Would this be applied to the physical interface or the sub-interface?

Hello,

you might not be able to apply it the service policy to a subinterface. Try it, and if you get an error message telling you that CBWFQ, you probably need to create a parent policy first.

Thanks for the replies. Now they are telling me that we need a shaping policy and a CoS policy. Can anyone assist with basic CoS as well?

Hello

It would be good to know what qos policy’s if any your isp are expecting - you would probably need to mark/classify traffic to meet their qos policy otherwise certain priority traffic you set could not meet your isp qos policy's and thus get either reclassified or even dropped

Here are examples they gave us:

Class-map match-any COS5 !Non-business or “scavenger” traffic
match access-group name COS5-Traffic !See ACL examples below
!
class-map match-any COS3 !Multi-second response time apps
match access-group name COS3-Traffic !See ACL examples below
!
class-map match-any COS2V !Video conferencing app
match access-group name COS2V-Traffic !See ACL examples below
!
class-map match-any COS2 !Sub-second response time apps
match access-group name COS2-Traffic !See ACL examples below
match ip dscp af31 !Traffic pre-marked with DSCP AF31
!
class-map match-any COS1 !VoIP
match ip dscp ef !COS 1 for pre-marked real time traffic
!
class-map match-any COS5-Traffic !Video streaming
match ip dscp af11 !COS 5 for pre-marked real time traffic

policy-map COS
class COS1
priority 256 !Allocate 256K for real time traffic- provides LLQ
set ip dscp ef
class COS2
bandwidth remaining percent 30
set ip dscp af31
queue-limit 600 packets ! see paragraph above
class COS2V
bandwidth remaining percent 50
set ip dscp af41
queue-limit 600 packets
class COS3
bandwidth remaining percent 15
set ip dscp af21
queue-limit 600 packets
class COS5
bandwidth remaining percent 1
set ip dscp af11
queue-limit 600 packets
class class-default !Class-default is pre-defined in IOS; it matches any
bandwidth remaining percent 4 !remaining traffic
set ip dscp default
queue-limit 600 packets

policy-map ETHERNETSHAPING !”Parent policy”
class class-default
shape average <Target Rate> <Bc> <Be> account user-defined 28
!See details below
queue-limit 2048 !See paragraph below
service-policy COS !Nested COS “child” service-policy. For example see “policy-map COS” in Section 3.2 “Create a Policy”

interface FastEthernet0/0
description ** 10M AVPN Ethernet **
no ip address
duplex full
speed 100
max-reserved-bandwidth 100

interface FastEthernet0/0.1139
encapsulation dot1Q 1139
ip address 10.64.42.253 255.255.255.252
no cdp enable
service-policy output ETHERNETSHAPING !Shaping policy applied to the sub-interface

Hello,

the sample policy they sent you is geared towards voice/video real time traffic. Is that what you actually use in your network, and are you actually experiencing latency ? In the original post you were talking about packet loss...

Post the output of:

show interfaces x

where 'x' is the outgoing (sub)interface.

Backstory - We are cutting over from old AVPN to new AVPN. We migrated Site 1 (corporate office), then remote sites 2-6 and everything went well. After we cutover Site 7 (disaster recovery site), we starting experiencing massive packet loss on Site 1 (corporate office). I feel that AT&T was just guessing at the issue as they told us they were "sure" it was many different things. After doing what they suggested each time, the issue remained. Here is what we have done so far...

1. Replaced fiber module in Ciena box – we tried four (including two Ciena certified modules that the AT&T technician provided)
2. Replaced fiber patch cabling from Ciena box to Cisco router (CER) – we tried three (including the recommended single mode fiber)
3. Replaced fiber module in the Cisco router – we tried three (including the recommended 1000Base-LX module)
4. Replaced Cisco router – we tried two (model is Cisco 4321)
5. Updated software (IOS) and firmware (Rommon) on router – we upgraded to the latest versions

After none of these fixed the issue, AT&T said that we needed to create a traffic shaping policy. I worked with one of our Cisco consultants yesterday and we did that, but the problem still remains. Now AT&T wants us to create a CoS policy as well. Here's the kicker, if I disable the LAN side of Site 7's router (disaster recovery site), the packet loss stops. However, AT&T says that circuit is not the cause of our issues...

Hello,

-->  if I disable the LAN side of Site 7's router (disaster recovery site), the packet loss stops.

Can you post a schematic overview of your network topology ? We have no idea what site 7 is and how it is connected to the AT&T circuit. What traffic is this site sending ?

That said, it sounds like your problems are not specifically related to voice/video/real-time traffic, but rather to an overall packet loss. In which case the detailed QoS policy suggested by AT&T probably won't help much.

Have you tried the shaping policy that was suggested by us ?

Each of the seven sites has a direct link back to the AT&T AVPN. So we have our CER and the next hop is the PER. Then it's on AT&T's network.

"After we cutover Site 7 (disaster recovery site), we starting experiencing massive packet loss on Site 1 (corporate office)."

Possibly due to volume of traffic to keep DR site in "sync".

Often MPLS WANs are provisioned as multi-point. You generally have congestion point going into the MPLS WAN cloud, which, with a router, is easy to manage such congestion with an egress interface (to cloud) QoS policy. If the physical interface provides more bandwidth then your guaranteed rates, you can (and should) shape the traffic to the provisioned rate. Optionally you can selectively prioritize your egress traffic.

A MPLS WAN, multi-point, might also congest from their cloud to your site. (Congestion within the MPLS cloud is possible, but shouldn't be a factor if you keep under you contracted data rates.) If such WAN egress congestion is due to aggregate traffic from more than one site to another, your only (sub-optimal) way to manage that is to shape all your sites so their total possible aggregate doesn't oversubscribe the egress link more than you desire. The (much) better way, is to have QoS on the MPLS WAN egress (to your site) interface. Generally, MPLS vendors support some form of the latter. What you need to do, is select the most optimal option your MPLS provider offers, and work within its framework (generally accomplished by usage of agreed upon IP ToS markings).

BTW, few (including consultants from AT&T or Cisco) truly well understand how to use QoS effectively. Many also don't appreciate the possible impact of short term (i.e. microbust) transient congestion.