02-15-2013 05:52 AM - edited 03-03-2019 06:58 AM
I am classifying traffic using NBAR and Access-lists, setting DSCP values, and then useing bandwidth percentages to reserve bandwidth for protected classes in times of high utilization.
I currently have this setup on my outside interface (connecting to PE) and have the service policy set on output (egress).
I have found that large data transfers of default-class traffic is still able to overwhelm the link and the resereved bandwidth percentages to not seem to be able to protect the data in those classes.
Question 1 - Is it common configuration to classify, mark, and set queing policies on the same interface? Or should I be classifying and marking on the ingress of the LAN interface and then apply the queing on the outside interafce egress?
Here is my current config. As you can see, I am classifying the traffic ussing access lists and NBAR, and then I am using the policy map on my outside (PE connnected) interface egress. For brevity, I have not included the contents of the access-lists. Does anyone see any issues with this config?
class-map match-all AF41
match access-group name Management
class-map match-all AF21
match access-group name Priority-Apps
class-map match-all AF31
match access-group name Critical-Apps
match protocol citrix
match protocol kerberos
match protocol ldap
policy-map SETDSCP-KABI-NA
class AF41
bandwidth percent 20
random-detect dscp-based
set ip dscp af41
class AF31
bandwidth percent 25
random-detect dscp-based
set ip dscp af31
class AF21
bandwidth percent 25
random-detect dscp-based
set ip dscp af21
class class-default
set ip dscp default
fair-queue
interface Multilink1
service-policy output SETDSCP-KABI-NA
Thanks in advance for your replies..
02-16-2013 07:55 AM
I think you're going to need to provide the acls and a sh policy-map command. Do you have nbar protocol discovery on the multilink interface?
Sent from Cisco Technical Support iPad App
02-18-2013 09:16 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Question 1 - Is it common configuration to classify, mark, and set queing policies on the same interface? Or should I be classifying and marking on the ingress of the LAN interface and then apply the queing on the outside interafce egress?
I don't know how common one technique is vs. the other, as QoS is still a bit uncommon, but if possible, I personally prefer doing everything in the egress policy.
Does anyone see any issues with this config?
I normally recommend against using RED unless you really understand the technology. I would especially question using RED and FQ in the same class, as you do in class AF21.
I currently have this setup on my outside interface (connecting to PE) and have the service policy set on output (egress).I have found that large data transfers of default-class traffic is still able to overwhelm the link and the resereved bandwidth percentages to not seem to be able to protect the data in those classes.
You describe connecting to a PE, so this is not a p2p link? If you're working across some kind of cloud technology, just setting QoS, even correctly, on the egress to cloud interface might be insufficient. Might you describe your WAN environment?
As you mention default-class traffic, but you didn't post a default-class, you're just using the implicit default settings for this class?
As you're using NBAR and FQ in a named class, I assume you're working with a software based router using post HQF QoS, but identification of the actual platform and IOS version being used, might also be helpful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide