QoS and other

b2kzone-beniamin · ‎03-08-2021

hello, I want to config the LLQ on the router for qos and the wfq on the switch for qos on youtube, netfilx, telnet, http, etc. but i have some issues and also i have other few question to can understand.

1. first error i encountered "I/f Virtual-Access2 class requested bandwidth 5000 (kbps), available only 42 (kbps)" why ? and also I'm not sure but is related to the below?

Dialer12 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is x.x.x.x
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 95/255, rxload 135/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:25:47
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 86000 bits/sec, 0 packets/sec
5 minute output rate 21000 bits/sec, 0 packets/sec
60352 packets input, 27132835 bytes
55534 packets output, 12479592 bytes
Bound to:

Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 136/255, rxload 126/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoE vaccess, cloned from Dialer12
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di12 (Encapsulation PPP)
Last input 00:00:11, output never, output hang never
Last clearing of "show interface" counters 00:25:39
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 84000 bits/sec, 5 packets/sec
5 minute output rate 30000 bits/sec, 5 packets/sec
60361 packets input, 27132976 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
55544 packets output, 12480006 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

2. the second question is also regarding of info from the f0/0 or f0/1 physical port

FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 000.000.000.000
Description: The interface that let you to play inside
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,-->why where is 10000 and wthat mean the next bold lines
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 53000 bits/sec, 19 packets/sec
5 minute output rate 92000 bits/sec, 17 packets/sec
54463 packets input, 13212123 bytes
Received 486 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
57780 packets output, 25866755 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
24 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Joseph W. Doherty · ‎03-08-2021

Please identify the router model and the IOS it's running.

Also please post your QoS statements and the interface(s) configs, where applied.

b2kzone-beniamin · ‎03-08-2021

Hardware

router cisco 2611XM with os flash:c2600-advsecurityk9-mz.124-15.t14.bin, C2600-ADVSECURITYK9-M, 12.4(15)T14

switch cisco 2950T with os flash:/c2950-i6k2l2q4-mz.121-22.EA14.bin, C2950-I6K2L2Q4-M, 12.1(22)EA14

QOS on the Switch

ACL

ip access-list extended EMAIL

permit tcp 172.16.30.160 0.0.0.15 any eq pop2

permit tcp 172.16.30.160 0.0.0.15 any eq pop3

permit tcp 172.16.30.160 0.0.0.15 any eq smtp

permit tcp 172.16.30.160 0.0.0.15 any eq 143

permit udp 172.16.30.160 0.0.0.15 any eq 143

permit udp 172.16.30.160 0.0.0.15 any eq 25

ip access-list extended TRANSFER

permit tcp 192.168.1.0 0.0.0.255 any eq ftp-data

permit udp 192.168.1.0 0.0.0.255 any eq 20

permit tcp 192.168.1.0 0.0.0.255 any eq ftp

permit udp 192.168.1.0 0.0.0.255 any eq 21

permit tcp 192.168.1.0 0.0.0.255 any eq 69

permit udp 192.168.1.0 0.0.0.255 any eq tftp

permit tcp 192.168.1.0 0.0.0.255 any eq 115

permit udp 192.168.1.0 0.0.0.255 any eq 115

ip access-list extended WEB

permit tcp 192.168.1.0 0.0.0.255 any eq www

permit tcp 192.168.1.0 0.0.0.255 any eq 443

permit udp 192.168.1.0 0.0.0.255 any eq 443

permit udp 192.168.1.0 0.0.0.255 any eq 80

ip access-list extended MANAGEMENT

permit tcp 192.168.1.0 0.0.0.255 any eq telnet

permit udp 192.168.1.0 0.0.0.255 any eq 23

permit tcp 192.168.1.0 0.0.0.255 any eq 22

permit udp 192.168.1.0 0.0.0.255 any eq 22

class-maps

class-map match-all TRANSFER

match access-group name TRANSFER

class-map match-all MANAGEMENT

match access-group name MANAGEMENT

class-map match-all EMAIL

match access-group name EMAIL

class-map match-all WEB

match access-group name WEB

policy-maps

policy-map NETWORK

class WEB

set ip dscp 46

police 20000000 8192 exceed-action drop

class EMAIL

set ip dscp 34

police 10000000 8192 exceed-action drop

class MANAGEMENT

set ip dscp 46

police 5000000 8192 exceed-action drop

class TRANSFER

set ip dscp 10

police 7000000 8192 exceed-action drop

policy-maps

policy-map NETWORK-2

class WEB

set ip dscp 46

police 20000000 8192 exceed-action drop

class MANAGEMENT

set ip dscp 46

police 5000000 8192 exceed-action drop

class TRANSFER

set ip dscp 10

police 7000000 8192 exceed-action drop

interface FastEthernet0/1

service-policy input NETWORK

interface FastEthernet0/0

service-policy out NETWORK-2

b2kzone-beniamin · ‎03-08-2021

ignor "QOS on the Switch" is on both

Joseph W. Doherty · ‎03-08-2021

First, the router's QoS support is much different from the switch's. The router, I believe, supports CBWFQ, although I recall (?) there might be some QoS limitations within the Advance Security feature set. Further IOSs before 12.4(20)T don't support HQF, which provided huge changes in class FQ support. Also the FQ support before HQF is WFQ, where as the latter versions are just FQ.

Anyway, a basic CBWFQ policy for your IOS might look something like:

policy-map Sample
class LLQ
priority percent 35
class class-default
bandwidth percent 65
fair-queue

If you want to take advantage of WFQ, in the above's FQ, use IP Prec values. The higher the value, the more bandwidth those packets will obtain relative to other lessor marked packets.

Pre-HQF only supports the FQ statement in class-default.

The 2950 (I recall?) only supports four hardware egress queues. You can vary bandwidth allocations to those queues. You can also make the first queue a PQ. Traffic is directed to one of the four queues based on ToS values. The ToS to queue mapping has default values, which can be changed. I also recall (?) pairs of IP Prec values are mapped to each queue.

For particular commands, you'll need to consult the reference manuals for the device/IOS combination.

b2kzone-beniamin · ‎03-08-2021

hey,

Thanks for advice and tips and trick, but I still have few things unclear like BW 56 Kbit/sec(alos wthat is the meaning of this bandwith and where is applied ), DLY 20000 usec can I change the bw and also to have effect on it, can I decrease the DLY to be close to 100 ?

can I increase the Available Bandwidth 42 kilobits/sec ?

Joseph W. Doherty · ‎03-09-2021

An interface's bandwidth is what the device "thinks/believes" the interface actually provides. It can be changed, via configuration. Some "things" (like some routing protocols and/or some QoS functions) will use that "bandwidth" information for their purposes.

Likewise the "delay" value is what the device "thinks/believes" the time it takes to transit the interface's connected link. It too, like bandwidth, might be used for some "things" (again some routing protocols use it).

Changing an interface's bandwidth and/or delay, generally doesn't have any direct impact on the interface, but it may still, in some manner, impact traffic. For example, a routing protocol using bandwidth or delay, might select an interface based on what it "thinks/believes" is the best path (using a particular interface). Changing bandwidth and/or delay, might have the routing protocol select a different interface for the best path.

b2kzone-beniamin · ‎03-09-2021

it is ok to combine those algorithms ?

First-In First-Out (FIFO) (default)

• Priority Queuing (PQ)

• Custom Queuing (CQ)

• Weighted Fair Queuing (WFQ)

• Class-Based Weighted Fair Queuing (CBWFQ)

• Low-Latency Queuing (LLQ)

ex LLQ output on dialer, WRR on f0/1 , so on so for?

to have one queue algh on each interface >?

Joseph W. Doherty · ‎03-09-2021

Yes, if the platform supports it, you can have different queuing functions per interface.

However, do know some of what you named overlaps and/or have slightly different meanings based on "age".

For example, LLQ is a feature of CBWFQ and there's an old version of PQ for routers which differs from current PQ on switches.

Or, WFQ was available in CBWFQ class-default before HQF and it also was a stand alone queuing feature, although (I believe) no longer found in current IOS versions. WFQ is also a part of CBWFQ. Etc.

b2kzone-beniamin · ‎03-09-2021

ok, if I understood correctly the sheme looks like this

traffic --> (apply the QOS inbound / input) --> the PORT -- > apply other QOS on (outbound / output)

correct ?

or is something else?

when a traffic from my lap come on the port that is the laptop connected I need to put a qos on input another qos on the output of the same traffic and do this again on the trunk port that is connected to router (put on on iunput and output ) and do sthe same on the router for the port that is conneecte do sw and the dailer that i connected to wan ?

Joseph W. Doherty · ‎03-10-2021

What ports to apply QoS on depends on what you're trying to accomplish.

Often ingress QoS features are not used, except on the edge port connecting to the host.

Although QoS is recommended end-to-end, also often, it's only critical on egress ports which congest to the extent it's detrimental to some of your traffic's service needs.

b2kzone-beniamin · ‎03-10-2021

what you say is:

my host are connected to an AP and the AP is connected to port f0/2 from the switch you suggesting to apply a policer on the ingress port (f0/2) to not go crazy with the traffic ?

if yes the next step is to apply a engress queuing but where? on the port f0/2 where is connected with the AP or in the trunk port (f0/1 fro the switch) that is connected to router ?

after this on router where to apply other qos on the port f0/1 (out or in ) where I have the subinterfaces f0/1.1, f0/1.2, f0/1.3 ? can I apply on the subinterface ? or I need to apply directly on physical port if on physical is working with subinterface?

and the last on when I want to apply qos on the port that is connected with ISP modem (I use dialer) i need to apply on the output ? or input

Joseph W. Doherty · ‎03-11-2021

I'm sorry, but again "What ports to apply QoS on depends on what you're trying to accomplish." I.e. It's unclear what you want to accomplish.

However, you did mention ". . . to apply a policer on the ingress port (f0/2) to not go crazy with the traffic ?", sure you might use an ingress policer for that purpose. Yes, how much bandwidth does the AP actual capable of? I.e. enough that the volume might go crazy? Also, you might want to police egress too, as host(s) on the AP might also receive a crazy amount of bandwidth.

"can I apply on the subinterface ? or I need to apply directly on physical port if on physical is working with subinterface? " Sorry I only recall applying QoS on main interfaces, but also applying on subinterfaces might be possible on some routers; again, unsure. Remember, though, even on a main interface you should be able to identify the traffic you want to manage, logically, on a subinterface basis.