在隧道上看不到丢包

网络工程 思科 网络 服务质量 snmp
2022-02-16 05:16:12

我在AWS上设置了以下拓扑,其中部署了4 个CSR 1000v 路由器并启用了分段路由,其中​​分段路由头端R1,目标是R3

我的目标是使用以下SR 路径= { R1、R2、R3、R4、R3、R2、R1、R2 和 R3 } 将iperf流量从Endpoint1(客户端)发送到Endpoint2(服务器) 。 首先,iperfEndpoint1生成的流量是线性增加的 UDP 流量,直到我手动停止。使用SNMPCacti ,我可以通过下面总结的链接(GRE 隧道)获得吞吐量。在此处输入图像描述

我将所有隧道的带宽设置为10Mbps,我期待看到丢包,但我没有。从图中可以明显看出,吞吐量已经超过了隧道的带宽。但是,没有记录丢包。

在此处输入图像描述 在此处输入图像描述

这是隧道的配置:

interface Tunnel0
 bandwidth 10000
 tunnel bandwidth transmit 10000
 tunnel bandwidth receive 10000
 ip address 10.10.2.1 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 52.27.173.12
 tunnel path-mtu-discovery
 isis metric 1

在如此大量的流量之后,txload达到了应该在隧道上看到下降的过载。但是,没有损失0 output errors

ip-172-1-1-13#sh int t0                 
Tunnel0 is up, line protocol is up 
  Hardware is Tunnel
  Internet address is 10.10.2.1/30
  MTU 9976 bytes, BW 10000 Kbit/sec, DLY 50000 usec, 
     reliability 255/255, txload 255/255, rxload 200/255
  Encapsulation TUNNEL, loopback not set
  Keepalive set (2 sec), retries 3
  Tunnel linestate evaluation up
  Tunnel source 172.1.1.13 (GigabitEthernet1), destination 52.38.167.137
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with GigabitEthernet1
          Set of tunnels with source GigabitEthernet1, 2 members (includes iterators), on interface <OK>
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Path MTU Discovery, ager 10 mins, min MTU 92
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 10000 (kbps)
  Tunnel receive bandwidth 10000 (kbps)
  Last input 00:00:05, output 00:00:00, output hang never
  Last clearing of "show interface" counters 01:18:49
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  30 second input rate 32000 bits/sec, 5 packets/sec
  30 second output rate 59000 bits/sec, 8 packets/sec
     1221047 packets input, 936187461 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     2938865 packets output, 2309121792 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

我尝试在接口的隧道上配置监管带宽,如下所示:

    class-map match-all acgroup2
 match access-group 2
Policy Map police
        Class acgroup2
         police cir 10000000 bc 250000 be 250000
           conform-action transmit 
           exceed-action drop 
           violate-action drop

并在隧道接口上启用它service-policy input police但是,没有任何内容显示Cacti为丢弃的数据包。

这是路由器的完整配置:

R1 

    segment-routing mpls
     global-block 17000 18000
     !
     connected-prefix-sid-map
      address-family ipv4
       11.11.11.11/32 index 11 range 1 
      exit-address-family
    !
    class-map match-all acgroup2
 match access-group 2
        !
        Policy Map police
        Class acgroup2
         police cir 10000000 bc 250000 be 250000
           conform-action transmit 
           exceed-action drop 
           violate-action drop 
        !
        interface Loopback0
         ip address 11.11.11.11 255.255.255.255
        !
        interface Tunnel0
     bandwidth 10000
     tunnel bandwidth transmit 10000
     tunnel bandwidth receive 10000
         ip address 10.10.1.1 255.255.255.252
         ip router isis aws
         load-interval 30
         mpls traffic-eng tunnels
         keepalive 2 3
         tunnel source GigabitEthernet1
         tunnel destination 52.27.173.12
         tunnel path-mtu-discovery
         isis metric 1
         service-policy output police
        !
        interface Tunnel1
     bandwidth 10000
     tunnel bandwidth transmit 10000
     tunnel bandwidth receive 10000
         ip flow monitor NTAMonitor input
         ip flow monitor NTAMonitor output
         ip address 10.10.4.2 255.255.255.252
         ip router isis aws
         load-interval 30
         mpls traffic-eng tunnels
         keepalive 2 3
         tunnel source GigabitEthernet1
         tunnel destination 54.70.66.102
         tunnel path-mtu-discovery
         isis metric 1
         service-policy output police
        !
        interface Tunnel4
         description MPLS TE Tunnel1 to the destination for path SR1
         ip unnumbered Loopback0
         tunnel mode mpls traffic-eng
         tunnel destination 33.33.33.33
         tunnel mpls traffic-eng autoroute announce
         tunnel mpls traffic-eng path-option 1 explicit name SR1 segment-routing verbatim
        !
        interface Tunnel5
         description MPLS TE Tunnel2 to the destination for path SR2
         ip unnumbered Loopback0
         tunnel mode mpls traffic-eng
         tunnel destination 33.33.33.33
         tunnel mpls traffic-eng autoroute announce
         tunnel mpls traffic-eng path-option 1 explicit name SR2 segment-routing verbatim
        !         
        interface VirtualPortGroup0
         vrf forwarding GS
         ip address 192.168.35.101 255.255.255.0
         ip nat inside
         no mop enabled
         no mop sysid
        !
        interface GigabitEthernet1
         ip flow monitor NTAMonitor input
         ip flow monitor NTAMonitor output
         ip address dhcp
         ip nat outside
         load-interval 30
         negotiation auto
         ipv6 address dhcp
         ipv6 enable
         no mop enabled
         no mop sysid
         service-policy output police
        !
        router isis aws
         net 49.0001.0000.0000.0011.00
         metric-style wide
         segment-routing mpls
         segment-routing prefix-sid-map advertise-local
         passive-interface Loopback0
         mpls traffic-eng router-id Loopback0
        !
        iox
        ip forward-protocol nd
        ip tcp window-size 8192
        ip http server
        ip http authentication local
        ip http secure-server
        ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
        ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.0.1.1
        ip route 33.33.33.33 255.255.255.255 Tunnel4
        ip route 33.33.33.33 255.255.255.255 Tunnel5
        ip route 172.2.1.5 255.255.255.255 Tunnel4
        ip route 172.2.1.7 255.255.255.255 Tunnel5
        ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.0.1.1 global
        !
        ip explicit-path name SR1 enable
         index 1 next-label 17022
         index 2 next-label 17033
         index 3 next-label 17044
         index 4 next-label 17033
         index 5 next-label 17022
         index 6 next-label 17011
         index 7 next-label 17022
         index 8 next-label 17033
        !
        ip ssh rsa keypair-name ssh-key
        ip ssh version 2
        ip ssh pubkey-chain
        ip scp server enable
        !
        access-list 100 permit ip any any
        ipv6 route ::/0 GigabitEthernet1 FE80::83F:37FF:FE14:2840
        !
        !
        snmp-server community public RO
        snmp-server community private RW
        !
        !
        control-plane
        !
        line con 0
         stopbits 1
        line vty 0 4
         login local
         transport input ssh
        !
        app-hosting appid guestshell
         app-vnic gateway1 virtualportgroup 0 guest-interface 0
          guest-ipaddress 192.168.35.102 netmask 255.255.255.0
         app-default-gateway 192.168.35.101 guest-interface 0
         name-server0 8.8.8.8
        end

R2 

segment-routing mpls
 global-block 17000 18000
 !
 connected-prefix-sid-map
  address-family ipv4
   22.22.22.22/32 index 22 range 1 
  exit-address-family
 !
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
redundancy    
!
interface Loopback0
 ip address 22.22.22.22 255.255.255.255
!
interface Tunnel0
 bandwidth 10000
 tunnel bandwidth transmit 10000
 tunnel bandwidth receive 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.2.1 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 52.38.167.137
 tunnel path-mtu-discovery
 isis metric 1
!
interface Tunnel1
 bandwidth 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.1.2 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 35.167.193.103
 tunnel path-mtu-discovery
 isis metric 1
!
interface VirtualPortGroup0
 vrf forwarding GS
 ip address 192.168.35.101 255.255.255.0
 ip nat inside
 no mop enabled
 no mop sysid
!
interface GigabitEthernet1
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address dhcp
 ip nat outside
 load-interval 30
 negotiation auto
 ipv6 address dhcp
 ipv6 enable
 no mop enabled
 no mop sysid
!
router isis aws
 net 49.0001.0000.0000.0022.00
 metric-style wide
 segment-routing mpls
 segment-routing prefix-sid-map advertise-local
 passive-interface Loopback0
 mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.1.1.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.1.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip scp server enable
!
!
ip access-list standard GS_NAT_ACL
 permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::83E:87FF:FEAA:8604
!      
snmp-server community public RO
snmp-server community private RW
!
!
control-plane
!
line con 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
!
app-hosting appid guestshell
 app-vnic gateway1 virtualportgroup 0 guest-interface 0
  guest-ipaddress 192.168.35.102 netmask 255.255.255.0
 app-default-gateway 192.168.35.101 guest-interface 0
 name-server0 8.8.8.8
end

R3 

segment-routing mpls
 global-block 17000 18000
 !
 connected-prefix-sid-map
  address-family ipv4
   33.33.33.33/32 index 33 range 1 
  exit-address-family
 !
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
!
redundancy
!
interface Loopback0
 ip address 33.33.33.33 255.255.255.255
!
interface Tunnel0
 bandwidth 10000
 tunnel bandwidth transmit 10000
 tunnel bandwidth receive 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.3.1 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 54.70.66.102
 tunnel path-mtu-discovery
 isis metric 1
!
interface Tunnel1
 bandwidth 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.2.2 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 52.27.173.12
 tunnel path-mtu-discovery
 isis metric 1
!
interface VirtualPortGroup0
 vrf forwarding GS
 ip address 192.168.35.101 255.255.255.0
 ip nat inside
 no mop enabled
 no mop sysid
!
interface GigabitEthernet1
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address dhcp
 ip nat outside
 load-interval 30
 negotiation auto
 ipv6 address dhcp
 ipv6 enable
 no mop enabled
 no mop sysid
 service-policy input police
!
router isis aws
 net 49.0001.0000.0000.0033.00
 metric-style wide
 segment-routing mpls
 segment-routing prefix-sid-map advertise-local
 passive-interface Loopback0
 mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.2.1.1
ip route 172.0.1.0 255.255.255.240 11.11.11.11
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.2.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
ip scp server enable
!
ip access-list standard GS_NAT_ACL
 permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::893:B3FF:FED5:7104      
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
line con 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
!
app-hosting appid guestshell
 app-vnic gateway1 virtualportgroup 0 guest-interface 0
  guest-ipaddress 192.168.35.102 netmask 255.255.255.0
 app-default-gateway 192.168.35.101 guest-interface 0
 name-server0 8.8.8.8
end

R4

segment-routing mpls
 global-block 17000 18000
 !
 connected-prefix-sid-map
  address-family ipv4
   44.44.44.44/32 index 44 range 1 
  exit-address-family
 !
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!

!
redundancy
!
interface Loopback0
 ip address 44.44.44.44 255.255.255.255
!
interface Tunnel0
 bandwidth 10000
 tunnel bandwidth transmit 10000
 tunnel bandwidth receive 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.4.1 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 35.167.193.103
 tunnel path-mtu-discovery
 isis metric 1
!
interface Tunnel1
 bandwidth 10000
 tunnel bandwidth transmit 10000
 tunnel bandwidth receive 10000
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address 10.10.3.2 255.255.255.252
 ip router isis aws
 load-interval 30
 mpls traffic-eng tunnels
 keepalive 2 3
 tunnel source GigabitEthernet1
 tunnel destination 52.38.167.137
 tunnel path-mtu-discovery
 isis metric 1
!
interface VirtualPortGroup0
 vrf forwarding GS
 ip address 192.168.35.101 255.255.255.0
 ip nat inside
 no mop enabled
 no mop sysid
!
interface GigabitEthernet1
 ip flow monitor NTAMonitor input
 ip flow monitor NTAMonitor output
 ip address dhcp
 ip nat outside
 load-interval 30
 negotiation auto
 ipv6 address dhcp
 ipv6 enable
 no mop enabled
 no mop sysid
!
router isis aws
 net 49.0001.0000.0000.0044.00
 metric-style wide
 segment-routing mpls
 segment-routing prefix-sid-map advertise-local
 passive-interface Loopback0
 mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.3.1.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.3.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
ip scp server enable
!
ip access-list standard GS_NAT_ACL
 permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::D:1CFF:FE1E:97C2
!       
snmp-server community private RW
snmp-server community public RO
!
control-plane
!
line con 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
!
app-hosting appid guestshell
 app-vnic gateway1 virtualportgroup 0 guest-interface 0
  guest-ipaddress 192.168.35.102 netmask 255.255.255.0
 app-default-gateway 192.168.35.101 guest-interface 0
 name-server0 8.8.8.8
end

编辑

这是 GRE 隧道描述:

ip-172-0-1-8#sh int t0
Tunnel0 is up, line protocol is up 
  Hardware is Tunnel
  Internet address is 10.10.1.1/30
  MTU 9976 bytes, BW 10000 Kbit/sec, DLY 50000 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive set (2 sec), retries 3
  Tunnel linestate evaluation up
  Tunnel source 172.0.1.8 (GigabitEthernet1), destination 52.27.173.12
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with GigabitEthernet1
          Set of tunnels with source GigabitEthernet1, 2 members (includes iterators), on interface <OK>
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Path MTU Discovery, ager 10 mins, min MTU 92
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 10000 (kbps)
  Tunnel receive bandwidth 10000 (kbps)
  Last input 00:00:03, output 00:00:00, output hang never
  Last clearing of "show interface" counters 00:03:26
  Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  30 second input rate 18000 bits/sec, 2 packets/sec
  30 second output rate 0 bits/sec, 0 packets/sec
     495 packets input, 455872 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles 
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     179 packets output, 77152 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
1个回答

带宽命令只是路由协议和 QoS 之类的标签。它不会改变接口上的带宽。

如果您希望它丢弃 10 Mbps 以上的数据包,您可以创建一个 QoS 策略来监管 10 Mbps 以上的流量。类似的东西(即时创建且未经测试):

policy-map Police_10Mbps
 description Police above 10 Mbps
  class class-default
    police cir 10000 conform-action transmit exceed-action drop
!
interface Tunnel0
 service-policy output Police_10Mbps
!
其它你可能感兴趣的问题
上一篇通话时间效率 下一篇Cisco config中的“secret 0”是什么意思?