I have 4 sites that are connected to each other over WAN links. The interface speeds are 100 Mbps, but the Wan link is only 20 Mbps. The sites do not have ip phones, but they are getting one Avaya control unit at each site. These control units will communicate to the units at each other site. I want to implement Qos to prioritize the voice traffic between these units. I have Cisco 3945 Routers at each location. Can you show me a sample of what I need to configure?
You need to use Hierarchical QoS. This is a common policy I use:
class-map match-any cm-qos-voice
match ip dscp ef
class-map match-any cm-qos-scavenger
match ip dscp cs1
class-map match-any cm-qos-critical-data
match ip dscp cs6
match ip dscp af21 af22
match ip dscp cs2
class-map match-any cm-qos-call-signalling
match ip dscp cs3
match ip dscp af31
priority percent 33
bandwidth percent 5
bandwidth percent 36
bandwidth percent 1
bandwidth percent 25
queue-limit 1024 packets
shape average 20000000
interface Gigabit ...
service-policy output pm-WAN
Thank you for the example.
Would the traffic from my Avaya control unit probably already be tagged with a dscp value? If so, is this something I need to tell my router to trust, and if not is it something I would need to match the traffic type to a dscp value?
That is what I would expect. Ask them to mark it. If they don't or can't mark it - then you mark it as it enters your switch/router.
If the Avaya Control Unit isn't marking the traffic you could use an ACL to match packets based on the source IP address, port number or both. Anything matching you could then put into a priority queue. So you could do something like this:
access-list Avaya permit x.x.x.x y.y.y.y
class-map match-any Avaya
match access-group Avaya
priority percent <maximum guarenteed bandwidth>
Could you better explain the WAN topology?
As Philip has already noted, you'll likely need to shape traffic. However, without a better understanding of your topology, unable to say exactly how shaping should be used.
Also BTW, a provider's rate limit is often a L2 limit, but I believe most Cisco shapers only count L3 bandwidth. It that's true on your platform, you'll need to allow for L2 bandwidth overhead. I've found setting a L3 shaper about 15% slower, usually works well.
As to your later question about how the Avaya marks traffic, that's may be a configuration option on the Avaya. You'll need to consult the Avaya documentation and/or its configuration settings. (If you note the specific device, someone might know.)
Your L2 network is multipoint? I.e. all the WAN interfaces are on the same network?
What's the expected traffic volume between all the sites?
Yes the L2 network is multipoint with all WAN interfaces on the same network. All of these sites are L2 to the provider which gets handed off to my POP at L2 to be filtered and firewalled before they hit the internet. A couple of the sites max out their bandwidth limit from the provider during peak hours. I attached a picture of the bandwidth utilization of the busiest site.
If I have the bandwidth statement set to 20Mbps on the interface will Qos start working when I reach this metric or will it only work if I police or shape to 20 Mbps? The interface speed is 100 Mbps.
For QoS to "trigger", it needs to "see" congestion. On an interface where there's a CIR or other side with less bandwidth than the physical egress interface, yes, you need a shaper.
Ok, with multipoint, to be most effective you need to shape all your sites such that their aggregate is not more than any one site can accept. For example, if you have 5 sites, each with 20 Mbps egress CIRs, you might shape each of the other 4 potential sending sites to 5 Mbps, when sending traffic to this site.
The forgoing assumes your MetroE provider enforces a CIR to the site, if they only enforce CIR from a site (often the case - but check with your provider), you can set each site to shape at 20 Mbps, and assuming each site has a physical 100 Mbps, you won't over run the receiving site (as max possible would only be 80 Mbps).
If you do need to shape for far side's egress bandwidth, you might also need to shape for local side's bandwidth two. Not all Cisco devices will support nested shapers. (If not, you could hairpin your egress traffic twice through the router, a Rube Goldberg solution, but it should be effective.)