实际操作
上面简单介绍了下QoS,由于公司人员增多,上网设备增加,导致部分时间段及多人下载时会出现外网严重丢包现象,影响上网体验;现做QoS来进行流量监管、整形和拥塞避免,来保护部分流量不会因带宽占满而受影响。
大致拓扑:
路由AR2240的内网入接口G4/0/0上已应用策略路由,使得商务人员的流量走ADSL线路,其它流量走企业光纤,现整形企业光纤接口的流量。
接口出流量整形/拥塞管理:
- 流量标记:
- 在交换机S5700上联接口G0/0/12的出方向进行流量标记。
使用ACL来匹配不同的流量:<S5700_01>system-view [S5700_01]acl name importantserv [S5700_01-acl-adv-importantserv]step 10 [S5700_01-acl-adv-importantserv]description /* QoS: Match DNS,SSH Service to cs5 */ [S5700_01-acl-adv-importantserv]rule permit udp destination-port eq dns [S5700_01-acl-adv-importantserv]rule permit tcp destination-port eq domain [S5700_01-acl-adv-importantserv]rule permit tcp destination-port eq 22 [S5700_01-acl-adv-importantserv]rule permit tcp destination-port eq 2323 [S5700_01-acl-adv-importantserv]rule permit tcp destination-port eq 8000 [S5700_01-acl-adv-importantserv]acl name specialuser [S5700_01-acl-adv-specialuser]step 10 [S5700_01-acl-adv-specialuser]description /* QoS: Match Traffic of IP to cs4 */ [S5700_01-acl-adv-specialuser]rule permit ip source 172.16.200.182 0 [S5700_01-acl-adv-specialuser]acl name commonserv [S5700_01-acl-adv-commonserv]description /* QoS: Match HTTP,MAIL,FS,FTP,VPN Service to af21 */ [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 80 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 443 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 25 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 110 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 465 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 995 [S5700_01-acl-adv-commonserv]rule permit udp destination-port eq 100 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 100 [S5700_01-acl-adv-commonserv]rule permit tcp destination-port eq 21 [S5700_01-acl-adv-commonserv]rule permit tcp source 172.16.220.212 0 source-port eq 1194 [S5700_01-acl-adv-commonserv]quit
- 创建traffic classifier流量类型,匹配ACL流量:
[S5700_01]traffic classifier 1_importantserv operator or [S5700_01-classifier-1_importantserv]if-match acl importantserv [S5700_01-classifier-1_importantserv]traffic classifier 2_specialuser operator or [S5700_01-classifier-2_specialuser]if-match acl specialuser [S5700_01-classifier-2_specialuser]traffic classifier 3_commonserv operator or [S5700_01-classifier-3_commonserv]if-match acl commonserv [S5700_01-classifier-3_commonserv]quit [S5700_01]display traffic classifier user-defined User Defined Classifier Information: Classifier: 1_importantserv Operator: OR Rule(s) : if-match acl importantserv Classifier: 2_specialuser Operator: OR Rule(s) : if-match acl specialuser Classifier: 3_commonserv Operator: OR Rule(s) : if-match acl commonserv Total classifier number is 3 [S5700_01] - 创建traffic behavior流量操作,进行dscp标记:
[S5700_01]traffic behavior mark_af21 [S5700_01-behavior-mark_af21]remark dscp af21 [S5700_01-behavior-mark_af21]traffic behavior mark_cs4 [S5700_01-behavior-mark_cs4]remark dscp cs4 [S5700_01-behavior-mark_cs4]traffic behavior mark_cs5 [S5700_01-behavior-mark_cs5]remark dscp cs5 [S5700_01-behavior-mark_cs5]quit [S5700_01]display traffic behavior user-defined User Defined Behavior Information: Behavior: mark_af21 Remark: Remark DSCP af21 Behavior: mark_cs4 Remark: Remark DSCP cs4 Behavior: mark_cs5 Remark: Remark DSCP cs5 Statistic: enable Total behavior number is 3 [S5700_01] - 创建traffic policy流量策略,进行流量操作:
[S5700_01]traffic policy remark_out [S5700_01-trafficpolicy-remark_out]classifier 1_importantserv behavior mark_cs5 [S5700_01-trafficpolicy-remark_out]classifier 2_specialuser behavior mark_cs4 [S5700_01-trafficpolicy-remark_out]classifier 3_commonserv behavior mark_af21 [S5700_01-trafficpolicy-remark_out]quit [S5700_01]display traffic policy user-defined User Defined Traffic Policy Information: Policy: remark_out Classifier: 1_importantserv Operator: OR Behavior: mark_cs5 Remark: Remark DSCP cs5 Statistic: enable Classifier: 2_specialuser Operator: OR Behavior: mark_cs4 Remark: Remark DSCP cs4 Classifier: 3_commonserv Operator: OR Behavior: mark_af21 Remark: Remark DSCP af21 Total policy number is 1 [S5700_01] - 在接口出方向应用:
[S5700_01]interface GigabitEthernet 0/0/12 [S5700_01-GigabitEthernet0/0/12]traffic-policy remark_out outbound [S5700_01-GigabitEthernet0/0/12]quit
- 查看已应用的流量策略:
[S5700_01]display traffic-policy applied-record # ------------------------------------------------- Policy Name: remark_out Policy Index: 1 Classifier:1_importantserv Behavior:mark_cs5 Classifier:2_specialuser Behavior:mark_cs4 Classifier:3_commonserv Behavior:mark_af21 ------------------------------------------------- *interface GigabitEthernet0/0/12 traffic-policy remark_out outbound slot 0 : success ------------------------------------------------- Policy total applied times: 1. # [S5700_01]
- 在交换机S5700上联接口G0/0/12的出方向进行流量标记。
- 在路由器企业光纤接口G0/0/1的出方向进行流量整形、拥塞避免:
- 在内网流量进入接口信任dscp:
[AR2240]interface GigabitEthernet 4/0/0 [AR2240-GigabitEthernet4/0/0]trust dscp [AR2240-GigabitEthernet4/0/0]quit
- 创建traffic classifier流量类型,匹配不同dscp流量:
[AR2240]traffic classifier In_importantserv operator or [AR2240-classifier-In_importantserv]if-match dscp cs5 [AR2240-classifier-In_importantserv]traffic classifier In_specialuser operator or [AR2240-classifier-In_specialuser]if-match dscp cs4 [AR2240-classifier-In_specialuser]traffic classifier In_commonserv operator or [AR2240-classifier-In_commonserv]if-match dscp af21 [AR2240-classifier-In_commonserv]quit
- 创建drop-profile WRED丢弃模板,基于dscp进行操作:
[AR2240]drop-profile wred_up [AR2240-drop-profile-wred_up]wred dscp [AR2240-drop-profile-wred_up]dscp cs5 low-limit 80 high-limit 100 discard-percentage 10 [AR2240-drop-profile-wred_up]dscp cs4 low-limit 70 high-limit 80 discard-percentage 20 [AR2240-drop-profile-wred_up]dscp af21 low-limit 60 high-limit 70 discard-percentage 30 [AR2240-drop-profile-wred_up]dscp default low-limit 30 high-limit 65 discard-percentage 30 [AR2240-drop-profile-wred_up]quit
Tips: dscp指定DiffServ编码的流量,low-limit low-limit-percentage指定WRED丢弃下限百分比,即当队列中的报文占队列长度达到此百分比时,开始进行WRED丢弃。high-limit high-limit-percentage指定WRED丢弃上限百分比,即当队列中的报文占队列长度达到此百分比时,开始丢弃所有新收到的报文。discard-percentage discard-percentage指定WRED的最大丢弃概率。
- 创建traffic behavior流量操作,保证重要服务带宽占用:
[AR2240]traffic behavior S_out_importantserv [AR2240-behavior-S_out_importantserv]queue ef bandwidth pct 40 [AR2240-behavior-S_out_importantserv]queue-length packets 100 bytes 204800 [AR2240-behavior-S_out_importantserv]traffic behavior S_out_specialuser [AR2240-behavior-S_out_specialuser]queue af bandwidth pct 25 [AR2240-behavior-S_out_specialuser]queue-length packets 100 bytes 204800 [AR2240-behavior-S_out_specialuser]drop-profile wred_up [AR2240-behavior-S_out_specialuser]traffic behavior S_out_commonserv [AR2240-behavior-S_out_commonserv]queue af bandwidth pct 25 [AR2240-behavior-S_out_commonserv]queue-length packets 100 bytes 204800 [AR2240-behavior-S_out_commonserv]drop-profile wred_up [AR2240-behavior-S_out_commonserv]quit
Tips: queue设置队列类型,bandwidth pct设置可确保的最小带宽占接口实际可用带宽的百分比。queue-length指定队列长度,默认为64。drop-profile指定WRED丢弃方式的配置文件,默认为尾丢弃。
- 创建traffic policy流量策略:
[AR2240]traffic policy shaping_out [AR2240-trafficpolicy-shaping_out]classifier In_importantserv behavior S_out_importantserv [AR2240-trafficpolicy-shaping_out]classifier In_specialuser behavior S_out_specialuser [AR2240-trafficpolicy-shaping_out]classifier In_commonserv behavior S_out_commonserv [AR2240-trafficpolicy-shaping_out]classifier default-class behavior S_out_other [AR2240-trafficpolicy-shaping_out]quit [AR2240]display traffic policy user-defined User Defined Traffic Policy Information: Policy: shaping_out Classifier: In_importantserv Operator: OR Behavior: S_out_importantserv statistic: enable Expedited Forwarding: Bandwidth 40 (%) Queue Length: 100 (Packets) 204800 (Bytes) Classifier: In_specialuser Operator: OR Behavior: S_out_specialuser Assured Forwarding: Bandwidth 25 (%) Drop Method: WRED Drop-profile: wred_up Queue Length: 100 (Packets) 204800 (Bytes) Classifier: In_commonserv Operator: OR Behavior: S_out_commonserv Assured Forwarding: Bandwidth 25 (%) Drop Method: WRED Drop-profile: wred_up Queue Length: 100 (Packets) 204800 (Bytes) Classifier: default-class Operator: AND Behavior: S_out_other Flow based Weighted Fair Queueing: Max number of hashed queues: 1 Drop Method: WRED Drop-profile: wred_up Queue Length: 100 (Packets) 204800 (Bytes) [AR2240] - 在接口G0/0/1出方向应用策略,并设置接口整体流出流量限制:
[AR2240]interface GigabitEthernet 0/0/1 [AR2240-GigabitEthernet0/0/1]qos gts cir 65000 [AR2240-GigabitEthernet0/0/1]traffic-policy shaping_out outbound [AR2240-GigabitEthernet0/0/1]quit
Tips: qos gts命令配置的接口整形,是对接口下所有队列的总流量进行整形;仅对接口出方向流量有用。
- 在内网流量进入接口信任dscp: