我的目标是使用以下SR 路径= { R1、R2、R3、R4、R3、R2、R1、R2 和 R3 }
将iperf流量从Endpoint1(客户端)发送到Endpoint2(服务器) 。
首先,iperf从Endpoint1生成的流量是线性增加的 UDP 流量,直到我手动停止。使用SNMP和Cacti ,我可以通过下面总结的链接(GRE 隧道)获得吞吐量。
我将所有隧道的带宽设置为10Mbps,我期待看到丢包,但我没有。从图中可以明显看出,吞吐量已经超过了隧道的带宽。但是,没有记录丢包。
因此,我在接口的隧道上配置了监管带宽,如下所示:
class-map match-all acgroup2
match access-group 2
!
policy-map police
class acgroup2
police cir 10000000
conform-action transmit
exceed-action drop
violate-action drop
但是,在发送流量后,即使接口超过了带宽隧道,我也看不到任何流量下降。
#show policy-map interface
Tunnel0
Service-policy input: POLICER
Class-map: acgroup2 (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: none
police:
cir 10000000 bps, bc 312500 bytes, be 312500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: class-default (match-any)
323771 packets, 261795856 bytes
30 second offered rate 8731000 bps, drop rate 0000 bps
Match: any
Tunnel1
Service-policy input: POLICER
Class-map: acgroup2 (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: none
police:
cir 10000000 bps, bc 312500 bytes, be 312500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: class-default (match-any)
857218 packets, 694258348 bytes
30 second offered rate 22024000 bps, drop rate 0000 bps
Match: any
无论发送的流量是多少,conformed、超出和违反的值根本没有改变。
这是重要的路由器配置
R1
segment-routing mpls
global-block 17000 18000
!
connected-prefix-sid-map
address-family ipv4
11.11.11.11/32 index 11 range 1
exit-address-family
!
class-map match-all acgroup2
match access-group 100
!
policy-map police
class acgroup2
police cir 8000000
conform-action transmit
exceed-action drop
violate-action drop
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
!
interface Tunnel0
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.1.1 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 52.27.173.12
tunnel path-mtu-discovery
isis metric 1
service-policy output police
!
interface Tunnel1
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.4.2 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 54.70.66.102
tunnel path-mtu-discovery
isis metric 1
service-policy output police
!
interface Tunnel4
description MPLS TE Tunnel1 to the destination for path SR1
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 33.33.33.33
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name SR1 segment-routing verbatim
!
interface Tunnel5
description MPLS TE Tunnel2 to the destination for path SR2
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 33.33.33.33
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name SR2 segment-routing verbatim
!
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.35.101 255.255.255.0
ip nat inside
no mop enabled
no mop sysid
!
interface GigabitEthernet1
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address dhcp
ip nat outside
load-interval 30
negotiation auto
ipv6 address dhcp
ipv6 enable
no mop enabled
no mop sysid
service-policy output police
!
router isis aws
net 49.0001.0000.0000.0011.00
metric-style wide
segment-routing mpls
segment-routing prefix-sid-map advertise-local
passive-interface Loopback0
mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.0.1.1
ip route 33.33.33.33 255.255.255.255 Tunnel4
ip route 33.33.33.33 255.255.255.255 Tunnel5
ip route 172.2.1.5 255.255.255.255 Tunnel4
ip route 172.2.1.7 255.255.255.255 Tunnel5
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.0.1.1 global
!
ip explicit-path name SR1 enable
index 1 next-label 17022
index 2 next-label 17033
index 3 next-label 17044
index 4 next-label 17033
index 5 next-label 17022
index 6 next-label 17011
index 7 next-label 17022
index 8 next-label 17033
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
ip scp server enable
!
access-list 100 permit ip any any
ipv6 route ::/0 GigabitEthernet1 FE80::83F:37FF:FE14:2840
!
!
snmp-server community public RO
snmp-server community private RW
!
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8
end
R2
segment-routing mpls
global-block 17000 18000
!
connected-prefix-sid-map
address-family ipv4
22.22.22.22/32 index 22 range 1
exit-address-family
!
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
redundancy
!
interface Loopback0
ip address 22.22.22.22 255.255.255.255
!
interface Tunnel0
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.2.1 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 52.38.167.137
tunnel path-mtu-discovery
isis metric 1
!
interface Tunnel1
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.1.2 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 35.167.193.103
tunnel path-mtu-discovery
isis metric 1
!
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.35.101 255.255.255.0
ip nat inside
no mop enabled
no mop sysid
!
interface GigabitEthernet1
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address dhcp
ip nat outside
load-interval 30
negotiation auto
ipv6 address dhcp
ipv6 enable
no mop enabled
no mop sysid
!
router isis aws
net 49.0001.0000.0000.0022.00
metric-style wide
segment-routing mpls
segment-routing prefix-sid-map advertise-local
passive-interface Loopback0
mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.1.1.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.1.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip scp server enable
!
!
ip access-list standard GS_NAT_ACL
permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::83E:87FF:FEAA:8604
!
snmp-server community public RO
snmp-server community private RW
!
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8
end
R3
segment-routing mpls
global-block 17000 18000
!
connected-prefix-sid-map
address-family ipv4
33.33.33.33/32 index 33 range 1
exit-address-family
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
!
redundancy
!
interface Loopback0
ip address 33.33.33.33 255.255.255.255
!
interface Tunnel0
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.3.1 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 54.70.66.102
tunnel path-mtu-discovery
isis metric 1
!
interface Tunnel1
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.2.2 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 52.27.173.12
tunnel path-mtu-discovery
isis metric 1
!
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.35.101 255.255.255.0
ip nat inside
no mop enabled
no mop sysid
!
interface GigabitEthernet1
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address dhcp
ip nat outside
load-interval 30
negotiation auto
ipv6 address dhcp
ipv6 enable
no mop enabled
no mop sysid
service-policy input police
!
router isis aws
net 49.0001.0000.0000.0033.00
metric-style wide
segment-routing mpls
segment-routing prefix-sid-map advertise-local
passive-interface Loopback0
mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.2.1.1
ip route 172.0.1.0 255.255.255.240 11.11.11.11
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.2.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
ip scp server enable
!
ip access-list standard GS_NAT_ACL
permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::893:B3FF:FED5:7104
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8
end
R4
segment-routing mpls
global-block 17000 18000
!
connected-prefix-sid-map
address-family ipv4
44.44.44.44/32 index 44 range 1
exit-address-family
!
!
spanning-tree extend system-id
!
netconf-yang
!
restconf
!
!
redundancy
!
interface Loopback0
ip address 44.44.44.44 255.255.255.255
!
interface Tunnel0
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.4.1 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 35.167.193.103
tunnel path-mtu-discovery
isis metric 1
!
interface Tunnel1
bandwidth 10000
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address 10.10.3.2 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 52.38.167.137
tunnel path-mtu-discovery
isis metric 1
!
interface VirtualPortGroup0
vrf forwarding GS
ip address 192.168.35.101 255.255.255.0
ip nat inside
no mop enabled
no mop sysid
!
interface GigabitEthernet1
ip flow monitor NTAMonitor input
ip flow monitor NTAMonitor output
ip address dhcp
ip nat outside
load-interval 30
negotiation auto
ipv6 address dhcp
ipv6 enable
no mop enabled
no mop sysid
!
router isis aws
net 49.0001.0000.0000.0044.00
metric-style wide
segment-routing mpls
segment-routing prefix-sid-map advertise-local
passive-interface Loopback0
mpls traffic-eng router-id Loopback0
!
iox
ip forward-protocol nd
ip tcp window-size 8192
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1 172.3.1.1
ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 172.3.1.1 global
!
ip ssh rsa keypair-name ssh-key
ip ssh version 2
ip ssh pubkey-chain
ip scp server enable
!
ip access-list standard GS_NAT_ACL
permit 192.168.35.0 0.0.0.255
ipv6 route ::/0 GigabitEthernet1 FE80::D:1CFF:FE1E:97C2
!
snmp-server community private RW
snmp-server community public RO
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
app-hosting appid guestshell
app-vnic gateway1 virtualportgroup 0 guest-interface 0
guest-ipaddress 192.168.35.102 netmask 255.255.255.0
app-default-gateway 192.168.35.101 guest-interface 0
name-server0 8.8.8.8
end