ElfenLied

Доброго времени суток. Ищем для покупки недорогие роутеры для проекта (около 20 шт.), обладающие следующими параметрами: - встроенный модуль 3G/LTE - минимум 1 порт ETH (FastEthernet) - поддержка туннеля GRE - более менее надежные Если у кого-нибудь есть опыт работы с таким оборудованием, просьба порекомендовать и написать производителя и модель. Спасибо. P.S. К сожалению, Cisco881-4G не подойдут по цене

Спасибо. Какие вариации конфигов мы только не пробовали..... И так и сяк. Это не сработало

Спасибо огромное. Попробуем. Печалька, конечно((( Специально ME3800 поставили для MPLS

Доброго времени суток. Проблема: Не проходит трафик через xconnect, созданный между cisco 6506 и cisco ME-3800. Схема: CE1 --- PE1 WS-C6506-E --- |MPLS| --- PE2 ME-3800X-24FS-M --- CE2 CE1: ip - 11.10.9.2/29 mac - 001f.263a.d346 CE2: ip - 11.10.9.3/29 mac - 448a.5b04.1ca2 ping CE1 <-> CE2 - NOT OK CE1: ARP таблица заполняется CE2: ARP таблица заполняется Используя tcpdump, обнаружено, что ICMP пакеты проходят по пути CE1 -> CE2, а в обратную сторону не проходят. Огромная просьба помочь)))) Заранее огромное спасибо))) Ниже приведены конфигурация, статистика для PE1 и PE2. Конфигурация PE1: pseudowire-class test encapsulation mpls interworking ethernet interface Port-channel2.667 <-- Gi1/2, Gi1/7 encapsulation dot1Q 667 xconnect 172.16.249.1 667001 pw-class test Статус PE1: PE1#sh mpls l2transport binding 667001 Destination Address: 172.16.249.1, VC ID: 667001 Local Label: 976 Cbit: 1, VC Type: Ethernet, GroupID: 0 MTU: 9216, Interface Desc: n/a VCCV: CC Type: RA [2] CV Type: LSPV [2] Remote Label: 931 Cbit: 1, VC Type: Ethernet, GroupID: 0 MTU: 9216, Interface Desc: n/a VCCV: CC Type: CW [1], RA [2] CV Type: LSPV [2], Unkn [5] PE1# sh mpls l2transport vc 667001 detail Local interface: Po2.667 up, line protocol up, Eth VLAN 667 up Interworking type is Ethernet Destination address: 172.16.249.1, VC ID: 667001, VC status: up Output interface: Vl957, imposed label stack {3468 931} Preferred path: not configured Default path: active Next hop: 172.18.0.50 Load Balance: none Flow Label: Disabled Create time: 00:08:53, last status change time: 00:05:38 Signaling protocol: LDP, peer 172.16.249.1:0 up Targeted Hello: 172.16.201.1(LDP Id) -> 172.16.249.1 Status TLV support (local/remote) : enabled/supported Label/status state machine : established, LruRru Last local dataplane status rcvd: no fault Last local SSS circuit status rcvd: no fault Last local SSS circuit status sent: no fault Last local LDP TLV status sent: no fault Last remote LDP TLV status rcvd: no fault MPLS VC labels: local 976, remote 931 Group ID: local 0, remote 0 MTU: local 9216, remote 9216 Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 16, send 287 byte totals: receive 1072, send 25622 packet drops: receive 0, seq error 0, send 0 Конфигурация PE2: pseudowire-class test encapsulation mpls interworking ethernet interface Vlan667 mtu 9216 no ip address xconnect 172.16.201.1 667001 encapsulation mpls pw-class test interface GigabitEthernet0/15 description 172.16.5.5 switchport trunk allowed vlan none switchport mode trunk mtu 9216 load-interval 30 storm-control broadcast level 10.00 storm-control multicast level 10.00 storm-control action shutdown service instance 667 ethernet encapsulation dot1q 667 rewrite ingress tag pop 1 symmetric bridge-domain 667 PE2#sh bridge-domain 667 Bridge-domain 667 (1 ports in all) State: UP Mac learning: Enabled Maximum address limit: 10000 GigabitEthernet0/15 service instance 667 Статус PE2: PE2#sh mpls l2transport binding 667001 Destination Address: 172.16.201.1,VC ID: 667001 Local Label: 931 Cbit: 1, VC Type: Ethernet, GroupID: n/a MTU: 9216, Interface Desc: n/a VCCV: CC Type: CW [1], RA [2] CV Type: LSPV [2], BFD/Raw [5] Remote Label: 976 Cbit: 1, VC Type: Ethernet, GroupID: 0 MTU: 9216, Interface Desc: n/a VCCV: CC Type: RA [2] CV Type: LSPV [2] PE2#sh mpls l2transport vc 667001 detail Local interface: Vl667 up, line protocol up, Eth VLAN 667 up Interworking type is Ethernet Destination address: 172.16.201.1, VC ID: 667001, VC status: up Output interface: Vl849, imposed label stack {300 976} Preferred path: not configured Default path: active Next hop: 172.25.249.2 Create time: 00:09:27, last status change time: 00:09:24 Last label FSM state change time: 00:09:24 Signaling protocol: LDP, peer 172.16.201.1:0 up Targeted Hello: 172.16.249.1(LDP Id) -> 172.16.201.1, LDP is UP Graceful restart: not configured and not enabled Non stop routing: not configured and not enabled Status TLV support (local/remote) : enabled/supported LDP route watch : enabled Label/status state machine : established, LruRru Last local dataplane status rcvd: No fault Last BFD dataplane status rcvd: Not sent Last BFD peer monitor status rcvd: No fault Last local AC circuit status rcvd: No fault Last local AC circuit status sent: No fault Last local PW i/f circ status rcvd: No fault Last local LDP TLV status sent: No fault Last remote LDP TLV status rcvd: No fault Last remote LDP ADJ status rcvd: No fault MPLS VC labels: local 931, remote 976 Group ID: local n/a, remote 0 MTU: local 9216, remote 9216 Remote interface description: Sequencing: receive disabled, send disabled Control Word: On (configured: autosense) Dataplane: SSM segment/switch IDs: 4303/4300 (used), PWID: 4 VC statistics: transit packet totals: receive 299, send 627 transit byte totals: receive 28300, send 64134 transit packet drops: receive 0, seq error 0, send 0 Доп. информация PE1: PE1#sh ver Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2016 by Cisco Systems, Inc. Compiled Sun 13-Mar-16 07:31 by prod_rel_team ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1) BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) u1cr1_6506 uptime is 25 weeks, 6 days, 38 minutes Uptime for this control processor is 25 weeks, 6 days, 20 minutes System returned to ROM by reload at 15:09:55 MSK Wed Aug 8 2018 (SP by reload) System restarted at 15:13:34 MSK Wed Aug 8 2018 System image file is "sup-bootdisk:/s72033-adventerprisek9-mz.151-2.SY7.bin" Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C6506-E (R7000) processor (revision 1.1) with 983008K/65536K bytes of memory. Processor board ID SAL1128U8KN SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache Last reset from s/w reset 84 Virtual Ethernet interfaces 75 Gigabit Ethernet interfaces 10 Ten Gigabit Ethernet interfaces 1917K bytes of non-volatile configuration memory. 65536K bytes of Flash internal SIMM (Sector size 512K). PE1#sh module Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL1019MD1W 3 48 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX SAL1551YFJS 5 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL08321WLT 6 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL11380UYH Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 1 0017.0ed4.5110 to 0017.0ed4.5127 2.3 12.2(14r)S5 15.1(2)SY7 Ok 3 001a.6da1.9fd0 to 001a.6da1.9fff 1.5 8.4(1) 15.1(2)SY7 Ok 5 0011.9370.0fe0 to 0011.9370.0fe3 1.5 12.2(18r)S1 15.1(2)SY7 Ok 6 001d.45c2.cfbc to 001d.45c2.cfc3 2.0 8.5(2) 15.1(2)SY7 Ok Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 1 Centralized Forwarding Card WS-F6700-CFC SAL1010FB83 2.0 Ok 5 Centralized Forwarding Card WS-F6700-CFC SAL1151B2EX 4.0 Ok 6 Policy Feature Card 3 VS-F6K-PFC3C SAL113920Q2 1.0 Ok 6 MSFC3 Daughterboard VS-F6K-MSFC3 SAL1135Z0HW 1.0 Ok Mod Online Diag Status ---- ------------------- 1 Pass 3 Pass 5 Pass 6 Pass Доп. информация PE2: PE2#sh ver Cisco IOS Software, ME380x Software (ME380x-UNIVERSALK9-M), Version 15.5(3)S8, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Tue 07-Aug-18 17:44 by prod_rel_team ROM: Bootstrap program is WHALES boot loader BOOTLDR: ME380x Boot Loader (ME380X-HBOOT-M), Version 12.2 [sourdutt-loader_release_ledfix 100] u49cr1 uptime is 1 week, 13 minutes System returned to ROM by power-on System image file is "flash:/me380x-universalk9-mz.155-3.S8/me380x-universalk9-mz.155-3.S8.bin" Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. License Level: MetroAggrServices License Type: Permanent Next reload license Level: MetroAggrServices cisco ME-3800X-24FS-M (PowerPC8572) processor (revision A0) with 983040K/65528K bytes of memory. Processor board ID FOC1606V2R2 Last reset from power-on 31 Virtual Ethernet interfaces 25 Gigabit Ethernet interfaces 2 Ten Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 1536K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : D4:A0:2A:54:BF:00 Motherboard assembly number : 73-12068-07 Motherboard serial number : FOC16054HCW Model revision number : A0 Motherboard revision number : B0 Model number : ME-3800X-24FS-M System serial number : FOC1606V2R2 Top Assembly Part Number : 800-31465-01 Top Assembly Revision Number : B0 Version ID : V01 CLEI Code Number : IPMSW00DRA Configuration register is 0xF

VolanD666, на сети по всей трассе на cs6506 прописала отдельный влан (L2 switching) без участия MPLS. Да, поле DSCP перемаркировывается согласно ожиданиям как с помощью такого полисера: ! Policy Map test2 Class ANY set dscp ef ! так и с помощью такого: Policy Map test Class ANY police cir 1024000 bc 192000 be 384000 conform-action set-dscp-transmit ef exceed-action drop violate-action drop ! Class Map match-all ANY Match access-group name ANY ! Extended IP access list ANY 10 permit ip any any Попробовала для интереса через сеть MPLS использовать полисер с установкой поля DSCP при помощи police ... conform-action set-dscp-transmit ef: все равно метка не меняется на ef как я хочу.

Спасибо за комплимент))))) я стралась как лучше описать проблему.

