In this lab, I don't apply proper QOS on CE routers except marking IPP bit.
We will consider only traffic flow direction from R5 towards R6.
We assume there is no congestion in the core, and there is no QOS configuration for the core network.
We will focus only on PE routers for this topic.
R1 Config
ip vrf one
rd 1:1
route-target export 1:1
route-target import 1:1
!
class-map match-all IPP1
match ip precedence 1
class-map match-all IPP3
match ip precedence 3
class-map match-all IPP5
match ip precedence 5
!
policy-map IPP-TO-EXP
class IPP5
set mpls experimental imposition 5
police 2000000 conform-action transmit exceed-action drop
class IPP3
set mpls experimental imposition 3
class IPP1
set mpls experimental imposition 1
policy-map PARENT-POLICY
class class-default
police 8000000 conform-action transmit exceed-action drop
service-policy IPP-TO-EXP
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip ospf 1 area 0
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.15.1 255.255.255.0
service-policy input PARENT-POLICY
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 1
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip route vrf one 5.5.5.5 255.255.255.255 192.168.15.5
ip route vrf one 5.5.5.51 255.255.255.255 192.168.15.5
ip route vrf one 5.5.5.52 255.255.255.255 192.168.15.5
R2 Config
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip ospf 1 area 0
mpls ip
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
ip ospf 1 area 0
mpls ip
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
R4 Config
ip vrf one
rd 1:1
route-target export 1:1
route-target import 1:1
!
class-map match-all IPP1
match ip precedence 1
class-map match-all IPP3
match ip precedence 3
class-map match-all IPP5
match ip precedence 5
!
policy-map TOWARDS-CE
class IPP5
priority 2000
police 2000000 conform-action transmit exceed-action drop
class IPP3
bandwidth 2000
class IPP1
bandwidth 3000
policy-map PARENT-POLICY
class class-default
shape average 8000000
service-policy TOWARDS-CE
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.34.4 255.255.255.0
ip ospf 1 area 0
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.46.4 255.255.255.0
service-policy output PARENT-POLICY
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute connected
no synchronization
exit-address-family
R5 Config
class-map match-all LOOPBACK2
match access-group name LOOPBACK2
class-map match-all LOOPBACK1
match access-group name LOOPBACK1
class-map match-all LOOPBACK0
match access-group name LOOPBACK0
!
policy-map MARK-IPP
class LOOPBACK0
set ip precedence 5
class LOOPBACK1
set ip precedence 3
class LOOPBACK2
set ip precedence 1
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 5.5.5.51 255.255.255.255
!
interface Loopback2
ip address 5.5.5.52 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.15.5 255.255.255.0
service-policy output MARK-IPP
!
ip route 0.0.0.0 0.0.0.0 192.168.15.1
!
ip access-list extended LOOPBACK0
permit ip host 5.5.5.5 any
ip access-list extended LOOPBACK1
permit ip host 5.5.5.51 any
ip access-list extended LOOPBACK2
permit ip host 5.5.5.52 any
R6 Config
interface FastEthernet0/0
ip address 192.168.46.6 255.255.255.0
ip access-group TEST in
!
ip route 0.0.0.0 0.0.0.0 192.168.46.4
!
ip access-list extended TEST
permit ip any any precedence routine
permit ip any any precedence priority
permit ip any any precedence immediate
permit ip any any precedence flash
permit ip any any precedence flash-override
permit ip any any precedence critical
permit ip any any precedence internet
permit ip any any precedence network
Verification
-When packets are transmitted from R5 towards R6, packets will be marked IPP bit accordingly as policy defined on R5. Once those packets enter MPLS network, ingress PE (R1) will mapped IPP to MPLS EXP bit and apply proper treatment as per SLA. In this configuration mode, egress PE(R4) will not modifed original IPP bit when it forwarding out to CE(R6), say, if R5 sends packets with IPP bit 3, R6 will receive packets with the same IPP bit. In order to test this, I created ACL and apply on R6 interface connecting to R4.
R5#show policy-map interface fastEthernet 0/0
FastEthernet0/0
Service-policy output: MARK-IPP
Class-map: LOOPBACK0 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name LOOPBACK0
QoS Set
precedence 5
Packets marked 0
Class-map: LOOPBACK1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name LOOPBACK1
QoS Set
precedence 3
Packets marked 0
Class-map: LOOPBACK2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name LOOPBACK2
QoS Set
precedence 1
Packets marked 0
Class-map: class-default (match-any)
52 packets, 5852 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
-So far we don't see hit counts on R6.
R6#show ip access-lists
Extended IP access list TEST
10 permit ip any any precedence routine
20 permit ip any any precedence priority
30 permit ip any any precedence immediate
40 permit ip any any precedence flash
50 permit ip any any precedence flash-override
60 permit ip any any precedence critical
70 permit ip any any precedence internet
80 permit ip any any precedence network
R5#ping 192.168.46.6 source loopback 0 repeat 1
Packet sent with a source address of 5.5.5.5
!
R5#ping 192.168.46.6 source loopback 1 repeat 2
Packet sent with a source address of 5.5.5.51
!!
R5#ping 192.168.46.6 source loopback 2 repeat 3
Packet sent with a source address of 5.5.5.52
!!!
-We will see that ACL hit counts on R6 is incrementing proportionally.
R6#show ip access-lists
Extended IP access list TEST
10 permit ip any any precedence routine
20 permit ip any any precedence priority (9 matches)
30 permit ip any any precedence immediate
40 permit ip any any precedence flash (6 matches)
50 permit ip any any precedence flash-override
60 permit ip any any precedence critical (3 matches)
70 permit ip any any precedence internet
80 permit ip any any precedence network
-Now let's check MPLS packets are marked and switched correctly in core network.
In order to test this, I captured the packets on the link between R1 and R2.
R5#ping 192.168.46.6 source loopback 1 repeat 2
!!
-On ingress PE(R1), I limit incoming traffic from CE router at 8M. Anything above 8M will be dropped. Within that 8M limit, I even control the IPP5 traffic not to go above 2M.
-On egress PE(R4), I shape the traffic up to 8M. Within that 8M queue, I give priority(latency guarantee) to IPP5 traffic and police at 2M. And also guarantee 2M and 3M to IPP3 and IPP1 streams accordingly.
Since this is gns3 lab, I can't test it to prove my config works as it is intended.
No comments:
Post a Comment