Scenario
Your old frame relay and 10 MBps half-duplex network have been suffering from considerable congestion. You decide to take advance of both Layer 2 and Layer 3 CB marking and matching capabilities, and introducing a myriad of policers into your network!
Goal:
- Nothing has been preconfigured for you!
- Make all physical connections and configure IP addresses in accordance with the diagram.
- The CIR of all FR PVCs is 128 kbps. Make sure EIGRP and your QoS mechanisms know this.
- Enable EIGRP AS 1 on all routers except R1. and all interfaces. Ensure 192.168.12.1 can ping 4.4.4.4 before continuing. Use passive-interface where applicable.
- R1 is a host and has no concept of EIGRP.
- On R1, use CB marking to mark all outbound ICMP traffic with DSCP AF11 and all telnet traffic with DSCP EF. Do not use NBAR.
- On R2, configure a class-map to match high priority traffic (DSCP EF) and a class-map to match medium priority traffic (DSCP AF11).
- On R2, High priority traffic should be given an LLQ with 32 kbps of bandwidth. This entire bandwidth range should be policed, with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks FR-DE on exceeding traffic, and marks both FR-DE and DSCP 0 on violating traffic.
- On R2, Medium priority traffic should be given 24 kbps of bandwidth. This entire bandwidth range should be policed, with 16 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks both FR-DE and DSCP 0 on exceeding traffic, and drops violating traffic.
- On R2, all remaining traffic is allowed no dedicated bandwidth. 16 kbps, however, will be policed, with a sustained burst rate of 16 kbps. This is a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic.
- On R3, build class maps to match high priority, medium priority, high priority + FRDE, and medium priority + FRDE. Build more class maps if you find it necessary.
- On R3, both high priority classes will get LLQs.
*If FRDE is set, it gets 32 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, single-action, three-color policier that transmits conforming traffic, marks DSCP 0 on exceeding traffic, and drops violating traffic.
*If not, it gets 48 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 40 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks FRDE on exceeding traffic, and marks both FR-DE and DSCP 0 on violating traffic. - On R3, both medium classes will get dedicated bandwidth, but not LLQ.
*If FRDE is set, it gets 16 kbps and is policed as follows: All of the allocated LLQ bandwidth is policed with 16 kbps being the sustained burst rate. This is a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic.
*If not, it gets 32 kbps and is policed as follows: All of the allocated bandwidth is policed with 24 kbps being the sustained burst rate and 8 kbps being the excess burst rate. This is a single-rate, multi-action, three-color policier that transmits conforming traffic, marks both FR-DE and DSCP 0 on exceeding traffic, and drops violating traffic. - On R3, all remaining traffic is policed by a single-rate, single-action, two-color policier that transmits conforming traffic and drops exceeding traffic against a CIR and sustained burst rate of 16kbps.
IOS:
c3725-adventerprisek9-mz.124-7.image
Topology:
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
How did you calculate the burst size Bc and Be ?
I think my math is wrong … I will have to review this lab in the future.
We can see router R5 in configs. dont know where it is and why and how did you configure that………..
I had ran this lab. It won’t be as perfectly configured, but i gave my try.. May be it could answer some of the answers. I have followed same topology as above.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.04.05 15:13:53 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration…
Current configuration : 1326 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip routing
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
–More– no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
–More– ip ssh version 1
!
class-map match-all class-telnet
match access-group 101
class-map match-all class-echo
match access-group 100
!
!
policy-map policy-1
class class-echo
set dscp af11
class class-telnet
set dscp ef
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
no ip route-cache
duplex auto
–More– speed auto
service-policy output policy-1
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
ip default-gateway 192.168.12.2
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit icmp any any echo
access-list 101 permit tcp any any eq telnet
no cdp log mismatch duplex
!
!
!
–More– control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
–More– end
R1#
===============
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.04.05 15:17:38 =~=~=~=~=~=~=~=~=~=~=~=
R2#
R2#
R2#
R2#
R2#show run
Building configuration…
Current configuration : 2006 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
–More– ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
ip ssh version 1
–More– !
class-map match-all class-high
match access-group 101
class-map match-all class-medium
match access-group 100
!
!
policy-map policy-1
class class-high
priority 32
police cir 32000 bc 24000 be 8000
conform-action transmit
exceed-action set-frde-transmit
violate-action set-dscp-transmit default
class class-medium
bandwidth 24
police cir 24000 bc 16000 be 8000
conform-action transmit
exceed-action set-frde-transmit
violate-action drop
class class-default
police cir 16000 bc 16000
conform-action transmit
–More– exceed-action drop
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
bandwidth 128
ip address 192.168.234.2 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.234.4 203 broadcast
frame-relay interface-dlci 203
service-policy output policy-1
!
interface FastEthernet0/1
no ip address
–More– shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 1
network 192.168.12.0
network 192.168.234.0
no auto-summary
eigrp router-id 192.168.234.2
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
access-list 100 permit icmp any any echo
access-list 101 permit tcp any any eq telnet
–More– no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
–More– line vty 0 4
login
!
!
end
R2#
R2#
R2#
R2#
================
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.04.05 15:18:57 =~=~=~=~=~=~=~=~=~=~=~=
R3#
R3#shwo run ow ow run
Building configuration…
Current configuration : 2250 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
–More– ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
ip ssh version 1
–More– !
class-map match-all class-high
match dscp ef
class-map match-all class-medium
match dscp af11
class-map match-all class-medium-frde
match dscp af11
match fr-de
class-map match-all class-high-frde
match dscp ef
match fr-de
!
!
policy-map policy-1
class class-high-frde
priority 32
police cir 32000 bc 24000 be 8000
conform-action transmit
exceed-action set-dscp-transmit default
violate-action drop
class class-high
priority 48
police cir 48000 bc 40000 be 8000
–More– conform-action transmit
exceed-action set-frde-transmit
violate-action set-dscp-transmit default
class class-medium-frde
bandwidth 16
police cir 16000 bc 16000
conform-action transmit
exceed-action drop
class class-medium
bandwidth 32
police cir 32000 bc 24000
conform-action transmit
exceed-action set-frde-transmit
violate-action drop
class class-default
police cir 16000 bc 16000
conform-action transmit
exceed-action drop
!
!
!
!
!
–More– !
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
bandwidth 256
ip address 192.168.234.3 255.255.255.0
encapsulation frame-relay
no ip split-horizon eigrp 1
–More– clock rate 2000000
service-policy output policy-1
!
router eigrp 1
network 192.168.234.0
no auto-summary
eigrp router-id 192.168.234.3
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
–More– !
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
R3#
R3#
R3#
R3#
==================
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.04.05 15:20:16 =~=~=~=~=~=~=~=~=~=~=~=
R4(config)#
R4(config)#
R4(config)#
R4(config)#do sh run
Building configuration…
Current configuration : 1384 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
–More– no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
–More– ip ssh version 1
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
bandwidth 128
ip address 192.168.234.4 255.255.255.0
encapsulation frame-relay
clock rate 2000000
frame-relay map ip 192.168.234.2 403 broadcast
!
interface FastEthernet0/1
–More– no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 1
network 4.4.4.4 0.0.0.0
network 192.168.234.0
no auto-summary
eigrp router-id 192.168.234.4
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
–More– !
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
–More– password cisco
login
line vty 5 15
password cisco
login
!
!
end
R4(config)#
R4(config)#
R4(config)#
R4(config)#
===========
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2015.04.05 15:21:23 =~=~=~=~=~=~=~=~=~=~=~=
show run
Building configuration…
Current configuration : 1505 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
–More– ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
frame-relay switching
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
–More– ip ssh version 1
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 203 interface Serial0/1 302
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
–More– speed auto
!
interface Serial0/1
no ip address
encapsulation frame-relay
clock rate 64000
frame-relay intf-type dce
frame-relay route 302 interface Serial0/0 203
frame-relay route 304 interface Serial0/2 403
!
interface Serial0/2
no ip address
encapsulation frame-relay
clock rate 2000000
frame-relay intf-type dce
frame-relay route 403 interface Serial0/1 304
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
–More– !
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
–More– logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end
R5#
R5#
R5#
R5#
R5#