在处理转发不通、丢包这类的问题时,流量统计是判断丢包位置最常用的手段。对于MPLS组网,由于设备根据标签对报文进行转发,因此不能通过匹配报文源目IP的方式进行流统。此案例中介绍一种对MPLS报文进行流统的方法。
三台设备通过OSPF互通,各接口使能mpls及mpls ldp。RT1、RT3分别有到达对方loopback口的32位路由及mpls lsp。我们来对RT1与RT3环回口之间互相访问的mpls报文进行流统。
在通过QOS的方式做流量统计匹配IP报文时,我们是在traffic classifier中匹配acl。对于MPLS报文,可以在traffic classifier中匹配mpls-exp,同时在设备上ping的时候带上对应的-tos字段。具体配置可以参考下面:
当RT1以源地址1.1.1.1/32去ping对端RT3的环回口地址3.3.3.3/32时,对于RT1的G0/0接口,由于入方向的报文在倒数第二跳时已弹出标签,匹配报文按照IP源目地址匹配即可,对于G0/0出方向,需要匹配mpls-exp,
[RT1]acl advanced 3000
[RT1-acl-ipv4-adv-3000]rule permit ip source 3.3.3.3 0 destination 1.1.1.1 0
[RT1-acl-ipv4-adv-3000]quit
[RT1]traffic classifier 3000
[RT1-classifier-3000]if-match acl 3000
[RT1-classifier-3000]quit
[RT1]traffic behavior 3000
[RT1-behavior-3000]filter permit //在V7设备上,做流统的behavior里面没有accounting packet命令,可以配置filter permit,也可以空着
[RT1-behavior-3000]quit
[RT1]qos policy 3000 //该策略用于统计入方向报文
[RT1-qospolicy-3000]classifier 3000 behavior 3000
[RT1-qospolicy-3000]quit
[RT1]traffic classifier mpls //用于匹配出方向带标签的报文
[RT1-classifier-mpls]if-match mpls-exp 5
[RT1-classifier-mpls]quit
[RT1]traffic behavior mpls
[RT1-behavior-mpls]quit
[RT1]qos policy mpls
[RT1-qospolicy-mpls]classifier mpls behavior mpls
[RT1-qospolicy-mpls]quit
[RT1]interface GigabitEthernet 0/0
[RT1-GigabitEthernet0/0]qos apply policy 3000 inbound
[RT1-GigabitEthernet0/0]qos apply policy mpls outbound
[RT1-GigabitEthernet0/0]return
之后在RT1上ping测试,需要带-tos字段,tos值与mpls-exp是一一对应的。例如对于我们上述配置中所匹配的mpls-exp 5,ping的时候带的tos值为160。具体对应关系为如下,
Tos |
0 |
32 |
64 |
96 |
128 |
160 |
192 |
224 |
Mpls-exp |
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
测试结果:
<RT1>ping -tos 160 -a 1.1.1.1 3.3.3.3
Ping 3.3.3.3 (3.3.3.3) from 1.1.1.1: 56 data bytes, press CTRL_C to break
56 bytes from 3.3.3.3: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 3.3.3.3: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 3.3.3.3: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 3.3.3.3: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 3.3.3.3: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 3.3.3.3 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
%Jun 29 16:49:01:840 2017 RT1 PING/6/PING_STATISTICS: Ping statistics for 3.3.3.3: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms.
<RT1>display qos policy interface g 0/0
Interface: GigabitEthernet0/0
Direction: Inbound
Policy: 3000
Classifier: default-class
Matched : 2 (Packets) 158 (Bytes)
5-minute statistics:
Forwarded: 0/0 (pps/bps)
Dropped : 0/0 (pps/bps)
Operator: AND
Rule(s) :
If-match any
Behavior: be
-none-
Classifier: 3000
Matched : 5 (Packets) 490 (Bytes)
5-minute statistics:
Forwarded: 0/0 (pps/bps)
Dropped : 0/0 (pps/bps)
Operator: AND
Rule(s) :
If-match acl 3000
Behavior: 3000
Filter enable: Permit
Interface: GigabitEthernet0/0
Direction: Outbound
Policy: mpls
Classifier: default-class
Matched : 3 (Packets) 234 (Bytes)
5-minute statistics:
Forwarded: 0/0 (pps/bps)
Dropped : 0/0 (pps/bps)
Operator: AND
Rule(s) :
If-match any
Behavior: be
-none-
Classifier: mpls
Matched : 5 (Packets) 510 (Bytes)
5-minute statistics:
Forwarded: 0/0 (pps/bps)
Dropped : 0/0 (pps/bps)
Operator: AND
Rule(s) :
If-match mpls-exp 5
Behavior: mpls
-none-
同理,对于RT2、RT3,同样可以通过匹配mpls-exp的方式对mpls报文进行流统。例如对于此示例中,RT2的G0/0接口入方向可以匹配mpls-exp 5,出方向可以匹配源目IP地址,以统计接口进出报文数。具体配置及测试结果此处不再赘述。
1)对于带标签的报文,不能通过匹配源目IP的方式进行流统,需要匹配mpls-exp优先级,同时在ping的时候带上对应的-tos值;
2)需要分析报文到达特定接口时是否带标签,要考虑到倒数第二跳等情况,对于不带标签的报文,仍通过常规的匹配源目IP的方式进行流统。
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作