Date post: | 04-Apr-2018 |
Category: |
Documents |
Upload: | muhammad-younas |
View: | 218 times |
Download: | 0 times |
of 16
7/29/2019 Bilal Real Time LAb 4
1/16
ELEC6181
REAL TIME MULTIMEDIA COMMUNICATIONS OVER INTERNET
EXPERIMENT # 4
SUBMITTED BY
Bilal Akhtar
5208386
7/29/2019 Bilal Real Time LAb 4
2/16
Introduction
Policing and Shaping Overview
Cisco IOS QoS offers two kinds of traffic regulation mechanisms: the rate-limiting feature of committedaccess rate (CAR) for policing traffic, and Generic Traffic Shaping (GTS) for shaping traffic. You can
deploy these features throughout your network to ensure that a packet, or data source, adheres to a
stipulated contract and to determine the QoS to render the packet. Both policing and shaping
mechanisms use the traffic descriptor for a packetindicated by the packet's classificationto ensure
adherence and service.
Policers and shapers usually identify traffic descriptor violations in an identical manner. They usually
differ, however, in the way they respond to violations, for example:
A policer typically drops traffic. (For example, CAR's rate-limiting policer will either drop thepacket or rewrite its IP Precedence, resetting the packet header's type of service bits.)
A shaper typically delays excess traffic using a buffer, or queueing mechanism, to hold packetsand shape the flow when the data rate of the source is higher than expected. (For example, GTS
uses a weighted fair queue to delay packets in order to shape the flow.)
Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should
make it easy for nodes inside the network to detect misbehaving flows. This activity is sometimes called
policing the flow's traffic.
The Token Bucket mechanism is used by the policer or shaper to measure traffic and is discussed here.
Token Bucket as a traffic measurement instrument
A token bucket is a formal definition of a transfer rate. It has three components: burst size, mean rate,
and time interval (Tc).
Mean rate (committed information rate (CIR)): It specifies how much data, on average, can besent per time unit.
Burst size (Conformed Burst) Also called the Committed Burst (Bc) size, it specifies in bits perburst how much can be sent within a given unit of time to not create scheduling concerns. The
size of the Token Bucket is equal to Bc.
Time interval: Also called the measurement interval, it specifies the time quantum in secondsper burst.Although the mean rate is generally represented as bits per second, any two values may be derived from
the third by the relation shown as follows:
Mean rate = Burst size /Time interval
7/29/2019 Bilal Real Time LAb 4
3/16
By definition, over any integral multiple of the interval, the bit rate of the interface will not exceed the
mean rate. The bit rate, however, may be arbitrarily fast within the interval.
In a token bucket, tokens are put into the bucket at a certain rate. The bucket itself has a specified
capacity. If the bucket fills to capacity, newly arriving tokens are discarded. Each token is permission for
the source to send a certain number of bits into the network. To send a packet, the regulator must
remove from the bucket a number of tokens equal in representation to the packet size. If not enough
tokens are in the bucket to send a packet, the packet either waits until the bucket has enough tokens or
the packet is discarded or marked down. If the bucket is already full of tokens, incoming tokens overflow
and are not available to future packets. Thus, at any time, the largest burst a source can send into the
network is roughly proportional to the size of the bucket. Note that the token bucket mechanism used
for traffic shaping has both a token bucket and a data buffer, or queue; if it did not have a data buffer, it
would be a policer.
For traffic shaping, packets arriving that cannot be sent immediately are delayed in the data buffer. For
traffic shaping, a token bucket permits burstiness but bounds it. It guarantees that the burstiness isbounded so that the flow will never send faster than the capacity of the token bucket plus the time
interval multiplied by the established rate at which tokens are placed in the bucket. It also guarantees
that the long-term transmission rate will not exceed the established rate at which tokens are placed in
the bucket.
How a Traffic Policer or Shaper Works
A traffic policer or shaper examines traffic received on an interface or a subset of that traffic selected by
access list criteria. It then compares the rate of the traffic to a configured token bucket and takes action
based on the result. For example, it will drop the packet or rewrite the IP precedence by resetting the
type of service (ToS) bits.
A token bucket measurement is used to measure traffic. Tokens are inserted into the bucket at the
committed rate (CIR). The depth of the bucket is the burst size (Bc). Traffic arriving at the bucket when
sufficient tokens are available is said to conform, and the corresponding number of tokens are removed
from the bucket. If a sufficient number of tokens are not available, then the traffic is said to exceed.
7/29/2019 Bilal Real Time LAb 4
4/16
Matching Criteria
Traffic matching identifies the traffic of interest for rate limiting, precedence setting, or both. It can be
configured with one the following parameters:
Incoming interface
All IP traffic
IP precedence (defined by a rate-limit access list)
MAC address (defined by a rate-limit access list)
IP access list (standard and extended)
Traffic shaper/policer provides configurable actions, such as send, drop, or set precedence when traffic
conforms to or exceeds the rate limit.
Conform and Exceed Actions
A policer/shaper uses a token bucket. Once a packet has been classified as conforming to or exceeding a
particular rate limit, the router performs one of the following actions on the packet:
TransmitThe packet is sent.
DropThe packet is discarded.
Set precedence and transmitThe IP Precedence (ToS) bits in the packet header are rewritten. The
packet is then sent. You can use this action to either color (set precedence) or recolor (modify existing
packet precedence) the packet.
Continue The packet is evaluated using the next rate policy in a chain of rate limits. If there is not
Another rate policy, the packet is sent.
Set precedence and continueSet the IP Precedence bits to a specified value and then evaluate the
next rate policy in the chain of rate limits.
Traffic Engineering Using Policy Based Routing
Routing in IP network is usually based on a packets destination IP address. Routing based on other
information carried in a packets IP header is possible by using Policy Routing.
For traffic destined to a particular server, you might want to send traffic with a precedence of 3 on a
dedicated faster link than traffic with a precedence of 0. Though the destination is the same, the traffic
is routed over a different dedicated link for each IP precedence. Similarly, routing can be based on
packet length, source address, a flow defined by the source destination pair and TCP/UDP ports, ToS
/precedence bits, and so on. This flexible routing is commonly referred to as Policy Based Routing.
Policy based routing is not based on any dynamic routing protocol, but it uses the static configuration
local to the router.
Policy Based Routing Specification
Policy based routing is applied to incoming traffic. All packets received on an interface with policy based
routing enabled are passed through a route map. Based on the criteria defined in the route map,
packets are forwarded to the appropriate next hop. In this case, instead of routing based on the
7/29/2019 Bilal Real Time LAb 4
5/16
destination address, policy based routing allows you to determine and implement routing policies to
allow or deny paths based on the following:
The identity of a particular end system The application being run
The protocol in use The size of packetsThe route map statements used for policy based routing can be marked as permit or deny. If the
statement is marked as deny, a packet meeting the criteria will be sent using the destination based
routing. If the statement is marked as permit and the packet meets any of the match criteria, the
corresponding set statement will be applied. If no math is found in the route-map, the packet will be
sent using destination based routing.
Experiment 4: Traffic Policing, Shaping and Engineering
Complete the following experiment to configure traffic policing, shaping and engineering in a network.
In this experiment, students will work in the following groups:
Group 1: R25-1 & R45-1
Group 2: R25-2 & R45-3
Group 3: R25-3 & R45-2
Groups should start each task by coordination of the instructor. All groups should start each task at the
same time. Whenever you obtain performance diagrams, you should capture and present them in your
report.
Objective
In this lab experiment you will complete the following tasks:
Configure Traffic Policing/Shaping Configuring Traffic Engineering by using Policy based Routing
Command List
You can find the required command in each step.
Setup
Check the router configurations. OSPF routing should be enabled on all routers and you should be able
to access all router interfaces and hosts in the network. All router interfaces should be up in both
physical and data link layers.
7/29/2019 Bilal Real Time LAb 4
6/16
Task A: Configure network topology
Step 1 Configure serial interfaces speed as 256Kbps and queuing as FIFO.
Note: To configure an interface speed, you should change both the clock rate and interface bandwidth
as it was done in Lab Experiment 1.
Rx-x#configure terminal
Rx-x(config)#interface serial0/x x= 0, 1
Rx-x(config-if)#clock rate 256000
Rx-x(config-if)#bandwidth 256
Rx-x(config-if)#^z
Task B: Check network topology
Complete the following steps.
Step 1 Check the routing paths from your router to all the other routers and write down the results in
the following table. You should use the following command:
Source router Destination router Path
R25-3
R25-2 10.0.15.6-->10.0.15.14 (2 Hops)
R25-3 10.0.15.10 -->10.0.15.25 (2 Hops)
R45-1 10.0.15.16 (1 Hop)
R45-2 10.0.15.10 (1 Hop)
R45-3 192.168.20.65
Task C: Monitor network performance
Step 1. Using IPM, configure the following collectors and operations. All collectors startup time should
be defined as on demand.
Collector
Parameters
Timeout Sample
Interval
Destination
Port
Request
Payload
Packet
Interval
No. of
Packets
Jitter
Threshold
Voice-x-x 5000 10 UDP16400 160 20 150 250
Video-x-x 5000 10 UDP50505 1024 100 50 250
FTP-x-x 9000 10 TCP 21
R25-1:ftp://192.168.20.68/atapi.exe
R25-2:ftp://192.168.20.84/atapi.exe
R25-3:ftp://192.168.20.100/atapi.exe
Note: Do not start collectors in this step.
ftp://192.168.20.68/atapi.exeftp://192.168.20.68/atapi.exeftp://192.168.20.68/atapi.exeftp://192.168.20.84/atapi.exeftp://192.168.20.84/atapi.exeftp://192.168.20.84/atapi.exeftp://192.168.20.100/atapi.exeftp://192.168.20.100/atapi.exeftp://192.168.20.100/atapi.exeftp://192.168.20.100/atapi.exeftp://192.168.20.84/atapi.exeftp://192.168.20.68/atapi.exe7/29/2019 Bilal Real Time LAb 4
7/16
Step 2 Start Voice, Video and FTP collector in IPM and check the traffic delays for a period of 5 minutes.
Then capture real-time diagrams and stop the collectors.
FTP OUTPUT
VIDEO OUTPUT
7/29/2019 Bilal Real Time LAb 4
8/16
VOICE OUTPUT
Task D: Configure traffic policing
Step 1 Configure traffic policing to mark packets with the following DSCP values:
Mark FTP traffic up to 16Kbps with DSCP=2 and for more than that with DSCP=1 Mark Video traffic up to 48Kbps with DSCP=4 and for more than that with DSCP=3 Mark Voice traffic up to 32Kbps with DSCP=6 and for more than that with DSCP=5
The following access lists can be used to separate each traffic type (conditioning):
Rx-x(config)#Access-list 130 permit tcp 192.168.20.84 0.0.0.15 any eq ftp
Rx-x(config)#Access-list 130 permit tcp 192.168.20.84 0.0.0.15 eq ftp-data any
Rx-x(config)#access-list 140 permit udp any any eq 16400Rx-x(config)#access-list 150 permit udp any any eq 50505
For traffic policing, the following commands should be executed on the specified routers:
R25-x(config)#interface serial0/0
R25-x(config-if)#rate-limit output access-group 130 16000 2000 2000 conform-action set-dscp-continue
2 exceed-action set-dscp-continue 1
7/29/2019 Bilal Real Time LAb 4
9/16
R25-x(config-if)#rate-limit output access-group 150 48000 2000 2000 conform-action set-dscp-transmit
4 exceed-action set-dscp-transmit 3
R25-x(config-if)#rate-limit output access-group 140 32000 2000 2000 conform-action set-dscp-continue
6 exceed-action set-dscp-continue 5
R25-x(config)#interface serial0/1
R25-x(config-if)#rate-limit output access-group 130 16000 2000 2000 conform-action set-dscp-continue
2 exceed-action set-dscp-continue 1
R25-x(config-if)#rate-limit output access-group 150 48000 2000 2000 conform-action set-dscp-transmit
4 exceed-action set-dscp-transmit 3
R25-x(config-if)#rate-limit output access-group 140 32000 2000 2000 conform-action set-dscp-continue
6 exceed-action set-dscp-continue 5
Task E: Monitor Network Performance
Step 1 Start Voice, Video and FTP collectors and enter the following command to check the packet
marking:
FTP OUTPUT
7/29/2019 Bilal Real Time LAb 4
10/16
VIDEO OUTPUT
VOICE OUTPUT
7/29/2019 Bilal Real Time LAb 4
11/16
R25-x#show interface serial 0/x rate-limit
Check the command output and append it to your report. Try to discuss various fields in the
output. Stop the traffic collectors after you finish this step.
