Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2242
Views
10
Helpful
20
Replies

qos / prioritize one client

Go to solution
ino
Level 1
Level 1

‎10-01-2021 09:52 AM

this is a home environment

unfortunately at my location i cant get wired internet so i have to use LTE

if one program is producing heavy internet traffic

mostly if some of my security cams detects motion and uploads to the cloud or P2P downloads

all other traffic is more or less impossible not even ping works any longer

meaning i getting a ping of 3500ms or higher instead of 30ms ish and drops

the traffic is originating from different devices vms pc ... which are connected to a catalyst 2960x switch

connection to the internet is over a isr 1111 with a built-in lte modem

 

i am not sure but if i understand QOS right then i cant use it because i dont know my connection speed 

and cant reserve bandwidth 

depending on the weather time of the day gods will and whats not

its anywhere between 0.1-30mbps up / 1-100mbps down (average 5/10updown)

 

is there any way to set things up in a way that i have the best connection from my workstation 

so even if my camera is uploading to the cloud and an other pc is downloading something 

if i want to ping something or watch a video on my dedicated workstation prioritize that traffic

 

also the problem seems to by more prevalent when my cameras uploads which is done by

satbelbits if i am not mistaking they use some high priority qos settings software side

 

cheers rick

 

 

 

 

 

Labels:
0 Helpful
20 Replies 20

Go to solution
ino
Level 1
Level 1

‎10-02-2021 11:06 PM

a got a few step further

its working!!! sort of

my original suspicion was right its the NAT causing problems 

can i circumvent this some how??  

 

my current settings

policy-map LTE_Child
 class LTE_Priority_Traffic
  priority 10240
 class class-default
  fair-queue
policy-map LTE_Parent
 class class-default
  shape average 10240000
   service-policy LTE_Child


TESTING AROUND ____________
ip access-list extended 101
 permit ip host 10.0.0.11 any
 permit ip any host 10.0.0.11
 permit ip 10.0.0.0 0.0.0.255 any
 permit ip any 10.0.0.0 0.0.0.255
 permit ip any host 193.177.162.41 <<<-------<<<
THE RELEVANT ENTRY IS THE LAST ONE

the last entry in the access-list is the ip of an iperf3 server

trying to upload from one machine to it and using a different iperf3 server for the other 

clearly shapes the traffic in a way i am targeting 

i also see the expected outpots with sh policy-map interface

the problem is this is a "hard coded" target ip 

i need to have a source ip but is its NAT ed i have no clue how to do it

 

i also found this https://www.cisco.com/c/dam/en/us/td/docs/routers/access/interfaces/software/deployment/guide/mpn-lte-qos-config.pdf

but its seams to by verison specific and also for MPN 

regardless the important part is

 

The ISR 1100 series uses a similar architecture to the ISR 4000 series and also allows for
dynamic QoS policy, providing the maximum bandwidth from an LTE connection with QoS. The
configuration is the same as the ISR 4000 series (with cellular interface number of 0/2/x).

 

and again my current settings are working to the extend that if i hardcode the target i get the desired results 

i just cant hardcode the target but i need the source to have any use to me

 

0 Helpful

Go to solution
ino
Level 1
Level 1

‎10-03-2021 02:39 AM

i got it to work!

 

i mark the packets on the switch 

 

mls qos

policy-map policy1
 class class-default
  set ip dscp af33 <-- just some value for now

interface GigabitEthernet1/0/3 <--- device to get full speed internet
 switchport access vlan 7 
 service-policy input policy1

 

class-map match-all LTE_Priority_Traffic
 match access-group 101
!
policy-map LTE_Child
 class LTE_Priority_Traffic
  priority 10240
 class class-default
  fair-queue
policy-map LTE_Parent
 class class-default
  shape average 10240000
   service-policy LTE_Child

interface Cellular0/2/0 
 ip address negotiated
 ip nat outside
 load-interval 30
 dialer in-band
 dialer watch-group 1
 pulse-time 1
 service-policy output LTE_Parent
 ip virtual-reassembly
 ip virtual-reassembly-out

ip access-list extended 101
 permit ip any any dscp af33 <-- same value as on switch

 

with this settings other devices can upload as they wish if the WORKSTATION is also starting an upload the

others are throttled to 0 may need to adjust some values if possible but in general 0 for the other is fine in my case 

and its just if the workstation is taking heavy use of the connection

how fast and well this works i will need to see during the next days

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ino

‎10-03-2021 08:00 AM

Sorry, meant to suggest earlier marking if ISR 1K egress policy wouldn't allow usage of an ACL for matching.

The switch is one possibility, as you note.  Another might possibly be an ingress policy on the ISR's internal facing interface.

Generally, the Internet, and much else, will ignore ToS markings.

0 Helpful

Go to solution
ino
Level 1
Level 1

‎10-03-2021 08:59 AM

i can use acl for matching i just dont know what to match

if i have an acl with the target ip it works but if i have a source it doesnt 

permit ip host 10.0.0.11 any -- wont match traffic from 10.0.0.11

permit ip any host 1.2.3.4 -- will match traffic to 1.2.3.4 from any device its just no use to me

 

i suspect that the nat is done and then the acl so my internal ip is gone and replaced by the external

and so i cant match it any longer or something along the lines

 

i will stay for marking on the switch its seams more logic to me and better manageable

 

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to ino

‎10-03-2021 09:40 AM

Yes, NAT can cause issues with matching with an ACL.  But, generally, the router's ingress interface is "before" any NAT and can be used.

When matching on an ingress interface, remember policy or ACL needs to be "in" and insure you're matching correct source and/or destination IPs.

0 Helpful

Go to solution
ino
Level 1
Level 1

‎10-03-2021 12:29 PM

one more question 

can i some how set it up in the following way

 

i have a vm which in periodical intervals measures my internet speed i want it to be as accurate as possible so other traffic should be shaped to 0

this would be basically the setup i having now but whit out some extension this would then again block my workstation (or at least share the bandwidth) 

but that i have full speed on my workstation is even more important so traffic from there should throttle normal and also the measurement traffic

 

 

this is just some pseudo code not sure how to do it 

if at all i can cascade it 3 levels depth and how to 

set it up 

class-map match-all LTE_VM
 match access-group 101
class-map match-all LTE_Workstation
 match access-group 102
!
policy-map LTE_2
 class LTE_Workstation 
  priority 10240 
 class class-default 
  fair-queue
!
policy-map LTE_1 
 class LTE_VM 
  priority 10240 
 service-policy LTE_2
!
policy-map LTE_0 
 class class-default 
  shape average 10240000 
 service-policy LTE_1

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card