I'm soon to start to configure a QoS policy for ASR1001 routers that act as CE devices.
The access circuit is 1G, limited by the SP to 300Mbps. Within that 300Mbps I will have 4 classes of traffic, each one sourced from a different VRF.
Within those 4 classes, I need to furthur sub-divide the QoS policy.
As I have no kit to play with yet I've had a read through the appropriate sections in the Cisco press book End-to-End QoS network design, which suggests these routers support 3 levels of hierarchy., but there are no examples, and no shaping based configurations. The Cisco ASR1000 QoS guides only talk about two level policing.
What is the best way to approach this policy, my thought is as follows:
Outer policy, shape all traffic to 300Mbps, as the SP drops anything above that.
Inner policy shape traffic from each vrf (based on source address) to the appropriate value for the sub-interface that acts as a transit for the particular VRF
Inner sub-policy, prioritise voice traffic, and provide bandwidth guarantees via shaping for 2 or 3 traffic sub-classes.
As far as I understand this is 3 layers of hierarchy, Is this feasible with the ASR1001? It will be running latest code with IP base licencies
Your approach is fine and I believe it is feasible. However, performance and scaling would be dependent on the ESP.
Below are some documents to help and configuration guides for reference -
Now I have the routers and having trouble setting up the QoS policy. The ASR will be a CE with a dot.1q trunk supporting multiple sub-interfaces, one for each VRF/VPN.
The SP allows 300Mbps on a 1 Gig link to support all VPN's. Each VPN is allowed 40Mbps towards the SP.
The default VPN requires 40mbps bandwidth with 2Mbps prioritsed for voice, so initially I configured this with a shaper and a priority class for the voice traffic, and applied this to the untagged interface, without any problem.
I then configured g0/0/0/.102, and tried to apply a shaper to that interface as it also requires 40Mbps for the associated VRF.
This isn't allowed.
So I tried the same approach with policers instead of shapers, same still not allowed.
How do I approach this:
G0/0/0 with shaper/policer setting outer to 300Mbps, then two sub-classes, one with 40Mbps and the other to prioritise voice with 2Mbps.
G0/0/0.100 with shaper/policer setting this to 40Mbps.
The documents don't described this in enough detail. Does the router regard g0/0/0 and g0/0/0.100 as seperate interfaces, each having a qos policy, that is how I'm trying to get this to work.
Or, should I define an ACL for each VPN, apply shaping or policing to each class and apply the service-policy to the main interface?