Serial0/0
Output
matches: access-group 130
params: 16000 bps, 2000 limit, 2000 extended limit
conformed 0 packets, 0 bytes; action: set-dscp-continue 2
exceeded 0 packets, 0 bytes; action: set-dscp-continue 1
last packet: 6984232ms ago, current burst: 0 bytes
last cleared 00:05:36 ago, conformed 0 bps, exceeded 0 bps
matches: access-group 150
params: 48000 bps, 2000 limit, 2000 extended limit
conformed 0 packets, 0 bytes; action: set-dscp-transmit 4
exceeded 0 packets, 0 bytes; action: set-dscp-transmit 3
last packet: 6984232ms ago, current burst: 0 bytes
last cleared 00:04:24 ago, conformed 0 bps, exceeded 0 bps
matches: access-group 140
params: 32000 bps, 2000 limit, 2000 extended limit
conformed 0 packets, 0 bytes; action: set-dscp-continue 6
exceeded 0 packets, 0 bytes; action: set-dscp-continue 5
last packet: 6984232ms ago, current burst: 0 bytes
last cleared 00:03:16 ago, conformed 0 bps, exceeded 0 bps
R25-3#show int s0/1 rate-limit
Serial0/1
Output
matches: access-group 130
params: 16000 bps, 2000 limit, 2000 extended limit
conformed 0 packets, 0 bytes; action: set-dscp-continue 2
exceeded 0 packets, 0 bytes; action: set-dscp-continue 1
last packet: 7049144ms ago, current burst: 0 bytes
last cleared 00:03:32 ago, conformed 0 bps, exceeded 0 bps
matches: access-group 150
params: 48000 bps, 2000 limit, 2000 extended limit
conformed 540 packets, 570240 bytes; action: set-dscp-transmit 4
exceeded 357 packets, 376992 bytes; action: set-dscp-transmit 3
last packet: 72ms ago, current burst: 1200 bytes
last cleared 00:02:59 ago, conformed 25000 bps, exceeded 16000 bps
7/29/2019 Bilal Real Time LAb 4
12/16
matches: access-group 140
params: 32000 bps, 2000 limit, 2000 extended limit
conformed 1156 packets, 221952 bytes; action: set-dscp-continue 6
exceeded 1214 packets, 233088 bytes; action: set-dscp-continue 5
last packet: 4ms ago, current burst: 1984 bytes
last cleared 00:02:34 ago, conformed 11000 bps, exceeded 12000 bps
Results Explanation
In these results, matches field shows that what access list is applied on this interface. Params field
tells us what is the data rate limit applied in that access group. Conformed field tells how many
packets have conformed to the data rate limits and exceeded field tells how many packets have
exceeded the limit. Action field tells what to do if the packet is conforming or nonconforming. The
Last Packet field tells us that when the last packet was received. Last Cleared field tells us the time
when the counters were last cleared by using clear counter command.
Task F: Traffic Management Configuration
Step 1 In this step, you configure policy based routing to transmit FTP traffic through a different route
compared to the shortest path chosen by OSPF. New paths are shown in the following table.
Source Router Destination FTP
Server
Routers Traversed Routers with Policy
statements
R25-2 WS-25-1 R25-1->R45-2->R45-3 ->R25-1 R25-1->R45-2
R25-3 WS25-2 R25-2->R45-1->R45-2->R25-3 R25-2->R45-1
R25-1 WS25-3 R25-3->R45-3->R45-1->R25-1 R25-3->R45-3
FTP traffic will be selected by using the access lists in step 2. You configure the corresponding route
maps to conduct traffic by using the match and set statements. In match statements, packets are
checked against specific conditions which in this case are the access lists. In set commands, next -hop-
address is specified which is the address of the corresponding interface on the next router in the path.
Enter the following commands in global configuration mode on the corresponding routers specified in
Routers with Policy statements section of above table:
Rx-x(config-route-map)#route-map route-map-name permit 10
For route-map-name we can give any name like group2
match ip address access-list-number
checks ip address with acces list with FTP which acces list 130
set ip next-hop next-hop-address sets the next hop address for this accesslist.
exit
7/29/2019 Bilal Real Time LAb 4
13/16
Step 2 Issue the following commands on the corresponding interfaces to assign route-maps to an
interface. The interface should be chosen as the incoming interface for the preferred traffic
which in this case is FTP.
Rx-x(config)#interface interface-name like ( S 0/1)
Rx-x(config-if)#ip policy route-map route-map-name
Step 3 Execute the debugging command for policy based routing as follows:
Rx-x# debug ip policy
Step 4 Start the Video and FTP collectors that you used in step 2 and answer the following questions:
What messages do you see in your console and what do they mean? How did you use the debug messages to check the accuracy of your route map configurations?
Capture a couple of complete debug messages and append them to your report. Discuss their various
fields.
Note: You can stop debugging messages from appearing at any time by entering the following command
which means undebug all:
Rx-x# u al
Step 5 Obtain delay curves for Voice, Video and FTP for a period of 5 minutes and compare them with
curves you obtained in task C and answer the following questions:
7/29/2019 Bilal Real Time LAb 4
14/16
FTP OUTPUT
VIDEO OUTPUT
7/29/2019 Bilal Real Time LAb 4
15/16
VOICE OUTPUT
Is there any improvement in FTP delay? Why?Ans. Yes, there is definitely some improvements in FTP delay compared to that of the task C and it
ideally that should be the case since, we configured policy for the transfer of FTP traffic. So we can see
slight improvement for FTP delay compared to FTP traffic in task C. In Task F we have an average delay
of 7500 ms while the average delay in Task C was around 6000 ms at the beginning and it jumped to
8000 after one minute.
Is there any improvement in Video delay? Why?Ans. There has been a significant improvement in video delay because of the routing changes that we
implemented in our router. We defined a static route for the traffic which lowered the delay for the
traffic.
Completion criteria
At the end of this lab, you should have obtained the required diagrams for the specified tasks along with
the output of specified commands. We stopped the traffic collectors and copied all the captured
diagrams for our report.
7/29/2019 Bilal Real Time LAb 4
16/16
Conclusion
This experiment was all about configuring traffic policing/shaping and Traffic Engineering in a networkby using Policy based Routing and also monitoring the real-time traffic flow parameters by using IPM.
While performing the experiment, we monitored the network performance for the network with OSPF
routers and the router was configured with 256 Kbps speed and FIFO queuing. Also, we monitored the
network performance after performing traffic policing and we observed that there was not much
difference in the network performance parameters in the two cases. Traffic policing and shaping are
mechanisms used to make sure traffic conforms the service between customers. Dropping and shaping
applied to all packets enter and exit the router, this is done by using token bucket mechanisms. Policy
routing is used to implement traffic engineering and choose optimal routes for different traffic types to
maximize network bandwidth and resources.
We have done operations step by step in our experiment. We have captured the real time statistics
outputs for FTP, video and Voice traffic using usual FIFO technique. Then traffic policing was configured
by first creating an access lists for each separate traffic. Then traffic policing commands were issued on
the serial interfaces using the access lists that were earlier created. It is important to know that, in our
experiment, we applied traffic policing only on 25 series routers and not on the 45 series routers. This is
because only the 25 series machines acts as AG routers , which are generating packets and where traffic
policing would be implemented. The 45 series machines are only forwarding packets and not doing
anything else. Then after Task E we connect the fast Ethernet 0/1 interface and then transmit FTP traffic
using the routes defined in Step F.
We then apply the route-map to the interfaces that we want the particular route map to be
implemented. The interface will first match the access list no. and if its a match and then sets the next
hop as the one given in the table in Task F Step 1. The access-list no. used in this case is for the FTP as is
mentioned in Step 1. In the end we compared the two different graphs obtained from task C and task F
and found negligible differences between them.
The experiment went successful for us. It actually led us to know the various aspects of using access list
and its priority. With the help of DSCP value we came to know how to provide different commands to
proceed with different types of data. Weather it is FTP packet or voice packets.