思科认证:分享CiscoASA上QoS的配置Cisco认证考试

文章作者 100test 发表时间 2009:05:26 18:51:42
来源 100Test.Com百考试题网

　　Cisco ASA用三种方法来实现QoS，分别为：流量管制(traffic policing)，流量整形(traffic shaping)，优先级队列（priority queueing)。三种方法的不同之处在于：当流量达到设置的阈值时，流量管制丢弃包，流量整形把包放进等待队列(7.2.4版本以上才支持)。而优先级队列不受前两者影响，其优先级高于前两两者。在相同状况下，使用优先级队列的流量最先通过。在实际工作中，这三种方法是混合使用的。
　　结合下图，由下而上，我简单描述一下设置QoS的步骤：

　　1) 设置class map，匹配想要控制的流量，可以用ACL，dscp，tunnel-group…
　　2) 设置policy map，并应用priroty或（和）Police在相应的class map上。
　　3) 设置service policy，并匹配需要的policy map 。
　　4) 把service policy应用在接口上。
　　例子：
　　Traffic Policing with Prioritization
　　Lets assume that we have an ASA that is running voice over a VPN tunnel. And that we want to prioritize the voice traffic through the VPN. Also we want to police the VPN traffic that is not voice and the rest of the TCP traffic.
　　Lets say that the available upload bandwidth for the outside interface is 1Mbps. We want to dedicate 300kbps for the VPN, 100kbps of which will be guaranteed for voice (thus 200kbps for non-voice VPN traffic), 500kbps for the tcp traffic and 200kbps for everything else. Also, assume that the voice traffic is flagged with dhcp field ef (as it is the default for most cases). The tunnel group name is tunnel-grp1.
　　ASA(config)# priority-queue outside
　　ASA(config)# access-list tcp-traffic-acl permit tcp any any
　　ASA(config)# class-map tcp-traffic-class
　　ASA(config-cmap)# match access-list tcp-traffic-acl
　　ASA(config)# class-map TG1-voice-class
　　ASA(config-cmap)# match tunnel-group tunnel-grp1
　　ASA(config-cmap)# match dscp ef
　　ASA(config-cmap)# class-map TG1-rest-class
　　ASA(config-cmap)# match tunnel-group tunnel-grp1
　　ASA(config-cmap)# match flow ip destination-address
　　ASA(config)# policy-map police-priority-policy
　　ASA(config-pmap)# class tcp-traffic-class
　　ASA(config-pmap-c)# police output 500000
　　ASA(config-pmap-c)# class TG1-voice-class
　　ASA(config-pmap-c)# priority
　　ASA(config-pmap-c)# class TG1-rest-class
　　ASA(config-pmap-c)# police output 200000
　　ASA(config-pmap-c)# class class-default
　　ASA(config-pmap-c)# police output 200000
　　ASA(config-pmap-c)# service-policy police-priority-policy interface outside
　　Traffic Shaping with Prioritization
　　Now, lets assume that we have the same ASA as in the previous case.
　　And we now want to traffic shape all traffic and prioritize the voice through the VPN. In other words we will traffic shape all traffic for 900kbps, prioritize the voice and guarantee 100kbps for it. Again, we assume that the voice traffic is flagged with dhcp field ef and the tunnel group name is tunnel-grp1.
　　ASA(config)# priority-queue outside
　　ASA(config)# class-map TG1-voice-class
　　ASA(config-cmap)# match tunnel-group tunnel-grp1
　　ASA(config-cmap)# match dscp ef
　　ASA(config-cmap)# policy-map priority-policy
　　ASA(config-pmap)# class TG1-voice-class
　　ASA(config-pmap-c)# priority
　　ASA(config-pmap-c)# policy-map shape-priority-policy
　　ASA(config-pmap)# class class-default
　　ASA(config-pmap-c)# shape average 1000000
　　ASA(config-pmap-c)# service-policy priority-policy
　　ASA(config-pmap-c)# service-policy shape-priority-policy interface outside
　　更多优质资料尽在百考试题论坛 百考试题在线题库　思科认证更多详细资料