© 2001, Cisco Systems, Inc. Classification and Marking

© 2001, Cisco Systems, Inc.

Classification and Marking

© 2001, Cisco Systems, Inc. QOS v1.0—2-2

ObjectivesObjectives

Upon completing this module, you will be able to: • Describe policy-based routing and how it can be

used to classify and mark IP packets

• Describe QoS Policy Propagation on BGP and how it can be used to classify and mark IP packets

• List other mechanisms that also support classification and marking capabilities (committed access rate, class-based policing, and class-based marking)


Traffic Classification and MarkingTraffic Classification and Marking

Classification• Most QoS mechanisms in Cisco IOS include

some type of classification.

• Some mechanisms classify packets automatically; some require manual configuration.

Marking• Only a small number of mechanisms also

include a marking capability.


Traffic Classification and Marking (cont.)

Traffic Classification and Marking (cont.)

• This module describes the two mechanisms that are used for classification and marking only:

–Policy-based routing (PBR)

–QoS Policy Propagation on BGP (QPPB)

• Other classification and marking mechanisms are described in other QoS modules.

Policy-based RoutingPolicy-based Routing

QOS v1.0—2-5© 2001, Cisco Systems, Inc.



Upon completing this lesson, you will be able to: • Describe the PBR mechanism

• Configure the PBR mechanism on Cisco routers

• Monitor and troubleshoot PBR


Policy-based RoutingPolicy-based Routing

• Policy-based Routing (PBR) is a mechanism that can be used to bypass the default destination-based forwarding functionality of routers

• PBR is implemented using a route map where match commands are used to classify packets and set commands are used to process packets

• Route maps are applied to interfaces for processing of inbound packets (forwarding and/or marking)


PBR Match and Set OptionsPBR Match and Set Options

PBR has two primary applications:• Implementation of more complex routing paradigms than a simple

destination-based forwarding

• Classification and marking of packets for QoS purposes

Match on:• Standard and extended access lists

• Length of packets (min, max)

Match on:• Standard and extended access lists

• Length of packets (min, max)

Set:• Output interface (bypass the routing table)

• Next-hop address (bypass the routing table)

• ToS field (QoS marking)• IP Precedence (QoS marking)• QoS group (QoS marking)

Set:• Output interface (bypass the routing table)

• Next-hop address (bypass the routing table)

• ToS field (QoS marking)• IP Precedence (QoS marking)• QoS group (QoS marking)

Outputinterface

Inputinterface

IPIP


InboundorLocally originated

PBR CapabilitiesPBR Capabilities

Classifier Marker Dropper

Meter

Outbound

Classifier Marker Shaper Dropper

Meter

Forwarding

Queuing

PBR can only classify and mark inbound or locally originated packets

PBR can only classify and mark inbound or locally originated packets


Configuring Classification and Marking Using PBR

Configuring Classification and Marking Using PBR

• Create a route map

• Apply the route map to:

–An incoming interface, or

• Apply the route map to:

–Locally originated traffic

• Monitor and debug policy routing


Route Map RulesRoute Map Rules

• Route maps are identified by a case-sensitive name.

• Route maps can have multiple statements (same name, different sequence number).

• Packets are processed in the specified sequence.

• Packets not matched by the route map are forwarded using the default destination-based forwarding.

• If packets are matched by the “match” condition but the route map statement is using the “deny” option, the default destination-based forwarding is applied to the packet.

route-map <name> [permit | deny] [<sequence-number>] match <condition> set <parameter>

Router(config)#


PBR ClassificationPBR Classification

match ip address <#acl>

Router(config-route-map)#

• Classify using a standard access list against the source address

• Classify using an extended access list against the source or destination address; source or destination TCP/UDP port; IP Precedence; DSCP; or ToS

match length <min> <max>


• Classify using a range of packet lengths that will be matched by the route-map statement


PBR MarkingPBR Marking

set ip precedence <precedence>


• Set the specified IP Precedence to packets matched by the route map• IP Precedence supports eight classes, two are reserved (6 and 7)

set ip tos <tos>


• Set the low-order four bits of the type of service (ToS) field• These bits are used to specify the delay, throughput, reliability and

monetary cost parameters. (specified in RFC 791; no longer used after RFC 1812)

set ip qos-group <qos-group>


• Classify using a range of packet lengths that will be matched by the route-map statement

• QoS group supports 100 classes (0-99)


Applying a Route MapApplying a Route Map

ip policy-map <route-map-name>

Router(config-if)#

• Specifies the route map used to set QoS and other policy-routing parameters for packets received through the specified interface

ip local policy-map <route-map-name>

Router(config)#

• Specifies the route map used to set QoS and other policy-routing parameters for packets generated by the router


Monitoring and Troubleshooting PBR

Monitoring and Troubleshooting PBR

show route-map <name>

Router#

• Displays the route map and number of packets and bytes matched by each statement

debug ip policy

Router#

• Displays all packets matched by policy routing route maps


Monitoring and Debugging Policy Routing

Monitoring and Debugging Policy Routing

Router#show route-map CPEroute-map CPE, permit, sequence 10 Match clauses: ip address (access-lists): 199 Set clauses: ip precedence flash-override Policy routing matches: 3418 packets, 412108 bytesroute-map CPE, permit, sequence 20 Match clauses: ip address (access-lists): MatchPing Set clauses: ip precedence priority Policy routing matches: 82 packets, 31045 bytesRouter#show access-list MatchPingExtended IP access list MatchPing permit icmp any any echo (25 matches)Router#

Router#show route-map CPEroute-map CPE, permit, sequence 10 Match clauses: ip address (access-lists): 199 Set clauses: ip precedence flash-override Policy routing matches: 3418 packets, 412108 bytesroute-map CPE, permit, sequence 20 Match clauses: ip address (access-lists): MatchPing Set clauses: ip precedence priority Policy routing matches: 82 packets, 31045 bytesRouter#show access-list MatchPingExtended IP access list MatchPing permit icmp any any echo (25 matches)Router#


Monitoring and Debugging Policy Routing (cont.)

Monitoring and Debugging Policy Routing (cont.)

Router#debug ip policyPolicy routing debugging is onRouter#ping 192.168.1.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 msRouter#2d02h: IP: s=192.168.1.2 (local), d=192.168.1.1, len 100, policy match2d02h: IP: route map CPE, item 20, permit...

Router#debug ip policyPolicy routing debugging is onRouter#ping 192.168.1.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/31/32 msRouter#2d02h: IP: s=192.168.1.2 (local), d=192.168.1.1, len 100, policy match2d02h: IP: route map CPE, item 20, permit...


IP Precedence MarkingCase Study #1


• A branch office of a bank has two LANs connected to an access router:

• Ethernet 0 serves the front office with the real-time transactions.

• Ethernet 1 serves the back office with not needed in real time transactions (like e-mail).

• The network provides different services to two classes:

• Business traffic (marked with IP Precedence 2)

• Other traffic (marked with IP Precedence 0)

• Packets coming from Ethernet 0 should be classified and marked as business traffic.

• Packets coming from Ethernet 1 should be classified and marked as other traffic.


Core

WAN Core

BranchOffice

E0

E1

Case #1 - SolutionCase #1 - Solution

interface ethernet 0 ip policy-map set-prec-2!interface ethernet 1 ip policy-map set-prec-0!route-map set-prec-2 permit 10 set ip precedence 2!route-map set-prec-0 permit 10 set ip precedence 0

interface ethernet 0 ip policy-map set-prec-2!interface ethernet 1 ip policy-map set-prec-0!route-map set-prec-2 permit 10 set ip precedence 2!route-map set-prec-0 permit 10 set ip precedence 0

Mark all traffic with IP Precedence 2Mark all traffic with IP Precedence 2

Mark all traffic with IP Precedence 0Mark all traffic with IP Precedence 0




•A branch office of a bank has one LAN connected to an access router.

•The network provides different services to three classes:

• Transaction traffic (marked with IP Precedence 2)

• Business traffic (marked with IP Precedence 1)

• Other traffic (marked with IP Precedence 0)

•TN3270 should be marked as transaction traffic.

•Internal HTTP should be marked as business traffic.

•All other traffic should be marked as other traffic.


Core

WAN core

Branchoffice

E0

Mark IP Precedence:Telnet = 2 Corporate web = 1 Everything else = 0

Mark IP Precedence:Telnet = 2 Corporate web = 1 Everything else = 0

Case #2 - SolutionCase #2 - Solution

interface eth 0 ip policy-map set-prec!route-map set-prec permit 10 match ip address CorporateWebTraffic set ip precedence 1route-map set-prec permit 20 match ip address TN3270 set ip precedence 2route-map set-prec permit 30 set ip precedence 0!ip access-list extended CorporateWebTraffic permit tcp any 10.1.1.0 0.0.0.255 eq wwwip access-list extended TN3270 permit tcp any any eq telnet

interface eth 0 ip policy-map set-prec!route-map set-prec permit 10 match ip address CorporateWebTraffic set ip precedence 1route-map set-prec permit 20 match ip address TN3270 set ip precedence 2route-map set-prec permit 30 set ip precedence 0!ip access-list extended CorporateWebTraffic permit tcp any 10.1.1.0 0.0.0.255 eq wwwip access-list extended TN3270 permit tcp any any eq telnet


Route Map - ReviewRoute Map - Review

• Policy routing with route maps can classify and mark IP packets based on a wide variety of conditions.

• No metering, shaping, or dropping is possible.

• Performance depends on the IOS version.– Policy routing is fast-switched in 11.3 and 12.0

– (d)CEF or NetFlow-switched in 12.0(3)T


SummarySummary

Upon completing this lesson, you should be able to:• Describe the PBR mechanism

• Configure the PBR mechanism on Cisco routers

• Monitor and troubleshoot PBR


Lesson ReviewLesson Review

1. What are the applications of policy-based routing?

2. What configuration tool is used to implement PBR?

3. How can PBR be applied to IP traffic?

4. Describe the classification options with PBR.

5. Describe the marking options with PBR.

QoS Policy Propagation through

BGP (QPPB)

QoS Policy Propagation through

BGP (QPPB)




Upon completing this lesson, you will be able to: • Describe the QPPB mechanism

• Configure the QPPB mechanism on Cisco routers

• Monitor and troubleshoot QPPB


IP QoS Policy Propagation on BGP (QPPB)

IP QoS Policy Propagation on BGP (QPPB)

• QPPB uses BGP attributes to advertise class of service to other routers in the network.

• BGP communities are usually used to propagate class of service information bound to IP networks.

• Packet classification policy can be propagated via BGP without having to use complex access lists at each of a large number of border (edge) routers.

• A route map is used to translate BGP information (e.g., BGP community value) into IP Precedence or QoS group.


QPPB CapabilitiesQPPB Capabilities

Inboundorlocally originated

Classifier Marker Dropper

Meter

Outbound

Classifier Marker Shaper Dropper

Meter

Forwarding

Queuing

QPPB can only classify and mark inbound packets

QPPB can only classify and mark inbound packets


BGP MarkingBGP Marking

1. Propagate the class of service by encoding it into BGP attributes:

• BGP communities,

• AS paths,

• IP prefixes, or

• Any other BGP attribute

2. Translate the selected BGP attribute into either:

• IP Precedence, or

• QoS group

3. Enable Cisco Express Forwarding (CEF) and packet marking on interfaces

Inboundtraffic

streamClassifier Marker Dropper

Meter


Cisco Express ForwardingReview

Cisco Express ForwardingReview

• The two main components of CEF operation

–Forwarding Information Base

–Adjacency Tables

• CEF was first introduced on the following platforms:

–Cisco 7x00 series in 11.1CC

–All RISC-based platforms in IOS 12.0

• QPPB is only supported on high-end routers (Cisco 7x00 and above)


Review: Standard IP SwitchingReview: Standard IP Switching

BGP Table

Address Prefix AS-Path Communities Other AttributesNext-Hop

10.0.0.0 /8 42 13 37:121.2.3.4

... ... ... ... ......

IP RoutingTable

Address Prefix

... ...

SwitchingCache

Prefix Next-Hop Outgoing Interface

---

/24 --- Ethernet 0

Address

1.2.3.0

Protocol

conn.

/8 1.2.3.410.0.0.0BGP

IP Address

...

ARP Cache

MAC Address

...

L2 Header

...

10.0.0.0 /8 MAC Header

1.2.3.4 0c.00.11.22.33.44


Review: CEF SwitchingReview: CEF Switching

BGP Table


10.0.0.0 /8 42 13 37:121.2.3.4

... ... ... ... ......

IP RoutingTable

Address Prefix

... ...

FIB Table(CEF Cache)

Next-Hop Outgoing InterfaceAddressProtocol

BGP

ARP Cache

Adjacency Pointer

...

1.5.4.1 Ethernet 01.2.3.0OSPF

--- Ethernet 01.5.4.0conn.

MAC Address

...

IP Address

...

Layer 2 Header

...

AdjacencyTable

IP Address

...

1.5.4.1 MAC Header

Prefix

/24

/24

1.2.3.4 ---10.0.0.0 /8

0c.00.11.22.33.441.5.4.1

10.0.0.0 /8 1.5.4.1


CEF Switching with QoS Packet Marking

CEF Switching with QoS Packet Marking

BGP Table


10.0.0.0 /8 42 13 37:121.2.3.4

... ... ... ... ......

IP RoutingTable

Address Prefix

... ...

FIB Table(CEF Cache)

Next-Hop Outgoing InterfaceAddressProtocol

BGP

ARP Cache

Adjacency Pointer

...

1.5.4.1 Ethernet 01.2.3.0OSPF

--- Ethernet 01.5.4.0conn.

MAC Address

...

IP Address

...

Layer 2 Header

...

AdjacencyTable

IP Address

...

1.5.4.1 MAC header

Prefix

/24

/24

Precedence

---

---

QoS Group

---

---

1.2.3.4 ---10.0.0.0 /8 3 7

BGP table map

Precedence

...

QoS Group

...

0c.00.11.22.33.441.5.4.1

10.0.0.0 /8 1.5.4.1 3 7


QPPB Configuration TasksQPPB Configuration Tasks

• Create a route map to set IP precedence or QoS group

• Apply the route map to BGP routes transferred to the main IP routing table

• Enable per-interface packet marking


Setting IP Precedence or QoS Group in the IP Routing TableSetting IP Precedence or QoS Group in the IP Routing Table

table-map <route-map-name>

Router(config-router)#

• Specifies the route map used to set additional routing table attributes

route-map <name> permit <seq> set ip precedence <precedence> set ip qos-group <group>

Router(config)#

• Specifies IP Precedence and QoS group values in the routing table/FIB table entry


Enabling Per-Interface Packet Marking

Enabling Per-Interface Packet Marking

bgp-policy source ip-prec-map

Router(config-if)#

• Is applied to packets received through this interface• Uses FIB to map packet source IP address to IP

Precedence• Rewrites IP Precedence in the packet

bgp-policy source ip-qos-map

Router(config-if)#

• Is applied to packets received through this interface• Uses FIB to map packet source IP address to QoS

group• Attaches QoS group to the incoming packet


Enabling Per-Interface Packet Marking (cont.)

Enabling Per-Interface Packet Marking (cont.)

bgp-policy destination ip-prec-map

Router(config-if)#

• Is applied to packets received through this interface• Uses FIB to map packet destination IP address to IP

Precedence• Rewrites IP Precedence in the packet

bgp-policy destination ip-qos-map

Router(config-if)#

• Is applied to packets received through this interface• Uses FIB to map packet destination IP address to

QoS group• Attaches QoS group to the incoming packet


Case StudyCase Study

Create an end-to-end IP QoS solution in a service provider network:

• Customer in AS 73 is a premium customer.

• All packets to and from AS 73 will be sent with IP Precedence Flash.

AS 12

WAN core

Customer(AS 73)AS 24

NAP RouterNAP Router POP Router


Step #1Distribute QoS Functions

Step #1Distribute QoS Functions

AS 12Customer

(AS 73)AS 24


WAN Core

Packets for AS73marked withPrecedence Flash


Packets from serial interface marked withPrecedence Flash



AS 12Customer

(AS 73)AS 24


Step #2Select QoS Mechanisms

Step #2Select QoS Mechanisms

WAN Core





CEF-based markingCEF-based marking

PBR on interfacePBR on interface


Step #3 - Design Individual QoS Mechanisms

Step #3 - Design Individual QoS Mechanisms

AS 12Customer

(AS 73)AS 24

NAP RouterNAP Router POP RouterWAN Core

Mark BGP routes from AS 73with special community (12:17)Mark BGP routes from AS 73with special community (12:17)

Configure community propagationConfigure community propagation

Set FIB table based onBGP communitySet FIB table based onBGP community

Configure CEF packet markingfor packets coming from adjacent ASConfigure CEF packet markingfor packets coming from adjacent AS


Mark Routes Coming from AS 73Mark Routes Coming from AS 73

AS 12Customer

(AS 73)AS 24


router bgp 12 neighbor 1.2.3.4 remote-as 73 neighbor 1.2.3.4 route-map Premium in!route-map Premium permit 10 set community 12:17 additive

router bgp 12 neighbor 1.2.3.4 remote-as 73 neighbor 1.2.3.4 route-map Premium in!route-map Premium permit 10 set community 12:17 additive


