Hi Folks,
I’ve been busy studying/upgrading my QoS knowledge to get to the CCIE R&S level. I’ve been playing around finding a way to generate traffic through my routers to create bottlenecks and to have packets to classify / mark and such.
There are a couple of options you have if you want to play with GNS3 / Dynamips:
- Connect your routers to your physical interface (eg internet) and have another one connect to a virtual machine. Download some stuff from your virtual machine through your GNS3 network and you have plenty of traffic to play with.
- Use a traffic generator which you connect to your GNS3 routers.
- Use Cisco IP Sla to generate traffic.
I didn’t like option 1 and 2 much since it’s too much work and I prefer having a “router-only” solution. That’s why I’ve been playing with IP SLA. The result is the following configuration that i created which will generate ICMP, DNS, HTTP, HTTPS, Telnet, SSH and RTP (G711 and G729) traffic on a router.
! ICMP Echo
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 1 start-time now life forever
! DNS Request
ip sla monitor 2
type dns target-addr www.gns3vault.com name-server 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 2 start-time now life forever
! G711 conversation
ip sla monitor 3
type jitter dest-ipaddr 192.168.23.3 dest-port 16384 codec g711ulaw codec-numpackets 50 codec-size 160 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 3 start-time now life forever
! G729 conversation
ip sla monitor 4
type jitter dest-ipaddr 192.168.23.2 dest-port 16385 codec g729a codec-numpackets 50 codec-size 20 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 4 start-time now life forever
! HTTP GET Traffic
ip sla monitor 5
type http operation get url http://192.168.23.3
frequency 60
ip sla monitor schedule 5 start-time now life forever
! TCPConnect to Telnet
ip sla monitor 6
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 23 control disable
timeout 1000
frequency 2
ip sla monitor schedule 6 life forever start-time now
! TCPConnect to HTTPS
ip sla monitor 7
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 443 control disable
timeout 1000
frequency 3
ip sla monitor schedule 7 life forever start-time now
! TCPConnect to FTP
ip sla monitor 8
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 21 control disable
timeout 1000
frequency 1
ip sla monitor schedule 8 life forever start-time now
! TCPConnect to SSH
ip sla monitor 9
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 22 control disable
timeout 1000
frequency 2
ip sla monitor schedule 9 life forever start-time now
IP SLA will also allow you to monitor jitter/delay for voice traffic, if you want you need to enable “ip sla responder” on your destination router.
If you enable NBAR on a router in your network you can see traffic is actually flowing through the interface:
Router#show ip nbar protocol-discovery
FastEthernet0/0
Input Output
—– ——
Protocol Packet Count Packet Count
Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
———————— ———————— ————————
telnet 70 28
4200 1974
1000 0
1000 0
ssh 64 24
3840 1440
1000 0
1000 0
secure-http 40 15
2400 900
1000 0
1000 0
icmp 14 18
1452 1716
0 0
0 0
ftp 30 15
1800 900
This configuration is what i’ll be using on my upcoming QOS labs, hopefully you find it usefull!
If you like this config, please let me know by leaving a comment.
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080094694.shtml
sounds interesting.
any ccie level lab will be also great 🙂
I’d love to have a CCIE-level lab but those take time…i’m doing labs myself for CCIE and already happy if i finish one without going insane ;D
Rene…
Awesome man! I can didn’t know IP SLA had that much capability. I can definitely use this. Can you provide your running configs on how you applied this to the network and interfaces…
Hi Alim,
I have a couple of labs with configs that use IP SLA. You can use it for static/default routes and stuff like HSRP, VRRP.
Each protocol that can use “Object Tracking” can be used for IP SLA…so if you want some example you can find them at google. Maybe i’ll cook up a lab with different protocols that can use IP SLA 🙂
Rene
The information you have shared is extremely useful for me. A big thanks to you for sharing such a great stuff… 🙂
Great info. Thanks for posting this. I’m looking forward to testing it out.
I have been using extended ping to generate packets with QoS tagging in the headers.
Use ping or ping ip for extended ping
Router#ping
Protocol [ip]:
Target IP address: 10.1.1.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Glad you guys like it. I think IP SLA is extremely useful for testing stuff and generating traffic. In real life networks it’s useful to combine with “object tracking”. You can use it for static routes, hsrp and such as well.
good luck!
Rene
Rene. Thanks a lot for the post. I only ever used icmp with ip sla. This really opens lots of doors not only for testing gns qos (which is why I landed here) but also the object tracking.
Thanks a lot!
IP SLA with Object tracking makes things very reliable. It’s far better than just tracking the state of an interface.
Hi,
Is it possible to use IP SLA with this behavior (TGN) :
fastethernet0/0
add tcp
rate 1000
l2-dest $R1-MAC$
l3-src 172.16.10.4
l3-dest 172.16.20.4
l4-dest 23
length random 16 to 1500
burst on
burst duration off 1000 to 2000
burst duration on 1000 to 3000
add fastethernet0/0 1
l4-dest 80
data ascii 0 GET /index.html HTTP/1.1
add fastethernet0/0 1
l4-dest 21
add fastethernet0/0 1
l4-dest 123
add fastethernet0/0 1
l4-dest 110
add fastethernet0/0 1
l4-dest 25
add fastethernet0/0 1
l4-dest 22
add fastethernet0/0 1
l4-dest 6000
!
end
Regards
No idea 🙂
great job, could you kindly send me the config please
i tried to run IP SLA on a simple set up with 2 routers R1 and R2, with the serial interface on R2 being 192.168.23.3.
but m not seeing any traffic when the command sh ip nbar protocol-discovery stats was executed; could you plz verify this Rene??
these are the configs on them
========================
R1#sh run
Building configuration…
Current configuration : 1157 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 1 life forever start-time now
ip sla monitor 2
type dns target-addr http://www.gns3vault.com name-server 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 2 life forever start-time now
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Serial0/0
ip address 192.168.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
****************************************
R2#sh run
Building configuration…
Current configuration : 883 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip sla monitor responder
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Serial0/0
ip address 192.168.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
no ip http server
no ip http secure-server
!
ip forward-protocol nd
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
end
Arjun_sl,
Did you turn on nbar at the interface?
Int s0/0
Ip nbar protocol-discovery
If you don’t turn it on, you’ll never see traffic statistics.
Hi,
For option 2, how can i connect a traffic generator (D-ITG ) to my GNS3 routers ?
Thanks for help 🙂
hi Rene,
will you please upload video solution regarding Breakout -Switch how would be the configuration and the connection between PC , Switches and GNS3. I cannot afford to buy actual Routers and Switches for my studies it will be a big help for me if you can Please…!!!
I’m stuck trying to setup zone-based firewalls in gns3 because it seems an ‘ISR’ router is needed and gns3 doesn’t support any. Is this true even in the latest version of gns3? I have 7200’s setup and they don’t take the zone-security command.
I’m not sure if the 7200 supports it but it does work on the 3725 series. That’s what I used for the ZBF lab/video.