9.21.2010

dd_rescue saves the day

My 500GB drive gave up on me yesterday taking with it about 7 years' worth of email and documents. I was on the brink of giving up trying to mount the drive using Knoppix 6.2 attempting to mount and copy the contents into a fresh hdd coming up empty handed every time I try. It would have been a disaster had a utility called dd_rescue did not exist. Luckily, dd_rescue lived up to it's name and saves the day. 


I was able to clone my defective drive (sda) into a new and identical drive (sdb) with just a simple command such as:

#dd_rescue /dev/sda /dev/sdb

The operation takes a while copying the drive layout, but, it's worth every second.

Once it was done, I took out the bad drive and booted with the cloned drive just as if it was the good old running drive. 

Indeed, dd_rescue saves the day!

9.06.2010

Dynamic Bandwidth Allocation

Today, one ISP customer required a dynamic allocation of their 100Mbps bandwidth into two customer groups; a 10Mbps priority CIR/PIR corporate block, and a 90Mbps/100Mbps CIR/PIR DSL block.

For simulation, we'll use a 10Mbps egress interface. Class one will be 1Mbps CIR/PIR, while class two will be 9Mbps/10Mbps CIR/PIR. See figure below for the setup used to simulate the solution. 


Class one traffic going to 10.0.0.1 will be capped to 10Mbps. While class two traffic going to 10.0.0.2 will be able to burst above 9Mbps (up to 10Mbps in case class one is underutilized).

Here are relevant steps and configurations made on R1:

Create ACL's and class maps to match traffic flow for class one and class two.

ip access-list extended one
 permit ip any host 10.0.0.1
!
ip access-list extended two
 permit ip any host 10.0.0.2
!
class-map match-all one
  match access-group name one
!
class-map match-all two
  match access-group name two

Create shape policy-map to set the class limits and share policy-map to set the shared limit.

policy-map shape
  class one
    priority 1000
    police cir 1000000 pir 1000000
  class two
    bandwidth 8900
!
policy-map shared
  class class-default
    shape average 10000000
   service-policy shape2

Apply shared policy-map outbound on egress interface.

interface Ethernet1/0
 ip address 10.0.0.3 255.255.255.0
 load-interval 30
 duplex full
 service-policy output shared

To verify our configuration, let's first generate around 900kbps traffic through class one and ch:

R1#sh policy-map interface eth1/0

 Ethernet1/0 

  Service-policy output: shared

    Class-map: class-default (match-any)
      48350 packets, 73057177 bytes
      30 second offered rate 895000 bps, drop rate 0 bps
      Match: any 
        48350 packets, 73057177 bytes
        30 second rate 895000 bps
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 48580/9765
      shape (average) cir 10000000, bc 40000, be 40000
      target shape rate 10000000

      Service-policy : shape

        queue stats for all priority classes:
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 48477/73394178

        Class-map: one (match-all)
          48248 packets, 73047472 bytes
          30 second offered rate 895000 bps, drop rate 0 bps
          Match: access-group name one
          Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
          
          police:
              cir 1000000 bps, bc 31250 bytes
              pir 1000000 bps, be 31250 bytes
            conformed 48477 packets, 73394178 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              drop
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 895000 bps, exceed 0 bps, violate 0 bps

        Class-map: two (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: access-group name two
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          bandwidth 8900 kbps

        Class-map: class-default (match-any)
          102 packets, 9705 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any 
            102 packets, 9705 bytes
            30 second rate 0 bps
          
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 103/9765

Generating more than 1Mbps for class one results in packets being dropped above 1Mbps.
R1#sh policy-map interface eth1/0

 Ethernet1/0 

  Service-policy output: shared

    Class-map: class-default (match-any)
      103587 packets, 156586808 bytes
      30 second offered rate 2864000 bps, drop rate 0 bps
      Match: any 
        103587 packets, 156586808 bytes
        30 second rate 2864000 bps
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 82795/16558
      shape (average) cir 10000000, bc 40000, be 40000
      target shape rate 10000000

      Service-policy : shape

        queue stats for all priority classes:
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 82622/125089708

        Class-map: one (match-all)
          103415 packets, 156570310 bytes
          30 second offered rate 2864000 bps, drop rate 1866000 bps
          Match: access-group name one
          Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
          
          police:
              cir 1000000 bps, bc 31250 bytes
              pir 1000000 bps, be 31250 bytes
            conformed 82622 packets, 125089708 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              drop
            violated 21765 packets, 32952210 bytes; actions:
              drop
            conformed 1000000 bps, exceed 0 bps, violate 1866000 bps

        Class-map: two (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: access-group name two
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          bandwidth 8900 kbps

        Class-map: class-default (match-any)
          172 packets, 16498 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any 
            172 packets, 16498 bytes
            30 second rate 0 bps
          
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 173/16558

Combining a 10Mbps traffic for class two and 500kbps traffic for class one results into a 9.5Mbps flow for class two and priority flow of 500kbps traffic for class one. (An additional test is to run a ping through class one, which must show no packet loss).

R1#sh policy-map interface eth1/0

 Ethernet1/0 

  Service-policy output: shared

    Class-map: class-default (match-any)
      187700 packets, 284126452 bytes
      30 second offered rate 10269000 bps, drop rate 449000 bps
      Match: any 
        187700 packets, 284126452 bytes
        30 second rate 10269000 bps
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 64/8569/0
      (pkts output/bytes output) 184575/265496742
      shape (average) cir 10000000, bc 40000, be 40000
      target shape rate 10000000

      Service-policy : shape

        queue stats for all priority classes:
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 9179/13897006

        Class-map: one (match-all)
          8911 packets, 13491254 bytes
          30 second offered rate 501000 bps, drop rate 0 bps
          Match: access-group name one
          Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0
          
          police:
              cir 1000000 bps, bc 31250 bytes
              pir 1000000 bps, be 31250 bytes
            conformed 9179 packets, 13897006 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              drop
            violated 0 packets, 0 bytes; actions:
              drop
            conformed 501000 bps, exceed 0 bps, violate 0 bps

        Class-map: two (match-all)
          178753 packets, 270632042 bytes
          30 second offered rate 9768000 bps, drop rate 449000 bps
          Match: access-group name two
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 63/8569/0
          (pkts output/bytes output) 175360/265495040
          bandwidth 8900 kbps

        Class-map: class-default (match-any)
          36 packets, 3156 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any 
            36 packets, 3156 bytes
            30 second rate 0 bps
          
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 37/3216


Ping output:
$ ping -c 100 10.0.0.1

<....output truncated....>

--- 10.0.0.1 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 99154ms
rtt min/avg/max/mdev = 3.635/4.528/13.680/0.961 ms
From the results above, we've verified that although class two can burst into the class one zone, priority is still given to class one traffic as evident with low-latency response and minimum deviation.