QOS in upload

[Wizard]

Segui questa config:

Codice: Seleziona tutto

access-l 111 remark *** ACL class-map WEB-QOS ***
access-l 111 permit tcp any any eq 80
access-l 111 permit tcp any any eq 443
access-l 111 permit tcp any any eq 110
access-l 111 permit tcp any any eq 20
access-l 111 permit tcp any any eq 21
access-l 111 permit tcp any any eq 25
access-l 111 permit tcp any any eq 995
access-l 111 permit tcp any any eq 465
access-l 111 permit udp any any eq 53
access-l 111 permit tcp any any eq 23
access-l 111 permit tcp any any eq 22
access-l 111 permit tcp any eq 80 any
access-l 111 permit tcp any eq 443 any 
access-l 111 permit tcp any eq 110 any 
access-l 111 permit tcp any eq 20 any 
access-l 111 permit tcp any eq 21 any 
access-l 111 permit tcp any eq 25 any 
access-l 111 permit tcp any eq 995 any 
access-l 111 permit tcp any eq 465 any 
access-l 111 permit udp any eq 53 any
access-l 111 permit tcp any eq 23 any 
access-l 111 permit tcp any eq 22 any

access-l 112 remark *** ACL class-map VOCE ***
access-l 112 permit udp any any range 5060 5061
access-l 112 permit udp any any range 10000 20000
access-l 112 permit udp any range 5060 5061 any 
access-l 112 permit udp any range 10000 20000 any
access-l 112 permit tcp any any eq 1700
access-l 112 permit tcp any any eq 1812
access-l 112 permit tcp any any eq 1813
access-l 112 permit tcp any eq 1700 any 
access-l 112 permit tcp any eq 1812 any 
access-l 112 permit tcp any eq 1813 any 
access-l 112 permit ip any host 88.149.136.66
access-l 112 permit ip host 88.149.136.66 any 
 
class-map VOCE
  match access-group 112

class-map FILTRO-P2P
 match protocol gnutella
 match protocol edonkey
 match protocol bittorrent
 match protocol directconnect
 match protocol winmx
 match protocol fasttrack
 match protocol kazaa2

class-map match-any WEB-QOS
  match protocol dns
  match protocol icmp
  match protocol http
  match protocol pop3
  match protocol smtp
  match protocol telnet
  match protocol ssh
  match protocol secure-ftp
  match protocol secure-http
  match protocol secure-imap
  match protocol secure-pop3
  match access-group 111

policy-map QOS
 class FILTRO-P2P
  priority percent 5
 class VOCE
  priprity percent 10
 class WEB-QOS
  priority percent 60

interface dialer0
 max-reserved-bandwidth 100
 service-policy output QOS

[dok]

ma in questo modo quando parte una chiamata viene tagliata via tutta la banda alle telecamere??


Grazie

[dok]

notavo una cosa strana:

Extended IP access list 110
10 permit tcp any any eq 1800
20 permit tcp any any eq 1801
Extended IP access list 111
10 permit tcp any any eq 1800 (39179340 matches)
20 permit tcp any any eq 1801 (235 matches)


praticamente l'acl 110 delle telecamere non matcha mai mentre quella 111 che è sull'interfaccia dialer in matcha regolarmente e in continuo aumento.

E' spiegabile?


Grazie

[Wizard]

La acl 110 dove è applicata?

[dok]

Come da configurazione:

class-map match-any telecamere
description [TELECAMERE]
match access-group 110

Da nessun altra parte


Grazie

[Wizard]

Allora mi sa che anche la 111 matcha solo il traffico sulla int e non inerente al qos.

Riepilogo teorico:

acl 101
acl 102

class-map 1
match access-group 101

class-map 2
match access-group 102

policy-map QOS
class 1
priority percent 10
class 2
priprity percent 60

interface dialer0
max-reserved-bandwidth 100
service-policy output QOS

Le 2 acl sono 2 acl indipendenti dedicate al qos!

[dok]

Mi è assolutamente chiaro, infatti nella configurazione (pagina 1) le acl 105 e 110 sono per il qos mentre la 111 per la dialer in.

La questione è che:
la 105 matcha
la 110 no
la 111 si (parte delle telecamere)

Grazie

[Wizard]

Il "service-policy output voice-policy" levalo dalla atm e mettilo sulla dialer

[dok]

niente da fare non matcha nulla neanche sulla dialer0


Grazie

[Wizard]

Ma siamo sicuri che le porte siano corrette?
Invece che mettere le porte crea una sola acl così:

access-l num permit ip ip_videoconferenza any

[dok]

niente da fare, le ho provate tutte anche:

acl 110 permit tcp any host ip_cam

oppure

acl 110 permit ip ip_cam any

oppure

acl 110 permit tcp any any eq porta

ma niente da fare


grazie

[Wizard]

La corretta era

acl 110 permit ip ip_cam any

scusa, x riepilogo riesci a postare tutta la conf relativa al qos?!

[dok]

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool CLIENT
import all
network 10.5.36.0 255.255.255.0
default-router 10.5.36.254
lease 0 2
!
!
no ip domain lookup
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 3600
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw sip timeout 3600

username router password 7 xxxxxxxxxxxxxxxxxx
!
!
class-map match-any telecamere
description [TELECAMERE]
match access-group 110
class-map match-any voice-traffic
description [QOS VOICE]
match access-group 105
!
!
policy-map voice-policy
class voice-traffic
priority percent 70
class telecamere
priority percent 5
!
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.5.36.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1200
hold-queue 100 out
!
interface Dialer0
bandwidth 1280
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
service-policy output voice-policy
hold-queue 224 in
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!

ip nat inside source static tcp 10.5.36.10 1800 interface Dialer0 1800
ip nat inside source static tcp 10.5.36.11 1801 interface Dialer0 1801
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
!
access-list 101 permit ip 10.5.36.0 0.0.0.255 any

access-list 105 remark VoIP Traffic(sip/iax2)
access-list 105 permit udp any any eq 5060
access-list 105 permit udp any any eq 5061
access-list 105 permit udp any any eq 4569
access-list 105 permit udp any any eq 5004
access-list 105 permit udp any any range 10000 20000
access-list 105 permit tcp any any eq 1720

access-list 110 permit tcp any any eq 1800
access-list 110 permit tcp any any eq 1801

access-list 111 permit tcp any any eq 1800
access-list 111 permit tcp any any eq 1801
access-list 111 permit tcp any any eq telnet
access-list 111 permit udp any any eq non500-isakmp
access-list 111 permit icmp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit esp any any
access-list 111 permit udp any any eq 5060
access-list 111 permit udp any any eq 5061
access-list 111 permit udp any any eq 4569
access-list 111 permit udp any any eq 5004
access-list 111 permit udp any any range 10000 20000
access-list 111 permit tcp any any eq 1720
dialer-list 1 protocol ip permit
no cdp run

[dok]

Cercando su internet ho trovato questo post:

class-map match-all voice-traffic
match ip rtp 10000 10000
!
!
policy-map voice-policy
class voice-traffic
priority 200
class class-default
fair-queue
policy-map shaper
class class-default
shape average 350000 3500 0
service-policy voice-policy
!
interface <name of your WAN interface>
service-policy output shaper
!

The above configuration was taken directly from my router. I'll explain each portion of the above config so you know what it's doing.

a. The class map defines what type of packets you want to specify for quality of service. In this case the class-map is specifying all RTP packets, start at port 10000, for a range of 10000 ports. So in essence, any RTP packets to ports 10000-20000 will be targeted for quality of service.

b. The policy-map voice-policy is how you define how much bandwidth each class gets. In this case the voice-traffic class (the one I defined in the class-map) is getting 200kbps of bandwidth. This is more than enough for a single Vonage phone call (at the 90k setting). Specifying more than necessary doesn't hurt anything as it will only reserve the bandwidth if needed. Class-default is all your other traffic. Here we aren't specifying any bandwidth to be reserved, as such it will be handled in a standard fair-queueing type fashion where each traffic flow will be given an equal portion of the remaining bandwidth.

c. The policy-map shaper is VERY important. This slows down your interface to the speed of your upload stream. In most cases, your cable modem will have an Ethernet or Fast Ethernet connection to your router. Quality of service on kicks in only when a link is congested. If you don't slow down the connection to the cable modem itself the congestion will happen on the cable modem instead of the router. You don't control the cable modem, so you need to handle the congestion on the router. The shape average command is how you define how much you want to limit the interface. In this case I've specified 350kbps, 350000. The next value should always be a 100th of the first, hence the 3500. The last value should ALWAYS be 0. So, for example, if your upload speed 230kbps the command would be "shape average 230000 2300 0". The service-policy voice-policy hooks the bandwidth settings you've configure for your voice traffic to the policy-map you are using to slow the interface down.

d. Lastly, you need to apply all this to an interface. As such, I've applied the service-policy, shaper, in the outbound direction on this interface.

ma anche qui quando vado sulla Dialer0 e cerco di inserire il service-policy output shaper il router restituisce:

GTS : Not supported on this interface

Grazie

[Wizard]

C'è poco da fare, se la access-list 110 non matcha è perchè non gli arrivano pacchetti quindi darei una controllata al server...