10-23-2003 01:33 PM - edited 03-02-2019 11:13 AM
Hello All :)))
ip200.200.1.1 .2 .2 ip200.201.1.1
fa0 fa0 fa1 fa0
Testrtr1----------------------Testrtr2--------------------------Testrtr3
I am doing a very basic thing here, by setting the IP PREC on a policy route-map to critical for ANY ip traffic
But if you look in the capture below using ethereal, the IP PREC does not get set in and of the ICMP packets? BIZARRE?
CAN ANYONE PLEASE HELP ME? I am lost in space.
Does it really do what it says on the label? ;¬)
I perform a ping from Tesrtr1 to testrtr3 as follows :-
TEST1>ping 200.201.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 200.201.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
TEST1>
on testrtr2 i have the following config#
!
interface FastEthernet0
ip address 200.200.1.2 255.255.255.0
ip policy route-map test
half-duplex
fair-queue
!
interface FastEthernet1
ip address 13.13.0.1 255.255.255.0 secondary
ip address 200.201.1.2 255.255.255.0
half-duplex
fair-queue
!
!
access-list 199 permit ip any any
route-map test permit 10
match ip address 199
set ip precedence priority
set ip next-hop 200.201.1.1
!
and when the ping is run, i get the following from the debug ip policy
TEST2>
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match
07:24:44: IP: route map test, item 10, permit
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed
07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match
07:24:44: IP: route map test, item 10, permit
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed
07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match
07:24:44: IP: route map test, item 10, permit
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed
07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match
07:24:44: IP: route map test, item 10, permit
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed
07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match
07:24:44: IP: route map test, item 10, permit
07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed
07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1
TEST2>
Frame 35 (114 bytes on wire, 114 bytes captured)
Arrival Time: Oct 23, 2003 20:43:44.409628000
Time delta from previous packet: 0.067424000 seconds
Time relative to first packet: 12.097659000 seconds
Frame Number: 35
Packet Length: 114 bytes
Capture Length: 114 bytes
Ethernet II, Src: 00:00:0c:5c:b7:1a, Dst: 00:01:42:c9:76:3a
Destination: 00:01:42:c9:76:3a (Cisco_c9:76:3a)
Source: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)
Type: IP (0x0800)
Internet Protocol, Src Addr: 200.200.1.1 (200.200.1.1), Dst Addr: 200.201.1.1 (200.201.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 100
Identification: 0x0041 (65)
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (0x01)
Header checksum: 0x28c4 (correct)
Source: 200.200.1.1 (200.200.1.1)
Destination: 200.201.1.1 (200.201.1.1)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x5269 (correct)
Identifier: 0x0a09
Sequence number: 11:91
Data (72 bytes)
0000 00 00 00 00 01 97 0e b0 ab cd ab cd ab cd ab cd ................
0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0040 ab cd ab cd ab cd ab cd ........
Frame 36 (114 bytes on wire, 114 bytes captured)
Arrival Time: Oct 23, 2003 20:43:44.410428000
Time delta from previous packet: 0.000800000 seconds
Time relative to first packet: 12.098459000 seconds
Frame Number: 36
Packet Length: 114 bytes
Capture Length: 114 bytes
Ethernet II, Src: 00:01:42:c9:76:3a, Dst: 00:00:0c:5c:b7:1a
Destination: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)
Source: 00:01:42:c9:76:3a (Cisco_c9:76:3a)
Type: IP (0x0800)
Internet Protocol, Src Addr: 200.201.1.1 (200.201.1.1), Dst Addr: 200.200.1.1 (200.200.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 100
Identification: 0x0041 (65)
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (0x01)
Header checksum: 0x27c4 (correct)
Source: 200.201.1.1 (200.201.1.1)
Destination: 200.200.1.1 (200.200.1.1)
Internet Control Message Protocol
Type: 0 (Echo (ping) reply)
Code: 0
Checksum: 0x5a69 (correct)
Identifier: 0x0a09
Sequence number: 11:91
Data (72 bytes)
0000 00 00 00 00 01 97 0e b0 ab cd ab cd ab cd ab cd ................
0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0040 ab cd ab cd ab cd ab cd ........
Frame 37 (114 bytes on wire, 114 bytes captured)
Arrival Time: Oct 23, 2003 20:43:44.414083000
Time delta from previous packet: 0.003655000 seconds
Time relative to first packet: 12.102114000 seconds
Frame Number: 37
Packet Length: 114 bytes
Capture Length: 114 bytes
Ethernet II, Src: 00:00:0c:5c:b7:1a, Dst: 00:01:42:c9:76:3a
Destination: 00:01:42:c9:76:3a (Cisco_c9:76:3a)
Source: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)
Type: IP (0x0800)
Internet Protocol, Src Addr: 200.200.1.1 (200.200.1.1), Dst Addr: 200.201.1.1 (200.201.1.1)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 100
Identification: 0x0042 (66)
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (0x01)
Header checksum: 0x28c3 (correct)
Source: 200.200.1.1 (200.200.1.1)
Destination: 200.201.1.1 (200.201.1.1)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x5264 (correct)
Identifier: 0x0a0a
Sequence number: 11:91
Data (72 bytes)
0000 00 00 00 00 01 97 0e b4 ab cd ab cd ab cd ab cd ................
0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................
0040 ab cd ab cd ab cd ab cd ........
10-24-2003 12:51 AM
Hello again, I have retired this using CAR and again, in my packet traces, i dont see the IP Prec (I assume within the DSCP portion of the ip header) being set.
Please could someone help me, as it is obvisous that I am missing something in my configuration. Or, even if someone can post a packt trace with the information shown in the IP header.
Many thx for any help?
kindest regards,
Confused-Ken
10-24-2003 01:00 AM
can you show access-list 199.
10-24-2003 01:08 AM
Hello :) Just tried using as atsndard ACL and as you can see, i enable WFQ on the interface to see if this works.
Can you confirm that the IP Prec when set is should in the DSCP part of the IP packet header? I have never see a packet with the ip prec set so, i assume this is where i look?
Also tried using car on the interfaces to do the same thing, but no joy, so either its my packet capture s/w (have tried two anaylsers now) or im being silly in my config.
Also, it would be nice to know if when the router does the packet re-qrite, this could be shown via a debug, or if debug ip packet detail could indicated this part of the ip header ???
!
interface FastEthernet0
ip address 14.14.0.1 255.255.255.0 secondary
ip address 200.200.1.2 255.255.255.0
no ip split-horizon
ip policy route-map test
half-duplex
fair-queue
!
interface FastEthernet1
ip address 13.13.0.1 255.255.255.0 secondary
ip address 200.201.1.2 255.255.255.0
half-duplex
fair-queue
!
!
access-list 50 permit any
access-list 131 permit ip any any
access-list 199 permit ip any any
route-map test permit 10
match ip address 50
set ip precedence priority
set ip next-hop 200.201.1.1
!
route-map test permit 20
!
!
my car config was as follows :-
int fa0
rate-limit input access-group 131 1000000 8000 100000 conform-action set-prec-transmit 5 exceed-action drop
very-confused ken :))
10-24-2003 02:49 AM
Ken,
your config looks OK to me. Yep IP Pres is apart of DSCP so this should be shown in this part of the packet. I've not used policy routing to mark packets so am not sure of the show commands associated. Have you tried using a class based packet marker. With this you can do a show "polciy map" to make sure packets are being marked.
12-09-2003 02:03 PM
I've been having the same problem on a test setup with a 3620 running IOS 12.2(13)T9. The "set" statement I can get to work is the "set next-hop". I can't get the "set ip precedence" nor the "set ip tos" commands to work. I think why your "debug ip policy" looks like it is working is because it works for the "next-hop", but fails for the other. (Try removing the "set next-hop" statement from your config. and try it again. My debug shows the match, but rejects the policy) That's why you don't see the change in the packets you've sniffed.
Wish I knew the fix.
12-10-2003 11:31 AM
Found a solution - use class-map's:
class-map match-all VOIP-class
match access-group 10
policy-map VOIP
class VOIP-class
set precedence 5
on the interface:
service-policy input VOIP
Seems like the "ip policy route-map VOIPxxx" works for routing, when you set the next-hop, but fails when you're trying to set a precedence.
The "service-policy input VOIP" seemed to work when setting a precedence. You can see that by using the "show policy-map interface" command which will show the packets marked. Unfortunately, I haven't found a debug option that shows what is happening in real-time.
Hope this helped.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: