Shulou(Shulou.com)06/01 Report--

The main purpose of this chapter: the relationship between connection tags and package tags

The connection tags in QOS are mainly classified for packets that conform to the rules, and are used for calls to other modules, such as common queue Queue, policy routing, PCC multi-dialing and so on. Let's first talk about connection marking and packet marking, which is a prerequisite for the following queue tree.

What is the connection first? When we make a request and ask the website to provide a picture download, it is a link.

Then the picture is so large that it takes many packets to download it.

This is the relationship between the connection and the packet. A connection may contain more than one packet.

In ROS, we can mark packets directly, such as the following command:

/ ip firewall mangle

Add protocol=tcp dst-port=80 src-address=192.168.11.0/24 out-interface=ether4 chain=forward action=mark-packet new-packet-mark=test

You can see that this command is about packet marking, and the firewall will match first.

1. Is it the TCP protocol?

two。 Is the destination port 80?

3. Is the source address 192.168.11.0 take 24?

4. Is the interface for going out ether4?

This matches each packet four times. When the traffic is large, it is a serious drag on CPU.

So the normal process is to mark the connection first, and then mark the connection as a package tag.

Such as the following two commands:

/ ip firewall mangle

Add protocol=tcp dst-port=80 src-address=192.168.11.0/24 out-interface=ether4 chain=forward action=mark-connection new-connection-mark=test passthrough=yes

Add connection-mark=test chain=forward action=mark-packet new-packet-mark=test

Now, the first command checks the first packet, matches it, and sets the connection flag.

1. Is it the TCP protocol?

two。 Is the destination port 80?

3. Is the source address 192.168.11.0 take 24?

4. Is the interface for going out pppoe-out1?

After that, you only need to check the first packet of each connection. The second command marks each subsequent packet that belongs to this connection directly and quickly without checking each packet.

Thus it can be seen that the correct marking posture can achieve higher router processing efficiency!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.