QoS Marking and Monitoring
(→Wireshark) |
(→Wireshark) |
||
Line 382: | Line 382: | ||
[[File:wireshark-dot1p.png|400px]] | [[File:wireshark-dot1p.png|400px]] | ||
− | VICTORY !!! | + | VICTORY !!! |
[[File:qos-2competingNoQueues.png]] | [[File:qos-2competingNoQueues.png]] | ||
Qos-2competingNoQueues.png | Qos-2competingNoQueues.png |
Revision as of 13:31, 12 November 2018
- Two hosts download data via Youtube and Expressen.
- Traffic is marked accordingly
- an extra monitor-switch is inserted on the 10Mbps (slow) link and traffic is duplicated on a monitor port
- The monitor port is connected to wireshark for packet capture and graphical presentation
Contents |
NBAR-2 and DSCP Marking on Switch
Wow, this is great
Marking DSCP --> WIRESHARK
Building configuration... Current configuration : 8430 bytes ! ! Last configuration change at 09:32:05 UTC Mon Oct 22 2018 ! version 16.6 no service pad service timestamps debug datetime msec service timestamps log datetime msec service compress-config no platform punt-keepalive disable-kernel-core ! hostname SwirreEtta ! ! vrf definition Mgmt-vrf ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ! no aaa new-model boot system switch all flash:cat3k_caa-universalk9.16.06.04.SPA.bin switch 1 provision ws-c3650-24ps ! ! ! ! ip routing ! no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! crypto pki trustpoint TP-self-signed-1320644307 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1320644307 revocation-check none rsakeypair TP-self-signed-1320644307 ! ! crypto pki certificate chain TP-self-signed-1320644307 certificate self-signed 01 30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31333230 36343433 3037301E 170D3138 31303232 30393138 30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33323036 34343330 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201 0A028201 0100B751 80556E5C F3D51CF4 62643C60 B1E61FBE E171EDEC 086F3F00 016C1EF9 B748AACE 74826405 5E99E0CA 03069FC1 BCF6DBAA 7B5658D3 72BD370B FC01F877 34DE012D AAFB1B11 43FF83FB 904DC46D 8A693DBB 8F62411B 32A8710F 8287E2FF DA6BCDAB 62D61D8F 40A011EC 0E02225E 8D0859E5 A04D6906 2C3654EE 6D0F9DF5 3D07EDDD 26808E15 06371449 DA62796D 28C011E5 6ABD7E7A E87D96FA 999282E9 BDB08CC7 5B851C9E B391DBAF F855965C EB2E4577 0C872EDD 63A5BD2A 78483E7E 0EEE10C9 0D511C8D 1B47FF17 EB5986AE 9C937715 F75C948B 552B85A4 8EEABA44 BE19B7D0 7BF9987A 0D5AD37C 439A4852 E085B1E5 7E61834F 31315D82 4AED1296 7DA50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 143726BC 178AAED6 98B6A15B AD32BB77 F705A9F6 33301D06 03551D0E 04160414 3726BC17 8AAED698 B6A15BAD 32BB77F7 05A9F633 300D0609 2A864886 F70D0101 05050003 82010100 043B3736 CEF180C7 C9B897ED A3FA2674 505F84BB BDF2A707 7733CA86 FA90069D 0F8D62F0 872E9561 2F4715A9 DACAB5BC 87E611E2 8D4D0C41 EF3D2EEB 6D90ACC8 B80C1C25 95CB4163 588327A6 B009441B 4D1D87DF 6DD5023E 3CDE255C A5CE71AF B2F5A3EC 48C70E3B 65611C3D E7285AA7 92603FA0 472EED98 5BE8411A AF87E89F 3A69A094 2341443C EFB0C9E6 076186CF CB0CE470 526BD180 79661265 3B59FA0B 24D2FFE5 FDC29258 8BF43C65 DD0CC65F 78641817 7908996D 16B731F1 0BFC8F1B BF6D7DC5 701602CB 9351E780 66D404FB FD07E904 8AA92375 F49A4CAC 81C170EC AF39C739 F3AE064D DE527A59 C4D67EDF 8238150A 4808CB2E 4A6025F0 34BDA94A quit ! auto qos global compact ! ! diagnostic bootup level minimal ! spanning-tree mode pvst spanning-tree extend system-id ! ! redundancy mode sso ! hw-switch switch 1 logging onboard message ! ! class-map match-any VOIP match dscp ef class-map match-any system-cpp-police-topology-control description Topology control class-map match-any system-cpp-police-sw-forward description Sw forwarding, L2 LVX data, LOGGING class-map match-any system-cpp-default description DHCP Snooping, EWLC control, EWCL data class-map match-any system-cpp-police-sys-data description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed class-map match-any system-cpp-police-punt-webauth description Punt Webauth class-map match-any system-cpp-police-l2lvx-control description L2 LVX control packets class-map match-all YOUTUBE-GEN match protocol youtube class-map match-any system-cpp-police-forus description Forus Address resolution and Forus traffic class-map match-any system-cpp-police-multicast-end-station description MCAST END STATION class-map match-any High-Throughput-Data match dscp af11 match dscp af12 match dscp af13 class-map match-any system-cpp-police-multicast description Transit Traffic and MCAST Data class-map match-any Multimedia-Conferencing match dscp af41 match dscp af42 match dscp af43 class-map match-any system-cpp-police-l2-control description L2 control class-map match-any system-cpp-police-dot1x-auth description DOT1X Auth class-map match-any SLASK match dscp default class-map match-any system-cpp-police-data description ICMP redirect, ICMP_GEN and BROADCAST class-map match-any system-cpp-police-stackwise-virt-control description Stackwise Virtual class-map match-any Network-Control-Traffic match dscp cs6 class-map match-any Multimedia-Streaming match dscp af31 match dscp af32 match dscp af33 match protocol youtube class-map match-any non-client-nrt-class class-map match-any system-cpp-police-routing-control description Routing control class-map match-any system-cpp-police-protocol-snooping description Protocol snooping class-map match-all youtube match qos-group 10 class-map match-any system-cpp-police-system-critical description System Critical ! policy-map system-cpp-policy policy-map output-int class youtube set dscp af31 policy-map input-int class YOUTUBE-GEN set qos-group 10 policy-map CBWFQ-MAP class VOIP class Network-Control-Traffic class Multimedia-Conferencing class Multimedia-Streaming class High-Throughput-Data policy-map port_child_policy class non-client-nrt-class bandwidth remaining ratio 10 ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface GigabitEthernet0/0 vrf forwarding Mgmt-vrf no ip address shutdown speed 1000 negotiation auto ! interface GigabitEthernet1/0/1 description NOT IN USE shutdown ! interface GigabitEthernet1/0/2 description NOT IN USE shutdown ! interface GigabitEthernet1/0/3 description NOT IN USE shutdown ! interface GigabitEthernet1/0/4 description NOT IN USE shutdown ! interface GigabitEthernet1/0/5 description NOT IN USE shutdown ! interface GigabitEthernet1/0/6 description NOT IN USE shutdown ! interface GigabitEthernet1/0/7 description NOT IN USE shutdown ! interface GigabitEthernet1/0/8 description NOT IN USE shutdown ! interface GigabitEthernet1/0/9 description NOT IN USE shutdown ! interface GigabitEthernet1/0/10 description NOT IN USE shutdown ! interface GigabitEthernet1/0/11 description YOUTUBE GENERATOR service-policy input input-int ip nbar protocol-discovery ! interface GigabitEthernet1/0/12 description TORRENT GENERATOR service-policy input CBWFQ-MAP ip nbar protocol-discovery ! interface GigabitEthernet1/0/13 description NOT IN USE shutdown ! interface GigabitEthernet1/0/14 description NOT IN USE shutdown ! interface GigabitEthernet1/0/15 description NOT IN USE shutdown ! interface GigabitEthernet1/0/16 description NOT IN USE shutdown ! interface GigabitEthernet1/0/17 description NOT IN USE shutdown ! interface GigabitEthernet1/0/18 description NOT IN USE shutdown ! interface GigabitEthernet1/0/19 description NOT IN USE shutdown ! interface GigabitEthernet1/0/20 description NOT IN USE shutdown ! interface GigabitEthernet1/0/21 description NOT IN USE shutdown ! interface GigabitEthernet1/0/22 description NOT IN USE shutdown ! interface GigabitEthernet1/0/23 description WIRESHARK SPAN ! interface GigabitEthernet1/0/24 description UPLINK switchport trunk native vlan 2 switchport mode trunk speed 10 service-policy output output-int ip nbar protocol-discovery ! interface GigabitEthernet1/1/1 ! interface GigabitEthernet1/1/2 ! interface GigabitEthernet1/1/3 ! interface GigabitEthernet1/1/4 ! interface Vlan1 ip address dhcp shutdown ! ip default-gateway 193.10.203.129 ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ! ! ! ! ! control-plane service-policy input system-cpp-policy ! ! line con 0 logging synchronous stopbits 1 line aux 0 stopbits 1 line vty 0 4 login line vty 5 15 login ! ! monitor session 1 source interface Gi1/0/24 monitor session 1 destination interface Gi1/0/23 encapsulation dot1q ! mac address-table notification mac-move wsma agent exec profile httplistener profile httpslistener ! wsma agent config profile httplistener profile httpslistener ! wsma agent filesys profile httplistener profile httpslistener ! wsma agent notify profile httplistener profile httpslistener ! ! wsma profile listener httplistener transport http ! wsma profile listener httpslistener transport https ! end
Wireshark
Qos-2competingNoQueues.png
Common Mistakes
I would like to capture all traffic that are marked with DSCP value 184. I am able to do so using display filter "ip.dsfield==184" but how do i use the equivalent filter on capture filter ?
qos asked 16 Jul '11, 23:11
chenhsien
One Answer: active answersoldest answersnewest answerspopular answers
The capture filter equivalent of "ip.dsfield==184" would be "ip[1]=184".
However when the dsfield value is 184, the dscp value is actually 46, as the dscp field consists of the higher 6 bits of the dsfield, the other two bits are for Explicit Congestion Notification.
Your filter "ip.dsfield==184" will only show packets woth DSCP value 46 and both ECN bith zero. So you might miss packets that have a ECN bit set. It's better to use the display filter "ip.dsfield.dscp==46", for which the capture filter equivalent is "ip[1]>>2=46"
Wireshark Profiles: