Cisco priority queueing a forwarding

Cisco priority queueing a forwarding
« kdy: 26. 04. 2013, 17:28:02 »
Na obycajnom cisco 800 routry sa pokusam rozbehat priority queing. Postupujem podla navodu, ale problem je v tom, ze priority queuing sa uplatnuje iba pre pakety, ktore z routra priamo odchadzaju(v linux terminologii chain Output) a nie pre pakety, ktore nim prechadzaju(chain Forward).

konfiguracia pre interfacie, na ktorom chcem, aby sa priority uplatnovali a z ktoreho mi odchadzaju pakety smerom von:

Kód: [Vybrat]
interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip flow ingress
 duplex auto
 speed auto
 priority-group 1

konfiguracia front:
Kód: [Vybrat]
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low

a nakoniec ako urcujem, ktore pakety patria do ktorej fronty-je to cez cisco access-listy:
Kód: [Vybrat]
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389

Na stroj, ktory lezi za interfacom Fa4 a na ktory by sa mala uplatnovat tato politika neustale pingam s tym, ze pakety prichadzaju na interface vlan1 a odchadzaju spominanym Fa4. Politika sa neuplatnuje, pretoze ked dam prikaz show access-list, tak vidim, ze pocitadla access-list 191 sa nezvacsuju. Akonahle ale pingnem tento stroj priamo z routra, tak sa citace zvysia o pocet pingov. To mi je ale na prd, ja potrebujem priority pre pakety, ktore routrom prechadzaju. Stretol sa uz niekto s tym? Alebo presnejsie, co robim nespravne?
Dakujem za kazdu radu...


« Poslední změna: 26. 04. 2013, 22:51:45 od Petr Krčmář »


DgBd

  • ****
  • 282
    • Zobrazit profil
    • E-mail
Re:cisco Priority Queueing
« Odpověď #1 kdy: 26. 04. 2013, 18:40:18 »
citacum ACL neni nutne verit uplne vsechno. imho se zvetsuji jak se to zrovna ciscu libi, treba kdyz jdou pakety pres procesor (tj. zapocitaji se ty lokalni). Jedina rozumna moznost jak to overit je to proste vyzkouset generovanim zateze na max s jednim prioritnim streamem a druhym neprioritnim. Pokud nebude prioritni vypadavat a neprioritni ano, tak to asi funguje.

Re:cisco Priority Queueing
« Odpověď #2 kdy: 26. 04. 2013, 20:22:07 »
Dakujem za odpoved.
To, ze sa nezvysuju citace znamena presne to, ze to bohuzial nefunguje :-( Ked pustim ping -f na testovaciu masinu a zaroven na nu vygenerujem obrovsky traffic, tak bohuzial zacne dochadzat k velkej stratovosti pingov, ktore maju najvyssiu prioritu. Ked spustim pingy priamo z routra, tak sa nestrati samozrejme ani jeden a k zvysovaniu citacov dochadza tak ako ma. Ako pisem, k prioritam dochadza iba ak su pakety vygenerovane priamo z routra a tie ktore nim iba prechadzaju sa to netyka. Fakt neviem co s tym...

DgBd

  • ****
  • 282
    • Zobrazit profil
    • E-mail
Re:cisco Priority Queueing
« Odpověď #3 kdy: 26. 04. 2013, 22:19:10 »
a co říká
Kód: [Vybrat]
show int fa4 na řádcích
Kód: [Vybrat]
Queueing strategy: ??
Output queue:
?

případně
Kód: [Vybrat]
> show queueing interface fa4

Re:Cisco priority queueing a forwarding
« Odpověď #4 kdy: 27. 04. 2013, 14:08:42 »
Dakujem za odpoved. Vypisi ktore prikladam potvrdzuju iba to, co uz viem. Bohuzial, kde mam v konfiguracii chybu uz z toho zistit nedokazem...

router#show interfaces fastEthernet 4
Kód: [Vybrat]
FastEthernet4 is up, line protocol is up
  Hardware is PQUICC_FEC, address is 0019.e872.b3df (bia 0019.e872.b3df)
  Internet address is 192.168.7.1/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 01:38:46, output 00:00:00, output hang never
  Last clearing of "show interface" counters 20:31:29
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: priority-list 1
  Output queue (queue priority: size/max/drops):
     high: 0/20/0, medium: 0/40/0, normal: 0/60/0, low: 0/80/0
  5 minute input rate 7000 bits/sec, 7 packets/sec
  5 minute output rate 7000 bits/sec, 8 packets/sec
     6165575 packets input, 638681330 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     6204284 packets output, 663715242 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Prikaz show queueing interface fastEthernet 4 zatial co na testovaci stroj neustale pingam zo stroja ktory je na vlan1
Kód: [Vybrat]
Interface FastEthernet4 queueing strategy: priority

Output queue utilization (queue/count)
        high/0 medium/0 normal/0 low/0

Prikaz show queueing interface fastEthernet 4 zatial co urobim 5 pingov na testovaci stroj priamo z routra
Kód: [Vybrat]
Interface FastEthernet4 queueing strategy: priority

Output queue utilization (queue/count)
        high/5 medium/0 normal/0 low/0

Zaroven vidim, ze sa zdvihli aj pocitadla na prislusnom access-liste, takze show access-lists
Kód: [Vybrat]
Extended IP access list 191
    10 permit tcp any any eq 22
    20 permit tcp any eq 22 any
    30 permit icmp any any echo (5 matches)
    40 permit icmp any any echo-reply
    50 permit udp host 192.168.0.245 eq 1498 any
    60 permit udp any host 192.168.0.245 eq 1498
    70 permit icmp any any


Pripajam vypis zo show running-config
Kód: [Vybrat]
Building configuration...

Current configuration : 6344 bytes
!
! Last configuration change at 16:33:19 A Fri Apr 26 2013 by xxxx
! NVRAM config last updated at 16:38:48 A Fri Apr 26 2013 by xxxx
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 120000 debugging
!
no aaa new-model
!
resource policy
!
clock timezone A 2
ip subnet-zero
ip cef
!
!
!
!
ip flow-cache entries 12000
ip flow-cache timeout active 1
no ip domain lookup
ip domain name domena.cz
!
!         
crypto pki trustpoint TP-self-signed-1079832824
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1079832824
 revocation-check none
 rsakeypair TP-self-signed-1079832824
!
!
crypto pki certificate chain TP-self-signed-1079832824
 certificate self-signed 01
  ....tu je certifikat....
  quit
username xxxx privilege 15 secret 5 nejake_heslo.
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip flow ingress
 duplex auto
 speed auto
 priority-group 1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.0.33 255.255.255.0
 no ip redirects
 ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
ip route 192.168.2.0 255.255.255.0 192.168.7.2
ip route 192.168.7.8 255.255.255.248 192.168.7.2
ip route 192.168.97.0 255.255.255.0 192.168.7.2
ip route 192.168.221.0 255.255.255.0 192.168.0.239
!
ip flow-export version 9
ip flow-export destination 192.168.0.1 9995
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 192.168.0.1
access-list 23 permit 192.168.4.2
access-list 23 permit 192.168.0.239
access-list 23 permit 172.32.1.2
access-list 23 permit 192.168.0.208
access-list 23 permit 192.168.0.169
access-list 91 permit 192.168.2.250
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low
snmp-server community public RO
no cdp run
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
ntp clock-period 17175066
ntp server 192.168.0.5
end

Takze vysledok je taky, ze PQ sa uplatnuje iba na pakety vychadzajuce priamo z routra. Na pakety prechadzajuce routrom sa to nevzatahuje. Overene nielen vypismi z konfiguracie routra, ale taktiez prakticky. Kde mam v konfiguracii chybu nemam sajnu. Budem rad za kazde nasmerovanie...


message

Re:Cisco priority queueing a forwarding
« Odpověď #5 kdy: 27. 04. 2013, 14:52:02 »
Nazdar, bude to zniet sialene, ale v praci sme mali IOS bug pri ktorom sa neuplatnoval QOS pri nastaveni auto speed a duplexu na interface. Bolo to pre vyssiu modelovu radu, ale mohlo by to pomoct. Nastav FastEthernet4 na duplex full, speed 100, wr me a reloadni. Ked to nezaberie, vyskusaj iny IOS, napriklad najnovsi c870-advipservicesk9-mz.124-24.T8.bin (alebo co to vlastne mas za router). Daj vediet ci pomohlo ;-)

Re:Cisco priority queueing a forwarding
« Odpověď #6 kdy: 27. 04. 2013, 15:48:10 »
Tak nastavenie rychlosti a duplexu na tvrdo a reload routra bohuzial nepomohlo. Stiahol som najnovsi software z netu, v pondelok porovnam md5sum a ked bude spravny podla cisca tak nahrajem a vyskusam ten novy software. Zatial dakujem za rady a napady, buduci tyzden sa ozvem, ci to pomohlo.

Re:Cisco priority queueing a forwarding
« Odpověď #7 kdy: 27. 04. 2013, 17:47:10 »
Tak som to samozrejme nevydrzal, urobil flash na tom routry a bohuzial nepomohlo  :'(

message

Re:Cisco priority queueing a forwarding
« Odpověď #8 kdy: 27. 04. 2013, 18:28:58 »
posli:

show version
show flash
show running-config all

show log nevypisuje volaco divne?

MKo

Re:Cisco priority queueing a forwarding
« Odpověď #9 kdy: 27. 04. 2013, 18:36:15 »
Další postup bych začal opuštěním konfigurace QoS přes "legacy CLI" a přepsal bych to do MQC:

class-map PQ
 match access-group 191

policy-map PQ
 class PQ
  priority percent 75

interface FastEthernet4
 service-policy output PQ

Re:Cisco priority queueing a forwarding
« Odpověď #10 kdy: 27. 04. 2013, 20:11:51 »
takze, ideme postupne:

show version
Kód: [Vybrat]
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Sun 09-Sep-12 09:09 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

router uptime is 2 hours, 22 minutes
System returned to ROM by reload at 17:39:08 A Sat Apr 27 2013
System restarted at 17:40:04 A Sat Apr 27 2013
System image file is "flash:c870-advipservicesk9-mz.124-24.T8.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 871 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK104519XV
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

show flash:
Kód: [Vybrat]
28672K bytes of processor board System flash (Intel Strataflash)

Directory of flash:/

    2  -rwx    21910432  Apr 27 2013 17:20:37 +02:00  c870-advipservicesk9-mz.124-24.T8.bin
    3  -rwx        2254   Mar 1 2002 02:03:27 +02:00  sdmconfig-8xx.cfg
    4  -rwx      833024   Mar 1 2002 02:03:43 +02:00  es.tar
    5  -rwx     1052160   Mar 1 2002 02:04:03 +02:00  common.tar
    6  -rwx        1038   Mar 1 2002 02:04:15 +02:00  home.shtml
    7  -rwx      102400   Mar 1 2002 02:04:29 +02:00  home.tar
    8  -rwx      491213   Mar 1 2002 02:04:45 +02:00  128MB.sdf
    9  -rwx         660   Aug 3 2012 13:15:34 +02:00  vlan.dat

27611136 bytes total (3207168 bytes free)

show run all
Kód: [Vybrat]
Building configuration...

Current configuration with default configurations exposed : 12525 bytes
!
version 12.4
parser cache
no service log backtrace
no service config
no service exec-callback
no service nagle
service slave-log
no service slave-coredump
no service pad to-xot
no service pad from-xot
no service pad cmns
no service pad
no service telnet-zeroidle
no service tcp-keepalives-in
no service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service exec-wait
no service linenumber
no service internal
no service scripting
no service compress-config
service prompt config
no service old-slip-prompts
no service pt-vty-logging
no service disable-ip-fast-frag
no service sequence-numbers
no service dhcp
!
hostname router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-24.T8.bin
boot-end-marker
!
logging exception 4096
no logging count
no logging message-counter log
no logging message-counter debug
logging message-counter syslog
no logging snmp-authfail
no logging userinfo
logging buginf
logging queue-limit 100
logging queue-limit esm 0
logging queue-limit trap 100
logging buffered 120000
no logging persistent
logging rate-limit console 10 except errors
logging console guaranteed
logging console debugging
logging monitor debugging
logging on
!
no aaa new-model
memory-size iomem 10
clock timezone A 2
errdisable detect cause all
errdisable recovery interval 300
!
crypto pki trustpoint TP-self-signed-1079832824
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1079832824
 revocation-check none
 rsakeypair TP-self-signed-1079832824
!
!
crypto pki certificate chain TP-self-signed-1079832824
 certificate self-signed 01
  tu je certifikat
        quit
dot11 syslog
dot11 activity-timeout unknown default 60
dot11 activity-timeout client default 60
dot11 activity-timeout repeater default 60
dot11 activity-timeout workgroup-bridge default 60
dot11 activity-timeout bridge default 60
dot11 aaa csid default
ip source-route
ip icmp redirect subnet
ip spd queue threshold minimum 73 maximum 74
!
!
!
!
ip cef
no ip domain lookup
ip domain name domena.cz
ip igmp snooping vlan 1
ip igmp snooping vlan 1 mrouter learn pim-dvmrp
ip igmp snooping vlan 2
ip igmp snooping vlan 2 mrouter learn pim-dvmrp
ip igmp snooping
no ipv6 cef
ipv6 dhcp ping packets 0
!
multilink bundle-name authenticated
!
cwmp agent
 no enable download
 no enable
 request outstanding 5
 parameter change notify interval 60
 session retry limit 11
 management server username 00000C-CISCO871%2dK9V03-FHK104519XV
 no management server password
 no management server url
 no provision code
 no connection request username
 no connection request password
 no wan ipaddress
!
!
!
file prompt alert
emm clear 1b5b324a1b5b303b30480d
vtp file flash:vlan.dat
vtp mode server
vtp version 1
username xxxx privilege 15 secret 5 tajne_heslo.
!
no crypto isakmp diagnose error
!
!
archive
 log config
  no record rc
  no logging enable
  logging size 100
  no notify syslog contenttype plaintext
  no notify syslog contenttype xml
  hidekeys
 no path
 no rollback filter adaptive
 rollback retry timeout 0
scripting tcl low-memory 11758933
scripting tcl trustpoint untrusted terminate
no scripting tcl secure-mode
!
!
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh break-string ~break
ip ssh dh min size 1024
!
!
interface FastEthernet0
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
!
interface FastEthernet1
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
!
interface FastEthernet2
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
!
interface FastEthernet3
 switchport access vlan 1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 1
 switchport trunk allowed vlan 1-4094
 switchport mode access
 switchport voice vlan none
 switchport priority extend none
 switchport priority default 0
 snmp trap link-status
 ip igmp snooping tcn flood
!
interface FastEthernet4
 ip address 192.168.7.1 255.255.255.248
 ip redirects
 ip proxy-arp
 ip flow ingress
 speed 100
 full-duplex
 snmp trap link-status
 priority-group 1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.0.33 255.255.255.0
 no ip redirects
 ip proxy-arp
 ip tcp adjust-mss 1452
 autostate
 snmp trap link-status
!
ip classless
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 172.32.1.0 255.255.255.0 Vlan1 192.168.0.239
ip route 192.168.2.0 255.255.255.0 192.168.7.2
ip route 192.168.7.8 255.255.255.248 192.168.7.2
ip route 192.168.97.0 255.255.255.0 192.168.7.2
ip route 192.168.221.0 255.255.255.0 192.168.0.239
ip http server
ip http port 80
ip http access-class 23
ip http authentication local
ip http secure-server
ip http secure-port 443
ip http secure-active-session-modules all
ip http max-connections 5
ip http timeout-policy idle 60 life 86400 requests 10000
ip http active-session-modules all
ip http digest algorithm md5
ip http client cache memory pool 100
ip http client cache memory file 2
ip http client cache ager interval 5
ip http client connection timeout 10
ip http client connection retry 1
ip http client connection idle timeout 30
ip http client response timeout 30
ip http path
!
ip flow-cache entries 12000
ip flow-cache timeout active 1
ip flow-export version 9
ip flow-export destination 192.168.0.1 9995
!
ip rtcp report interval 5000
ip rtcp sub-rtcp message-type 209
!
no ip sla logging traps
logging history size 1
logging history warnings
logging trap informational
logging delimiter tcp
logging facility local7
no logging source-interface
access-list 23 permit 192.168.0.1
access-list 23 permit 192.168.4.2
access-list 23 permit 192.168.0.239
access-list 23 permit 172.32.1.2
access-list 23 permit 192.168.0.208
access-list 23 permit 192.168.0.169
access-list 91 permit 192.168.2.250
access-list 191 permit tcp any any eq 22
access-list 191 permit tcp any eq 22 any
access-list 191 permit icmp any any echo
access-list 191 permit icmp any any echo-reply
access-list 191 permit udp host 192.168.0.245 eq 1498 any
access-list 191 permit udp any host 192.168.0.245 eq 1498
access-list 191 permit icmp any any
access-list 193 permit tcp any eq 3389 any
access-list 193 permit tcp any any eq 3389
priority-list 1 protocol ip high list 191
priority-list 1 protocol ip normal list 193
priority-list 1 protocol ip high list 91
priority-list 1 default low
mac-address-table aging-time 300
no cdp run

!
!
!
!
snmp-server engineID local 8000000903000019E872B3D5
snmp-server view *ilmi system included
snmp-server view *ilmi atmForumUni included
snmp-server view v1default iso included
snmp-server view v1default internet.6.3.15 excluded
snmp-server view v1default internet.6.3.16 excluded
snmp-server view v1default internet.6.3.18 excluded
snmp-server view v1default ciscoMgmt.394 excluded
snmp-server view v1default ciscoMgmt.395 excluded
snmp-server view v1default ciscoMgmt.399 excluded
snmp-server view v1default ciscoMgmt.400 excluded
snmp-server community public v1default RO
snmp-server priority normal
no snmp-server trap link ietf
snmp-server trap authentication vrf
snmp-server trap authentication acl-failure
snmp-server trap authentication unknown-content
snmp-server packetsize 1500
snmp-server queue-limit notification-host 10
snmp-server chassis-id FHK104519XV
snmp-server inform retries 3 timeout 15 pending 25
 snmp mib nhrp
snmp mib notification-log globalsize 500
snmp mib notification-log globalageout 15
snmp mib community-map  ILMI engineid 8000000903000019E872B3D5
snmp mib community-map  public engineid 8000000903000019E872B3D5
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
         
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
alias exec h help
alias exec lo logout
alias exec p ping
alias exec r resume
alias exec s show
alias exec u undebug
alias exec un undebug
alias exec w where
default-value exec-character-bits 7
default-value special-character-bits 7
default-value data-character-bits 8
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 100000 1000
ntp server 192.168.0.110
cns id hostname
cns id hostname event
cns id hostname image
cns image retry 60
netconf max-sessions 4
netconf lock-time 10
netconf max-message 0
event manager scheduler script thread class default number 1
event manager scheduler applet thread class default number 32
event manager history size events 10
event manager history size traps 10
end

message

Re:Cisco priority queueing a forwarding
« Odpověď #11 kdy: 28. 04. 2013, 00:05:22 »
Sice ti to bude asi prd platne, ale skusil som si tvoj setup na mojom routri CISCO 871W (to iste co mas aj ty len s wifi kartou naviac), IOS pouzivam ten isty c870-advipservicesk9-mz.124-24.T8.bin a chova sa to rovnako. Pri nastaveni cez "novy" MQC standard (policy-map, class-map) vsetko chodi ako ma:

access list:
Kód: [Vybrat]
access-list 191 permit icmp any any echo

mapy:
Kód: [Vybrat]
class-map match-any COS1
 match access-group 191
!
!
policy-map QOS-Map
 class COS1
    priority percent 20
 class class-default
    fair-queue

nastavenie WAN portu:
Kód: [Vybrat]
interface FastEthernet4
 bandwidth 25000
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
 no cdp enable
 service-policy output QOS-Map

z notebooku na LAN som opingal 100 packetmi server na internete:
Kód: [Vybrat]
cisco871w#sh policy-map interface FastEthernet4
 FastEthernet4

  Service-policy output: QOS-Map

    queue stats for all priority classes:
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 100/7400

