QoS: Classification and Marking

Classification and Marking is pretty much a self explanatory term. Classify the packet/frame based on number of things such as ip source subnet, protocol, tags, L2/L3 header markings and etc. The fields can be marked are IP header, LAN trunking headers, Frame Relay and ATM headers. This lab will focus on IP precedence and DSCP values on IP packet.


In R1, IP precendence 0,1,2 markings should be marked on packets from 1.1.1.1/32, 11.11.11.11/32 and
111.111.111.111/32 respectively. R2 should check for IP prec
packets 0,1,2 and replace them with DSCP markings
AF11, 12 and 13 respectively.
R3 should have an inbound policy-map with no action just to keep track of how many
packets have been marked as AF11,12 and 13
.



Click on the diagram to resize.

Relevant configurations.


R1:

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
ip address 11.11.11.11 255.255.255.255
!
interface Loopback2
ip address 111.111.111.111 255.255.255.255
!
interface Serial0/2
ip address 12.12.12.1 255.255.255.0
serial restart-delay 0
!
ip route 0.0.0.0 0.0.0.0 12.12.12.2

R2:

!
interface Serial0/1
ip address 12.12.12.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/3
ip address 23.23.23.2 255.255.255.0
serial restart-delay 0
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
ip route 11.11.11.11 255.255.255.255 12.12.12.1
ip route 111.111.111.111 255.255.255 12.12.12.1

R3:

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Serial0/2
ip address 23.23.23.3 255.255.255.0
serial restart-delay 0
service-policy input DSCP
!
ip route 0.0.0.0 0.0.0.0 23.23.23.2

First we need to configure access-list on R1 for every loopback addresses. After which, create a class-map to match the access-groups and policy-map to put the corresponding IP precendence marking per class-map. Apply the policy-map to the interface Se0/2 on an outbound direction.


On R1, configure:
!
access-list 10 permit 1.1.1.1
access-list 11 permit 11.11.11.11
access-list 12 permit 111.111.111.111
!
class-map match-all Loopback2
match access-group 12
class-map match-all Loopback1
match access-group 11
class-map match-all Loopback0
match access-group 10
!
interface Serial0/2
service-policy output Loopback

Let's proceed configuring R2. Let's match IP precedence and then replace them with DSCP values indicated.


On R2:
!
class-map match-all PREC0
match precedence 0
class-map match-all PREC1
match precedence 1
class-map match-all PREC2
match precedence 2
!
policy-map CHECKER
class PREC1
set dscp af12
class PREC0
set dscp af11
class PREC2
set dscp af13
!
interface Serial0/3
service-policy output CHECKER


On to configuring R3 to match the DSCP values and serve as a inbound counter.


R3:
!
class-map match-all AF12
match dscp af12
class-map match-all AF13
match dscp af13
class-map match-all AF11
match dscp af11
!
policy-map DSCP
class AF11
class AF12
class AF13
!
interface Serial0/2
service-policy input DSCP


Let's generate some traffic and check the policy-maps later. 100, 200 and 300 packets from Lo0, Lo1 and Lo2 respectively.


R1#ping 3.3.3.3 source lo0 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/12/64 ms
R1#ping 3.3.3.3 source lo1 rep 200

Type escape sequence to abort.
Sending 200, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (200/200), round-trip min/avg/max = 1/13/108 ms
R1#ping 3.3.3.3 source lo2 rep 300

Type escape sequence to abort.
Sending 300, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 111.111.111.111
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (300/300), round-trip min/avg/max = 1/11/92 ms


Let's check the policy-map hits.


R1#sh policy-map int
Serial0/2

Service-policy output: Loopback

Class-map: Loopback0 (match-all)
100 packets, 10400 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 10
QoS Set
precedence 0
Packets marked 100

Class-map: Loopback1 (match-all)
200 packets, 20800 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group 11
QoS Set
precedence 1
Packets marked 200

Class-map: Loopback2 (match-all)
300 packets, 31200 bytes
5 minute offered rate 4000 bps, drop rate 0 bps
Match: access-group 12
QoS Set
precedence 2
Packets marked 300

Class-map: class-default (match-any)
11 packets, 876 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R2#sh policy-map int
Serial0/1

Service-policy input: CHECKER

Class-map: PREC1 (match-all)
200 packets, 20800 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: precedence 1
QoS Set
dscp af12
Packets marked 200

Class-map: PREC0 (match-all)
100 packets, 10400 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: precedence 0
QoS Set
dscp af11
Packets marked 100

Class-map: PREC2 (match-all)
300 packets, 31200 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: precedence 2
QoS Set
dscp af13
Packets marked 300

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R3#

*Mar 1 00:54:36.683: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
R3#sh policy-map int
Serial0/2

Service-policy input: DSCP

Class-map: AF11 (match-all)
100 packets, 10400 bytes
5 minute offered rate 0 bps
Match: dscp af11 (10)

Class-map: AF12 (match-all)
200 packets, 20800 bytes
5 minute offered rate 0 bps
Match: dscp af12 (12)

Class-map: AF13 (match-all)
300 packets, 31200 bytes
5 minute offered rate 0 bps
Match: dscp af13 (14)

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any


Checking on the show output, we can see that from a normal packet without a marking, it was marked by R1 with IP precedence values and then classified by R2 and remarked again now with DSCP values. We can see we have the same number of packets on the corresponding IP Prec and DSCP values. 0 to AF11 = 100, 1 to AF12 = 200 and 2 to AF13 = 300.


Layer 2 markings such ash CoS, DE, CLP and EXP can only be classified in the ingress
direction and can only be marked in the egress direction only.

Comments

1 Response to "QoS: Classification and Marking"

Unknown said... January 10, 2014 at 4:40 PM

Very Nice.

Post a Comment

Certifications

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.

Join my Facebook Page I WANT TO BE A CCIE

Donate to the Cause

My aim is to create materials for free and possibly a free lab. If you wish to help out, please send any amount. Thanks.

Join my Bandwagon

Blogs that I Read