10-28-2013 07:24 AM - edited 03-04-2019 09:25 PM
Hi,
I need help to understand this configuration. Could you help me ?
class-map match-any DSCP-IN-D1INPUT
match access-group name DSCP-IN-D1INPUT
class-map match-any DSCP-IN-D2INPUT
match access-group name DSCP-IN-D2INPUT
class-map match-any DSCP-IN-D3INPUT
match access-group name DSCP-IN-D3INPUT
class-map match-any DSCP-IN-D4INPUT
match access-group name DSCP-IN-D4INPUT
class-map match-any DSCP-OUT-D4-OFFICE
match ip dscp af21
class-map match-any DSCP-OUT-D1-OFFICE
match ip dscp ef
class-map match-any DSCP-OUT-D2-OFFICE
match ip dscp af41
class-map match-any DSCP-OUT-D3-OFFICE
match ip dscp af31
class-map match-all DSCP-COUNT-D4INPUT
match ip dscp af21
class-map match-all DSCP-COUNT-D1INPUT
match ip dscp ef
class-map match-any DSCP-COUNT-D2INPUT
match ip dscp af41
class-map match-all DSCP-COUNT-D3INPUT
match ip dscp af31
class-map match-all DSCP-OUT-D1INPUT
match ip dscp ef
class-map match-all DSCP-OUT-D3INPUT
match ip dscp af31
class-map match-all DSCP-OUT-D2INPUT
match ip dscp af41
class-map match-all DSCP-OUT-D4INPUT
match ip dscp af21
!
!
policy-map COS-OUT-D4-OFFICE
class DSCP-OUT-D4INPUT
police cir 300000 bc 150000 be 75000
conform-action transmit
exceed-action set-dscp-transmit af12
policy-map COS-OUT-D3-OFFICE
class DSCP-OUT-D3INPUT
police cir 2400000 bc 600000 be 300000
conform-action transmit
exceed-action set-dscp-transmit af22
policy-map COS-OUT-D2-OFFICE
class DSCP-OUT-D2INPUT
police cir 2700000 bc 600000 be 300000
conform-action transmit
exceed-action set-dscp-transmit af32
policy-map COS-OUT-D1-OFFICE
class DSCP-OUT-D1INPUT
police cir 600000 bc 37000 be 14000
conform-action transmit
exceed-action set-dscp-transmit af42
policy-map COS-OUT-OFFICE
class DSCP-OUT-D1-OFFICE
bandwidth remaining percent 5
random-detect dscp-based
random-detect dscp 26 25 75 20
random-detect dscp 28 12 24 20
service-policy COS-OUT-D1-OFFICE
class DSCP-OUT-D2-OFFICE
bandwidth remaining percent 40
random-detect dscp-based
random-detect dscp 18 38 76 20
random-detect dscp 20 21 42 20
service-policy COS-OUT-D2-OFFICE
class DSCP-OUT-D3-OFFICE
bandwidth remaining percent 45
random-detect dscp-based
random-detect dscp 10 48 96 20
random-detect dscp 12 31 62 20
service-policy COS-OUT-D3-OFFICE
class DSCP-OUT-D4-OFFICE
bandwidth remaining percent 9
random-detect dscp-based
random-detect dscp 10 48 96 20
random-detect dscp 12 31 62 20
service-policy COS-OUT-D4-OFFICE
policy-map COUNT-IN
class DSCP-COUNT-D1INPUT
set dscp ef
class DSCP-COUNT-D2INPUT
set dscp af41
class DSCP-COUNT-D3INPUT
set dscp af31
class DSCP-COUNT-D4INPUT
set dscp af21
policy-map COS-IN
class DSCP-IN-D1INPUT
set dscp ef
class DSCP-IN-D2INPUT
set dscp af41
class DSCP-IN-D3INPUT
set dscp af31
class DSCP-IN-D4INPUT
set dscp af21
!
!
interface Multilink13
! Extract from the full configuration
service-policy INPUT COUNT-IN
service-policy output COS-OUT-OFFICE
!
interface FastEthernet0/1
! Extract from the full configuration
service-policy INPUTut COS-IN
Regards
10-28-2013 08:47 AM
What kind of help do you need? Reason I ask, learning QoS can be a multi-day course, so was this something in particular you don't understand?
Also, what's the device and its running IOS version?
10-28-2013 09:05 AM
Hello.
The logic here is:
The primary aim of that policy is to limit class bandwidth to some predefined values... at the same time doing remarking in case what bandwidth exceeded, but bandwidth assigned to class is no consistent with policer values
So:
Configuration is not consistent sometimes... for example, EF remarked into af42, but queue size is tuned for af31/af32.
I would say it's easier to rewrite the policy, like following:
policy-map COS-OUT-OFFICE
class DSCP-OUT-D1-OFFICE
bandwidth remaining percent 5
police cir 600000 bc 37000 be 14000
conform-action transmit
exceed-action set-dscp-transmit af42
random-detect dscp-based
random-detect dscp 46 25 75 20
random-detect dscp 36 12 24 20
class DSCP-OUT-D2-OFFICE
bandwidth remaining percent 40
police cir 2700000 bc 600000 be 300000
conform-action transmit
exceed-action set-dscp-transmit af32
random-detect dscp-based
random-detect dscp 34 38 76 20
random-detect dscp 28 21 42 20
class DSCP-OUT-D3-OFFICE
bandwidth remaining percent 45
police cir 2400000 bc 600000 be 300000
conform-action transmit
exceed-action set-dscp-transmit af22
random-detect dscp-based
random-detect dscp 26 48 96 20
random-detect dscp 20 31 62 20
class DSCP-OUT-D4-OFFICE
bandwidth remaining percent 9
police cir 300000 bc 150000 be 75000
conform-action transmit
exceed-action set-dscp-transmit af12
random-detect dscp-based
random-detect dscp 18 48 96 20
random-detect dscp 12 31 62 20
class class-default
I would also guess that ACL DSCP-IN-D4INPUT defining scavenger class (due to low bandwidth)... but it's not obvous why do we lack bandwidth for default class.
I would replace "bandwidth remaining percent xx" with absolute values, as policer is configured with absolute rate.
If you need any more clarification, please share description of your and provider's QoS policy, as well as content of ACLs in use.
Please sare output of show policy-map out M13
10-29-2013 02:22 AM
Hi,
I was looking for this kind of explanation !
The IOS : c2800nm-ipbasek9-mz.124-24.T3.bin
Here is a short explanation by the author of the QoS (Google Translate)
- When a stream enters the network, whether from a server to a PC or phone, it passes through an access-list that identifies it.
- It is then marked by the router as: real-time priority, normal, best effort by example
- All devices receive the package later can read this value (dscp)
- Each router will then be on its WAN interfaces information about each queues and how to treat them.
- In case of congestion links, flows such as voice over IP, but also others, will therefore be transmitted first with guaranteed bandwidth on the WAN. flows lower priority will be delayed, see discarded in case of congestion.
The ACL :
ip access-list extended DSCP-IN-D1INPUT
permit ip 172.27.0.0 0.0.255.255 172.27.0.0 0.0.255.255
permit ip any host 172.31.2.92
permit ip any host 172.31.2.93
permit ip host 172.31.2.92 any
permit ip host 172.31.2.93 any
permit icmp any any
ip access-list extended DSCP-IN-D2INPUT
permit tcp any any eq 1494
permit udp any any eq 1604
permit tcp any any eq 3389
permit tcp any any eq www
permit tcp any any eq 443
permit tcp any any eq 1433
permit tcp any any eq 389
permit udp any any eq 389
permit tcp any any eq 88
permit udp any any eq 88
permit udp any any eq domain
permit udp any any eq netbios-ns
permit udp any any eq ntp
permit tcp any eq 1494 any
permit udp any eq 1604 any
permit tcp any eq 3389 any
permit tcp any eq www any
permit tcp any eq 443 any
permit tcp any eq 1433 any
permit tcp any eq 389 any
permit udp any eq 389 any
permit tcp any eq 88 any
permit udp any eq 88 any
permit udp any eq domain any
permit ip any host 172.31.5.201
permit ip host 172.31.5.201 any
permit ip any host 172.31.13.201
permit ip host 172.31.13.201 any
permit ip any host 172.31.137.201
permit ip host 172.31.137.201 any
ip access-list extended DSCP-IN-D3INPUT
deny ip any 172.25.0.0 0.0.255.255
deny ip 172.25.0.0 0.0.255.255 any
permit tcp any any eq 8080
permit tcp any any eq telnet
permit tcp any any eq 22
permit tcp any any eq 139
permit tcp any any eq 135
permit tcp any any eq 445
permit tcp any any eq 1025
permit tcp any eq 8080 any
permit tcp any eq telnet any
permit tcp any eq 22 any
permit tcp any eq 139 any
permit tcp any eq 135 any
permit tcp any eq 445 any
permit tcp any eq 1025 any
ip access-list extended DSCP-IN-D4INPUT
permit ip any 172.25.0.0 0.0.255.255
permit ip 172.25.0.0 0.0.255.255 any
permit tcp any any eq 9100
permit tcp any any eq lpd
permit tcp any any eq 2967
permit tcp any eq 9100 any
permit tcp any eq lpd any
permit tcp any eq 2967 any
permit ip any any
Output from sh policy-map out M13
The configuration may have changed
Service-policy INPUT: COUNT-IN
Class-map: DSCP-COUNT-D1INPUT (match-all)
850 packets, 85660 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
QoS Set
dscp ef
Packets marked 850
Class-map: DSCP-COUNT-D2INPUT (match-any)
3320 packets, 724161 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
3320 packets, 724161 bytes
5 minute rate 0 bps
QoS Set
dscp af41
Packets marked 3320
Class-map: DSCP-COUNT-D3INPUT (match-all)
20172 packets, 3345732 bytes
5 minute offered rate 2000 bps, drop rate 0 bps
Match: ip dscp af31 (26)
QoS Set
dscp af31
Packets marked 20172
Class-map: DSCP-COUNT-D4INPUT (match-all)
164527 packets, 16400678 bytes
5 minute offered rate 72000 bps, drop rate 0 bps
Match: ip dscp af21 (18)
QoS Set
dscp af21
Packets marked 164527
Class-map: class-default (match-any)
3899 packets, 3348857 bytes
5 minute offered rate 44000 bps, drop rate 0 bps
Match: any
Service-policy output: COS-OUT-OFFICE
Class-map: DSCP-OUT-D1-OFFICE (match-any)
838 packets, 81476 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
838 packets, 81476 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 838/81476
bandwidth remaining 5% (307 kbps)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum
Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh
thresh prob
af31 0/0 0/0 0/0 25
75 1/20
af32 0/0 0/0 0/0 12
24 1/20
ef 185676/17097363 0/0 0/0 36
40 1/10
Service-policy : COS-OUT-D1-OFFICE
Class-map: DSCP-OUT-D1INPUT (match-all)
838 packets, 81476 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
police:
cir 600000 bps, bc 37000 bytes, be 14000 bytes
conformed 838 packets, 81476 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af42
violated 0 packets, 0 bytes; actions:
set-dscp-transmit af42
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: DSCP-OUT-D2-OFFICE (match-any)
3643 packets, 2688709 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
3643 packets, 2688709 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 3643/2688709
bandwidth remaining 40% (2457 kbps)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 1 packets
dscp Transmitted Random drop Tail drop Minimum
Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh
thresh prob
af21 0/0 0/0 0/0 38
76 1/20
af22 0/0 0/0 0/0 21
42 1/20
af32 10400/14631041 9/13168 50/72566 28
40 1/10
af41 624570/396758744 24/27796 166/213900 32
40 1/10
Service-policy : COS-OUT-D2-OFFICE
Class-map: DSCP-OUT-D2INPUT (match-all)
3643 packets, 2688709 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
