Describes how to implement vswitch bandwidth control based on QoS.

The instance explains the detailed steps for QoS to implement vswitch bandwidth control. The following article will help you understand the knowledge of QoS to implement vswitch bandwidth control. P2P-based applications and some viruses are the main factors affecting the quality of network operation in recent years. In this regard, limiting the number of connections and bandwidth at the hardware layer is a relatively temporary solution. I will share with you a real case to implement vswitch bandwidth control through QoS.

Network Topology

The park has seven networks and has 27 Units, totaling more than one thousand information points. Each building uses the optical fiber connection center (in lF 1 2) to uniformly use the telecom l00M internet outlets. Based on the principles of clear structure and convenient management, the campus network is divided into subnets by unit, corresponding to 192.168.1.0/24 ~ 192.168.27.0/24, 24,192.168 .0.0/28 is the device communication network segment, and a number of dedicated network segments such as servers are set.

Network device status

The firewall used in the campus is an old device that can limit the number of connections per IP address. However, the bandwidth management function is weak. It does not support VLAN-based bandwidth restriction. The bandwidth restriction policy can only be deployed on core switches. The core switch is Cisco 3560G, and the G0/24 is connected to 5-7F, G0/25 ~ through the optical fiber transceiver ~ G0/28 (optical port) are connected to l ~ 4F, all set to Trunk, GO/1 to connect to the firewall.

Implementation

Considering all the factors, the switch bandwidth control is achieved through the QoS of the switch. Different from routers or firewalls, A vswitch uses two types of data: Internet bandwidth occupation or no occupation. Different policies must be applied. For the traffic that occupies Internet bandwidth, it is classified into two categories based on the unit size. The larger unit Internet bandwidth is limited to 4 m upstream and 10 m downstream, the smaller unit is 2 m upstream and 5 m downstream. LO0M upstream is provided for traffic that no Internet bandwidth is occupied by all users for mutual access or access that is concentrated on servers in the central data center. No downstream restrictions are imposed.

Implementation Process

The following uses Cisco 3560G as an example for configuration. The irrelevant part is deleted or omitted. The key part is described in the text.

◆ Enable QoS for vswitch bandwidth control
Mls qos

◆ Define QoS implementation switch bandwidth control types and bind the corresponding access control lists respectively
Class-m apmatch-all bandwidth_loca_up
Match access-group name locaL_up
Class-map match-all bandwidth_wide_high_up
Match access-group name wide_high_up
Class-map match-all bandwidth_wide_low_up
Match access-group name wide_low_up
The class-map match-a11 bandwidth_wide_high_down
Match aecess-group name wide_high_down
The class-map match-a11 bandwidth_wide_low_down
Match access-group name wide_low_down
Note: The downstream policy is only applicable to the G0/1 protocol used to communicate with the firewall. Local mutual access traffic does not use this port and bandwidth_local_down is not required.

◆ Define an upstream policy
Policy-map local_wide_up
Class bandwidth_locaLup
Police 100000000 800000 exceed-action drop

◆ Note:
The first parameter of this command 100000000 is the maximum bandwidth, and the local mutual access is set to the maximum value 100 M, that is, the maximum rate at which each unit enters the aggregation layer. The second parameter 800000 is the Normal burst data volume (Normal burst bytes), which can be between 8000 and ~ 1000000 settings. This value ensures good throughput. If it is set too low, the actual data rate is much lower than the configured rate. If it is set too high, congestion may occur. It is best to set a proper value through actual measurement.
Class bandwidth_wide_high_up
Police 4000000 160000 exceed-action drop
Class bandw idth_wide_low_up
Police 2000000 80000 exceed-action drop
Note: The method for defining a downstream policy is similar.

◆ Apply QoS on the corresponding port to implement vswitch bandwidth control policy
Int G0/l
Service-policy input localwide_dow
Int G0/24
Service-policy input localwide_up
QoS for vswitch bandwidth control tip: similar to G24, Local_wide_up policy is applied to G25-G28 ports.

◆ Define the access control list
Ip access-list extended local_up
Permit ip 192.168.0.0 O. O.31.255 l91_o. 0 O. O.31.255
Note: This list only allows data passing through local mutual access.
Ip access-list extended wide_high_down
Permit ip any 192.168.0.0 0.0.3.255
Permit ip any 192.168.6.0 0. O.1.255
Note: The access list allows only downstream data of large units to pass.
Ip access-list extended wide_high_up
Deny ip 192.168.0.0 0.0.31.255 l9255.0.0 O.0.31.255
Permit ip 192.168.0.0 0.0.3.255 any
Permit ip l92.166.0 0.0.1.255 any

QoS implements vswitch bandwidth control Description: This list only allows a large number of organizations to pass upstream data in addition to local mutual access. The first rule is very important. With this rule, local mutual access will be conducted in normal mode even if the Local_up policy is not used. Summary: in this way, we implement vswitch bandwidth control through the QoS of the vswitch. The method for setting the corresponding access control list for small-scale units is similar.