Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
438
Views
0
Helpful
6
Replies

Setting the IP Prec in an IP PAcket using policy routing

kfarrington
Level 3
Level 3

‎10-23-2003 01:33 PM - edited ‎03-02-2019 11:13 AM

Hello All :)))

ip200.200.1.1 .2 .2 ip200.201.1.1

fa0 fa0 fa1 fa0

Testrtr1----------------------Testrtr2--------------------------Testrtr3

I am doing a very basic thing here, by setting the IP PREC on a policy route-map to critical for ANY ip traffic

But if you look in the capture below using ethereal, the IP PREC does not get set in and of the ICMP packets? BIZARRE?

CAN ANYONE PLEASE HELP ME? I am lost in space.

Does it really do what it says on the label? ;¬)

I perform a ping from Tesrtr1 to testrtr3 as follows :-

TEST1>ping 200.201.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 200.201.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

TEST1>

on testrtr2 i have the following config#

!

interface FastEthernet0

ip address 200.200.1.2 255.255.255.0

ip policy route-map test

half-duplex

fair-queue

!

interface FastEthernet1

ip address 13.13.0.1 255.255.255.0 secondary

ip address 200.201.1.2 255.255.255.0

half-duplex

fair-queue

!

!

access-list 199 permit ip any any

route-map test permit 10

match ip address 199

set ip precedence priority

set ip next-hop 200.201.1.1

!

and when the ping is run, i get the following from the debug ip policy

TEST2>

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match

07:24:44: IP: route map test, item 10, permit

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed

07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match

07:24:44: IP: route map test, item 10, permit

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed

07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match

07:24:44: IP: route map test, item 10, permit

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed

07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match

07:24:44: IP: route map test, item 10, permit

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed

07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1, len 100, policy match

07:24:44: IP: route map test, item 10, permit

07:24:44: IP: s=200.200.1.1 (FastEthernet0), d=200.201.1.1 (FastEthernet1), len100, policy routed

07:24:44: IP: FastEthernet0 to FastEthernet1 200.201.1.1

TEST2>

Frame 35 (114 bytes on wire, 114 bytes captured)

Arrival Time: Oct 23, 2003 20:43:44.409628000

Time delta from previous packet: 0.067424000 seconds

Time relative to first packet: 12.097659000 seconds

Frame Number: 35

Packet Length: 114 bytes

Capture Length: 114 bytes

Ethernet II, Src: 00:00:0c:5c:b7:1a, Dst: 00:01:42:c9:76:3a

Destination: 00:01:42:c9:76:3a (Cisco_c9:76:3a)

Source: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)

Type: IP (0x0800)

Internet Protocol, Src Addr: 200.200.1.1 (200.200.1.1), Dst Addr: 200.201.1.1 (200.201.1.1)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 100

Identification: 0x0041 (65)

Flags: 0x00

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 254

Protocol: ICMP (0x01)

Header checksum: 0x28c4 (correct)

Source: 200.200.1.1 (200.200.1.1)

Destination: 200.201.1.1 (200.201.1.1)

Internet Control Message Protocol

Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0x5269 (correct)

Identifier: 0x0a09

Sequence number: 11:91

Data (72 bytes)

0000 00 00 00 00 01 97 0e b0 ab cd ab cd ab cd ab cd ................

0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0040 ab cd ab cd ab cd ab cd ........

Frame 36 (114 bytes on wire, 114 bytes captured)

Arrival Time: Oct 23, 2003 20:43:44.410428000

Time delta from previous packet: 0.000800000 seconds

Time relative to first packet: 12.098459000 seconds

Frame Number: 36

Packet Length: 114 bytes

Capture Length: 114 bytes

Ethernet II, Src: 00:01:42:c9:76:3a, Dst: 00:00:0c:5c:b7:1a

Destination: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)

Source: 00:01:42:c9:76:3a (Cisco_c9:76:3a)

Type: IP (0x0800)

Internet Protocol, Src Addr: 200.201.1.1 (200.201.1.1), Dst Addr: 200.200.1.1 (200.200.1.1)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 100

Identification: 0x0041 (65)

Flags: 0x00

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 255

Protocol: ICMP (0x01)

Header checksum: 0x27c4 (correct)

Source: 200.201.1.1 (200.201.1.1)

Destination: 200.200.1.1 (200.200.1.1)

Internet Control Message Protocol

Type: 0 (Echo (ping) reply)

Code: 0

Checksum: 0x5a69 (correct)

Identifier: 0x0a09

Sequence number: 11:91

Data (72 bytes)

0000 00 00 00 00 01 97 0e b0 ab cd ab cd ab cd ab cd ................

0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0040 ab cd ab cd ab cd ab cd ........

Frame 37 (114 bytes on wire, 114 bytes captured)

Arrival Time: Oct 23, 2003 20:43:44.414083000

Time delta from previous packet: 0.003655000 seconds

Time relative to first packet: 12.102114000 seconds

Frame Number: 37

Packet Length: 114 bytes

Capture Length: 114 bytes

Ethernet II, Src: 00:00:0c:5c:b7:1a, Dst: 00:01:42:c9:76:3a

Destination: 00:01:42:c9:76:3a (Cisco_c9:76:3a)

Source: 00:00:0c:5c:b7:1a (Cisco_5c:b7:1a)

Type: IP (0x0800)

Internet Protocol, Src Addr: 200.200.1.1 (200.200.1.1), Dst Addr: 200.201.1.1 (200.201.1.1)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

0000 00.. = Differentiated Services Codepoint: Default (0x00)

.... ..0. = ECN-Capable Transport (ECT): 0

.... ...0 = ECN-CE: 0

Total Length: 100

Identification: 0x0042 (66)

Flags: 0x00

.0.. = Don't fragment: Not set

..0. = More fragments: Not set

Fragment offset: 0

Time to live: 254

Protocol: ICMP (0x01)

Header checksum: 0x28c3 (correct)

Source: 200.200.1.1 (200.200.1.1)

Destination: 200.201.1.1 (200.201.1.1)

Internet Control Message Protocol

Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0x5264 (correct)

Identifier: 0x0a0a

Sequence number: 11:91

Data (72 bytes)

0000 00 00 00 00 01 97 0e b4 ab cd ab cd ab cd ab cd ................

0010 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0020 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0030 ab cd ab cd ab cd ab cd ab cd ab cd ab cd ab cd ................

0040 ab cd ab cd ab cd ab cd ........

Labels:
0 Helpful
6 Replies 6

kfarrington
Level 3
Level 3

‎10-24-2003 12:51 AM

Hello again, I have retired this using CAR and again, in my packet traces, i dont see the IP Prec (I assume within the DSCP portion of the ip header) being set.

Please could someone help me, as it is obvisous that I am missing something in my configuration. Or, even if someone can post a packt trace with the information shown in the IP header.

Many thx for any help?

kindest regards,

Confused-Ken

0 Helpful

mark.edwards
Level 1
Level 1
In response to kfarrington

‎10-24-2003 01:00 AM

can you show access-list 199.

0 Helpful

kfarrington
Level 3
Level 3
In response to mark.edwards

‎10-24-2003 01:08 AM

Hello :) Just tried using as atsndard ACL and as you can see, i enable WFQ on the interface to see if this works.

Can you confirm that the IP Prec when set is should in the DSCP part of the IP packet header? I have never see a packet with the ip prec set so, i assume this is where i look?

Also tried using car on the interfaces to do the same thing, but no joy, so either its my packet capture s/w (have tried two anaylsers now) or im being silly in my config.

Also, it would be nice to know if when the router does the packet re-qrite, this could be shown via a debug, or if debug ip packet detail could indicated this part of the ip header ???

!

interface FastEthernet0

ip address 14.14.0.1 255.255.255.0 secondary

ip address 200.200.1.2 255.255.255.0

no ip split-horizon

ip policy route-map test

half-duplex

fair-queue

!

interface FastEthernet1

ip address 13.13.0.1 255.255.255.0 secondary

ip address 200.201.1.2 255.255.255.0

half-duplex

fair-queue

!

!

access-list 50 permit any

access-list 131 permit ip any any

access-list 199 permit ip any any

route-map test permit 10

match ip address 50

set ip precedence priority

set ip next-hop 200.201.1.1

!

route-map test permit 20

!

!

my car config was as follows :-

int fa0

rate-limit input access-group 131 1000000 8000 100000 conform-action set-prec-transmit 5 exceed-action drop

very-confused ken :))

0 Helpful

mark.edwards
Level 1
Level 1
In response to kfarrington

‎10-24-2003 02:49 AM

Ken,

your config looks OK to me. Yep IP Pres is apart of DSCP so this should be shown in this part of the packet. I've not used policy routing to mark packets so am not sure of the show commands associated. Have you tried using a class based packet marker. With this you can do a show "polciy map" to make sure packets are being marked.

0 Helpful

d.wolover
Level 1
Level 1
In response to mark.edwards

‎12-09-2003 02:03 PM

I've been having the same problem on a test setup with a 3620 running IOS 12.2(13)T9. The "set" statement I can get to work is the "set next-hop". I can't get the "set ip precedence" nor the "set ip tos" commands to work. I think why your "debug ip policy" looks like it is working is because it works for the "next-hop", but fails for the other. (Try removing the "set next-hop" statement from your config. and try it again. My debug shows the match, but rejects the policy) That's why you don't see the change in the packets you've sniffed.

Wish I knew the fix.

0 Helpful

d.wolover
Level 1
Level 1
In response to d.wolover

‎12-10-2003 11:31 AM

Found a solution - use class-map's:

class-map match-all VOIP-class

match access-group 10

policy-map VOIP

class VOIP-class

set precedence 5

on the interface:

service-policy input VOIP

Seems like the "ip policy route-map VOIPxxx" works for routing, when you set the next-hop, but fails when you're trying to set a precedence.

The "service-policy input VOIP" seemed to work when setting a precedence. You can see that by using the "show policy-map interface" command which will show the packets marked. Unfortunately, I haven't found a debug option that shows what is happening in real-time.

Hope this helped.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents