QoS
{Back to Index}

Table of Contents

1 概述

1.1 QoS 工作流程

  • 标记 数据包
  • 使用 ACL ,优先级,或基于源目地址,端口等手段对数据进行 分类
  • 不同的分类应用相应的 策略

1.2 QoS 模型

  • Best-Effort

    最简单的模型。应用程序可以在任何时候,发出任意数量的报文,而不需要通知网络。而网络则尽最大的可能来发送报文,但对时延、可靠性等性能不提供任何保证。

  • IntServ (操作复杂,灵活性较低)

    应用程序在发送报文前,首先通过信令(RSVP:资源预留协议)向网络描述流量参数,申请带宽。在确定网络已经为其预留资源后,再发送报文。该模型下,可以保证报文的丢包率、延迟等要求。

  • DiffServ (应用广泛)

    基于报文流的模型。该模型中,应用程序发出报文前,通过设置报文的 QoS 参数信息,来告知网络节点它的 QoS 需求。
    网络根据每个报文流指定的 QoS 参数信息来提供差分服务,即对报文的服务等级划分,有差别地进行流量控制和转发,提供端到端的QoS保证。

2 DiffServ

QoS.jpeg

Figure 1: 常见 QoS 处理流程

2.1 分类 (Classification)

如果不进行分类,所有流量将被同等对待。

2.1.1 ACL

通常使用 ACL 对流量进行分类 ,可以基于:

  • Incoming interface
  • IP precedence
  • DSCP
  • Source or destination address
  • Application

2.1.2 NBAR

基于网络的应用层识别,本质上也是对流量 分类 的技术,可以看作 ACL 的扩展。

NBAR 相比 ACL ,增加了如内容识别,有状态协议(FTP)的支持。

nbar.png

Figure 2: 实验拓扑

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 192.168.1.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 10.1.12.1 255.255.255.0
  no sh
 exit
 ip cef ! must have cef enabled
 ! define class maps
 class-map match-all URL_CM
  match protocol http url /abc ! nbar
 exit
 ! define policy map
 policy-map CBMARK
  class URL_CM
   set dscp af22
  class class-default
   set dscp default
 exit
 ! apply policy map to interface
 int e0/0
  service-policy input CBMARK
  ip nbar protocol-discovery ! enable nbar on this ifc
 exit
end

----------------- R2 ----------------------
en
conf t
 hostname R2
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 10.1.12.2 255.255.255.0
  no sh
 exit
 ip route 0.0.0.0 0.0.0.0 10.1.12.1
 ip http server
 username cisco privilege 15 password 0 cisco
 ip http authentication local
end

nbar_http.png

Figure 3: 匹配 url 的流量

2.2 标记 (Marking)

2.2.1 标记点

2.2.1.1 CoS (L2)

Class of Service ,在 802.1Q 帧中携带分类信息,在帧头的 Tag 字段中占 3bits ,范围为 0~7 。

l2_mark.png

Figure 4: CoS

2.2.1.2 ToS (L3)

Type of Service 服务类型,IP 包头携带一个字节的字段,标记 IP 包的服务类型, ToS 字段内可以是 IP Precedence ,也可以是 DSCP 值。

  • IP Precedence

    共占 3bits ,范围为 0~7

  • DSCP

    Differentiated Services Code Point ,共占 6bits ,范围为 0~63 , 向下兼容 IP Precedence

l3_mark.png

Figure 5: ToS

2.2.2 标记方式

2.2.2.1 PBR 1

即使用 route-map 工具来实施策略。(注: PBR 是优先于路由表的)

2.2.2.1.1 示例1

mark_int.png

Figure 6: 根据入接口打标记

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 10.1.13.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 10.1.14.1 255.255.255.0
  no sh
 exit
 int e0/2
  ip address 10.1.12.1 255.255.255.0
  no sh
 exit
 
 route-map PRECEDENCE2 permit 10
  set ip precedence 2
 exit
 route-map PRECEDENCE0 permit 10
  set ip precedence 0
 exit
 
 int e0/0
  ip policy route-map PRECEDENCE2
 exit
 int e0/1
  ip policy route-map PRECEDENCE0
 exit
end

----------------- R2 ----------------------
en
conf t
 hostname R2
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 10.1.12.2 255.255.255.0
  no sh
 exit
 ip route 0.0.0.0 0.0.0.0 10.1.12.1
end

----------------- PC3 ----------------------
en
conf t
 hostname PC3
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 no ip routing
 ip default-gateway 10.1.13.1
 int e0/0
  ip address 10.1.13.3 255.255.255.0
  no sh
 exit
end

----------------- PC4 ----------------------
en
conf t
 hostname PC4
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 no ip routing
 ip default-gateway 10.1.14.1
 int e0/0
  ip address 10.1.14.4 255.255.255.0
  no sh
 exit
end

p2.png

Figure 7: PC3 发起的流量在 R2 上抓包

p0.png

Figure 8: PC4 发起的流量在 R2 上抓包

2.2.2.1.2 示例2

pbr_mark_protocol.png

Figure 9: 实验环境

实验清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 192.168.1.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 10.1.12.1 255.255.255.0
  no sh
 exit
 
 ip access-list extended WWW_TRAFFIC
  permit tcp any 10.1.12.2 0.0.0.255 eq www
 exit
 ip access-list extended TELNET_TRAFFIC
  permit tcp any 10.1.12.2 0.0.0.255 eq telnet
 exit
 
 
 route-map PBR_ROUTE_MAP permit 10
  match ip address WWW_TRAFFIC
  set ip precedence 1
 exit
 route-map PBR_ROUTE_MAP permit 20
  match ip address TELNET_TRAFFIC
  set ip precedence 2
 exit
 route-map PBR_ROUTE_MAP permit 30
  set ip precedence 0
 exit
 
 
 int e0/0
  ip policy route-map PBR_ROUTE_MAP
 exit
 
end

----------------- R2 ----------------------
en
conf t
 hostname R2
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 10.1.12.2 255.255.255.0
  no sh
 exit
 ip route 0.0.0.0 0.0.0.0 10.1.12.1
 username cisco password 0 cisco
 line vty 0 4
  login local
  transport input telnet
 exit
end

www.png

Figure 10: www 流量

telnet.png

Figure 11: telnet 流量

2.2.2.2 Class-Based Mark

CB Marking 可以使用 MQC2 方式来配置, 可以支持 in/out 两个方向

mqc.png

Figure 12: Class Map 即 分类 ,Policy Map 即 Action (3 调用 2 , 2 调用 1)

2.2.2.2.1 示例

cb_mark.png

Figure 13: 实验环境

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 192.168.1.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 10.1.12.1 255.255.255.0
  no sh
 exit
 ip cef ! must have cef enabled
 ! define ACLs
 ip access-list extended WWW_TRAFFIC
  permit tcp any any eq www
 exit
 ip access-list extended TELNET_TRAFFIC
  permit tcp any any eq telnet
 exit
 ! define class maps
 class-map match-all TELNET_CM
  match access-group name TELNET_TRAFFIC
 exit
 class-map match-all WWW_CM
  match access-group name WWW_TRAFFIC
 exit
 ! define policy map
 policy-map CBMARK
  class TELNET_CM
   set dscp af11
  class WWW_CM
   set dscp af41
  class class-default
   set dscp default
 exit
 ! apply policy map to interface
 int e0/0
  service-policy input CBMARK
 exit
end

----------------- R2 ----------------------
en
conf t
 hostname R2
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 10.1.12.2 255.255.255.0
  no sh
 exit
 ip route 0.0.0.0 0.0.0.0 10.1.12.1
 username cisco password 0 cisco
 line vty 0 4
  login local
  transport input telnet
 exit
end

cb_telnet.png

Figure 14: telnet 流量

cb_www.png

Figure 15: www 流量

查看统计信息 
R1#sh policy-map interface
 Ethernet0/0

  Service-policy input: CBMARK

    Class-map: TELNET_CM (match-all)
      67 packets, 3780 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name TELNET_TRAFFIC
      QoS Set
        dscp af11
          Packets marked 67

