Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1642
Views
0
Helpful
10
Replies

QoS on ASA 5505

Go to solution
networker99
Level 1
Level 1

‎07-19-2011 08:42 AM - edited ‎03-11-2019 02:00 PM

I would like someone to answer a couple of QoS questions and verify what I am going to configure.

I need to prioritize voice traffic through the ASA

priority-queue outside

tx-ring-limit 200

queue-limit 2000

Do the above values look correct? and why is the priority queue applied to the outside interface and not the inside? (or both).  Also is this the part that ensures that the regular traffic does not choke the voice traffic?

class-map voip-class

match dscp ef

policy-map outsidemap

class voip-class

priority

service-policy outsidemap interface outside

Will the global policy remain which this interface policy taking priority?

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
varrao
Level 10
Level 10
In response to networker99

‎07-19-2011 09:43 AM

What is going to be the ingress interface for it and what is going to be the egress interface for this voice-traffic (basically from where this traffic would be initiated)??

-Varun

Thanks,
Varun Rao

View solution in original post

0 Helpful
10 Replies 10

Go to solution
varrao
Level 10
Level 10

‎07-19-2011 09:00 AM

Hi,

I am not really sure of your voice traffic requirement, you want to configure voice traffic on the ASA???

The priority queue would be applied on both the ingress and egress interfaces.

in:

class-map voip-class

match dscp ef

you would need to match an access-list for interesting traffic to be identified to be prioritized, something like:

access-list voice_traffic permit ip host 1.1.1.1 host 2.2.2.2

class-map voip-class

match access-list voice-traffic


policy-map gobal_policy

class voip-class

priority

service-policy global_policy global

you can either apply it globally or on isnide and outside.

Here is s very goosd doc for QoS:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008084de0c.shtml#rate

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to varrao

‎07-19-2011 09:05 AM

why would I need to match an ACL? In my example I am matching on DSCP value?

Do I need this bit?

priority-queue outside

tx-ring-limit 200

queue-limit 2000

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to networker99

‎07-19-2011 09:19 AM

Hi,

Yes you would  need it, if your matcjing the traffic based on the dscp value, then the config that you have looks good.

Have a look at the config example in the link I provided you, it is the same as your requirement.

You can verify your QoS by:

show service-policy

this would tell whether the packets are falling into the QoS configured.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to varrao

‎07-19-2011 09:21 AM

okay great so in summary my config is fine?  but why do I only create a transmit ring for the outside interface?  Do I not need to create one of teh inside as well?

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to networker99

‎07-19-2011 09:28 AM

No not needed for the inside, for tx-ring:

The tx-ring-limit command allows you to       configure the maximum number of packets (depth) allowed to be queued in the       Ethernet transmit driver ring at any given time. This allows for fine-tuning       the transmit queue to reduce latency and offer better performance through the       transmit driver. This limit must be in the range 3 through 128 packets on the       PIX platform, with a limit of 256 packets on the ASA platform.

The default queue-limit is the number of average, 256-byte packets       that the specified interface can transmit in a 500 ms interval, with an upper       limit of 2048 packets. A packet that stays more than 500 ms in a network node       might trigger a timeout in the end-to-end application. Such a packet can be       discarded in each network node.

The default tx-ring-limit is the number of       maximum 1550-byte packets that the specified interface can transmit in a 10 ms       interval. This guarantees that the hardware-based transmit ring imposes no more       than 10 ms of extra latency for a high-priority packet.

Is that your requirement as well????

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to varrao

‎07-19-2011 09:31 AM

My requirement is just to give prioritization to voice packets traversing the ASA (based on DSCP value)

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to networker99

‎07-19-2011 09:43 AM

What is going to be the ingress interface for it and what is going to be the egress interface for this voice-traffic (basically from where this traffic would be initiated)??

-Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to varrao

‎07-19-2011 09:46 AM

Well since the traffic goes to an external SIP provider when outbound calls are made the inside interface will be ingress, and outside will be egress, but incoming calls will be the reverse.

0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to networker99

‎07-19-2011 10:03 AM

Also do I need to police the regular traffic to stop it choking the voice traffic, or will the transmit ring configuration take care of this?

0 Helpful

Go to solution
varrao
Level 10
Level 10
In response to networker99

‎07-19-2011 10:07 AM

Yes, the config looks good to me as per requirement, you can try it and verify whether it is working or not.

-Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card