流量策略和整型--策略篇 
版权声明:原创作品,谢绝转载!否则将追究法律责任。 |
 Policing and Shaping
拓扑描述 R1: f1/0 10.1.1.1/24 R2: f0/0 10.1.2.2/24 R3: f0/0 10.1.2.3/24 f1/0 10.1.1.3/24 s2/0 10.1.3.3/24 R4: s2/0 10.1.3.4/24 全网启用RIPv2 初始配置
R1 conf t int f1/0 ip ad 10.1.1.1 255.255.255.0 no shut router rip ver 2 no au net 10.0.0.0 end R2
conf t int f 0/0 ip ad 10.1.2.2 255.255.255.0 no shut router rip ver 2 no au net 10.0.0.0 end R3
conf t int f 0/0 ip ad 10.1.2.3 255.255.255.0 no shut int f1/0 ip ad 10.1.1.3 255.255.255.0 no shut int s2/0 ip ad 10.1.3.3 255.255.255.0 encap f no arp f no frame inver frame map ip 10.1.3.4 304 b no shut router rip ver 2 no au net 10.0.0.0 end R4 conf t int s2/0 ip ad 10.1.3.4 255.255.255.0 encap f no arp f no frame inver frame map ip 10.1.3.3 403 b no shut router rip ver 2 no au net 10.0.0.0 end 1,Traffic Policing 在R3上对从R1到R4流量实施策略,CIR为8000bps,Bc为2000bytes,Be为4000bytes,conform-action为transmit,exceed-action设置qos group 为4并transmit,violate-action为drop R3 conf t access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255 class-map PS match access-group 100 exit policy-map policy class PS police cir 8000 bc 2000 be 4000 conform-action transmit exceed-action set-qos-transmit 4 violate-action drop int s2/0 service-policy output policy end 校验
R3#sh policy int s2/0 Serial2/0
Service-policy output: policy
Class-map: PS (match-all)
5 packets, 520 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 8000 bps, bc 2000 bytes, be 4000 bytes conformed 5 packets, 520 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: set-qos-transmit 4 violated 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps, violate 0 bps 2 Two Rate Policer
在R3上对R1到R4的的流量实施策略,CIR为50000bps Bc为10000bytes,PIR为100000bps Be为10000bytes,conform action: transmit . exceed action: 设置ip precedence为2然后传输,violate action: drop R3 conf t access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255 class-map TWO_RATE match access-group 100 exit policy-map policy class TWO_RATE police cir 50000 bc 10000 pir 100000 be 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop int s2/0 service-policy output policy end 校验
R3#sh policy int s2/0 Serial2/0
Service-policy output: policy
Class-map: TWO_RATE (match-all)
35 packets, 3640 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 50000 bps, bc 10000 bytes pir 100000 bps, be 10000 bytes conformed 35 packets, 3640 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: set-prec-transmit 2 violated 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps, violate 0 bps 3,Policer enhancement: Multiple Actions
在R3上对R2到R4的流量实施策略,CIR为100000bps,PIR为200000bps,exceed action: 设置ip precedence为4并传输,并设置DE位,violate action设置ip precedence 为2并传输,并设置DE位 在R3上对R2到R1的流量实施策略,CIR为100000bps PIR为200000bps,exceed action :设置ip precedence 为4并传输,violate action设置ip precedence 为2并传输 R3 conf t access-list 100 permit ip 10.1.2.0 0.0.0.255 any class-map MULTIPLE_ACTION match access-group 100 policy-map R2_R1 class MULTIPLE_ACTION police cir 100000 pir 200000 exceed-action set-prec-transmit 4 violate-action set-prec-transmit 2 policy-map R2_R4 class MULTIPLE_ACTION police cir 100000 pir 200000 exceed-action set-prec-transmit 4 exceed-action set-frde-transmit violate-action set-prec-transmit 2 violate-action set-frde-transmit int s2/0 service-policy output R2_R4 int f1/0 service-policy output R2_R1 end 校验
R3#sh policy-map int f1/0 FastEthernet1/0 Service-policy output: R2_R1
Class-map: MUTLIPLE_ACTION (match-all)
5 packets, 570 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 100000 bps, bc 3125 bytes pir 200000 bps, be 6250 bytes conformed 5 packets, 570 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: set-prec-transmit 4 violated 0 packets, 0 bytes; actions: set-prec-transmit 2 conformed 0 bps, exceed 0 bps, violate 0 bps R3#sh policy-map int s2/0
Serial2/0
Service-policy output: R2_R4
Class-map: MUTLIPLE_ACTION (match-all)
5 packets, 520 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 100000 bps, bc 3125 bytes pir 200000 bps, be 6250 bytes conformed 5 packets, 520 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: set-prec-transmit 4 set-frde-transmit violated 0 packets, 0 bytes; actions: set-prec-transmit 2 set-frde-transmit conformed 0 bps, exceed 0 bps, violate 0 bps 4,Percentage-based Policing and Shaping
在R3上实施R1到R4流量的策略,CIR 占带宽的20%,burst time为300ms;PIR占带宽的40%,burst time为400ms 在R3上实施R1到R2流量的修整,CIR占带宽的30%,burst time为500 ms;PIR 的burst time为600ms R3 conf t access-list 100 permit ip 10.1.1.0 0.0.0.255 10.1.3.0 0.0.0.255 access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.2.0 0.0.0.255 class-map PBPS match access-group 100 class-map PBPS2 match access-group 101 policy-map R1_R4 class PBPS police cir percent 20 bc 300 ms pir percent 40 be 400 ms policy-map R1_R2 class PBPS2 shape average percent 30 500 ms 600 ms int s2/0 service-policy output PBPS int f 0/0 service-policy output PBPS2 end 校验
R3#SH POLICY-MAP INT S2/0 Serial2/0
Service-policy output: R1_R4
Class-map: PBPS (match-all)
10 packets, 1040 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 20 % bc 300 ms cir 308500 bps, bc 11580 bytes pir 40 % be 400 ms pir 617500 bps, be 30880 bytes conformed 10 packets, 1040 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps, violate 0 bps R3#SH POLICY-MAP INT F 0/0 FastEthernet0/0 Service-policy output: R1_R2
Class-map: PBPS2 (match-all)
10 packets, 1140 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 101 Traffic Shaping Target/Average Byte Sustain Excess Interval Increment Rate Limit bits/int bits/int (ms) (bytes) 30 (%) 500 (ms) 600 (ms) 30000000/30000000 366903 2115098 820130 70 264387 Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active - 0 10 1140 0 0 no 5,MQC的3层结构策略 在R3上从任意位置到R4的流量实施策略, level1:对所有流量限速100000bps level2:对ip precedence 为1 ,2 ,3的流量限速20000bps level3:对ip precedence 为2的流量限速10000bps R3
conf t access-list 100 permit ip any host 10.1.3.4 class-map LEVEL1 match access-group 100 class-map match-all LEVEL2 match ip precedence 1 2 3 match access-group 100 class-map match-all LEVEL3 match access-group 100 match ip precedence 2 policy MQC3 class LEVEL3 police 10000 policy MQC2 class LEVEL2 police 20000 service-policy MQC1 policy MQC1 class LEVEL1 police 100000 service-policy MQC2 校验 R3#SH POLICY-MAP INT S2/0 Serial2/0
Service-policy output: MQC_LEVEL1
Class-map: LEVEL1 (match-all)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 police: cir 100000 bps, bc 3125 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Service-policy : MQC_LEVEL2
Class-map: LEVEL2 (match-all)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 Match: ip precedence 1 2 3 police: cir 20000 bps, bc 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Service-policy : MQC_LEVEL3
Class-map: LEVEL3 (match-all)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100 Match: ip precedence 2 police: cir 10000 bps, bc 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any)
0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any 本文出自 “穿过地狱去看海” 博客,谢绝转载! 本文出自 51CTO.COM技术博客 |
cj231210
博客统计信息
热门文章
最新评论
友情链接
