02-03-2009 05:32 PM - edited 03-04-2019 01:05 AM
I'd like to graph inbound traffic depending on 2 things.
The destination address (ACL?)
and source acquired form community-lists.
Currently BGP marks routes and we have a outbound policy for traffic.
I'm having problems on a 7301 router (12.4) graphing the inbound traffic.
I can do it with only ACLs, but then I can't differentiate between BGP community tagged routes.
ISP provides domestic routes with :123 and international routes with community :456.
I've tried something like this and there aren't any hits on the class-maps on the inbound policy.
! Sample config
!
ip access-list extended WEBSITES # our wesite address range
permit ip any 10.10.10.0 0.0.0.255
!
ip access-list extended CORPORATE # our corporate address range
permit ip any 20.20.20.0 0.0.0.255
!
ip community-list 1 permit 789:123 # domestic routes
ip community-list 2 permit 789:456 # international routes
!
route-map SET-QOS-GROUPS permit 10 # match and set qos-group for domestic routes
match community 1
set ip qos-group 1
!
route-map SET-QOS-GROUPS permit 20 # match and set qos-group for internationl routes
match community 2
set ip qos-group 2
!
!
router bgp 890 # make BGP mark routes.
table-map SET-QOS-GROUPS
!
class-map match-all WEBDOMESTIC # traffic to our websites from domestic routes
match access-group name WEBSITES
match qos-group 1
!
class-map match-all WEBINTERNATIONAL # traffic to our websites from international routes
match access-group name wEBSITES
match qos-group 2
!
class-map match-all CORPDOMESTIC # traffic to corporate office from domestic routes
match access-group name CORPORATE
match qos-group 1
!
class-matp match-all CORPINTERNATIONAL # traffic to corporate office from international routes
match access-group name CORPORATE
match qos-group 2
!
policy-map INBOUNDTRAFFIC # policy-map to graph against.
class WEBDOMESTIC
class WEBITNERNATIONAL
class CORPDOMESTIC
class CORPINTERNATIONAL
!
interface gig0/1 # apply policy to interface.
service-policy input INBOUNDTRAFFIC
!
end
If I'm missing something in config or there is a better way to graph this then your help is much appreciated.
Solved! Go to Solution.
02-05-2009 08:05 PM
Yes, you need the command on both interfaces where you could received the target traffic
Don't forget the bgp-policy destination cmd will match the destination address of the packet. If you want to match the source address, you need bgp-policy source cmd instead.
02-03-2009 08:15 PM
Hi,
I think you are missing the bgp-policy destination ip-qos-map command on your ingress interface if your sending the BGP updates on that interface.
Please refer to the following link for more details regarding QPPB feature:
HTH
Laurent.
02-04-2009 01:53 PM
Arh yes, bgp-policy destination ip-qos-map is on our G0/0 interface on our side of the router.
I believe this is because we are dual homed to a peering point as well.
G0/1 - ISP
G0/2 - Peer
G0/0 - LAN (corp/web)
Should this be moved to the 2 Provider interfaces on the outside of the router?
Will this cause a conflict in the qos table having two sources?
02-05-2009 08:05 PM
Yes, you need the command on both interfaces where you could received the target traffic
Don't forget the bgp-policy destination cmd will match the destination address of the packet. If you want to match the source address, you need bgp-policy source cmd instead.
02-09-2009 12:19 PM
Thank you, all is working now. :)
Aside from having the bgp-policy on the interface, I had ACLs which were different from the config that were also making the troubleshooting hard having netmask instead of wildcard mask as above.
02-09-2009 01:33 PM
You're welcome !!
Laurent.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: