Re: Re[4]: [cisco-ttl] istenmiyen tirafik

From: Devrim Yener KUCUK (dkucuk@cisco.com)
Date: Wed Jun 25 2003 - 05:32:00 GMT

  • Next message: Yalcin Cekic: "Re[6]: [cisco-ttl] istenmiyen tirafik"

    Selam Yalcin

    Gonderdigin konfigurasyon asagidaki gibi.

    interface Serial0/1
     no ip address
     encapsulation frame-relay IETF
     load-interval 30
     frame-relay lmi-type ansi
    !
    interface Serial0/1.1 point-to-point
     description netone
     ip address 212.154.25.126 255.255.255.252
     service-policy output p2p
     no cdp enable
     frame-relay interface-dlci 16

    Normalde frame relayde outgoing yonde bir policing/shaping yaparsan
    FRTS enable etmen gerekir.
    http://www.cisco.com/warp/public/105/cbwfq_frpvs.html

    Cunku bu mekanizma ne kadar bandwidth ya da bandwidth yuzdesi kullanacagini bilmeli.
    Fiziksel interfacelerin altinda tek bir subinterface icin sorun olmayabilir ancak birden fazla suninterface varsa mekanizma
    her subinterface icin ne kadar bandwidth kullanacagini nasil bilecek?

    Onun icin oncelikle konfig su sekilde modifiye edilmeli:
    (ben bir interface icin ornek veriyorum)

    interface Serial0/1
     frame-relay traffic-shaping

    interface Serial0/1.1 point-to-point
      frame-relay interface-dlci 16
          class xxx

    map-class frame-relay xxx
     frame-relay cir 64000
     frame-relay bc 8000
     frame-relay mincir 64000

    Frame relay de referans olarak alinan CIR ve mincir parametreleridir.
    Eger mincir tanimli degilse CIR/2 kullanilir.
    mincir tanimli ise kullanilan mincir degeridir.

    Konfigurasyonunu bu sekilde modifiye edip dener misin?

    Devrim

      ----- Original Message -----
      From: Yalcin Cekic
      To: Devrim Yener KUCUK
      Sent: Tuesday, June 24, 2003 6:08 PM
      Subject: Re[4]: [cisco-ttl] istenmiyen tirafik

      Selam Devrim,

      yaptigim isin orjinal dokumani mail'in sonunda, orada denilenleri
      yaptik.

    >Neden conform actionlar hep "drop", gnutella , kazaa2 ve fasttrack
    >trafigini hic mi gecirmeyeceksin?
      evet bu trafik hic gecmesin istiyoruz.

    >yani sadece "exceed" e de drop diyebilirdin.
      bu konfigurasyonu baska bir listeden aldik.
      konuya hic hakim degilim o yuzden.

      oncelikle ilgili portlarin konfigurasyonu soyle
      --------------------------
      !
      interface FastEthernet0/1
      ip address xx.xx.xx.x 255.255.255.192
      ip policy route-map test
      duplex auto
      speed auto
      service-policy input p2p
      no cdp enable
      !
      !
      interface Serial0/1.1 point-to-point
      description sp1
      ip address xx.xx.xx.xx 255.255.255.252
      service-policy output p2p
      no cdp enable
      frame-relay interface-dlci 16
      !
      !
      interface Serial3/1:1.1 point-to-point
      description sp2
      ip address xx.xx.xx.xx 255.255.255.252
      service-policy output p2p
      no arp frame-relay
      no cdp enable
      frame-relay interface-dlci 93
      !

      -----------------------------------------------------------------

      sh policy-map interface ciktisi:

      FastEthernet0/1

        Service-policy input: p2p

          Class-map: kazaa2 (match-all)
            3305070 packets, 760620797 bytes
            5 minute offered rate 4000 bps, drop rate 4000 bps
            Match: protocol kazaa2
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 3305070 packets, 760620797 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 4000 bps, exceed 0 bps

          Class-map: gnutella (match-all)
            325004 packets, 20152378 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol gnutella
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 325004 packets, 20152378 bytes; actions:
      drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: fasttrack (match-all)
            7992 packets, 499372 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol fasttrack
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 7992 packets, 499372 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: class-default (match-any)
            513173538 packets, 279205029652 bytes
            5 minute offered rate 393000 bps, drop rate 0 bps
            Match: any
      Serial0/1.1

        Service-policy output: p2p

          Class-map: kazaa2 (match-all)
            0 packets, 0 bytes
            30 second offered rate 0 bps, drop rate 0 bps
            Match: protocol kazaa2
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: gnutella (match-all)
            0 packets, 0 bytes
            30 second offered rate 0 bps, drop rate 0 bps
            Match: protocol gnutella
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
      drop
              conformed 0 bps, exceed 0 bps

          Class-map: fasttrack (match-all)
            0 packets, 0 bytes
            30 second offered rate 0 bps, drop rate 0 bps
            Match: protocol fasttrack
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: class-default (match-any)
            32225283 packets, 10760448739 bytes
            30 second offered rate 0 bps, drop rate 0 bps
            Match: any
      Serial3/0:1.1: DLCI 100 -

        Service-policy output: VOICE-POLICY

          Class-map: voice-traffic (match-all)
            22238373 packets, 1568213366 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: access-group 110
            Queueing
              Strict Priority
              Output Queue: Conversation 136
              Bandwidth 45 (kbps) Burst 1125 (Bytes)
              (pkts matched/bytes matched) 22238373/1567102235
              (total drops/bytes drops) 57209/77334611

