cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7157
Views
19
Helpful
10
Replies

Configuring Hierarchical QoS on an ME 3600X?

bgfl-tech
Level 1
Level 1

Hi,

Before I ask my question a bit of context will probably help. We have a dark fibre service provider that offers 10 or 100Mb LES circuits but several customers that are enquiring about a intermediate service of between 20 and 50Mb. We have proposed to our SP the notion of managing the bandwidth of a native 100Mb LES circuit down to a defined limit ourselves (and providing evidence to the SP that we are doing so) in order to provide a lower cost alternative to an 100Mb circuit that not all customers need or can afford.

Our setup is a 6509-E/Sup720 in the PoP with the circuit patched into a 6748 blade at one end and a Catalyst switch at the other (3550/3560/3750 depending on the site).

We appreciate that any traffic limiting on the Catalyst blades or switches will be a hard drop, i.e. once any CIR limit is reached packets will be dropped indiscriminately meaning RTP (VoIP) traffic is just as likely to be dropped as anything else. We'd prefer to keep the PoP infrastructure and architecture intact, i.e. keep the 6748 blades in the 6509 chassis, meaning we've been looking for a possible replacement CPE device which is where the 3600X comes in (on the recommendation of our Cisco SE).

We're hoping that the H-QoS available on a 3600X will allow us to limit both inbound and outbound traffic to a defined limit whilst also recognising QoS markings so that when the imposed bandwidth limit is reached high priority traffic (VoIP in this instance) takes precedence and it's the best efforts traffic that gets dropped.

Does anyone have any configuration examples (say using 20Mb as the limit and priotising VoIP traffic based on our existing QoS config below)? :-

class-map match-all Gold
  match access-group name Gold
class-map match-all Voice
  match access-group name Voice


policy-map Class
  class Voice
   set dscp ef
  class Gold
   set dscp af31


ip access-list extended Gold
remark Signalling for Cisco IPT assumed unmarked
permit tcp any any range 2000 2002
ip access-list extended Voice
remark Voice traffic for Cisco IPT assumed unmarked
permit udp any any range 16384 32767


*LES circuit WAN interface*

priority-queue out

mls qos trust dscp


*Switchport*

priority-queue out

service-policy input Class

Kind regards

Matthew (bgfl-tech)

1 Accepted Solution

Accepted Solutions

Mathew,

I understand,

Propabely your Cisco SE means (Traffic Policing), Yes, Traffic Policing can be applied inbound direction for both Ingress and egress INterfaces, if you want to limit traffic coming from the Core , it can be done.

However, What Imentioned earlier,, is that you CANNOT apply Queuing for Voice inbound direction, as Queuing can ONLY be applied Outbound direction.

for example:

You want to limit traffic coming from the Core to 20Mbps.

Inteface G0/1 (Interface connected to the Core)

service-policy input Policing

Policy-map Policing

class Policing

police cir 20000

class-map Policing

match access-group 10

access-list 10 permit any

Let me know if this answers your question,

Mohamed

View solution in original post

10 Replies 10

Mohamed Sobair
Level 7
Level 7

Hi,

Assuming there is no congestion on the Core , which eleminate the need of having end to end QoS design, So you only need to apply this on the ME3600 Access switches, below is an example based on your requirement:

class-map match-any voice

match ip dscp ef

match ip dscp af31

policy-map QoS

class class-default

shape average 20000000

class voice

priority-percent 40

Interface x

Bandwidth 20000

service-policy output QoS

HTH

Mohamed

Hi Mohamed,

Thank you for the reply. We also need to be able to be able to limited inbound traffic and it's my understanding that a ME3600X can have both an input and output service policy on the same interface.

I appreciate that an output service policy uses queuing and scheduling and an input service policy uses marking and policing - could you possible provide an example of the latter where best efforts traffic would be dropped before high priority VoIP traffic?

TIA

Matthew

Hi Mathew,

Yes, those Access Switches should support egress Queuing as well as Inbound Policy-map , This was part of the ME series Switches Architecture.

My previous example would suffice, however , below is another example to show you how to mark and apply queuing on this Switch:

Classification and Marking for VOICE: (You should classify and Mark as close to the Source as possible).

class-map match-any VOIP

match access-group name VOIP

match protocol sip

match protocol h323

Ip access-list extended VOIP

permit udp any any range 16384 23767

Policy-map marking

class VOIP

set dscp ef

Interface G1/0  (Ingress Interface , where the traffic comes)

service-policy input marking

Setting DSCP and Applying QoS Queuing for VOIP:

class-map match-any voice

match ip dscp ef

policy-map QoS

class class-default

shape average 20000000

class voice

priority-percent 40

Interface G1/1   (Egress Interface where traffic leaves the ME Switch to the Core)

Bandwidth 20000

service-policy output QoS

: With the above, you have shaped your overall bandwidth to 20Mbps outbound as well as reserved 40% of the 20Mbps. Here whenever there is congestion in the link (saturated with 20Mb full bandwidth), The Voip traffic reserves 5Mbps 40% and would always be dequeud first. leaving best effort traffic randomly according to FIFO queuing strategy which performs taild drop behaviour.

If you still needs to reserve and Gurantee more bandwidth for Voice, you can.

Let me know if you have any other inquiry,

Mohamed

Hi Mohamed,

Thank for for your continued advice. The 'priority-percent' command isn't available from the ME3600X CLI but the 'priority' command is giving a config that looks like this:-

!
class-map match-any VoIP_QoS
match ip dscp ef
match ip dscp af31
class-map match-all VoIP_RTP
match access-group name RTP
class-map match-all VoIP_SCCP
match access-group name SCCP
!
!
policy-map VoIP_QoS
class VoIP_QoS
    priority
class class-default
    shape average 20000000
policy-map VoIP_Classification
class VoIP_RTP
  set dscp ef
class VoIP_SCCP
  set dscp af31
!
!
interface GigabitEthernet0/1
description *** Uplink to core MPLS network limited to 20Mb ***
port-type nni
bandwidth 20000
service-policy output VoIP_QoS
!
...
!
interface GigabitEthernet0/24
description *** Downlink to local site network ***
port-type nni
service-policy input VoIP_Classification
!
ip access-list extended VoIP_RTP
remark Phone call bearer traffic for Cisco IPT assumed unmarked
permit udp any any range 24576 32767
ip access-list extended VoIP_SCCP
remark IP phone signalling traffic for Cisco IPT assumed unmarked
permit tcp any any eq 2000
permit tcp any any eq 2443
!

Currently across our Catalyst switch estate we classify at the edge (like the above) and trust DSCP in the core and also on the WAN uplink on the edge switch (using 'mls qos trust dscp') but there doesn't appear to be any 'mls qos' commands on the ME3600? Will the inbound QoS markings be trusted by default or do I also need to (re)classify the traffic as it comes in from the WAN as well as the downlink to the LAN (G0/24)?

Also, I can see from the config that we are shaping the outbound traffic whilst also priotising the VoIP traffic outbound but in terms of inbound traffic is it the 'bandwidth 20000' that is performing the limiting to 20Mb? When there is inbound congestion how does the switch know to prioritise VoIP or do I need another input policy on the WAN interface (G0/1) to configure this?

TIA

Matthew

Hi Mathew,

Currently across our Catalyst switch estate we classify at the edge (like the above) and trust DSCP in the core and also on the WAN uplink on the edge switch (using 'mls qos trust dscp') but there doesn't appear to be any 'mls qos' commands on the ME3600? Will the inbound QoS markings be trusted by default or do I also need to (re)classify the traffic as it comes in from the WAN as well as the downlink to the LAN (G0/24)?

No, you dont need to re-classify, you just need to match your DSCP marking. The DSCP value is trusted.

Also, I can see from the config that we are shaping the outbound traffic whilst also priotising the VoIP traffic outbound but in terms of inbound traffic is it the 'bandwidth 20000' that is performing the limiting to 20Mb? When there is inbound congestion how does the switch know to prioritise VoIP or do I need another input policy on the WAN interface (G0/1) to configure this?

Yes, the Bandwidth command doesnt imply the Physical operating speed of the interface, but ts used for Proper QoS calculation. This command allows Your Queuing (The configured Software Queue) to behave and understand that the bandwidth is ONLY 20MBps and its calcyulaton should be based on this value.

I am afraid that Queuing can ONLY be applied Outbound , and it cant be applied inbound diirection.

Normally, you can control traffic traversing your router upstream but you cant control traffic that comes inbound from the upstream, another point is that, the traffic are mostly initiated from the Edge to the Core upstream, and from the Core its mostly returend traffic which was already Priotrized by you earlier. So there is no need to perform any thing in the incoming traffic.

HTH

Mohamed

Hi Mohamed,

The reason I asked about inbound traffic management (policing?) is that we're looking at the ME3600X for a very specific purpose. To refer back to my original post the reason we're looking at the ME3600 is that we're looking at ways to limit both inbound and outbound traffic to the edge site using just the CPE device as we'd like to keep our existing core infrastructure intact.

Under normal circumstances we wouldn't limit traffic at all as the bandwidth available would just be whatever LES circuit had been provisioned (10/100/1000Mb) but our new requirement is to limit the traffic over a 100Mb circuit down to an agreed limit and to be able to demonstate the traffic usage to our fibre service provider both in and out of the site.

Our Cisco SE confirmed that any traffic limiting on the core side (a 6748 blade in a 6509-E chassis) would hard drop packets regardless of QoS markings once a set limit was reached and suggested the 3600X as a box capable of both inbound and outbound traffic management on the same interface.

The config I've got so far provides that outbound queuing and edge traffic classification but not the inbound policing elements which are just as important in this instance. I'm assuming (and hoping) that an inbound policing policy can be configured that would drop best-efforts traffic first under inbound congestion or is that wishful thinking?

thanks

Matthew

Mathew,

I understand,

Propabely your Cisco SE means (Traffic Policing), Yes, Traffic Policing can be applied inbound direction for both Ingress and egress INterfaces, if you want to limit traffic coming from the Core , it can be done.

However, What Imentioned earlier,, is that you CANNOT apply Queuing for Voice inbound direction, as Queuing can ONLY be applied Outbound direction.

for example:

You want to limit traffic coming from the Core to 20Mbps.

Inteface G0/1 (Interface connected to the Core)

service-policy input Policing

Policy-map Policing

class Policing

police cir 20000

class-map Policing

match access-group 10

access-list 10 permit any

Let me know if this answers your question,

Mohamed

Thank you Mohamed you've been really helpful, much appreciated.

Matthew

Hi guys,

I see that you work on ME3600X switches.

Please take a look at this thread.

https://supportforums.cisco.com/message/3469961#3469961

I really need some help. A netpro member is heloing but we still don't have a solution.

Dear Mohamed

I have this problem too. The switch 3600 unsupported command mls qos, so that, I can't run qos on switch 3600. Please help me solved this problem.

Thanks

Review Cisco Networking for a $25 gift card