06-29-2021 04:41 AM
I have 'had' a situation where I have a class configured with bandwidth remaining percent and a policer.
class INTERACT bandwidth remaining percent 9 random-detect dscp-based random-detect dscp 26 32 40 10 queue-limit 128 packets police cir percent 25 |
We discovered end users complaining of never getting to the full intended bandwidth.
Bandwidth was reduced a lot.
After removing the policer cir percent, the bandwidth became normal.
The interface where the policy is activated had:
bandwidth 5000
bandwidth qos-reference 5000
mtu 1442
I replayed this in my lab:
the results in the policy-map showed:
police: cir 25 % cir 1237500 bps, bc 38671 bytes |
This showed me that the cir was calculated on the bandwidth qos-reference and not on the bandwith percent.
So both are not related... I think.
Calculations gave me:
Bc = 38671 bytes = 309368 bits
CIR= 1237500 bps (is shown in the show police-map interface tu12 – class map INTERACT)
The Tc (time interval) = 309368/1237500)*1000= 250ms
Per second we have 4 time intervals => 4*Tc
1 second | |||
Tc1 | Tc2 | Tc3 | Tc4 |
27 packets | 27 packets | 27 packets | 27 packets |
108 packets/second |
The packet size is for the tunnel => ip mtu 1442 ‘bytes’ (11536 bits )
The number of packets that conform within each Tc = 27 packets (Bc: packet size in bits)
CIR = 108 * 11536 bits = 1 245 888 bits per second. ??MAXIMUM throughput??
Time interval at line rate:
Line rate is 5Mbps
(309368 is the Bc / interface speed ) * 1000 = (309368 / 5 000 000)*1000 = 68.8 ms
De Tc is 250 ms => The time needed to empty a bucket is 68.8 ms at line speed [5Mbps]? Correct?
The interpacket delay is => 181.2 ms
This means that during 181.2ms time period there is no data send. Because you have to wait until the bucket tokens are available again.
181.2ms * 4 (I have 4 time intervals in a second) = 724.8 ms -> 2/3 of the time there is nothing send.
So I think you lose 72 % of the line speed? (FOR THE CLASS INTERACT)
The intention is to have at least 360 kbps (bandwidth remaining percent 9) during congestion -> thus, 259 kbps is lost space ?
Calculation Correct?
Remarks:
So percentage based CIR policer has a to large inter packet delay? And is negative when you are using 'bandwidth remaining percent'. And is affecting the overall throughput for the applications inside the class...
The reason for this is that the policer in this situation drops all excess traffic for that class, and that the intended remaining bandwidth is useless...
Any confirmation and adding information would be helpful. Thank you in advance.
06-29-2021 06:45 AM - edited 06-29-2021 01:02 PM
Bandwidth reduced a lot with a policer - not so unusual. A common cause for this is policers dropping packets that a real interface, of the same "bandwidth", would queue. Increasing Tc/Bc often mitigates.
Class bandwidth statement percentages and police bandwidth percentages, within a policy class, I believe, are both based on what the policy believes the interface (physical or logical) provides. I.e. it shouldn't, I believe, matter to the policer percentage whether you use the remaining option or even whatever the class bandwidth allocation is.
As to the policer using a bandwidth QoS-reference, it's a newer QoS statement I'm unfamiliar with, but likely its purpose is to provide a bandwidth override for a QoS policy. This so the QoS bandwidth being used can be different. I.e. if you remove it, I suspect you'll find the "ordinary" bandwidth value will be used.
06-29-2021 10:37 PM
Yep, I noticed this as well, changing the values Tc/Bc explicitly increases the bandwidth usage.
I guess, the only reason I would think of is using the policer to have some kind of security build in.
The class would never be using the entire available bandwidth. Probably it would be a good solution to use this inside class default and inside the scavenger. All other classes I would set to 90% (calculated upon the remaining available bandwidth).
Thank you for the reply.
06-30-2021 09:08 AM
Well, one reason of using minimum bandwidth guarantees, for policy classes, it helps insure such a class cannot monopolize all the bandwidth. This being the usual case, generally it causes no harm to allow a class to be "uncapped", i.e. use all available, otherwise not being used, bandwidth.
Where limiting class bandwidth, can be needed, is when a class is prioritized such that when it "grabs" bandwidth it can do so at the expense of other lower priority classes. This is acceptable when all the priority traffic really needs the bandwidth, it's not acceptable when there are one or more flows in the high priority class that shouldn't be using that class. For example, all VoIP carrier traffic, in a priority class, is generally fine, but a FTP transfer, in such a class, is generally not so fine.
IMO, perhaps a very good general QoS policy might be:
policy-map Sample
class RealTime
priority percent 35
class HiPriority
bandwidth remaining percent 81
fair-queue
class LoPriority
bandwidth remaining percent 1
fair-queue
class class-default
bandwidth remaining percent 9
fair-queue
In the above, things like VoIP carrier traffic go into the RealTime class. Most all other traffic goes into class-default, where its FQ shares bandwidth, usually pretty well.
For known bulk traffic, perhaps like FTP transfers, it can be directed to the LoPriority class. As noted, FQ, would probably keep such flow(s) from being adverse to the other flows, but there are situations where it won't. One issue is FQ doesn't really allocated a queue for every flow, so a bulk flow FQ queue might be shared with other non-bulk traffic.
The HiPriority class should only have traffic directed to it that you really want to insure is a little more "equal" then other BE traffic. For example, you might direct VoIP control traffic to this class. If, somehow, some flow in this class starts to run "amok", FQ in this class will likely help "protect" other flows in this class. What can also help, as this class has a large bandwidth guarantee, if the device supports, setting a low value for its class flow queues. This will "target" the flow(s) filling the bandwidth for aggressive dropping.
Such an "amok" flow will be a bit hard on lessor priority flows. You can decrease the ratio of bandwidth guarantees between this class and the BE (i.e. class-default) class, to mitigate the impact, but then you decrease the dequeuing priority and increase drop probability for other flows in this class. What's actually best depends on your QoS needs.
BTW, I see you're using WRED. I generally recommend it not be used by other than QoS experts. It's much more difficult to "get right" then most of its cursory literature implies. I won't go into all the problems with WRED, but besides the many other variants, even Cisco has another variant, FRED, only available on one of its platforms.
06-30-2021 10:18 PM
07-01-2021 11:35 AM
Yea, that's one of the reasons for RED, i.e. early dropping can actually improve "goodput". I recall Dr. Floyd was also looking for something "lightweight" (to implement on a router) that worked "better" than a single (global) FIFO queue. RED can work, but again, it's surprisingly difficult to "get it right". Even Dr. Floyd had to quickly amend the original version of RED trying to improve how it works.
Some of the problems of REDs include it can drop packets that are not actually creating congestion (WRED, by "looking" at the ToS tag might mitigate this). Or, RED drops packets as they (average) queue up, but at these packets can be behind many others, in the same flow, it might take a while for the sender to "see" the drops, and continue to send even more data. Or, RED uses average queue depth, over time, so it's possible quite a queue can form (rapidly) before RED drops any, and conversely, a queue might drain quickly and RED will continue to drop packets. Since RED works with averages, in my experience it works best when the average queue depth slowly changes, such as possibly on a high bandwidth interface carrying many flows. With few flows, the averages changes rapidly, and with defaults like Cisco often uses, you can see RED still doing tail drops against the RED tail limit.
Then there's the situation, with some very modern TCP implementations, they closely monitor a flows packet timing and will note a jump in RTT. When they see that, they slow the transmission rate. Sort of a dynamic congestion detector without having to rely on dropping packets. I.e. if possible, for such newer TCP implementations, it can be better, if possible, to avoid dropping packets. Such TCP flows will slow themselves without the need to re-transmit a dropped packet.
06-29-2021 11:06 AM - edited 06-29-2021 11:10 AM
class INTERACT
bandwidth remaining percent 9
police cir percent 25
you have both bandwitdh and police inside same class, i prefer to have just one of them. one is a minimum (the first), the second is a cap.
bw remaingn percent:
Each traffic class gets a minimum bandwidth as a relative percentage of the remaining bandwidth. The remaining bandwidth is the bandwidth available after the priority queue, if present, is given its required bandwidth, and after any Resource Reservation Protocol (RSVP) flows are given their requested bandwidth.
police instated is a cap.
check command sintax and pick the better for your needs.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide