本文描述在Catalyst 6500系列交换机的微流策略管理。
本文档没有任何特定的要求。
在Supervisor引擎720运行的本文档中的信息根据Cisco Catalyst 6500系列交换机。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
这是您的考虑事项的一用例。当他们使用互联网时,有大学需求对带宽10Mbps限制每名学员。如果聚集管制配置,则有带宽的一不同等的分配在学员中的。微流策略器更加好能帮助我们达到此任务。
微流策略管理帮助用户修正根据流的流量。流由来源IP (SRC-IP),目的地IP (DST-IP), SRC-DST IP、SRC-DST波尔特或者Src接口通常定义。示例如下:
Source 10.0.0.1 sending a tcp stream to 15.0.0.1 with a source tcp port of 50
and destination 2000
Source 10.0.0.1 sending a tcp stream to 15.0.0.2 with a source tcp port of 60
and destination 2000.
如果分类根据SRC-IP完成,则流数量等于一。如果分类根据DST-IP完成,则流数量等于两。如果分类根据DST波尔特完成,则流数量等于一。
当我们运用服务策略在接口下,物理接口或Switch Virtual Interface (SVI)时,服务策略在硬件里被编程。服务质量(QoS)三重内容可编址存储器用于为了存储条目。另外,因为交换机必须记住流,它在硬件里存储单个流信息。为此使用Netflow TCAM。因此,有您能检查编程在硬件里的两个地方:访问控制表(ACL) TCAM和Netflow TCAM。
因为同样Netflow TCAM由其它特性使用,类似网络地址转换(NAT)、NetFlow输出数据(NDE)和WEB缓存通信协议(WCCP),很可能,有在编程在硬件里的微流策略器的一冲突。一些TCAM冲突方案提供在本文结束时。
有参与InterVLAN路由Cisco Catalyst 6500系列交换机。流量来源在VLAN 20查找,并且有这些IP地址:20.20.20.2和20.20.20.3。两个来源设法发送往IP地址30.30.30.2的流量,在VLAN 30查找。目标是分配带宽100Kbps到每来源。
ip access-list ext vlan20_30
permit ip 20.20.20.0 0.0.0.255 30.30.30.0 0.0.0.255
class-map POLICE_DIFF_SRC
match access-group name vlan20_30
policy-map POLICE_DIFF_SRC
class POLICE_DIFF_SRC
police flow mask src-only 100000 3000 conform transmit exceed drop
police flow mask ?
dest-only
full-flow
src-only
interface vlan 20
service-policy input POLICE_DIFF_SRC
有参与流量的第二层交换Catalyst 6500系列交换机在同样VLAN的。此示例deomonstrates如何限制来自10.10.10.2并且去往在VLAN的10.10.10.3带宽100Kbps的流量。为了有策略器影响二层交换机的流量,您必须输入mls qos bridged命令在接口VLAN10下。
ip access-list ext VLAN10
permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
class-map POLICE_SAME
match access-group name VLAN10
policy-map POLICE_SAME
class POLICE_SAME
police flow mask src-only 100000 3000 conform transmit exceed drop
int vlan 10
service-policy in POLICE_SAME
mls qos bridged
当前没有可用于此配置的验证过程。
6500#show mls qos ip
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Ag Trust FL AgForward-By AgPoliced-By
Id Id
---------------------------------------------------------------------------
Fa3/3 1 In POLICE_SAM 0 0* dscp 1 11266001160 0
6500#show tcam interface fa3/3 qos type1 ip
QOS Results: A - Aggregate Policing F - Microflow Policing
M - Mark T - Trust
U - Untrust
------------------------------------------------------
FT ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255 ==> entry is
programmed correctly
MU ip any any
6500#show mls NetFlow ip qos nowrap
Displaying NetFlow entries in Active Supervisor EARL in module 1
DstIP SrcIP Prot : SrcPort : DstPort Src i/f :AdjPtr Pkts
Bytes LastSeen QoS PoliceCount Threshold Leak Drop Bucket
------------------------------------------------------------------------------------------------------
0.0.0.0 0.0.0.0 0 :0 :0 --
0x0 140394
67383880 15:16:29 0x0 0 0 0
NO 0
0.0.0.0 10.10.10.2 0 :0 :0 --
0x0 227
108506 15:16:22 0x0 35996208 0 0 NO 3386
很可能,服务策略没有在硬件里在这些情况下被编程。这是一些可能的来源:
6500#show platform hardware capacity qos
QoS Policer Resources
Aggregate policers: Module Total Used %Used
1 1024 102 10%
6 1024 102 10%
Microflow policer configurations: Module Total Used %Used
1 64 32 50%
6 64 32 50%
6500#show fm summary
Interface: Vlan13 is up
TCAM screening for features: INACTIVE inbound
TCAM screening for features: INACTIVE outbound
Interface: Vlan72 is up
TCAM screening for features: ACTIVE inbound
TCAM screening for features: ACTIVE outbound
Interface: Vlan84 is up
TCAM screening for features: ACTIVE inbound
TCAM screening for features: INACTIVE outbound
6500#show fm fie int vlan 10
Interface Vl10:
Feature interaction state created: Yes
Flowmask conflict status for protocol IP :
FIE_FLOWMASK_STATUS_SUCCESS
Flowmask conflict status for protocol OTHER :
FIE_FLOWMASK_STATUS_SUCCESS Interface Vl10 [Ingress]:
Slot(s) using the protocol IP : 1
FIE Result for protocol IP : FIE_SUCCESS_NO_CONFLICT
Features Configured : [empty] - Protocol : IP
FM Label when FIE was invoked : 66 Current FM Label : 66
Last Merge is for slot: 0 num# of strategies tried : 1
num# of merged VMRs in bank 1 = 0
num# of free TCAM entries in Bank1 = Unknown
num# of merged VMRs in bank 2 = 1
num# of free TCAM entries in Bank2 = Unknown
Slot(s) using the protocol OTHER : 1
FIE Result for protocol OTHER : FIE_SUCCESS_NO_CONFLICT
Features Configured : OTH_DEF - Protocol : OTHER
FM Label when FIE was invoked : 66
Current FM Label : 66
Last Merge is for slot: 0
Features in Bank1 = OTH_DEF
+-------------------------------------+
Action Merge Table
+-------------------------------------+
OTH_DEF RSLT R_RSLT COL
+-------------------------------------+
SB HB P 0
X P P 0
+-------------------------------------+
num# of strategies tried : 1
Description of merging strategy used:
Serialized Banks: FALSE
Bank1 Only Features: [empty]
Bank2 Only Features: [empty]
Banks Swappable: TRUE
Merge Algorithm: ODM
num# of merged VMRs in bank 1 = 1
num# of free TCAM entries in Bank1 = 32745
num# of merged VMRs in bank 2 = 0
num# of free TCAM entries in Bank2 = 32744 Interface Vl10 [Egress]:
No Features Configured
No IP Guardian Feature Configured
No IPv6 Guardian Feature Configured
IP QoS Conflict resolution configured, QoS policy name: POLICE_SAME