Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3064
Views
0
Helpful
5
Replies

Class of Service Configuration

bberry
Level 1
Level 1

‎03-24-2015 01:49 PM - edited ‎03-17-2019 02:26 AM

Hello, 

We are a Cisco shop and have also started to implement Cisco VoIP. We have not really worried about configuring Class of Service on the routers as there was very little voice traffic and we had lots of bandwidth. We are at the point where that needs to change and I am now getting my feet wet with Class of Service but I have some clarification questions.

I know I need a policy-map that gets applied to the WAN interface as a service policy and this uses access-list to help mark the traffic. I have attached my first brush at a basic policy and access lists but my first question is how do I mark the VoIP traffic? I have been told the Cisco phones automatically do this but I have not seen this in netflow data. If is is not automatically marked do I just use the IP address of the Call Managers and let things ride from there? I guess I could use the subnets where the phones actually reside. I know this would go into COS1 just not sure what to put there. Are there specific ports or protocols that should also be included? I am thinking network management stuff goes into COS2 but not sure what all needs to go there in the way of routing and the like. Since pings are used for the up/down status of hardware should icmp also be placed in here?  I placed telnet into COS3 as that is how we access our ERP and other critical systems and figure I could move up to COS2 if needed. Everything else such as e-mail and web would just be best effort. I also think that on the access-lists where I have server destinations I also need to add an additional rule with them being the source for return traffic. 

Any suggestions?

 

class-map match-any COS3
 match access-group name COS3-Traffic

class-map match-any COS2
 match access-group name COS2-Traffic
 match protocol bgp

policy-map AVPN-COS
 class COS1
  priority 320
  set ip dscp ef
 class COS2
  bandwidth remaining percent 60
  set ip dscp af31
 class COS3
  bandwidth remaining percent 30
  set ip dscp af21
 class class-default
  bandwidth remaining percent 10
  set ip dscp default

ip access-list extended COS2-Traffic
 permit udp any any eq domain
 permit udp any any eq netbios-ns
 permit udp any any eq 389

ip access-list extended COS3-Traffic
 permit tcp any any eq telnet
 permit tcp any any eq 22
 permit udp any any eq 22
 permit tcp any host 170.153.60.81 eq 443

Labels:
0 Helpful
5 Replies 5

Dennis Mink
VIP Alumni
VIP Alumni

‎03-24-2015 03:30 PM

Why are you not simply trusing the DSCP values on access port level for RTP (ef) and signalling (af41)  and police based on that?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

bberry
Level 1
Level 1
In response to Dennis Mink

‎03-25-2015 06:46 AM

First off I am not a Class of Service expert so bare with me when I may ask stupid questions. I thought I was trusting what the Cisco phones and other VoIP hardware was using as I am mostly addressing our production type traffic such as telnet and SSH. I also thought I was limited on what I could configure on the access switches as they are mostly in the 2950 platform. I have been reading that I need to try to get as close to the end device as possible. Starting at the router seemed to be the easiest place to start especially since I have a configuration guide from my ISP. I am learning as I go.

The other issue that is starting to push this is the fact that when we look at a link that is being 100% utilized and users are complaining of slow performance it is usually internet traffic with the highest percentage of the bandwidth. By marking everything except traffic such as the internet I am hoping things will still get through.

My COS profile currently with my provider is 40/60/30/10. We do not do much video so give us a good balance since most of our locations have a T1 for connectivity. We are starting to upgrade selective locations for more bandwidth but am also having a hard time with management since the bandwidth hogs always seem to be internet related.

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to bberry

‎03-25-2015 09:00 PM

Definitely read the SRND on(auto)Qos  as it is one of the hardest IT concepts to get your head around.  

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

bberry
Level 1
Level 1
In response to Dennis Mink

‎03-26-2015 06:23 AM

Is this what you are referring to?

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html

 

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎03-24-2015 06:15 PM

As Dennis alluded to you should separate the classification and marking duties from the prioritization and queuing/policing effort. For one thing, doing this on Catalyst switching platforms offloads effort to the ASIC instead of doing it in router CPU.

Physical phones are capable of marking their traffic in accordance with the settings on CUCM; by default this is EF for RTP traffic, CS3 for SIP/SCCP signaling, and CS3 for TFTP config. I always change the TFTP traffic to get it out of call signaling and recommend either AF11 or BE depending on how many queues your QoS design/model is following. If you are using software phones, such as IP Communicator or Jabber the reality is that their DSCP markings likely won't make it to the switch. For those use cases you can: a) fix Windows/OS to get DSCP markings through & do a conditional trust model where the PC is allowed to send DSCP-marked traffic up to a policed threshold; b) force soft phones to use a Trusted Relay Point (i.e. software MTP on the local router) to proxy and mark the packets from a more trusted device in the network; or, c) classify manually.

So, in a typical design you would see the access layer switch either trust, conditionally trust, or classify and mark at ingress, uplink ports to distribution/core trust and prioritize merely at the layer two/ASIC (aka wrr-queue priority commands), and the WAN router perform prioritization and LLQ/CBWFQ.

Enterprise QoS Solution Reference Network Design Guide Version 3.3

Medianet Campus QoS Design 4.0

Network management traffic is typically CS6 and most - but not all - router processes tag packets with this by default. Adapting your example:

class-map match-any VOIP-MEDIA
 match dscp ef

class-map match-any VOIP-SIGNAL
 match dscp cs3
 match dscp af31 ! This is a deprecated marking for VoIP. You should reconfigure your gear to stop using this.

class-map match-any VOIP-VIDEO
 match af41 ! Doesn't account for immersive video but I'm guessing you don't have this.

class-map match-any MANAGEMENT
 match CS6
 match protocol ssh ! Notice: Invokes NBAR.

policy-map AVPN-POLICY-MAP
 class VOIP-MEDIA
  priority 320 ! See http://www.bandcalc.com for value to put here; ensuring you choose Link radio button, correct codec, and if you are using RTCP
 class VOIP-SIGNAL
  bandwidth remaining percent 5 ! Commonly bumped up to 10% if heavy SIP usage.
 class VOIP-VIDEO
  bandwidth remaining percent 50
 class MANAGEMENT
  bandwidth remaining percent 3
 class class-default
  fair-queue

Disclaimer: I spent about 90 seconds on this; consider this a micro-level example and not a macro-level design recommendation.

PS- Don't use the word COS in the context of a layer three class/policy-map. COS is a term used with IEEE 802.1p, which in turn only exists on 802.1q trunks (e.g. phone to switch, switch uplinks, etc).

0 Helpful
Customers Also Viewed These Support Documents