QOS之Classification and Marking

QOS的模型：

Best-Effort Service 尽力而为服务模型

Integrated Service 综合服务模型，简称Intserv

Differentiated Service 区分服务模型，简称Diffserv

我们在这主要讨论的是Diffserv，要提供区分服务的QOS，就必须先将数据分为不同的类别，或者将数据设置为不同的优先级。将数据分为不同的类别，称为分类(classification)，分类并不修改原来的数据包。将数据设置为不同的优先级称为标记(marking)，而标记会修改原来的数据包。分类和标记是实施QOS的前提，也是基础。

QOS的流程：

Marking is the QOS feather component that colors a packet so it can be identified and distinguished from other packts in QOS treatment 也就是说为数据包打上颜色 以至于QOS可以把它和其他的包分别对待。

CLASSIFICATION:

incoming interface

ip precedence

DSCP

SOURCE dan destination

application

marking方法：

network layer ：（基于数据包tos位）

ip precedence

DSCP

link layer ：

COS (ISL 802.1P)

MPLS EXP BIT

Frame relay DE bit

vlan

Inter-Switch Link (ISL)帧中，预留有1-byte的IEEE 802.1p字段，其中有3 bits可以标记CoS。 
IEEE 802.1Q帧中，预留有2-byte字段，其中同样只有3 bits可以标记CoS，
而IEEE 802.1Q帧中，native VLAN是不能被标记的，因为没有额外封装。 
CoS中由于只有3 bit可以标记，所以只能标记出0-7共8类数据，默认标为0，然而6和7是被保留的，因此只有0-5共6类可供用户标记使用。
帧中继可丢弃指标符（DE）位 在帧中继数据包中，有额外的一个字段可以用来指示该数据包的优先级，这个字段被称为可丢弃指标符Discard eligible (DE)位，默认为0，设置为1表示该数据不重要而优先被丢弃

af11     Match packets with AF11 dscp (001010) 分两块001 是1  010 是1
 af12     Match packets with AF12 dscp (001100) 001            100 是2
  af13     Match packets with AF13 dscp (001110)001            110   3
  af21     Match packets with AF21 dscp (010010)010        2   010   1
  af22     Match packets with AF22 dscp (010100)
  af23     Match packets with AF23 dscp (010110)
  af31     Match packets with AF31 dscp (011010)
  af32     Match packets with AF32 dscp (011100)
  af33     Match packets with AF33 dscp (011110)
  af41     Match packets with AF41 dscp (100010)    在af41 af42 af43中af41的优先级最高             
  af42     Match packets with AF42 dscp (100100)
  af43     Match packets with AF43 dscp (100110)
 
cs1      Match packets with CS1(precedence 1) dscp (001000)     后三位全部置0相当于ip优先级
  cs2      Match packets with CS2(precedence 2) dscp (010000)
  cs3      Match packets with CS3(precedence 3) dscp (011000)
  cs4      Match packets with CS4(precedence 4) dscp (100000)
  cs5      Match packets with CS5(precedence 5) dscp (101000)
  cs6      Match packets with CS6(precedence 6) dscp (110000)
  cs7      Match packets with CS7(precedence 7) dscp (111000)
  default  Match packets with default dscp (000000)
  ef       Match packets with EF dscp (101110)      
ip 优先级 Precedence
 <0-7>           Precedence value
  critical        Set packets with critical precedence (5)
  flash           Set packets with flash precedence (3)
  flash-override  Set packets with flash override precedence (4)
  immediate       Set packets with immediate precedence (2)
  internet        Set packets with internetwork control precedence (6)
  network         Set packets with network control precedence (7)
  priority        Set packets with priority precedence (1)
  routine         Set packets with routine precedence (0)

我们可以设置ip precedence 或者DSCP 只是分类方法的不同，标志不同的优先级，DSCP比ip precedence有更加细化了优先级类别，我们看下三者的联系

分类基于 ACL        NBAR

标记 ：PBR  CBMARKING

PBR 可以基于源ip 进行转发，而路由转发只是基于目的ip进行转发，看个例子

由于r4和r3之间是以太网链路默认r5的流量走r4到r2

我们在r3上做pbr让r5的loopback0 5.5.5.5 走R1 loopback1 走r4

access-list 100 permit ip host 5.5.5.5 host 2.2.2.2
access-list 101 permit ip host 9.9.9.9 host 2.2.2.2
route-map PBR permit 10
 match ip address 100
 set interface Serial1/1
route-map PBR permit 20
 match ip address 101
 set ip next-hop 34.1.1.4

interface Serial1/3
 ip address 35.1.1.3 255.255.255.0
 ip policy route-map PBR

在r3开启debug

*Mar  1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:24:23.647: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar  1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:24:23.891: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar  1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:24:23.991: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar  1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
r3#
*Mar  1 00:24:24.111: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed
*Mar  1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:24:24.227: IP: s=9.9.9.9 (Serial1/3), d=2.2.2.2, g=34.1.1.4, len 100, FIB policy routed

*Mar  1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:22:59.287: fibidb->namestring: Serial1/1
*Mar  1 00:22:59.287: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar  1 00:22:59.287: adj 0x0, NULL

*Mar  1 00:22:59.287: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2 (Serial1/1), len 100, FIB policy routed
*Mar  1 00:22:59.431: IP: s=5.5.5.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy match
*Mar  1 00:22:59.431: fibidb->namestring: Serial1/1
*Mar  1 00:22:59.431: ipfib_policy_set_interface_lookup: tag_ptr: 0x0
*Mar  1 00:22:59.431: adj 0x0, NULL

我们只是设置了permit 10 和20 而r5的源流量

*Mar  1 00:21:42.731: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar  1 00:21:42.851: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar  1 00:21:42.919: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar  1 00:21:42.975: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
*Mar  1 00:21:43.015: IP: s=35.1.1.5 (Serial1/3), d=2.2.2.2, len 100, FIB policy rejected(no match) - normal forwarding
总结：pbr在数据层面没有permit正常转发，而路由层（重分布）面直接deny

pbr打标记只能基于入口，不能设置DSCP

r3(config)#route-map PBR permit 10

r3(config-route-map)#match ip add 101

r3(config-route-map)#set ip ?
  address     Specify IP address
  default     Set default information
  df          Set DF bit
  next-hop    Next hop address
  precedence  Set precedence field
  qos-group   Set QOS Group ID
  tos         Set type of service field

r3(config-route-map)#set ip tos ?      
  <0-15>             Type of service value
  max-reliability    Set max reliable TOS (2)
  max-throughput     Set max throughput（吞吐量） TOS (4)
  min-delay          Set min delay TOS (8)
  min-monetary-cost  Set min monetary cost TOS (1)
  normal             Set normal TOS (0)

以上是手工命令行的形式打标记，我们还可以基于模版是的打标记就是MQC

ip access-list extended tel
 permit tcp any any eq telnet
ip access-list extended www
 permit tcp any any eq www
class-map match-all（默认） www     class map 调用ACL  what traffic do we care about
 match access-group name www   match all 一个class map 可能匹配多个流量只有都满足才执行
class-map match-all tel
 match access-group name tel
policy-map CBMARK          polic map 调用class-map   what will be done to this traffic
 class tel
  set dscp af11
 class www
  set dscp af41
interface FastEthernet0/0
service-policy input CBMARK   在接口下调用 （出入口都行）
Router#  show policy-map int f0/0

 本文转自q狼的诱惑 51CTO博客，原文链接：http://blog.51cto.com/liangrui/550434，如需转载请自行联系原作者