police:
cir 2700000 bps, bc 600000 bytes, be 300000 bytes
conformed 3643 packets, 2688709 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af32
violated 0 packets, 0 bytes; actions:
set-dscp-transmit af32
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: DSCP-OUT-D3-OFFICE (match-any)
24989 packets, 21918576 bytes
5 minute offered rate 2000 bps, drop rate 0 bps
Match: ip dscp af31 (26)
24989 packets, 21918576 bytes
5 minute rate 2000 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 24989/21918576
bandwidth remaining 45% (2764 kbps)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum
Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh
thresh prob
af11 0/0 0/0 0/0 48
96 1/20
af12 0/0 0/0 0/0 31
62 1/20
af22 146397/218231936 33/46270 20/29823 28
40 1/10
af31 3512639/2214458323 38/46246 49/57435 32
40 1/10
Service-policy : COS-OUT-D3-OFFICE
Class-map: DSCP-OUT-D3INPUT (match-all)
24989 packets, 21918576 bytes
5 minute offered rate 2000 bps, drop rate 0 bps
Match: ip dscp af31 (26)
police:
cir 2400000 bps, bc 600000 bytes, be 300000 bytes
conformed 24989 packets, 21918576 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af22
violated 0 packets, 0 bytes; actions:
set-dscp-transmit af22
conformed 2000 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: DSCP-OUT-D4-OFFICE (match-any)
165452 packets, 15493199 bytes
5 minute offered rate 89000 bps, drop rate 0 bps
Match: ip dscp af21 (18)
165452 packets, 15493199 bytes
5 minute rate 89000 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 165451/15493114
bandwidth remaining 9% (552 kbps)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum
Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh
thresh prob
af11 0/0 0/0 0/0 48
96 1/20
af12 1011572/1505243377 102/153204 23/33098 31
62 1/20
af21 36146830/3404118332 10/7207 136/133603 32
40 1/10
Service-policy : COS-OUT-D4-OFFICE
Class-map: DSCP-OUT-D4INPUT (match-all)
165452 packets, 15493199 bytes
5 minute offered rate 89000 bps, drop rate 0 bps
Match: ip dscp af21 (18)
police:
cir 300000 bps, bc 150000 bytes, be 75000 bytes
conformed 164905 packets, 14673422 bytes; actions:
transmit
exceeded 50 packets, 74920 bytes; actions:
set-dscp-transmit af12
violated 496 packets, 744772 bytes; actions:
set-dscp-transmit af12
conformed 138000 bps, exceed 18000 bps, violate 173000 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Class-map: class-default (match-any)
748 packets, 68440 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 748/66564
10-29-2013 11:47 AM
Please provide your ISP's QoS settings/profile for the interface.
And what is the interface bandwidth?
Please paste output of show int mu13
PS: what other clarifications do you need?
10-29-2013 12:41 PM
Hi
In fact, I don't understand how to choose these values (in bold) :
class DSCP-OUT-D1-OFFICE
bandwidth remaining percent 5
police cir 600000 bc 37000 be 14000
conform-action transmit
exceed-action set-dscp-transmit af42
random-detect dscp-based
random-detect dscp 46 25 75 20
random-detect dscp 36 12 24 20
Here is the output from sh int Mu13
Multilink13 is up, line protocol is up
Hardware is multilink group interface
Internet address is 192.168.13.33/30
MTU 1500 bytes, BW 6144 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 2/255, rxload 2/255
Encapsulation PPP, LCP Open, multilink Open
Listen: CDPCP
Open: IPCP, loopback not set
Keepalive set (2 sec)
DTR is pulsed for 2 seconds on reset
Last input 00:00:01, output never, output hang never
Last clearing of "show interface" counters 10:46:41
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
5 minute input rate 58000 bits/sec, 60 packets/sec
5 minute output rate 57000 bits/sec, 59 packets/sec
3930200 packets input, 539608101 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
4026963 packets output, 942427089 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
10-29-2013 11:50 PM
Hello.
class DSCP-OUT-D1-OFFICE
bandwidth remaining percent P0
police cir X1 bc X2 be X3
conform-action transmit
exceed-action set-dscp-transmit af42
random-detect dscp-based
random-detect dscp 46 Q1 Q2 D3
random-detect dscp 36 Q4 Q5 D6
X1 - target rate; X2 - is a bucket size... for real-time X2 should be about X1/100 or X1/50, for data classes it could be up to X1/20. X3 - it's to deal with bursts... it's not common to configure this value unless you own infrastructure, or pretty sure that ISP will proceed the exceeded traffic.
P0 should be a little bigger than X1 (otherwise policer won't help in case of congestion).
Q1 - it's a mean queue size when WRED will start dropping traffic with drop probability of 100% divided by D3.
Q2 - it's a mean queue size when all the new packet will be dropped ("tail drop").
Q4 much less than Q1 and Q5 than Q2 because we would like to drop exceeded (and remarked) traffic.
D3 and D6 - it's a drop probability (100% divided by D), but 20 is too much I guess; I would say D6 should be 5.
About D1 class: if it's IPT, then using WRED is not a good idea; IPT class should use LLQ (strict priority).
One more note about Q1/Q2.
Let's imaging all the queue is full with 1500 bytes packets... according to Q2, the queue size is 1500*96 = 144Kb; having only 300Kbps in case of congestion will result in "144000*8/300000= 3.84 sec of queuing delay... 48 is still too much, even if you count 800 byte packets!
That is cruel to printing class
PS: it's not common to have policer if your multilink is configured to survive in case of single link failture.
PS2: Q1/Q2/Q4/Q5/D6 (not sure if there is a reason to change D3) are chosen based on link bandwidth, link line speed (in your case it's the same), router's amount of memory, traffic pattern (requirement for latency, drops and etc.) and allocated (to class) bandwidth. In large implementations it's better to experiment with some sets of vlaues (and find the best based on end-user experience) before rolling out over the production.
10-30-2013 03:37 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Although I haven't carefully read all your replies, with just a quick glance at this last posting, my understanding of some of WRED's parameters is different.
The application to packet percentage, when queue's mean depth is at the first value is a little complicated to compute. You need to do a x/y line analysis, where the depth one less 1st-value is at zero percent, and percent is 1/3rd-value at the 2nd-value. At 2nd-value plus one, application percent is then 100.
It's also important to keep in mind, depth is a running average. It's possible actual instantaneous queue depth can be much larger, and there's no application of WRED percentages or even instantaneous queue depth is zero, and WRED impacts packets.
10-31-2013 07:42 AM
Hi,
Thanks for all your answers.
The values for the random-detect dscp commands are a bit strange.
I still don't understand how don't understand why the DSCP-OUT-D1-OFFICE is designed for voice.
Regards
10-31-2013 08:49 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I still don't understand how don't understand why the DSCP-OUT-D1-OFFICE is designed for voice.
IMO, it's not (well) designed for VoIP bearer.
10-31-2013 10:08 AM
The values for the random-detect dscp commands are a bit strange.
I still don't understand how don't understand why the DSCP-OUT-D1-OFFICE is designed for voice.
Please let me know why do you think they are "a bit strange"?
The class consumes voice traffic, as it matches all the traffic with dscp equal to EF.
11-01-2013 11:43 AM
I don't understand why the third parameter is not simply equal to 100
Here is what I have found on an old Cisco documentation :
random-detect dscp dscp_value minimum-threshold maximum-threshold mark-probability-denominator
The values I find when I calculate the maximum probability of discard are very low.
And one naive question : if the routers are not configured for QoS, does the value of DSCP field have a great impact on traffic and drop ?
11-01-2013 06:41 PM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I don't understand why the third parameter is not simply equal to 100
Because you're trying to avoid 100% drop. The whole point of RED is dropping some (i.e. as few as required) packets will cause the flow to slow its transmission rate. RED is trying to maximize "goodput".
And one naive question : if the routers are not configured for QoS, does the value of DSCP field have a great impact on traffic and drop ?
If the router isn't "looking" at ToS, DSCP has NO impact. (By default, most routers don't "look" at ToS.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide