viernes, 12 de junio de 2009
Una vez que ya se ha comprendido que los DSCP definen el PHB de los paquetes a través de una red IP, corresponde examinar el símil en redes MPLS. El RFC 3270 (MPLS Support of Differentiated Services) explica cómo se lleva a cabo ésto. Básicamente se basa en el campo EXP del header MPLS. Una buena referencia de Cisco es el documento DiffServ Tunneling Modes for MPLS Networks.
El RFC 3032 (MPLS Label Stack Encoding) define el header MPLS como sigue.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label
| Label | Exp |S| TTL | Stack
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Entry
Label: Label Value, 20 bits
Exp: Experimental Use, 3 bits
S: Bottom of Stack, 1 bit
TTL: Time to Live, 8 bits
Sin embargo, recientemente, el RFC 5462 (MPLS Label Stack Entry: "EXP" Field Renamed to "Traffic Class" Field) le da un nombre más acorde a su uso al campo EXP, denominándolo TC.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label
| Label | TC |S| TTL | Stack
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Entry
Label: Label Value, 20 bits
TC: Traffic Class field, 3 bits
S: Bottom of Stack, 1 bit
TTL: Time to Live, 8 bits
Por lo que si bien en este post se hablará con respecto al campo EXP, en el futuro se debería hacer referencia al campo TC.
En primera instancia se hará muestra de cómo se hace match en la figura utilizada en los post de MPLS/VPN.
Para comenzar se verá el comportamiento por defecto de Cisco IOS, copiar los tres primeros bits del campo DS del header IP (denominados originalmente precedence) al campo EXP del header MPLS. Por lo que si a nivel IP se tiene DS=160 (10100000), el IP precedence sería 101 en binario, equivalente a 5 en notación decimal, por ende EXP = 5. Para el análisis se configurarán service-policys que llamen a class-maps que hagan match con nuestros bits (match ip precedence y match mpls experimental topmost) y se ejecutará un ping (cinco repeticiones) de extremo a extremo.
CE1#ping
Protocol [ip]:
Target IP address: 10.0.0.6
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 160
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/128/156 ms
CE1#
CE1#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: CE-OUT
Class-map: EF (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: class-default (match-any)
15 packets, 1506 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CE1#
PE1#sh policy-map int s1/0
Serial1/0
Service-policy output: BB-OUT
Class-map: EF (match-all)
5 packets, 540 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: class-default (match-any)
103 packets, 32706 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: any
103 packets, 32706 bytes
5 minute rate 1000 bps
PE1#
PE2#sh policy-map int s1/0
Serial1/0
Service-policy output: BB-OUT
Class-map: EF (match-all)
5 packets, 540 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: class-default (match-any)
61 packets, 18592 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: any
61 packets, 18592 bytes
5 minute rate 1000 bps
PE2#
CE2#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: CE-OUT
Class-map: EF (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: class-default (match-any)
12 packets, 1326 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CE2#
Para modificar esto se puede hacer seteo explícito del los bits EXP con el comando set mpls experimental imposition como se realizará en el siguiente ejemplo.
Antes de ejecutar la prueba se limpian los contadores en las interfaces de todos los equipos con clear counters de modo de ilustrar de manera más clara dónde cayeron los cinco pings.
En esta ocasión se utilizará DS=96 (01100000), por tanto el IP precedence es 011 en binario equivalente a 3 en notación decimal, por ende EXP = 3. Se hará match con este valor de precedence a la entrada del PE y se le seteará los bits EXP en 5 acorde a la configuración que sigue.
hostname PE1
!
class-map match-all AF-IP
match ip precedence 3
class-map match-all EF-IP
match ip precedence 5
!
policy-map EDGE-remark
class EF-IP
set mpls experimental imposition 5
class AF-IP
set mpls experimental imposition 5
!
interface FastEthernet2/0
ip vrf forwarding Customer
ip address 10.0.0.1 255.255.255.252
speed auto
duplex auto
service-policy input EDGE-remark
service-policy output EDGE-OUT
Por lo tanto se marcan tanto los paquetes que vienen con ip precedence 3 como 5 con EXP 5, lo que se puede comprobar a nivel de las interfaces seriales en el dominio MPLS.
CE1#ping
Protocol [ip]:
Target IP address: 10.0.0.6
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]: 96
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/173/312 ms
CE1#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: CE-OUT
Class-map: EF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: AF (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 3
Class-map: class-default (match-any)
7 packets, 723 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CE1#
PE1#sh policy-map int f2/0
FastEthernet2/0
Service-policy input: EDGE-remark
Class-map: EF-IP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 5
QoS Set
mpls experimental imposition 5
Packets marked 0
Class-map: AF-IP (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3
QoS Set
mpls experimental imposition 5
Packets marked 5
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Service-policy output: EDGE-OUT
Class-map: EF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: AF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 3
Class-map: EF-IP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: AF-IP (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 3
Class-map: class-default (match-any)
13 packets, 1394 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
13 packets, 1394 bytes
5 minute rate 0 bps
PE1#
PE1# sh policy-map int s1/0
Serial1/0
Service-policy output: BB-OUT
Class-map: EF (match-all)
5 packets, 540 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: class-default (match-any)
110 packets, 37400 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: any
110 packets, 37400 bytes
5 minute rate 1000 bps
PE1#
PE2#sh policy-map int s1/0
Serial1/0
Service-policy output: BB-OUT
Class-map: EF (match-all)
5 packets, 540 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: class-default (match-any)
141 packets, 47742 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: any
141 packets, 47742 bytes
5 minute rate 1000 bps
PE2#
PE2#sh policy-map interface f2/0
FastEthernet2/0
Service-policy input: EDGE-remark
Class-map: EF-IP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 5
QoS Set
mpls experimental imposition 5
Packets marked 0
Class-map: AF-IP (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3
QoS Set
mpls experimental imposition 5
Packets marked 5
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Service-policy output: EDGE-OUT
Class-map: EF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 5
Class-map: AF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: mpls experimental topmost 3
Class-map: EF-IP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: AF-IP (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 3
Class-map: class-default (match-any)
34 packets, 3592 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
34 packets, 3592 bytes
5 minute rate 0 bps
PE2#
CE2#sh policy-map int f0/0
FastEthernet0/0
Service-policy output: CE-OUT
Class-map: EF (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps
Match: ip precedence 5
Class-map: AF (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps
Match: ip precedence 3
Class-map: class-default (match-any)
35 packets, 3615 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
CE2#
No olvidar que los pings se componen de mensajes ICMP de ida y vuelta (Echo Request y Echo Reply). El comando utilizado para ver los politicas en cada interface es: show policy-map interface.
Por último notar que se utilizó set mpls experimental imposition y no set mpls experimental topmost puesto que este último no afecta a paquetes IP que es precisamente lo que habla el PE con el CE (ver los match de entrada y salida a nivel CE-PE; match exclusivamente a ip precedence).
Suscribirse a:
Enviar comentarios (Atom)
En total 0 comentarios: