03-01-2013 02:37 PM - edited 03-16-2019 04:00 PM
I setup this QoS after doing some research, however, I am not sure it is set up correctly. I am concerned that the Critical Date is tagging the traffic I setup in the ACL. If you have any feed back I would appreciate it. The link to the MPLS is 10M ethernet:
ip access-list extended CRITICAL-DATA
permit tcp any any eq 3389
permit tcp any eq 3389 any
permit tcp any any eq 23
permit tcp any any eq 22
ip access-list extended SER-VOIP
permit ip 192.168.56.0 0.0.0.255 any
permit udp 192.168.56.0 0.0.0.255 any
class-map match-any QOS_REAL-TIME
match ip dscp ef
match access-group name SER-VOIP
class-map match-any QOS_CRITICAL-DATA
match ip dscp af41
match access-group name CRITICAL-DATA
policy-map 60r_32c
class QOS_REAL-TIME
bandwidth percent 60
class QOS_CRITICAL-DATA
bandwidth percent 32
set ip dscp af41
class class-default
shape average 10000000
interface FastEthernet0/1
max-reserved-bandwidth 100
service-policy output 60r_32c
03-02-2013 06:48 AM
SO, you are marking all traffic from voip server with EF? This is not a good practice as most of the traffic to/from these servers should not be EF, but signaling class of CS3, you would be much better of just trusting the dscp markings on the port.
So telnet, rdp and ssh is critical data for you? Why is that? Critical data should not be using af41 as that is normally reserved for video.
I suggest you start out by reading Cisco's medianet overview and QoS SRND to get familiar with QoS:
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html
HTH, please rate all useful posts!
Chris
03-02-2013 06:53 PM
Hi William,
There are some shortcomings in the config. Please get more familiar with QoS by reading the above links provided by Chris. For your convenience, I will try to point out a few things and provide you a sample config, providing a direction to start with.
1) Incorrect QoS Mechanism: Assuming you are trying to configure above for Voice\Real time traffic - first and foremost issue is the QoS mechanism you are choosing is wrong. You are configuring CBWFQ. You are just providing a guaranteed bandwidth to both the Real Time and Critical Data classes you are configuring - there is no priortisation of the real time traffic. The best practice for voice\real time is using LLQ. LLQ comprises of a priority queue for voice traffic + CBWFQ for other classes.
In the SRND specificaly you go to this section to understand LLQ:
Sample Config:
I would suggest using LLQ with Hiearcchical QoS.
I am not creating class maps, you need to identify and classify traffic according to your needs.
policy-map CHILD
class VOICE
priority percent 33 << you can modify according to your needs, Cisco recommended value
class SIGNALING
bandwidth percent 2 << you canmodify according to your needs, Cisco recommended value
class CRITICAL-DATA
bandwidth percent X << set according to your needs
class X
bandwidth percent X
class Y
bandwidth percent X
class class-default << in the end traffic not belonging to any class goes to this class.
bandwidth percent 10 << you can change according to your needs
random-detect
.... and so on - you can go as granular as you want
policy-map PARENT
class class-default
shape average10000000 <<< shaping to 10M
service-policy CHILD
interface FastEthernet0/1
description *** Link to WAN ***
service-policy output PARENT
PS: Excuse any syntax errors as I donot have a CLI nearby.
I have just created a sample config and assigned bandwidth for Voice and signaling according to Cisco's recommendations. This will priortise Voice traffic, it will be serviced before any other traffic. Using CBFQ for other classes. All the traffic will be shaped to 10M. Please see below for more and you can do that for what works best for your environment. You can go granular, consider differentiating traffic - Voice, Video, Call Signaling, Critical Data, Medium, Scavenger traffic, Routing (bgp, ospf, eigrp etc), network management (telnet, ssh, snmp, dhcp, ntp etc.)
2) Not Optimal Classification and Marking:
i) You have created only two classes for Voice and Critical data, providing them guranteed bandwidth. Rest of the traffic is going to default queue with no guranteed bandwidth etc. You may be sending traffic to default queue which may require better treatment. You can go more granular, create more classes and provide them differential treatment, as I have mentioned in point 1. So you can service all traffic appropriately.
ii) As Chris has already pointed, you are marking data with af41, its normally used for video. If any other video device is marking af41 (and trusted) it will also fall in the same class and use the bandwidth.
Not of much relevance but in below ACL:
ip access-list extended SER-VOIP
permit ip 192.168.56.0 0.0.0.255 any
permit udp 192.168.56.0 0.0.0.255 any << you can remove this line, this doesn't make any sense as you are already permitting IP in the above line, you are matching everything in first line.
I hope its helpful to you. Please feel free to ask if you have any questions.
Terry
03-04-2013 11:11 AM
Thank you everyone for the reply's they are very helpful. The configuration I posted is what was already setup, I just added it to the new router for our new ISP. I have been researching the documents mentioned, however, I was in a bit of a pinch, that is why I posted it to get atleast a better option and suggestions. As for the questionof why the af41 was set up withRDP, Telnet and SSH, this is the primary traffic that we need to have a higher priority for, we use thin clients that connect across the WAN so that is why that traffic is important. Our service provider has CoS models that they have setup for us to choose from, we chose the 60% real time, 32%critical Data, 4% and 4% which we will call best effort.
Thank you again fro the responses, not a master of QoS and learning. This was going to be our initial setup and we were going to modify as we needed to make changes. More research is needed but I definately appreciate your replied.
Thank you,
Billy
03-04-2013 02:37 PM
Billy,
Thanks for the follow up and enjoy mastering QoS :-)
Please rate all useful posts!
Chris
03-04-2013 04:27 PM
Not a problem Billy. Please let us know anytime if you have any more questions.
Terry
03-06-2013 06:48 AM
OK, I asked the equipment provider how the voice gateway's are tagging the traffic, their response is that it is tagging it
IP Precedence = 5
How does that work with the voice and signaling classes, I'm not sure. I am going to contact the manufacturer to get the correct settings.
03-06-2013 05:57 PM
IP Precedence if first 3 bits of TOS header which can be mapped to DSCP value. IP presence of 5 translates to DSCP value of 40 and 46.
http://bogpeople.com/networking/dscp.shtml
Cisco switches provide this mapping automatically. Normally you do not want to use IP Precedence of 5 for signaling as it is reserved for actual voice RTP packets, and signaling should be using IP Precedence of 3, DSCP CS3 or AF31.
HTH,
Chris
03-13-2013 12:32 PM
I am learning more as I go along here, still haven't implemented the QoS but I think I am getting closer. Once I get this done I'll post what I setup and you can take a look, if anything it might end up being entertaining. Thank you everyone for your in put, good stuff!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide