Let's get straight to the point!
Type of flow and requirements
- Data (HTTP, FTP)
Its requirements are unique by application (often support delay and loss). In order to implement a quality QOS, you have to analyze the applications.
- Voice (VoIP)
In order to have a good audio call quality:
Delay – 150 ms max.
Jitter – 30 ms max.
Loss – 1% max.
Bandwidth – associated with the codec used, the signage is estimated at 150 b/s
Attention the voice is accompanied by the signaling so you will have to manage both streams.
- Video (Skype, Facetime, Streaming)
In order to have a good quality of video call:
Delay – 150 ms max.
Jitter – 30-50 ms
Loss – 0.1 – 1%
Bandwidth – irregular so plan 20% more than the basic one
Ok we have the criteria… That's cool!
But how do I know the protocols that are circulating on my network?
Analyzing his situation – NBAR – PDLM
It's not necessarily easy to analyze a situation already in place but for that there is the Network Based Application Recognition NBAR feature.
Depending on the CEF (to be checked at the beginning of sh run)
– Applies to an interface
— Provided statistics of 128 protocols (most used) of inbound and outbound traffic (packets, bytes, average bandwidth over 5 min.)
Setting up the feature R1 (config-if) ip nbar protocol-discovery Viewing statistics R1 show ip nbar protocol-discovery interface interface
Allow time for your feature to collect the amount of information needed to operate it (beneficial to a better QOS).
Your traffic may not be recorded by these 128 protocols (vision in the unknow box when NBAR controls the harvest). The nature of the file listing the protocols is Packet Description Language Module (PDLM). It can be updated (file to download surwww.cisco.com).
R1 show ip nbar version R1 show ip nbar pdlm
Only a PDLM file that is higher than the one in place will be able to replace it.
Now that I know what my criteria are going to be…
As the name suggests, we will classify our groups into class-maps that can be compared to folders.
Class-maps are the driving force behind the QOS, we will create them to color our flows, manage congestion or prevent it. These class-maps will be filled with one or more conditions (a bit like a program loop).
We can indicate from the beginning of the order whether we want all the conditions to be met or if only one of them will suffice.
All the conditions present must be respected: Router (config) - class-map match-all name One of the conditions present must be met: Router (config) - class-map match-any name
In the absence of a match-all or match-any equipment automatically implements a match-all.
Creation of the class-map C-fingerinthenet: Router (config) - class-map C-fingerinthenet Setting up a criterion via match control: Router (config-cmap) match
Once the folder is created (config-cmap), let's see the different possible criteria:
- Access-group follows the conditions of an access list;
- Protocol match directly the packages carrying the selected protocol;
- Input-interface: all packages from this interface;
- Destination-MAC-address: all packages with this address to MAC;
- Source MAC address: all packages with this address to MAC destination;
- Any: all packages;
- Class-map: you can nest the class-map (beware of the lack of legibility of the configuration);
- Different coloring: cos, ip dscp, ip precedence… (detailed in the "mark" section).
We can classify streams very precisely by involving multiple match commands in a class-map (one ACL and another match for example). If you don't remember too much about the possibilities of ACLS I invite you to read the Access-list article.
Example of the classification of https and https feeds from our mac server address F I N T:
We are obliged to create an ACL for the HTTPS protocol (not part of the possibilities of the match protocol command):
Creation of the ACL HTTPS: Router (config) ip access-list extended HTTPS Router (config-ext-nacl) - permit tcp host any eq 443 Allows packages from any IP source to any IP destination using port 443
First version with two separate class-map:
Creating the c-Serveur-HTTPS class-map (match-all by default): Router (config) - class-map C-Serveur-HTTPS Router (config-cmap) - match access-group name HTTPS Router (config-cmap) - source match-MAC-address F:I:N:T using port 443 ET who have F:I:N:T as MAC source address Creation of the class-map C-Serveur-HTTP: Router (config) - class-map C-Serveur-HTTP Router (config-cmap) - match protocol http Router (config-cmap) - source match-MAC-address F:I:N:T using the HTTP protocol (port 80) AND who have F:I:N:T as a source MAC address
Second version, not the simplest, but showing the possibility of nesting:
Creation of the class-map C-Prot-Serv: Router (config) - class-map match-any C-Prot-Serv Router (config-cmap) - match access-group name HTTPS Router (config-cmap) - match protocol http using port 443 OR using the HTTP protocol (port 80) Creation of the class-map C-Serveur: Router (config) - class-map C-Serveur Router (config-cmap) - source match-MAC-address F:I:N:T Router (config-cmap) - match class-map C-Prot-Serv have F:I:N:T as MAC source address ET that meet the requirements of the C-Prot-Serv
Some rules on the class-map before continuing:
By default the equipment applies a match-all
-256 class-map per maximum equipment
-maximum 40 characters for the class-map name
Our intention is to paint cars from our FINT server using HTTP and HTTPS protocols. We learned to sort cars (classification), now we have to choose the right color.
We need to create a policy-map strategy in which we go:
– affect class-map (identifies the right cars);
– use the set command to choose the paint to apply.
We will only address policy-maps, for the purpose of marking. We will talk about it in "congestion management."
Creating the fingerinthenet strategy: Router (config) - policy-map fingerthenet Router (config-pmap) - class C-Serveur Router (config-pmap-c) Involvement of the C-Serveur class-map in the strategy
The strategy is created, we have selected the cars (class-map),
now we're going to have to choose the color for these cars.
What is color? This is a change in the state of the specific field bits that are part of the layer 2 or layer 3 header.
The marking can be done in different headers of layer 2:
– cos: in the 802.1Q 3-bit frame;
– exp: in the 3-bit MPLS frame;
– from: in the Frame Relay frame on 1 bit;
– clp: marking in the ATM frame on 1 bit.
These markers will be preserved in their own network only (unless they set up a "class-map" that matches their coloring -criteria of the class-map a little higher- !!!!
We will focus on the marking of layer 3:
– Ip precedence: the 3-bit strong weight of the Type Of Service (ToS) field;
– DSCP (Differentiated Service Code Point): the 6-bit strong weight of the ToS field.
It's up to you to organize your marking, but I have some tips:
– CS7 – CS6: application on the exchange of routing protocols;
– Express Forwarding EF: application on VOIP streams;
– consistency: vis-à-vis your entire network.
We know what color is made of, we had stopped in the strategy after involving the class-map.
Example of dscp field change:
Router (config) - policy-map fingerthenet Router (config-pmap) - class C-Serveur Router (config-pmap-c) set ip dscp cs4 (or 32)
Application of the policy
We chose cars, color and prepare our painting workshops. We need to set up this coloring as close as possible to the services, which is the interface directly connected to my server.
Router (config) - fastEthernet interface 0/1 Router (config-if) - service-policy input fingerinthenet
Note the input, this means that all packages entering through this interface will be reviewed by the policy.
From this point on, the packages running through this strategy are considered "BA" AGREGATE BEHAVIOR.
To check it out:
Router sh policy-map
As can be seen in the image, we will have to install markings at each entrance and as close as possible to our services.
The classification and marking stage is over but it doesn't change the existing congestion… This was only the first step! Now we can:
- Manage congestion
- Doing congestion prevention.
Hoping you enjoyed this article!
Don't hesitate to let me know!!