Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

qos10sg08

advertisement 
Modular QoS CLI
Classification
© 2001, Cisco Systems, Inc.
Objectives
Upon completing of this module, you will
be able to:
• Describe the classification part of the
Modular QoS CLI
• Describe and configure all currently
supported classification options within the
MQC
• Understand network-based application
recognition (NBAR)
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-2
Introduction to
Modular QoS CLI
© 2001, Cisco Systems, Inc.
QOS v1.0—8-3
Objectives
Upon completing this lesson, you will be
able to:
• Describe MQC concepts and structure
• Configure class maps
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-4
Modular QoS CLI
• The Modular QoS CLI (MQC) provides a
modular approach to configuration of QoS
mechanisms.
• Classification is configured separately from
the QoS service policy.
• MQC also provides modularity to
implementation of QoS mechanisms in the
Cisco IOS:
– New QoS mechanisms can reuse old classification
options.
– New QoS classification options can also be used
by older QoS mechanisms.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-5
Separation of Classification
Packet
© 2001, Cisco Systems, Inc.
Classification
Traffic Policy
Class 1?
CBWFQ
Class 2?
CBLLQ
Class N?
Class-Based
Policing
Interface
or
Forwarding
QOS v1.0—8-6
Class Maps
• Each class is identified using a class map.
• Each class map is identified by a
case-sensitive name.
• Class maps can operate in two modes:
–match-all–all conditions have to succeed
–match-any–at least one condition must
succeed
• The default mode is Match all.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-7
Classification Using Class Maps
Match all
conditions?
Match all
Class Map
name
Match
No
Match
Mode?
Match any
Yes
Match at
least one
condition?
© 2001, Cisco Systems, Inc.
Yes
No
No Match
QOS v1.0—8-8
Classification Using the match-all
Strategy
Class Map
name
Yes
No
More
Conditions?
Match
Match
Yes
Condition?
No
No Match
• match-all requires all conditions to return a
positive answer.
• If one condition is not met, the class map will
return a “no match” result.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-9
Classification Using the match-any
Strategy
Class Map
name
Match
Match
Yes
Condition?
No
More
Conditions?
No
No Match
Yes
• match-any requires at least one condition to
return a positive answer.
• If no condition is met, the class map will
return a “no match” result.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-10
Classification Options
The main classification options
include:
• Access list (all access lists are available)
• IP Precedence value
• IP DSCP value
• QoS group number
• MPLS experimental bits
• Protocol (including NBAR)
© 2001, Cisco Systems, Inc.
QOS v1.0—8-11
Other Classification Options
Other classification options include:
• Using another class map
• Frame Relay DE bit
• IEEE 802.1Q CoS or ISL priority values
• Input interface
• Source MAC address
• Destination MAC address
• RTP (UDP) port range
• Any packet
© 2001, Cisco Systems, Inc.
QOS v1.0—8-12
Configuring Class Maps
router(config)#
class-map [{match-all | match-any}] name
• Enter the class map configuration mode.
• Specify the matching strategy.
• match-all is the default matching strategy.
router(config-cmap)#
match condition
• Use at least one condition to match packets.
router(config-cmap)#
description description
• It is recommended to use descriptions in large and complex
configurations.
• The description has no operational meaning.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-13
Configuring Class Maps
router(config-cmap)#
rename new-name
• Complex class maps can easily be renamed by using
the rename class map command.
• All references to the class map are also renamed.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-14
Class Map Example
class-map match-any
match access-group
match access-group
class-map match-all
match access-group
match access-group
Test1
101
102
Test2
101
102
• This example illustrates how class maps are
configured.
• Class maps on their own have no function.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-15
Monitoring and Troubleshooting
Class Maps
router#
show class-map [class-map]
• Lists all class maps or the selected class map
Router#show class-map
Class Map match-all Test2 (id 0)
Match access-group 101
Match access-group 102
Class Map match-any Test1 (id 1)
Match access-group 101
Match access-group 102
Router#
© 2001, Cisco Systems, Inc.
QOS v1.0—8-16
Summary
Upon completing this lesson, you should
be able to:
• Describe MQC concepts and structure
• Configure class maps
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-17
Lesson Review
1. What are the benefits of the Modular QoS
CLI?
2. Which two matching strategies do class
maps support?
3. Which classification options do class maps
support?
© 2001, Cisco Systems, Inc.
QOS v1.0—8-18
Classification Options
© 2001, Cisco Systems, Inc.
QOS v1.0—8-19
Objectives
Upon completing this lesson, you will be able to :
•
•
•
•
•
•
•
•
•
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
Describe and configure classification
priority bits
• Describe and configure classification
any keyword
• Describe and configure classification
© 2001, Cisco Systems, Inc.
using access lists
using the IP Precedence
using the DSCP
using the QoS group
using the MPLS experimental bits
based on the input interface
based on the source MAC address
based on the destination MAC address
based on IEEE 802.1Q ISL CoS or ISL
using another class map, a negation or
based on the Frame Relay DE bit
QOS v1.0—8-20
Classification Using
Access Lists
• Access lists are the oldest classification tool
that has been used with QoS mechanisms.
• Class maps support all types of access lists
• Class maps are multiprotocol.
• Class maps can use named access lists and
numbered access lists (ranging from 1 to
2699) for all protocols.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-21
Configuring Classification Using
Access Lists
router(config-cmap)#
match access-group {number | name}
• Select an access list to be used for classification.
class-map Telnet
match access-group 100
!
class-map IPX_Printers
match access-group IPX_Printers
!
access-list 100 permit tcp any any eq 23
access-list 100 permit tcp any eq 23 any
!
ipx access-list sap IPX_Printers
permit -1 7
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-22
Configuring Classification Using
IP Precedence
router(config-cmap)#
match ip precedence precedence [prec [prec [prec]]]
• Select up to four IP Precedence values or names.
• All packets marked with one of the selected IP
precedence values are matched by this class map.
IP Precedence
Value
0
1
2
3
4
5
6
7
© 2001, Cisco Systems, Inc.
IP Precedence
Name
routine
priority
immediate
flash
flash-override
critical
internet
network
class-map
match ip
!
class-map
match ip
!
class-map
match ip
!
class-map
match ip
!
VoIP
precedence 5
Gold
precedence 3 4
Silver
precedence 1 2
Bronze
precedence routine
QOS v1.0—8-23
Configuring Classification Using
DSCP
router(config-cmap)#
match ip dscp dscp [dscp ...]
• Select up to eight DSCP values or names.
• All packets marked with one of the selected DSCP
values are matched by this class map.
DSCP
Value
DSCP Class
Name
DSCP
Value
DSCP Class
Name
0
1
2
3
4
5
6
7
46
default
cs1
cs2
cs3
cs4
cs5
cs6
cs7
ef
10
12
14
18
20
22
26
28
30
34
36
38
af11
af12
af13
af21
af22
af23
af31
af32
af33
af41
af42
af43
(000000)
(001000)
(010000)
(011000)
(100000)
(101000)
(110000)
(111000)
(101110)
© 2001, Cisco Systems, Inc.
(001010)
(001100)
(001110)
(010010)
(010100)
(010110)
(011010)
(011100)
(011110)
(100010)
(100100)
(100110)
QOS v1.0—8-24
Configuring Classification Using
DSCP (cont.)
class-map
match ip
!
class-map
match ip
!
class-map
match ip
!
class-map
match ip
!
class-map
match ip
!
© 2001, Cisco Systems, Inc.
Voice
dscp ef
Gold
dscp af11 af12 af13 cs3 cs4
Silver
dscp af21 af22 af23 cs1 cs2
Bronze
dscp af31 af32 af33
Best-effort
dscp default
QOS v1.0—8-25
Configuring Classification Using
QoS Group
router(config-cmap)#
match ip qos-group qos-group
• Select the QoS group identifying the class.
• Allowed values are from 0 to 99.
• All packets marked with the QoS group value are matched by
this class map.
• The QoS group is a parameter local to the router; it has to be
set by some other QoS mechanism (CAR, PBR, class-based
marking, class-based policing, QPPB).
class-map QoS1
match qos-group 1
!
class-map QoS2
match qos-group 2
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-26
Configuring Classification Using
MPLS Experimental Bits
router(config-cmap)#
match mpls experimental exp [exp ...]
• Select up to eight MPLS experimental values.
• Allowed values are from 0 to 7.
• All MPLS-labeled packets marked with the selected
MPLS experimental bits are matched by this class
map.
class-map MPLS1
match mpls experimental 3 4
!
class-map MPLS2
match mpls experimental 1 2
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-27
Configuring Classification Using
the Input Interface
router(config-cmap)#
match input-interface intf
• All packets received through the selected input
interface are matched by this class map
class-map match-any Ethernets
match input-interface Ethernet0/0
match input-interface Ethernet0/1
!
class-map match-any FastEthernets
match input-interface FastEthernet1/0
match input-interface FastEthernet1/1
!
class-map match-any Serials
match input-interface Serial2/0
match input-interface Serial2/1
match input-interface Serial2/2
match input-interface Serial2/3
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-28
Configuring Classification Using
MAC Addresses
router(config-cmap)#
match source-address mac mac-address
• Classifies packets based on the source MAC address
• This classification option can be used only on interfaces using MAC
addresses (e.g., Ethernet, FastEthernet)
router(config-cmap)#
match destination-address mac mac-address
• Classifies packets based on the destination MAC address
• This classification option can be used only on interfaces using MAC
addresses (e.g., Ethernet, Fast Ethernet)
class-map RTR1_dst
match destination-address mac 00f0.64e2.2860
!
class-map RTR2_src
match source-address mac 00f0.64e2.3321
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-29
Configuring Classification Using
802.1q COS or ISL Priority bits
router(config-cmap)#
match cos cos [cos [cos [cos ]]]
• Select up to four CoS/priority values.
• Allowed values are 0 to 7.
• This classification option can be used only on interfaces using
802.1Q or ISL encapsulation.
class-map Strict-priority
match cos 5
!
class-map High-priority
match cos 4 6 7
!
class-map Low-priority
match cos 0 1 2 3
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-30
Configuring Classification Using
Special Options
router(config-cmap)#
match not condition
• The not keyword inverts the condition.
router(config-cmap)#
match class-map class-map
• One class map can use another class map for classification.
• Nested class maps allow generic template class maps to be
used in other class maps.
router(config-cmap)#
match any
• The any keyword can be used to match all packets.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-31
Configuring Classification Using
Special Options (cont.)
class-map Well-known-services
match access-group 100
!
Class-map Unknown-services
match not class-map Well-known-services
!
Class-map All-services
match any
!
access-list 100 permit tcp any any lt 1024
access-list 100 permit tcp any lt 1024 any
© 2001, Cisco Systems, Inc.
QOS v1.0—8-32
Configuring Classification Using
the Frame Relay DE Bit
router(config-cmap)#
match fr-de
• Use this command to match all frames with the
Frame Relay DE bit set.
class-map FR_Out_of_Contract
match fr-de
!
class-map FR_Within_Contract
match not fr-de
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-33
Configuring Classification Using
a UDP Port Range
router(config-cmap)#
match ip rtp starting-port port-range
• Use this command to implement classification equal to IP RTP
Prioritization.
• All UDP packets with source or destination port numbers within the
specified range are matched.
• Range is between the starting-port (values from 2000 to 65535) and the
sum of the starting-port and the port-range (values from 0 to 16383).
• The command should be used in combination with class-based lowlatency queuing to implement IPRTP Prioritization using the Modular
QoS CLI.
class-map RTP
match ip rtp 16384 16383
!
© 2001, Cisco Systems, Inc.
