cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
7
Replies

Is QOS working in my network?

tomocisco
Level 1
Level 1

Hi All,

Its good to be here again and I'll specially want to thank all contributors to this forum.

Below is a sample configuration of my Router. I am trying to do QOS on the IPSEC VPN tunnel so that voice traffic can be given priority over other traffics (I am using non cisco IP phones).

I want to know if this config is ok and working because I have not noticed any improvement in voice quality, if not ok pls can someone give me a better suggestion? (I used SDM for the QOS configuration). Below the show run is a sho policy map output.

Building configuration...

Current configuration : 4867 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

!

boot-start-marker

boot-end-marker

!

no aaa new-model

clock timezone utc 1

!

crypto pki trustpoint TP-self-signed-3885639516

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3885639516

revocation-check none

rsakeypair TP-self-signed-3885639516

!

!

ip cef

!

!

ip domain name masters

ip name-server 4.2.2.2

!

multilink bundle-name authenticated

password encryption aes

!

!

crypto isakmp policy 1

encr aes 256

hash md5

authentication pre-share

group 2

crypto isakmp key 6 B^ address 4.7.8.74

!

!

crypto ipsec transform-set ME-VPN esp-aes 256 esp-md5-hmac

!

crypto map VPN-TO-PH 10 ipsec-isakmp

description SET PEER TO PH IP ADDRESS

set peer 4.7.8.74

set transform-set ME-VPN

match address VPN-TRAFFIC

!

archive

log config

  hidekeys

!

!

!

class-map match-any SDM-Transactional-1

match  dscp af21

match  dscp af22

match  dscp af23

class-map match-any P2P

match protocol bittorrent

class-map match-any SDM-Signaling-1

match  dscp cs3

match  dscp af31

class-map match-any SDM-Routing-1

match  dscp cs6

class-map match-any SDM-Voice-1

match  dscp ef

class-map match-any SDM-Management-1

match  dscp cs2

!

!

policy-map SDM-QoS-Policy-1

class SDM-Voice-1

  priority percent 33

class SDM-Signaling-1

  bandwidth percent 5

class SDM-Routing-1

  bandwidth percent 5

class SDM-Management-1

  bandwidth percent 5

class SDM-Transactional-1

  bandwidth percent 5

class class-default

  fair-queue

  random-detect

policy-map P2P

class P2P

   drop

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface FastEthernet0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

service-policy input P2P

!

interface FastEthernet1

ip address 4.7.8.130 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map VPN-TO-PH

service-policy output SDM-QoS-Policy-1

interface Vlan1

no ip address

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 4.7.8.129

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source route-map LAT interface FastEthernet1 overload

!

ip access-list extended VPN-TRAFFIC

permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

!

access-list 100 remark EXCLUDED FROM NAT

access-list 100 deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

access-list 100 remark

!

!

!

route-map LAT permit 1

match ip address 100

end

Lagos#sho policy-map int f1

FastEthernet1

  Service-policy output: SDM-QoS-Policy-1

    Class-map: SDM-Voice-1 (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp ef (46)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Strict Priority

        Output Queue: Conversation 264

        Bandwidth 33 (%)

        Bandwidth 33000 (kbps) Burst 825000 (Bytes)

        (pkts matched/bytes matched) 0/0

        (total drops/bytes drops) 0/0

    Class-map: SDM-Signaling-1 (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp cs3 (24)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match:  dscp af31 (26)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Output Queue: Conversation 265

        Bandwidth 5 (%)

        Bandwidth 5000 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 0/0

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: SDM-Routing-1 (match-any)

      442 packets, 37367 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp cs6 (48)

        442 packets, 37367 bytes

        5 minute rate 0 bps

      Queueing

        Output Queue: Conversation 266

        Bandwidth 5 (%)

        Bandwidth 5000 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 411/31965

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: SDM-Management-1 (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp cs2 (16)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Output Queue: Conversation 267

        Bandwidth 5 (%)

        Bandwidth 5000 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 0/0

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: SDM-Transactional-1 (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp af21 (18)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match:  dscp af22 (20)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match:  dscp af23 (22)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Output Queue: Conversation 268

        Bandwidth 5 (%)

        Bandwidth 5000 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 0/0

        (depth/total drops/no-buffer drops) 0/0/0

    Class-map: class-default (match-any)

      2820661 packets, 548265388 bytes

      5 minute offered rate 185000 bps, drop rate 0 bps

      Match: any

      Queueing

        Flow Based Fair Queueing

        Maximum Number of Hashed Queues 256

        (total queued/total drops/no-buffer drops) 0/0/0

         exponential weight: 9

  class    Transmitted      Random drop      Tail drop    Minimum Maximum  Mark

           pkts/bytes       pkts/bytes       pkts/bytes    thresh  thresh  prob

      0 2820573/548172293       0/0              0/0           20      40  1/10

      1       6/360             0/0              0/0           22      40  1/10

      2       0/0               0/0              0/0           24      40  1/10

      3       0/0               0/0              0/0           26      40  1/10

      4       0/0               0/0              0/0           28      40  1/10

      5       0/0               0/0              0/0           30      40  1/10

      6       0/0               0/0              0/0           32      40  1/10

      7       0/0               0/0              0/0           34      40  1/10

   rsvp       0/0               0/0              0/0           36      40  1/10

Thanks.

Tom

7 Replies 7

John Blakley
VIP Alumni
VIP Alumni

Tom,

Under the crypto map, try adding "qos pre-classify" and see if that helps.

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi John,

I added "qos pre-classify" as you suggested but haven't noticed any change (improvement).

Here is sho policy map int f1 output, as you can see I am still having 0 packets/0 bytes under SDM-Q0S-Policy-1 (I dont know how to interprete this anyway but my point is that I haven't noticed any improvement in voice traffic).

Lagos#sho policy-map int f1

FastEthernet1

  Service-policy output: SDM-QoS-Policy-1

    Class-map: SDM-Voice-1 (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match:  dscp ef (46)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Strict Priority

        Output Queue: Conversation 264

        Bandwidth 33 (%)

        Bandwidth 33000 (kbps) Burst 825000 (Bytes)

        (pkts matched/bytes matched) 0/0

        (total drops/bytes drops) 0/0

Thanks for you contribution.

Tom

What type of switch do you have your router connected to, and are you trusting your markings? They could be getting overwritten. Do you have a specific subnet associated to your phone traffic? If so, you could match on an acl instead of the dscp marking. Suppose you have 192.168.10.0/24 associated to all phones. You could do something like:

access-list 10 permit 192.168.10.0 0.0.0.255

class-map match-any SDM-Voice-1

match  access-group 10

Then keep the config for your policy map the way that it is. This would reclassify the traffic for you by subnet instead of doing it by markings.

You'll want to remove the "match dscp ef" line from the current class-map if you're going to use the acl instead. You have it matching any right now, so in theory it will still work, but it just makes it cleaner.

HTH,

John

HTH, John *** Please rate all useful posts ***

Disclaimer

The  Author of this posting offers the information contained  within this  posting without consideration and with the reader's  understanding that  there's no implied or expressed suitability or  fitness for any purpose.  Information provided is for informational  purposes only and should not  be construed as rendering professional  advice of any kind. Usage of  this posting's information is solely at  reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever  (including,  without limitation, damages for loss of use, data or  profit) arising  out of the use or inability to use the posting's  information even if  Author has been advised of the possibility of such  damage.

Posting

Have you confirmed your input stream has correct ToS markings?  Reason I ask, you're only matching on CS6 and default.

Re: other suggestions, unless end-to-end corresponds with port bandwidth, you might need to shape your tunnel traffic.

I believe QOS pre- classify needs to be on the interface the crypto map is applied to.

Sent from Cisco Technical Support iPad App

Jeff,

You can actually do it under either one:

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfvpn.html#wp1005317

Tunnel interfaces use it under the interface (GRE), but IPSec tunnels use the crypto map.

John

HTH, John *** Please rate all useful posts ***

Disclaimer

The   Author of this posting offers the information contained  within this   posting without consideration and with the reader's  understanding that   there's no implied or expressed suitability or  fitness for any  purpose.  Information provided is for informational  purposes only and  should not  be construed as rendering professional  advice of any kind.  Usage of  this posting's information is solely at  reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever   (including,  without limitation, damages for loss of use, data or   profit) arising  out of the use or inability to use the posting's   information even if  Author has been advised of the possibility of such   damage.

Posting

Pre-classify is normally only needed if you want to examine IP header info against the tunneled packets.  As ToS is generally copied to the tunneled packet, pre-classify shouldn't be needed if your only examining the ToS value.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: