In the previous post I showed how bgp table-map can be used for the selective route download. Here we will take a look at another use of this command, that is, associating IP Precedence values with selected BGP prefixes.
By applying QoS policy to inbound prefixes we can easily mark traffic coming from a given AS, or going to a particular client. We can set IP Precedence value using route-map, and prefix list, ACLs, or communities to classify match prefixes of interest.
Topology for the examples to follow is shown below. We have an ISP router in the middle and two client routers, C1 and C2.
Client C1 advertises prefix 172.24.1.0/24 and C2 advertises prefix 172.16.1.0/24. ISP has both of those prefixes in its BGP and routing tables:
ISP#sh ip bgp | b Netw Network Next Hop Metric LocPrf Weight Path *> 172.16.1.0/24 10.1.1.2 0 0 65027 i *> 172.24.1.0/24 10.1.1.6 0 0 65009 i ISP#sh ip route | in B Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP B 172.16.1.0 [20/0] via 10.1.1.2, 00:00:15 B 172.24.1.0 [20/0] via 10.1.1.6, 00:00:15
So far so good. The next step is to create prefix lists, and route maps, which we will us use to set IP precedence values.
!!## ISP config ip prefix-list PL_C1 permit 172.24.1.0/24 ip prefix-list PL_C2 permit 172.16.1.0/24 route-map RM_TMQOS permit 10 match ip address prefix-list PL_C1 set ip precedence 3 route-map RM_TMQOS permit 20 match ip address prefix-list PL_C2 set ip precedence 4 router bgp 65003 table-map RM_TMQOS
Force refresh of the BGP routes:
clear ip bgp table-map
The below output confirms that both of the routes are now marked in the FIB.
ISP#sh ip cef 172.16.1.0 172.16.1.0/24, version 21, epoch 0, cached adjacency 10.1.1.2 0 packets, 0 bytes, Precedence flash-override (4) via 10.1.1.2, 0 dependencies, recursive next hop 10.1.1.2, FastEthernet0/1 via 10.1.1.2/32 valid cached adjacency ISP#sh ip cef 172.24.1.0 172.24.1.0/24, version 22, epoch 0, cached adjacency 10.1.1.6 0 packets, 0 bytes, Precedence flash (3) via 10.1.1.6, 0 dependencies, recursive next hop 10.1.1.6, FastEthernet0/0 via 10.1.1.6/32 valid cached adjacency
Even though routes are marked in the FIB, no packets will have marking applied to them. To apply the policy to packets entering an interface we need to add the bgp-policy command to interface's configuration.
A FIB lookup for policy application can be performed on the source, destination, or both. If both, source and destination, are specified the lookup is done for source and then destination, essentially making destination policy override the source one.
In our example we will make CEF apply QoS based on the source of the packets.
!!## ISP router int f0/0 bgp-policy source ip-prec-map int f0/1 bgp-policy source ip-prec-map
Let's configure ACLs on C1 and C2 to match packets marked with IP Prec values of 3 and 4. We will also run a few pings to show that packets are indeed being marked.
!!## C1 router ip access-list ext AL_TM_QOS permit ip any any precedence 3 log permit ip any any precedence 4 log permit ip any any dscp ef log permit ip any any int f0/0 ip access-group AL_TM_QOS in !!## C2 router ip access-list ext AL_TM_QOS permit ip any any precedence 0 log permit ip any any precedence 3 log permit ip any any precedence 4 log permit ip any any int f0/0 ip access-group AL_TM_QOS in
Time for ping testing. We will run pings with TOS of 0 and 184 (DSCP EF) to show that CEF remarks the packets on the ISP router.
C1#sh ip access-lists Extended IP access list AL_TM_QOS 10 permit ip any any precedence flash log 20 permit ip any any precedence flash-override log 30 permit ip any any dscp ef log 40 permit ip any any C2#sh ip access-lists AL_TM_QOS Extended IP access list AL_TM_QOS 10 permit icmp any any precedence routine log 20 permit ip any any precedence flash log 30 permit ip any any precedence flash-override log 40 permit ip any any
Ping from C1, with TOS of 0:
C1#ping 172.16.1.1 source l10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: Packet sent with a source address of 172.24.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/40 ms
Counters on C2:
C2#sh ip access-lists Extended IP access list AL_TM_QOS 10 permit icmp any any precedence routine log 20 permit icmp any any precedence flash log (5 matches) 30 permit icmp any any precedence flash-override log 40 permit icmp any any (1 match)
Ping from C2, with TOS of 184:
C2#ping Protocol [ip]: Target IP address: 172.24.1.1 Repeat count : Datagram size : Timeout in seconds : Extended commands [n]: y Source address or interface: 172.16.1.1 Type of service : 184 Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.24.1.1, timeout is 2 seconds: Packet sent with a source address of 172.16.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/33/48 ms
Counters on C1:
C1#sh ip access-lists Extended IP access list AL_TM_QOS 10 permit icmp any any precedence flash log 20 permit icmp any any precedence flash-override log (5 matches) 30 permit icmp any any dscp ef log 40 permit ip any any (4 matches)
ACL counters confirm that the correct marking has been applied to all packets. ISP router remarked packets marked with IP Precedence 0 and DSCP EF, changing them to the values we set for each of the prefixes in our route-map.
Setting QoS based on the values associated with BGP prefixes is another interesting use of the bgp-table command and it's good to know how, and why, would you implement this feature.