Configure Community Propagation

Configure Community Propagation

AS 12Customer

(AS 73)AS 24


router bgp 12 neighbor 2.3.4.5 remote-as 12 neighbor 2.3.4.5 send-community

router bgp 12 neighbor 2.3.4.5 remote-as 12 neighbor 2.3.4.5 send-community


Set FIB Table Based on BGP Community

Set FIB Table Based on BGP Community

AS 12Customer

(AS 73)AS 24


router bgp 12 table-map PremiumCheck!route-map PremiumCheck permit 10 match community 17 set ip precedence flash!route-map PremiumCheck permit 20 set ip precedence 0!ip community-list 17 permit 12:17

router bgp 12 table-map PremiumCheck!route-map PremiumCheck permit 10 match community 17 set ip precedence flash!route-map PremiumCheck permit 20 set ip precedence 0!ip community-list 17 permit 12:17


Configure CEF Packet MarkingConfigure CEF Packet Marking

AS 12Customer

(AS 73)AS 24


ip cef!interface hssi 0/0 bgp-policy destination ip-prec-map!

ip cef!interface hssi 0/0 bgp-policy destination ip-prec-map!


IP QoS and BGP InteractionReview

IP QoS and BGP InteractionReview

• IP QoS features work independently of BGP routing.

• BGP is used only to propagate policies for source or destination IP prefixes through the network.

• QPPB works only on high-end platforms.


SummarySummary

Upon completing this lesson, you should be able to:• Describe the QPPB mechanism

• Configure the QPPB mechanism on Cisco routers

• Monitor and troubleshoot QPPB



1. Why do we need QPPB?

2. What is used to propagate QoS policies?

3. How are QoS traffic classes defined by QPPB?

4. Which IP forwarding mechanisms support QPPB?

Other QoS Mechanisms with Classification and

Marking Capability

Other QoS Mechanisms with Classification and

Marking Capability




Upon completing this lesson, you will be able to: • Explain how most QoS mechanisms support

some type of classification

• Name CAR, class-based, policing and class-based marking as mechanisms that support classification and marking


ClassificationClassification

• Most QoS mechanisms include some type of classification.

• Some mechanisms have automatic classification (e.g., WFQ, WRED, etc.).

• Some mechanisms require manual configuration of classification (e.g., CQ, PQ, CBWFQ, etc.).


MarkingMarking

The following mechanisms (in addition to PBR and QPPB) contain classification and marking capability:• Committed access rate (CAR)

• Class-based policing

• Class-based marking


Committed Access Rate (CAR)Committed Access Rate (CAR)

• CAR is a mechanism used for traffic policing.

• CAR uses a token bucket model to measure the rate of traffic and (optionally) to drop excess traffic.

• CAR can also be used to mark packets with:

– IP Precedence

–DiffServ code point (DSCP)

–MPLS experimental bits

–QoS group

• CAR can mark packets with different values depending on whether they conform or exceed the specified policy.


Class-Based PolicingClass-Based Policing

• Class-based policing is similar to CAR except that it is implemented using the Modular QoS CLI.

• Class-based policing uses two token buckets to determine if packets conform, exceed or violate the QoS policy.

• Class-based policing can also be used to mark packets with:

– IP Precedence

– DiffServ code point (DSCP)

– MPLS experimental bits

– QoS group

– ATM CLP bit

– Frame Relay DE bit

• Class-based policing can mark packets with different values depending on whether they conform, exceed, or violate the policy.


Class-Based MarkingClass-Based Marking

• Class-based marking is used to classify and mark packets

• This mechanism uses the Modular QoS CLI where classes are manually configured

• Class-based marking can mark packets with the following markers:

– IP Precedence

– DSCP

– MPLS experimental bits

– QoS group

– ATM CLP bit

– Frame Relay DE bit

– IEEE 802.1Q or ISL CoS/priority bits


SummarySummary

Upon completing this lesson, you should be able to:• Explain how most QoS mechanisms support

some type of classification

• Name CAR, class-based policing, and class-based marking as mechanisms that support classification and marking



1. Which mechanism in Cisco IOS supports classification and marking of packets?

2. Which fields or parameters can be used to mark packets in Cisco IOS?


Module SummaryModule Summary

Upon completing this module, you should be able to:• Describe Policy-based routing and how it can be

used to classify and mark IP packets

• Describe QoS policy Propagation on BGP and how it can be used to classify and mark IP packets

• List other mechanisms that also support classification and marking capabilities (committed access rate, class-based marking)

Classification and Marking -59© 2001, Cisco Systems, Inc.

Documents

© 2001, Cisco Systems, Inc. Classification and Marking