    Class-map: COS1 (match-any)
      100 packets, 7400 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 191
        100 packets, 7400 bytes
        5 minute rate 0 bps
      Priority: 20% (5000 kbps), burst bytes 125000, b/w exceed drops: 0

chodi aj pocitadlo na access-liste:
Kód: [Vybrat]
cisco871w#sh ip access-lists 191
Extended IP access list 191
    10 permit icmp any any echo (100 matches)


funguje to spravne aj pri pingani z routra:
Kód: [Vybrat]
cisco871w#ping www.six.sk repeat 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 194.160.23.22, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 8/12/29 ms
cisco871w#sh ip access-lists 191               
Extended IP access list 191
    10 permit icmp any any echo (200 matches)

zial, teba si neustale zvykat na "novu modu" ;-)...

Re:Cisco priority queueing a forwarding
« Odpověď #12 kdy: 29. 04. 2013, 15:57:24 »
Takze mi to nedalo a po asi dvojdnovom googlovani som na jednej FAQ cisco stranke nasiel toto:

Citace
show queueing interface interface-number [vc [[vpi/] vci] - This displays the queueing statistics of an interface or a VC. Even when there is no congestion, you will still be able to see some hits here. The reason for this is that process switched packets are always counted regardless of congestion being present. Cisco Express Forwarding (CEF) and fast-switched packets are not being counted unless there is congestion. The legacy queueing mechanisms like Priority Queueing (PQ), Custom Queueing (CQ), and Weighted Fair Queueing (WFQ), will not provide classification statistics. Only modular Quality of Service Command Line Interface (MQC)-based features in images later than 12.0(5)T provide these statistics.

Takze, PQ, CQ a WFQ queing je prakticky na prd. Sice podla tejto hlasky by sme mali vidiet nejake statistiky vzdy, ale tychto queing strategii sa to netyka. Ze clovek neuvidi statistiky by az tak nevadilo, omnoho horise je, ze tieto quieing strategie sa nebudu uplatnovat ani v praxi, pokial nenastane congestion na danom interface-cize sa nebudu uplatnovat nikdy(to podporuju aj moje testy). poznamka-CEF je zapnute na kazdom routry. Na 100Mbit interfacy ktory je pripojeny k inej lokalite iba linkou cca 35Mbit nedojde ku congestion nikdy(100Mbit interface nevie, ze je pripojeny iba napr. 35Mbit linkou), takze sa nikdy neuplatnia ani tieto queing strategie. A ak budete mat linku vyssiu ako 100Mbit, tak si predsa kupite silnejsi router, aby ste zbytocne neplatili drahsie pripojenie. Tejto strategii od cisca v pripade tychto queing mechanizmov teda fakt nechapem.
Co ale naserie omnoho viac je to, ze toto sa v dokumentacii nikde nedocitate!!! Keby to rovno napisali do dokumentacie, tak si clovek usetri nervy.

Chcem sa podakovat vsetkym prispievatelom za ochotu pri rieseni tohoto problemu.

DgBd

  • ****
  • 282
    • Zobrazit profil
    • E-mail
Re:Cisco priority queueing a forwarding
« Odpověď #13 kdy: 29. 04. 2013, 16:26:19 »
Ono je to celkem pochopitelné. PQ totiž řeší pouze priority při řazení na odvysílání, nikoliv shaping. V tomto smyslu má samozřejmě cisco pravdu a buďme rádi, že nemrší terminologii.

Re:Cisco priority queueing a forwarding
« Odpověď #14 kdy: 30. 04. 2013, 00:29:02 »
Dovolim si s vasim nazorom nesuhlasit  :) O mrsenie terminologie tu urcite nejde. Queing je samozrejme nieco urcite ine ako shaping, na tom sa zhodneme. Ale to, preco su urcite queing strategie potlacovane a dochadza k nim iba pri congestion(cize skoro nikdy) a k inym queing strategiam dochadza spravne - teda vzdy tak, ako chceme, podla konfiguracie, je mi zahadou. Vsimnite si totiz, ze v tom odstavci sa pise iba o niektorych queing strategiach, ostatne funguju vzdy a za kazdych okolnosti.