Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3749
Views
5
Helpful
8
Replies

QoS inbound or outbound

Go to solution
chinpohpang851
Level 1
Level 1

‎02-25-2020 06:16 AM

in my scenario, we have a branch CE router connect to MPLS network with WAN interface 20M and LAN interface 100M.

What I see at the router configuration is there are IP Precedence marked using extended ACL (by protocol type, IP address & port number) at the WAN interface as "input". Most of the ACL are marking voice, VOIP services from what I observed from ACL. 

So the question is, can we QoS inbound traffic? Because I saw some article online saying you can't QoS inbound, if that's correct why ISP is applying IP Precedence marking at inbound?

 

If I want to prioritize a service let's say (Webex, udp port 9000) for example, where should I apply it inbound or outbound? 

 

Another thing is, I did ran wireshark on my computer interface to observe the DSCP marking for Webex and noticed that the app Webex didn't apply marking to it, it was 000 000 default. Aren't those application should automatically mark the DSCP bit? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to chinpohpang851

‎02-26-2020 08:26 AM

Unless devices are configured to do something "special" with a ToS marking, just marking a packet, alone, guarantees nothing. If devices do something "special" with ToS markings, you'll need to find out what that is. I.e. just tagging a packet with IPPrec 3 doesn't guarantee anything.

When it comes to where to mark packets, generally as close to the source as possible, if not at the source. I can be done upon ingress or egress, on some platforms. Some platforms are more restricted in when packets can be tagged.

Whether an application (or network) will "return" session traffic with the same ToS marking is up to them. Some do, some don't.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
pieterh
VIP
VIP

‎02-25-2020 06:55 AM

you classify and mark packets on the inbound, you can drop packets inbound, but not bandwith limit inbound

after classification packets are put in different queues depending on priority

then outbound you can limit bandwith

 

classification and marking is an important step in implementing QoS

so YES you can QoS on inbound (but again not bandwith limit)

 

Yes an application could apply marking to packets, but mostly classification is done incoming to your network, so most times this marking will be overwritten by QoS settings on the connected network anyhow.

Also Windows must be configured to add marking or leave the marking intact By default, Windows traffic has a DSCP value of 0.

 

Go to solution
chinpohpang851
Level 1
Level 1
In response to pieterh

‎02-25-2020 07:19 AM

where can i find the documents for this inbound queue for different priority (IP precedence 0-5) ?

0 Helpful

Go to solution
chinpohpang851
Level 1
Level 1
In response to pieterh

‎02-25-2020 07:32 AM

I found something, so there are max 8 queues for device port which is for IP Precedence 0-7?
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to chinpohpang851

‎02-25-2020 09:06 AM

Number of queues vary based on device.

IP Precedence RFC has been replaced by later RFCs (see DSCP).
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to pieterh

‎02-25-2020 09:05 AM

". . . but not bandwith limit inbound"

Actually you often can limit bandwidth inbound, i.e. police interface ingress traffic.

". . . marking is an important step in implementing QoS"

Yes and no. What tagging packets (or frames) actual provides is a way to avoid "time consuming" re-classification at every hop.

". . . so most times this marking will be overwritten by QoS settings on the connected network anyhow."

That really depends on the network. Some networks just ignore, and don't use, ToS/CoS tags, so they are left alone. (An exception is older Cisco switches, which by default, when QoS is enable, reset ToS to zero unless configured otherwise.)

Networks that do have an active QoS policy, might allow hosts to set markings as desired, although with validation (and possible remarking) at network trust boundaries. I.e. if traffic's ToS appears valid, it's not (re)marked, but instead, treated accordingly.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎02-25-2020 09:13 AM

"So the question is, can we QoS inbound traffic?"

Some of it, yes.

"Because I saw some article online saying you can't QoS inbound, if that's correct why ISP is applying IP Precedence marking at inbound?"

If article says you cannot do any QoS inbound, it's correct, if if says you cannot do some QoS, that can be correct. As to why ISP is doing what they are doing, ask them. (NB: MPLS WAN providers often support some QoS features. True ISPs, generally support no QoS.)

"If I want to prioritize a service let's say (Webex, udp port 9000) for example, where should I apply it inbound or outbound?"

Depends on what you mean by "to prioritize".

"Aren't those application should automatically mark the DSCP bit?"

It's often something you need to configure the application to do. Most applications to leaving the ToS as BE. (BTW, DSCP is six bits of the ToS byte.)
0 Helpful

Go to solution
chinpohpang851
Level 1
Level 1
In response to Joseph W. Doherty

‎02-25-2020 04:41 PM

hi Joseph,

If I want to have better performance for Webex for example and set IP Precedence 3 for ACL that match"UDP any any port (webex port)", where should I apply this inbound or outbound? Do I need to apply it both in/out?

 

One thing I''m not sure is, if I mark the the packet with precedence 3 outbound, will the traffic returned for this session also marked with precedence 3?

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to chinpohpang851

‎02-26-2020 08:26 AM

Unless devices are configured to do something "special" with a ToS marking, just marking a packet, alone, guarantees nothing. If devices do something "special" with ToS markings, you'll need to find out what that is. I.e. just tagging a packet with IPPrec 3 doesn't guarantee anything.

When it comes to where to mark packets, generally as close to the source as possible, if not at the source. I can be done upon ingress or egress, on some platforms. Some platforms are more restricted in when packets can be tagged.

Whether an application (or network) will "return" session traffic with the same ToS marking is up to them. Some do, some don't.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card