Easy QoS 101 – QoS protocols

QoS(Qaulity of Service) protocols were developed since data network demands efficiency of data delivery. Well known QoS protocols are RSVP, IntServ, DiffServ, MPLS, SBM and so on. In my opinion, just read thru and understand what those are. That would be enough unless you are crazy on QoS thoeory. There are a lot of information when you googling out there.
In practical world, most of time we will use DiffServ protocols and good to know about MPLS CoS as well

 

1. RSVP

The Resource ReSerVation Protocol (RSVP), described inRFC 2205, is a Transport layerprotocol designed to reserve resources across a network for an integrated servicesInternet. “RSVP does not transport application data but is rather an Internet control protocol, like ICMP, IGMP, or routing protocols” – RFC 2205. RSVP provides receiver-initiated setup of resource reservations for multicast or unicast data flows with scaling and robustness.

RSVP can be used by either hosts or routers to request or deliver specific levels of quality of service (QoS) for application data streams or flows. RSVP defines how applications place reservations and how they can relinquish the reserved resources once the need for them has ended. RSVP operation will generally result in resources being reserved in each node along a path.

 

2. IntServ

 

 

The idea of IntServ is that every router in the system implements IntServ, and every application that requires some kind of guarantees has to make an individual reservation. Flow Specs describe what the reservation is for, while RSVP is the underlying mechanism to signal it across the network. IntServ or integrated services is an architecture that specifies the elements to guarantee quality of service (QoS) on networks. IntServ can for example be used to allow video and sound to reach the receiver without interruption.

 

 

 

 

3. DiffServ

Differentiated Services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for classifying, managing network traffic and providing Quality of Service (QoS) guarantees on modern IP networks. DiffServ can, for example, be used to provide low-latency, guaranteed service (GS) to critical network traffic such as voice or video while providing simple best-effort traffic guarantees to non-critical services such as web traffic or file transfers.

DiffServ has largely supplanted other Layer 3 QoS mechanisms (such as IntServ) as the primary protocol routers use to provide different levels of service.


(1) How DiffServ works

Easy QoS 101 - QoS protocols pic 21

Classifier

– Packet will be classified into defined classes by ACL and class-map

Marking

– You can apply different weight or policy on each class by using policy-map
– IP precedence and DSCP were used on Layer 3 marking stratigy and 802.1p/Q, FR DE bit, MPLS EXP were used on Layer 2.

[1] IP precedence

– 3bits are used to make 8 different classes

Easy QoS 101 - QoS protocols pic 2-2
IP Type of Service(RFC 791)

 

 

 

 

precedence 0
precedence 1
precedence 2
precedence 3
precedence 4
precedence 5
precedence 6
precedence 7
000
001
010
011
100
101
110
111
Routine
Priority
Immediate
Flash
Flash Override
Critical
Internet
Network

 

 

[2] DSCP

– 6bits are used to make 21 different classes
– If value of drop probability is 01, probability is low.
– If value of drop probability is 10, probability is normal.
– If value of drop probability is 11, probability is high.

Easy QoS 101 - QoS protocols pic 2-3
DSCP(Differentiated Services CodePrint)

 

Drop Probability

Class 1

Class 2

Class 3

Class 4

Low

001010
AF 11
DSCP 10

010010
AF21
DSCP 18

011010
AF31
DSCP 26

100010
AF41
DSCP 34

Medium

001100
AF12
DSCP 12

010100
AF22
DSCP 20

011100
AF32
DSCP 28

100100
AF42
DSCP 36

High

001110
AF13
DSCP 14

010110
AF23
DSCP 22

011110
AF33
DSCP 30

100110
AF43
DSCP 38

Conditioner

– There is two methods that are shaping which is controlling traffic using queuing technique and policying which is restirctly traffic control by dropping packet.

Queuing

– FIFO, WFQ, CQ, PQ, CBWFQ, LLQ and etc.
– See article about “Easy QoS 101 – Queuing techniques”

 

4. MPLS

With the convergence of voice, video and data applications, business networks face increasing traffic demands. MPLS enablesclass of service (CoS) tagging and prioritization of network traffic, so administrators may specify which applications should move across the network ahead of others. This function makes an MPLS network especially important to firms that need to ensure the performance of low-latency applications such as VoIP and their other business-critical functions. MPLS carriers differ on the number of classes of service they offer and in how these CoS tiers are priced

 

5. SBM

SBM is stand for Subnet Bandwidth Management(Manager) which works like the RSVP protocol. It a top-to-bottom QoS approach and applies to data link layer. All traffic must pass at least one of switch or router that was enabled. SBM is described in RFC 2814 (SBM-Subnet Bandwidth Manager: A Protocol for RSVP-Based Admission Control over IEEE 802-Style Networks, May 2000).

 

Leave a comment

NBAR software down for Cisco router

Here is the link to get NBAR(Network Based Application Recognition) PDLM(Packet Description Language Modules) for CIsco gears

http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm

Leave a comment

What is implicit withdraw and explicit withdraw?

What is implicit withdraw and explicit withdraw?

ex}

:

  Route map for outgoing advertisements is out-cust-full
                                                  Sent            Rcvd
  Prefix activity:                          —-               —-
    Prefixes Current:             267441         10 (Consumes 416 bytes)
    Prefixes Total:             36446984         12
    Implicit Withdraw:     31214720          6
    Explicit Withdraw:       5210431          2
    Used as bestpath:             n/a          7
    Used as multipath:            n/a          0   

:

Implicit withdraw: Number of times that a prefix has been withdrawn and readvertised, this number is smaller than Prefix Total(sent in this case). 

Explicit withdraw: Number of times that prefix is withdrawn because it is no longer feasible.

Leave a comment

BGP Commands for Cisco

1. How do I remove a neighbor?

router(config)# router bgp
router(config-router)# no neighbor


2. How do I shutdown a session?

router(config)# router bgp
router(config-router)# neighbor shutdown

 

router(config)# router bgp
router(config-router)# no neighbor shutdown


3. How do I clear or restart a session?

router# clear ip bgp

 

4. How do I clear BGP session without hard reset?

router# clear ip bgp soft out


5. How do I clear all BGP sessions?

router# show ip bgp neighbor *
router# show ip bgp cidr-only

 

7. How do I display routes that belong to the specified communities?

router# show ip bgp community community-number [exact]

 

8. How do I display routes that are permitted by community list?

router# show ip bgp community-list community-number [exact]

 

9. How do I display routes that are matched by the specified autonomouse system path access list?

router# show ip bgp filter-list access-list-number

 

10. How do I display the routes with inconsistent originating autonomous systems?

 

router# show ip bgp inconsistent-as

 

11. How do I display the routes that match the specified regular expression entered on the command line?

router# show ip bgp regexp regular-expression

 

12. How do I display the contents of the BGP routing table?

router# show ip bgp [network][network-mask][subnets]

 

13. How do I display routes learned from a paticular BGP neighbor?

router#
show ip bgp neighbor [address][received-routes | routes | advertised

 

-routes | paths regular-expression | dampened-routes]
router# show ip bgp paths

 

15. How do I display information about BGP peer groups?

router# show ip bgp peer-group [tag][summary]

 

16. How do I display the status of all BGP connections?

router# show ip bgp summary

 

17. How do I look at a BGP session to see if it is up?

router# show ip bgp neighbor

 

18. How do I see what routes are being seen?

router# show ip bgp neighbor routes

 

19. How do I see what routes are being advertised?

router# show ip bgp neighbor advertised-routes

 

Leave a comment

How to Applying BGP Community string with sample configuration

1. Get the latest BGP community string from your ISP/upstream provider or check CiscoNET.com web site.

 

2. Pick the best BGP community string for your traffic shaping plan (mainly incoming traffic). Most of ISPs are providing community string with local preference and AS prepending option. Cannot tell which one is better than the other. It will depend on your global traffic shaping plan.

3. Follow the below commands ( Cisco only )

 

The below Sample configuration will tag the 10.0.0.0/24 route with [ISP AS]:120 or [ISP AS]:3 and will not tag any other routes.

router#config t
router(config)#ip bgp-community new-format
router(config)#access-list 10 permit 10.0.0.0 0.0.0.255
router(config)#access-list 10 deny any

router(config)#route-map [to-ISP] permit 10
router(config-route-map)#match ip address 10
router(config-route-map)#set community [ISP AS]:120 <—- using Local Preference

or

router(config-route-map)#set community [ISP AS]:3 <——- using AS prepending
router(config-route-map)#route-map [to-ISP] permit 20
router(config-
route-map)#exit

router(config)#router bgp [xxxx] <——————————- xxxx = customer’s ASN
router(config-router)#neighbor x.x.x.x send-community
router(config-router)#neighbor x.x.x.x route-map [to-ISP] out
router(config-router)#exit
router(config)#exit
router#copy running-config startup-config

 

4. And then, go to www.CiscoNET.com and pick one of route server on the map to see your announcement. If you are using AS prepending option, you will see your AS prepends on route servers. Sometime you might not see your route with particular ISP path.

In most of case it might not be any routing problem, just the route path was dropped at somewhere by BGP best path selection scheme. Try Oregon route server, if you can see your route. The Oregon route server is providing many possible and available paths between BGP speakers and neighbors.

If you don’t see your route on there? check other route servers and also check your
BGP configuration. You might need to contact your upstream provider to check what they are learning BGP route from you.

Leave a comment

What backdoor command does ?

Backdoor only makes the IGP learned route the preferred route. To specify a backdoor route to a BGP border router that will provide better information about the network, use the network backdoor router configuration command. To remove an address from the list, use the no form of this command.
By definition, eBGP updates have a distance of 20 that is lower than the IGP distances. Default distance is 120 for RIP, 100 for IGRP, 90 for EIGRP, and 110 for OSPF. By default, BGP has the following distances, but that could be changed by the distance command

It will change the distance of an eBGP route to 200

 

References:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_command_summary_chapter09186a00800d9c5b.html#xtocid197442
http://www.cisco.com/en/US/tech/tk365/tk80/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor

Leave a comment

What Route Reflectors does ?

Within any BGP autonomous system, every IBGP speaker must have a fully meshed peering arrangement with every other iBGP speaker. This is due to the fact that a BGP speaker will not advertise a route learned via another iBGP speaker to a third iBGP speaker. The use of route reflectors is one way to maintain connectivity throughout the AS without having a fully meshed peering arrangement. By relaxing this restriction a bit and by providing additional control, we can allow a router to advertise (reflect) iBGP learned routes to other iBGP speakers.
When using route reflectors, the clients need only peer to the route reflector.

 

Leave a comment

Major RFCs for BGP

RFC 1105, Obsolete – Border Gateway Protocol (BGP)

RFC 1654, Obsolete – A Border Gateway Protocol 4 (BGP-4)

RFC 1655, Obsolete – Application of the Border Gateway Protocol in the Internet

RFC 1657, Definitions of Managed Objects for the Fourth Version of the Border Gateway

RFC 1771, Obsolete – A Border Gateway Protocol 4 (BGP-4)

RFC 1772, Application of the Border Gateway Protocol in the Internet Protocol (BGP-4) using SMIv2

RFC 1965, Obsolete – Autonomous System Confederations for BGP

RFC 2918, Route Refresh Capability for BGP-4

RFC 3065, Autonomous System Confederations for BGP

RFC 3392, Capabilities Advertisement with BGP-4

RFC 4272, BGP Security Vulnerabilities Analysis

RFC 4273, Definitions of Managed Objects for BGP-4

RFC 4274, BGP-4 Protocol Analysis

RFC 4275, BGP-4 MIB Implementation Survey

RFC 4276, BGP-4 Implementation Report

RFC 4277, Experience with the BGP-4 Protocol

RFC 4278, Standards Maturity Variance Regarding the TCP MD5 Signature Option and the BGP-4 Specification

 

Leave a comment

Reset BGP session in soft

Reset BGP session without interrupt session using soft out or soft inbound commands

Configure BGP Soft-Reconfiguration

Whenever there is a change in the policy, the BGP session has to be cleared for the new policy to take effect. Clearing a BGP session causes cache invalidation and results in a tremendous impact on the operation of networks. Which is not delightful event!

Soft reconfiguration allows policies to be configured and activated without clearing the BGP session. Soft reconfiguration can be done on a per-neighbor basis.

  • When soft reconfiguration is used to generate inbound updates from a neighbor, it is called inbound soft reconfiguration.
  • When soft reconfiguration is used to send a new set of updates to a neighbor, it is called outbound soft reconfiguration.

  

Performing inbound reconfiguration enables the new inbound policy to take effect. Performing outbound reconfiguration causes the new local outbound policy take effect without resetting the BGP session. As a new set of updates is sent during outbound policy reconfiguration, a new inbound policy of the neighbor can also take effect.

In order to generate new inbound updates without resetting the BGP session, the local BGP speaker should store all the received updates without modification, regardless of whether it is accepted or denied by the current inbound policy. This is memory intensive and should be avoided. On the other hand, outbound soft reconfiguration does not have any memory overhead. One could trigger an outbound reconfiguration in the other side of the BGP session to make the new inbound policy take effect.

To allow inbound reconfiguration, BGP should be configured to store all received updates. However, outbound reconfiguration does not require preconfiguration.

 

To configure BGP soft configuration, perform the following task in router configuration mode:

Router#config
Router(config)#router bgp [ASN]
Router(config-bgp)#neighbor x.x.x.x soft-reconfiguration inbound

 

To clear bgp session from router CLI

Router#clear ip bgp x.x.x.x (neighbor IP) soft inbound

Well, if you want to reset entire BGP sessions

 

Router#clear ip bgp *

 

Our implementation of BGP supports BGP Versions 2, 3, and 4. If the neighbor does not accept default Version 4, dynamic version negotiation is implemented to negotiate down to Version 2.

If you specify a BGP peer group by using the peer-group-name argument, all members of the peer group will inherit the characteristic configured with this command.

 

Leave a comment

VRF Route Target

 
MPLS VPN implementation requires VRF and also exporting and importing routes for that VRF. I mentioned on my previous posts about VRF that the VRF name is locally significant and even the RD number. What counts is what you import and export. Importing and exporting route targets use the same syntax as the RD and it is ASN:NN as shown by the example below.

!
ip vrf ALL-VRF
rd 123:4
route-target export 123:4
route-target import 123:1
route-target import 123:2
route-target import 123:3

By definition the routes that you “export” are only the routes you advertise on the vrf address family in BGP. The routes that you import are the cummulative routes with the same label that were exported from the other routers participating in the MPLS VPN. Remember that you don’t export what you have learned through importation. Check the diagram below and the scenario we need to accomplish in this lab.


Scenario Conditions:

1. EMEA should have full ip reachability to APAC and AMERICAS but APAC and AMERICAS should not see each other.
2. RR should only see the all the routes but will not be seen by the routers.

I have setup everything and configured MPLS as well. I have configured the clients on the RR on both ipv4 and vpnv4 address-families. The command “show ip bgp vpnv4 all sum” on the RR should show that its learning prefixes from the clients.

RR#sh ip bgp vpnv4 all sum
BGP router identifier 123.123.123.4, local AS number 123
BGP table version is 13, main routing table version 13
12 network entries using 1644 bytes of memory
12 path entries using 816 bytes of memory
4/3 BGP path/bestpath attribute entries using 496 bytes of memory
3 BGP extended community entries using 72 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3028 total bytes of memory
BGP activity 12/0 prefixes, 12/0 paths, scan interval 15 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.123.123.1   4   123      52      57       13    0    0 00:40:41        2
123.123.123.2   4   123      53      61       13    0    0 00:41:26        2
123.123.123.3   4   123      43      44       13    0    0 00:36:44        2

We can clearly see that its learning prefixes in the vpnv4 but will not put those routes in the routing table until it has been imported in one of the VRF’s. In our case, I have configured vrf ALL-VRF in RR and imported all the route-targets 123:1, 123:2 and 123:4. In a VRF you can export and import as many route-targets as needed. Lets see if RR can see the routes now

RR

!
ip vrf ALL-VRF
rd 123:4
route-target export 123:4
route-target import 123:1
route-target import 123:2
route-target import 123:3

RR#sh ip route vrf ALL-VRF

Routing Table: ALL-VRF
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 1.0.0.0/32 is subnetted, 1 subnets
B       1.1.1.1 [200/0] via 123.123.123.1, 00:46:26
 2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 123.123.123.2, 00:46:26
 33.0.0.0/32 is subnetted, 1 subnets
B       33.33.33.33 [200/0] via 123.123.123.3, 00:46:26
 3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [200/0] via 123.123.123.3, 00:46:26
 22.0.0.0/32 is subnetted, 1 subnets
B       22.22.22.22 [200/0] via 123.123.123.2, 00:46:26
 11.0.0.0/32 is subnetted, 1 subnets
B       11.11.11.11 [200/0] via 123.123.123.1, 00:46:28
 123.0.0.0/32 is subnetted, 1 subnets
C       123.123.123.14 is directly connected, Loopback40

Ok, we have meet the first condition. RR is now able to see the routes exported by the RR clients. They won’t see the route advertised in RR because the clients are not even importing that route. Full reachability in MPLS VPN requires that one router’s exported route-target should be imported by another and vice-versa, otherwise you can only see the route but you won’t be able to reach it. The networks should be in the corresponding VRF routing table of the routers.

To illustrate this point, let’s configure the second scenario. Below are the VRF configurations on the 3 clients.

APAC#

!
ip vrf APAC
rd 123:1
route-target export 123:1
route-target import 123:3

AMERICAS#

!
ip vrf AMERICAS
rd 123:2
route-target export 123:2
route-target import 123:2

EMEA#
!
ip vrf EMEA
rd 123:3
route-target export 123:3
route-target export 123:2
route-target import 123:1
route-target import 123:2

APAC is exporting route-target 123:1 and its importing 123:3 which is exported by EMEA. EMEA on the other hand is importing 123:1 and exporting 123:3. There should be full ip reachability between the two. By the way the route-target ID doesn’t necessarily match with the RD. Normally for networks that should see each other in MPLS VPN both the export and import route target ID’s are the same. It will get rid of any unnecessary confusion created by using different RT ID’s. Take into consideration AMERICAS and EMEA routers. As you can see on the config above, AMERICAS is importing and exporting 123:2. One command can generate the both export and import and that is “route-target both 123:2”. EMEA is importing and exporting also 123:2 which means they will reach each other. Let’s test if we have accomplished the condition, we will show the routing table in APAC and AMERICAS and let’s ping the networks in EMEA. The ping should be sourced on the loopback interfaces where we configured the VRF’s.

APAC#sh ip route vrf APAC

Routing Table: APAC
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
 33.0.0.0/32 is subnetted, 1 subnets
B       33.33.33.33 [200/0] via 123.123.123.3, 01:04:51
 3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [200/0] via 123.123.123.3, 01:04:51
 11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.11 is directly connected, Loopback10

APAC#ping vrf APAC 3.3.3.3 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 248/346/436 ms

AMERICAS#sh ip route vrf AMERICAS

Routing Table: AMERICAS
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
 33.0.0.0/32 is subnetted, 1 subnets
B       33.33.33.33 [200/0] via 123.123.123.3, 00:56:20
 3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [200/0] via 123.123.123.3, 00:56:20
 22.0.0.0/32 is subnetted, 1 subnets
C       22.22.22.22 is directly connected, Loopback10

AMERICAS#ping vrf AMERICAS 3.3.3.3 source lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 184/593/1020 ms

EMEA#sh ip route vrf EMEA

Routing Table: EMEA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 1.0.0.0/32 is subnetted, 1 subnets
B       1.1.1.1 [200/0] via 123.123.123.1, 00:00:00
 2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 123.123.123.2, 01:07:06
 33.0.0.0/32 is subnetted, 1 subnets
C       33.33.33.33 is directly connected, Loopback10
 3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
 22.0.0.0/32 is subnetted, 1 subnets
B       22.22.22.22 [200/0] via 123.123.123.2, 01:07:06
 11.0.0.0/32 is subnetted, 1 subnets
B       11.11.11.11 [200/0] via 123.123.123.1, 00:00:03

It will take a while to get used to VRF Route-target if you are just learning it but this should be pretty easy. Remember, you can’t reach a network that you have imported unless it exported your network. In MPLS VRF, entries in your VRF routing table doesn’t assure reachability, the router in the destination network should also have your network in its VRF routing table.

Leave a comment