[allan_sundry]

Доброе время суток!

 

Есть Cisco ASR1000, надо нарезать клиентам доступ к мировым и локальным ресурсам на разной скорости и нарисовать графики.

Было решено промаркировать входящий мировой трафик:

policy-map W-IN-MARKING
class class-default
 set dscp 10

interface TenGigabitEthernet0/1/0.YYY
description W
encapsulation dot1Q YYY
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
service-policy input W-IN-MARKING
end

для входящего мирового трафика создаем class-map + policy-map и шейпим вход на клиентском интерфейсе:

class-map match-all W-IN
match dscp 10

policy-map CLIENT-W-IN
class W-IN
 shape average 10000000

policy-map CLIENT2-W-IN
class W-IN
 shape average 10000000

description CLIENT 
encapsulation dot1Q ZZZ
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
service-policy output CLIENT-W-IN
end

для исходящего мирового трафика - access-list + policy-map на мировом интерфейсе:

access-list NNNN permit XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
access-list MMMM permit XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX

class-map match-all CLIENT-W-OUT
match access-group NNNN

class-map match-all CLIENT2-W-OUT
match access-group MMMM

policy-map W-OUT-SHAPING
class CLIENT-W-OUT
 shape average 10000000
class CLIENT2-W-OUT
 shape average 10000000

interface TenGigabitEthernet0/1/0.YYY
description W
encapsulation dot1Q YYY
ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
service-policy input W-IN-MARKING
service-policy output W-OUT-SHAPING
end

 

Мировой трафик клиентов шейпится, аналогично используя class-default можно нарезать скорость к локальным ресурсам...

Может кто-то может посоветовать более красивую/правильную схему шейпинга? Ориентировочное количество клиентов - около 500.

 

Как нарисовать загрузку мирового канала для каждого клиента с шейперов?!

Можно конечно вычислить нужные OID по принципу изложенному например здесь, но хотелось бы более красивое решение.

[allan_sundry]

Как рисовать графики исходящего мирового канала для каждого клиента я разобрался:

 

# snmpwalk -v2c -c public -m ALL router cbQosCMName | grep CLIENT1
CISCO-CLASS-BASED-QOS-MIB::cbQosCMName.303669480 = STRING: CLIENT1-W-OUT

# snmpwalk -v2c -c public -m ALL router cbQosConfigIndex | grep 303669480
CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.434.196608 = Gauge32: 303669480

# snmpwalk -v2c -c public -m ALL router cbQosCMStatsTable | grep 196608
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyPktOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyPkt.434.196608 = Counter32: 27779002
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyPkt64.434.196608 = Counter64: 27779002
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyByteOverflow.434.196608 = Counter32: 1
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyByte.434.196608 = Counter32: 678860579
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyByte64.434.196608 = Counter64: 4973827875
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPrePolicyBitRate.434.196608 = Gauge32: 4241000 bits per second
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyByteOverflow.434.196608 = Counter32: 1
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyByte.434.196608 = Counter32: 678860579
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyByte64.434.196608 = Counter64: 4973827875
CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyBitRate.434.196608 = Gauge32: 4241000 bits per second
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropPktOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropPkt.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropPkt64.434.196608 = Counter64: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropByteOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropByte.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropByte64.434.196608 = Counter64: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMDropBitRate.434.196608 = Gauge32: 0 bits per second
CISCO-CLASS-BASED-QOS-MIB::cbQosCMNoBufDropPktOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMNoBufDropPkt.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMNoBufDropPkt64.434.196608 = Counter64: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentPktOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentPkt.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentPkt64.434.196608 = Counter64: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentByteOverflow.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentByte.434.196608 = Counter32: 0
CISCO-CLASS-BASED-QOS-MIB::cbQosCMFragmentByte64.434.196608 = Counter64: 0

 

НО, если удалить клиентскую class-map из W-OUT-SHAPING получаем другие индексы для остальных class-map:

 

# snmpwalk -v2c -c public -m ALL router cbQosCMName | grep CLIENT1
CISCO-CLASS-BASED-QOS-MIB::cbQosCMName.303669480 = STRING: CLIENT1-W-OUT

 

было:

# snmpwalk -v2c -c public -m ALL router cbQosConfigIndex | grep 303669480
CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.434.196608 = Gauge32: 303669480

стало:

# snmpwalk -v2c -c public -m ALL router cbQosConfigIndex | grep 303669480
CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.434.131072 = Gauge32: 303669480

а наш исходный индекс уже отвечает за другого клиента

# snmpwalk -v2c -c public -m ALL router cbQosConfigIndex | grep 196608
CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.434.196608 = Gauge32: 340512051
# snmpwalk -v2c -c public -m ALL router cbQosCMName | grep 340512051
CISCO-CLASS-BASED-QOS-MIB::cbQosCMName.340512051 = STRING: CLIENT2-W-OUT 

 

Какой выход из ситуации или я что-то не так делаю?!

[allan_sundry]

так как желающих поделиться своим опытом не нашлось - выложе свою решение - трафик по клиентам снимаем скриптом:

 

#!/usr/bin/perl -w

# Cisco QOS Monitoring script ver 0.2

use strict;
use warnings;

###############################################################################
# GET DATA FROM ARGUMENTS
###############################################################################

# Router
my $router = $ARGV[0];
#print ("Router: ", $router, "\n");

# Input Interface
my $int_IN = $ARGV[1];
#print ("In If: ", $int_IN, "\n");

# Class-map on Input Interface
my $class_IN = $ARGV[2];
#print ("Class-Map In: ", $class_IN, "\n");

# Output Interface
my $int_OUT = $ARGV[3];
#print ("Out If: ", $int_OUT, "\n");

# Class-map on Output Interface
my $class_OUT = $ARGV[4];
#print ("Class-Map Out: ", $class_OUT, "\n");


#print "\n";
###############################################################################
# IN BPS
###############################################################################

#------------------------------------------------------------------------------
# Identificate in interface
# - find interface code
# - find index policy-map 
#------------------------------------------------------------------------------

### find code interface in
my $if_IN = (`snmpwalk -v2c -c public -m ALL $router ifDescr | grep -w $int_IN | awk '{gsub(\"IF-MIB::ifDescr.\",\"\"); print \$1}'`);
# delete newline from variable
$if_IN =~ s/\n//g;
#print ("Code Interface In: ", $if_IN, "\n");

### find index policy-maps on interface in
my @policy_maps_IN = (`snmpwalk -v2c -c public -m ALL $router cbQosIfIndex | grep -w $if_IN | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosIfIndex.\",\"\"); print \$1}'`);
foreach my $policy_maps_IN(@policy_maps_IN){
 $policy_maps_IN =~ s/\n//g;
 #print ("Policy-Map Interface In: ", $policy_maps_IN, "\n");
 }

### find index policy-map on client interface
my $policy_map_IN_index = (`snmpwalk -v2c -c public -m ALL $router cbQosPolicyDirection | grep -w output | grep -w $policy_maps_IN[0] | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosPolicyDirection.\",\"\"); print \$1}'`);
if ($policy_map_IN_index) {
 $policy_map_IN_index =~ s/\n//g;
 #print ("Code Policy-Map Out: ", $policy_map_IN_index, "\n");
} else {
 $policy_map_IN_index = (`snmpwalk -v2c -c public -m ALL $router cbQosPolicyDirection | grep -w output | grep -w $policy_maps_IN[1] | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosPolicyDirection.\",\"\"); print \$1}'`);
 $policy_map_IN_index =~ s/\n//g;
 #print ("Code Policy-Map Interface In: ", $policy_map_IN_index, "\n");
}

#------------------------------------------------------------------------------
# Get BPS
# - find code class-map
# - find index class-map
# - find bps
#------------------------------------------------------------------------------

### find code class-map out on output interface
my $name_IN = (`snmpwalk -v2c -c public -m ALL $router cbQosCMName | grep -w $class_IN | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosCMName.\",\"\"); print \$1}'`);
# delete newline from variable
$name_IN =~ s/\n//g;
#print ("Name Class-Map In: ", $name_IN, "\n");

### find index code class-map out
my $snmp_index_IN = sprintf("CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.".$policy_map_IN_index.".");
#print ("SNMP Index: ", $snmp_index_IN, "\n");
my $index_IN = (`snmpwalk -v2c -c public -m ALL $router cbQosConfigIndex | grep -w $name_IN | grep $snmp_index_IN |  awk '{gsub(\"$snmp_index_IN\",\"\"); print \$1}'`);

# delete newline from variable
$index_IN =~ s/\n//g;
#print ("Index Class-Map In: ", $index_IN, "\n");

### find traffic via class-map out
my $snmp_bps_IN = sprintf("CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyByte64.".$policy_map_IN_index.".");
#print ("SNMP Index: ", $snmp_bps_IN, "\n");
my $bps_IN = (`snmpwalk -v2c -c public -m ALL $router cbQosCMStatsTable | grep -w $index_IN | grep $snmp_bps_IN | awk '{print \$4}'`);
# delete newline from variable
$bps_IN =~ s/\n//g;
#print ("BPS Class-Map Out: ", $bps_IN, "\n");


#print "\n";
###############################################################################
# OUT BPS
###############################################################################

#------------------------------------------------------------------------------
# Identificate out interface
# - find interface code
# - find index policy-map
#------------------------------------------------------------------------------

### find code interface out
my $if_OUT = (`snmpwalk -v2c -c public -m ALL $router ifDescr | grep -w $int_OUT | awk '{gsub(\"IF-MIB::ifDescr.\",\"\"); print \$1}'`);
# delete newline from variable
$if_OUT =~ s/\n//g;
#print ("Code Interface Out: ", $if_OUT, "\n");

### find index policy-maps on interface out
my @policy_maps_OUT = (`snmpwalk -v2c -c public -m ALL $router cbQosIfIndex | grep -w $if_OUT | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosIfIndex.\",\"\"); print \$1}'`);
foreach my $policy_maps_OUT(@policy_maps_OUT){
 $policy_maps_OUT =~ s/\n//g;
 #print ("Policy-Map Interface Out: ", $policy_maps_OUT, "\n");
 }

### find index policy-map on out interface 
my $policy_map_OUT_index = (`snmpwalk -v2c -c public -m ALL $router cbQosPolicyDirection | grep -w output | grep -w $policy_maps_OUT[0] | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosPolicyDirection.\",\"\"); print \$1}'`);
if ($policy_map_OUT_index) {
 $policy_map_OUT_index =~ s/\n//g;
 #print ("Code Policy-Map Out: ", $policy_map_OUT_index, "\n");
} else {
 $policy_map_OUT_index = (`snmpwalk -v2c -c public -m ALL $router cbQosPolicyDirection | grep -w output | grep -w $policy_maps_OUT[1] | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosPolicyDirection.\",\"\"); print \$1}'`);
 $policy_map_OUT_index =~ s/\n//g;
 #print ("Code Policy-Map Interface Out: ", $policy_map_OUT_index, "\n");
}

#------------------------------------------------------------------------------
# Get BPS 
# - find code class-map
# - find index class-map
# - find bps 
#------------------------------------------------------------------------------

### find code class-map out on output interface
my $name_OUT = (`snmpwalk -v2c -c public -m ALL $router cbQosCMName | grep -w $class_OUT | awk '{gsub(\"CISCO-CLASS-BASED-QOS-MIB::cbQosCMName.\",\"\"); print \$1}'`);
# delete newline from variable
$name_OUT =~ s/\n//g;
#print ("Name Class-Map Out: ", $name_OUT, "\n");

### find index code class-map out
my $snmp_index_OUT = sprintf("CISCO-CLASS-BASED-QOS-MIB::cbQosConfigIndex.".$policy_map_OUT_index.".");
#print ("SNMP Index: ", $snmp_index_OUT, "\n");
my $index_OUT = (`snmpwalk -v2c -c public -m ALL $router cbQosConfigIndex | grep -w $name_OUT | grep $snmp_index_OUT | awk '{gsub(\"$snmp_index_OUT\",\" \"); print \$1}'`);
# delete newline from variable
$index_OUT =~ s/\n//g;
#print ("Index Class-Map Out: ", $index_OUT, "\n");

### find traffic via class-map out
my $snmp_bps_OUT = sprintf("CISCO-CLASS-BASED-QOS-MIB::cbQosCMPostPolicyByte64.".$policy_map_OUT_index.".");
#print ("SNMP Index: ", $snmp_bps_OUT, "\n");
my $bps_OUT = (`snmpwalk -v2c -c public -m ALL $router cbQosCMStatsTable | grep -w $index_OUT | grep $snmp_bps_OUT | awk '{print \$4}'`);
# delete newline from variable
$bps_OUT =~ s/\n//g;
#print ("BPS Class-Map Out: ", $bps_OUT, "\n");


#print "\n";
###############################################################################
# RESULT
###############################################################################

print ($bps_IN, "\n");
print ($bps_OUT, "\n");

 

если кто-то найдет ошибки в моем подходе - буду рад узнать о них.

 

Для корректной работы скрипта необходимо установить дополнительные MIB:

CISCO-CBP-TARGET-MIB.my
CISCO-CBP-TARGET-TC-MIB.my
CISCO-CLASS-BASED-QOS-MIB.my
CISCO-FRAME-RELAY-MIB.my
CISCO-SMI.my
CISCO-TC.my
FRAME-RELAY-DTE-MIB.my
P-BRIDGE-MIB.mib
Q-BRIDGE-MIB.mib
RMON2-MIB.my
SNMPv2-TC.my
TOKEN-RING-RMON-MIB.my

в основном все они являются зависимостями для CISCO-CLASS-BASED-QOS-MIB...