《园区网络qos设计》由会员分享,可在线阅读,更多相关《园区网络qos设计(47页珍藏版)》请在金锄头文库上搜索。
1、Campus Qos DesignSession APP 002 Version 1声明: 本PPT仅用于ChinaNetwork培训中心课程使用,不得作 为其他用途。QosWhat is QoS?Loss Delay Delay variation (Jitter)QoS Toolset?This section describes the main categories of the Cisco QoS toolset and includes the following topics: Classification and Marking tools Policing and Markd
2、own tools Scheduling tools Link-specific toolsClassification and Marking ToolsClassification and marking tools set this trust boundary by examining any of the following: Layer 2 parameters802.1Q Class of Service (CoS) bits, Multiprotocol Label Switching Experimental Values (MPLS EXP) Layer 3 paramet
3、ersIP Precedence (IPP), Differentiated Services Code Points (DSCP), IP Explicit Congestion Notification (ECN), source/destination IP address Layer 4 parameters L4 protocol (TCP/UDP), source/destination ports Layer 7 parameters application signatures via Network Based Application RecognitionPolicing
4、and Markdown ToolsPolicing tools (policers) determine whether packets are conforming to administratively-defined traffic rates and take action accordingly. Such action could include marking, remarking or dropping a packet.Scheduling ToolsSoftware queuing tools are Low Latency Queueing(LLQ), which pr
5、ovides strict priority servicing and is intended for realtime applications such as VoIP; and Class-Based Weighted Fair Queuing (CBWFQ);Link-Specific ToolsShaping tools Link Fragmentation and Interleaving tools Compression tools Transmit ring (Tx-Ring) tuningStrategically Defining QoS ObjectivesIs th
6、e objective to enable VoIP only or video also required? If so, is video-conferencing required or streaming video? Or both? Are there applications that are considered mission-critical, and if so, what are they?Strategy for Expanding the Number of Classes of Service over TimeEnterprises do not need to
7、 deploy all 11 classes of the QoS Baseline model.Analyzing Application Service-Level RequirementsQoS requirements for voice, video and multiple classes of data, including the following topics: QoS Requirements of VoIP QoS Requirements of Video QoS Requirements of Data Applications QoS Requirements o
8、f the Control Plane QoS Requirements of the Scavenger Class QoS Requirements of VoIP includes the following topics: Voice (Bearer Traffic) Call-Signaling Traffic QoS Requirements of Video describes the two main types of video traffic, and includes the following topics: Interactive Video Streaming Vi
9、deoHow Can I Use QoS Tools to Mitigate DoS/Worm Attacks?There are two main classes of DoS attacks: Spoofing attacksThe attacker pretends to provide a legitimate service, but provides false information to the requester (if any). Slamming/flooding attacks The attacker exponentially generates and propa
10、gates traffic until service resources (servers and/or network infrastructure) are overwhelmed.Quidway S6500系列交换机防病毒配置方案模板acl name anti_worm advanced rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135 rule 3 deny udp destination-po
11、rt eq 137 rule 4 deny udp destination-port eq 138 rule 5 deny tcp destination-port eq 139 rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 r
12、ule 11 deny tcp destination-port eq 593 rule 12 deny udp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444acl name anti_icmp advanced rule 0 deny icmpQuidway S6500系列交换机防病毒配置方案模板将以上规则以not-carefor-interface方式在芯片上全局下发,如:int e1/0/1 packet-filter
13、inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interfaceint e2/0/1 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interfaceint e2/0/48 packet-filter inbound ip-group anti_w
14、orm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interfaceCampus QoS DesignQos设计原则Clearly define the organizational objectives Protect voice? video? data? DoS/worm mitigation?从目标开始: 而不是工具Optimal Trust BoundaryPrioritypriority priority-level undo prioritypriority-level
15、:端口优先级的取值,范围为07。# 设置Ethernet1/0/1 端口的优先级为7。 Quidway-Ethernet1/0/1 priority 7Priority Trustpriority trust undo priority# 设置信任端口Ethernet1/0/1 接收报文自己带有的优先级。 Quidway-Ethernet1/0/1 priority trustTraffic Limittraffic-limit inbound user-group acl-number rule rule | ip-group acl- number rule rule link-group
16、 acl-number rule rule | link-group acl- number rule rule target-rate exceed action undo traffic-limit inbound user-group acl-number rule rule | ip-group acl-number rule rule link-group acl-number rule rule | link-group acl- number rule rule # 下面的命令对匹配4000 号访问控制列表中permit 规则的数据包进行流量监 管。限制速率设为128kbps,丢弃超过此流量的数据包。 Quidway-Ethernet1/0/1 traf
