cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4056
Views
0
Helpful
13
Replies

Configuring QOS between 2800 and 1800 series routers

Dan Loring
Level 1
Level 1

We have an MPLS network to a half dozen remote sites.  At our main location we have a 2800 series router.  In the routers config are the following lines for QOS.  When I go to the routers on the other end of the MPLS, none of them are configured with these same policies.  Would these not be in the running config of the 1800 series routers, or is this not setup correct and this should be removed????

class-map match-any af41

match access-group name QOS_AF41

class-map match-any ef

!

!

policy-map 25_74

class ef

  bandwidth percent 25

  set ip dscp ef

class af41

  bandwidth percent 74

  set ip dscp af41

class class-default

  fair-queue

  set ip dscp default

!

!

!

!

ip access-list extended QOS_AF41

permit ip any host 192.10.10.7

permit ip any host 192.10.10.8

permit tcp any eq 3389 any !

1 Accepted Solution

Accepted Solutions

Per the output you posted on show interfaces:

Serial0/0/1:1 is up, line protocol is up

Queueing strategy: fifo

This is your default Queueing strategy. Your class class-default has a different Queuing strategy which is fair-queuing.

Fair-queuing provides the dynamic creation of queues according to the weight of the flow. You can accomplish the same

benefit by typing fair-queue under the physical interface w/o the need for the policy-map.

Please refer to the documentation:

http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1098249

As for the ACL, the direction is wrong. You have the service-policy in the egress direction while the ACL is matching on 10.10.10.7 and 10.10.10.8 as being the destination hosts. They are located in the LAN which is the opposite direction.

If you want to apply AF41 to those hosts, the correct ACL is:

permit ip host 10.10.10.7 any

permit ip host 10.10.10.8 any

Regards,

Edison

View solution in original post

13 Replies 13

Edison Ortiz
Hall of Fame
Hall of Fame

Your 2800s are performing some kind of QoS on egress according to this config and if your 1800s do not have any QoS config, the return traffic won't have Quality of Service.

With that said, the config posted above is not completed as your EF class isn't matching anything.

Within your policy-map, it is Best Practice to assign Priority Queuing to EF while you are assigning CBWFQ.

You are also not leaving much for class class-default - I recommend the following percentages (these % can change depending upon your application needs).

PQ = 25 to 30%

AF41 = 30 to 50%

Class Class-Default = Remaining left which can range from 20 to 55%

Additionally, do you have the policy-map applied to the interface? If so, on which direction (in | out) ?

If I do a show Interfaces I get the following As you can see there are 3 T1's bundled into a multilink.  I do not see any policy-map applied here.  Does that mean that it is not active, or am I looking in the wrong place.  Also if it is not applied does that mean it is doing nothing and can be removed??

Thanks,

Dan

Serial0/0/0:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#1

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 24/255, rxload 19/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:06, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 118000 bits/sec, 65 packets/sec

  5 minute output rate 145000 bits/sec, 51 packets/sec

     342342477 packets input, 3395420271 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     24 input errors, 24 CRC, 9 frame, 3 overrun, 0 ignored, 14 abort

     156601448 packets output, 4043011296 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

  Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags

Serial0/0/1:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#2

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 23/255, rxload 17/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:09, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 93000 bits/sec, 61 packets/sec

  5 minute output rate 141000 bits/sec, 50 packets/sec

     342325892 packets input, 3387586256 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     124 input errors, 124 CRC, 62 frame, 33 overrun, 0 ignored, 89 abort

     156587617 packets output, 4041178186 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     2 carrier transitions

  Timeslot(s) Used:1-24, SCC: 1, Transmitter delay is 0 flags

Serial0/1/0:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#3

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 22/255, rxload 15/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:02, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 92000 bits/sec, 60 packets/sec

  5 minute output rate 132000 bits/sec, 51 packets/sec

     342325450 packets input, 3391181659 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     16 input errors, 16 CRC, 7 frame, 6 overrun, 0 ignored, 10 abort

     156577604 packets output, 4039635250 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

  Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags

Multilink8 is up, line protocol is up

  Hardware is multilink group interface

  Description: Multilink to Paetec

  Internet address is 63.138.89.26/30

  MTU 1500 bytes, BW 4608 Kbit/sec, DLY 100000 usec,

     reliability 255/255, txload 23/255, rxload 16/255

  Encapsulation PPP, LCP Open, multilink Open

  Open: IPCP, loopback not set

  Keepalive set (10 sec)

  DTR is pulsed for 2 seconds on reset

  Last input 00:00:24, output never, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 115908

  Queueing strategy: Class-based queueing

  Output queue: 0/1000/64/115908 (size/max total/threshold/drops)

     Conversations  0/84/256 (active/max active/max total)

     Reserved Conversations 2/2 (allocated/max allocated)

     Available Bandwidth 47 kilobits/sec

  5 minute input rate 280000 bits/sec, 164 packets/sec

  5 minute output rate 431000 bits/sec, 167 packets/sec

     551397415 packets input, 3040545258 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     68 input errors, 0 CRC, 7 frame, 0 overrun, 0 ignored, 7 abort

     467009166 packets output, 3492913920 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

Serial0/0/0:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#1

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 24/255, rxload 19/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:06, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 118000 bits/sec, 65 packets/sec

  5 minute output rate 145000 bits/sec, 51 packets/sec

     342342477 packets input, 3395420271 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     24 input errors, 24 CRC, 9 frame, 3 overrun, 0 ignored, 14 abort

     156601448 packets output, 4043011296 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

  Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags

Serial0/0/1:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#2

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 23/255, rxload 17/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:09, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 93000 bits/sec, 61 packets/sec

  5 minute output rate 141000 bits/sec, 50 packets/sec

     342325892 packets input, 3387586256 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     124 input errors, 124 CRC, 62 frame, 33 overrun, 0 ignored, 89 abort

     156587617 packets output, 4041178186 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     2 carrier transitions

  Timeslot(s) Used:1-24, SCC: 1, Transmitter delay is 0 flags

Serial0/1/0:1 is up, line protocol is up

  Hardware is GT96K Serial

  Description: Connected to Circuit#3

  MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,

     reliability 255/255, txload 22/255, rxload 15/255

  Encapsulation PPP, LCP Open, multilink Open

  Link is a member of Multilink bundle Multilink8, loopback not set

  Keepalive set (10 sec)

  Last input 00:00:00, output 00:00:02, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 92000 bits/sec, 60 packets/sec

  5 minute output rate 132000 bits/sec, 51 packets/sec

     342325450 packets input, 3391181659 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     16 input errors, 16 CRC, 7 frame, 6 overrun, 0 ignored, 10 abort

     156577604 packets output, 4039635250 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

  Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags

Multilink8 is up, line protocol is up

  Hardware is multilink group interface

  Description: Multilink to Paetec

  Internet address is 63.138.89.26/30

  MTU 1500 bytes, BW 4608 Kbit/sec, DLY 100000 usec,

     reliability 255/255, txload 23/255, rxload 16/255

  Encapsulation PPP, LCP Open, multilink Open

  Open: IPCP, loopback not set

  Keepalive set (10 sec)

  DTR is pulsed for 2 seconds on reset

  Last input 00:00:24, output never, output hang never

  Last clearing of "show interface" counters 7w5d

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 115908

  Queueing strategy: Class-based queueing

  Output queue: 0/1000/64/115908 (size/max total/threshold/drops)

     Conversations  0/84/256 (active/max active/max total)

     Reserved Conversations 2/2 (allocated/max allocated)

     Available Bandwidth 47 kilobits/sec

  5 minute input rate 280000 bits/sec, 164 packets/sec

  5 minute output rate 431000 bits/sec, 167 packets/sec

     551397415 packets input, 3040545258 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     68 input errors, 0 CRC, 7 frame, 0 overrun, 0 ignored, 7 abort

     467009166 packets output, 3492913920 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 unknown protocol drops

     0 output buffer failures, 0 output buffers swapped out

     0 carrier transitions

'show interfaces' won't provide the information I need. Can you post the 'show run' from the router?

You can mask your IP addressing for security purposes.

Regards,

Edison

See below.  I do see on the multilink8 some serice-policy settings.  So this is active?  Should it be removed, since it is not properly configured?

Building configuration...

Current configuration : 6400 bytes
!
! Last configuration change at 13:45:22 EST Mon Dec 19 2011
! NVRAM config last updated at 13:46:00 EST Mon Dec 19 2011
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname KamcoMPLS
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
card type t1 0 1
logging buffered 51200 warnings
enable secret 5 $1$v0yS$Sp4ffZI9f3zQxEvSGmSgF.
!
no aaa new-model
clock timezone EST -5
clock summer-time EST recurring
no network-clock-participate wic 0
no network-clock-participate wic 1
ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
!
!
ip cef
!
!
ip domain name yourdomain.com
multilink bundle-name authenticated
!
!
!
archive
log config
  hidekeys
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/1
shutdown
framing esf
linecode b8zs
cablelength long 0db
!
!
class-map match-any af41
match access-group name QOS_AF41
class-map match-any ef
!
!
policy-map 25_74
class ef
  bandwidth percent 25
  set ip dscp ef
class af41
  bandwidth percent 74
  set ip dscp af41
class class-default
  fair-queue
  set ip dscp default
!
!
!
!
interface Multilink8
description Multilink to Paetec
ip address x.138.89.26 255.255.255.252
ip wccp 62 redirect in
no cdp enable
ppp multilink
ppp multilink group 8
ppp multilink fragment disable
max-reserved-bandwidth 100
service-policy output 25_74
!
interface GigabitEthernet0/0
description Connected to Woburn LAN
ip address x.10.10.95 255.255.255.0
ip wccp 61 redirect in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address x.10.11.254 255.255.255.0
ip wccp redirect exclude in
duplex auto
speed auto
!
interface Serial0/0/0:1
description Connected to Circuit#1
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
interface Serial0/0/1:1
description Connected to Circuit#2
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
interface Serial0/1/0:1

description Connected to Circuit#3
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.10.10.21
ip route x.10.20.0 255.255.255.0 63.138.89.25
ip route x.10.30.0 255.255.255.0 63.138.89.25
ip route x.10.40.0 255.255.255.0 63.138.89.25
ip route x.10.41.0 255.255.255.0 63.138.89.25
ip route x.10.50.0 255.255.255.0 63.138.89.25
ip route x.10.51.0 255.255.255.0 63.138.89.25
ip route x.10.60.0 255.255.255.0 63.138.89.25
ip route x.10.61.0 255.255.255.0 63.138.89.25
ip route x.10.70.0 255.255.255.0 63.138.89.25
ip route x.10.80.0 255.255.255.0 63.138.89.25
ip route x.10.81.0 255.255.255.0 63.138.89.25
ip route x.10.90.0 255.255.255.0 192.10.10.21
!
!
ip http server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended QOS_AF41
permit ip any host x.10.10.7
permit ip any host x.10.10.8
permit tcp any eq 3389 any
ip access-list extended WAAS
permit tcp any x.x.40.0 0.0.1.255
permit tcp x.10.x.0 0.0.1.255 any
permit tcp any 192.10.60.0 0.0.1.255
permit tcp x.x.x.0 0.0.1.255 any
permit tcp any 19.x.80.0 0.0.1.255
permit tcp 19.10.80.0 0.0.1.255 any
permit tcp any x.10.50.0 0.0.1.255
permit tcp x.x.50.0 0.0.1.255 any
!
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps bgp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
!
!
control-plane
!
!
line con 0
password 7 1551485D0F2B26
login
line aux 0
line vty 0 4
password 7 0245470A000702
login
transport input telnet
line vty 5 15
password

login
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180295
ntp source GigabitEthernet0/0
ntp server 173.8.198.243
ntp server 128.10.254.7

It definitely need some work.

Your AF41 class is not working either per its ACL

ip access-list extended QOS_AF41

permit ip any host x.10.10.7

permit ip any host x.10.10.8

permit tcp any eq 3389 any

The first 2 entries indicate traffic going to the 10.10.10.0/24 network while you have the 10.10.10.0/24 in the LAN side.

The last entry may be a match for traffic sourcing TCP port 3389.

Overall, the service-policy is indeed applied to the multilink but actually isn't doing much - other than changing the interface queuing to fair-queueing for class class-default.

Regards,

Edison

Fairly new to QOS.  So what do we gain by changing the interface queuing to fair-queueing for class class-default???  and if it is a waste,  to remove would the following suffice?

config t

multilink8

no max-reserved-bandwidth 100

no service-policy output 25_74

config t

interface Serial0/1/0:1

no max-reserved-bandwidth 100

fair-queue

Repeat on the other two serial interfaces.

Thanks,

Dan

Yes, that's the removal process.

What is the difference between what we have configured now and fair-queue?  Also these are our citrix servers,

permit ip any host x.10.10.7

permit ip any host x.10.10.8

It looks like someone started to configure QOS for our Citrix servers, but never finished.

Per the output you posted on show interfaces:

Serial0/0/1:1 is up, line protocol is up

Queueing strategy: fifo

This is your default Queueing strategy. Your class class-default has a different Queuing strategy which is fair-queuing.

Fair-queuing provides the dynamic creation of queues according to the weight of the flow. You can accomplish the same

benefit by typing fair-queue under the physical interface w/o the need for the policy-map.

Please refer to the documentation:

http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1098249

As for the ACL, the direction is wrong. You have the service-policy in the egress direction while the ACL is matching on 10.10.10.7 and 10.10.10.8 as being the destination hosts. They are located in the LAN which is the opposite direction.

If you want to apply AF41 to those hosts, the correct ACL is:

permit ip host 10.10.10.7 any

permit ip host 10.10.10.8 any

Regards,

Edison

Edison thanks for all your help!  ; )

Dan

One last question..   How do I just remove the ip access-list extended QOS_AF41? 

#config t

#no policy-map 25_74

#no class-map match-any af41

#no class-map match-any ef

#no ip access-list extended QOS_AF41

Thanks again Edison,

Lot easier to Engineer than to Re-Engineer

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: