CCIE.pl

Wiadomość

badSector · #1

Witam,

Musze zaimplementowac QoS:

Zrodlo: 10.10.2.18
Protcols: CDS TCP:9093, SIP TCP:UDP:5060, RTP:UDP:51000-51499, TCP:65010
Zrodlo: 10.20.3.0/24, 10.20.4.0/24, 10.20.5.0/24
Protcols: SIP TCP:UDP:5070-5170, RTP:UDP:50000-50999, LDAP:TCP:UDP:712
Protcols: CDS TCP:9089,TCP:9091-9094
Link 1GB pomiedzy switchami

QoS na switch01

class-map match any VOICE-IN
match access-group 100
class-map match any VIDEO-IN
match access-group 101
class-map match any CDS-IN
match access-group 102
class-map match any LDAP-IN
match access-group 103

policy-map class-mark
class VOICE-IN
set ip dscp ef
class VIDEO-IN
set ip dscp af41
class CDS-IN
set ip dscp af31
class LDAP-IN
set ip dscp af21

int Po1
service-policy input class-mark

ip access-list extended 100
permit tcp host 10.10.2.18 10.20.3.0 0.0.0.255 range 5070 5170
permit tcp host 10.10.2.18 10.20.4.0 0.0.0.255 range 5070 5170
permit tcp host 10.10.2.18 10.20.5.0 0.0.0.255 range 5070 5170
permit udp host 10.10.2.18 10.20.3.0 0.0.0.255 range 5070 5170
permit udp host 10.10.2.18 10.20.4.0 0.0.0.255 range 5070 5170
permit udp host 10.10.2.18 10.20.5.0 0.0.0.255 range 5070 5170
ip access-list extended 101
permit udp host 10.10.2.18 10.20.2.0 0.0.0.255 range 50000 50999
permit udp host 10.10.2.18 10.20.3.0 0.0.0.255 range 50000 50999
permit udp host 10.10.2.18 10.20.4.0 0.0.0.255 range 50000 50999
permit udp host 10.10.2.18 10.20.5.0 0.0.0.255 range 50000 50999
ip access-list extended 102
permit tcp host 10.10.2.18 10.20.2.0 0.0.0.255 eq 9089
permit tcp host 10.10.2.18 10.20.3.0 0.0.0.255 eq 9089
permit tcp host 10.10.2.18 10.20.4.0 0.0.0.255 eq 9089
permit tcp host 10.10.2.18 10.20.5.0 0.0.0.255 eq 9089
permit tcp host 10.10.2.18 10.20.2.0 0.0.0.255 range 9091 9094
permit tcp host 10.10.2.18 10.20.3.0 0.0.0.255 range 9091 9094
permit tcp host 10.10.2.18 10.20.4.0 0.0.0.255 range 9091 9094
permit tcp host 10.10.2.18 10.20.5.0 0.0.0.255 range 9091 9094
ip access-list extended 103
permit tcp host 10.10.2.18 10.20.3.0 0.0.0.255 eq 712
permit tcp host 10.10.2.18 10.20.4.0 0.0.0.255 eq 712
permit tcp host 10.10.2.18 10.20.5.0 0.0.0.255 eq 712
permit udp host 10.10.2.18 10.20.3.0 0.0.0.255 eq 712
permit udp host 10.10.2.18 10.20.4.0 0.0.0.255 eq 712
permit udp host 10.10.2.18 10.20.5.0 0.0.0.255 eq 712

class-map VOICE-OUT
match ip dscp ef
class-map VIDEO-OUT
match ip dscp af41
class-map CDS-OUT
match ip dscp af31
class-map LDAP-OUT
match ip dscp af21

policy-map qos-policy
class VOICE-OUT
priority percent 10
class VIDEO-OUT
bandwidth remaining percent 10
class CDS-OUT
bandwidth remaining percent 10
class TCP65010-OUT
bandwidth remaining percent 10
class class-default
fair-queue

int gi1/0/1
service-policy output qos-policy

QoS na switch02:

ip access-list extended 100
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 5060
permit tcp 10.20.4.0 0.0.0.255 host 10.10.2.18 eq 5060
permit tcp 10.20.5.0 0.0.0.255 host 10.10.2.18 eq 5060
permit udp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 5060
permit udp 10.20.4.0 0.0.0.255 host 10.10.2.18 eq 5060
permit udp 10.20.5.0 0.0.0.255 host 10.10.2.18 eq 5060
ip access-list extended 101
permit udp 10.20.3.0 0.0.0.255 host 10.10.2.18 range 51000 51499
permit udp 10.20.4.0 0.0.0.255 host 10.10.2.18 range 51000 51499
permit udp 10.20.5.0 0.0.0.255 host 10.10.2.18 range 51000 51499
ip access-list extended 102
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 9093
permit tcp 10.20.4.0 0.0.0.255 host 10.10.2.18 eq 9093
permit tcp 10.20.5.0 0.0.0.255 host 10.10.2.18 eq 9093
permit udp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 9093
permit udp 10.20.4.0 0.0.0.255 host 10.10.2.18 eq 9093
permit udp 10.20.5.0 0.0.0.255 host 10.10.2.18 eq 9093
ip access-list extended 103
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 65010
permit tcp 10.20.4.0 0.0.0.255 host 10.10.2.18 eq 65010
permit tcp 10.20.5.0 0.0.0.255 host 10.10.2.18 eq 65010

class-map match any VOICE
match access-group 100
class-map match any VIDEO
match access-group 101
class-map match any CDS
match access-group 102
class-map match any TCP65010
match access-group 103

policy-map class-mark-policy
class VOICE
set ip dscp ef
priority percent 10
class VIDEO
set ip dscp af41
bandwidth remaining percent 10
class CDS
set ip dscp af31
bandwidth remaining percent 10
class TCP65010
set ip dscp af21
bandwidth remaining percent 10

int gi1/0/49
service-policy output qos-policy

Wiem ze nie ma marking na ingrees tylko wrzucilem wszystko na output.
Nie jestem pewiem czy moge zrobic ingrees na wielu portach tzn.
int gi1/0/49
service-policy input qos-policy
int gi1/0/50
service-policy input qos-policy
int gi1/0/51
service-policy input qos-policy
int gi1/0/52
service-policy input qos-policy

I wtedy zrobic tak jak na switch01 czyli osobno IN oraz osobno OUT??

badSector · #2

badSector pisze: Nie jestem pewiem czy moge zrobic ingrees na wielu portach tzn.
int gi1/0/49
service-policy input qos-policy
int gi1/0/50
service-policy input qos-policy
int gi1/0/51
service-policy input qos-policy
int gi1/0/52
service-policy input qos-policy

Mozna dziala spoko ale jest inny problem. To sa switche 3750 i nie ma priority ani badwidth w policy-map wiec ponizsza konfiguracja nie ma sensu:

policy-map qos-policy
class VOICE-OUT
priority percent 10
class VIDEO-OUT
bandwidth remaining percent 10
class CDS-OUT
bandwidth remaining percent 1
class TCP65010-OUT
bandwidth remaining percent 1
class class-default
fair-queue

Ktos ma pomysl jak to obejsc?

badSector · #3

Witam,

Troche mi to zajelo ale chyba znalazlem odpowiedz:
Wedlug dokumentacji:
On 3560/3750 priority queue is Q1
By default:
CoS 5 -> Queue 1
CoS 0 -> Queue 2
CoS 2/3 -> Queue 3
CoS 4/6/7 -> Queue 4

and

Drop preference IP Precedence
low | medium| high
Class 7 Reserved 7
Class 6 Reserved 6
Class 5 EF 5
Class 4 AF41 AF42 AF43 4
Class 3 AF31 AF32 AF33 3
Class 2 AF21 AF22 AF23 2
Class 1 AF11 AF12 AF13 1
Best effort 0 0

Czyli wymyslilem sobie tak:
-match ACL i mark jako dscp
-map cos do dscp
-priority na Q1 i bandwidth wedlug potrzeb

O czym zapomialem?

Kod: Zaznacz cały

QoS na switch01
ip access-list extended 100 
permit tcp host 10.10.2.18 10.20.3.0 0.0.0.255 range 5070 5170
ip access-list extended 101
permit udp host 10.10.2.18 10.20.2.0 0.0.0.255 range 50000 50999
ip access-list extended 102
permit tcp host 10.10.2.18 10.20.2.0 0.0.0.255 eq 9089

class-map match any VOICE-IN
match access-group 100
class-map match any VIDEO-IN
match access-group 101 
class-map match any CDS-LDAP-IN
match access-group 102

policy-map class-mark
class VOICE-IN
set ip dscp ef
class VIDEO-IN
set ip dscp af41
class CDS-LDAP-IN
set ip dscp af31

int Po1
service-policy input class-mark

mls qos
mls qos map cos-dscp 0 8 16 26 32 46 48 56

int gi1/0/1
priority-queue out
mls qos trust dscp
srr-queue badwidth share 10 68 2 10
auto qos voip trust

QoS na switch02:
ip access-list extended 100 
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 5060
ip access-list extended 101
permit udp 10.20.3.0 0.0.0.255 host 10.10.2.18 range 51000 51499
ip access-list extended 102
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 9093
permit tcp 10.20.3.0 0.0.0.255 host 10.10.2.18 eq 65010

policy-map class-mark
class VOICE-IN 
set ip dscp ef
class VIDEO-IN
set ip dscp af41
class CDS-TCP65010-IN
set ip dscp af31

int gi1/0/6
service-policy input class-mark
int gi1/0/34
service-policy input class-mark
int gi1/0/35
service-policy input class-mark
itd.........

mls qos
mls qos map cos-dscp 0 8 16 26 32 46 48 56

int gi1/0/49
priority-queue out
mls qos trust dscp
srr-queue badwidth share 10 68 2 10
auto qos voip trust

QoS

QoS

Re: QoS