Всем доброго времени суток. Сразу оговорюсь, что я начинающий сетевик и еще только учусь и мне приятно будет пообщаться с умными знающими людьми. При настройке QoS на оборудовании Catalyst 6500 столкнулась с такой проблемой: при применении policy-map, который ловит нужные пакеты по IP Source/IP Destination и делает ремапинг поля DSCP (set dscp ef), в направлении input на SVI , в действительности получается, что поле DSCP при этом НЕ меняется, а поле EXP в заголовке MPLS меняется согласно mls qos maps. При этом счетчики отловленных пакетов по policy-map растут (использовала команды sh policy-map interface vl87 и sh mls qos ip vl87). То, что поле DSCP не перезаписывается подтверждено дампом (см. в самом конце). Также приложен файл со схемой и некоторыми комментариями для визуалов. Может, кто сталкивался, помогите пожалуйста. Заранее благодарю))) Опишу тему более подробно, для тех кто осилит много букв и конфигов))) Настройка физ. порта: ! interface GigabitEthernet3/3 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 87 switchport mode trunk <----> wrr-queue random-detect min-threshold 3 70 70 70 70 70 70 70 100 wrr-queue cos-map 1 8 0 wrr-queue cos-map 2 7 1 wrr-queue cos-map 2 8 2 wrr-queue cos-map 3 7 3 wrr-queue cos-map 3 8 4 priority-queue cos-map 1 5 6 7 mls qos vlan-based Настройка SVI: ! interface Vlan87 description SKAT_users ip vrf forwarding SKAT ip address 10.120.2.1 255.255.255.0 service-policy input test2 ! Настройка Policy Map: Policy Map test2 Class test2 set dscp ef ! Class Map match-all test2 Match access-group name test2 ! Extended IP access list test2 10 permit ip host 10.120.2.2 host 10.120.1.2 ! Команды show: ! sh ver Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) System image file is "sup-bootdisk:/s72033-adventerprisek9-mz.151-2.SY7.bin" Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4) cisco WS-C6506-E (R7000) processor (revision 1.1) with 983008K/65536K bytes of memory. ! sh module Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL08517BHU 3 48 48-port 10/100/1000 RJ45 EtherModule WS-X6148A-GE-TX SAD09050D8N 5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAD121300EY 6 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAD08290CJ7 Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 1 0012.7f51.3f64 to 0012.7f51.3f7b 2.1 12.2(14r)S5 15.1(2)SY7 Ok 3 0013.7f2d.2b70 to 0013.7f2d.2b9f 1.0 8.4(1) 15.1(2)SY7 Ok 5 001e.4aab.0c18 to 001e.4aab.0c1f 2.0 8.5(2) 15.1(2)SY7 Ok 6 0011.936f.2b5c to 0011.936f.2b5f 1.5 12.2(18r)S1 15.1(2)SY7 Ok Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 1 Centralized Forwarding Card WS-F6700-CFC SAL085073J9 2.0 Ok 5 Policy Feature Card 3 VS-F6K-PFC3C SAD1214074L 1.0 Ok 5 MSFC3 Daughterboard VS-F6K-MSFC3 SAD121406GH 1.0 Ok 6 Centralized Forwarding Card WS-F6700-CFC SAL1318P93A 4.1 Ok Mod Online Diag Status ---- ------------------- 1 Bypass 3 Bypass 5 Bypass 6 Bypass ! sh mls qos QoS is enabled globally Port QoS is enabled globally Policy marking depends on port_trust QoS ip packet dscp rewrite enabled globally QoS serial policing mode disabled globally Input mode for GRE Tunnel is Pipe mode Input mode for MPLS is Pipe mode QoS is vlan-based on the following interfaces: Gi3/3 Te6/2 QoS Trust state is DSCP on the following interface: Te6/2 Vlan or Portchannel(Multi-Earl) policies supported: Yes Egress policies supported: Yes QoS 10g-only mode supported: Yes [Current mode: Off] Global Policy-map: ingress[] ! sh mls qos maps policed-dscp-norm-burst-map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------- 0 : 00 01 02 03 04 05 06 07 08 09 1 : 10 11 12 13 14 15 16 17 18 19 2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 34 35 36 37 38 39 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63 policed-dscp-max-burst-map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------- 0 : 00 01 02 03 04 05 06 07 08 09 1 : 10 11 12 13 14 15 16 17 18 19 2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 34 35 36 37 38 39 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63 dscp-cos-map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------- 0 : 00 00 00 00 00 00 00 00 01 01 1 : 01 01 01 01 01 01 02 02 02 02 2 : 02 02 02 02 03 03 03 03 03 03 3 : 03 03 04 04 04 04 04 04 04 04 4 : 05 05 05 05 05 05 05 05 06 06 5 : 06 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 dscp-exp-map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------- 0 : 00 00 00 00 00 00 00 00 01 01 1 : 01 01 01 01 01 01 02 02 02 02 2 : 02 02 02 02 03 03 03 03 03 03 3 : 03 03 04 04 04 04 04 04 04 04 4 : 05 05 05 05 05 05 05 05 06 06 5 : 06 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07 cos-dscp-map: cos: 0 1 2 3 4 5 6 7 ------------------------------------ dscp: 0 8 16 24 32 46 48 56 precedence-dscp-map: ipprec: 0 1 2 3 4 5 6 7 ------------------------------------ dscp: 0 8 16 24 32 46 48 56 exp-dscp-map: exp: 0 1 2 3 4 5 6 7 ------------------------------------ dscp: 0 8 16 24 32 46 48 56 ! sh queueing interface g3/3 Interface GigabitEthernet3/3 queueing strategy: Weighted Round-Robin Port QoS is enabled globally Queueing on Gi3/3: Tx Enabled Rx Enabled Trust boundary disabled Port is untrusted Extend trust state: not trusted [COS = 0] Default COS is 0 Queueing Mode In Tx direction: mode-cos Transmit queues [type = 1p3q8t]: Queue Id Scheduling Num of thresholds ----------------------------------------- 01 WRR 08 02 WRR 08 03 WRR 08 04 Priority 01 WRR bandwidth ratios: 100[queue 1] 150[queue 2] 200[queue 3] queue-limit ratios: 50[queue 1] 20[queue 2] 15[queue 3] 15[Pri Queue] queue tail-drop-thresholds -------------------------- 1 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] 2 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] 3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] queue random-detect-min-thresholds ---------------------------------- 1 40[1] 70[2] 70[3] 70[4] 70[5] 70[6] 70[7] 70[8] 2 40[1] 70[2] 70[3] 70[4] 70[5] 70[6] 70[7] 70[8] 3 70[1] 70[2] 70[3] 70[4] 70[5] 70[6] 70[7] 100[8] queue random-detect-max-thresholds ---------------------------------- 1 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] 2 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] 3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8] WRED disabled queues: queue thresh cos-map --------------------------------------- 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 1 2 8 2 3 1 3 2 3 3 3 4 3 5 3 6 3 7 3 3 8 4 4 1 5 6 7 Queueing Mode In Rx direction: mode-cos Receive queues [type = 1q2t]: Queue Id Scheduling Num of thresholds ----------------------------------------- 1 Standard 2 queue tail-drop-thresholds -------------------------- 1 100[1] 100[2] queue thresh cos-map --------------------------------------- 1 1 0 1 2 3 4 5 6 7 1 2 Packets dropped on Transmit: BPDU packets: 0 queue thresh dropped [cos-map] ------------------------------------------------------------------ 1 8 246598 [0 ] 2 7 0 [1 ] 2 8 0 [2 ] 3 7 0 [3 ] 3 8 0 [4 ] 4 1 0 [5 6 7 ] Packets dropped on Receive: BPDU packets: 0 queue thresh dropped [cos-map] ------------------------------------------------------------------ 1 1 0 [0 1 2 3 4 5 6 7 ] ! sh ip vrf SKAT Name Default RD Interfaces SKAT 65000:90 Vl87 ! Сбор статистики и анализ: ! sh policy-map interface vl87 Vlan87 Service-policy input: test2 class-map: test2 (match-all) Match: access-group name test2 set dscp 46: Earl in slot 5 : 1418106 bytes 5 minute offered rate 256 bps aggregate-forwarded 1418106 bytes Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any 0 packets, 0 bytes 5 minute rate 0 bps ! sh mls qos ip vl87 [In] Policy map is test2 [Out] Default. QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module) Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By Id Id ----------------------------------------------------------------------------------- Vl87 5 In test2 46 2 No 0 1420758 0 ! При запуске пинга с полем TOS=0x20 (т.е. DSCP=cs1)с удаленного hostA (10.120.1.2), который находится за сетью MPLS (vrf SKAT), на hostB (10.120.2.2), который подключен через сеть LAN к данному cs6506 (vrf SKAT) видно, что отправляются ICMP request c полем TOS=0x20(т.е. DSCP=cs1), которые пройдя через сеть MPLS, прилетают на hostВ в неизмененном виде TOS=0x20(DSCP=cs1), что совпадает с моими ожиданиями. Dump on hostA: 17:16:22.888238 44:8a:5b:04:1c:a2 > 00:21:d8:10:5c:00, ethertype 802.1Q (0x8100), length 102: vlan 87, p 0, ethertype IPv4, (tos 0x20, ttl 64, id 53095, offset 0, flags [DF], proto ICMP (1), length 84) 10.120.1.2 > 10.120.2.2: ICMP echo request, id 26405, seq 1, length 64 Dump on hostВ (access, следовательно, поля P-bit нет): 17:17:37.056589 00:18:74:b0:30:00 > 00:15:60:56:cc:e4, ethertype IPv4 (0x0800), length 98: (tos 0x20, ttl 63, id 6294, offset 0, flags [DF], proto ICMP (1), length 84) 10.120.1.2 > 10.120.2.2: ICMP echo request, id 26423, seq 1, length 64 ! Чудеса начинаются в обратном направлении при пересылки ICMP echo reply от hostB к hostA. hostB вставляет тоже самое значение tos в ICMP echo reply, но cs6506 не перезаписывает поле DSCP на значение ef, как указано в policy-map, и передается через сеть MPLS с TOS=0x20(т.е. DSCP=cs1), но пр этом поле EXP в заголовке MPLS перезаписывается согласно mls qos maps. Dump on hostB: 17:17:37.056639 00:15:60:56:cc:e4 > 00:18:74:b0:30:00, ethertype IPv4 (0x0800), length 98: (tos 0x20, ttl 64, id 38947, offset 0, flags [none], proto ICMP (1), length 84) 10.120.2.2 > 10.120.1.2: ICMP echo reply, id 26423, seq 1, length 64 Dump on hostA: 17:16:22.888834 00:21:d8:10:5c:00 > 44:8a:5b:04:1c:a2, ethertype 802.1Q (0x8100), length 102: vlan 87, p 1, ethertype IPv4, (tos 0x20, ttl 63, id 22406, offset 0, flags [none], proto ICMP (1), length 84) 10.120.2.2 > 10.120.1.2: ICMP echo reply, id 26405, seq 1, length 64 Если сделать traceroute с hostB (10.120.2.2) на hostA (10.120.1.2), при TOS=0x20(т.е. DSCP=cs1), то видно что Exp=5 traceroute from 10.120.2.1 to 10.120.1.2 1. 10.120.2.1 2. 172.18.0.45 [MPLS: Lbl 56 Exp 5 S 0 TTL 1] [MPLS: Lbl 1049 Exp 5 S 1 TTL 1] 3. 172.18.0.10 [MPLS: Lbl 1198 Exp 5 S 0 TTL 1] [MPLS: Lbl 1049 Exp 5 S 1 TTL 1] 4. 10.120.1.1 5. 10.120.1.2 ! cs1-6500#sh mls qos maps dscp-exp-map: (dscp= d1d2) d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------- 0 : 00 00 00 00 00 00 00 00 01 01 1 : 01 01 01 01 01 01 02 02 02 02 2 : 02 02 02 02 03 03 03 03 03 03 3 : 03 03 04 04 04 04 04 04 04 04 4 : 05 05 05 05 05 05 05 05 06 06 5 : 06 06 06 06 06 06 07 07 07 07 6 : 07 07 07 07