    Class-map: WWW_CM (match-all)
      1 packets, 74 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name WWW_TRAFFIC
      QoS Set
        dscp af41
          Packets marked 1

    Class-map: class-default (match-any)
      8 packets, 2415 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any
      QoS Set
        dscp default
          Packets marked 8

2.3 整形(Shaping)与监管(Policing) 3

shaping_vs_policing.png

Figure 16: Shaping vs Policing

shaping_vs_policing2.png

Figure 17: Shaping vs Policing (Cont.)

  • 整形机制
    • Generic Traffic Shaping (GTS)
    • Frame Relay Traffic Shaping (FRTS)
    • Class-Based Shaping
  • 监管机制
    • Committed Access Rate (CAR)
    • Class-Based Policing

2.3.1 令牌桶原理 4

token_bucket.png

Figure 18: 双令牌桶, CIR 即限制后的速率

2.3.2 Class-Based Shaping

cb_shaping.png

Figure 19: CB Shaping Building Blocks

rate_limit.png

Figure 20: 实验环境

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 192.168.12.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 192.168.13.1 255.255.255.0
  no sh
 exit
 int e0/2
  ip address 192.168.14.1 255.255.255.0
  no sh
 exit
 ip cef
 ip access-list extended ACL_SUBNET12
  permit ip 192.168.12.0 0.0.0.255 any
 exit
 ip access-list extended ACL_SUBNET14
  permit ip 192.168.14.0 0.0.0.255 any
 exit
 ! define class maps
 class-map match-all CMAP12
  match access-group name ACL_SUBNET12
 exit
 class-map match-all CMAP14
  match access-group name ACL_SUBNET14
 exit
 ! define policy map
 policy-map CBSHAPE
  class CMAP12
   shape average 64000  ! set CIR to 64k
  class CMAP14
   shape average 128000 ! set CIR to 128k
 exit
 ! apply policy map to interface
 int e0/1
  service-policy output CBSHAPE
 exit
end
查看接口 policy-map 状态 
R1#sh policy-map interface e0/1
 Ethernet0/1

  Service-policy output: CBSHAPE

    Class-map: CMAP12 (match-all)
      13027 packets, 19299125 bytes
      5 minute offered rate 114000 bps, drop rate 112000 bps
      Match: access-group name ACL_SUBNET12
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/12594/0
      (pkts output/bytes output) 433/538334
      shape (average) cir 64000, bc 256, be 256
      target shape rate 64000 ! 限速 64K

    Class-map: CMAP14 (match-all)
      8681 packets, 12865787 bytes
      5 minute offered rate 133000 bps, drop rate 127000 bps
      Match: access-group name ACL_SUBNET14
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/8290/0
      (pkts output/bytes output) 391/516533
      shape (average) cir 128000, bc 512, be 512
      target shape rate 128000 ! 限速 128K

    Class-map: class-default (match-any)
      82 packets, 10661 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 82/10661
Linux2 测速 
root@Linux2:/home/cisco# iperf3 -u -c 192.168.13.3 -b 5M -t 10 -i 2
Connecting to host 192.168.13.3, port 5201
[  5] local 192.168.12.2 port 57057 connected to 192.168.13.3 port 5201
[ ID] Interval           Transfer     Bitrate         Total Datagrams
[  5]   0.00-2.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   2.00-4.00   sec  1.19 MBytes  5.00 Mbits/sec  864
[  5]   4.00-6.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   6.00-8.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   8.00-10.00  sec  1.19 MBytes  5.00 Mbits/sec  863
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Jitter    Lost/Total Datagrams
[  5]   0.00-10.00  sec  5.96 MBytes  5.00 Mbits/sec  0.000 ms  0/4316 (0%)  sender
[  5]   0.00-22.12  sec   168 KBytes  62.3 Kbits/sec  9.977 ms  4184/4303 (97%)  receiver
iperf Done.
Linux4 测速 
root@Linux4:/home/cisco# iperf3 -u -c 192.168.13.3 -b 5M -t 10 -i 2
Connecting to host 192.168.13.3, port 5201
[  5] local 192.168.14.4 port 49732 connected to 192.168.13.3 port 5201
[ ID] Interval           Transfer     Bitrate         Total Datagrams
[  5]   0.00-2.00   sec  1.19 MBytes  4.99 Mbits/sec  863
[  5]   2.00-4.00   sec  1.19 MBytes  5.01 Mbits/sec  864
[  5]   4.00-6.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   6.00-8.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   8.00-10.00  sec  1.19 MBytes  5.00 Mbits/sec  863
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Jitter    Lost/Total Datagrams
[  5]   0.00-10.00  sec  5.96 MBytes  5.00 Mbits/sec  0.000 ms  0/4316 (0%)  sender
[  5]   0.00-16.00  sec   243 KBytes   125 Kbits/sec  2.443 ms  4110/4282 (96%)  receiver

iperf Done.

2.3.3 Class-Based Policing

Class-based policing 定义了 3 中状态来表示当前速度与限速之间的关系:

  • Conforms

    第一个令牌桶还有令牌

  • Exceeds

    第一个令牌桶没有令牌了,但 burst 桶中还有令牌

  • Violates

    两个桶中都没有可用的令牌了

每种状态下可以采取的 Action 有:

  • Drop (Exceeds 和 Violates 的默认行为)
  • Transmit (Conforms 的默认动作)
  • Set IP Precedence and transmit
  • Set IP DSCP and transmit
  • Set MPLS experimental bits and transmit
  • Set Frame Relay DE bit and transmit

cb_policing_cli.png

Figure 21: 配置命令

rate_limit.png

Figure 22: 实验环境

配置清单 
----------------- R1 ----------------------
en
conf t
 hostname R1
 no ip do lo
 line con 0
  exec-timeout 0 0
  logging synchronous
 exit
 int e0/0
  ip address 192.168.12.1 255.255.255.0
  no sh
 exit
 int e0/1
  ip address 192.168.13.1 255.255.255.0
  no sh
 exit
 int e0/2
  ip address 192.168.14.1 255.255.255.0
  no sh
 exit
 ip cef
 ! define class maps
 ip access-list extended ACL_SUBNET12
  permit ip 192.168.12.0 0.0.0.255 any
 exit
 ip access-list extended ACL_SUBNET14
  permit ip 192.168.14.0 0.0.0.255 any
 exit
 class-map match-all CMAP12
  match access-group name ACL_SUBNET12
 exit
 class-map match-all CMAP14
  match access-group name ACL_SUBNET14
 exit
 ! define policy map
 policy-map CBPOLICE
  class CMAP12
   police 128000 conform-action transmit exceed-action set-dscp-transmit af32 violate-action drop ! rate unit is bit
  class CMAP14
   police 256000 conform-action transmit exceed-action set-dscp-transmit af33 violate-action drop ! 256K
  class class-default
   police 64000
 exit
 ! apply policy map to interface
 int e0/1
  service-policy output CBPOLICE
 exit
end
测速 
root@Linux4:/home/cisco# iperf3 -u -c 192.168.13.3 -b 5M -t 10 -i 2
Connecting to host 192.168.13.3, port 5201
[  5] local 192.168.14.4 port 52015 connected to 192.168.13.3 port 5201
[ ID] Interval           Transfer     Bitrate         Total Datagrams
[  5]   0.00-2.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   2.00-4.00   sec  1.19 MBytes  5.00 Mbits/sec  864
[  5]   4.00-6.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   6.00-8.00   sec  1.19 MBytes  5.00 Mbits/sec  863
[  5]   8.00-10.00  sec  1.19 MBytes  5.00 Mbits/sec  863
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Jitter    Lost/Total Datagrams
[  5]   0.00-10.00  sec  5.96 MBytes  5.00 Mbits/sec  0.000 ms  0/4316 (0%)  sender
[  5]   0.00-10.00  sec   317 KBytes   259 Kbits/sec  0.075 ms  4079/4303 (95%)  receiver

iperf Done

police_af32.png

police_af33.png

2.4 拥塞避免 5

2.4.1 Class-Based WRED

2.5 队列 6

queue.png

Figure 25: 队列架构

虽然有不同的 Queue 技术,但功能组成通常分为三部分:

  • Classification (将数据包分类)
  • Insertion Policy (判断数据包是否需要入队或丢弃)
  • Service Policy (如何调度数据包到硬件队列)

2.5.1 FIFO

Classification Insertion Policy Service Policy
无需分类 tail-drop FIFO

fifo.png

2.5.2 PQ (Priority)

Classification Insertion Policy Service Policy
4 种分类 tail-drop 按照分类的优先级高低进行抢占式调度

pq.png

Figure 27: PQ 概貌

pq_schedule.png

Figure 28: PQ 调度逻辑

配置示例

pq_conf.png

Figure 29: 配置命令

pq_show.png

Figure 30: show interface

pq_show_prio.png

Figure 31: Queue 信息

2.5.3 CQ (Round Robin)

Classification Insertion Policy Service Policy
16 + 1 种分类 tail-drop 轮询与优先相结合的调度

cq.png

Figure 32: 每个 queue 的大小 (byte-count) 为 1500

配置示例

cq_conf.png

Figure 33: 配置

cq_show_ifc.png

Figure 34: show interface

2.5.4 Weighted Fair Queuing (WFQ)

Classification Insertion Policy Service Policy
基于 Flow7 使用 CDT/HQO 两个阈值 基于 Finish Time8

wfq.png

Figure 35: 所有 queue 能缓存的数据包总量是固定的

2.5.4.1 Congestive Discard Threshold (CDT)

cdt1.png

Figure 36: 假设 CDT=8 ,如 incoming packet 属于最长队列,则丢弃( Early dropping )

cdt2.png

Figure 37: 假设 CDT=8 ,如 incoming packet 不属于最长队列,则保留

2.5.4.2 Hold-Queue Out limit (HQO)

hqo1.png

Figure 38: 假设 HQO=10 ,如 incoming packet 属于最长队列,则丢弃

hqo2.png

Figure 39: 假设 HQO=10 ,如 incoming packet 不属于最长队列,则丢弃最长队列最后一个数据包,并将当前数据入队

配置示例 
Router(config-if)# fair-queue 64    256      0
                              CDT   Dyn Qs   RSVP Qs
Router(config-if)# hold-queue 1000 out
                              HQO

2.5.5 Class-Based WFQ

cbwfq.png

Footnotes:

1

路由选路通常是以目标地址为导向的, PBR 的思想是以源地址为导向 。参考策略路由

2

所有 Class-Based 配置方式都属于 MQC ,MQC 本质还是 CLI ,提供模块化的配置

3

整形与监管本质是为了 限速

4

https://youtu.be/r3p0eZWjWS4?list=PLwLfEC5vHvKex1Z90_qz3fYXHGVmrnVFA&t=505

5

主要是处理如何 Early Dropping

6

通常(默认)作用于接口出方向

7

Flow 是基于六元组 (SrcAddr,SrcPort,DestAddr,DestPort,Protocol,ToS),相比 Class 是人为定义的,Flow 是 动态 生成的,WFQ 即为 FBWFQ (Flow Based)

8

https://youtu.be/S21jv5Xn7pY?list=PLwLfEC5vHvKex1Z90_qz3fYXHGVmrnVFA

Author: Hao Ruan (ruanhao1116@gmail.com)

Created: 2021-08-05 Thu 14:51

Updated: 2021-08-17 Tue 11:23

Emacs 27.1 (Org mode 9.3)