Fórum Root.cz
Hlavní témata => Sítě => Téma založeno: Janko Hrasko 26. 04. 2013, 17:28:02
-
Na obycajnom cisco 800 routry sa pokusam rozbehat priority queing. Postupujem podla navodu, ale problem je v tom, ze priority queuing sa uplatnuje iba pre pakety, ktore z routra priamo odchadzaju(v linux terminologii chain Output) a nie pre pakety, ktore nim prechadzaju(chain Forward).
konfiguracia pre interfacie, na ktorom chcem, aby sa priority uplatnovali a z ktoreho mi odchadzaju pakety smerom von:
interface FastEthernet4
ip address 192.168.7.1 255.255.255.248
ip flow ingress
duplex auto
speed auto
priority-group 1
konfiguracia front:
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low
a nakoniec ako urcujem, ktore pakety patria do ktorej fronty-je to cez cisco access-listy:
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389
Na stroj, ktory lezi za interfacom Fa4 a na ktory by sa mala uplatnovat tato politika neustale pingam s tym, ze pakety prichadzaju na interface vlan1 a odchadzaju spominanym Fa4. Politika sa neuplatnuje, pretoze ked dam prikaz show access-list, tak vidim, ze pocitadla access-list 191 sa nezvacsuju. Akonahle ale pingnem tento stroj priamo z routra, tak sa citace zvysia o pocet pingov. To mi je ale na prd, ja potrebujem priority pre pakety, ktore routrom prechadzaju. Stretol sa uz niekto s tym? Alebo presnejsie, co robim nespravne?
Dakujem za kazdu radu...
-
citacum ACL neni nutne verit uplne vsechno. imho se zvetsuji jak se to zrovna ciscu libi, treba kdyz jdou pakety pres procesor (tj. zapocitaji se ty lokalni). Jedina rozumna moznost jak to overit je to proste vyzkouset generovanim zateze na max s jednim prioritnim streamem a druhym neprioritnim. Pokud nebude prioritni vypadavat a neprioritni ano, tak to asi funguje.
-
Dakujem za odpoved.
To, ze sa nezvysuju citace znamena presne to, ze to bohuzial nefunguje :-( Ked pustim ping -f na testovaciu masinu a zaroven na nu vygenerujem obrovsky traffic, tak bohuzial zacne dochadzat k velkej stratovosti pingov, ktore maju najvyssiu prioritu. Ked spustim pingy priamo z routra, tak sa nestrati samozrejme ani jeden a k zvysovaniu citacov dochadza tak ako ma. Ako pisem, k prioritam dochadza iba ak su pakety vygenerovane priamo z routra a tie ktore nim iba prechadzaju sa to netyka. Fakt neviem co s tym...
-
a co říká
show int fa4 na řádcích
Queueing strategy: ??
Output queue:?
případně
> show queueing interface fa4
-
Dakujem za odpoved. Vypisi ktore prikladam potvrdzuju iba to, co uz viem. Bohuzial, kde mam v konfiguracii chybu uz z toho zistit nedokazem...
router#show interfaces fastEthernet 4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0019.e872.b3df (bia 0019.e872.b3df)
Internet address is 192.168.7.1/29
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 01:38:46, output 00:00:00, output hang never
Last clearing of "show interface" counters 20:31:29
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: priority-list 1
Output queue (queue priority: size/max/drops):
high: 0/20/0, medium: 0/40/0, normal: 0/60/0, low: 0/80/0
5 minute input rate 7000 bits/sec, 7 packets/sec
5 minute output rate 7000 bits/sec, 8 packets/sec
6165575 packets input, 638681330 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
6204284 packets output, 663715242 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Prikaz show queueing interface fastEthernet 4 zatial co na testovaci stroj neustale pingam zo stroja ktory je na vlan1
Interface FastEthernet4 queueing strategy: priority
Output queue utilization (queue/count)
high/0 medium/0 normal/0 low/0
Prikaz show queueing interface fastEthernet 4 zatial co urobim 5 pingov na testovaci stroj priamo z routra
Interface FastEthernet4 queueing strategy: priority
Output queue utilization (queue/count)
high/5 medium/0 normal/0 low/0
Zaroven vidim, ze sa zdvihli aj pocitadla na prislusnom access-liste, takze show access-lists
Extended IP access list 191
10 permit tcp any any eq 22
20 permit tcp any eq 22 any
30 permit icmp any any echo (5 matches)
40 permit icmp any any echo-reply
50 permit udp host 192.168.0.245 eq 1498 any
60 permit udp any host 192.168.0.245 eq 1498
70 permit icmp any any
Pripajam vypis zo show running-config
Building configuration...
Current configuration : 6344 bytes
!
! Last configuration change at 16:33:19 A Fri Apr 26 2013 by xxxx
! NVRAM config last updated at 16:38:48 A Fri Apr 26 2013 by xxxx
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 120000 debugging
!
no aaa new-model
!
resource policy
!
clock timezone A 2
ip subnet-zero
ip cef
!
!
!
!
ip flow-cache entries 12000
ip flow-cache timeout active 1
no ip domain lookup
ip domain name domena.cz
!
!
crypto pki trustpoint TP-self-signed-1079832824
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1079832824
revocation-check none
rsakeypair TP-self-signed-1079832824
!
!
crypto pki certificate chain TP-self-signed-1079832824
certificate self-signed 01
....tu je certifikat....
quit
username xxxx privilege 15 secret 5 nejake_heslo.
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 192.168.7.1 255.255.255.248
ip flow ingress
duplex auto
speed auto
priority-group 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.33 255.255.255.0
no ip redirects
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
ip route 192.168.2.0 255.255.255.0 192.168.7.2
ip route 192.168.7.8 255.255.255.248 192.168.7.2
ip route 192.168.97.0 255.255.255.0 192.168.7.2
ip route 192.168.221.0 255.255.255.0 192.168.0.239
!
ip flow-export version 9
ip flow-export destination 192.168.0.1 9995
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 192.168.0.1
access-list 23 permit 192.168.4.2
access-list 23 permit 192.168.0.239
access-list 23 permit 172.32.1.2
access-list 23 permit 192.168.0.208
access-list 23 permit 192.168.0.169
access-list 91 permit 192.168.2.250
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low
snmp-server community public RO
no cdp run
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175066
ntp server 192.168.0.5
end
Takze vysledok je taky, ze PQ sa uplatnuje iba na pakety vychadzajuce priamo z routra. Na pakety prechadzajuce routrom sa to nevzatahuje. Overene nielen vypismi z konfiguracie routra, ale taktiez prakticky. Kde mam v konfiguracii chybu nemam sajnu. Budem rad za kazde nasmerovanie...
-
Nazdar, bude to zniet sialene, ale v praci sme mali IOS bug pri ktorom sa neuplatnoval QOS pri nastaveni auto speed a duplexu na interface. Bolo to pre vyssiu modelovu radu, ale mohlo by to pomoct. Nastav FastEthernet4 na duplex full, speed 100, wr me a reloadni. Ked to nezaberie, vyskusaj iny IOS, napriklad najnovsi c870-advipservicesk9-mz.124-24.T8.bin (alebo co to vlastne mas za router). Daj vediet ci pomohlo ;-)
-
Tak nastavenie rychlosti a duplexu na tvrdo a reload routra bohuzial nepomohlo. Stiahol som najnovsi software z netu, v pondelok porovnam md5sum a ked bude spravny podla cisca tak nahrajem a vyskusam ten novy software. Zatial dakujem za rady a napady, buduci tyzden sa ozvem, ci to pomohlo.
-
Tak som to samozrejme nevydrzal, urobil flash na tom routry a bohuzial nepomohlo :'(
-
posli:
show version
show flash
show running-config all
show log nevypisuje volaco divne?
-
Další postup bych začal opuštěním konfigurace QoS přes "legacy CLI" a přepsal bych to do MQC:
class-map PQ
match access-group 191
policy-map PQ
class PQ
priority percent 75
interface FastEthernet4
service-policy output PQ
-
takze, ideme postupne:
show version
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 09:09 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE
router uptime is 2 hours, 22 minutes
System returned to ROM by reload at 17:39:08 A Sat Apr 27 2013
System restarted at 17:40:04 A Sat Apr 27 2013
System image file is "flash:c870-advipservicesk9-mz.124-24.T8.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK104519XV
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)
Configuration register is 0x2102
show flash:
28672K bytes of processor board System flash (Intel Strataflash)
Directory of flash:/
2 -rwx 21910432 Apr 27 2013 17:20:37 +02:00 c870-advipservicesk9-mz.124-24.T8.bin
3 -rwx 2254 Mar 1 2002 02:03:27 +02:00 sdmconfig-8xx.cfg
4 -rwx 833024 Mar 1 2002 02:03:43 +02:00 es.tar
5 -rwx 1052160 Mar 1 2002 02:04:03 +02:00 common.tar
6 -rwx 1038 Mar 1 2002 02:04:15 +02:00 home.shtml
7 -rwx 102400 Mar 1 2002 02:04:29 +02:00 home.tar
8 -rwx 491213 Mar 1 2002 02:04:45 +02:00 128MB.sdf
9 -rwx 660 Aug 3 2012 13:15:34 +02:00 vlan.dat
27611136 bytes total (3207168 bytes free)
show run all
Building configuration...
Current configuration with default configurations exposed : 12525 bytes
!
version 12.4
parser cache
no service log backtrace
no service config
no service exec-callback
no service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
no service pad
no service telnet-zeroidle
no service tcp-keepalives-in
no service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service exec-wait
no service linenumber
no service internal
no service scripting
no service compress-config
service prompt config
no service old-slip-prompts
no service pt-vty-logging
no service disable-ip-fast-frag
no service sequence-numbers
no service dhcp
!
hostname router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-24.T8.bin
boot-end-marker
!
logging exception 4096
no logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 100
logging queue-limit esm 0
logging queue-limit trap 100
logging buffered 120000
no logging persistent
logging rate-limit console 10 except errors
logging console guaranteed
logging console debugging
logging monitor debugging
logging on
!
no aaa new-model
memory-size iomem 10
clock timezone A 2
errdisable detect cause all
errdisable recovery interval 300
!
crypto pki trustpoint TP-self-signed-1079832824
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1079832824
revocation-check none
rsakeypair TP-self-signed-1079832824
!
!
crypto pki certificate chain TP-self-signed-1079832824
certificate self-signed 01
tu je certifikat
quit
dot11 syslog
dot11 activity-timeout unknown default 60
dot11 activity-timeout client default 60
dot11 activity-timeout repeater default 60
dot11 activity-timeout workgroup-bridge default 60
dot11 activity-timeout bridge default 60
dot11 aaa csid default
ip source-route
ip icmp redirect subnet
ip spd queue threshold minimum 73 maximum 74
!
!
!
!
ip cef
no ip domain lookup
ip domain name domena.cz
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
ip igmp snooping vlan 2
ip igmp snooping vlan 2 mrouter learn pim-dvmrp
ip igmp snooping
no ipv6 cef
ipv6 dhcp ping packets 0
!
multilink bundle-name authenticated
!
cwmp agent
no enable download
no enable
request outstanding 5
parameter change notify interval 60
session retry limit 11
management server username 00000C-CISCO871%2dK9V03-FHK104519XV
no management server password
no management server url
no provision code
no connection request username
no connection request password
no wan ipaddress
!
!
!
file prompt alert
emm clear 1b5b324a1b5b303b30480d
vtp file flash:vlan.dat
vtp mode server
vtp version 1
username xxxx privilege 15 secret 5 tajne_heslo.
!
no crypto isakmp diagnose error
!
!
archive
log config
no record rc
no logging enable
logging size 100
no notify syslog contenttype plaintext
no notify syslog contenttype xml
hidekeys
no path
no rollback filter adaptive
rollback retry timeout 0
scripting tcl low-memory 11758933
scripting tcl trustpoint untrusted terminate
no scripting tcl secure-mode
!
!
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh break-string ~break
ip ssh dh min size 1024
!
!
interface FastEthernet0
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
!
interface FastEthernet1
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
!
interface FastEthernet2
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
!
interface FastEthernet3
switchport access vlan 1
switchport trunk encapsulation dot1q
switchport trunk native vlan 1
switchport trunk allowed vlan 1-4094
switchport mode access
switchport voice vlan none
switchport priority extend none
switchport priority default 0
snmp trap link-status
ip igmp snooping tcn flood
!
interface FastEthernet4
ip address 192.168.7.1 255.255.255.248
ip redirects
ip proxy-arp
ip flow ingress
speed 100
full-duplex
snmp trap link-status
priority-group 1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.0.33 255.255.255.0
no ip redirects
ip proxy-arp
ip tcp adjust-mss 1452
autostate
snmp trap link-status
!
ip classless
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
ip route 192.168.2.0 255.255.255.0 192.168.7.2
ip route 192.168.7.8 255.255.255.248 192.168.7.2
ip route 192.168.97.0 255.255.255.0 192.168.7.2
ip route 192.168.221.0 255.255.255.0 192.168.0.239
ip http server
ip http port 80
ip http access-class 23
ip http authentication local
ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 5
ip http timeout-policy idle 60 life 86400 requests 10000
ip http active-session-modules all
ip http digest algorithm md5
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path
!
ip flow-cache entries 12000
ip flow-cache timeout active 1
ip flow-export version 9
ip flow-export destination 192.168.0.1 9995
!
ip rtcp report interval 5000
ip rtcp sub-rtcp message-type 209
!
no ip sla logging traps
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
logging facility local7
no logging source-interface
access-list 23 permit 192.168.0.1
access-list 23 permit 192.168.4.2
access-list 23 permit 192.168.0.239
access-list 23 permit 172.32.1.2
access-list 23 permit 192.168.0.208
access-list 23 permit 192.168.0.169
access-list 91 permit 192.168.2.250
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low
mac-address-table aging-time 300
no cdp run
!
!
!
!
snmp-server engineID local 8000000903000019E872B3D5
snmp-server view *ilmi system included
snmp-server view *ilmi atmForumUni included
snmp-server view v1default iso included
snmp-server view v1default internet.6.3.15 excluded
snmp-server view v1default internet.6.3.16 excluded
snmp-server view v1default internet.6.3.18 excluded
snmp-server view v1default ciscoMgmt.394 excluded
snmp-server view v1default ciscoMgmt.395 excluded
snmp-server view v1default ciscoMgmt.399 excluded
snmp-server view v1default ciscoMgmt.400 excluded
snmp-server community public v1default RO
snmp-server priority normal
no snmp-server trap link ietf
snmp-server trap authentication vrf
snmp-server trap authentication acl-failure
snmp-server trap authentication unknown-content
snmp-server packetsize 1500
snmp-server queue-limit notification-host 10
snmp-server chassis-id FHK104519XV
snmp-server inform retries 3 timeout 15 pending 25
snmp mib nhrp
snmp mib notification-log globalsize 500
snmp mib notification-log globalageout 15
snmp mib community-map ILMI engineid 8000000903000019E872B3D5
snmp mib community-map public engineid 8000000903000019E872B3D5
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 100000 1000
ntp server 192.168.0.110
cns id hostname
cns id hostname event
cns id hostname image
cns image retry 60
netconf max-sessions 4
netconf lock-time 10
netconf max-message 0
event manager scheduler script thread class default number 1
event manager scheduler applet thread class default number 32
event manager history size events 10
event manager history size traps 10
end
-
Sice ti to bude asi prd platne, ale skusil som si tvoj setup na mojom routri CISCO 871W (to iste co mas aj ty len s wifi kartou naviac), IOS pouzivam ten isty c870-advipservicesk9-mz.124-24.T8.bin a chova sa to rovnako. Pri nastaveni cez "novy" MQC standard (policy-map, class-map) vsetko chodi ako ma:
access list:
access-list 191 permit icmp any any echo
mapy:
class-map match-any COS1
match access-group 191
!
!
policy-map QOS-Map
class COS1
priority percent 20
class class-default
fair-queue
nastavenie WAN portu:
interface FastEthernet4
bandwidth 25000
ip address dhcp
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
no cdp enable
service-policy output QOS-Map
z notebooku na LAN som opingal 100 packetmi server na internete:
cisco871w#sh policy-map interface FastEthernet4
FastEthernet4
Service-policy output: QOS-Map
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 100/7400
Class-map: COS1 (match-any)
100 packets, 7400 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 191
100 packets, 7400 bytes
5 minute rate 0 bps
Priority: 20% (5000 kbps), burst bytes 125000, b/w exceed drops: 0
chodi aj pocitadlo na access-liste:
cisco871w#sh ip access-lists 191
Extended IP access list 191
10 permit icmp any any echo (100 matches)
funguje to spravne aj pri pingani z routra:
cisco871w#ping www.six.sk repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 194.160.23.22, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 8/12/29 ms
cisco871w#sh ip access-lists 191
Extended IP access list 191
10 permit icmp any any echo (200 matches)
zial, teba si neustale zvykat na "novu modu" ;-)...
-
Takze mi to nedalo a po asi dvojdnovom googlovani som na jednej FAQ cisco stranke nasiel toto:
show queueing interface interface-number [vc [[vpi/] vci] - This displays the queueing statistics of an interface or a VC. Even when there is no congestion, you will still be able to see some hits here. The reason for this is that process switched packets are always counted regardless of congestion being present. Cisco Express Forwarding (CEF) and fast-switched packets are not being counted unless there is congestion. The legacy queueing mechanisms like Priority Queueing (PQ), Custom Queueing (CQ), and Weighted Fair Queueing (WFQ), will not provide classification statistics. Only modular Quality of Service Command Line Interface (MQC)-based features in images later than 12.0(5)T provide these statistics.
Takze, PQ, CQ a WFQ queing je prakticky na prd. Sice podla tejto hlasky by sme mali vidiet nejake statistiky vzdy, ale tychto queing strategii sa to netyka. Ze clovek neuvidi statistiky by az tak nevadilo, omnoho horise je, ze tieto quieing strategie sa nebudu uplatnovat ani v praxi, pokial nenastane congestion na danom interface-cize sa nebudu uplatnovat nikdy(to podporuju aj moje testy). poznamka-CEF je zapnute na kazdom routry. Na 100Mbit interfacy ktory je pripojeny k inej lokalite iba linkou cca 35Mbit nedojde ku congestion nikdy(100Mbit interface nevie, ze je pripojeny iba napr. 35Mbit linkou), takze sa nikdy neuplatnia ani tieto queing strategie. A ak budete mat linku vyssiu ako 100Mbit, tak si predsa kupite silnejsi router, aby ste zbytocne neplatili drahsie pripojenie. Tejto strategii od cisca v pripade tychto queing mechanizmov teda fakt nechapem.
Co ale naserie omnoho viac je to, ze toto sa v dokumentacii nikde nedocitate!!! Keby to rovno napisali do dokumentacie, tak si clovek usetri nervy.
Chcem sa podakovat vsetkym prispievatelom za ochotu pri rieseni tohoto problemu.
-
Ono je to celkem pochopitelné. PQ totiž řeší pouze priority při řazení na odvysílání, nikoliv shaping. V tomto smyslu má samozřejmě cisco pravdu a buďme rádi, že nemrší terminologii.
-
Dovolim si s vasim nazorom nesuhlasit :) O mrsenie terminologie tu urcite nejde. Queing je samozrejme nieco urcite ine ako shaping, na tom sa zhodneme. Ale to, preco su urcite queing strategie potlacovane a dochadza k nim iba pri congestion(cize skoro nikdy) a k inym queing strategiam dochadza spravne - teda vzdy tak, ako chceme, podla konfiguracie, je mi zahadou. Vsimnite si totiz, ze v tom odstavci sa pise iba o niektorych queing strategiach, ostatne funguju vzdy a za kazdych okolnosti.
-
Všechny queueing mechanismy se zapojují až při congestion na rozhraní (plný Tx ring), bez výjimky. Citovaný text hovoří v této souvislosti pouze o hitech na counterech.
-
Tak ono na tom neni nic sloziteho, pokud se lisi interface CIR a MIR ( v nasem pripade CIR=35mbit/s , MIR=100mbit/s) a mame ethernet (neni zadny mechanizmus pro congestion notification ), tak je nutne pouzit H-QOS. Jednoduse definujeme shapper na 35/mbit/s a v ramci tohoto shaperu teprve definujeme obsluhu front.
Treba takhle:
policy-map PARENT
class class-default
shape average 35000000
service-policy QUEUES
Tomas
-
Takze to nakoniec nie je bug, ale feature? :-D
-
Presne ako pise Tomas. Queueing sa uplatni len v ramci congestion. Pokial potrebujete aby congestion bola pri nizsej rate ako line rate interfacu, tak shaping.
-
Co ale naserie omnoho viac je to, ze toto sa v dokumentacii nikde nedocitate!!! Keby to rovno napisali do dokumentacie, tak si clovek usetri nervy.
Reaguji v podobném tónu jak je psán ten příspěvek.
Sice má dokumentace i implementace Cisco svá úskalí, ale zrovna tady ses trochu seknul.
V dokumentaci to přeci vždycky píšou, namátkou 2. odstavec:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/congstion_mgmt_oview_ps6350_TSD_Products_Configuration_Guide_Chapter.html
To že nečteš overview aby jsi pochopil co nastavuješ není tak úplně problém Cisca. Problém Cisca je očividně v tom, že ti jejich zařízení dovolí nastavit věci o kterých nic nevíš :)
Vsimnite si totiz, ze v tom odstavci sa pise iba o niektorych queing strategiach, ostatne funguju vzdy a za kazdych okolnosti.
že by to souviselo s tím, že to jsou právě ty "legacy" technologie?