QoS Marking and Monitoring

From Datateknik
(Difference between revisions)
Jump to: navigation, search
(Topology Router-Lab)
(Router-Lab QoS)
Line 425: Line 425:
 
= Router-Lab QoS =
 
= Router-Lab QoS =
 
hello and Welcome!
 
hello and Welcome!
 +
 +
Before starting out, please read
 +
* [https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/quality-of-service-qos/sol_ov_c22-708224.html Understanding Queuing With Hierarchical Queueing Framework (cisco)]
 
== Router-Lab Introduction ==
 
== Router-Lab Introduction ==
 
Hmmm...
 
Hmmm...
 
== Topology Router-Lab ==
 
== Topology Router-Lab ==
 
[[File:lab1b-QoS-topology.png|600px|Center|Lab 1b topology: QoS with a router]]
 
[[File:lab1b-QoS-topology.png|600px|Center|Lab 1b topology: QoS with a router]]

Revision as of 08:40, 11 March 2019

In this lab QoS is *not* working -- we are only doing "marking" and trying to draw a "graph"

  • Two hosts download data via Youtube and Expressen.
  • Traffic is marked accordingly
  • an extra monitor-switch is inserted on the 10Mbps (slow) link and traffic is duplicated on a monitor port
  • The monitor port is connected to wireshark for packet capture and graphical presentation

Contents

Switch-Lab Introduction

In this lab QoS is *not* working -- we are only doing "marking" and trying to draw a "graph"

  • Two hosts download data via Youtube and Expressen.
  • Traffic is marked accordingly
  • an extra monitor-switch is inserted on the 10Mbps (slow) link and traffic is duplicated on a monitor port
  • The monitor port is connected to wireshark for packet capture and graphical presentation

Topology Switch-lab

Lab1 topology: QoS with a switch

NBAR-2 and DSCP Marking on Switch

Wow, this is great

Connectivity, speed, and monitor configuration

  • everything is in the same Vlan1

...

Marking DSCP --> WIRESHARK

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/qos/configuration_guide/b_qos_3se_3650_cg/b_qos_3se_3650_cg_chapter_010.html#d3592e17399a1635

Building configuration...

Current configuration : 8430 bytes
!
! Last configuration change at 09:32:05 UTC Mon Oct 22 2018
!
version 16.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service compress-config
no platform punt-keepalive disable-kernel-core
!
hostname SwirreEtta
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
boot system switch all flash:cat3k_caa-universalk9.16.06.04.SPA.bin
switch 1 provision ws-c3650-24ps
!
!
!
!
ip routing
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1320644307
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1320644307
 revocation-check none
 rsakeypair TP-self-signed-1320644307
!
!
crypto pki certificate chain TP-self-signed-1320644307
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31333230 36343433 3037301E 170D3138 31303232 30393138
  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33323036
  34343330 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
  0A028201 0100B751 80556E5C F3D51CF4 62643C60 B1E61FBE E171EDEC 086F3F00
  016C1EF9 B748AACE 74826405 5E99E0CA 03069FC1 BCF6DBAA 7B5658D3 72BD370B
  FC01F877 34DE012D AAFB1B11 43FF83FB 904DC46D 8A693DBB 8F62411B 32A8710F
  8287E2FF DA6BCDAB 62D61D8F 40A011EC 0E02225E 8D0859E5 A04D6906 2C3654EE
  6D0F9DF5 3D07EDDD 26808E15 06371449 DA62796D 28C011E5 6ABD7E7A E87D96FA
  999282E9 BDB08CC7 5B851C9E B391DBAF F855965C EB2E4577 0C872EDD 63A5BD2A
  78483E7E 0EEE10C9 0D511C8D 1B47FF17 EB5986AE 9C937715 F75C948B 552B85A4
  8EEABA44 BE19B7D0 7BF9987A 0D5AD37C 439A4852 E085B1E5 7E61834F 31315D82
  4AED1296 7DA50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
  301F0603 551D2304 18301680 143726BC 178AAED6 98B6A15B AD32BB77 F705A9F6
  33301D06 03551D0E 04160414 3726BC17 8AAED698 B6A15BAD 32BB77F7 05A9F633
  300D0609 2A864886 F70D0101 05050003 82010100 043B3736 CEF180C7 C9B897ED
  A3FA2674 505F84BB BDF2A707 7733CA86 FA90069D 0F8D62F0 872E9561 2F4715A9
  DACAB5BC 87E611E2 8D4D0C41 EF3D2EEB 6D90ACC8 B80C1C25 95CB4163 588327A6
  B009441B 4D1D87DF 6DD5023E 3CDE255C A5CE71AF B2F5A3EC 48C70E3B 65611C3D
  E7285AA7 92603FA0 472EED98 5BE8411A AF87E89F 3A69A094 2341443C EFB0C9E6
  076186CF CB0CE470 526BD180 79661265 3B59FA0B 24D2FFE5 FDC29258 8BF43C65
  DD0CC65F 78641817 7908996D 16B731F1 0BFC8F1B BF6D7DC5 701602CB 9351E780
  66D404FB FD07E904 8AA92375 F49A4CAC 81C170EC AF39C739 F3AE064D DE527A59
  C4D67EDF 8238150A 4808CB2E 4A6025F0 34BDA94A
        quit
!
auto qos global compact
!
!
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
redundancy
 mode sso
!
hw-switch switch 1 logging onboard message
!
!
class-map match-any VOIP
 match dscp ef
class-map match-any system-cpp-police-topology-control
  description Topology control
class-map match-any system-cpp-police-sw-forward
  description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
  description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
  description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
  description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
  description L2 LVX control packets
class-map match-all YOUTUBE-GEN
 match protocol youtube
class-map match-any system-cpp-police-forus
  description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
  description MCAST END STATION
class-map match-any High-Throughput-Data
 match dscp af11
 match dscp af12
 match dscp af13
class-map match-any system-cpp-police-multicast
  description Transit Traffic and MCAST Data
class-map match-any Multimedia-Conferencing
 match dscp af41
 match dscp af42
 match dscp af43
class-map match-any system-cpp-police-l2-control
  description L2 control
class-map match-any system-cpp-police-dot1x-auth
  description DOT1X Auth
class-map match-any SLASK
 match dscp default
class-map match-any system-cpp-police-data
  description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
  description Stackwise Virtual
class-map match-any Network-Control-Traffic
 match dscp cs6
class-map match-any Multimedia-Streaming
 match dscp af31
 match dscp af32
 match dscp af33
 match protocol youtube
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
  description Routing control
class-map match-any system-cpp-police-protocol-snooping
  description Protocol snooping
class-map match-all youtube
 match qos-group 10
class-map match-any system-cpp-police-system-critical
  description System Critical
!
policy-map system-cpp-policy
policy-map output-int
 class youtube
  set dscp af31
policy-map input-int
 class YOUTUBE-GEN
  set qos-group 10
policy-map CBWFQ-MAP
 class VOIP
 class Network-Control-Traffic
 class Multimedia-Conferencing
 class Multimedia-Streaming
 class High-Throughput-Data
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 shutdown
 speed 1000
 negotiation auto
!
interface GigabitEthernet1/0/1
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/2
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/3
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/4
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/5
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/6
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/7
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/8
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/9
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/10
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/11
 description YOUTUBE GENERATOR
 service-policy input input-int
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/12
 description TORRENT GENERATOR
 service-policy input CBWFQ-MAP
 ip nbar protocol-discovery
!
interface GigabitEthernet1/0/13
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/14
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/15
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/16
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/17
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/18
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/19
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/20
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/21
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/22
 description NOT IN USE
 shutdown
!
interface GigabitEthernet1/0/23
 description WIRESHARK SPAN
!
interface GigabitEthernet1/0/24
 description UPLINK
 switchport trunk native vlan 2
 switchport mode trunk
 speed 10
 service-policy output output-int
 ip nbar protocol-discovery
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 ip address dhcp
 shutdown
!
ip default-gateway 193.10.203.129
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
control-plane
 service-policy input system-cpp-policy
!
!
line con 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
line vty 5 15
 login
!
!
monitor session 1 source interface Gi1/0/24
monitor session 1 destination interface Gi1/0/23 encapsulation dot1q
!
mac address-table notification mac-move
wsma agent exec
 profile httplistener
 profile httpslistener
!
wsma agent config
 profile httplistener
 profile httpslistener
!
wsma agent filesys
 profile httplistener
 profile httpslistener
!
wsma agent notify
 profile httplistener
 profile httpslistener
!
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
!
end

Wireshark

intel-dot1q-driver.jpg
NOT REQUIRED! Intel-dot1q-driver.png

wireshark-DSCP.png Wireshark-DSCP.png

wireshark-dot1p Wireshark-dot1p.png

VICTORY !!!
Qos-2competingNoQueues.png Qos-2competingNoQueues.png

Common Mistakes

I would like to capture all traffic that are marked with DSCP value 184. I am able to do so using display filter "ip.dsfield==184" but how do i use the equivalent filter on capture filter ?

qos asked 16 Jul '11, 23:11

chenhsien


One Answer: active answersoldest answersnewest answerspopular answers

The capture filter equivalent of "ip.dsfield==184" would be "ip[1]=184".

However when the dsfield value is 184, the dscp value is actually 46, as the dscp field consists of the higher 6 bits of the dsfield, the other two bits are for Explicit Congestion Notification.

Your filter "ip.dsfield==184" will only show packets woth DSCP value 46 and both ECN bith zero. So you might miss packets that have a ECN bit set. It's better to use the display filter "ip.dsfield.dscp==46", for which the capture filter equivalent is "ip[1]>>2=46"



Wireshark Profiles:

Router-Lab QoS

hello and Welcome!

Before starting out, please read

Router-Lab Introduction

Hmmm...

Topology Router-Lab

Lab 1b topology: QoS with a router

Personal tools
Namespaces

Variants
Actions
Navigation
Tools