Hi Mohamed,

Thank you for the reply. We also need to be able to be able to limited inbound traffic and it's my understanding that a ME3600X can have both an input and output service policy on the same interface.

I appreciate that an output service policy uses queuing and scheduling and an input service policy uses marking and policing - could you possible provide an example of the latter where best efforts traffic would be dropped before high priority VoIP traffic?

TIA

Matthew

Hi Mathew,

Yes, those Access Switches should support egress Queuing as well as Inbound Policy-map , This was part of the ME series Switches Architecture.

My previous example would suffice, however , below is another example to show you how to mark and apply queuing on this Switch:

Classification and Marking for VOICE: (You should classify and Mark as close to the Source as possible).

class-map match-any VOIP

match access-group name VOIP

match protocol sip

match protocol h323

Ip access-list extended VOIP

permit udp any any range 16384 23767

Policy-map marking

class VOIP

set dscp ef

Interface G1/0  (Ingress Interface , where the traffic comes)

service-policy input marking

Setting DSCP and Applying QoS Queuing for VOIP:

class-map match-any voice

match ip dscp ef

policy-map QoS

class class-default

shape average 20000000

class voice

priority-percent 40

Interface G1/1   (Egress Interface where traffic leaves the ME Switch to the Core)

Bandwidth 20000

service-policy output QoS

: With the above, you have shaped your overall bandwidth to 20Mbps outbound as well as reserved 40% of the 20Mbps. Here whenever there is congestion in the link (saturated with 20Mb full bandwidth), The Voip traffic reserves 5Mbps 40% and would always be dequeud first. leaving best effort traffic randomly according to FIFO queuing strategy which performs taild drop behaviour.

If you still needs to reserve and Gurantee more bandwidth for Voice, you can.

Let me know if you have any other inquiry,

Mohamed

Hi Mohamed,

Thank for for your continued advice. The 'priority-percent' command isn't available from the ME3600X CLI but the 'priority' command is giving a config that looks like this:-

!
class-map match-any VoIP_QoS
match ip dscp ef
match ip dscp af31
class-map match-all VoIP_RTP
match access-group name RTP
class-map match-all VoIP_SCCP
match access-group name SCCP
!
!
policy-map VoIP_QoS
class VoIP_QoS
    priority
class class-default
    shape average 20000000
policy-map VoIP_Classification
class VoIP_RTP
  set dscp ef
class VoIP_SCCP
  set dscp af31
!
!
interface GigabitEthernet0/1
description *** Uplink to core MPLS network limited to 20Mb ***
port-type nni
bandwidth 20000
service-policy output VoIP_QoS
!
...
!
interface GigabitEthernet0/24
description *** Downlink to local site network ***
port-type nni
service-policy input VoIP_Classification
!
ip access-list extended VoIP_RTP
remark Phone call bearer traffic for Cisco IPT assumed unmarked
permit udp any any range 24576 32767
ip access-list extended VoIP_SCCP
remark IP phone signalling traffic for Cisco IPT assumed unmarked
permit tcp any any eq 2000
permit tcp any any eq 2443
!

Currently across our Catalyst switch estate we classify at the edge (like the above) and trust DSCP in the core and also on the WAN uplink on the edge switch (using 'mls qos trust dscp') but there doesn't appear to be any 'mls qos' commands on the ME3600? Will the inbound QoS markings be trusted by default or do I also need to (re)classify the traffic as it comes in from the WAN as well as the downlink to the LAN (G0/24)?

Also, I can see from the config that we are shaping the outbound traffic whilst also priotising the VoIP traffic outbound but in terms of inbound traffic is it the 'bandwidth 20000' that is performing the limiting to 20Mb? When there is inbound congestion how does the switch know to prioritise VoIP or do I need another input policy on the WAN interface (G0/1) to configure this?

TIA

Matthew

Hi Mathew,

Currently across our Catalyst switch estate we classify at the edge (like the above) and trust DSCP in the core and also on the WAN uplink on the edge switch (using 'mls qos trust dscp') but there doesn't appear to be any 'mls qos' commands on the ME3600? Will the inbound QoS markings be trusted by default or do I also need to (re)classify the traffic as it comes in from the WAN as well as the downlink to the LAN (G0/24)?

No, you dont need to re-classify, you just need to match your DSCP marking. The DSCP value is trusted.

Also, I can see from the config that we are shaping the outbound traffic whilst also priotising the VoIP traffic outbound but in terms of inbound traffic is it the 'bandwidth 20000' that is performing the limiting to 20Mb? When there is inbound congestion how does the switch know to prioritise VoIP or do I need another input policy on the WAN interface (G0/1) to configure this?

Yes, the Bandwidth command doesnt imply the Physical operating speed of the interface, but ts used for Proper QoS calculation. This command allows Your Queuing (The configured Software Queue) to behave and understand that the bandwidth is ONLY 20MBps and its calcyulaton should be based on this value.

I am afraid that Queuing can ONLY be applied Outbound , and it cant be applied inbound diirection.

Normally, you can control traffic traversing your router upstream but you cant control traffic that comes inbound from the upstream, another point is that, the traffic are mostly initiated from the Edge to the Core upstream, and from the Core its mostly returend traffic which was already Priotrized by you earlier. So there is no need to perform any thing in the incoming traffic.

HTH

Mohamed

Hi Mohamed,

The reason I asked about inbound traffic management (policing?) is that we're looking at the ME3600X for a very specific purpose. To refer back to my original post the reason we're looking at the ME3600 is that we're looking at ways to limit both inbound and outbound traffic to the edge site using just the CPE device as we'd like to keep our existing core infrastructure intact.

Under normal circumstances we wouldn't limit traffic at all as the bandwidth available would just be whatever LES circuit had been provisioned (10/100/1000Mb) but our new requirement is to limit the traffic over a 100Mb circuit down to an agreed limit and to be able to demonstate the traffic usage to our fibre service provider both in and out of the site.

Our Cisco SE confirmed that any traffic limiting on the core side (a 6748 blade in a 6509-E chassis) would hard drop packets regardless of QoS markings once a set limit was reached and suggested the 3600X as a box capable of both inbound and outbound traffic management on the same interface.

The config I've got so far provides that outbound queuing and edge traffic classification but not the inbound policing elements which are just as important in this instance. I'm assuming (and hoping) that an inbound policing policy can be configured that would drop best-efforts traffic first under inbound congestion or is that wishful thinking?

thanks

Matthew

Thank you Mohamed you've been really helpful, much appreciated.

Matthew

Hi guys,

I see that you work on ME3600X switches.

Please take a look at this thread.

https://supportforums.cisco.com/message/3469961#3469961

I really need some help. A netpro member is heloing but we still don't have a solution.