一般的QoS配置不外乎四个步骤:
1,设置ACL匹配应用流量;
2,设置class-map匹配相应ACL或者相应端口等等,不过一般式匹配ACL;
3,设置policy-map匹配class-map,然后定一规则动作;
4,将policy-map绑定到相应的接口上。
1,设置ACL匹配应用流量;
2,设置class-map匹配相应ACL或者相应端口等等,不过一般式匹配ACL;
3,设置policy-map匹配class-map,然后定一规则动作;
4,将policy-map绑定到相应的接口上。
当然需要注意的是qos已经全局enable,默认情况先qos是disable的。使用全局命令mls qos来enable,可以通过show mls qos来查看是否enable。
下面使用一个比较典型的案例来说明QoS的配置步骤:
需求:路径带宽为622Mbps,四种应用流量,需要保证如下几点:
流量1,某一具体应用流量,永远优先传输,最小带宽保证为365Mbps;
流量2,某一具体应用流量,次优先传输,最小带宽保证为200Mbps;
流量3,此为业务流量,保证在1和2后的其余带宽下传输即可;
流量4,某一具体应用流量,保证在123流量外的带宽下传输即可。
流量1,某一具体应用流量,永远优先传输,最小带宽保证为365Mbps;
流量2,某一具体应用流量,次优先传输,最小带宽保证为200Mbps;
流量3,此为业务流量,保证在1和2后的其余带宽下传输即可;
流量4,某一具体应用流量,保证在123流量外的带宽下传输即可。
具体配置如下:
第一步,定义ACL匹配应用流量:
ip access-list extended tra1_acl
permit tcp 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.255 eq 8818
ip access-list extended tra2_acl
permit tcp 1.1.3.0 0.0.0.255 1.1.4.0 0.0.0.255 eq 901
ip access-list extended tra4_acl
permit ip 1.1.5.0 0.0.0.255 1.1.6.0 0.0.0.255
第二步,定义class-map匹配相关ACL:
class-map match-all tra1_cmap
match access-group name tra1_acl
class-map match-all tra2_cmap
match access-group name tra2_acl
class-map match-all tra4_cmap
match access-group name tra4_acl
第三步,定义policy-map:
policy-map tra_pmap
class tra1_cmap
set precedence 5
plicy cir 365000000 bc 8500000 be 13500000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
bandwitch 365000
class tra2_cmap
set precedence 4
policy cir 200000000 bc 10000000 be 13000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
第一步,定义ACL匹配应用流量:
ip access-list extended tra1_acl
permit tcp 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.255 eq 8818
ip access-list extended tra2_acl
permit tcp 1.1.3.0 0.0.0.255 1.1.4.0 0.0.0.255 eq 901
ip access-list extended tra4_acl
permit ip 1.1.5.0 0.0.0.255 1.1.6.0 0.0.0.255
第二步,定义class-map匹配相关ACL:
class-map match-all tra1_cmap
match access-group name tra1_acl
class-map match-all tra2_cmap
match access-group name tra2_acl
class-map match-all tra4_cmap
match access-group name tra4_acl
第三步,定义policy-map:
policy-map tra_pmap
class tra1_cmap
set precedence 5
plicy cir 365000000 bc 8500000 be 13500000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
bandwitch 365000
class tra2_cmap
set precedence 4
policy cir 200000000 bc 10000000 be 13000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
bandwidth 200000
class tra4_cmap
set precedence 1
class class-default
set precedence 2
第四步,绑定policy-map于相应的接口:
int pos1/0/0
service-policy output tra_pmap
至此,配置完毕。
class tra4_cmap
set precedence 1
class class-default
set precedence 2
第四步,绑定policy-map于相应的接口:
int pos1/0/0
service-policy output tra_pmap
至此,配置完毕。
通过命令查看policy-map的匹配情况:
switch-a#sh policy-map interface pos1/0/0
POS1/0/0
switch-a#sh policy-map interface pos1/0/0
POS1/0/0
Service-policy output: tra_map
Class-map: tra1_cmap (match-all)
66639423781 packets, 74849682635166 bytes
30 second offered rate 260369000 bps, drop rate 0 bps //匹配此class-map的流量速率
Match: access-group name tra1_acl
Queueing
queue limit 91250 (packets)
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts queued/bytes queued) 66639405294/74849695040832
QoS Set
ip precedence 5
Packets marked 66639423781
police:
cir 365000000 bps, bc 8500000 bytes, be 13500000 bytes //注意cir、bc和be的单位
conformed 66191701966 packets, 74341131469597 bytes; action: transmit
exceeded 218369922 packets, 232627302399 bytes; action: set-prec-transmit 4
violated 229208950 packets, 275718927918 bytes; action: set-prec-transmit 3
conformed 256761000 bps, exceed 1656000 bps, violate 1939000 bps //每个action的流量速率,注意这三个值总和应该大致等于上面的总速率;
bandwidth 365000 kbps
66639423781 packets, 74849682635166 bytes
30 second offered rate 260369000 bps, drop rate 0 bps //匹配此class-map的流量速率
Match: access-group name tra1_acl
Queueing
queue limit 91250 (packets)
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts queued/bytes queued) 66639405294/74849695040832
QoS Set
ip precedence 5
Packets marked 66639423781
police:
cir 365000000 bps, bc 8500000 bytes, be 13500000 bytes //注意cir、bc和be的单位
conformed 66191701966 packets, 74341131469597 bytes; action: transmit
exceeded 218369922 packets, 232627302399 bytes; action: set-prec-transmit 4
violated 229208950 packets, 275718927918 bytes; action: set-prec-transmit 3
conformed 256761000 bps, exceed 1656000 bps, violate 1939000 bps //每个action的流量速率,注意这三个值总和应该大致等于上面的总速率;
bandwidth 365000 kbps
Class-map: tra2_cmap (match-all)
11315788699 packets, 7283900643868 bytes
30 second offered rate 10753000 bps, drop rate 0 bps
Match: access-group tra2_acl
Queueing
queue limit 50000 (packets)
(queue depth/total drops/no-buffer drops) 1/0/0
(pkts queued/bytes queued) 11315783713/7283897663316
QoS Set
ip precedence 4
Packets marked 11315788699
police:
cir 200000000 bps, bc 10000000 bytes, be 13000000 bytes
conformed 11315784826 packets, 7283898283723 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-prec-transmit 3
violated 0 packets, 0 bytes; action: set-prec-transmit 2
conformed 10753000 bps, exceed 0 bps, violate 0 bps
bandwidth 200000 kbps
11315788699 packets, 7283900643868 bytes
30 second offered rate 10753000 bps, drop rate 0 bps
Match: access-group tra2_acl
Queueing
queue limit 50000 (packets)
(queue depth/total drops/no-buffer drops) 1/0/0
(pkts queued/bytes queued) 11315783713/7283897663316
QoS Set
ip precedence 4
Packets marked 11315788699
police:
cir 200000000 bps, bc 10000000 bytes, be 13000000 bytes
conformed 11315784826 packets, 7283898283723 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-prec-transmit 3
violated 0 packets, 0 bytes; action: set-prec-transmit 2
conformed 10753000 bps, exceed 0 bps, violate 0 bps
bandwidth 200000 kbps
Class-map: tra4_cmap (match-all)
1751296887 packets, 2633425803184 bytes
30 second offered rate 149000 bps, drop rate 0 bps
Match: access-group name tra4_acl
QoS Set
ip precedence 1
Packets marked 1751296887
1751296887 packets, 2633425803184 bytes
30 second offered rate 149000 bps, drop rate 0 bps
Match: access-group name tra4_acl
QoS Set
ip precedence 1
Packets marked 1751296887
Class-map: class-default (match-any)
22956539608 packets, 17721898306471 bytes
30 second offered rate 196094000 bps, drop rate 528000 bps
Match: any
queue limit 14250 (packets)
(queue depth/total drops/no-buffer drops) 0/9004701/0
(pkts queued/bytes queued) 24700897941/20350618920708
QoS Set
ip precedence 2
Packets marked 22958504481
switch-a#
22956539608 packets, 17721898306471 bytes
30 second offered rate 196094000 bps, drop rate 528000 bps
Match: any
queue limit 14250 (packets)
(queue depth/total drops/no-buffer drops) 0/9004701/0
(pkts queued/bytes queued) 24700897941/20350618920708
QoS Set
ip precedence 2
Packets marked 22958504481
switch-a#
必要命令解释:
plicy cir 365000000 bc 8500000 be 13500000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
cir为承诺的带宽速率,即需要保证的带宽速率,单位为bps;
bc为普通突发,单位为bytes;
be为最高突发,单位为bytes;
set-prec-transmit,表示设置IP优先级并转发数据包;
上面整体命令解释为:承诺带宽365Mbps,普通突发为8.5Mbytes,最高突发为13.5Mbytes。当速率小于450Mbps(365+85)是转发数据包,当超过450Mbps小于500Mbps(365+135)是重写IP优先级为3并转发数据包,当超过500Mbps是重写IP优先级为2并转发数据包。
plicy cir 365000000 bc 8500000 be 13500000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2
cir为承诺的带宽速率,即需要保证的带宽速率,单位为bps;
bc为普通突发,单位为bytes;
be为最高突发,单位为bytes;
set-prec-transmit,表示设置IP优先级并转发数据包;
上面整体命令解释为:承诺带宽365Mbps,普通突发为8.5Mbytes,最高突发为13.5Mbytes。当速率小于450Mbps(365+85)是转发数据包,当超过450Mbps小于500Mbps(365+135)是重写IP优先级为3并转发数据包,当超过500Mbps是重写IP优先级为2并转发数据包。
本文转自 chris_lee 51CTO博客,原文链接:http://blog.51cto.com/ipneter/163481,如需转载请自行联系原作者
