QoS: Classification and Marking

Classification and Marking is pretty much a self explanatory term. Classify the packet/frame based on number of things such as ip source subnet, protocol, tags, L2/L3 header markings and etc. The fields can be marked are IP header, LAN trunking headers, Frame Relay and ATM headers. This lab will focus on IP precedence and DSCP values on IP packet.


In R1, IP precendence 0,1,2 markings should be marked on packets from 1.1.1.1/32, 11.11.11.11/32 and
111.111.111.111/32 respectively. R2 should check for IP prec packets 0,1,2 and replace them with DSCP markings
AF11, 12 and 13 respectively. R3 should have an inbound policy-map with no action just to keep track of how many
packets have been marked as AF11,12 and 13.


Click on the diagram to resize.

Relevant configurations.


R1:

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip address 11.11.11.11 255.255.255.255
!
interface Loopback2
 ip address 111.111.111.111 255.255.255.255
!
interface Serial0/2
 ip address 12.12.12.1 255.255.255.0
 serial restart-delay 0
!
ip route 0.0.0.0 0.0.0.0 12.12.12.2

R2:

!
interface Serial0/1
 ip address 12.12.12.2 255.255.255.0
 serial restart-delay 0
!
interface Serial0/3
 ip address 23.23.23.2 255.255.255.0
 serial restart-delay 0
!
ip route 1.1.1.1 255.255.255.255 12.12.12.1
ip route 11.11.11.11 255.255.255.255 12.12.12.1
ip route 111.111.111.111 255.255.255 12.12.12.1

R3:

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Serial0/2
 ip address 23.23.23.3 255.255.255.0
 serial restart-delay 0
 service-policy input DSCP
!
ip route 0.0.0.0 0.0.0.0 23.23.23.2

First we need to configure access-list on R1 for every loopback addresses. After which, create a class-map to match the access-groups and policy-map to put the corresponding IP precendence marking per class-map. Apply the policy-map to the interface Se0/2 on an outbound direction.


On R1, configure:
!
access-list 10 permit 1.1.1.1
access-list 11 permit 11.11.11.11
access-list 12 permit 111.111.111.111
!
class-map match-all Loopback2
 match access-group 12
class-map match-all Loopback1
 match access-group 11
class-map match-all Loopback0
 match access-group 10
!
interface Serial0/2
  service-policy output Loopback

Let's proceed configuring R2. Let's match IP precedence and then replace them with DSCP values indicated.


On R2:
!
class-map match-all PREC0
 match  precedence 0
class-map match-all PREC1
 match  precedence 1
class-map match-all PREC2
 match  precedence 2
!
policy-map CHECKER
 class PREC1
  set dscp af12
 class PREC0
  set dscp af11
 class PREC2
  set dscp af13
!
interface Serial0/3
service-policy output CHECKER


On to configuring R3 to match the DSCP values and serve as a inbound counter.


R3:
!
class-map match-all AF12
 match  dscp af12
class-map match-all AF13
 match  dscp af13
class-map match-all AF11
 match  dscp af11
!
policy-map DSCP
 class AF11
 class AF12
 class AF13
!
interface Serial0/2
  service-policy input DSCP


Let's generate some traffic and check the policy-maps later. 100, 200 and 300 packets from Lo0, Lo1 and Lo2 respectively.


R1#ping 3.3.3.3 source lo0 rep 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/12/64 ms
R1#ping 3.3.3.3 source lo1 rep 200

Type escape sequence to abort.
Sending 200, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (200/200), round-trip min/avg/max = 1/13/108 ms
R1#ping 3.3.3.3 source lo2 rep 300

Type escape sequence to abort.
Sending 300, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 111.111.111.111
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (300/300), round-trip min/avg/max = 1/11/92 ms


Let's check the policy-map hits.


R1#sh policy-map int
 Serial0/2

  Service-policy output: Loopback

    Class-map: Loopback0 (match-all)
      100 packets, 10400 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 10
      QoS Set
        precedence 0
          Packets marked 100

    Class-map: Loopback1 (match-all)
      200 packets, 20800 bytes
      5 minute offered rate 1000 bps, drop rate 0 bps
      Match: access-group 11
      QoS Set
        precedence 1
          Packets marked 200

    Class-map: Loopback2 (match-all)
      300 packets, 31200 bytes
      5 minute offered rate 4000 bps, drop rate 0 bps
      Match: access-group 12
      QoS Set
        precedence 2
          Packets marked 300

    Class-map: class-default (match-any)
      11 packets, 876 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

R2#sh policy-map int
 Serial0/1

  Service-policy input: CHECKER

    Class-map: PREC1 (match-all)
      200 packets, 20800 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match:  precedence 1
      QoS Set
        dscp af12
          Packets marked 200

    Class-map: PREC0 (match-all)
      100 packets, 10400 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match:  precedence 0
      QoS Set
        dscp af11
          Packets marked 100

    Class-map: PREC2 (match-all)
      300 packets, 31200 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match:  precedence 2
      QoS Set
        dscp af13
          Packets marked 300

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

R3#
*Mar  1 00:54:36.683: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
R3#sh policy-map int
 Serial0/2

  Service-policy input: DSCP

    Class-map: AF11 (match-all)
      100 packets, 10400 bytes
      5 minute offered rate 0 bps
      Match:  dscp af11 (10)

    Class-map: AF12 (match-all)
      200 packets, 20800 bytes
      5 minute offered rate 0 bps
      Match:  dscp af12 (12)

    Class-map: AF13 (match-all)
      300 packets, 31200 bytes
      5 minute offered rate 0 bps
      Match:  dscp af13 (14)

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any


Checking on the show output, we can see that from a normal packet without a marking, it was marked by R1 with IP precedence values and then classified by R2 and remarked again now with DSCP values. We can see we have the same number of packets on the corresponding IP Prec and DSCP values. 0 to AF11 = 100, 1 to AF12 = 200 and 2 to AF13 = 300.


Layer 2 markings such ash CoS, DE, CLP and EXP can only be classified in the ingress
direction and can only be marked in the egress direction only.

Saturday, May 08, 2010 | Filed Under | 1 Comments

Comments

1 Response to "QoS: Classification and Marking"

Unknown said... January 10, 2014 at 4:40 PM

Very Nice.

Post a Comment

Certifications

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.

Join my Facebook Page I WANT TO BE A CCIE

Donate to the Cause

My aim is to create materials for free and possibly a free lab. If you wish to help out, please send any amount. Thanks.

Join my Bandwagon

Blogs that I Read