08-02-2007 08:19 AM - edited 03-03-2019 06:09 PM
Hi,
i faced strange issue really regarding implementing end to end QoS on cisco routers,i have the following network scenario:
1-headquarter network with main policy router and databse and appliction servers
2-100 remote branch that r using application from headquarter.
3-we have brnches that are connected to the headquarter with VSAT connection
4-we have GRE tunneling running between all the brnches and headquarter with 128K fofr each tunnel..
5.the problem i am facing is in the brnches that uses VSAT connection to the headquarter,the appliction performance is really slow in all these branches
6.i tried to solve the problem using QoS since the 128 link for each branch is used also for mail access and inertnet.
the problem i am facing is that i tried to implement end to end QoS for the application that remote branches uses coz they said its running slow..but with no real improvment for the performance!!i tried CBWFQ,LLQ,MQC,i implemented qos pre-classify command coz i have tunnels but i didnt get any enhacement,can anybody help me in this case?what is the proper configuration.
08-03-2007 12:46 AM
What kind of applications are u running at the HQ?..You may not see any improvement on a 128K VSAT link as the b/w itslef is so low. Not to mention about the added delay. btw, are you marking the packets before queing?..
-Harish
08-03-2007 01:49 AM
Hi,the application is oracle application,acually we have 2 versions of the application,charecter mood and GUI mood,the charecter mood is running in fast way while the GUI is slow and its performance need to be improved becasue we will relay on GUI mood in the near future..
I implemented CBWFQ and MQC,i applied policy maps on interface and used qos pre-clssify command on the tunnel,and i applied Qos on tunnel level by creating parent and child policy maps,but i didnt see any changes in our application perfoamce and i think i didnt mark the packets..how can i do it?
08-03-2007 02:52 AM
Hi,
I completetly agree with Harish, there is the possibility that the VSAT links are so slow and of low bandwidth that the latency it induces is almost unacceptable to the GUI version of your Oracle app- which may not be optimized for such slow links.
Try doing some pings across the VSAT links to see what the latency is like- RTT. Having said that you want to capture the GUI Oracle traffic -and nothing else- and mark/colour those and then allocate that class an appropriate bandwidth. The you can use another class-map to capture the text mode allocate some bandwidth and leave everyhing else in the default queue. This assumes that there is a way to classify the GUI traffic on its own.
08-03-2007 03:07 AM
Hi,
The VSAT link delay is 750ms,i am working acually in VSAT too and i think the best delay can VSAT user get is 500-750ms.
you suggest to leave the GUI application in default class?is there anyway that i can improve the performance?i did lots of configuration but with no real result.
08-03-2007 03:23 AM
No, what they are saying is that even if the link is empty, GUI will run slow.
QoS is about congestion management - that is you are "preferring" one traffic type against the other in a time of high load.
Therefore in times when link is only filled with GUI traffic, and nothing else, QoS will not be able to help.
08-03-2007 03:19 AM
please issue "show policy-map interface XXX" commands on both sides, and look if there are packets in classess that you have set up.
Also, please post your configuration.
08-03-2007 05:20 AM
Hi,
I issued that command for sure, traffic classification is working and there is matches for the access list i created.
i wana clear something really that the GUI is not the only traffic on the link,there is mail traffic also and internet but in specific time and the text mood of our application.
i will list for u the different configurations i sued:
1. This is the headquarter configuration:
class-map match-any class1
match access-group 700
match access-group 105
match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"
!
!
policy-map policy1-child
class class1
bandwidth percent 70
class class-default
fair-queue
or ;
Class-map match-any class1
match access-group 700
match access-group 105
match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"
!
policy-map policy1-child
class class1
shape peak 1600000
bandwidth 1200
class class-default
bandwidth 150
access-list 700 permit 0017.951b.2b50 0000.0000.0000
access-list 700 permit 0011.85e6.d9d0 0000.0000.0000
access-list 700 permit 0011.85e6.da1b 0000.0000.0000
access-list 700 permit 0011.85e6.da45 0000.0000.0000
access-list 700 permit 0011.85e6.da06 0000.0000.0000
access-list 105 permit tcp host 10.0.1.28 eq 7778 any
access-list 105 permit tcp host 10.0.1.29 eq 7777 any
access-list 105 permit tcp host 10.0.1.29 eq 7778 any
access-list 105 permit tcp host 10.0.1.50 eq 7777 any
access-list 105 permit tcp host 10.0.1.50 eq 7778 any
access-list 105 permit tcp host 10.0.1.26 eq 7777 any
access-list 105 permit tcp host 10.0.1.26 eq 7778 any
access-list 105 permit tcp host 10.0.1.27 eq 7778 any
access-list 105 permit tcp host 10.0.1.27 eq 7777 any
access-list 105 permit tcp host 10.0.1.28 eq 7777 any
interface Tunnel149
description
bandwidth 128
ip address ....
ip mtu 1524
qos pre-classify
tunnel source ......
tunnel destination .......
interface Serial3/1
description WAN ACCESS
bandwidth 2000000
ip address ............
service-policy output policy1-child
ip route-cache flow
serial restart-delay 0
no cdp enable
2.Branch Config:
class-map match-any thin
match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"
match access-group 102
match access-group 110
!
!
policy-map thin-policy
class thin
bandwidth 100
class class-default
fair-queue
or ; policy-map thin-policy
class thin
bandwidth percent 60
shape peak percent 65
class class-default
bandwidth percent 10
nterface Tunnel1
description
bandwidth 128
ip address .....
ip mtu 1524
qos pre-classify
tunnel source .....
tunnel destination .......
nterface FastEthernet0/1
description
ip address ......
duplex auto
speed auto
service-policy output thin-policy
access-list 102 permit tcp any any eq 7777
access-list 102 permit tcp any any eq 7778
access-list 110 permit gre host ...(Source tunnel ip) host ...(dest tunnel ip)
3. Another config for headquarter router:
implementing QoS on tunnel:
policy-map policy1-child
class class1
bandwidth 100 ; or percent 60
policy-map tunnel143
class class-default
shape average 2000000
service-policy policy1-child
this is the configuration that i used..what do u think? any advices?
08-03-2007 03:42 AM
A few things aren't addressed here, so you may want to confirm if they have been considered or not. The first is you are using GRE tunnels, this brings with it MTU issues due to encapsulation of the packets so address MTU or confirm MTU is not an issue. fragmentation can be disguised as slow performance and packet drops due to oversize can appear as slow connections. The next issue is unless you configure GRE to copy the DSCP or TOS value to the encapsulated frame it doesn't and all packets end up in the default queue on the egress interface, don't apply the QOS policy to the tunneled virtual interface it just doesn't work correctly. High delay in the VSAT arena means you need to tune the end nodes for high delay environments, this means the IP stacks of the server and workstation need adjustment because the vendors assume they are used in a LAN environment and the default IP stack settings reflects this fact. If you can't change the workstation's or server's IP stacks then investigate Cisco's RBSCP or WAAS for possible use in your environment because they are designed to compensate for the shortcomings of high delay and default end node configurations.
Cheers,
Brian
P.S. here are a few links for more information
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a0080795c5e.html
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080683d9d.html
08-03-2007 04:52 AM
Hi,
The MTU size is 1524,regarding GRE and TOS value,i used qos pre-classify comand that suppose to evercome QoS implementation in tunneled environment,it should copy the TOS byte to the tunnel header so mark application packets for Qos..
i suffered really when i applied QoS on the virtual tunnel interface,the performance even become worst!
i can not go for tunning the end nodes (servers) because there is other non VSAT branches working alos in the network..
08-07-2007 04:32 PM
The MTU issue and fragmentation is the result of the extra 24 Bytes of encapsulation GRE puts on the original packet. Increasing the MTU on the tunnel only disguises the activity and the result is a perception of slow response times. Confirm this by dropping the MTU on a remote workstation to 1400 Bytes and test the response time.
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080093f1f.shtml
That aside here is my recommendation.
New set up for QOS
access-list 106 permit tcp 10.0.1.24 0.0.0.7 range 7777 7778 any
access-list 106 permit tcp any range 7777 7778 10.0.1.24 0.0.0.7
access-list 106 permit tcp host 10.0.1.50 range 7777 7778 any
access-list 106 permit tcp any range 7777 7778 host 10.0.1.50
class-map match-any Oracle-Traffic
match access-group 106
match ip precedence 5
policy-map Oracle-Color
class Oracle-Traffic
set precedence 5
policy-map Oracle-Clients
class Oracle-Traffic
bandwidth percent 60
class class-default
fair-queue 256
random-detect
interface ingress
service-policy input Oracle-Color
interface egress
service-policy output Oracle-Clients
This applies to the head office router and the remote site routers. I have used the access list differently to make them reusable for both functions and the ingress interface policy is there to mark all Oracle traffic as precedence 5. Apply this to the physical interfaces not the tunnel. The fair-queue 256 is there because at 128k you will only get 32 by default, a few more is good and showing the use of queues on the interface will show you are indeed supporting more than 32 sessions at a time.
Use the show policy commands to confirm it is having the desired effect.
As for the server you can add another LAN interface and tune that one interface for the high delay environment. Then create a DNS entry that points to this IP address and is resolvable by only the remote sites. I realize this will cause your server folks a brain cramp but for high delay environment default installs don't cut it. You could invest in in Cisco's WAAS but thats a lot more money than an extra LAN card in a server and some pain killers :-).
Cheers,
Brian
08-09-2007 02:04 AM
Hi,
Thank you Braian, i will implement this configuration and get back to you.
Thanx
Sam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide