In this scenario, QoS policing done on Provider CE router and customer don't have access to it, Customer only mark the traffic with DSCP value for QoS policing (on the CE router)
We'll classify highest priority voice to COS1, high priority traffic COS2, less priority COS4 and for traffic didn't match any of those class will be automatically set to COS3 (medium priority)
1. Classify the packets using ACL, ACL 101 for COS1, 102 COS2 and 104 COS4(traffic didn't match any of the ACL will fall to default, COS3)
access-list 101 remark **** Global VoIP ranges *****
access-list 101 permit ip any 10.1.0.0 0.0.255.255
access-list 101 permit ip 10.1.0.0 0.0.255.255 any
access-list 101 remark **** Global Citrix ranges *****
access-list 101 permit ip any 10.2.0.0 0.0.255.255
access-list 101 permit ip 10.2.0.0 0.0.255.255 any
access-list 101 remark **** Global FTP ranges *****
access-list 101 permit ip any 10.4.0.0 0.0.255.255
access-list 101 permit ip 10.4.0.0 0.0.255.255 any
2. Set class-map for each packets that match ACL above into respective class and give a name
class-map match-any COS4
description Low priority data traffic match
match access-group 104
class-map match-any COS2
description High priority data traffic match
match access-group 102
class-map match-any COS1
description Highest priority real-time voice traffic
match access-group 101
3. Create policy map and mark the DSCP value and bandwidth for each class-map
policy-map QoSMarking
class COS1
set ip dscp ef
priority 1536
class COS2
set ip dscp af31
bandwidth 4096
random-detect dscp-based
class COS4
set ip dscp default
bandwidth 14336
class class-default
set ip dscp af21
bandwidth 18432
random-detect dscp-based
4. Apply policy map to interface Gi 0/1 that facing CE router
interface GigabitEthernet0/1
description External_facing_CE
ip address 10.9.9.1 255.255.255.252
service-policy output QoSMarking
Basically this is how it's work
· Traffic entering LAN router from Customer LAN
· Every packets routed to Gi0/1 will go thru the policy map marking process(step4)
· First Policy-map will check the packet fall under which class(step3)
· this done by class-map (step2)
· by referring the ACL configure on each class(step1)
· once found, the Policy-map will set the DSCP value base on class the packet belong to
· If the packet didn't match any ACL, Policy-map will automatically set class-default to it (in this case COS3)
Your diagram is a little confusing! Shouldn't be the CE router be the Provider Edge Router (PER) and your LAN router be the Customer Edge Router (CER) ...?
ReplyDeleteMy understanding is that if you implement those steps you have taken above, they are normally configured on CER, which I supposed you named as LAN router.