          Class-map: voice-signaling (match-all)
            105774 packets, 39353396 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: access-group 111
            Queueing
              Output Queue: Conversation 137
              Bandwidth 8 (kbps) Max Threshold 64 (packets)
              (pkts matched/bytes matched) 105774/39353396
              (depth/total drops/no-buffer drops) 0/0/0

          Class-map: class-default (match-any)
            156984969 packets, 124669187316 bytes
            5 minute offered rate 81000 bps, drop rate 0 bps
            Match: any
            Queueing
              Flow Based Fair Queueing
              Maximum Number of Hashed Queues 128
              (total queued/total drops/no-buffer drops) 0/13906/0
      Serial3/1:1.1

        Service-policy output: p2p

          Class-map: kazaa2 (match-all)
            1 packets, 383 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol kazaa2
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 1 packets, 383 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: gnutella (match-all)
            1 packets, 52 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol gnutella
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 1 packets, 52 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: fasttrack (match-all)
            400 packets, 20704 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol fasttrack
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 400 packets, 20704 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: class-default (match-any)
            531558282 packets, 251427043991 bytes
            5 minute offered rate 377000 bps, drop rate 0 bps
            Match: any
      Serial4/0:1.1

        Service-policy output: p2p

          Class-map: kazaa2 (match-all)
            0 packets, 0 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol kazaa2
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: gnutella (match-all)
            0 packets, 0 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol gnutella
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: fasttrack (match-all)
            0 packets, 0 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: protocol fasttrack
            police:
                cir 2048000 bps, bc 384000 bytes
              conformed 0 packets, 0 bytes; actions:
                drop
              exceeded 0 packets, 0 bytes; actions:
                drop
              conformed 0 bps, exceed 0 bps

          Class-map: class-default (match-any)
            32806530 packets, 15357051585 bytes
            5 minute offered rate 0 bps, drop rate 0 bps
            Match: any
      -----------------------------------------------------------------

      orjinal dokuman.
      *****************************************************************
      Onemli olan noktalardan biri de yonlendiricinizde CEF switchingin acik
      olmasidir.

              Router(config)#ip cef

      Su an yaygin kullanilan kazaa, morpheus gibi yazilimlarin kullandigi
      belli basli protokoller vardir. Fasttrack ve Gnutella bunlardan en fazla
      kullanilan ikisi. Cisco yonlendiricinize oncelikle bunlarin NBAR
      tarafindan taninmasini saglayan, bir nevi imza olan pdlm uzantili
      dosyalari tftp vasitasi ile atilmasi gerekiyor. Ekte verilen pdlm
      dosyalarini bir tftp sunucusuna koyduktan sonra bunlari yonlendirici
      flashina veya diskine tftp ile atmaniz gerekiyor:

              Router#copy tftp flash
      veya
              Router#copy tftp disk0
              
      Butun dosyalar atildiktan sonra:

              Router(config)#ip nbar pdlm flash:kazaa2.pdlm
              Router(config)#ip nbar pdlm flash:gnutella.pdlm
              Router(config)#ip nbar pdlm flash:fasttrack.pdlm

      Komutlari ile NBAR'a pdlmler tanitilir. Bu asamada yeni bazi IOSlarda bu
      pdlmlerin bir veya birkaci icin bunlar zaten yuklu gibi bir hata
      alabilirsiniz. Belli IOS versiyonlari standart olarak bu pdlmleri
      icerdigi icin boyle bir hata aldiginiz zaman gozardi edebilirsiniz.

      Daha sonra herbir trafik tipi icin asagidaki konfigurasyon komutlarini
      kullanarak class-mapler olusturmaniz gerekiyor:

              Router(config)#class-map match-all gnutella
              Router(config-cmap)#match protocol gnutella

              Router(config)#class-map match-all kazaa2
              Router(config-cmap)#match protocol kazaa2

              Router(config)#class-map match-all fasttrack
              Router(config-cmap)#match protocol fasttrack

      Bu sekilde siniflandirilan trafik tiplerine uygulanacak politikayi
      belirlemek uzere asagidaki sekilde bir policy-map olusturun. Asagidaki
      ornekte Kazaa2, Gnutella ve Fasttrack tipi uygulamalar tamamen
      kisitlanmistir.

      Router(config)#policy-map p2p

      Router(config-pmap)#class kazaa2
      Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
      conform-action drop exceed-action drop

        Router(config-pmap)#class gnutella
        Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
      conform-action drop exceed-action drop

        Router(config-pmap)#class fasttrack
        Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
      conform-action drop exceed-action drop

      Yukaridaki 18750000 sayisi su sekilde hesaplanir: Hat kapasitesi (bps) x
      1.5 / 8
      37500000 sayisi ise yukarida verilen degerin iki katidir.

      Son olarak policy-map'in ilgili interface'te uygulanabilmesi icin
      interface konfigurasyon modunda asagidaki komutlar girilir:

              Router(config-if)#service-policy input p2p
              Router(config-if)#service-policy output p2p

      Uyguladiginiz policy-map'in calisip calismadigini izlemek icin asagidaki
      komutu kullanabilirsiniz:

              Router#sh policy-map interface
      ****************************************************************************

      Y.C

            Yahoo! Groups Sponsor
                  ADVERTISEMENT
                 
           
           

      Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

      Listeden cikmak için cisco-ttl-unsubscribe@yahoogroups.com adresine bir e-posta gönderebilirsiniz.

      Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.



    This archive was generated by hypermail 2.1.5 : Wed Jun 25 2003 - 09:32:46 GMT