09-04-2009 04:34 AM - edited 03-04-2019 05:56 AM
Please could you help.I need to mix up traffic shaping for both tcp protocols and ip protocols.My scenario is:
I have got a router that does traffic shaping using CBWFQ. find my configs attached.shaping is ok.All the 3 clients are dsl clients and they have a network behind the given ip addresses.The problem is, if one pc from a client eg 192.168.1.200 is downloading a file from the internet, everyone under that network cannot browse.Thus means all bandwidth will be used up for the file downloads.Web and ftp traffic will be affected for that network in particular.can i reserve bandwidth for www and ftp and how can i do it with my current configs.I tried adding this to my config but its not working
class-map web
match protocol http
match protocol ftp
match protocol secure-http
policy-map traffic-shaping
class web
shape average 128000
bandwidth 128
Solved! Go to Solution.
09-05-2009 01:24 AM
Hello
Just to let you know what I looking for in advance. Possible causes I think might be:
1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases.
2) Class maps in a policy statement are read in the order they are configured, so if the web traffic you are trying to limit is already matched by a previous class map then your new class map will never be used. To fix this you will have to reconfigure your policy so the web class is at the top.
Simon
09-04-2009 05:31 AM
Hello.
Did you configure 'class-map web' or did you configure 'class-map match-any web' ?
If you did the first one 'class-map web' then this means it will be a 'match-all' which means your class will never work as you cannot match a packet which is http, ftp and https all at the same time.
Do a 'show run | s class-map'
and see if it says 'match-any' or 'match-all'
Simon
09-04-2009 11:13 AM
find the output of sh policy-map int command
Class-map: web (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol secure-http
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 277
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
128000/128000 1984 7936 7936 62 992
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 0 0 0 0 no
it looks like no matches are found. but the other classes are working, that is:
Class-map: 256k-clients (match-any)
3542006 packets, 2805904757 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group 100
2786602 packets, 2149435661 bytes
5 minute rate 1000 bps
Match: access-group 114
755404 packets, 656468250 bytes
5 minute rate 0 bps
Match: access-group 116
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 267
Bandwidth 256 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 2054229/1923513698
(depth/total drops/no-buffer drops) 0/0/0
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
256000/256000 1984 7936 7936 31 992
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 3509338 2765047394 1979081 1913716974 no
09-04-2009 11:16 PM
Hello.
Can you please paste the full qos config including all the config under the interface you are applying it to. What version of IOS are you running?
Simon
09-05-2009 01:24 AM
Hello
Just to let you know what I looking for in advance. Possible causes I think might be:
1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases.
2) Class maps in a policy statement are read in the order they are configured, so if the web traffic you are trying to limit is already matched by a previous class map then your new class map will never be used. To fix this you will have to reconfigure your policy so the web class is at the top.
Simon
09-05-2009 04:53 AM
"1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases. "
I don't recall that. Which IOS versions?
09-05-2009 08:24 AM
Hi Joseph.
I haven't tested it myself but I remember this from the Cisco Press CCIE R&S v3 Certification Guide. Page 426:
NOTE: Before the 12.2T/12.3 IOS releases, the 'ip nbar protocol-discovery' command was required on an interface before using a service-policy command that used NBAR matching. With 12.2T/12.3 train releases, this command is no longer required.
The use of the match protocol command implies that NBAR will be used to match the packet.
I might test it out when back in work on Monday.
Simon
09-05-2009 03:42 PM
Ah, from a certification guide, eh? Still don't recall this limitation, but my memory isn't what it once was. I do recall various "flavors" of AutoQoS are tied to NBAR protocol discovery. If you do get a chance to try it, please post the result. I too, if I get the chance might lab it up (but it won't be Monday).
09-05-2009 05:46 AM
Thank you very much.This is what i wanted.Its working.Great!!!!!!!!!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide