How to check IP/Packet Data in QoS class-default

fauzi.yusuf · ‎05-23-2011

Dear All,

I have problem with my class-default. Now the data increased to 16 Mbps.

I need to check which IP or packet classified to this class.

Here my class map data:

Policy Map output-backbone

    Class Conversational
      priority 40 (%)
    Class Signaling
      bandwidth 10 (%)
    Class Charging
      bandwidth 8 (%)
    Class GPRS
      bandwidth 40 (%)
    Class class-default
      bandwidth 2 (%)

Here the traffic on my class-default

Class-map: class-default (match-any)
      1567839752 packets, 1534019331940 bytes
      5 minute offered rate 4079000 bps, drop rate 0000 bps
      Match: any
      Queueing
      queue limit 5000 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 1567840505/1534020085692
      bandwidth 2% (20000 kbps)

Is there any clue or other software to verify my class-default? What ip or packet data classified in my class-default?

Best Regards,

Fauzi

Calin C. · ‎05-23-2011

The short answer is that you match in the default-class anything else which is not matched on other classes.

In theory, you have to match a certaing traffic (e.g. voice) and mark it as closer as possible to the edge of your network (e.g. on access switches) or if you don't have the possibility you can mark the traffic on the same device where you have the traffic prioritization (e.g. from where you copy/paste the output in your post).

You have to check where and what are you marking. As an example, look for access-lists or prefix-list that match certaing traffic.

If you can copy / paste the full config of your router, then we can help more. You can take out the sensitive information like usernames and IP addresses.

Some more info about your output:

- that "priority" command means Low Latency Queueing (LLQ) and usually apply only to real-time traffic that need low latency (e.g. voice traffic)

- your default class has very less bandwidth 2%; if the categorization and marking of the traffic is not done propely, you'll have a lot of traffic falling into this class and you'll encounter packet loss if this class get full and cannot borrow from other classes (if there is enough bandwidth)

Cheers,

Calin

fauzi.yusuf · ‎05-23-2011

Hi Calin,

Actually all VLAN and port P2P already classified by other class.

Here our class map

sh class-map

Class Map match-any IuCS_voice (id 1)
Match access-group name acl_IuCS_voice

Class Map match-any IuCS_signaling (id 2)
Match access-group name acl_IuCS_signaling

Class Map match-any GPRS (id 3)
Match mpls experimental topmost 3
Match dscp af31 (26)

Class Map match-any Conversational (id 4)
Match mpls experimental topmost 5
Match dscp ef (46)

Class Map match-any class-default (id 0)
Match any

Class Map match-any Charging (id 5)
Match mpls experimental topmost 1
Match dscp af13 (14)

Class Map match-any Signaling (id 6)
Match mpls experimental topmost 4 6
Match dscp af41 (34) cs6 (48)

Class Map match-any AnyPacket (id 7)
Match any

sh policy-map

    Policy Map SetVoiceDSCP
    Class AnyPacket
      set dscp ef
Policy Map SetGPRSDSCP
    Class AnyPacket
      set dscp af31
Policy Map SetChargingOamDSCP
    Class AnyPacket
      set dscp af13
Policy Map IuCS_Classify
    Class IuCS_voice
      set dscp ef
    Class IuCS_signaling
      set dscp af41
Policy Map SetSignalingDSCP
    Class AnyPacket
      set dscp af41
Policy Map output-backbone

    Class Conversational
      priority 40 (%)
    Class Signaling
      bandwidth 10 (%)
    Class Charging
      bandwidth 8 (%)
    Class GPRS
      bandwidth 40 (%)
    Class class-default
      bandwidth 2 (%)

I just want to know if there is CLI to see all IP in policy-map? Or if need any software or third party OSS to see the packet trough our backbone?

I want to use mirroring port but as the site is too far from us that might difficult from us.

If you need more data, could you please inform what specific data you need? The running config is too big.

Best Regards,

Fauzi Yusuf

Calin C. · ‎05-23-2011

You could try using Netflow to monitor packet flow between source and destination or IP accounting...but everything depend on your network infrastructure and software availability.

Cheers,

Calin

Joseph W. Doherty · ‎05-23-2011

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Having other map-classes, alone, that match all packets does not answer the question of what class-maps are being used in a particular policy-map, which you also appear to have several.

From your original post, if you're using policy-map output-backbone, I don't see it using an explict class to match all packets. If that's correct, class-default would contain otherwise unmatched packets.

If the other policy-maps are to mark inbound traffic and set on all interfaces with inbound traffic, in theory, all packets should be tagged for one of your explictly defined classes for the outbound policy, however you might still see some traffic in the outbound class-default for packets sourced by the device itself. However, for the volume I believe you mentioned in your original post, I would suspect some traffic is not being tagged before it gets to your outbound policy.