JANOG 57NETCON 問題解説 Level2-3
- 39 分前
- 読了時間: 4分
JANOG 57 にスタッフ(NETCON委員)として参加させていただきました。
作成した問題について、回答と解説を記載します。
Level2-3
RT-01 で Gi3 から送信されるUDPパケットを 1Mbps 程度に制限しようと試みていますが、
想定通りに動作していません。
Qosが正しく動作するように、RT-01 の設定を修正してください。
達成条件
SV-01 の iperf の実行結果が以下のように 1 Mbps 台になること
iperfop@SV-01:~$ iperf -c 192.168.20.200 -u -b 5M -t 10 -i 1
------------------------------------------------------------
Client connecting to 192.168.20.200, UDP port 5001
Sending 1470 byte datagrams, IPG target: 2243.04 us (kalman adjust)
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
[ 1] local 192.168.10.100 port 57455 connected with 192.168.20.200 port 5001
[ ID] Interval Transfer Bandwidth
[ 1] 0.0000-1.0000 sec 642 KBytes 5.26 Mbits/sec
[ 1] 1.0000-2.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 2.0000-3.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 3.0000-4.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 4.0000-5.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 5.0000-6.0000 sec 639 KBytes 5.23 Mbits/sec
[ 1] 6.0000-7.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 7.0000-8.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 8.0000-9.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 9.0000-10.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 0.0000-10.0041 sec 6.26 MBytes 5.25 Mbits/sec
[ 1] Sent 4463 datagrams
[ 1] Server Report:
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 1] 0.0000-10.0315 sec 1.28 MBytes 1.** Mbits/sec 0.049 ms 3553/4463 (**%)制約
SV-02 にはログインできません
SV-01 では以下のコマンドのみ実行できます
iperf -c 192.168.20.200 -u -b 5M -t 10 -i 1RT-01 のインターフェースの設定を変更してはいけません
制限を超過したパケットは破棄するように設定してください
解説
iperf の実行結果を見ると、超過分が破棄されずに 5 Mbps 程度送信されています。
iperfop@SV-01:~$ iperf -c 192.168.20.200 -u -b 5M -t 10 -i 1
------------------------------------------------------------
Client connecting to 192.168.20.200, UDP port 5001
Sending 1470 byte datagrams, IPG target: 2243.04 us (kalman adjust)
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
[ 1] local 192.168.10.100 port 50636 connected with 192.168.20.200 port 5001
[ ID] Interval Transfer Bandwidth
[ 1] 0.0000-1.0000 sec 642 KBytes 5.26 Mbits/sec
[ 1] 1.0000-2.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 2.0000-3.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 3.0000-4.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 4.0000-5.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 5.0000-6.0000 sec 639 KBytes 5.23 Mbits/sec
[ 1] 6.0000-7.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 7.0000-8.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 8.0000-9.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 9.0000-10.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 0.0000-10.0041 sec 6.26 MBytes 5.25 Mbits/sec
[ 1] Sent 4463 datagrams
[ 1] Server Report:
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 1] 0.0000-10.0039 sec 6.26 MBytes 5.25 Mbits/sec 0.040 ms 0/4462 (0%)RT-01 の設定を確認します。
RT-01#sh run
class-map match-any CM-UDP
match access-group 101
!
policy-map PM-UDP-1M
class CM-UDP
police 1000000 125000 conform-action transmit exceed-action transmit
interface GigabitEthernet2
ip address 192.168.10.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet3
ip address 192.168.20.1 255.255.255.0
negotiation auto
service-policy output PM-UDP-1M
ip access-list extended 101
10 permit udp any any正解例
policy-map PM-UDP-1M
class CM-UDP
police 1000000 125000 conform-action transmit exceed-action dropexceed-action が transmit になっているので、超過分のトラフィックを制限できていません。
RT-01#show policy-map interface GigabitEthernet3
GigabitEthernet3
Service-policy output: PM-UDP-1M
Class-map: CM-UDP (match-any)
4462 packets, 6746544 bytes
5 minute offered rate 80000 bps, drop rate 0000 bps
Match: access-group 101
police:
cir 1000000 bps, bc 125000 bytes
conformed 909 packets, 1374408 bytes; actions:
transmit
exceeded 3553 packets, 5372136 bytes; actions:
transmit
conformed 12000 bps, exceeded 62000 bps
Class-map: class-default (match-any)
1 packets, 60 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: anyexceed-action drop に修正します。
RT-01
policy-map PM-UDP-1M
class CM-UDP
police 1000000 125000 conform-action transmit exceed-action dropRT-01#show policy-map interface GigabitEthernet3
GigabitEthernet3
Service-policy output: PM-UDP-1M
Class-map: CM-UDP (match-any)
4462 packets, 6746544 bytes
5 minute offered rate 50000 bps, drop rate 0000 bps
Match: access-group 101
police:
cir 1000000 bps, bc 125000 bytes
conformed 909 packets, 1374408 bytes; actions:
transmit
exceeded 3553 packets, 5372136 bytes; actions:
drop
conformed 0000 bps, exceeded 37000 bps
Class-map: class-default (match-any)
1 packets, 60 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: anyiperf でも 1 Mbps程度に制限されたことが確認できます。
iperfop@SV-01:~$ iperf -c 192.168.20.200 -u -b 5M -t 10 -i 1
------------------------------------------------------------
Client connecting to 192.168.20.200, UDP port 5001
Sending 1470 byte datagrams, IPG target: 2243.04 us (kalman adjust)
UDP buffer size: 208 KByte (default)
------------------------------------------------------------
[ 1] local 192.168.10.100 port 35858 connected with 192.168.20.200 port 5001
[ ID] Interval Transfer Bandwidth
[ 1] 0.0000-1.0000 sec 642 KBytes 5.26 Mbits/sec
[ 1] 1.0000-2.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 2.0000-3.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 3.0000-4.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 4.0000-5.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 5.0000-6.0000 sec 639 KBytes 5.23 Mbits/sec
[ 1] 6.0000-7.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 7.0000-8.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 8.0000-9.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 9.0000-10.0000 sec 640 KBytes 5.24 Mbits/sec
[ 1] 0.0000-10.0041 sec 6.26 MBytes 5.25 Mbits/sec
[ 1] Sent 4463 datagrams
[ 1] Server Report:
[ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams
[ 1] 0.0000-10.0320 sec 1.28 MBytes 1.07 Mbits/sec 0.043 ms 3553/4463 (80%)
コメント