Foundation Summary

The "Foundation Summary" is a collection of tables and figures that provide a convenient review of many key concepts in this chapter. For those of you already comfortable with the topics in this chapter, this summary could help you recall a few details. For those of you who just read this chapter, this review should help solidify some key facts. For any of you doing your final prep before the exam, these tables and figures are a convenient way to review the day before the exam.

Table 3-19 shows the list of items that can be matched with an extended IP ACL. Table 3-20 lists the fields that can be matched by classification and marking tools without use of an ACL. Note that some header fields can be matched by an ACL or directly through some other style of configuration—in those cases, it is typically better to match the field directly, rather than with an ACL.

Table 3-19 IP Extended ACL Matchable Fields—IOS 12.2

Table 3-19 shows the list of items that can be matched with an extended IP ACL. Table 3-20 lists the fields that can be matched by classification and marking tools without use of an ACL. Note that some header fields can be matched by an ACL or directly through some other style of configuration—in those cases, it is typically better to match the field directly, rather than with an ACL.

Table 3-19 IP Extended ACL Matchable Fields—IOS 12.2

Field

Comments

Source IP address

A range of source IP addresses can be matched by using a wildcard mask.

Destination IP address

A range of source IP addresses can be matched by using a wildcard mask.

IP Precedence

Format of command uses names for precedence. The following table lists the decimal value for each name.

Name

IP precedence value routine

0

immediate

flash

3

flash-override

4

Table 3-19 IP Extended ACL Matchable Fields—IOS 12.2 (Continued)

Field

Comments

internet

network

7

IP DSCP

Format of the command allows use of differentiated services code point (DSCP) names, as well as decimal values.

IP ToS

Can check to see whether a single Type of Service (ToS) field bit is toggled on; keywords are normal (binary 0000), max-reliability (binary 1000), max-throughput (binary 0100), min-delay (binary 0010), and min-monetary-cost (binary 0001).

TCP ports

Can check source and destination ports; can also check a range of port numbers, whether a port number is larger or smaller than a single value.

TCP Established

Although not typically useful for QoS classification, ACLs can match all TCP segments after the initial segment used for connection establishment.

UDP

Checks the source and destination ports; can also check a range of port numbers, whether a port number is larger or smaller than a single value.

ICMP

Checks a larger variety of ICMP messages and code types (for example, echo request and echo reply).

IGMP

Checks for Internet Group Management Protocol (IGMP) message types.

Table 3-20 Fields Directly Matchable by Classification and Marking tools

Field

Tool

Comments

Source MAC address

CAR, CB marking

Committed access rate (CAR) uses special "accessrate" ACLs; class-based (CB) marking uses the match command.

IP Precedence

CAR, CB marking

CAR uses special "access-rate" ACLs specific to CAR; CB marking uses the match command; both can match a subset of values.

MPLS Experimental

CAR, CB marking

CAR uses special "access-rate" ACLs specific to CAR; CB marking uses the match command; both can match a subset of values.

Table 3-20 Fields Directly Matchable by Classification and Marking tools (Continued)

Field

Tool

Comments

CoS

CB marking

Checks incoming ISL/802.1P CoS bits. Can match multiple values.

Destination MAC address

CB marking

Checks for destination MAC address. Can match multiple values.

Input Interface

CB marking

Checks for input interface. Can match multiple values.

IP DSCP

CB marking

Can check for multiple values using multiple match commands.

RTP's UDP port-number range

CB marking

RTP uses even-numbered UDP ports from 16,384 to 32,767. This option allows matching a subset of these values, even-numbered ports only, because RTP only uses even-numbered ports.

QoS Group

CB marking

The QoS Group field is used to tag packets internal to a single router.

NBAR protocol types

CB marking

Refer to the "Network Based Application Recognition (NBAR)" section in this chapter for more details.

NBAR Citrix applications

CB marking

NBAR can recognize different types of Citrix applications; CB marking can use NBAR to classify based on these application types.

Host name and URL string

CB marking

NBAR can also match URL strings, including the host name, using regular expressions. CB marking can use NBAR to match these strings for classification.

Outgoing Interface

Policy-based routing (PBR)

Checks the routing table and finds all valid routes for the packet; matches based on the outgoing interface.

Next-Hop

PBR

Similar to the outgoing interface, but it checks the next-hop routers' IP addresses.

Metric

PBR

Checks the routing table entry for this packet, and compares the metric value to match the packet.

Route type

PBR

Checks the routing table, looking at the source of the routing table entry that matches the packet.

Dial Peer

Dial peers

Based on the dial peer and used to connect a VoIP call.

Figure 3-22 outlines the two IP marking fields and their positions inside an IP header: The suggested values for these fields, and their names, are listed in Table 3-21.

Figure 3-22 IP Precedence and IP DSCP Fields

8 bits

Figure 3-22 IP Precedence and IP DSCP Fields

8 bits

8 bits
Table 3-21 IP Precedence and DSCP—Popular Values and Names

Field and Value (Decimal)

Binary Value

Name

Defined by This RFC

Precedence 0

000

routine

791

Precedence 1

001

priority

791

Precedence 2

010

immediate

791

Precedence 3

011

flash

791

Precedence 4

100

flash override

791

Precedence 5

101

critic

791

Precedence 6

110

internetwork control

791

Precedence 7

111

network control

791

DSCP 0

000000

best effort or default

2475

DSCP 8

001000

CS1

2475

DSCP 16

010000

CS2

2475

DSCP 24

011000

CS3

2475

DSCP 32

100000

CS4

2475

DSCP 40

101000

CS5

2475

DSCP 48

110000

CS6

2475

DSCP 56

111000

CS7

2475

Table 3-21 IP Precedence and DSCP—Popular Values and Names (Continued)

Field and Value (Decimal)

Binary Value

Name

Defined by This RFC

DSCP 10

001010

AF11

2597

DSCP 12

001100

AF12

2597

DSCP 14

001110

AF13

2597

DSCP 18

010010

AF21

2597

DSCP 20

010100

AF22

2597

DSCP 22

010110

AF23

2597

DSCP 26

011010

AF31

2597

DSCP 28

011100

AF32

2597

DSCP 30

011110

AF33

2597

DSCP 34

100010

AF41

2597

DSCP 36

100100

AF42

2597

DSCP 38

100110

AF43

2597

DSCP 46

101110

EF

2598

CS = Class Selector AF = Assured Forwarding EF = Expedited Forwarding

CS = Class Selector AF = Assured Forwarding EF = Expedited Forwarding

Figure 3-23 shows the general location of the CoS field inside ISL and 802.1P headers.

Figure 3-23 LAN Class Of Service Fields

ISL User Field (1 byte)

Frame Type CoS

ISL Header (26 Bytes

Original Frame

802.1Q/P Header

ISL Header (26 Bytes

Original Frame

Ether

Dest.

Src

Type

Tag

User

Pporjity

VLAN ID

802.1Q Tag Field (2 bytes)

Table 3-22 summarizes the marking fields.

Table 3-22 Names of Marking Fields

Table 3-22 summarizes the marking fields.

Table 3-22 Names of Marking Fields

Field

Location

Length

Comments

IP Precedence

IP header

3 bits

Contained in the first 3 bits of the ToS byte.

IP DSCP

IP header

6 bits

Contained in the first 6 bits of the DS field, which replaces the ToS byte.

DS

IP header

1 byte

Replaces ToS byte per RFC 2475.

ToS

IP header

1 byte

Replaced by DS field per RFC 2475.

ToS

IP header

4 bits

A field inside the ToS byte; superseded by RFC 2475.

CoS

ISL and 802.1Q/P

3 bits

Cisco convention uses "CoS" to describe either trunking headers' QoS field.

Priority bits

802.1Q/P

3 bits

The name used by IEEE 802.1P for the CoS bits.

Discard Eligible (DE)

Frame Relay header

1 bit

Frame Relay switches may discard DE-marked frames, avoiding discarding frames without DE marked, under congestion.

Cell Loss Priority (CLP)

ATM cell header

1 bit

ATM equivalent of the DE bit

MPLS Experimental values(s)

MPLS header

3 bits

Used to pass QoS marking information across an MPLS network.

QoS Group

Headers internal to IOS

N/A

Uses values between 1-99 inclusive. Used for marking only internal to a single router, specifically only on the GSR/ESR product lines.

Table 3-23 lists the MQC commands used for CB marking. The table shows all the classification options available using the match command, and all the marking options available using the set command. Table 3-24 lists the show commands related to CB marking.

Table 3-23 Command Reference for Class-Based Marking

Table 3-23 lists the MQC commands used for CB marking. The table shows all the classification options available using the match command, and all the marking options available using the set command. Table 3-24 lists the show commands related to CB marking.

Table 3-23 Command Reference for Class-Based Marking

Command

Mode and Function

class-map class-map-name

Global config; names a class map, where classification options are configured

Match ...

Class-map subcommand; defines specific classification parameters

Table 3-23 Command Reference for Class-Based Marking (Continued)

Command

Mode and Function

match access-group {access-group | name access-group-name}

ACL

match source-address mac address-destination

Source MAC address

match ip precedence ip-precedence-value [ip-precedence-value ip-precedence-value ip-precedence-value]

IP precedence

match mpls experimental number

MPLS Experimental

match cos cos-value [cos-value cos-value cos-value]

CoS

match destination-address mac address

Destination MAC address

match input-interface interface-name

Input interface

match ip dscp ip-dscp-value [ip-dscp-value ip-dscp-value ip-dscp-value ip-dscp-value ip-dscp-value ip-dscp-value ip-dscp-value]

IP DSCP

match ip rtp starting-port-number port-range

RTP's UDP port-number range

match qos-group qos-group-value

QoS group

match protocol protocol-name

NBAR protocol types

match protocol citrix [app application-name-string]

NBAR Citrix applications

match protocol http [url url-string | host hostname-string | mime MIME-type]

Host name and URL string

match any

All packets

policy-map policy-map-name

Global config; names a policy, which is a set of actions to perform.

class class-name

Policy-map subcommand; identifies which packets on which to perform some action by referring to the classification logic in a class map

set

For the class, marks (sets) particular QoS fields

set ip precedence ip-precedence-value

IP precedence

set ip dscp ip-dscp-value

IP DSCP

set cos cos-value

CoS

set ip qos-group group-id

QoS group

set atm-clp

ATM CLP bit

Set fr-de

Frame Relay DE bit

Table 3-24 Exec Command Reference for Class-Based Marking

Command

Function

show policy-map policy-map-name

Lists configuration information about all MQC-based QoS tools

show policy-map interface-spec [input | output] [class class-name]

Lists statistical information about the behavior of all MQC-based QoS tools

Figure 3-24 shows the general flow of MQC commands.

Figure 3-24 MQC Commands and Their Correlation

Classification Configuration

Action/PHB Configuration

Enable on Interface

Class-map myclassl -

(matching parameters follow ...) Class-map myclass2

(matching parameters follow . )

Policy-map mypolicy^-class myclassl

(Actions/PHB's FOR THIS CLASS follow: marking, queuing, etc.) class myclass2

(Actions/PHB's FOR THIS CLASS follow: marking, queuing, etc.) Interface S 0/0

service-policy output mypolicy-^-

Tables 3-25 and 3-26 list the NBAR configuration and exec commands, respectively.

Table 3-25 Configuration Command Reference for NBAR

Command

Mode and Function

ip nbar protocol-discovery

Interface mode; enables NBAR for traffic entering the interface.

ip nbar port-map protocol-name [tcp | udp] port-number

Global; tells NBAR to search for a protocol using a different port number than the well-known port. Also defines ports to be used by custom packet description language modules (PDLM).

ip nbar pdlm pdlm-name

Global; extends the list of protocols recognized by NBAR by adding additional PDLMs.

You can use CAR for policing, but instead of discarding packets, CAR can instead mark nonconforming packets with a value that increases the packets' chances of being discarded when congestion occurs, as seen in Figure 3-25.

Table 3-26 Exec Command Reference for NBAR

Command

Function

show ip nbar protocol-discovery [interface interfacespec] [stats /byte-count | bit-rate | packet-count}][{protocolprotocol-name | top-n number}]

Lists information about statistics for the discovered protocols. Statistics can be listed by interface, by protocol, or for just the top n protocols by volume.

show ip nbar port-map [protocol-name]

Lists the current ports in use by the discovered protocols.

Figure 3-25 Policing: Excess Traffic Marked with Lower Value

Figure 3-25 Policing: Excess Traffic Marked with Lower Value

Direction of Flow of Packets in This Example

Tables 3-27, 3-28, and 3-29 list the pertinent CAR configuration and exec commands, respectively.

Table 3-27 Configuration Command Reference for CAR

Command

Mode and Function

rate-limit {input | output} [access-group [rate-limit]

acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action

Interface mode; configures classification, marking, policing, and enabling CAR on the interface

access-list rate-limit acl-index {precedence | mac-address | exp mask mask}

Global mode; creates a CAR ACL, which can match IP precedence, MAC addresses, and MPLS Experimental bits

Table 3-28 Possible Actions with CAR rate-limit Command

rate-limit Conform and Exceed Options

Function

Continue

Evaluates the next rate-limit command

Drop

Drops the packet

set-dscp-continue

Sets the differentiated services code point (DSCP) (0-63) and evaluates the next rate-limit command

set-dscp-transmit

Sets the DSCP and transmits the packet

set-mpls-exp-continue

Sets the MPLS Experimental bits (0-7) and evaluates the next rate-limit command

set-mpls-exp-transmit

Sets the MPLS Experimental bits (0-7) and sends the packet

set-prec-continue

Sets the IP precedence (0-7) and evaluates the next rate-limit command

set-prec-transmit

Sets the IP precedence (0-7) and sends the packet

set-qos-continue

Sets the QoS group ID (1-99) and evaluates the next rate-limit command

set-qos-transmit

Sets the QoS group ID (1-99) and sends the packet

Transmit

Sends the packet

Table 3-29 Exec Command Reference for CAR

Command

Function

show interfaces [interface-type interface-number] rate-limit

Displays CAR statistics on the interface specified, or on all interfaces if the interface is not specified

show access-lists rate-limit [acl-index]

Lists information about the configuration of rate-limit ACLs

Policy-based routing (PBR) enables you to route a packet based on some other information besides the destination IP address. Figure 3-26 shows a simple example, where FTP traffic is directed over the longer path in the network.

Figure 3-26 PBR: FTP Traffic Routed over Longer Path

Routing Tables' route

Figure 3-26 PBR: FTP Traffic Routed over Longer Path

Routing Tables' route

Tables 3-30 and 3-31 list the pertinent PBR configuration and exec commands, respectively.

Table 3-30 Configuration Command Reference for PBR

Command

Mode and Function

ip local policy route-map map-tag

Global; specifies that packets generated by this router should be candidates for policy routing

ip policy route-map map-tag

Interface subcommand; refers to a route map, which in turn classifies packets and specifies actions; actions include specifying a different route, and setting IP precedence

route-map map-tag [permit | deny] [sequence-number]

Global command; creates a route map entry

match ip address {access-list-number | accesslist-name} [... access-list-number | ... access-listname]

Route-map subcommand; used to match IP packets based on parameters that can be matched with an IP ACL

match length minimum-length maximum-length

Route-map subcommand; used to match IP packets based on their length

set ip precedence number | name

Route-map subcommand; sets IP precedence

value using the decimal number of name

Table 3-30 Configuration Command Reference for PBR (Continued)

Command

Mode and Function

set ip next-hop ip-address [...ip-address]

Route-map subcommand; defines the IP address(es) of the next-hop router(s) to be used for forwarding packets that match this route map entry

ip route-cache policy

Global command; enables fast switching of PBR-routed packets

Note: Not all PBR-related commands are shown in this table, but commands specifically related to marking are shown.

Note: Not all PBR-related commands are shown in this table, but commands specifically related to marking are shown.

Table 3-31 Exec Command Reference for PBR Marking

Command

Function

show ip policy

Lists configured PBR details, and statistics for numbers of packets matched by each clause.

show route-map

Lists statistical information about packets matched with a route map. PBR uses route maps to classify and mark traffic.

Advance SEO Techniques

Advance SEO Techniques

Turbocharge Your Traffic And Profits On Auto-Pilot. Would you like to watch visitors flood into your websites by the 1,000s, without expensive advertising or promotions? The fact is, there ARE people with websites doing exactly that right now. How is that possible, you ask? The answer is Advanced SEO Techniques.

Get My Free Ebook


Post a comment