Re: Nested Qos WAN Policy on Hub towards Spokes on a SP managed

vdadlaney · ‎12-07-2010

Hi, I am trying to understand if the following policy can be applied to a Sub-rate Interface which is the Hub Site. The intent is to create a shaper for each and every remote site so that the hub cannot overrun the remote sites which have smaller circuit. Initially when I started out I was thinking I could apply 2 child policies to a Parent policy but not sure if that will work. Is it possible to have multiple child policies applied to a Parent policy? The config below is not what I intended but is a backup incase the answer to the question above about the child policies is "no". Appreciate any feedback on the config and if this is a feasible solution or not. Thx for your help.

Config based on the following scenario

Hub Site: 200Mb Circuit

Spoke1: 10Mb Circuit

Spoke 2: 20Mb Circuit

QOS Concept

1. Child Policy Traffic defines the traffic at every site whether Voice, Mgmt etc

2. The child policy Traffic gets applied to Mid-Level Policy Sites which is a policy to classify, define and shape per individual site

3. Mid level policy Sites gets applied to the parent policy Global_Shaper. That policy defines a shaper for the entire interface

4. Finally parent policy Global_Shaper gets applied to the subinterface g0/0.1. The sub-interface is the only interface on that main interface. The reason that had to be done was because the other end has 802.1q encap and not ARPA.

*********** Define Child Policy ***********
class-map match-any Voice
match ip dscp ef
!
class-map match-any Mgmt
match ip dscp cs2
!
!
policy-map Traffic
   class Voice
       priority percent 20
!
   class Mgmt
       bandwidth percent 10
!
    class class-default
    bandwidth percent 70
!
!
********** Define Mid-Level Policy **********
!
ip access-list extended Site-1
permit ip any 10.10.10.0 0.0.0.255
!
ip access-list extended Site-2
permit ip any 10.10.20.0 0.0.0.255
!
class-map match-any Site-1
match access-group name Site-1
!
class-map match-any Site-2
match access-group name Site-2
!
policy-map Sites
   class Site-1
      bandwidth 10000
      shape average 10000000
      service-policy Traffic
!
    class Site-2
      bandwidth 20000
      shape average 20000000
      service-policy Traffic
!

********** Define Parent Policy **********
!
policy-map Global_Shaper
   class class-default
      bandwidth 200000
      shape average 175000000
      service-policy Sites
!
********** Apply Parent Policy to Interface **********
!
int g0/0.1
bandwidth 200000
service-policy output Global_Shaper
!

Appreciate any feedback.

Questions I have are

1. Will this policy work?

2. Will the bandwidth statement under each policy hold or will it use the global bw statement under the interface.

3. Is there any way to make it even more generic by making a policy for 10Mb Circuit and 20Mb Circuit so its more of a template. I will try and figure this out tomorrow if I can but any ideas would be great

4. Any thoughts or concerns?

Thx

Regards,

Vikram

vdadlaney · ‎12-08-2010

Anyone? thx

Lei Tian · ‎12-08-2010

Hi Vikram,

That looks valid for me. The bandwidth under 2nd level policy gives the minimum guarantee for child class, and the shaper gives the upper limit for child class. One thing I am not sure is whether you need the bandwidth under Global_Shaper. The shape 175M will give a upper limit for all 2nd level policy, so, I don't think bandwidth 200m under global_shaper will be used.

I think that should work for code support HQF model, but test it first.

Regards,

Lei Tian

Mohamed Sobair · ‎12-08-2010

Hi,

No , this wont work, you need to have the following:

1- You need to classify and Mark at the ingress.

2- You need to match your marking by creating another Policy

3- After that, you will have to create a SINGLE child policy and One parent policy.

4- Apply your Policy to the interface.

HTH

Mohamed

vdadlaney · ‎12-08-2010

@Lei - Thx for your help. Do you see any limitations with this policy if say I have 1 site that needs a different policy and say it has some other traffic that all the other sites don't have that needs to be marked as mission critical. My intent is to generate a config that is somewhat of a template so if I have a new site than all I need to do is define a policy for it and it works. Also is it possible to apply multiple service-policies under a policy-map so can I do something like

policy-map Sites
   class Site-1
      bandwidth 10000
      shape average 10000000
      service-policy Traffic

service-policy

Appreciate all your help. Pls do go ahead and provide any feedback if you see any limitations. I just saw your post in another thread I had where you had mentioned that a policy per site does not scale. Pls do let me know if there is any way to optimize this config or if there is any other way besides using DMVPNs as we are currently not planning on doing it. Thx

@Mohamed - Thx for your help.

msobier123 wrote:

1- You need to classify and Mark at the ingress.

The config I posted in my original post assume that the packets are already marked at the edges and am trying to avoid doing it when the traffic comes into this WAN Router.

2- You need to match your marking by creating another Policy

The markings are being matched by the Child Policy Traffic in the config in my original post.

3- After that, you will have to create a SINGLE child policy and One parent policy.

Could you please provide some more details on the above. Not sure why I can't have a nested 3-tier policy. Is that a limitation that you have encountered?

Appreciate your help and any feedback that you might have. Thx

Regards,

Vikram

Lei Tian · ‎12-08-2010

Hi Vikram,

@Lei - Thx for your help. Do you see any limitations with this policy if say I have 1 site that needs a different policy and say it has some other traffic that all the other sites don't have that needs to be marked as mission critical. My intent is to generate a config that is somewhat of a template so if I have a new site than all I need to do is define a policy for it and it works.

That should be fine, you can create different child policy attach to different 2nd level shaper. There is limitation of number of shaper you can create, I think is 256.

Also is it possible to apply multiple service-policies under a policy-map so can I do something like
policy-map Sites
   class Site-1
      bandwidth 10000
      shape average 10000000
      service-policy Traffic
      service-policy

I don't think that is a supported configure, you can only apply one policy-map.

Appreciate all your help. Pls do go ahead and provide any feedback if you see any limitations. I just saw your post in another thread I had where you had mentioned that a policy per site does not scale. Pls do let me know if there is any way to optimize this config or if there is any other way besides using DMVPNs as we are currently not planning on doing it. Thx

That is because MPLS is any to any network, even you can control the traffic from hub to remotes by using per site qos, you cannot control traffic from remote to remote. DMVPN is used for hub and spoke topology, so it make sense to have per tunnel qos.

Regards,

Lei Tian

vdadlaney · ‎12-08-2010

Hi Lei,

Thx for responding. I never thought about the spoke-to-spoke communication primarily because we do not have that traffic pattern today and there should not be any even after we migrate except for Voice so don't intend to create a shaper at each spoke for other spokes because as you mentioned that will not scale. I don't think this should be a problem since the BW out of each spoke site will be limited to the port speed of that site. It is possible that in a certain situation a spoke could possibly overwhelm another spoke but in that case the provider can drop that traffic since they will be rate-limiting it on their PE towards the CE as well. Pls let me know if you see any issues with this.

A couple other questions on the config I had

- Do I need the BW statement under the mid-level policy. From what I am reading that BW statement is reserving the BW for that class but the shaper should do the same. So under the policy-map Sites for each Site can I remove the BW statement as the shaper should have the same effect?

- What if I get rid of the Parent policy and just apply the mid-level policy to the interface. It should have the same effect except now I am not limiting my interface to its maximum BW but am limiting based on per site. The issue I see with that is if any traffic does not get classified to any of the Sites and goes in the Class-default than it could possibly oversubscribe the interface. Is that thinking correct?

- Can I apply the policy to the main interface instead of the subinterface and do I need to specify max-reserved-bw on that interface.

Thx for your help.

Regards,

Vikram

Lei Tian · ‎12-08-2010

Hi Vikram,

- Do I need the BW statement under the mid-level policy. From what I am reading that BW statement is reserving the BW for that class but the shaper should do the same. So under the policy-map Sites for each Site can I remove the BW statement as the shaper should have the same effect?

BW provides the minimum guarantee for each site; it also provides the weight for each class, so traffic in each class can be send based on the weight. Without BW, all class will equally share the total available bandwidth from 1st level shaper. So, I think having BW should get you better result.

- What if I get rid of the Parent policy and just apply the mid-level policy to the interface. It should have the same effect except now I am not limiting my interface to its maximum BW but am limiting based on per site. The issue I see with that is if any traffic does not get classified to any of the Sites and goes in the Class-default than it could possibly oversubscribe the interface. Is that thinking correct?

The 1st level shaper is required for sub-rate link; for example, 200M link from GE interface. Without the shaper, GE interface will never get congested, and traffic will be dropped by provider.

- Can I apply the policy to the main interface instead of the subinterface and do I need to specify max-reserved-bw on that interface.

Yes, you can apply policy to main interface. For HQF model, you dont need max-reserved-bw.

Regards,

Lei Tian

BenBen · ‎03-04-2013

Hi vdadlaney,

Did you successfully implement the solution you provided here? I am currently in the same situation. I have a MPLS network, the hub is 100Mbps, spoke sites are either 10Mbps or 3Mbps.

I wish your solution work. The only uncertainty is the using of priority queue in the Child policy-map.


 policy-map   Sites
     class Site-1
        bandwidth 10000
        shape average 10000000
        service-policy Traffic

The bandwidth commend in above is reserving non LLQ bandwidth. The following may work.

!Identify Voice traffic

access-liest extended voice permit udp any any eq xxxxxx

policy-map Sites

class voice

priority 10000

service-policy sites-voice

Policy-map sites-voice

class site1-voice

police 500

class site2-voice

police 500

This is just an idea, the syntax may (is) not correct. That will be great if you can let me know the result.

Much thanks.

wtribble80 · ‎04-29-2013

Did you ever get this 3-tier policy to work?

I have a similiar situation with 150mb/s mpls hub site and many smaller links to branch offices ranging from T-1 to 30mb/s. The provider is tail dropping packets like crazy to the smaller sites with their cookie cutter QOS policies. Traffic to our Proxy Server is suffering especially bad with tail drops that destroy the TCP stream and cause RTO timers to increase past 1 second.

If anyone has found a good example solution to per-site shaping, I would love to see it.

Nested Qos WAN Policy on Hub towards Spokes on a SP managed MPLS Network