03-08-2013 02:21 AM - edited 03-04-2019 07:13 PM
I have a VPN (Easy VPN) with lots of 857/857W routers. Currently we are experiencing problems FTP'ing files from the connected PC's to our central server. The problems occur especially when our main link is a bit congested and so I thought of implementing QOS on the site routers to hopefully get the FTP's through more reliably.
I played with various configurations, but I can't seem to get the FTP throughput up significantly. This is my latest attempt at adding QOS to our current configs:
access-list 111 permit tcp any eq ftp any
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any eq ftp-data any
access-list 111 permit tcp any any eq ftp-data
access-list 112 permit ip any any
route-map QOS_OUT permit 10
match ip address 111
set tag 111
set ip precedence critical
route-map QOS_OUT permit 20
match tag 111
set ip precedence 7
route-map QOS_OUT permit 30
match ip address 112
set ip precedence 1
int dialer 0
fair-queue
exit
int vlan 1
ip policy route-map QOS_OUT
exit
int loopback 0
ip policy route-map QOS_OUT
exit
It does not seem to work so well. It looks like I may be getting about 1kB/s more on the FTP throughput at times, but it has not made a significant difference. I am testing it by streaming a few video streams from the site PC to our server while simultaneously doing the FTP's.
Any ideas for me ?
03-08-2013 02:46 AM
Hello,
You have successfully classified and Marked your FTP Traffic, you Now need to apply your Queing Method to the appropriate WAN interface which is not yet done.
Remeber, Classification and Marking applied as Close to the Source as possible (Ingress Interface), Where QoS Queing should applied at the outgoing interface (Your Egress WAN interface).
Regards,
Mohamed
03-08-2013 02:53 AM
Thanks Mohamed. You have me stumped though. Do you mean I should do this ?
int dialer 0
fair-queue
ip policy route-map QOS_OUT
exit
Or something else ?
03-08-2013 03:09 AM
Yes Correct about the WAN dialer in this case, However, you need a new Class-map & Policy that matches your Precedence and to apply the correct queuing method, some thing like below:
class-map Queuing permit 10
match ip precednce critical
policy-map QoS_WAN
priority 512 ---------------- (Assuming you are using LLQ to reserve 512Kbits for FTP when there's congestion
interface dialer 0
bandwidth XXX ( Your xDSL Bandwidth subscribtion)
service-policy output QOS_WAN
03-08-2013 03:11 AM
Ah, ok, but I have a 857 with
c850-advsecurityk9-mz.124-15.T17.bin
No class-map's and policy-map support ...
03-08-2013 03:20 AM
If its not supported, that means QoS is not fully supported on the platform. double check it and if its the case, you may need to look for another software!
The IOS you currently have is advance Security, Look for (Advance Services) IOS and use the feature Navigator to ensure QoS is supported on the same hardwre.
Regards,
Mohamed
03-08-2013 03:26 AM
03-08-2013 03:36 AM
Oliver,
The document indicate the QoS is supported, I am wondering how the policy and class maps are not supported.
Have you checked it again?
Regards,
Mohamed
03-08-2013 03:40 AM
Yes indeed :
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#policy?
policy-manager
router(config)#class?
% Unrecognized command
03-08-2013 03:56 AM
I don't think the matching and classification is working as I thought. Have a look at this :
Router#sho route-map
route-map QOS_OUT, permit, sequence 10
Match clauses:
ip address (access-lists): 111
Set clauses:
tag 111
Policy routing matches: 0 packets, 0 bytes
route-map QOS_OUT, permit, sequence 20
Match clauses:
tag 111
Set clauses:
ip precedence critical
Policy routing matches: 729 packets, 306517 bytes
route-map QOS_OUT, permit, sequence 30
Match clauses:
Set clauses:
ip precedence priority
Policy routing matches: 0 packets, 0 bytes
Router#
So I have matches on sequence 20 without any matches on sequence 10 (where the tag is being set) ? Does not make sense to me !
03-08-2013 08:26 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
If you're sending from multiple sites/PCs concurrently, your bottleneck is likely on ingress to your hub. Unless that interface's QoS can be configured, you're not going to be able to effectively manage multi-source caused congestion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide