1

Cisco路由器上qos的设置

 7 months ago
source link: https://bajie.dev/posts/20240124-cisco_qos/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Cisco路由器上qos的设置

2024-01-24 3 分钟阅读

诉求很简单,对客户限速,那么麻烦就很多,怎么限?

先普及一下Cisco的qos知识

单速单桶:

单速单桶模式不允许流量突发,当用户的流量速率小于配置的CIR时,报文被认为是conform;当用户的流量大于CIR时直接被认为是exceed(思科exceed华为violate)。

image-20240124161128865

(图中Tc代表桶里令牌的数量,CBS代表令牌桶的容量即Bc)

如果只配置CIR,不指定Bc,那么默认Bc等于1500bytes或者 CIR数值 / 32
 class 100
  police 8000 conform-action transmit  exceed-action drop 
 class 200
  police cir 8000 conform-action transmit  exceed-action drop 
 class 300
  police 8000 1500 conform-action transmit  exceed-action drop 
 class 400
  police cir 8000 bc 1500 conform-action transmit  exceed-action drop
单速双桶:

支持突发流量,用户的流量会出现三种结果:

image-20240124161359401

(图中Tc、Te代表桶里令牌的数量,CBS,EBS代表令牌桶的容量即Bc、Be)

小于或等于CIR(也就是符合CIR) (conform) 大于CIR并小于或等于CIR与Be之和(也就是符合两个桶令牌之和)(exceed) 超过CIR与Be之和(也就是超过两个桶令牌之和)(violate)

如果只配置CIR、Bc,不指定Be,那么默认Be等于1500bytes或者CIR数值 / 32。
 class 500
  police 8000 1000 conform-action transmit  exceed-action set-prec-transmit 1 violate-action drop 
 class 600
  police 8000 1000 1300 conform-action transmit  exceed-action set-prec-transmit 1 violate-action drop 
 class 700
  police cir 8000 bc 1000 be 1300 conform-action transmit  exceed-action set-prec-transmit 1 violate-action drop
双速双桶:
image-20240124161442705

(图中Tc、Tp代表桶里令牌的数量,CBS,PBS代表令牌桶的容量即Bc、Be)

class 800  
 police cir 8000 bc 1000 pir 8000 be 1200 conform-action transmit  exceed-action transmit  violate-action drop

好,罗嗦了这么多。注意,有可能Cisco的交换机不支持最复杂的1rate,three color,所以你就得更换另外两种方式了。

实战来一下:

policy-map LIMIT-50mbit  
 class class-default
  police cir 50000000 bc 5000000 be 15000000 conform-action transmit exceed-action set-prec-transmit 3 violate-action set-prec-transmit 2

  • cir为承诺的带宽速率,即需要保证的带宽速率,单位为bps;

  • bc为普通突发,单位为bytes;

  • be为最高突发,单位为bytes;

  • set-prec-transmit,表示设置IP优先级并转发数据包;

  • 注意cir和bc、be的单位是不同的,bc和be需要×8,简单算就是×10;

上面整体命令解释为:承诺带宽50Mbps,普通突发为5Mbytes,最高突发为15Mbytes。当速率小于100Mbps(50+50)是转发数据包,当超过100Mbps小于200Mbps(50+150)是重写IP优先级为3并转发数据包,当超过200Mbps是重写IP优先级为2并转发数据包。

可以变种一下,超了100兆直接drop

  police cir 50000000 bc 5000000 be 15000000 conform-action transmit exceed-action drop

最后在端口应用一下策略即可:

interface GigabitEthernet1/0/22  
 description uplink: uplink [50Mbps-200Mbps]
 switchport access vlan 111
 switchport mode access
 storm-control broadcast level 1.00
 storm-control multicast level 5.00
 storm-control action shutdown
 spanning-tree portfast
 spanning-tree bpdufilter enable
 spanning-tree bpduguard enable
 service-policy input LIMIT-50mbit
 service-policy output LIMIT-50mbit
!

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK