Enterprise QoS Solution Reference Network Design Guide

Branch Router LAN Edge QoS Design
4-10
Enterprise QoS Solution Reference Network Design Guide
Chapter 4 Branch Router QoS Design
Although it might be tempting to use the same class-map names (such as MISSION-CRITICAL,
TRANSACTIONAL-DATA, or BULK-DATA) for ingress LAN edge classification and marking policies
as are in use for egress WAN edge queuing policies, this might cause confusion in policy definition and
troubleshooting. Therefore, for management and troubleshooting simplicity, it is beneficial to have
similar yet descriptive names for these new classes (for example, branch-originated traffic might have
class-map names prepended with “BRANCH-”). A description can also be added to the class maps with
the description command.
Source or Destination IP Address Classification
Example 4-3 shows how traffic destined to a specific subnet (10.200.200.0/24)—which, in this case,
represents a server farm of proprietary Mission-Critical Data application servers—can be identified and
marked on ingress on the branch router’s LAN edge.
Example 4-3 Branch LAN Edge Destination IP Classification and Marking Example
!
ip cef ! Required for Packet Marking
!
class-map match-all BRANCH-MISSION-CRITICAL
match access-group name MISSION-CRITICAL-SERVERS ! ACL to reference
!
policy-map BRANCH-LAN-EDGE-IN
class BRANCH-MISSION-CRITICAL
set ip dscp 25 ! (Interim) Recommended marking for Mission-Critical traffic
!
...
!
interface FastEthernet0/0
no ip address
speed auto
duplex auto
!
interface FastEthernet0/0.60
description DVLAN SUBNET 10.1.60.0
encapsulation dot1Q 60
ip address 10.1.60.1 255.255.255.0
service-policy output BRANCH-LAN-EDGE-OUT ! Restores CoS on Data VLAN
service-policy input BRANCH-LAN-EDGE-IN ! Marks MC Data on ingress
!
...
!
ip access-list extended MISSION-CRITICAL-SERVERS
permit ip any 10.200.200.0 0.0.0.255 ! MC Data Server-Farm Subnet
!
Verification commands:
show policy
show policy interface
show ip access-list
Version 3.3