У меня стоит задача показать что данная функция на маршрутизаторах работает. Условия таковы:
необходимо настроить так чтобы порт 1(в настройках ESR200 это gi1/0/6, для ESR1000 gi1/0/22) мог либо занимать весь канал между маршрутизаторами (ESR200 - 1/0/2, ESR1000 - 1/0/2), когда нет пакетов от другого порта, либо 70 процентов от скорости. Остальное для порта 2 (ESR200 - 1/0/7, ESR1000 - 1/0/23).
Прикрелёнными конфигами получилось применить политику QoS, но скорость на обоих портах не прыгает выше 20мб. Проверялось iPerf3.
Не понятно следующее: как работает параметр polycy-map/shape auto-distribution, /classXXX/shape peak (ожидаемого эффекта, а именно максимально возможная скорость, не увидел); как влияют значения DSCP? Это просто идентификаторы для настройки приоритета вручную, либо они уже для железа задают приоритетность.
Сетевым инженером не являюсь, поэтому не всё понимаю.
Код: Выделить всё
esr-200 login: admin
Password:
********************************************
* Welcome to ESR-200 *
********************************************
esr-200# sh ru
system fan-speed max
object-group service telnet
port-range 23
exit
object-group service ssh
port-range 22
exit
object-group service dhcp_server
port-range 67
exit
object-group service dhcp_client
port-range 68
exit
object-group service ntp
port-range 123
exit
syslog max-files 3
syslog file-size 512
syslog file tmpsys:syslog/default info
vlan 200
force-up
exit
vlan 2
exit
security zone trusted
exit
security zone untrusted
exit
ip access-list extended q30
rule 1
action permit
match protocol any
match source-address 10.10.30.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q31
rule 1
action permit
match protocol any
match source-address 10.10.31.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q70
rule 1
action permit
match protocol any
match source-address 10.10.70.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q71
rule 1
action permit
match protocol any
match source-address 10.10.71.0 255.255.255.240
match destination-address any
enable
exit
exit
router ospf 20
router-id 2.2.2.2
area 1.1.1.1
network 192.168.0.0/24
network 10.10.10.0/28
network 172.16.28.0/28
network 192.168.10.0/28
network 10.10.31.0/28
network 10.10.71.0/28
enable
exit
enable
exit
class-map q31
set dscp 32
match access-group q31
exit
class-map q71
set dscp 42
match access-group q71
exit
policy-map q7
shape auto-distribution
shape average 100000
class q31
shape average 3000
shape peak 6000
exit
class q71
shape average 30000
shape peak 75000
exit
exit
bridge 200
vlan 200
security-zone trusted
ip firewall disable
ip address 192.168.0.1/24
enable
exit
interface gigabitethernet 1/0/1
security-zone trusted
ip firewall disable
ip address 172.16.28.2/28
ip ospf instance 20
ip ospf area 1.1.1.1
ip ospf
exit
interface gigabitethernet 1/0/2
security-zone trusted
ip firewall disable
ip address 10.10.10.2/28
ip ospf instance 20
ip ospf area 1.1.1.1
ip ospf
qos enable
service-policy output q7
exit
interface gigabitethernet 1/0/3
security-zone trusted
ip firewall disable
ip address 10.10.5.2/28
exit
interface gigabitethernet 1/0/4
shutdown
security-zone trusted
exit
interface gigabitethernet 1/0/5
shutdown
security-zone trusted
exit
interface gigabitethernet 1/0/6
security-zone trusted
ip firewall disable
ip address 10.10.71.1/28
qos enable
service-policy input q7
exit
interface gigabitethernet 1/0/7
security-zone trusted
ip firewall disable
ip address 10.10.31.1/28
qos enable
service-policy input q7
exit
interface gigabitethernet 1/0/8
security-zone trusted
ip firewall disable
switchport access vlan 200
exit
tunnel gre 10
security-zone trusted
ip firewall disable
local address 10.10.5.2
remote address 10.10.5.1
ip address 192.168.10.2/28
ip ospf instance 20
ip ospf area 1.1.1.1
ip ospf
enable
exit
security zone-pair trusted untrusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted self
rule 1
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port telnet
enable
exit
rule 10
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
match source-address any
match destination-address any
enable
exit
rule 30
action permit
match protocol udp
match source-address any
match destination-address any
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match source-address any
match destination-address any
match source-port any
match destination-port ntp
enable
exit
exit
security zone-pair untrusted self
rule 1
action permit
match protocol udp
match source-address any
match destination-address any
match source-port dhcp_server
match destination-port dhcp_client
enable
exit
exit
nat source
ruleset factory
to zone untrusted
rule 10
description "replace 'source ip' by outgoing interface ip address"
match protocol any
match source-address any
match destination-address any
action source-nat interface
enable
exit
exit
exit
ip telnet server
ip ssh server
ntp enable
ntp broadcast-client enable
esr-200#
esr-1000 login: admin
Password:
********************************************
* Welcome to ESR-1000 *
********************************************
Welcome to ESR-1000 on Thu Apr 4 15:24:01 UTC 2002
esr-1000# sh ru
object-group service telnet
port-range 23
exit
object-group service ssh
port-range 22
exit
object-group service dhcp_server
port-range 67
exit
object-group service dhcp_client
port-range 68
exit
object-group service ntp
port-range 123
exit
vlan 100,200
exit
security zone trusted
exit
security zone untrusted
exit
security zone external
exit
security zone internal
exit
ip access-list extended q30
rule 1
action permit
match protocol any
match source-address 10.10.30.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q31
rule 1
action permit
match protocol any
match source-address 10.10.31.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q70
rule 1
action permit
match protocol any
match source-address 10.10.70.0 255.255.255.240
match destination-address any
enable
exit
exit
ip access-list extended q71
rule 1
action permit
match protocol any
match source-address 10.10.71.0 255.255.255.240
match destination-address any
enable
exit
exit
ip prefix-list testPath
exit
router ospf 10
router-id 10.10.10.10
area 1.1.1.1
network 192.168.1.0/24
network 10.10.10.0/28
network 172.16.28.0/28
network 192.168.10.0/28
network 10.10.30.0/28
network 10.10.70.0/28
enable
exit
enable
exit
class-map q30
set dscp 32
match access-group q30
exit
class-map q70
set dscp 42
match access-group q70
exit
policy-map q7
shape auto-distribution
shape average 100000
class q30
shape average 3000
shape peak 6000
exit
class q70
shape average 30000
shape peak 75000
exit
exit
bridge 200
vlan 200
security-zone trusted
ip firewall disable
ip address 192.168.1.1/24
enable
exit
interface gigabitethernet 1/0/1
security-zone trusted
ip firewall disable
ip address 172.16.28.1/28
ip ospf instance 10
ip ospf area 1.1.1.1
ip ospf
exit
interface gigabitethernet 1/0/1.200
bridge-group 200
exit
interface gigabitethernet 1/0/2
security-zone trusted
ip firewall disable
ip address 10.10.10.1/28
ip ospf instance 10
ip ospf area 1.1.1.1
ip ospf
qos enable
service-policy output q7
exit
interface gigabitethernet 1/0/3
security-zone trusted
ip address 10.10.5.1/28
exit
interface gigabitethernet 1/0/22
security-zone trusted
ip firewall disable
ip address 10.10.70.1/28
qos enable
service-policy input q7
exit
interface gigabitethernet 1/0/23
security-zone trusted
ip firewall disable
ip address 10.10.30.1/28
qos enable
service-policy input q7
exit
interface gigabitethernet 1/0/24
security-zone trusted
ip firewall disable
switchport general pvid 200
switchport general allowed vlan add 200 untagged
exit
tunnel gre 10
security-zone trusted
ip firewall disable
local address 10.10.5.1
remote address 10.10.5.2
ip address 192.168.10.1/28
ip ospf instance 10
ip ospf area 1.1.1.1
ip ospf
enable
exit
security zone-pair trusted untrusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted trusted
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair trusted self
rule 1
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port telnet
enable
exit
rule 10
action permit
match protocol tcp
match source-address any
match destination-address any
match source-port any
match destination-port ssh
enable
exit
rule 20
action permit
match protocol icmp
match source-address any
match destination-address any
enable
exit
rule 30
action permit
match protocol udp
match source-address any
match destination-address any
match source-port dhcp_client
match destination-port dhcp_server
enable
exit
rule 40
action permit
match protocol udp
match source-address any
match destination-address any
match source-port any
match destination-port ntp
enable
exit
exit
security zone-pair internal external
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair internal self
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair internal internal
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
security zone-pair external internal
rule 1
action permit
match protocol any
match source-address any
match destination-address any
enable
exit
exit
ip telnet server
ip ssh server
esr-1000#