cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

9658
Views
73
Helpful
45
Replies
Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

QUESTIONS:

I am now going to be adding Video.  We have Polycom HDX and VSX series codexs.  I am going to set them all for fixed ports.  I need to add more to my policy-map.

Would it be best that I create a new policy map then when I know it is complete and entered into the router then change the service-policy on the outgoing interface to the new one?  What is best practice?  Do you suggest identifying video traffic via the ip address of the codex?

It appears that today we are only giving VOIP any consideration.  I don’t understand why Voip control is in class C, shouldn’t that be in class B?

I also want Video to be in Class B.  should Voip control be in class C or B?  I would think it should be in B.

Our MPLS provider and our company agreed on the following –

Class A 35% of link speed

Class B 25%

Class C 15%

Default 25%

As can be seen in the policy map today we only use 1000kbps for Class A

Nothing is going into class B today unless not specifically marked.

Class C is 10% Bandwidth (hey I guess I have 5% remaining always in this class if need be)

TODAY

class-map match-any VOIP-Media

match ip rtp 16383 16383

match ip dscp ef

class-map match-any VOIP-Control

match ip dscp af31

match ip precedence 3

match access-group 150

!

!

policy-map QoS-WAN

class VOIP-Media

    priority 1000

class VOIP-Control

  set precedence 5

    bandwidth percent 10

class class-default

    fair-queue

MP_MPLS_1#sho access-lists 150

Extended IP access list 150

    10 permit udp any eq 2427 any (6529104 matches)

    20 permit udp any any eq 2427 (626 matches)

    30 permit udp any eq 2428 any (149532 matches)

    40 permit tcp any any eq 2428 (506963 matches)

    50 permit tcp any any eq 2000 (578267 matches)

    60 permit udp any any tos 5

    70 permit tcp any any eq 2427 (522881 matches)

    80 permit tcp any eq 2427 any (203560 matches)

TOMORROW (FUTURE FOR VIDEO)

policy-map QoS-WAN2

class VOIP-Media

    priority 1000

class VIDEO

  set precedence 4

   bandwidth percent 25

class VIDEO-Audio

  set precedence 5

class VOIP-Control

  set precedence 5

    bandwidth percent 10

class VIDEO-Control

  set precedence 3

class class-default

    fair-queue

ip access-list 151 extended VIDEO-ACL

permit udp any any range 3230 3341

permit tcp any any range 3230 3243

class-map match-any VIDEO

match ip precedence 4

match access-group 151

class-map match-any VIDEO-Audio

match ip precedence 5

class-map match-any VIDEO-Control

match ip precedence 3

class-map match-any VOIP-Media

match ip rtp 16383 16383

match ip dscp ef

class-map match-any VOIP-Control

match ip dscp af31

match ip precedence 3

match access-group 150

Extended IP access list 150  (NO CHANGE EXCEPT MAYBE TO ELIMINATE THE TOS 5 AND PERHAPS TO GIVE THIS ACL A NAME INSTEAD OF A NUMBER)

    10 permit udp any eq 2427 any (6529104 matches)

    20 permit udp any any eq 2427 (626 matches)

    30 permit udp any eq 2428 any (149532 matches)

    40 permit tcp any any eq 2428 (506963 matches)

    50 permit tcp any any eq 2000 (578267 matches)

    60 permit udp any any tos 5

    70 permit tcp any any eq 2427 (522881 matches)

    80 permit tcp any eq 2427 any (203560 matches)

What is the best way to change a policy-map?  Add a new policy-map name

Also noticed output drops incrementing.  Yeah i can see having a hold-queue but isn't there a better way.  As normal we do oversubscribe but not all remote links are utilized 100%.

Headquarters (Call Manager site) 12288kbps

uksite1 2048kbps(Call manager site)

uksite2 2048kbps

argsite 2048kbps(Call manager site)

I have sites ranging from E1-T1-and lower for 22 locations,

Would I create class-maps for each site with a match access-group in which the acl will match the ip subnets matching that site then in the policy-map use some sort of shaper value?

Julie

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello Juile,

Class A traffic you can configure depending the bandwidth of the interface in use. Most of the ISR platform we can configure service-policy upto 75 percent of bandwidth.

If we need to stretch beyond 75 % you may want to configure max-reserved-bandwidth

Here is a document that talks about max-resverved bandwidth.

http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800fe2c1.shtml

The best way in the sense of having minimum impact to the network would be to configure new policy-map with the video in the order you would like

policy-map QoS-WAN2

class VOIP-Media

    priority 1000

class VIDEO

  set precedence 4

   bandwidth percent 25

class VIDEO-Audio

  set precedence 5

class VOIP-Control

  set precedence 5

    bandwidth percent 10

class VIDEO-Control

  set precedence 3

class class-default

    fair-queue

Then remove the service-policy form the serial interface

for example

interface s0/0/0

no service-policy out  QoS-WAN

service-policy out QoS-WAN2

!
exit

verify that the new service-policy is working as expected by executing show policy-map interface s0/0/0

then remove the old policy-map

no policy-map QoS-WAN

for the 22 sites with hub and spoke topology u would be needing to create a nested QoS policy with shaping.

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

hi Sarala,

I have nbar protocol-discovery running on routers.

I have noticed edonkey and winmx, which are not permitted (peer to peer file sharing etc.).

I would like to find out the users ip addresses doing this type of traffic.

How would I create my ACL to log those that match the protocol winmx or edonkey?

How do you change a policy-map by adding another class?  Would I have to delete and reenter everything?

Would I just add a whole new policy-map using the same class information from other but put my new class-map in where it needs to be?  Should the ACL be in my peer2peer class-map?

If this is not possible let me know.

class-map match-any peer2peer

match protocol winmx

match protocol edonkey

Thanks,

J

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

"show ip nbar port-map edonkey"

and get the port numbers used  for these applications.

you can create a access-list and match it under  the class-map for the  peer2peer traffic.

Also the match-protocol should work as well.

you can always create new class and match the traffic and add it under the policy-map.

Hope I answered your questions.

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello Sarala,

I am new to this forum. It is quite good to have a place like this!

I have got a question about counters which are QOS related.

I am recently looking at a possible network bandwidth issue. The bottleneck might be caused by a QOS Policer applied on a port of a Catalyse 6509 switch running CatOS. However, the two counters for the port on the switch are quite confusing.  I appreciate if you can help me on this?!

The suspected port is port 3/3 on who has a QOS Policer ACL N3010257R-ip-3_3-acl, which was associated with Policer N3010257R-3_3.  The counter ‘Bytes exceed excess rate’ is increasing when I executed the command ‘show qos statistics aggregate-policer N3010257R-3_3 each time. My understand is that this counter indicates there is burst traffic received by the port which has exceed the QoS policer bandwidth limit (in this case, the limit is avg 38912 kbps with burst size 368 kbits).

However, there is another counter rxHCOctets confusing me which seems indicate all traffic received on that port around the time (when Qos policer drop packet) didn’t exceed the rate limit (I compare the different value of the counter within a second ). The counter is rxHCOctets in the output t of command ‘sh counters 3/3’, it shows the received data rate is about 8Mbps .   I have the logs of the sh qos & sh counter command for a continues 15 minutes and keep seeing this inconsistence.

Was the switch QoS policer dropping packets? Why the rxHCOctets didn’t indicate it? Are you able to show me some lights here please? Thanks in advance!

Regards,

Ivan

Below are some logs for you reference. Thanks again.

> (enable) sh port qos 3/3

QoS is enabled for the switch.

QoS policy source for the switch set to local.

Port  Interface Type Interface Type Policy Source Policy Source

      config         runtime        config        runtime

----- -------------- -------------- ------------- -------------

3/3      port-based     port-based          COPS         local

Port  TxPort Type  RxPort Type  Trust Type   Trust Type    Def CoS Def CoS

                                config       runtime       config  runtime

----- ------------ ------------ ------------ ------------- ------- -------

3/3        1p3q8t         1q8t    untrusted    untrusted        0       0

Port  Ext-Trust Ext-Cos Trust-Device

----- --------- ------- ------------

3/3  untrusted       0         none

(*)Runtime trust type set to untrusted.

Config:

Port  ACL name                         Type

----- -------------------------------- ----

3/3  N3010257R-ip-3_3-acl             IP

      N3010257R-mac-3_3-acl            MAC

Runtime:

Port  ACL name                         Type

----- -------------------------------- ----

3/3  N3010257R-ip-3_3-acl             IP

      N3010257R-mac-3_3-acl            MAC

> (enable)  show qos acl info runtime N3010257R-ip-3_3-acl

set qos acl IP N3010257R-ip-3_3-acl

----------------------------------------------

1.       trust-dscp aggregate N3010257R-3_3 ip any any

> (enable) show qos policer runtime aggregate N3010257R-3_3

Warning: Runtime information may differ from user configured setting due to hardware granularity.

QoS aggregate policers:

Aggregate name                  Avg. rate (kbps) Burst size (kbits) Normal action

------------------------------- ---------------- ------------------ -------------

N3010257R-3_3                              38912             368 policed-dscp

                                Excess rate (kbps) Excess burst size (kbits) Excess action

                                ------------------ ------------------------- -------------

                                             38912                    368 drop

                                ACL attached

                                ------------------------------------

                                N3010257R-ip-3_3-acl           

                                N3010257R-mac-3_3-acl          

> (enable) show qos statistics aggregate-policer N3010257R-3_3

QoS aggregate-policer statistics:

Aggregate policer               Allowed byte   Bytes exceed

                                count          excess rate

------------------------------- -------------- --------------

N3010257R-3_3                     232729796979     7797620529

QoS aggregate-policer 5 minute rate statistics:

Aggregate policer               Allowed rate   Traffic exceeding

                                (kbps)         excess rate(kbps)

------------------------------- -------------- -----------------------

N3010257R-3_3                             6440                      28

> (enable)   show version

WS-C6509-E Software, Version NmpSW: 8.5(7)

Copyright (c) 1995-2006 by Cisco Systems

NMP S/W compiled on Oct 13 2006, 11:23:27

System Bootstrap Version: 8.1(3)

System Boot Image File is 'bootflash:BTSYNC_cat6000-sup720k8.8-5-7.bin'

System Configuration register is 0x10f

Hardware Version: 1.2  Model: WS-C6509-E  Serial #: SMG0938NE8P

PS1  Module: WS-CDC-2500W    Serial #: AZS093405XK

PS2  Module: WS-CDC-2500W   Serial #: AZS093405XN

> (enable) show time

Thu Apr 7 2011, 11:46:22 EST

> (enable) sh counters 3/3 | in rxHCOctets

8  rxHCOctets                         =        8032365501030

> (enable) show time

Thu Apr 7 2011, 11:46:23 EST

> (enable) sh counters 3/3 | in rxHCOctets

8  rxHCOctets                         =        8032365769474

> (enable) show time

Thu Apr 7 2011, 11:46:23 EST

> (enable) sh counters 3/3 | in rxHCOctets

8  rxHCOctets                         =        8032366034532

> (enable) show time

Thu Apr 7 2011, 11:46:23 EST

> (enable)

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello,

Please don't give point before answering questions :-)

This look’s like CAT-OS issue.  Please open a TAC case, it could be a bug.

Please not that there are no  Bugfixes   available as cat-os  is almost end-of-support.

Best regards

-Sarala

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

          Hi Sarala Akella

          If possible, I wanna you to explain the real diference between the commands "bandwidth remaining percent" and "bandwidth percent".

          And what option do you recommend in the following example

policy-map 1P7Q1T
class PRIORITY-QUEUE
    priority
class CONTROL-MGMT-QUEUE
    bandwidth remaining percent 10
class MULTIMEDIA-CONFERENCING-QUEUE
    bandwidth remaining percent 10
class MULTIMEDIA-STREAMING-QUEUE
    bandwidth remaining percent 10
class TRANSACTIONAL-DATA-QUEUE
    bandwidth remaining percent 10
    dbl
class BULK-DATA-QUEUE
    bandwidth remaining percent 4
    dbl
class SCAVENGER-QUEUE
    bandwidth remaining percent 1
class class-default
    bandwidth remaining percent 25
    dbl

Beginner

Bandwidth sharing via police exceed-action drop on Cisco Catalys

I’m the chairman of the wiring committee for a hundred-unit condominium, and not a Cisco expert.  (I’m reposting this from ServerFault.com.)  We have a trio of Cisco Catalyst 3550 switches, connected to an old Cisco 1417 router, connected to a DSL connection which we realize we need to upgrade.  Our consultants configured, but did not enable, policing on each switch, so that each owner gets a guaranteed amount of bandwidth; once I enabled it (with mls qos), this seemed to work as documented: 

    policy-map USER_INGRESS

     class ANY

        police 32000 8000 exceed-action drop

    policy-map USER_EGRESS

     class DSCP0

        police 96000 24000 exceed-action drop

But we were sold the switches on the basis that rationing would be more flexible when all the bandwidth wasn’t being used up, which this doesn’t seem to do.

Cisco IOS Quality of Service Solutions Command Reference 12.2 seems to suggest that set-dscp-transmit 0 might mark excess packets as best-effort, which I’d hoped would act sensibly at times of low usage.  But it looks like this isn’t supported on our switches; trying to enable it gives % Invalid input detected at '^' marker at the beginning of set-dscp-transmit.

I might be able to offer more than just reputation points for hand-holding on followup issues; I’ve got a budget for some consulting hours, and might get approval for ongoing consulting. 

References

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello,


I want to comment point's  are being awarded before the question is answered

anyways I will proceed towards answering the question.

bandwidth percent {value}

---Specifies bandwidth allocation as a percentage of the underlying link rate.

!

bandwidth remaining percent {value}

---Specifies bandwidth allocation as a percentage of the bandwidth that has not been allocated to other classes.

The bandwidth percentage command defines a behavior, which is a minimum bandwidth guarantee

"If excess bandwidth is available, the excess bandwidth is divided amongst the traffic classes in proportion to their configured bandwidths. If not all of the bandwidth is allocated, the remaining bandwidth is proportionally allocated among the classes, based on their configured bandwidth."

In the first example, policy-map foo guarantees 30 percent of the bandwidth to class bar and 60 percent of the bandwidth to class baz.

policy-map foo 
  class bar 
    bandwidth percent 30 
 class baz 
  bandwidth percent 60

If you apply this policy to a 1 Mbps link, it means that 300 kbps is guaranteed to class bar, and 600 kbps is guaranteed to class baz. Importantly, 100 kbps is leftover for class-default. If class-default does not need it, the unused 100 kbps is available for use by class bar and class baz. If both classes need the bandwidth, they share it in proportion to the configured rates. In this configuration, the sharing ratio is 30:60 or 1:2.

Whereas bandwidth remaining percent” will give maximum bandwidth guarantee for the class configured 1st in the policy-map.

So it depends on the network. Most customer’s prefer bandwidth percent.

Highlighted
Participant

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

When are Cisco going to make policy maps, class maps qos on 3560 work properly ?

This issue has been going on for years, even now the switch cant be trusted as the switch output under mls qos stats shows one thing and wire shark shows the truth. I did request this as an enhancement on cisco.com but have heard nuffin.

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Again we already have points assigned before the question is answered. Please note the grading is for answers not for questions ;-)

On switches mostly QoS is implemented in hardware.

Some stats cannot be seen in software by commands.

For enhancement request I would suggest to open a TAC case.

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello;

Please don't grade the questions. Points are being given  before answers.

Yes set-dscp-transmit is not available in some switches like on 3560:

please see the link below

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_35_se/configuration/guide/swqos.html.

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hi

I have two questions please. Any restrictions on using priority command? Also what are the causes of choppy voice?

Thanks,

Steve

1.     

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Good questions J

Here are  some of the things we need to keep in mind while configuring priority

•Layer 2 encapsulations are accounted for in the amount of bandwidth specified with the priority command. However, care must be taken to configure a bandwidth that has room for cell tax overhead and possible jitter introduced by the routers in the voice path.

•The priority command can be used for Voice over IP (VoIP) on serial links, Frame Relay links, and ATM PVCs.

•The priority command cannot be used in conjunction with other policy-map class configuration command, such as the random-detect, queue-limit, and bandwidth commands.

•The priority command can be configured in multiple classes, but it should only be used for voice-like, constant bit rate (CBR) traffic.

•Configuring the priority command in multiple classes provides the ability to police the priority classes individually.

choppy voice:

============

Choppy voice quality is caused by voice packets being either variably delayed or lost in the network.

When a voice packet is delayed in reaching its destination, the destination gateway has a loss of real-time information.

In this event, the destination gateway must predict what the content of the missed packet can possibly be.

The prediction leads to the received voice not having the same characteristics as the transmitted voice.

This leads to a received voice that sounds robotic.

If a voice packet is delayed beyond the prediction capability of a receiving gateway,

the gateway leaves the real-time gap empty. With nothing to fill up that gap at the receiving end,

part of the transmitted speech is lost.

This results in choppy voice. Many of the choppy voice issues are resolved by making sure that the voice packets are not very delayed

(and more than that, not variably delayed).

Sometimes, voice activity detection (VAD) adds front-end clipping to a voice conversation.

This is another cause of choppy (or clipped) voice

Beginner

Re: ASK THE EXPERTS - QoS with Cisco expert Sarala Akella

Hello Sarala,

I would like to understand how burst and ATM traffic shaping works.

Thank you Kristi.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here