思科N9K交换机配置QOS

需求:思科9504交换机配置QOS,要求按照应用的重要性进行分类,根据分类配置优先级队列,每个分类还要进行限速。

思路:

1、使用ACL配置队列,TOP_1  优先级最高,TOP_7优先级最低。

2、根据ACL配置class-map

3、根据class-map 配置分别配置qos_marking、qos_out-8q等policy,前一个policy配置在入接口进行包分类标记,后一个配置在出接口进行队列按优先级转发。

4、根据class-map 配置qos_out-policy,用于在出接口进行限速。

实现步骤:

1、配置ACL

ip access-list TOP_1
  10 permit tcp any any eq 22000
  20 permit tcp any eq 22000 any
  30 permit tcp any host 10.3.1.11 eq 1433
  40 permit tcp host 10.66.1.11  eq 1433 any

ip access-list TOP_2
  30 permit tcp any any eq telnet 
  40 permit tcp any eq telnet any 
  50 permit tcp any any eq 3389 
  60 permit tcp any eq 3389 any 
  70 permit tcp any any eq 4899 
  80 permit tcp any eq 4899 any 
  90 permit icmp any any 

ip access-list TOP_3
description   voip
  10 permit ip 10.32.9.0/24 10.66.1.111/32 
  20 permit ip 10.32.9.0/24 10.66.1.112/32 
  30 permit ip 10.32.9.0/24 10.66.1.113/32 


ip access-list TOP_4
  10 permit tcp host 10.3.1.15 host 10.67.1.31 eq 1433
  20 permit tcp host 10.67.1.31  eq 1433 host 10.3.1.15
  30 permit tcp host 10.3.1.25 host 10.67.1.35 eq 1433
  40 permit tcp host 10.67.1.35  eq 1433 host 10.3.1.25
  50 permit tcp host 10.3.1.11 host 10.67.1.11 eq 1433

ip access-list TOP_5
  30 permit tcp any any eq 1521 
  40 permit tcp any eq 1521 any 
  50 permit tcp any any eq 1433 
  60 permit tcp any eq 1433 any 
  70 permit tcp any any eq 22
  80 permit tcp any eq 22 any 
  90 permit ip 10.128.32.28/32 any 

ip access-list TOP_7
  10 permit tcp any any eq 445 
  20 permit tcp any eq 445 any 
  70 permit tcp any any eq ftp 
  70 permit tcp any eq ftp any 
  90 permit tcp any any eq ftp-data 
  100 permit tcp any eq ftp-data any 

2、根据ACL配置class-map,TOP-X用于queuing mark打标记,TOP1-X用于限速

class-map type qos match-any TOP_1
  match access-group name TOP_1
class-map type qos match-any TOP_2
  match access-group name TOP_2
class-map type qos match-any TOP_3
  match access-group name TOP_3
class-map type qos match-any TOP_4
  match access-group name TOP_4
class-map type qos match-any TOP_5
  match access-group name TOP_5
class-map type qos match-any TOP_7
  match access-group name TOP_7

class-map type qos match-any TOP1_1
  match access-group name TOP_1
class-map type qos match-any TOP1_2
  match access-group name TOP_2
class-map type qos match-any TOP1_3
  match access-group name TOP_3
class-map type qos match-any TOP1_4
  match access-group name TOP_4
class-map type qos match-any TOP1_5
  match access-group name TOP_5
class-map type qos match-any TOP1_7
  match access-group name TOP_7

3、配置队列标记的policy-map,应用在入接口

policy-map type qos qos_marking
  class TOP_1
    set qos-group 7
  class TOP_2
    set qos-group 6
  class TOP_5
    set qos-group 3
  class TOP_3
    set qos-group 5
  class TOP_4
    set qos-group 4
  class TOP_7
    set qos-group 1

 4、配置queuing的policy,应用在出接口。我们这里使用的是8q,支持8个列队

policy-map type queuing qos_out-8q
  class type queuing c-out-8q-q7
    priority level 1
  class type queuing c-out-8q-q6
    priority level 2
  class type queuing c-out-8q-q5
    priority level 3
  class type queuing c-out-8q-q4
    priority level 4
  class type queuing c-out-8q-q3
    priority level 5
  class type queuing c-out-8q-q2
    priority level 6
  class type queuing c-out-8q-q1
    priority level 7
  class type queuing c-out-8q-q-default
    bandwidth remaining percent 100

5、配置限速的policy,对每个class进行限速,应用在出接口

policy-map type qos qos_out-policy
  class TOP1_1
    police cir 9 mbps bc 1 mbytes conform transmit violate drop
  class TOP1_2
    police cir 9 mbps bc 1 mbytes conform transmit violate drop
  class TOP1_3
    police cir 7 mbps bc 1 mbytes conform transmit violate drop
  class TOP1_4
    police cir 9 mbps bc 1 mbytes conform transmit violate drop
  class TOP1_7
    police cir 4 mbps bc 1 mbytes conform transmit violate drop

6、在接口下调用policy

在入接口调用,对进来的包打标记

vlan configuration 620
  service-policy type qos input qos_marking

在出接口调用,对出去的包使用queuing和进行限速。

interface Ethernet1/43
  description TO-GY
  service-policy type qos output qos_out-policy
  service-policy type queuing output qos_out-8q

7、注意事项

因为N9K交换板卡上有缓存限制,交换机板卡上的缓存已经预分配出去了,可能会出现用于QOS的硬件缓存不足的问题,从而接口下应用policy报错:

报错信息:

SZ-IDC-SD-SW-9504-02(config)# interface Ethernet1/43
SZ-IDC-SD-SW-9504-02(config-if)#   service-policy type qos output qos_out-policy
Unable to perform the action due to incompatibility:  Module 1 returned status "TCAM region is not configured. Please configure TCAM region and retry the command"

我们咨询了思科,解决方案如下:

查看缓存分配大小

show hardware access-list tcam region

重新分配缓存大小,原racl、vqos缓存为1024,原e-racl、e-qos缓存为512,我这里分配了一半.

hardware access-list tcam region racl 512
hardware access-list tcam region e-racl 256
hardware access-list tcam region vqos 512
hardware access-list tcam region e-qos 256

需要重启板卡才能生效

reload module 1

现在就可以继续进行第6步,在接口下配置policy。

Guess you like

Origin blog.csdn.net/netlt/article/details/121328490