QOS v1.0—8-34
Summary
Upon completing this lesson, you should be able to:
•
•
•
•
•
•
•
•
•
•
•
Describe and configure classification using access lists
Describe and configure classification using the IP Precedence
Describe and configure classification using the DSCP
Describe and configure classification using the QoS group
Describe and configure classification using the MPLS experimental
bits
Describe and configure classification based on the input interface
Describe and configure classification based on the source MAC
address
Describe and configure classification based on destination MAC
address
Describe and configure classification based on IEEE 802.1Q CoS or
ISL priority bits
Describe and configure classification using another class map, a
negation or any keyword
Describe and configure classification based on the Frame Relay DE bit
© 2001, Cisco Systems, Inc.
QOS v1.0—8-35
Lesson Review
1. Which classification options are available
using class maps?
2. What command is used to configure
classification?
© 2001, Cisco Systems, Inc.
QOS v1.0—8-36
Network Based
Application Recognition (NBAR)
© 2001, Cisco Systems, Inc.
QOS v1.0—8-37
Objectives
Upon completing this lesson, you will be
able to:
• Describe and configure NBAR
• Describe and configure classification of FTP
and TFTP
• Describe and configure complex
classification of HTTP sessions
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-38
Network-Based Application
Recognition (NBAR)
• The IntServ model uses RSVP to signal QoS
requirements, including application definition.
• The DiffServ model relies on the network to
recognize applications.
• Recognizing simple applications is possible
by matching on the static source or
destination TCP/UDP port numbers.
• Some applications use multiple sessions and
dynamic port numbers.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-39
NBAR Capabilities
• NBAR was introduced to enable recognition
of applications using dynamic port numbers
(e.g., FTP, Exchange, SQL*net)
• NBAR supports a number of applications
that use static port numbers (e.g.,Telnet)
• NBAR also allows recognition of sessions
based on higher-layer information (e.g., HTTP
by URL, host, or MIME, Citrix by application)
© 2001, Cisco Systems, Inc.
QOS v1.0—8-40
NBAR Support for Static
Protocols
• NBAR supports a number of applications
that are recognized based on a well-known
destination port number.
• Such applications were previously matched
by using extended IP access lists.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-41
NBAR Support for Dynamic
Protocols
• NBAR is primarily used to recognize
applications that use multiple sessions and
dynamic port numbers:
–Such applications usually start with a
control session on a well-known port
number.
–Additional ports are negotiated through the
control session.
• NBAR inspects the negotiation of additional
ports.
• Most of these applications could previously
not be matched by any mechanism.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-42
Packet Description Language
Modules
• An external Packet Description Language
Module (PDLM) can be loaded at run time to
extend the NBAR list of recognized
protocols.
• PDLMs can also be used to enhance an
existing protocol recognition capability.
• PDLMs allow NBAR to recognize new
protocols without requiring a new IOS image
or a router reload.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-43
Configuring NBAR
router(config-cmap)#
match protocol protocol
• Use the protocol keyword and the name of the
protocol to match.
• Static protocols are recognized based on the
well-known destination port number.
• Dynamic protocols are recognized by inspecting the
session.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-44
Configuring NBAR (cont.)
router(config)#
ip nbar pdlm pdlm-file
• Enter the location of the Packet Description Language
Module file to extend the NBAR capabilities of the
router.
• The file name is in the URL format
(e.g., flash://citrix.pdlm).
router(config)#
ip nbar port-map protocol {tcp | udp} new-port [new-port ...]
• Specify an additional port for a well-known protocol.
• Up to 16 additional port numbers can be specified.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-45
Configuring NBAR for HTTP
router(config-cmap)#
match protocol http url url
• Recognizes the HTTP GET packets containing the URL, and then
matches all packets that are part of the HTTP GET request
• Include only the portion of the URL following the address or host name
in the match statement
router(config-cmap)#
match protocol http host hostname
• Performs a regular expression match on the host field contents inside
an HTTP GET packet and classifies all packets from that host
router(config-cmap)#
match protocol http mime mime-type
• Select the mime-type to be matched
• Matches a packet containing the MIME type and all subsequent packets
until the next HTTP transaction
© 2001, Cisco Systems, Inc.
QOS v1.0—8-46
NBAR for FTP
Case Study
class-map FTP
match protocol ftp
class-map FTP
match protocol ftp
Open control session to well-known port 21
GET file; use port 1050
Open data session to negotiated port 1050
Sending file
• FTP control sessions can be recognized based on the wellknown port number 21.
• FTP data sessions may be recognized by the well-known
source port number 20.
• Not all implementations of FTP use port 20.
• NBAR recognizes FTP data sessions by inspecting the FTP
control session.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-47
NBAR for TFTP
Case Study
class-map FTP
match protocol tftp
class-map FTP
match protocol tftp
Send first packet to port 69, source port 1060
GET file
Send packet to port 1060, source port 1035
Sending file
Send packet to port 1035, source port 1060
Acknowledge
Send packet to port 1060, source port 1035
Sending file
• TFTP uses UDP for transport.
• The first packet uses a well-known destination port number 69
and a random source port (>1023).
• The receiver responds to the received source port and uses a
new source port for its packets (>1023).
• The session from then on uses those port numbers.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-48
NBAR for HTTP
Case Study #1
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http
Open HTTP session to port 80
GET page
Open HTTP session to port 8080
GET page
• HTTP is a static protocol using a well-known port
number 80.
• Some web servers are using HTTP on other ports.
• Use the ip nbar port-map command to inform the
router that other ports are also used for HTTP.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-49
NBAR for HTTP
Case Study #2
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http url *xxx.(jpg|gif)
Open HTTP session to port 80
GET /images/xxx.gif
Open HTTP session to port 8080
GET /images/xxx.jpg
• The class map matches all HTTP requests that contain either
xxx.gif or xxx.jpg.
• It does so on both ports 80 and 8080.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-50
NBAR for HTTP
Case Study #3
ip nbar port-map http tcp 80 8080
!
class-map HTTP
match protocol http mime *jpeg
Open HTTP session to port 80
GET /html/pictures.html
Open HTTP session to port 8080
GET /html/pictures.html
• The class map matches all HTTP requests containing a MIME
type that contains jpeg (e.g. image/jpeg).
• It does so on both ports 80 and 8080.
© 2001, Cisco Systems, Inc.
QOS v1.0—8-51
Summary
Upon completing this lesson, you should
be able to:
• Describe and configure NBAR
• Describe and configure classification of FTP
and TFTP
• Describe and configure complex
classification of HTTP sessions
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-52
Lesson Review
1. What is NBAR used for?
2. What types of applications can NBAR recognize?
3. How can support for recognizing new applications
be included into existing IOS versions?
4. What additional classification options are available
for HTTP?
5. Which special characters are available with regular
expressions for matching HTTP flows?
© 2001, Cisco Systems, Inc.
QOS v1.0—8-53
Module Summary
Upon completing this module, you should
be able to:
• Describe the classification part of the Modular
QoS CLI
• Describe and configure all currently supported
classification options within the MQC
• Describe and configure network-based
application recognition (NBAR)
• Monitor and troubleshoot class maps
© 2001, Cisco Systems, Inc.
QOS v1.0—8-54
© 2001, Cisco Systems, Inc.
IP QoS - Modular QoS CLI Classification-55
Related documents
Errata for Designing for Cisco Internetwork Solutions
Errata for Designing for Cisco Internetwork Solutions
Cisco Catalyst® QoS: Quality of Service in Campus
Cisco Catalyst® QoS: Quality of Service in Campus
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
The system shall support an arbitrary set variety of traffic classes that
The system shall support an arbitrary set variety of traffic classes that
Cisco 2611 Router
Cisco 2611 Router
ppt
ppt
10.2.1.2 Worksheet - Answer Security Policy
10.2.1.2 Worksheet - Answer Security Policy
Download
advertisement