QOS on 857 to up FTP

OliverDarvall · ‎03-08-2013

I have a VPN (Easy VPN) with lots of 857/857W routers. Currently we are experiencing problems FTP'ing files from the connected PC's to our central server. The problems occur especially when our main link is a bit congested and so I thought of implementing QOS on the site routers to hopefully get the FTP's through more reliably.

I played with various configurations, but I can't seem to get the FTP throughput up significantly. This is my latest attempt at adding QOS to our current configs:

access-list 111 permit tcp any eq ftp any

access-list 111 permit tcp any any eq ftp

access-list 111 permit tcp any eq ftp-data any

access-list 111 permit tcp any any eq ftp-data

access-list 112 permit ip any any

route-map QOS_OUT permit 10

match ip address 111

set tag 111

set ip precedence critical

route-map QOS_OUT permit 20

match tag 111

set ip precedence 7

route-map QOS_OUT permit 30

match ip address 112

set ip precedence 1

int dialer 0

fair-queue

exit

int vlan 1

ip policy route-map QOS_OUT

exit

int loopback 0

ip policy route-map QOS_OUT

exit

It does not seem to work so well. It looks like I may be getting about 1kB/s more on the FTP throughput at times, but it has not made a significant difference. I am testing it by streaming a few video streams from the site PC to our server while simultaneously doing the FTP's.

Any ideas for me ?

Mohamed Sobair · ‎03-08-2013

Hello,

You have successfully classified and Marked your FTP Traffic, you Now need to apply your Queing Method to the appropriate WAN interface which is not yet done.

Remeber, Classification and Marking applied as Close to the Source as possible (Ingress Interface), Where QoS Queing should applied at the outgoing interface (Your Egress WAN interface).

Regards,

Mohamed

OliverDarvall · ‎03-08-2013

Thanks Mohamed. You have me stumped though. Do you mean I should do this ?

int dialer 0

fair-queue

ip policy route-map QOS_OUT

exit

Or something else ?

Mohamed Sobair · ‎03-08-2013

Yes Correct about the WAN dialer in this case, However, you need a new Class-map & Policy that matches your Precedence and to apply the correct queuing method, some thing like below:

class-map Queuing permit 10

match ip precednce critical

policy-map QoS_WAN

priority 512 ---------------- (Assuming you are using LLQ to reserve 512Kbits for FTP when there's congestion

interface dialer 0

bandwidth XXX ( Your xDSL Bandwidth subscribtion)

service-policy output QOS_WAN

OliverDarvall · ‎03-08-2013

Ah, ok, but I have a 857 with

c850-advsecurityk9-mz.124-15.T17.bin

No class-map's and policy-map support ...

Mohamed Sobair · ‎03-08-2013

If its not supported, that means QoS is not fully supported on the platform. double check it and if its the case, you may need to look for another software!

The IOS you currently have is advance Security, Look for (Advance Services) IOS and use the feature Navigator to ensure QoS is supported on the same hardwre.

Regards,

Mohamed

OliverDarvall · ‎03-08-2013

QoS features supported by Cisco 850 series routers

Quality of Service (QoS) Features

#

• Weighted Fair Queuing (WFQ)

#

• Policy-based routing (PBR)

#

• Per-VC queuing

#

• Per-VC traffic shaping

Will one of the above allow me to give FTP higher priority/bandwidth on my VPN ?

Mohamed Sobair · ‎03-08-2013

Oliver,

The document indicate the QoS is supported, I am wondering how the policy and class maps are not supported.

Have you checked it again?

Regards,

Mohamed

OliverDarvall · ‎03-08-2013

Yes indeed :

router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

router(config)#policy?

policy-manager

router(config)#class?

% Unrecognized command

OliverDarvall · ‎03-08-2013

I don't think the matching and classification is working as I thought. Have a look at this :

Router#sho route-map

route-map QOS_OUT, permit, sequence 10

Match clauses:

ip address (access-lists): 111

Set clauses:

tag 111

Policy routing matches: 0 packets, 0 bytes

route-map QOS_OUT, permit, sequence 20

Match clauses:

tag 111

Set clauses:

ip precedence critical

Policy routing matches: 729 packets, 306517 bytes

route-map QOS_OUT, permit, sequence 30

Match clauses:

Set clauses:

ip precedence priority

Policy routing matches: 0 packets, 0 bytes

Router#

So I have matches on sequence 20 without any matches on sequence 10 (where the tag is being set) ? Does not make sense to me !

Joseph W. Doherty · ‎03-08-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If you're sending from multiple sites/PCs concurrently, your bottleneck is likely on ingress to your hub. Unless that interface's QoS can be configured, you're not going to be able to effectively manage multi-source caused congestion.