Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1335
Views
10
Helpful
5
Replies

Hierarchical QOS For ASR 1002 for ISP with bandwidth 1.2 Gbps

Dr.X
Level 2
Level 2

‎05-08-2015 01:50 AM - edited ‎03-05-2019 01:25 AM

Hi , 

All i need is , i want to apply QOS to gurantee 120 Mbps for a subnet /24 , thats all what i need from the ASR , but unfortunately i tried alot alot alot and not working .

let me show you the topology ,

i have the topology as below

if didnt work , plz see image here ==>http://www8.0zz0.com/2015/05/08/11/349419669.png

 

===============

lets describe my network.

my router with ISP is cisco ASR 1002 , has 2 interfaces Gi0/0/0 & Gi0/0/3 as portchannel and go to ISP provider.

My total bw for download is 1200000Kbps , and here i dont care for upload , i just need to optimize my QOS for download traffic only .

the provider load balance acreoss the ether channel such that each Link Get 600000 Kbps .

now from ASR 1002 to my internal , i have  cisco 7600 but not in etherchannel , it just do Eigrp load balancing between the 2 Links.

now all my needs is i have subnet /24 and i want to gurantee bw for it to be 120 Mbps in the rush Hour .

 

i tried alot alot alot trials and no one worked , always it fails and dont gurantee .

i tried normal CBWFQ and match this subnet with class maps and used LLQ  and CBWFQ and it didnt work

 

i use Hirearchial policy parent/child and it always dotn work

 

im not sure what wrong with my config , but  as i know , i must police/shape my side on less than 1.2 Gbps so that i escape from the provider shaping .

i shaped my side to 1150000 KBPS  and inside that shape i applied my policy for LLQ or CBWFQ , and i still get  QOS not working.

============

so let me describel what i do , and i may be wrong :

as u know each intenal link about 6000 Kbps , on Gi0/0/1 and Gi0/0/2 , so i have sample policy map that applied to both interfaces 0/0/1 & Gi0/0/2

so i do shape for about 550000 and inside it i do LLQ to the subnet/24 that im interested with and i apply it to both Gi0/0/1 & Gi0/0/2 , but it dont work , no gurantee .......no LLQ.

 

the only thing that work is , if i do police or shape ..it work !!!! 

but anything for bw gurantee , it dont work !!

 

here is below my policy-map and config that i have :

 

Gateway-ASR1002#sh policy-map parent
  Policy Map parent
    Class class-default
      Peak Rate Traffic Shaping
      cir 512000000 (bps)
      service policy whyfy



Gateway-ASR1002#sh class-map whyfy
 Class Map match-all whyfy (id 21)
   Match access-group name whyfy


Gateway-ASR1002#sh ip access-lists whyfy
Extended IP access list whyfy
    20 permit ip any x.x.111.0 0.0.0.255

Gateway-ASR1002#sh policy-map whyfy
  Policy Map whyfy
    Class whyfy
      bandwidth 120000 (kbps)



Gateway-ASR1002#sh running-config interface gigabitEthernet 0/0/1

!
interface GigabitEthernet0/0/1
 description ASR-7600-Link1
 ip address xxx 255.255.255.252
 load-interval 30
 negotiation auto
service-policy output parent
end

 

Current configuration : 142 bytes
!
interface GigabitEthernet0/0/2
 description ASR-7600-Link2
 ip address 1xx.76.2 255.255.255.252
 load-interval 30
 negotiation auto
service-policy output parent
end

 

 

 

I HOPE to get answerd and see why i cant do QOS gurantee  to some ips/subnet !!!

 

thanks alot 

Labels:
0 Helpful
5 Replies 5

Vasilii Mikhailovskii
Level 7
Level 7

‎05-14-2015 08:44 AM

Hello.

As I understood your problem:

My total bw for download is 1200000Kbps , and here i dont care for upload , i just need to optimize my QOS for download traffic only

Basically, you are right with the approach - you need to avoid using ISP's shaper and in this case you will be able to protect one class of another.

But the problem is: you don't control the amount of traffic that is sent from Internet! So, any unexpected burst (or DoS) would ruin your design/solution.

But regardless of this flaw - you may try shaping traffic on ASR toward your LAN. Per my experience on 30M link with 100 users I had to shape to 80% of WAN bandwidth... if you go above - to 1.2G with a lot of concurrent users and a lot of sessions per second, I can't hint you about shape rate you need - just test different values.

Regarding your configuration - you need to "shape avarage", not "shape peak". Another flaw - in class-default it would be better to use WRED/FQ with agressive drop policy to avoid TCP synchronization issue and to manage bursts.

Dr.X
Level 2
Level 2
In response to Vasilii Mikhailovskii

‎05-14-2015 03:03 PM

Hi vasili , thanks for reply

as you mentioned i have 1200.000Kbps , so i need to do shaping to about 1000.0000 to bypass ISP shaper ?

 

i will try , but how can i do a test or check to make sure that i finally skipped ISP shaper ?

 

also didnt understand why bettter to use shape average not shape peak  in my case ?

 

 

thankx

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-14-2015 09:52 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

You want to guarantee 120 Mbps from the Internet to your local LAN?

If that's what you want to accomplish, you would really need to control/dictate the QoS on the provider's side of the link.  Without that, possibly the next best thing might be to police ingress on the port-channel, such that your non-special LAN destination traffic is policed at 1.2 Gbps less your 120 Mbps.  However, for ingress policing to work, ingress traffic has to slow when subjected to drops, and even when it does, often it's "laggy".  (Which is why bursts can still be an issue, as mentioned by Vasilii.)  (To really manage ingress traffic, you need a special traffic management appliance, and even those cannot really guarantee 100%.)

Dr.X
Level 2
Level 2
In response to Joseph W. Doherty

‎05-14-2015 02:59 PM

Mr Josef , thank you for reply

 

what cisco appliance can manage my needs ?

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Dr.X

‎05-15-2015 02:39 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

To my knowledge, Cisco doesn't have an appliance that does this.  I believe there are a couple 3rd party "traffic shaper" appliances that do, such as Packeteer.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card