Re: QoS on an ADSL link

nir.fisher · ‎12-30-2010

hi ,

I have question regarding bandwidth reservation on a cisco 837 router with an adsl link to the internet

I have 4 stations connected to the switchports on the router and I want to reserve bandwidth for 2 stations out of the 4

I created a class-map to identify the source mac-addresses of these stations and then created a policy-map to reserve
bandwidth

I applied the service policy under the ethernet 0 interface which is the logical interface connected to the switchports of the router

I am asking basically , if what I did has any effect or should I apply this policy elsewhere , suppose on the ATM interface or on the dialer Interface

Is there any best practice on how to implement this kind of a solution ( and where is it best to apply it ? on which interface ?)

thanks

cadet alain · ‎12-30-2010

Hi,

I created a class-map to identify the source mac-addresses of these stations and then created a policy-map to reserve
bandwidth

Can you post sh policy-map interface please. If you want a certain bw for some machines then you must police the others because

the bandwidth command is going to give a minimum bw in case of congestion only.

Regards.

Alain.

Don't forget to rate helpful posts.

JoeKeegan3 · ‎12-30-2010

There are some things to consider, but that is probably not the best place for the policy.

First, just to make sure you realize, you can't do much to influence "download" traffic. I.e. traffic from a remote source coming into the router. That has to be done on the other end and since this is an Internet link, there isn't much you can do. You can influence "upload" traffic, I.e. traffic from your site to a remote site over the link.

With QoS there are three main functions (in general) you have to keep in mind classification, marking and queuing. Queuing should be done at the point of congestion and is almost always done on egress (I.e. out direction).

Your current policy sounds like is doing classification of traffic on ingress, which is good, but it sounds like your policy is also going queuing on ingress which may not get the results you are looking for. Also keep in mind that queuing will only kick in when there is congestion. So if your queuing policy is on the Ethernet interface, which has 10Mbps of bandwidth, queuing will only kick in when you have more then 10Mbps of traffic. If you are sending that traffic over a 1Mbps DSL, then queuing will never kick in since the bandwidth will never reach 10Mbps (the 1Mbps is the bottle neck).

So what you need to do is have the queuing policy applied to the ADSL connection in the out direction and make sure the bandwidth for the interface is recongnized by the router (I'm not too familiar with ADSL connections so not sure if the router will automaticlly know the amount of bandwidth avaialble, but the concept is the same for all connections).

Of course the queuing policy needs to know what traffic to queue. You can't base it off of MAC address since that info will not be available to the policy. I'm curious why you did MAC address instead of IP address, I assume you are running DHCP and don't have control over the IPs.

In any case you have two choices:

- Have the queuing policy look at IP addresses. If you are using DHCP, maybe look at setting up reservations to ensure the IP addresses are predictable

- Have the policy on the Ethernet side classify the traffic based on MAC address and then have it set the DSCP value in the IP header. Then have the queuing policy key off the DSCP value.

The first option is easiest from a QoS point of view because you just have one policy to worry about, but you need to make sure you can match on IP address.

Best of Luck,

Joe

nir.fisher · ‎12-31-2010

o.k

My situation is this : I have 2 stations that must have priority when sending & receiving information to\from the internet . I dont want to police the other 2

stations , I want this to have effect only when there is congestion and not all the time so it seems to me that the bandwith command is useful in my

situation ( priority command also seems it could work ) .

I am using a cisco 837 router with 4 fast ethernet ports to the stations and an adsl link with a dialer interface to an ISP .

how should I classify traffic coming from/to the preffered station ?

which action should be taken in the policy-map ?

where is it best to apply the policy ?

my understanding is that If I want to use the bandwidth or the priority commands it can only be used in an output policy and if I apply it

on the adsl link (dialer interface) then the classification wont have any effect because I cant use mac-address ( not an ethernet link) and cant use

IP address because of NAT . so thats why I applied it on the ethernet link .

If I understand you correctly I cant control traffic coming from the internet (which is a bummer because most bandwidth would be used in this direction)

and If I can control something its the upload bandwidth in the following manner : classify and mark traffic as it comes to the ethernet link and then use

another class to match the markings and use a policy map on the dialer interface to reserve bandwidth.

thanks for your help .

Tihomir Yosifov · ‎01-03-2011

Hi Nir,

I am not very familiar with Cisco 837, but I have experience with Cisco 871. Can you post your configuration. As I understand there is no way to configure vlan interfaces, but your logical interface is ethernet 0. So i guess you configure your inside IP address on ethernet 0, and your end stations (PCs) are using this IP address as their gateway, right ? If so, then you have no problem to classify the trafic based on inside ip addresses.

Example:

ip access-list extended QoS-list

permit ip host x.x.x.x any

class-map match-all QoS-class

match access-group name QoS-list

policy-map QoS-policy

class QoS-class

bandwidth 512

interface dialer 0

service-policy output QoS-policy

That way you prioritize the outbound traffic toward the internet. It is not possible to make QOS for inbound traffic without to co-work with your ISP.

Regards,

Tihomir Yosifov

nir.fisher · ‎01-03-2011

ip dhcp pool pool1
   import all
   network x.x.x.x 255.255.255.0
   default-router x.x.x.x
   lease infinite

interface Ethernet0
ip address x.x.x.x 255.255.255.0
ip nat inside
ip virtual-reassembly
load-interval 30
no cdp enable
hold-queue 1000 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username xxxxxxxxx

this is my config.

thanks

By the way if I want to collaborate with my ISP , what do I need to do on my end and what do I have to ask from the ISP?

Tihomir Yosifov · ‎01-03-2011

Ok,

So my example in the previous post is suitable to your configuration and you can make outbound QOS to work well. For the inbound you cannot do it based on your internal IP addresses, except if your ISP has gave you more public IP addresses and you can do static NAT, so every host to have different IP address on the Internet. Otherwise if you have only one public IP address, you can ask your ISP to make a QOS policy for your incomming traffic based on protocol if this is ok for you.

Regards

Tihomir Yosifov

nir.fisher · ‎01-03-2011

thanks for your help

I think there is a problem , correct me if I am wrong but I have to apply the policy in an ooutbound direction on the Dialer interface

in which case I matching the class-map with internal address wont work because I have to use nat for the global ip address , the internal addresses

will never match!!

another question,

Lets say I want my ISP to mark HTTP packets , How would I recognize the markings and give them priority and bandwidth?

Tihomir Yosifov · ‎01-04-2011

Hello Nir,

Yes you are right. I was in mistake, but i checked and the NAT is really done before QOS.

In this way you can mark packets from your inside hosts with different dscp values on inbound direction of your ethernet 0 interface, and after that you can match them on a class-map and set priority on outbound direction of your dialer 0 interface.

Example:

class-map SET_DSCP

match access-list 100

policy-map SET_DSCP

class SET_DSCP

set dscp 40

interface ethernet 0

service-policy input SET_DSCP

class-map QOS

match dscp 40

policy-map QOS
class QOS

bandwidth 512

interface Dialer 0

service-policy output QOS

This shoul work for your outbound traffic. For the inbound traffic you do not need to make anything. Everithin will be done from your ISP if they agree to do it!

Regards,

Tihomir Yosifov

nir.fisher · ‎01-04-2011

thanks

I have already done exactly what you have suggested , I was realy intersested to know what I can do about download traffic

and also I wanted to update the bandwidth on the internet facing interface ,where and which value I should put in the bandwidth statement (upload BW or download BW) ?

Tihomir Yosifov · ‎01-04-2011

Hi,

bandwidth statemant is for upload traffic and is configured like this

policy-map QOS

class QoS

bandwidth 512

the value in the bandwidth statemant is in kilobits per second, and it is the bandwidth that you want to guarantee to your host.

For download traffic you cannot do much without your ISP. You can make traffic shaping for example, witch means that you can limit the download speed for some protocols.

For example you can limit FTP download speed to 256 kilobits per second:

class-map SHAPING

match protocol ftp

policy-map SHAPING

class SHAPING

shape average 256000

interface Dialer 0

service-policy input SHAPING

P.S Do not forget to rate usefull posts!

Regards,

Tihomir

nir.fisher · ‎01-04-2011

so I can do shaping regardless of the ISP intervention, and that could halp reduce unwanted traffic from downloading?

By the way I was a little miss-understood before , I was asking about the bandwidth of the interface not in the QoS policy.

I have an internet facing interface which is configures with 56k bandwidth ( I think that is the default) I wanted to change it to the actual

bandwidth of the adsl link. when dealing with adsl you have the physical ATM interface , the Dialer interface and a virtual-access interface .

I have a 1.5M BW for download and 0.5M for upload I wanted to know which value should I use when updating the interface bandwidth , and on which

interface should I do it on ?

P.S

I wasnt aware of the rating system, thanks for letting me know

I will rate all the replies

thanks

Tihomir Yosifov · ‎01-04-2011

Yes, you can do shaping regardless of your ISP.

The bandwidth command under interface is not used for actual configuring the bandwidth of the interface. It is used for other purposes for example EIGRP metric calculations. It is also used for QoS if you use "bandwidth percent" command under QoS class-map:

policy-map QOS

class-map QOS

bandwidth percent 20

You cannot change the actual bandwidth of the interface. It is whatever your ISP gives you and it is usually variable.

Regards,

Tihomir

nir.fisher · ‎01-04-2011

but if the bandwidth configured is less then what my ISP gives me isnt that a problem I can fix adjusting the bandwidth on the interface ?

and if so , should I do it on the dialer interface ?

also , what is shaping going to help me ? if all the traffic is already at the router then the bandwidth has been used already (?)

Tihomir Yosifov · ‎01-04-2011

I think you did not understand me right. The bandwidth command under interface configuration mode is not related to your actual bandwidth in any way. It is only for purposes of QoS and EIGRP.

The shaping is part of QoS. You can use it to limit the actual bandwidth for FTP traffic for example.

Tihomir.