MSR产品分层QoS CAR特性功能的配置
一、 组网需求:
分支机构两台MSR路由器, 每台MSR路由器有3个接口,分别连接上行线路,互联链路,内部局域网线路,两条上行线路分别申请10Mbps带宽,通过MSTP链路分别与上行路由器连接。网络业务主要分为三种,OA办公业务、生产业务和实时数据流,要求OA业务优先走MSR路由器A,生产业务和实时数据流业务优先走MSR路由器B;MSR路由器A在连接局域网接口限制入方向OA业务流量为10Mbps,对于超出的流量Remark优先级并通过互联接口转交给MSR路由器B转发;MSR路由器B连接局域网接口对入方向总带宽限制10Mbps,对于实时数据流业务限制带宽为4Mbps,超出的流量丢弃;对于生产业务限制为6Mbps,当实时业务流量不超过4Mbps时,生产业务可以超过6Mbps限速,占用实时业务剩余带宽,当实时业务流量达到4Mbps,对于超过6Mbps的生产业务Remark优先级并转交给MSR路由器A转发。在两台MSR路由器的出接口分别配置CBQ对各种业务流量带宽进行保证
二、 组网图:
三、 配置步骤:
适用设备和版本:MSR系列、2207及以后版本。
1. MSR-A配置概要说明:
#
firewall enable
#
acl number 3000 //匹配OA业务ACL
description OA
rule 0 permit ip source 192.168.1.100 0
acl number 3001 //匹配实时业务ACL
description RealTimeTraffic
rule 0 permit ip source 192.168.1.101 0
acl number 3003 //匹配生产业务ACL
description manufacture
rule 0 permit ip source 192.168.1.102 0
acl number 3100 //定义策略路由匹配流量ACL规则
description ExceedTraffic
rule 0 permit ip dscp af11
acl number 3200 //定义TRACK探测报文ACL规则
description track
rule 0 permit icmp dscp 63
#
traffic classifier oa operator and //定义OA业务流
if-match acl 3000
traffic classifier track operator and //定义探测业务流
if-match acl 3200
#
traffic behavior oa //定义OA业务动作,入AF队列带宽保障10M
queue af bandwidth 10000
traffic behavior track //定义TRACK,入EF队列带宽保障10K
queue ef bandwidth 10 cbs 1500
#
qos policy wan //关联OA业务,TRACK流行为与动作
classifier track behavior track
classifier oa behavior oa
#
interface Ethernet0/0
port link-mode route
ip address 192.168.1.253 255.255.255.0 //配置局域网接口地址
vrrp vrid 1 virtual-ip 192.168.1.1 //配置VRRP组,OA业务vrid 1做主
vrrp vrid 1 priority 120
vrrp vrid 2 virtual-ip 192.168.1.2
qos car inbound acl 3000 cir 10000 cbs 625000 ebs 0 green pass red remark-dscp-pass af11 //对于局域网入接口做CAR, OA业务超出10Mbps流量Remark DSCP为AF11
ip policy-based-route exceed //对于标记为AF11的流量通过策略路由转发到MSR-B上
#
interface Ethernet0/1 //配置上行接口
port link-mode route
ip address 20.1.1.2 255.255.255.0
qos reserved-bandwidth pct 100
qos lr outbound cir 10000 cbs 625000 ebs 0 //限速10M
qos apply policy wan outbound //应用QOS策略保障OA业务上行10M带宽,同时保证TRACK流量带宽
#
interface GigabitEthernet2/0 //MSR-A与MSR-B互联接口
port link-mode route
ip address 10.1.1.1 255.255.255.0
#
nqa entry icmp 1 //配置NQA探测报文保证上行链路可到
type icmp-echo
destination ip 20.1.1.1 //配置探测地址
frequency 1000
next-hop 20.1.1.1
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only tos 252
#
policy-based-route exceed permit node 1 //配置策略路由下一跳为MSR-B
if-match acl 3100
apply ip-address next-hop 10.1.1.2
#
ip route-static 0.0.0.0 0.0.0.0 20.1.1.1 track 1
//NQA与静态路由联动监控上行链路
ip route-static 0.0.0.0 0.0.0.0 10.1.1.2 preference 100
//通过静态路由优先级做线路备份
#
track 1 nqa entry icmp 1 reaction 1
#
nqa schedule icmp 1 start-time now lifetime forever
#
ntp-service unicast-server 10.165.254.170
#
2. MSR-B配置概要说明:
#
firewall enable
#
acl number 3000 //匹配OA业务ACL
description OA
rule 0 permit ip source 192.168.1.100 0
acl number 3001 //匹配实时业务ACL
description RealTimeTraffic
rule 0 permit ip source 192.168.1.101 0
acl number 3003 //匹配生产业务ACL
description manufacture
rule 0 permit ip source 192.168.1.102 0
acl number 3004 //匹配实时加生产业务ACL
description RealTimeTraffic+manufacture
rule 0 permit ip source 192.168.1.101 0
rule 5 permit ip source 192.168.1.102 0
acl number 3100 //对于超出的AF11流量做ACL匹配
description ExceedTraffic
rule 0 permit ip dscp af11
acl number 3200 //对于TRACK流量做ACL匹配
description track
rule 0 permit icmp dscp 63
#
traffic classifier manufacture operator and
if-match acl 3003 //定义匹配生产业务ACL
traffic classifier track operator and
if-match acl 3200 //定义匹配TRACK业务ACL
traffic classifier RealTimeTraffic operator and
if-match acl 3001 //定义实时业务ACL
#
traffic behavior manufacture
queue af bandwidth 6000 //生产业务带宽保障6M
traffic behavior track
queue ef bandwidth 10 cbs 1500 //TRACK探测流量保证10K
traffic behavior RealTimeTraffic
queue ef bandwidth 4000 cbs 100000 //实时业务保障4M
#
qos policy wan //定义上行口QOS策略关联生产与实时业务
classifier track behavior track
classifier RealTimeTraffic behavior RealTimeTraffic
classifier manufacture behavior manufacture
#
interface Ethernet0/0 //定义VRRP组
port link-mode route
ip address 192.168.1.254 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1
vrrp vrid 2 virtual-ip 192.168.1.2
vrrp vrid 2 priority 120
qos car inbound acl 3001 cir 4000 cbs 250000 ebs 0 green pass red discard
//限制入方向实时业务流量为4Mbps,超出部分丢弃
qos car inbound acl 3003 cir 6000 cbs 375000 ebs 0 green pass red continue
//限制生产业务流量为6M
qos car inbound acl 3004 cir 10000 cbs 625000 ebs 0 green pass red remark-dscp-pass af11
//限制生产与实时业务总流量为10Mbps,
ip policy-based-route exceed //对于总流量大于10M的部分做策略路由
#
interface Ethernet0/1
port link-mode route
ip address 30.1.1.2 255.255.255.0
qos reserved-bandwidth pct 100
qos lr outbound cir 10000 cbs 625000 ebs 0
qos apply policy wan outbound
// 应用QOS策略保障上行策略,同时保障TRACK流量带宽
#
interface Ethernet2/0
port link-mode route
ip address 10.1.1.2 255.255.255.0
#
interface NULL0
#
nqa entry icmp 1 //配置NQA探测规则
type icmp-echo
destination ip 30.1.1.1
frequency 1000
next-hop 30.1.1.1
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only tos 252
#
policy-based-route exceed permit node 1
if-match acl 3100
apply ip-address next-hop 10.1.1.1
//配置策略路由下一跳为MSR-A
#
ip route-static 0.0.0.0 0.0.0.0 30.1.1.1 track 1
//NQA与静态路由联动监控上行链路
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 preference 100
//通过静态路由优先级做线路吧备份
#
track 1 nqa entry icmp 1 reaction 1
#
nqa schedule icmp 1 start-time now lifetime forever
#
四、 配置关键点:
1. 使用源地址192.168.1.100模拟OA业务,192.168.1.101模拟实时业务,192.168.1.102模拟生产业务;
2. MSR-A和MSR-B连接局域网接口配置两个VRRP组,OA业务使用VRRP1做为网关,默认MSR-A做主设备;实时和生产业务使用VRRP2做为网关,默认MSR-B做为主设备;
3. MSR-A连接局域网接口配置入方向CAR,对于超出10Mbps流量Remark DSCP为AF11然后通过策略路由转发到MSR-B上;上行链路接口配置CBQ,保证链路拥塞时OA业务带宽为10Mbps,业务不拥塞的情况下转发部分由MSR-B发送过来的流量;
4. MSR-B连接局域网接口配置入方向分层CAR,首先限制实时业务流量为4Mbps,对于超出流量丢弃;限制生产业务流量为6M,限制总流量为10Mbps,当实时业务没有达到4Mbps时,生产业务可以占用实时业务剩余带宽;对于超出总带宽10Mbps的生产业务Remark DSCP为AF11,并通过策略路由转发给MSR-A;
5. MSR-A和MSR-B上配置两条优先级不同的静态默认路由,并且主路由管理Track,检测上行线路的状态,当上行线路出现问题时将流量切换到互联接口转发;
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作