Is there a QOS method that really gives priority to select traffic? (ASA 5510)

todd.townsend · ‎09-06-2012

Before today my concept of priority queuing was that if two packets wanted to go and there was only room for one, the higher priority packet would go and the other would wait. In other words, if I prioritize VOIP then those packets will travel uninterupted no matter how many downloads I start.

Today a Cisco tech told me that if I really wanted to protect the VOIP traffic, I would also have to police all other traffic -- permenantly make everything else slower just in case there was some VOIP that wanted to go through.

1. Is this true?

2. If so, is there a way to do what I described first?

3. If the ASA 5510 can't do it, is there another device that can?

Julio Carvajal · ‎09-06-2012

Hello Todd,

I think this document will explain it better than me

So here you go:

http://blog.ine.com/2008/09/16/qos-on-the-pixasa-%E2%80%93-part-3priority-queuing/

On my own words here is what I can tell you.

The priority will start to happen as soon as the ASA gets oversubscripted ( this means the hardware queue got full, then the software queue it will start working and here is where the priority magic happens ( we have the 2 best effor queue {Default} and the priority queue)

Regards,

Remember to rate all of the answers, for the community that is more important that a thanks

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

I think I have standard priority queuing set up properly, but when I saturate the download bandwidth, voice quality is unusable.

Julio Carvajal · ‎09-07-2012

Hello Todd,

What about the sotware queue?

Check the statistics of the priority service and let me know what you get

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

I forgot to mention that I am a Cisco newbie. Could you explain how to check those statistics (preferably through ASDM).

Julio Carvajal · ‎09-07-2012

http://blog.ine.com/2008/09/16/qos-on-the-pixasa-%E2%80%93-part-3priority-queuing/

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

There are two outside interfaces. Backup-dsl is not used unless outside_cable goes down.

Result of the command: "show priority-queue statistics"

Priority-Queue Statistics interface inside

Queue Type = BE

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 268605455

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Queue Type = LLQ

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 319549

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Priority-Queue Statistics interface backup_dsl

Queue Type = BE

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 1578866

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Queue Type = LLQ

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 0

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Priority-Queue Statistics interface outside_cable

Queue Type = BE

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 182299035

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Queue Type = LLQ

Tail Drops = 0

Reset Drops = 0

Packets Transmit = 39602

Packets Enqueued = 0

Current Q Length = 0

Max Q Length = 0

Julio Carvajal · ‎09-07-2012

Hello Todd,

Looks like the Priority it's doing it's job.

Can you post the configuration you have

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

Do you want the output of "show running-config"?

Julio Carvajal · ‎09-07-2012

Hello Todd,

Correct

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio Carvajal · ‎09-07-2012

Hello Todd,

Please change the following configuration:

hostname(config) priority-queue outside

hostname(config-priority-queue) queue-limit 80

hostname(config-priority-queue) tx-ring-limit 3

hostname(config) priority-queue backup_dsl

hostname(config-priority-queue) queue-limit 80

hostname(config-priority-queue) tx-ring-limit 3

hostname(config) priority-queue inside

hostname(config-priority-queue) queue-limit 80

hostname(config-priority-queue) tx-ring-limit 3

Remember to rate all the posts, for us that is more important that a thanks

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

That made it worse.

Julio Carvajal · ‎09-07-2012

Hello Todd,

Why don't you use just one priority policy instead of one per interface.

no service-policy outside_cable-policy interface inside

no service-policy outside_cable-policy interface backup_dsl

no service-policy outside_cable-policy interface outside_cable

policy-map global_policy

class outside_cable-class

priority

class global-class

priority

clear local-host ( This is need it so the new policies and actions take place)

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

todd.townsend · ‎09-07-2012

The Cisco tech was adamant that I put it on each interface.

Julio Carvajal · ‎09-07-2012

Hello,

So you are going to keep with the configuration he provided you even though it's not working.

Send on a private message the case number...

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC