03-25-2011 11:06 AM - edited 03-04-2019 11:52 AM
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about configuration and troubleshooting Quality of Service on routers with Cisco expert Sarala Akella. Sarala is a customer support engineer at the Cisco Technical Assistance Center. She currently works in the WAN team where she focuses on various WAN related issues along with QoS issues on various interfaces. Sarala has been with Cisco for 11 years and has worked as a software engineer in the Network Software and Systems Technology Group. She holds a masters degree in computer engineering from Santa Clara University and a masters degree in mathematics from Osmania University, India.
Remember to use the rating system to let Sarala know if you have received an adequate response.
Sarala might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the WAN, Routing and Switching discussion forum shortly after the event. This event lasts through April 8, 2011. Visit this forum often to view responses to your questions and the questions of other community members.
04-05-2011 12:59 PM
QUESTIONS:
I am now going to be adding Video. We have Polycom HDX and VSX series codexs. I am going to set them all for fixed ports. I need to add more to my policy-map.
Would it be best that I create a new policy map then when I know it is complete and entered into the router then change the service-policy on the outgoing interface to the new one? What is best practice? Do you suggest identifying video traffic via the ip address of the codex?
It appears that today we are only giving VOIP any consideration. I don’t understand why Voip control is in class C, shouldn’t that be in class B?
I also want Video to be in Class B. should Voip control be in class C or B? I would think it should be in B.
Our MPLS provider and our company agreed on the following –
Class A 35% of link speed
Class B 25%
Class C 15%
Default 25%
As can be seen in the policy map today we only use 1000kbps for Class A
Nothing is going into class B today unless not specifically marked.
Class C is 10% Bandwidth (hey I guess I have 5% remaining always in this class if need be)
TODAY
class-map match-any VOIP-Media
match ip rtp 16383 16383
match ip dscp ef
class-map match-any VOIP-Control
match ip dscp af31
match ip precedence 3
match access-group 150
!
!
policy-map QoS-WAN
class VOIP-Media
priority 1000
class VOIP-Control
set precedence 5
bandwidth percent 10
class class-default
fair-queue
MP_MPLS_1#sho access-lists 150
Extended IP access list 150
10 permit udp any eq 2427 any (6529104 matches)
20 permit udp any any eq 2427 (626 matches)
30 permit udp any eq 2428 any (149532 matches)
40 permit tcp any any eq 2428 (506963 matches)
50 permit tcp any any eq 2000 (578267 matches)
60 permit udp any any tos 5
70 permit tcp any any eq 2427 (522881 matches)
80 permit tcp any eq 2427 any (203560 matches)
TOMORROW (FUTURE FOR VIDEO)
policy-map QoS-WAN2
class VOIP-Media
priority 1000
class VIDEO
set precedence 4
bandwidth percent 25
class VIDEO-Audio
set precedence 5
class VOIP-Control
set precedence 5
bandwidth percent 10
class VIDEO-Control
set precedence 3
class class-default
fair-queue
ip access-list 151 extended VIDEO-ACL
permit udp any any range 3230 3341
permit tcp any any range 3230 3243
class-map match-any VIDEO
match ip precedence 4
match access-group 151
class-map match-any VIDEO-Audio
match ip precedence 5
class-map match-any VIDEO-Control
match ip precedence 3
class-map match-any VOIP-Media
match ip rtp 16383 16383
match ip dscp ef
class-map match-any VOIP-Control
match ip dscp af31
match ip precedence 3
match access-group 150
Extended IP access list 150 (NO CHANGE EXCEPT MAYBE TO ELIMINATE THE TOS 5 AND PERHAPS TO GIVE THIS ACL A NAME INSTEAD OF A NUMBER)
10 permit udp any eq 2427 any (6529104 matches)
20 permit udp any any eq 2427 (626 matches)
30 permit udp any eq 2428 any (149532 matches)
40 permit tcp any any eq 2428 (506963 matches)
50 permit tcp any any eq 2000 (578267 matches)
60 permit udp any any tos 5
70 permit tcp any any eq 2427 (522881 matches)
80 permit tcp any eq 2427 any (203560 matches)
What is the best way to change a policy-map? Add a new policy-map name
Also noticed output drops incrementing. Yeah i can see having a hold-queue but isn't there a better way. As normal we do oversubscribe but not all remote links are utilized 100%.
Headquarters (Call Manager site) 12288kbps
uksite1 2048kbps(Call manager site)
uksite2 2048kbps
argsite 2048kbps(Call manager site)
I have sites ranging from E1-T1-and lower for 22 locations,
Would I create class-maps for each site with a match access-group in which the acl will match the ip subnets matching that site then in the policy-map use some sort of shaper value?
Julie
04-07-2011 04:16 PM
Hello Juile,
Class A traffic you can configure depending the bandwidth of the interface in use. Most of the ISR platform we can configure service-policy upto 75 percent of bandwidth.
If we need to stretch beyond 75 % you may want to configure max-reserved-bandwidth
Here is a document that talks about max-resverved bandwidth.
http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800fe2c1.shtml
The best way in the sense of having minimum impact to the network would be to configure new policy-map with the video in the order you would like
policy-map QoS-WAN2
class VOIP-Media
priority 1000
class VIDEO
set precedence 4
bandwidth percent 25
class VIDEO-Audio
set precedence 5
class VOIP-Control
set precedence 5
bandwidth percent 10
class VIDEO-Control
set precedence 3
class class-default
fair-queue
Then remove the service-policy form the serial interface
for example
interface s0/0/0
no service-policy out QoS-WAN
service-policy out QoS-WAN2
!
exit
verify that the new service-policy is working as expected by executing show policy-map interface s0/0/0
then remove the old policy-map
no policy-map QoS-WAN
for the 22 sites with hub and spoke topology u would be needing to create a nested QoS policy with shaping.
04-05-2011 03:03 PM
hi Sarala,
I have nbar protocol-discovery running on routers.
I have noticed edonkey and winmx, which are not permitted (peer to peer file sharing etc.).
I would like to find out the users ip addresses doing this type of traffic.
How would I create my ACL to log those that match the protocol winmx or edonkey?
How do you change a policy-map by adding another class? Would I have to delete and reenter everything?
Would I just add a whole new policy-map using the same class information from other but put my new class-map in where it needs to be? Should the ACL be in my peer2peer class-map?
If this is not possible let me know.
class-map match-any peer2peer
match protocol winmx
match protocol edonkey
Thanks,
J
04-06-2011 05:20 PM
"show ip nbar port-map edonkey"
and get the port numbers used for these applications.
you can create a access-list and match it under the class-map for the peer2peer traffic.
Also the match-protocol should work as well.
you can always create new class and match the traffic and add it under the policy-map.
Hope I answered your questions.
04-06-2011 09:35 PM
Hello Sarala,
I am new to this forum. It is quite good to have a place like this!
I have got a question about counters which are QOS related.
I am recently looking at a possible network bandwidth issue. The bottleneck might be caused by a QOS Policer applied on a port of a Catalyse 6509 switch running CatOS. However, the two counters for the port on the switch are quite confusing. I appreciate if you can help me on this?!
The suspected port is port 3/3 on who has a QOS Policer ACL N3010257R-ip-3_3-acl, which was associated with Policer N3010257R-3_3. The counter ‘Bytes exceed excess rate’ is increasing when I executed the command ‘show qos statistics aggregate-policer N3010257R-3_3’ each time. My understand is that this counter indicates there is burst traffic received by the port which has exceed the QoS policer bandwidth limit (in this case, the limit is avg 38912 kbps with burst size 368 kbits).
However, there is another counter rxHCOctets confusing me which seems indicate all traffic received on that port around the time (when Qos policer drop packet) didn’t exceed the rate limit (I compare the different value of the counter within a second ). The counter is rxHCOctets in the output t of command ‘sh counters 3/3’, it shows the received data rate is about 8Mbps . I have the logs of the sh qos & sh counter command for a continues 15 minutes and keep seeing this inconsistence.
Was the switch QoS policer dropping packets? Why the rxHCOctets didn’t indicate it? Are you able to show me some lights here please? Thanks in advance!
Regards,
Ivan
Below are some logs for you reference. Thanks again.
> (enable) sh port qos 3/3
QoS is enabled for the switch.
QoS policy source for the switch set to local.
Port Interface Type Interface Type Policy Source Policy Source
config runtime config runtime
----- -------------- -------------- ------------- -------------
3/3 port-based port-based COPS local
Port TxPort Type RxPort Type Trust Type Trust Type Def CoS Def CoS
config runtime config runtime
----- ------------ ------------ ------------ ------------- ------- -------
3/3 1p3q8t 1q8t untrusted untrusted 0 0
Port Ext-Trust Ext-Cos Trust-Device
----- --------- ------- ------------
3/3 untrusted 0 none
(*)Runtime trust type set to untrusted.
Config:
Port ACL name Type
----- -------------------------------- ----
3/3 N3010257R-ip-3_3-acl IP
N3010257R-mac-3_3-acl MAC
Runtime:
Port ACL name Type
----- -------------------------------- ----
3/3 N3010257R-ip-3_3-acl IP
N3010257R-mac-3_3-acl MAC
> (enable) show qos acl info runtime N3010257R-ip-3_3-acl
set qos acl IP N3010257R-ip-3_3-acl
----------------------------------------------
1. trust-dscp aggregate N3010257R-3_3 ip any any
> (enable) show qos policer runtime aggregate N3010257R-3_3
Warning: Runtime information may differ from user configured setting due to hardware granularity.
QoS aggregate policers:
Aggregate name Avg. rate (kbps) Burst size (kbits) Normal action
------------------------------- ---------------- ------------------ -------------
N3010257R-3_3 38912 368 policed-dscp
Excess rate (kbps) Excess burst size (kbits) Excess action
------------------ ------------------------- -------------
38912 368 drop
ACL attached
------------------------------------
N3010257R-ip-3_3-acl
N3010257R-mac-3_3-acl
> (enable) show qos statistics aggregate-policer N3010257R-3_3
QoS aggregate-policer statistics:
Aggregate policer Allowed byte Bytes exceed
count excess rate
------------------------------- -------------- --------------
N3010257R-3_3 232729796979 7797620529
QoS aggregate-policer 5 minute rate statistics:
Aggregate policer Allowed rate Traffic exceeding
(kbps) excess rate(kbps)
------------------------------- -------------- -----------------------
N3010257R-3_3 6440 28
> (enable) show version
WS-C6509-E Software, Version NmpSW: 8.5(7)
Copyright (c) 1995-2006 by Cisco Systems
NMP S/W compiled on Oct 13 2006, 11:23:27
System Bootstrap Version: 8.1(3)
System Boot Image File is 'bootflash:BTSYNC_cat6000-sup720k8.8-5-7.bin'
System Configuration register is 0x10f
Hardware Version: 1.2 Model: WS-C6509-E Serial #: SMG0938NE8P
PS1 Module: WS-CDC-2500W Serial #: AZS093405XK
PS2 Module: WS-CDC-2500W Serial #: AZS093405XN
> (enable) show time
Thu Apr 7 2011, 11:46:22 EST
> (enable) sh counters 3/3 | in rxHCOctets
8 rxHCOctets = 8032365501030
> (enable) show time
Thu Apr 7 2011, 11:46:23 EST
> (enable) sh counters 3/3 | in rxHCOctets
8 rxHCOctets = 8032365769474
> (enable) show time
Thu Apr 7 2011, 11:46:23 EST
> (enable) sh counters 3/3 | in rxHCOctets
8 rxHCOctets = 8032366034532
> (enable) show time
Thu Apr 7 2011, 11:46:23 EST
> (enable)
04-08-2011 03:07 PM
Hello,
Please don't give point before answering questions :-)
This look’s like CAT-OS issue. Please open a TAC case, it could be a bug.
Please not that there are no Bugfixes available as cat-os is almost end-of-support.
Best regards
-Sarala
04-07-2011 06:40 AM
Hi Sarala Akella
If possible, I wanna you to explain the real diference between the commands "bandwidth remaining percent" and "bandwidth percent".
And what option do you recommend in the following example
policy-map 1P7Q1T
class PRIORITY-QUEUE
priority
class CONTROL-MGMT-QUEUE
bandwidth remaining percent 10
class MULTIMEDIA-CONFERENCING-QUEUE
bandwidth remaining percent 10
class MULTIMEDIA-STREAMING-QUEUE
bandwidth remaining percent 10
class TRANSACTIONAL-DATA-QUEUE
bandwidth remaining percent 10
dbl
class BULK-DATA-QUEUE
bandwidth remaining percent 4
dbl
class SCAVENGER-QUEUE
bandwidth remaining percent 1
class class-default
bandwidth remaining percent 25
dbl
04-07-2011 09:42 AM
I’m the chairman of the wiring committee for a hundred-unit condominium, and not a Cisco expert. (I’m reposting this from ServerFault.com.) We have a trio of Cisco Catalyst 3550 switches, connected to an old Cisco 1417 router, connected to a DSL connection which we realize we need to upgrade. Our consultants configured, but did not enable, policing on each switch, so that each owner gets a guaranteed amount of bandwidth; once I enabled it (with mls qos), this seemed to work as documented:
policy-map USER_INGRESS
class ANY
police 32000 8000 exceed-action drop
policy-map USER_EGRESS
class DSCP0
police 96000 24000 exceed-action drop
But we were sold the switches on the basis that rationing would be more flexible when all the bandwidth wasn’t being used up, which this doesn’t seem to do.
Cisco IOS Quality of Service Solutions Command Reference 12.2 seems to suggest that set-dscp-transmit 0 might mark excess packets as best-effort, which I’d hoped would act sensibly at times of low usage. But it looks like this isn’t supported on our switches; trying to enable it gives % Invalid input detected at '^' marker at the beginning of set-dscp-transmit.
I might be able to offer more than just reputation points for hand-holding on followup issues; I’ve got a budget for some consulting hours, and might get approval for ongoing consulting.
04-07-2011 05:10 PM
Hello,
I want to comment point's are being awarded before the question is answered
anyways I will proceed towards answering the question.
bandwidth percent {value}
---Specifies bandwidth allocation as a percentage of the underlying link rate.
!
bandwidth remaining percent {value}
---Specifies bandwidth allocation as a percentage of the bandwidth that has not been allocated to other classes.
The bandwidth percentage command defines a behavior, which is a minimum bandwidth guarantee
"If excess bandwidth is available, the excess bandwidth is divided amongst the traffic classes in proportion to their configured bandwidths. If not all of the bandwidth is allocated, the remaining bandwidth is proportionally allocated among the classes, based on their configured bandwidth."
In the first example, policy-map foo guarantees 30 percent of the bandwidth to class bar and 60 percent of the bandwidth to class baz.
policy-map foo
class bar
bandwidth percent 30
class baz
bandwidth percent 60
If you apply this policy to a 1 Mbps link, it means that 300 kbps is guaranteed to class bar, and 600 kbps is guaranteed to class baz. Importantly, 100 kbps is leftover for class-default. If class-default does not need it, the unused 100 kbps is available for use by class bar and class baz. If both classes need the bandwidth, they share it in proportion to the configured rates. In this configuration, the sharing ratio is 30:60 or 1:2.
Whereas “bandwidth remaining percent” will give maximum bandwidth guarantee for the class configured 1st in the policy-map.
So it depends on the network. Most customer’s prefer bandwidth percent.
04-07-2011 09:45 PM
When are Cisco going to make policy maps, class maps qos on 3560 work properly ?
This issue has been going on for years, even now the switch cant be trusted as the switch output under mls qos stats shows one thing and wire shark shows the truth. I did request this as an enhancement on cisco.com but have heard nuffin.
04-08-2011 03:18 PM
Again we already have points assigned before the question is answered. Please note the grading is for answers not for questions ;-)
On switches mostly QoS is implemented in hardware.
Some stats cannot be seen in software by commands.
For enhancement request I would suggest to open a TAC case.
04-08-2011 03:24 PM
Hello;
Please don't grade the questions. Points are being given before answers.
Yes set-dscp-transmit is not available in some switches like on 3560:
please see the link below
04-08-2011 10:18 AM
Hi
I have two questions please. Any restrictions on using priority command? Also what are the causes of choppy voice?
Thanks,
Steve
1.
04-08-2011 03:10 PM
Good questions J
Here are some of the things we need to keep in mind while configuring priority
•Layer 2 encapsulations are accounted for in the amount of bandwidth specified with the priority command. However, care must be taken to configure a bandwidth that has room for cell tax overhead and possible jitter introduced by the routers in the voice path.
•The priority command can be used for Voice over IP (VoIP) on serial links, Frame Relay links, and ATM PVCs.
•The priority command cannot be used in conjunction with other policy-map class configuration command, such as the random-detect, queue-limit, and bandwidth commands.
•The priority command can be configured in multiple classes, but it should only be used for voice-like, constant bit rate (CBR) traffic.
•Configuring the priority command in multiple classes provides the ability to police the priority classes individually.
choppy voice:
============
Choppy voice quality is caused by voice packets being either variably delayed or lost in the network.
When a voice packet is delayed in reaching its destination, the destination gateway has a loss of real-time information.
In this event, the destination gateway must predict what the content of the missed packet can possibly be.
The prediction leads to the received voice not having the same characteristics as the transmitted voice.
This leads to a received voice that sounds robotic.
If a voice packet is delayed beyond the prediction capability of a receiving gateway,
the gateway leaves the real-time gap empty. With nothing to fill up that gap at the receiving end,
part of the transmitted speech is lost.
This results in choppy voice. Many of the choppy voice issues are resolved by making sure that the voice packets are not very delayed
(and more than that, not variably delayed).
Sometimes, voice activity detection (VAD) adds front-end clipping to a voice conversation.
This is another cause of choppy (or clipped) voice
04-08-2011 10:22 AM
Hello Sarala,
I would like to understand how burst and ATM traffic shaping works.
Thank you Kristi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide