3 bits可以标記CoS,
而IEEE 802.1Q幀中,native VLAN是不能被标記的,因為沒有額外封裝。
CoS中由于隻有3 bit可以标記,是以隻能标記出0-7共8類資料,預設标為0,然而6和7是被保留的,是以隻有0-5共6類可供使用者标記使用。
幀中繼可丢棄名額符(DE)位 在幀中繼資料包中,有額外的一個字段可以用來訓示該資料包的優先級,這個字段被稱為可丢棄名額符Discard eligible (DE)位,預設為0,設定為1表示該資料不重要而優先被丢棄
af11 Match packets with AF11 dscp (001010) 分兩塊001 是1 010 是1
af12 Match packets with AF12 dscp (001100) 001 100 是2
af13 Match packets with AF13 dscp (001110)001 110 3
af21 Match packets with AF21 dscp (010010)010 2 010 1
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010) 在af41 af42 af43中af41的優先級最高
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000) 後三位全部置0相當于ip優先級
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)
ip 優先級 Precedence
<0-7> Precedence value
critical Set packets with critical precedence (5)
flash Set packets with flash precedence (3)
flash-override Set packets with flash override precedence (4)
immediate Set packets with immediate precedence (2)
internet Set packets with internetwork control precedence (6)
network Set packets with network control precedence (7)
priority Set packets with priority precedence (1)
routine Set packets with routine precedence (0)
我們可以設定ip precedence 或者DSCP 隻是分類方法的不同,标志不同的優先級,DSCP比ip precedence有更加細化了優先級類别,我們看下三者的聯系
<a target="_blank" href="http://blog.51cto.com/attachment/201104/103530958.png"></a>
分類基于 ACL NBAR
标記 :PBR CBMARKING
PBR 可以基于源ip 進行轉發,而路由轉發隻是基于目的ip進行轉發,看個例子
<a target="_blank" href="http://blog.51cto.com/attachment/201104/111438509.png"></a>
由于r4和r3之間是以太網鍊路預設r5的流量走r4到r2
我們在r3上做pbr讓r5的loopback0 5.5.5.5 走R1 loopback1 走r4
access-list 100 permit ip host 5.5.5.5 host 2.2.2.2
access-list 101 permit ip host 9.9.9.9 host 2.2.2.2
route-map PBR permit 10
match ip address 100
set interface Serial1/1
route-map PBR permit 20
match ip address 101
set ip next-hop 34.1.1.4
interface Serial1/3
ip address 35.1.1.3 255.255.255.0
ip policy route-map PBR
在r3開啟debug
*Mar 1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
r3#
*Mar 1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar 1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:22:59.287: fibidb->namestring: Serial1/1
*Mar 1 00:22:59.287: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar 1 00:22:59.287: adj 0x0, NULL
*Mar 1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2 (Serial1/1), len 100, FIB policy routed
*Mar 1 00:22:59.431: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar 1 00:22:59.431: fibidb->namestring: Serial1/1
*Mar 1 00:22:59.431: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar 1 00:22:59.431: adj 0x0, NULL
我們隻是設定了permit 10 和20 而r5的源流量
*Mar 1 00:21:42.731: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.851: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.919: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:42.975: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:21:43.015: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
總結:pbr在資料層面沒有permit正常轉發,而路由層(重分布)面直接deny
pbr打标記隻能基于入口,不能設定DSCP
r3(config)#route-map PBR permit 10
r3(config-route-map)#match ip add 101
r3(config-route-map)#set ip ?
address Specify IP address
default Set default information
df Set DF bit
next-hop Next hop address
precedence Set precedence field
qos-group Set QOS Group ID
tos Set type of service field
r3(config-route-map)#set ip tos ?
<0-15> Type of service value
max-reliability Set max reliable TOS (2)
max-throughput Set max throughput(吞吐量) TOS (4)
min-delay Set min delay TOS (8)
min-monetary-cost Set min monetary cost TOS (1)
normal Set normal TOS (0)
以上是手工指令行的形式打标記,我們還可以基于模版是的打标記就是MQC
ip access-list extended tel
permit tcp any any eq telnet
ip access-list extended www
permit tcp any any eq www
class-map match-all(預設) www class map 調用ACL what traffic do we care about
match access-group name www match all 一個class map 可能比對多個流量隻有都滿足才執行
class-map match-all tel
match access-group name tel
policy-map CBMARK polic map 調用class-map what will be done to this traffic
class tel
set dscp af11
class www
set dscp af41
interface FastEthernet0/0
service-policy input CBMARK 在接口下調用 (出入口都行)
Router# show policy-map int f0/0
本文轉自q狼的誘惑 51CTO部落格,原文連結:http://blog.51cto.com/liangrui/550434,如需轉載請自行聯系原作者