Re: NBAR deployed on the router, Do I still Need autoQoS on the Switch???

Nisterio · ‎08-10-2018

Hello,

I am deploying the QoS on a couple of routers and switches on a router-in-a-stick topology. Since NBAR is already classifying the traffic, why would I need to enable auto QoS on the switches again? Don't want to deal with the ACL thing and being stuck updating it every a new protocol is discovered. I am looking for advise on best practices to deploy QoS using NBAR. Here is my configuration below :

Switch#

interface GigabitEthernet1/0/24
description Trunk to the router
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape 10 0 0 0
udld port aggressive
mls qos trust cos
flowcontrol receive desired
spanning-tree link-type point-to-point

on the router on the other hand I have the following config applied :

Router#

class-map match-all CLASS-NBAR-VOICE
match protocol attribute traffic-class voip-telephony
match protocol attribute business-relevance business-relevant
class-map match-any CLASS-NBAR-SCAVENGER
match protocol attribute business-relevance business-irrelevant
match protocol attribute sub-category os-updates
match protocol attribute sub-category backup-systems
class-map match-all CLASS-NBAR-REAL-TIME-INTERACTIVE
match protocol attribute traffic-class real-time-interactive
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-CALL-SIGNALING
match protocol attribute traffic-class signaling
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-TRANSACTIONAL-DATA
match protocol attribute traffic-class transactional-data
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-MULTIMEDIA-STREAMING
match protocol attribute traffic-class multimedia-streaming
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-NETWORK-MANAGEMENT
match protocol attribute traffic-class ops-admin-mgmt
match protocol attribute business-relevance business-relevant

class-map match-all CLASS-NBAR-NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-MULTIMEDIA-CONFERENCING
match protocol attribute traffic-class multimedia-conferencing
match protocol attribute business-relevance business-relevant
class-map match-all CLASS-NBAR-BROADCAST-VIDEO
match protocol attribute traffic-class broadcast-video
match protocol attribute business-relevance business-relevant

policy-map POLICY-INGRESS-LAN-MARKING
class CLASS-NBAR-VOICE
set dscp ef
class CLASS-NBAR-REAL-TIME-INTERACTIVE
set dscp cs4
class CLASS-NBAR-MULTIMEDIA-STREAMING
set dscp af31
class CLASS-NBAR-CALL-SIGNALING
set dscp cs3
class CLASS-NBAR-NETWORK-MANAGEMENT
set dscp cs2
class CLASS-NBAR-SCAVENGER
set dscp cs1
class CLASS-NBAR-NETWORK-CONTROL
set dscp cs6
class CLASS-NBAR-TRANSACTIONAL-DATA
set dscp af21
class CLASS-NBAR-MULTIMEDIA-CONFERENCING
set dscp af41
class CLASS-NBAR-BROADCAST-VIDEO
set dscp cs5
class class-default
set dscp default

interface GigabitEthernet0/0
description trunk port to the Switch
ip nbar protocol-discovery ipv4
ip flow monitor NetFlow-Monitor-v4 input
ip flow monitor NetFlow-Monitor-v4 output
duplex auto
speed auto
service-policy input POLICY-INGRESS-LAN-MARKING
service-policy output POLICY-INGRESS-LAN-MARKING
end

now on the WAN side, facing the service provider I have grouped the classes defined earlier into a 6 Classes model and applied a Policy-map as well. Would that be okay to keep it as it is?

Collin Clark · ‎08-10-2018

You should enable auto qos on the switch so the edge port is your marking/trust edge. On the router, you are remarking the packets. Is that your intention?

Nisterio · ‎08-10-2018

@Collin Clark AutoQos is enabled on the switch on the switch, and I intended to enable QoS auto-classify on the edge ports using the AUTOQOS-SRND4-CLASSIFY-POLICY then remark the traffic at the router level. So Yes, I want the switch's edge ports to be the marking/trust edge ports. The configuration will be something like this :

Switch#

class-map match-all AUTOQOS_MULTIENHANCED_CONF_CLASS
match access-group name AUTOQOS-ACL-MULTIENHANCED-CONF

class-map match-all AUTOQOS_DEFAULT_CLASS
match access-group name AUTOQOS-ACL-DEFAULT

class-map match-all AUTOQOS_TRANSACTION_CLASS
match access-group name AUTOQOS-ACL-TRANSACTIONAL-DATA

class-map match-all AUTOQOS_SIGNALING_CLASS
match access-group name AUTOQOS-ACL-SIGNALING

class-map match-all AUTOQOS_BULK_DATA_CLASS
match access-group name AUTOQOS-ACL-BULK-DATA

class-map match-all AUTOQOS_SCAVANGER_CLASS
match access-group name AUTOQOS-ACL-SCAVANGER
!

policy-map AUTOQOS-SRND4-CLASSIFY-POLICY
class AUTOQOS_MULTIENHANCED_CONF_CLASS
set dscp af41
class AUTOQOS_BULK_DATA_CLASS
set dscp af11
class AUTOQOS_TRANSACTION_CLASS
set dscp af21
class AUTOQOS_SCAVANGER_CLASS
set dscp cs1
class AUTOQOS_SIGNALING_CLASS
set dscp cs3
class AUTOQOS_DEFAULT_CLASS
set dscp default

GigabitEthernet1/0/x-y
auto qos classify

switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out

mls qos trust cos (or dscp)

Now The issue I see with enabling Auto QoS on the switch interfaces is the following :

Since most of the switches I use are 2960-X, the QoS auto-classify command will generate a new ACL with a list of ports (port range) to match. If an application is not found within the port range defined in the ACL, it will be marked as default until it gets to the router, where NBAR will reclassify it. Another issue is the amount of auto-generated classes. Six classes only, what if I want the voice traffic to be treated differently? Is there a different way to deal with the QoS at the switch level ??

Collin Clark · ‎08-11-2018

You have a couple of options:

Add ACL's in the switch to classify the unknown application.

Mark the unknown applications at the router via NBAR.

As far as queuing, depending on the router model depends on how many queues you can create. VoIP should always be in the Priority Queue.