cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1105
Views
15
Helpful
10
Replies

How to configure QoS in cisco 4351 router

kai.ny111
Level 1
Level 1

Hi friends,

Thank you so much for giving your time to help me..

How to configure QOS in cisco 4351 router

I want to apply bandwidth capping in cisco 4351 router the scenario is as below-

-I have 46Mbps point to point link (Leased line) from source A to destination B(reference purpose).

-I have some specific set of IPs (10.9.0.0/24) at location B.

- I want 5Mbps to be used by only by these Ip and remaining bandwidth used by other application and 10.9.0.0/24's traffic should not flow from 41Mbps cap.

Indirectly I want 46Mbps should be divided into two parts i.e. 41Mbps and 5Mbps.

-Configuration is going to be apply on source A.

            Anything if you need please let me know…

 

            Any input from you will be helpful & appreciable.

 

Thanks,

Kailash

2 Accepted Solutions

Accepted Solutions

Hello,

the below would reserve 5MB for IP addresses 10.9.0.0/24, and the rest would go to the default class, which is all the remaining traffic:

class-map match-all 5_MB_LIMIT
 match access-group 101

policy-map LIMIT_OUT
 class 5_MB_LIMIT
  bandwidth 5000
 class class-default

interface GigabitEthernet0/0
 service-policy output LIMIT_OUT

View solution in original post

Hello

another possible basic example would be to prioritise the hosts for 5mb with LLQ  and then apply some fair queueing for the rest of your network

Access-list 10 permit host 10.9.1.1

Access-list 10 permit host 10.9.1.2

Class-map match-any 5mb-cm

mach access-group 10

policy-map wan_child

class 5mb-cm

Priority 5120

class class-default

fair-queue

polcy-map wan_parent

Shape-average 46000000

Service-policy wan_child

int x/x

descriptionWAN facing interface

service-policy output wan_parent

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

10 Replies 10

Hello,

the below would reserve 5MB for IP addresses 10.9.0.0/24, and the rest would go to the default class, which is all the remaining traffic:

class-map match-all 5_MB_LIMIT
 match access-group 101

policy-map LIMIT_OUT
 class 5_MB_LIMIT
  bandwidth 5000
 class class-default

interface GigabitEthernet0/0
 service-policy output LIMIT_OUT

Hi,

thanks for your reply.

 As per your example it looks very simple but how can i find traffic going through as per above policy.

and service-policy must be as input.

Hello,

to check if your policy matches, use the command:

show policy-map interface GigabitEthernet0/0

The input/output keywords do not refer to the direction of the traffic, but to the interface itself. 'Input' means that traffic arrives at the interface, 'output' means that it has already traversed the interface.

You can add a burst value to the shape average:

shape average 46000000 460000

Hello

another possible basic example would be to prioritise the hosts for 5mb with LLQ  and then apply some fair queueing for the rest of your network

Access-list 10 permit host 10.9.1.1

Access-list 10 permit host 10.9.1.2

Class-map match-any 5mb-cm

mach access-group 10

policy-map wan_child

class 5mb-cm

Priority 5120

class class-default

fair-queue

polcy-map wan_parent

Shape-average 46000000

Service-policy wan_child

int x/x

descriptionWAN facing interface

service-policy output wan_parent

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi,

thanks for your reply..

I have 2 more query as per your example.

1. You applied policy shaping so it will drop the packets if traffic goes above 41Mbps in fair-queue

so if i have burst bandwidth then we might not able to use that limit.

2.  And correct me if i am wrong, service -policy applied on wan interface must be as input since we are applying policy at location A for IPs located at location B.

Hello

1) no it will queue tthe traffic until a time it's able to transmit it thus resulting in more delayed response than it being dropped - policing would drop the traffic 

2) By the time the traffic comes into location A the traffic would have already traversed the wire thus its already taken the BW so no point in shaping ingress

To shape on the wan its suggested to apply it egress in line with any agreed SLA with your ISP Which would also do the same and also to negate them from randomly dropping any traffic which continually exceeds your agreed CIR

If you have a p2p link between each site applying the same shaping either side of the link would be applicable also

The example provided is a basic Hqos example which would shape all traffic to 46mb and prioritise specific host to 5mb and give fairness to all other traffic when egressing the wan interface as by default the queuing method is FIFO (first in first out) not WFQ as I suggested

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kai.ny111
Level 1
Level 1

Hi friends,

I also make some configuration from using your inputs as follow-

class-map match-all 5MB
match access-group 2001

policy-map 5MB-WAN
class 5MB
police cir 5120 bc 2880000 be 1000 conform-action transmit exceed-action drop
set ip precedence 5
class class-default
police cir 41984  bc 17280000 conform-action transmit exceed-action drop
set ip precedence 0



interface fa0/0/0
service-policy input 5MB-WAN

Hello,

be careful with the policer values. The first value is in bits, the second in bytes. If you want to police to 5MB, you would need:

police cir 5000000 937500

And to police 41MB, it would be:

police cir 41000000 7687500

The formula for bc is:

(cir/8)*1.5

Hello Georg

Can you explain why would you want to police ingress on a wan connection as this would only affect traffic after it had already traversed the link So basically policing traffic prior to it hitting the lan 

Now if you did it the other way around marking and policing traffic coming off your lan prior to classifying and shaping egress on the wan then to me it would be more applicable?

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paul,

I was just referring to the policer values, as I have seen many times that people forget that the second value is in bytes. So a bc of 2880000 would mean you can effectively burst up to approx. 23MB, which is likely not the intention.

You are obviously absolutely right, ingress shaping on a WAN connection defeats the purpose.

That by the way, and as I sort of tried to explain to Kailash below, is another concept that can be a bit hard to comprehend. Input and output refer to the point of view of the interface, and have nothing to do with the direction of the traffic.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco