02-21-2012 07:52 AM - edited 03-04-2019 03:22 PM
We have an MPLS network to a half dozen remote sites. At our main location we have a 2800 series router. In the routers config are the following lines for QOS. When I go to the routers on the other end of the MPLS, none of them are configured with these same policies. Would these not be in the running config of the 1800 series routers, or is this not setup correct and this should be removed????
class-map match-any af41
match access-group name QOS_AF41
class-map match-any ef
!
!
policy-map 25_74
class ef
bandwidth percent 25
set ip dscp ef
class af41
bandwidth percent 74
set ip dscp af41
class class-default
fair-queue
set ip dscp default
!
!
!
!
ip access-list extended QOS_AF41
permit ip any host 192.10.10.7
permit ip any host 192.10.10.8
permit tcp any eq 3389 any !
Solved! Go to Solution.
02-22-2012 08:23 AM
Per the output you posted on show interfaces:
Serial0/0/1:1 is up, line protocol is up
Queueing strategy: fifo
This is your default Queueing strategy. Your class class-default has a different Queuing strategy which is fair-queuing.
Fair-queuing provides the dynamic creation of queues according to the weight of the flow. You can accomplish the same
benefit by typing fair-queue under the physical interface w/o the need for the policy-map.
Please refer to the documentation:
http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1098249
As for the ACL, the direction is wrong. You have the service-policy in the egress direction while the ACL is matching on 10.10.10.7 and 10.10.10.8 as being the destination hosts. They are located in the LAN which is the opposite direction.
If you want to apply AF41 to those hosts, the correct ACL is:
permit ip host 10.10.10.7 any
permit ip host 10.10.10.8 any
Regards,
Edison
02-21-2012 08:18 AM
Your 2800s are performing some kind of QoS on egress according to this config and if your 1800s do not have any QoS config, the return traffic won't have Quality of Service.
With that said, the config posted above is not completed as your EF class isn't matching anything.
Within your policy-map, it is Best Practice to assign Priority Queuing to EF while you are assigning CBWFQ.
You are also not leaving much for class class-default - I recommend the following percentages (these % can change depending upon your application needs).
PQ = 25 to 30%
AF41 = 30 to 50%
Class Class-Default = Remaining left which can range from 20 to 55%
Additionally, do you have the policy-map applied to the interface? If so, on which direction (in | out) ?
02-21-2012 09:22 AM
If I do a show Interfaces I get the following As you can see there are 3 T1's bundled into a multilink. I do not see any policy-map applied here. Does that mean that it is not active, or am I looking in the wrong place. Also if it is not applied does that mean it is doing nothing and can be removed??
Thanks,
Dan
Serial0/0/0:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#1
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 24/255, rxload 19/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 118000 bits/sec, 65 packets/sec
5 minute output rate 145000 bits/sec, 51 packets/sec
342342477 packets input, 3395420271 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
24 input errors, 24 CRC, 9 frame, 3 overrun, 0 ignored, 14 abort
156601448 packets output, 4043011296 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags
Serial0/0/1:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#2
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 23/255, rxload 17/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:09, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 93000 bits/sec, 61 packets/sec
5 minute output rate 141000 bits/sec, 50 packets/sec
342325892 packets input, 3387586256 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
124 input errors, 124 CRC, 62 frame, 33 overrun, 0 ignored, 89 abort
156587617 packets output, 4041178186 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions
Timeslot(s) Used:1-24, SCC: 1, Transmitter delay is 0 flags
Serial0/1/0:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#3
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 22/255, rxload 15/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 92000 bits/sec, 60 packets/sec
5 minute output rate 132000 bits/sec, 51 packets/sec
342325450 packets input, 3391181659 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
16 input errors, 16 CRC, 7 frame, 6 overrun, 0 ignored, 10 abort
156577604 packets output, 4039635250 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags
Multilink8 is up, line protocol is up
Hardware is multilink group interface
Description: Multilink to Paetec
Internet address is 63.138.89.26/30
MTU 1500 bytes, BW 4608 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 23/255, rxload 16/255
Encapsulation PPP, LCP Open, multilink Open
Open: IPCP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 2 seconds on reset
Last input 00:00:24, output never, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 115908
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/115908 (size/max total/threshold/drops)
Conversations 0/84/256 (active/max active/max total)
Reserved Conversations 2/2 (allocated/max allocated)
Available Bandwidth 47 kilobits/sec
5 minute input rate 280000 bits/sec, 164 packets/sec
5 minute output rate 431000 bits/sec, 167 packets/sec
551397415 packets input, 3040545258 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
68 input errors, 0 CRC, 7 frame, 0 overrun, 0 ignored, 7 abort
467009166 packets output, 3492913920 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Serial0/0/0:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#1
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 24/255, rxload 19/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:06, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 118000 bits/sec, 65 packets/sec
5 minute output rate 145000 bits/sec, 51 packets/sec
342342477 packets input, 3395420271 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
24 input errors, 24 CRC, 9 frame, 3 overrun, 0 ignored, 14 abort
156601448 packets output, 4043011296 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags
Serial0/0/1:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#2
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 23/255, rxload 17/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:09, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 93000 bits/sec, 61 packets/sec
5 minute output rate 141000 bits/sec, 50 packets/sec
342325892 packets input, 3387586256 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
124 input errors, 124 CRC, 62 frame, 33 overrun, 0 ignored, 89 abort
156587617 packets output, 4041178186 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
2 carrier transitions
Timeslot(s) Used:1-24, SCC: 1, Transmitter delay is 0 flags
Serial0/1/0:1 is up, line protocol is up
Hardware is GT96K Serial
Description: Connected to Circuit#3
MTU 1500 bytes, BW 1536 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 22/255, rxload 15/255
Encapsulation PPP, LCP Open, multilink Open
Link is a member of Multilink bundle Multilink8, loopback not set
Keepalive set (10 sec)
Last input 00:00:00, output 00:00:02, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 92000 bits/sec, 60 packets/sec
5 minute output rate 132000 bits/sec, 51 packets/sec
342325450 packets input, 3391181659 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
16 input errors, 16 CRC, 7 frame, 6 overrun, 0 ignored, 10 abort
156577604 packets output, 4039635250 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
Timeslot(s) Used:1-24, SCC: 0, Transmitter delay is 0 flags
Multilink8 is up, line protocol is up
Hardware is multilink group interface
Description: Multilink to Paetec
Internet address is 63.138.89.26/30
MTU 1500 bytes, BW 4608 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 23/255, rxload 16/255
Encapsulation PPP, LCP Open, multilink Open
Open: IPCP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 2 seconds on reset
Last input 00:00:24, output never, output hang never
Last clearing of "show interface" counters 7w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 115908
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/115908 (size/max total/threshold/drops)
Conversations 0/84/256 (active/max active/max total)
Reserved Conversations 2/2 (allocated/max allocated)
Available Bandwidth 47 kilobits/sec
5 minute input rate 280000 bits/sec, 164 packets/sec
5 minute output rate 431000 bits/sec, 167 packets/sec
551397415 packets input, 3040545258 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
68 input errors, 0 CRC, 7 frame, 0 overrun, 0 ignored, 7 abort
467009166 packets output, 3492913920 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
02-21-2012 10:08 AM
'show interfaces' won't provide the information I need. Can you post the 'show run' from the router?
You can mask your IP addressing for security purposes.
Regards,
Edison
02-21-2012 11:44 AM
See below. I do see on the multilink8 some serice-policy settings. So this is active? Should it be removed, since it is not properly configured?
Building configuration...
Current configuration : 6400 bytes
!
! Last configuration change at 13:45:22 EST Mon Dec 19 2011
! NVRAM config last updated at 13:46:00 EST Mon Dec 19 2011
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname KamcoMPLS
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
card type t1 0 1
logging buffered 51200 warnings
enable secret 5 $1$v0yS$Sp4ffZI9f3zQxEvSGmSgF.
!
no aaa new-model
clock timezone EST -5
clock summer-time EST recurring
no network-clock-participate wic 0
no network-clock-participate wic 1
ip wccp 61 redirect-list WAAS
ip wccp 62 redirect-list WAAS
!
!
ip cef
!
!
ip domain name yourdomain.com
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/1
shutdown
framing esf
linecode b8zs
cablelength long 0db
!
!
class-map match-any af41
match access-group name QOS_AF41
class-map match-any ef
!
!
policy-map 25_74
class ef
bandwidth percent 25
set ip dscp ef
class af41
bandwidth percent 74
set ip dscp af41
class class-default
fair-queue
set ip dscp default
!
!
!
!
interface Multilink8
description Multilink to Paetec
ip address x.138.89.26 255.255.255.252
ip wccp 62 redirect in
no cdp enable
ppp multilink
ppp multilink group 8
ppp multilink fragment disable
max-reserved-bandwidth 100
service-policy output 25_74
!
interface GigabitEthernet0/0
description Connected to Woburn LAN
ip address x.10.10.95 255.255.255.0
ip wccp 61 redirect in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address x.10.11.254 255.255.255.0
ip wccp redirect exclude in
duplex auto
speed auto
!
interface Serial0/0/0:1
description Connected to Circuit#1
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
interface Serial0/0/1:1
description Connected to Circuit#2
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
interface Serial0/1/0:1
description Connected to Circuit#3
no ip address
encapsulation ppp
no fair-queue
no cdp enable
ppp multilink
ppp multilink group 8
max-reserved-bandwidth 100
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.10.10.21
ip route x.10.20.0 255.255.255.0 63.138.89.25
ip route x.10.30.0 255.255.255.0 63.138.89.25
ip route x.10.40.0 255.255.255.0 63.138.89.25
ip route x.10.41.0 255.255.255.0 63.138.89.25
ip route x.10.50.0 255.255.255.0 63.138.89.25
ip route x.10.51.0 255.255.255.0 63.138.89.25
ip route x.10.60.0 255.255.255.0 63.138.89.25
ip route x.10.61.0 255.255.255.0 63.138.89.25
ip route x.10.70.0 255.255.255.0 63.138.89.25
ip route x.10.80.0 255.255.255.0 63.138.89.25
ip route x.10.81.0 255.255.255.0 63.138.89.25
ip route x.10.90.0 255.255.255.0 192.10.10.21
!
!
ip http server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended QOS_AF41
permit ip any host x.10.10.7
permit ip any host x.10.10.8
permit tcp any eq 3389 any
ip access-list extended WAAS
permit tcp any x.x.40.0 0.0.1.255
permit tcp x.10.x.0 0.0.1.255 any
permit tcp any 192.10.60.0 0.0.1.255
permit tcp x.x.x.0 0.0.1.255 any
permit tcp any 19.x.80.0 0.0.1.255
permit tcp 19.10.80.0 0.0.1.255 any
permit tcp any x.10.50.0 0.0.1.255
permit tcp x.x.50.0 0.0.1.255 any
!
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps ds1
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps flash insertion removal
snmp-server enable traps ds3
snmp-server enable traps envmon
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps bgp
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
!
!
control-plane
!
!
line con 0
password 7 1551485D0F2B26
login
line aux 0
line vty 0 4
password 7 0245470A000702
login
transport input telnet
line vty 5 15
password
login
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180295
ntp source GigabitEthernet0/0
ntp server 173.8.198.243
ntp server 128.10.254.7
02-21-2012 12:22 PM
It definitely need some work.
Your AF41 class is not working either per its ACL
ip access-list extended QOS_AF41
permit ip any host x.10.10.7
permit ip any host x.10.10.8
permit tcp any eq 3389 any
The first 2 entries indicate traffic going to the 10.10.10.0/24 network while you have the 10.10.10.0/24 in the LAN side.
The last entry may be a match for traffic sourcing TCP port 3389.
Overall, the service-policy is indeed applied to the multilink but actually isn't doing much - other than changing the interface queuing to fair-queueing for class class-default.
Regards,
Edison
02-21-2012 01:22 PM
Fairly new to QOS. So what do we gain by changing the interface queuing to fair-queueing for class class-default??? and if it is a waste, to remove would the following suffice?
config t
multilink8
no max-reserved-bandwidth 100
no service-policy output 25_74
config t
interface Serial0/1/0:1
no max-reserved-bandwidth 100
fair-queue
Repeat on the other two serial interfaces.
Thanks,
Dan
02-21-2012 07:07 PM
Yes, that's the removal process.
02-22-2012 05:14 AM
What is the difference between what we have configured now and fair-queue? Also these are our citrix servers,
permit ip any host x.10.10.7
permit ip any host x.10.10.8
It looks like someone started to configure QOS for our Citrix servers, but never finished.
02-22-2012 08:23 AM
Per the output you posted on show interfaces:
Serial0/0/1:1 is up, line protocol is up
Queueing strategy: fifo
This is your default Queueing strategy. Your class class-default has a different Queuing strategy which is fair-queuing.
Fair-queuing provides the dynamic creation of queues according to the weight of the flow. You can accomplish the same
benefit by typing fair-queue under the physical interface w/o the need for the policy-map.
Please refer to the documentation:
http://www.cisco.com/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#wp1098249
As for the ACL, the direction is wrong. You have the service-policy in the egress direction while the ACL is matching on 10.10.10.7 and 10.10.10.8 as being the destination hosts. They are located in the LAN which is the opposite direction.
If you want to apply AF41 to those hosts, the correct ACL is:
permit ip host 10.10.10.7 any
permit ip host 10.10.10.8 any
Regards,
Edison
02-22-2012 11:16 AM
Edison thanks for all your help! ; )
Dan
02-22-2012 12:10 PM
One last question.. How do I just remove the ip access-list extended QOS_AF41?
02-22-2012 02:49 PM
#config t
#no policy-map 25_74
#no class-map match-any af41
#no class-map match-any ef
#no ip access-list extended QOS_AF41
02-23-2012 05:24 AM
Thanks again Edison,
Lot easier to Engineer than to Re-Engineer
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide