Classification and Marking Overview This module describes the mechanisms that are used to classify and mark IP packets. This module builds on the knowledge acquired from the introductory module where classification and marking is discussed. Theoretical knowledge is supplemented by detailing Policy-based routing (PBR) and QoS Policy Propagation through BGP (QPPB) mechanisms. Objectives Upon completion of this module, you will be able to: n Describe Policy-based routing and how it is used to classify and mark IP packets n Describe QoS Policy Propagation through BGP and how it is used to classify and mark IP packets n List other mechanisms that also support classification and marking capabilities (Committed Access Rate, Class-based Policing and Class-based Marking) 2-2 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. Classification and Marking-3 Traffic Classification and Marking Traffic Classification and Marking Classification • Most QoS mechanisms in the Cisco IOS include some type of classification • Some mechanisms classify packets automatically, some require manual configuration Marking • Only a small number of mechanisms also include a marking capability This module focuses on the QoS mechanisms that are used for classification and marking purposes only. Most QoS mechanisms include some type of classification but only a small number of mechanisms also include marking capability. Classification is the term used for identifying a Behavior Aggregate to which a packet belongs. A Behavior Aggregate is a collection of flows requiring the same quality of service. Marking is the term used for coloring packets by applying a class-identifying value to one of the following markers: IP precedence, DSCP, QoS group (value is local to a router), MPLS experimental bits (can be used only in MPLS-enabled networks), ATM CLP bit (value can be used only within ATM networks), Frame Relay DE bit (value can be used only within Frame Relay networks), IEEE 802.1q or ISL cos/priority bits (value can be used on within LAN-switched networks). Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-3 © 2001, Cisco Systems, Inc. Classification and Marking-4 Traffic Classification and Marking Traffic Classification and Marking • This module describes the two mechanisms that are used for classification and marking only: – Policy-based Routing (PBR) – QoS Policy Propagation through BGP (QPPB) • Other classification and/or marking mechanisms are described in other QoS modules This module describes the two QoS mechanisms that are used purely for classification and marking purposes: n Policy-based Routing (PBR) n QoS Policy Propagation through BGP (QPPB) There are other QoS mechanisms that also support classification and marking: n Committed Access Rate (CAR) – this mechanism is described in the “IP QoS – Traffic Shaping and Policing” module n Class-based Policing (CB-Policing) – this mechanism is described in the “IP QoS – Modular QoS CLI (Chapter 2)” module n Class-based Marking (CB-Marking) – this mechanism is described in the “IP QoS – Modular QoS CLI (Chapter 2)” module 2-4 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc. Policy-based Routing Objectives Upon completion of this lesson, you will be able to: n Describe Policy Based Routing (PBR) n Configure PBR on Cisco routers n Monitor and troubleshoot PBR Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-5 © 2001, Cisco Systems, Inc. Classification and Marking-7 Policy-based Routing Policy-based Routing • Policy-based Routing (PBR) is a mechanism that can be used to bypass the default destination-based forwarding functionality of routers • PBR is implemented using a route map where match commands are used to classify packets and set commands are used to process packets • Route maps are applied to interfaces for processing of inbound packets (forwarding and/or marking) The primary function of Policy-based Routing (PBR) is to bypass the destination-based forwarding functionality of routers by using a route map to make a forwarding decision based on other information. One additional feature of Policy Based Routing is the ability to modify IP packets by marking them with IP precedence or QoS group. 2-6 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. Classification and Marking-8 PBR “match” and “set” Options PBR “match” and “set” Options PBR has two primary applications: • Implementation of more complex routing paradigms than a simple destination-based forwarding • Classification and marking of packets for QoS purposes Match on: • Standard and extended access lists • Length of packets (min,max) Set: • Output interface (bypass the routing table) • Next-hop address (bypass the routing table) • ToS field (QoS marking) • IP precedence (QoS marking) • QoS group (QoS marking) Output interface Input interface IP PBR classifies packets based on standard or extended access lists, the length of packets and the incoming router interface (a route map is applied to an input interface). The route map sets the following parameters: n Output interface: force the router to forward packets to an interface even if it would not provide for optimal routing n Next-hop address: to make a forwarding decision by using a different next-hop address than the one determined by the routing table n ToS value: the ToS value in this case applies to bits 4,3,2 and 1 of the ToS field n IP precedence: three-bit field used to identify a class of service n QoS group: the local parameter with an expanded value range The first two parameters (output interface and next-hop address) are used to bypass the default destination-based routing. The other three parameters are used for QoS purposes (ToS value is less commonly used). Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-7 © 2001, Cisco Systems, Inc. Classification and Marking-9 Inbound or Locally-originated PBR Capabilities PBR Capabilities Classifier Marker Dropper Meter Outbound Classifier Marker Shaper Dropper Meter Forwarding Queuing PBR can only classify and mark inbound or locally- originated packets The figure illustrates the “full” QoS building-block scheme showing that PBR works only on input and that it supports only classification and marking. The “Forwarding” box could be colored as well since PBR can be used to make a forwarding decision. PBR contains no mechanism for metering or dropping of data packets. 2-8 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. Classification and Marking -10 Configuring Classification and Marking Using PBR Configuring Classification and Marking Using PBR • Create a route map • Apply the route map to an incoming interface and/or • Apply the route map to locally originated traffic • Monitor and debug policy routing Configuring PBR involves the following steps: n Creating a route map where the match statement is used to match with the source or destination IP address or with any other parameter that can be matched by an access list (standard or extended). It can also match packets based on their size. n Applying the route-map to: n An input interface to process inbound packets on that interface or n To locally originated packets Copyright  2001, Cisco Systems, Inc. IP QoS Classification and Marking 2-9 © 2001, Cisco Systems, Inc. Classification and Marking -11 Route Map Rules Route Map Rules • Route maps are identified by a case sensitive name • Route maps can have multiple statements (same name, different sequence number) • Packets are processed in the specified sequence • Packets not matched by the route map are forwarded using the default destination-based forwarding • If packets are matched by the “match” condition but the route map statement is using the “deny” option, the default destination-based forwarding is applied to the packet route-map <name> [permit | deny] [<sequence-number>] match <condition> set <parameter> Router(config)# A brief refresher about route maps: n Route maps can have one or more statements. A route map, or a set of route-map statements with the same name is identified by a case-sensitive name. n Individual route-map statements are identified by their name and sequence number. When packets are processed by a route map they are evaluated in the order specified by sequence numbers. n A route map is basically made to be a filtering mechanism. When used for PBR: n permit means “do whatever the set commands says” n deny means “do not do anything” n When a packet is matched by one of the route-map statements it is processed by that statement and the processing of the packet ends. Ordering route-map statements correctly is therefore necessary. 2-10 IP QoS Classification and Marking Copyright  2001, Cisco Systems, Inc. © 2001, Cisco Systems, Inc. Classification and Marking -12 PBR Classification PBR Classification match ip address <#acl> Router(config-route-map)# • Classify using a standard access list against the source address • Classify using an extended access list against the source and/or destination address, source and/or destination TCP/UDP port, IP precedence, DSCP, ToS match length <min> <max> Router(config-route-map)# • Classify using a range of packet lengths that will be matched by the route map statement Route maps have a number of match options but only two can be used for policy- based routing purposes: n match ip address is used to examine the packet’s headers with a standard or an extended access list n match length is used to mach packets based on their length [...]... Dropper Forwarding Outbound Meter Classifier © 2001, Cisco Systems, Inc Marker Shaper Dropper Queuing Classification and Marking -28 Similar to PBR, QPPB also supports classification and marking only on the input interface 2-24 IP QoS Classification and Marking Copyright © 2001, Cisco Systems, Inc BGP Marking Meter Inbound traffic stream Classifier Marker Dropper 1 Propagate the class of service by encoding... access MatchPing permit icmp any any echo (25 matches) Router# Router# © 2001, Cisco Systems, Inc Classification and Marking -16 The figure shows a sample output of the show route-map and show access-list commands 2-14 IP QoS Classification and Marking Copyright © 2001, Cisco Systems, Inc Monitoring and Debugging Policy-based Routing Router#debug ip policy Router#debug ip policy Policy routing debugging... 20, permit © 2001, Cisco Systems, Inc Classification and Marking -17 The debug ip policy command is similar to the debug ip packet except that the debug ip policy only displays policy-routed packets This command should be used with caution as it may produce too much output Copyright © 2001, Cisco Systems, Inc IP QoS Classification and Marking 2-15 IP Precedence Marking Case Study #1 • Branch office... Monitoring and Troubleshooting PBR Router# show route-map • Displays the route map and number of packets and bytes matched by each statement Router# debug ip policy • Displays all packets matched by policy routing routemaps © 2001, Cisco Systems, Inc Classification and Marking -15 The show route-map command is used to display the route map with its match and set options The debug ip policy command... ip-qos-map interface command to mark the packet All four commands can be attached to the same interface (although not recommended) and they are processed in the following order: n Source-based IP precedence marking n Source-based QoS group marking n Destination-based IP precedence marking (overrides source-based marking) n Destination-based QoS group marking (overrides source-based marking) Copyright ©... Inc IP QoS Classification and Marking 2-19 Route Map - Review • Policy routing with route maps can classify and mark IP packets based on a wide variety of conditions • No metering, shaping or dropping is possible • Performance depends on the IOS version – Policy routing is fast -switched in 11.3 and 12.0 – (d)CEF or Net Flow-switched in 12.0(3)T © 2001, Cisco Systems, Inc Classification and Marking -22... 0 should be classified and marked as Business traffic • Packets coming from Ethernet 1 should be classified and marked as Other traffic © 2001, Cisco Systems, Inc Classification and Marking -18 The case study involves a bank branch office where a single router connects two LANs to the corporate network via one serial interface This case study focuses on the classification and marking part of a larger... precedence and QoS group values in the routing table/FIB table entry © 2001, Cisco Systems, Inc Classification and Marking -35 Use the table -map command in the BGP configuration mode to populate the main routing table with the class of service information A route map can “tag” networks with IP precedence, QoS group or both Copyright © 2001, Cisco Systems, Inc IP QoS Classification and Marking 2-31... other traffic should be marked as Other traffic © 2001, Cisco Systems, Inc Classification and Marking -20 The second case study is more complicated because classification is not done based on the input interface Instead, classification if performed based on application (TCP or UDP port numbers) 2-18 IP QoS Classification and Marking Copyright © 2001, Cisco Systems, Inc Case #2 - Solution E0 WAN core... precedence flash packets from serial interface marked with precedence flash © 2001, Cisco Systems, Inc Classification and Marking -39 To achieve the same level of quality in both directions the packets going to and coming from the customer network must first be classified and marked Classification and marking of packets coming from the customer network is trivial: n PBR without a match statement is used . QoS Classification and Marking 2-3 © 2001, Cisco Systems, Inc. Classification and Marking- 4 Traffic Classification and Marking Traffic Classification and. 2001, Cisco Systems, Inc. Classification and Marking- 3 Traffic Classification and Marking Traffic Classification and Marking Classification • Most QoS