IPtelQos-Kursupplägg

From Datateknik
(Difference between revisions)
Jump to: navigation, search
(Youtube)
(Marking DSCP --> WIRESHARK)
 
(2 intermediate revisions by one user not shown)
Line 57: Line 57:
 
*: Playlist for above: https://www.youtube.com/playlist?list=PLsSvaKt4QA1YyMrSMknEmsVMFI_H0EHKd
 
*: Playlist for above: https://www.youtube.com/playlist?list=PLsSvaKt4QA1YyMrSMknEmsVMFI_H0EHKd
 
== NetFlow ==
 
== NetFlow ==
* https://evilttl.com/wiki/NetFlow
+
* BÄST - https://evilttl.com/wiki/NetFlow
*
+
* https://packetpushers.net/podcast/pq-show-75-talking-network-analytics-telemetry/
 +
* TSHOOT: https://packetpushers.net/analyzing-netflow-details-go-beyond-ddos-detection/
 +
* Funny story: https://packetpushers.net/tag/netflow/
 +
* Kentik explains Netflow: https://www.kentik.com/netflow-guide-types-of-network-flow-analysis/
 +
* ej utvärderad programvara: https://www.flowmon.com/en/solutions/use-case/netflow-ipfix?gclid=EAIaIQobChMIx9mi_aah3gIVFYuyCh0oJwmPEAMYAiAAEgJEdvD_BwE
  
 
= LABORATIONER =
 
= LABORATIONER =
 
== Marking DSCP --> WIRESHARK ==
 
== Marking DSCP --> WIRESHARK ==
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/qos/configuration_guide/b_qos_3se_3650_cg/b_qos_3se_3650_cg_chapter_010.html#d3592e17399a1635
 
  
<font size=-3>
+
see http://catch-up.cnap.hv.se/wiki/index.php/QoS_Marking_and_Monitoring
<pre>
+
Building configuration...
+
 
+
Current configuration : 8430 bytes
+
!
+
! Last configuration change at 09:32:05 UTC Mon Oct 22 2018
+
!
+
version 16.6
+
no service pad
+
service timestamps debug datetime msec
+
service timestamps log datetime msec
+
service compress-config
+
no platform punt-keepalive disable-kernel-core
+
!
+
hostname SwirreEtta
+
!
+
!
+
vrf definition Mgmt-vrf
+
!
+
address-family ipv4
+
exit-address-family
+
!
+
address-family ipv6
+
exit-address-family
+
!
+
!
+
no aaa new-model
+
boot system switch all flash:cat3k_caa-universalk9.16.06.04.SPA.bin
+
switch 1 provision ws-c3650-24ps
+
!
+
!
+
!
+
!
+
ip routing
+
!
+
no ip domain lookup
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
crypto pki trustpoint TP-self-signed-1320644307
+
enrollment selfsigned
+
subject-name cn=IOS-Self-Signed-Certificate-1320644307
+
revocation-check none
+
rsakeypair TP-self-signed-1320644307
+
!
+
!
+
crypto pki certificate chain TP-self-signed-1320644307
+
certificate self-signed 01
+
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
+
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
+
  69666963 6174652D 31333230 36343433 3037301E 170D3138 31303232 30393138
+
  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
+
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33323036
+
  34343330 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
+
  0A028201 0100B751 80556E5C F3D51CF4 62643C60 B1E61FBE E171EDEC 086F3F00
+
  016C1EF9 B748AACE 74826405 5E99E0CA 03069FC1 BCF6DBAA 7B5658D3 72BD370B
+
  FC01F877 34DE012D AAFB1B11 43FF83FB 904DC46D 8A693DBB 8F62411B 32A8710F
+
  8287E2FF DA6BCDAB 62D61D8F 40A011EC 0E02225E 8D0859E5 A04D6906 2C3654EE
+
  6D0F9DF5 3D07EDDD 26808E15 06371449 DA62796D 28C011E5 6ABD7E7A E87D96FA
+
  999282E9 BDB08CC7 5B851C9E B391DBAF F855965C EB2E4577 0C872EDD 63A5BD2A
+
  78483E7E 0EEE10C9 0D511C8D 1B47FF17 EB5986AE 9C937715 F75C948B 552B85A4
+
  8EEABA44 BE19B7D0 7BF9987A 0D5AD37C 439A4852 E085B1E5 7E61834F 31315D82
+
  4AED1296 7DA50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
+
  301F0603 551D2304 18301680 143726BC 178AAED6 98B6A15B AD32BB77 F705A9F6
+
  33301D06 03551D0E 04160414 3726BC17 8AAED698 B6A15BAD 32BB77F7 05A9F633
+
  300D0609 2A864886 F70D0101 05050003 82010100 043B3736 CEF180C7 C9B897ED
+
  A3FA2674 505F84BB BDF2A707 7733CA86 FA90069D 0F8D62F0 872E9561 2F4715A9
+
  DACAB5BC 87E611E2 8D4D0C41 EF3D2EEB 6D90ACC8 B80C1C25 95CB4163 588327A6
+
  B009441B 4D1D87DF 6DD5023E 3CDE255C A5CE71AF B2F5A3EC 48C70E3B 65611C3D
+
  E7285AA7 92603FA0 472EED98 5BE8411A AF87E89F 3A69A094 2341443C EFB0C9E6
+
  076186CF CB0CE470 526BD180 79661265 3B59FA0B 24D2FFE5 FDC29258 8BF43C65
+
  DD0CC65F 78641817 7908996D 16B731F1 0BFC8F1B BF6D7DC5 701602CB 9351E780
+
  66D404FB FD07E904 8AA92375 F49A4CAC 81C170EC AF39C739 F3AE064D DE527A59
+
  C4D67EDF 8238150A 4808CB2E 4A6025F0 34BDA94A
+
        quit
+
!
+
auto qos global compact
+
!
+
!
+
diagnostic bootup level minimal
+
!
+
spanning-tree mode pvst
+
spanning-tree extend system-id
+
!
+
!
+
redundancy
+
mode sso
+
!
+
hw-switch switch 1 logging onboard message
+
!
+
!
+
class-map match-any VOIP
+
match dscp ef
+
class-map match-any system-cpp-police-topology-control
+
  description Topology control
+
class-map match-any system-cpp-police-sw-forward
+
  description Sw forwarding, L2 LVX data, LOGGING
+
class-map match-any system-cpp-default
+
  description DHCP Snooping, EWLC control, EWCL data
+
class-map match-any system-cpp-police-sys-data
+
  description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
+
class-map match-any system-cpp-police-punt-webauth
+
  description Punt Webauth
+
class-map match-any system-cpp-police-l2lvx-control
+
  description L2 LVX control packets
+
class-map match-all YOUTUBE-GEN
+
match protocol youtube
+
class-map match-any system-cpp-police-forus
+
  description Forus Address resolution and Forus traffic
+
class-map match-any system-cpp-police-multicast-end-station
+
  description MCAST END STATION
+
class-map match-any High-Throughput-Data
+
match dscp af11
+
match dscp af12
+
match dscp af13
+
class-map match-any system-cpp-police-multicast
+
  description Transit Traffic and MCAST Data
+
class-map match-any Multimedia-Conferencing
+
match dscp af41
+
match dscp af42
+
match dscp af43
+
class-map match-any system-cpp-police-l2-control
+
  description L2 control
+
class-map match-any system-cpp-police-dot1x-auth
+
  description DOT1X Auth
+
class-map match-any SLASK
+
match dscp default
+
class-map match-any system-cpp-police-data
+
  description ICMP redirect, ICMP_GEN and BROADCAST
+
class-map match-any system-cpp-police-stackwise-virt-control
+
  description Stackwise Virtual
+
class-map match-any Network-Control-Traffic
+
match dscp cs6
+
class-map match-any Multimedia-Streaming
+
match dscp af31
+
match dscp af32
+
match dscp af33
+
match protocol youtube
+
class-map match-any non-client-nrt-class
+
class-map match-any system-cpp-police-routing-control
+
  description Routing control
+
class-map match-any system-cpp-police-protocol-snooping
+
  description Protocol snooping
+
class-map match-all youtube
+
match qos-group 10
+
class-map match-any system-cpp-police-system-critical
+
  description System Critical
+
!
+
policy-map system-cpp-policy
+
policy-map output-int
+
class youtube
+
  set dscp af31
+
policy-map input-int
+
class YOUTUBE-GEN
+
  set qos-group 10
+
policy-map CBWFQ-MAP
+
class VOIP
+
class Network-Control-Traffic
+
class Multimedia-Conferencing
+
class Multimedia-Streaming
+
class High-Throughput-Data
+
policy-map port_child_policy
+
class non-client-nrt-class
+
  bandwidth remaining ratio 10
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
!
+
interface GigabitEthernet0/0
+
vrf forwarding Mgmt-vrf
+
no ip address
+
shutdown
+
speed 1000
+
negotiation auto
+
!
+
interface GigabitEthernet1/0/1
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/2
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/3
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/4
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/5
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/6
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/7
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/8
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/9
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/10
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/11
+
description YOUTUBE GENERATOR
+
service-policy input input-int
+
ip nbar protocol-discovery
+
!
+
interface GigabitEthernet1/0/12
+
description TORRENT GENERATOR
+
service-policy input CBWFQ-MAP
+
ip nbar protocol-discovery
+
!
+
interface GigabitEthernet1/0/13
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/14
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/15
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/16
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/17
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/18
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/19
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/20
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/21
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/22
+
description NOT IN USE
+
shutdown
+
!
+
interface GigabitEthernet1/0/23
+
description WIRESHARK SPAN
+
!
+
interface GigabitEthernet1/0/24
+
description UPLINK
+
switchport trunk native vlan 2
+
switchport mode trunk
+
speed 10
+
service-policy output output-int
+
ip nbar protocol-discovery
+
!
+
interface GigabitEthernet1/1/1
+
!
+
interface GigabitEthernet1/1/2
+
!
+
interface GigabitEthernet1/1/3
+
!
+
interface GigabitEthernet1/1/4
+
!
+
interface Vlan1
+
ip address dhcp
+
shutdown
+
!
+
ip default-gateway 193.10.203.129
+
ip forward-protocol nd
+
ip http server
+
ip http authentication local
+
ip http secure-server
+
!
+
!
+
!
+
!
+
!
+
!
+
control-plane
+
service-policy input system-cpp-policy
+
!
+
!
+
line con 0
+
logging synchronous
+
stopbits 1
+
line aux 0
+
stopbits 1
+
line vty 0 4
+
login
+
line vty 5 15
+
login
+
!
+
!
+
monitor session 1 source interface Gi1/0/24
+
monitor session 1 destination interface Gi1/0/23 encapsulation dot1q
+
!
+
mac address-table notification mac-move
+
wsma agent exec
+
profile httplistener
+
profile httpslistener
+
!
+
wsma agent config
+
profile httplistener
+
profile httpslistener
+
!
+
wsma agent filesys
+
profile httplistener
+
profile httpslistener
+
!
+
wsma agent notify
+
profile httplistener
+
profile httpslistener
+
!
+
!
+
wsma profile listener httplistener
+
transport http
+
!
+
wsma profile listener httpslistener
+
transport https
+
!
+
end
+
 
+
</pre>
+
</font>
+
=== Wireshark ===
+
intel-dot1q-driver.jpg
+
[[File:intel-dot1q-driver.png|300px]]
+
 
+
wireshark-DSCP.png
+
[[File:wireshark-DSCP.png|600px]]
+
 
+
wireshark-dot1p
+
[[File:wireshark-dot1p.png|400px]]
+
 
+
VICTORY !!!
+
[[File:qos-2competingNoQueues.png]]
+
Qos-2competingNoQueues.png
+
==== Common Mistakes ====
+
I would like to capture all traffic that are marked with DSCP value 184. I am able to do so using display filter "ip.dsfield==184" but how do i use the equivalent filter on capture filter ?
+
 
+
qos
+
asked 16 Jul '11, 23:11
+
 
+
chenhsien
+
 
+
 
+
'''One Answer:''' active answersoldest answersnewest answerspopular answers
+
 
+
The capture filter equivalent of "ip.dsfield==184" would be "ip[1]=184".
+
 
+
However when the dsfield value is 184, the dscp value is actually 46, as the dscp field consists of the higher 6 bits of the dsfield, the other two bits are for Explicit Congestion Notification.
+
 
+
Your filter "ip.dsfield==184" will only show packets woth DSCP value 46 and both ECN bith zero. So you might miss packets that have a ECN bit set. It's better to use the display filter "ip.dsfield.dscp==46", for which the capture filter equivalent is "ip[1]>>2=46"
+
<hr>
+
<hr>
+
Wireshark '''Profiles''':
+
* [https://www.cellstream.com/resources/wireshark-profiles-repository A VoIP QoS profile for analysis in Wireshark Popular]
+
* https://www.cellstream.com/resources/wireshark-profiles-repository/295-vlan/file
+

Latest revision as of 13:33, 12 November 2018

hej

Contents

[edit] Intro till IP-tel

kör växlarna med Skinny eller SIP

  • Ingen video
  • Hårdvarutelefoner + mjuk
  • mellan växlar (utan NAT !!) Vilka IP-nummer ska vi ha (Subnäta ?!?)

[edit] QoS

[edit] SlideShare

Sökning: https://www.google.se/search?q=easy+qos+slideshare&oq=easy+qos+slideshare&aqs=chrome..69i57j69i60.5181j0j4&sourceid=chrome&ie=UTF-8


[edit] Böcker

Comer

Stallings

Zheng Wang, Internet QoS, Architectures and Mechanisms for QoS ISBN 1-55860-608-4, år 2001

Jag har inte läst Network Analysis, Architecture, and Design https://www.amazon.com/Network-Analysis-Architecture-Kaufmann-Networking/dp/0123704804/ref=sr_1_1?s=books&ie=UTF8&qid=1539194709&sr=1-1&keywords=Network+Analysis%2C+Architecture%2C+and+Design

[edit] Youtube

[edit] NetFlow

[edit] LABORATIONER

[edit] Marking DSCP --> WIRESHARK

see http://catch-up.cnap.hv.se/wiki/index.php/QoS_Marking_and_Monitoring

Retrieved from "http://catch-up.cnap.hv.se/wiki/index.php?title=IPtelQos-Kursuppl%C3%A4gg&oldid=6619"
Personal tools
Namespaces

Variants
Actions
Navigation
Tools