cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
886
Views
0
Helpful
1
Replies

Ingress QOS-Marking and ingress Netflow

HUBERT RESCH
Level 3
Level 3

Hi we are marking traffic with a marking-service-policy on our LAN-Interface and we are also using ingress/egress Netflow.

I found a document where the order of operation is described. Please see the attached ooo.jpg

I this document it looks that ingress netflow works before the ingress qos-marging is done. That means in the ingress-netflow we only see the original incoming packets with the original DSCP-values, the DSCP-values  after marking cannot be seen in the ingress netflow records ?

Is that true ?

Thx

Hubert

1 Reply 1

gfcisco31
Level 1
Level 1

Hello Hubert.

Interesting question.  HEre's the scenario i setup to see how things really work.

The topology is very simple.

R1 <10.0.0.0/30> R2 <20.0.0.0/30> R3   

On R2, i applied a input Policy-map that marks packets coming with ip source address of R1 as af 11.  As follows:

-----------------------

---> ACL:

R2#sh ip access-lists 1

Standard IP access list 1

    10 permit 10.0.0.1

---> Class map :

R2#sh class-map

Class Map match-all MARK (id 1)

   Match access-group  1

Class Map match-any class-default (id 0)

   Match any

--- >Policy map:

R2#sh policy-map

  Policy Map POLICY

    Class MARK

      set ip dscp af11

xxxxxxxxxxxx

If i run a ping from R1 towards any R2 connected link, i can see the packet being marked thru cache flow, as follows:

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

ICMP                 3      0.0         2   100      0.1       0.0      15.3

Total:               3      0.0         2   100      0.1       0.0      15.3

SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs  Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk  Active

Se0/0          10.0.0.1        Local          20.0.0.2        01         28  10       5       <<<<<<<<<<<  28 in HEx = af11

0000 /0  0                     0800 /0  0     0.0.0.0               100     0.2

R2#

If i run i ping from R1 towards R3 loopback i dont see the packets marked on R2, but i see it marked on R3 (as it comes with source 10.0.0.1 in R2 it should be marked.)

---> R2:

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

ICMP                 4      0.0         3   100      0.0       0.1      15.2

Total:               4      0.0         3   100      0.0       0.1      15.2

SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs  Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk  Active

Se0/0          10.0.0.1        Se0/1          3.3.3.3         01 00 10       5  <<<<< 00 (no markings)

0000 /0  0                     0800 /0  0     0.0.0.0               100     0.2

R2#

---> R3:

Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)

--------         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow

ICMP                 4      0.0         5   100      0.0       0.2      15.2

Total:               4      0.0         5   100      0.0       0.2      15.2

SrcIf          SrcIPaddress    DstIf          DstIPaddress    Pr TOS Flgs  Pkts

Port Msk AS                    Port Msk AS    NextHop              B/Pk  Active

Se0/0          10.0.0.1        Local          3.3.3.3         01 28 10       5         <<<<< 28 (af11)

0000 /0  0                     0800 /0  0     0.0.0.0               100     0.2

SO, it looks like that if your router is a transit router you wont see the packet marked in netflow ( only if it comes already marked by another device, like R1 in this example)

BUt, if the packet is destined to you, you will see the packet being marked, MAYBE because packets destined to you is always proccess switched.

let me know ytour thougts... hope this helps...

Review Cisco Networking for a $25 gift card