QoS Configuration Issue on GRE Tunnel

shakeebmv · ‎03-20-2012

Hi,

I have configured QoS over gre tunnel for prioritising specific traffic during the period of congestion

Scenario Explained :-

1) We have a GRE tunnel configured over 6 mb links terminated at two ends , there is one critical application running over this which needs to be prioritised during the period of network congestion at peak business hours . So to solve this issue , i have priortised with 3 MB for this critical application

in a child class under the parent class at both the ends . But this seems to be uneffective during the period of congestion at peak hours and the critical application performs very slow .

The below configurion is applied on both the WAN Routers :-

class-map match-all LETS-APPS

match access-group name LETS-APPS

ip access-list extended LETS-APPS < source-subnet > < destination server >

policy-map LETS-POLICY

class LETS-APPS

priority 3000

policy-map PARENT-LETS-POLICY

class class-default

shape average 5500000

service-policy LETS-POLICY

int tunnel 2

service-policy output PARENT-LETS-POLICY

Can anyone helpout by verifying the QoS configuration on this GRE tuunel

acampbell · ‎03-20-2012

Hi,

Can you try changing your config slightly

int tunnel 2

qos pre-classify
service-policy output PARENT-LETS-POLICY

According to this link the the QOS may not be able to inspect the original header due to the tunnel encapsulation

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml

The qos pre-classify command

When packets are encapsulated by tunnel or encryption headers, QoS features are unable to examine the original packet headers and correctly classify the packets. Packets traveling across the same tunnel have the same tunnel headers, so the packets are treated identically if the physical interface is congested. With the introduction of the Quality of Service for Virtual Private Networks (VPNs) feature, packets can now be classified before tunneling and encryption occur.

In this example, tunnel0 is the tunnel name. The qos pre-classify command enables the QoS for VPNs feature on tunnel0:

Router(config)# interface tunnel0
Router(config-if)# qos pre-classify

Worth a try

Regards

Alex

Regards, Alex. Please rate useful posts.

shakeebmv · ‎03-20-2012

Hi Alex ,

Thanks for your response .

As per my understanding qos pre-classify is required when we are applying the service-policy on the physical interface , but we are applying this on the tunnel interface .

I can see the hits on the class-map in my scenario but unable to judge the output , please find the output below

Service-policy output: PARENT-LETS-POLICY

Class-map: class-default (match-any)

874463857 packets, 452563999392 bytes

5 minute offered rate 531000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/4073431/0

(pkts output/bytes output) 330531582/181145296348

shape (average) cir 5500000, bc 22000, be 22000

target shape rate 5500000

Service-policy : LETS-POLICY

queue stats for all priority classes:

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/8988/0

(pkts output/bytes output) 4453847/1224778183

Class-map: LETS-APPS (match-all)

8739856 packets, 2205148811 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name LETS-APPS

Priority: 3000 kbps, burst bytes 75000, b/w exceed drops: 8988

Class-map: class-default (match-any)

865724027 packets, 450358851393 bytes

5 minute offered rate 531000 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/4073431/0

(pkts output/bytes output) 326077735/179920518165

Thanks.....

acampbell · ‎03-20-2012

Hi,

Class-map: LETS-APPS (match-all)

8739856 packets, 2205148811 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name LETS-APPS

Priority: 3000 kbps, burst bytes 75000, b/w exceed drops: 8988

What this means to me is you are matching the policy but since you last cleared the counters you have

at some time burst the 3M you have allocated.

try adjusting the priority to 4000 and monitor

Regards

Alex

Regards, Alex. Please rate useful posts.

shakeebmv · ‎03-21-2012

Hi,

LETS-APPS traffic did not exceed more than 1 mb at any point of time on the particular day as per our netflow monitoring tool . So we dont know how there was drops when we had 3 mb priority set . Do you think this priority set is not working during the period of congestion .

Thanks

Joseph W. Doherty · ‎03-21-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

LETS-APPS traffic did not exceed more than 1 mb at any point of time on the particular day as per our netflow monitoring tool . So we dont know how there was drops when we had 3 mb priority set . Do you think this priority set is not working during the period of congestion .

"Normal" rate monitoring does not always pick up microbursts that can cause drops.

Joseph W. Doherty · ‎03-20-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

What kind of 6 Mbps link? Anything else share the physical interfaces? What platform and IOS on both ends? What's the tunnel config look like? What's the physical interface stats look like?

PS:

Your stats do show there's been congestion, for both classes.

PPS:

Your understanding is correct, you should only need pre-classify on the physical tunnel if you need to match pre-tunnel packet header.

shakeebmv · ‎03-21-2012

Hi,

Does the below configuration means that the priority of 3 mb will be given only after traffic shaping takesplace . Is there anyway to verify that the priority of 3 mb is kicked off ??

policy-map LETS-POLICY

class LETS-APPS

priority 3000

policy-map PARENT-LETS-POLICY

class class-default

shape average 5500000

service-policy LETS-POLICY

Thanks

Joseph W. Doherty · ‎03-21-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Does the below configuration means that the priority of 3 mb will be given only after traffic shaping takesplace .

Yes.

Is there anyway to verify that the priority of 3 mb is kicked off ??

If you have a traffic generator, you could flood (i.e. overrun the 5.5 Mbps) the default class. LLQ packets shouldn't see much additional delay. (NB: since your default class isn't using FQ, flooding this class will be especially adverse to that class.)

shakeebmv · ‎03-25-2012

Hi,

policy-map LETS-POLICY

class LETS-APPS

priority 3000

policy-map PARENT-LETS-POLICY

class class-default

shape average 5500000

service-policy LETS-POLICY

The above class LETS-APPS from the QoS configuration will all the time be prioritised for that traffic or only works once it is shaped to 5.5 mb

Thanks

Joseph W. Doherty · ‎03-25-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

The above class LETS-APPS from the QoS configuration will all the time be prioritised for that traffic or only works once it is shaped to 5.5 mb

Only when the shaper shapes. When the shaper doesn't shape, the transmission rate is less than 5.5 Mbps and there's no need to prioritize as there would be no congestion.