本章记录一个关于eNSP中的网络拥塞管理与避免实验示例参考
# 拓扑
# 参考配置
S1
[S1]vlan batch 10 20 30
[S1]interface GigabitEthernet0/0/2
[S1-GigabitEthernet0/0/2]port link-type trunk
[S1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 20 30
[S1-GigabitEthernet0/0/2]quit
[S1]interface Ethernet0/0/1
[S1-Ethernet0/0/1]port link-type access
[S1-Ethernet0/0/1]port default vlan 10
[S1-Ethernet0/0/1]quit
[S1]interface Ethernet0/0/2
[S1-Ethernet0/0/2]port link-type access
[S1-Ethernet0/0/2]port default vlan 20
[S1-Ethernet0/0/2]quit
[S1]interface Ethernet0/0/3
[S1-Ethernet0/0/3]port link-type access
[S1-Ethernet0/0/3]port default vlan 30
[S1-Ethernet0/0/3]quit
[S1]traffic classifier data
[S1-classifier-c1]if-match vlan-id 10
[S1-classifier-c1]quit
[S1]traffic classifier voice
[S1-classifier-c2]if-match vlan-id 20
[S1-classifier-c2]quit
[S1]traffic classifier video
[S1-classifier-c3]if-match vlan-id 30
[S1-classifier-c3]quit
[S1]traffic behavior data
[S1-behavior-b1]remark DSCP 26
[S1-behavior-b1]quit
[S1]traffic behavior voice
[S1-behavior-b2]remark DSCP 46
[S1-behavior-b2]quit
[S1]traffic behavior video
[S1-behavior-b3]remark DSCP 38
[S1-behavior-b3]quit
[S1]traffic policy p1
[S1-trafficpolicy-p1]classifier data behavior data
[S1-trafficpolicy-p1]classifier voice behavior voice
[S1-trafficpolicy-p1]classifier video behavior video
[S1-trafficpolicy-p1]quit
[S1]interface ethernet 0/0/1
[S1-Ethernet0/0/1]traffic-policy p1 inbound
[S1-Ethernet0/0/1]quit
[S1]interface ethernet 0/0/2
[S1-Ethernet0/0/2]traffic-policy p1 inbound
[S1-Ethernet0/0/2]quit
[S1]interface ethernet 0/0/3
[S1-Ethernet0/0/3]traffic-policy p1 inbound
[S1-Ethernet0/0/3]quit
R1
vlan batch 10 20 30
[R1]interface GigabitEthernet0/0/2.10
[R1-GigabitEthernet0/0/0.10]dot1q termination vid 10
[R1-GigabitEthernet0/0/0.10]ip address 192.168.1.1 24
[R1-GigabitEthernet0/0/0.10]arp broadcast enable
[R1-GigabitEthernet0/0/0.10]quit
[R1]interface GigabitEthernet0/0/2.20
[R1-GigabitEthernet0/0/0.20]dot1q termination vid 20
[R1-GigabitEthernet0/0/0.20]ip address 192.168.2.1 24
[R1-GigabitEthernet0/0/0.20]arp broadcast enable
[R1-GigabitEthernet0/0/0.20]quit
[R1]interface GigabitEthernet0/0/2.30
[R1-GigabitEthernet0/0/0.30]dot1q termination vid 30
[R1-GigabitEthernet0/0/0.30]ip address 192.168.3.1 24
[R1-GigabitEthernet0/0/0.30]arp broadcast enable
[R1-GigabitEthernet0/0/0.30]quit
[R1]interface gigabitethernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.4.1 24
[R1-GigabitEthernet0/0/0]quit
[R2]interface gigabitethernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[R2-GigabitEthernet0/0/0]quit
ip route-static 0.0.0.0 0.0.0.0 192.168.4.2
[R1]interface gigabitethernet 0/0/2
[R1-gigabitethernet 0/0/2]trust dscp //使用dscp的优先级分配队列
[R1-gigabitethernet 0/0/2]quit
[R1]drop-profile data
[R1-drop-profile-data]wred dscp
[R1-drop-profile-data]dscp 26 low-limit 50 high-limit 70 discard-percentage 30
[R1-drop-profile-data]quit
[R1]drop-profile video
[R1-drop-profile-video]wred dscp
[R1-drop-profile-video]dscp 38 low-limit 60 high-limit 80 discard-percentage 20
[R1-drop-profile-video]quit
[R1]qos queue-profile queue-profile1
[R1-qos-queue-profile-queue-profile1]schedule pq 5 wfq 3 to 4
[R1-qos-queue-profile-queue-profile1]queue 4 drop-profile video
[R1-qos-queue-profile-queue-profile1]queue 3 drop-profile data
[R1-qos-queue-profile-queue-profile1]quit
[R1]interface gigabitethernet 0/0/0
[R1-GigabitEthernet0/0/0]qos queue-profile queue-profile1
[R1-GigabitEthernet0/0/0]quit
R2
[R2]ip route-static 192.168.1.0 255.255.255.0 192.168.4.1
[R2]ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
[R2]ip route-static 192.168.3.0 255.255.255.0 192.168.4.1# 知识点
dot1q termination vid 10
dot1q就是802.1q协议,dot1q其实就是“点1q”
dot1q termination vid 10的意思是:该子接口在收到带有vlan tag 10的报文时,将剥离tag进行三层转发,该子接口在发送报文时,会添加该子接口对应的vlan tag 10到报文中。
不同主接口下的子接口可以关联相同VLAN ID,但是同一主接口下的不同子接口一定不能关联相同的VLAN ID
arp broadcast enable
在配置的接口开启子接口的ARP广播功能
开关此功能会使该子接口的路由状态发生一次先Down再Up的变化,从而可能导致整个网络的路由发生一次震荡,影响正在运行的业务
策略路由MQC模块化QOS命令
[R1]traffic classifier data //定义流分类为名字data
[R1-classifier-class01]if-match vlan-id 10 //匹配vlanID 10
[R1]traffic behavior data //定义流行为名字为data
[R1-behavior-heha01]redirect DSCP 26 //重新标记IP报文的DSCP优先级
[R1]traffic policy policy01 //定义流量策略名字为policy01
[R1-trafficpolicy-policy01]classifier data behavior data 绑定流分类+流行为(把符合条件的流抓取出来然后执行相应的动作策略)
[R1-GigabitEthernet0/0/2]traffic-policy policy01 inbound //在入端口上应用流策略
traffic-policy在用来做流量过滤时,其动作是由traffic behavior(流行为)决定的,而流行为的默认动作是permit。
即使用在流行为是默认动作时的traffic-policy跟使用traffic-filter的效果是一样的(都是默认允许)
所以当要使用acl来匹配数据时,是通过还是禁止是由acl中permit/deny决定的。
当流行为是deny时,那么无论使用acl来匹配数据时,无论是permit/deny,最终是对匹配出来的数据执行deny动作。
