cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2892
Views
0
Helpful
13
Replies

QoS | question about "bandwidth percent" command and working of QoS

Hello,

I wan't to clear a view things out and also have some question about a not working configuration.

First of all the QoS config i set on a router.

!
class-map match-any CM-QoS-Gold
 match access-group name ACL-QoS-Gold
!
policy-map PM-QoS-Gold
 class CM-QoS-Gold
 bandwidth percent 75
!
ip access-list extended ACL-QoS-Gold
 permit tcp any any eq 3389
 permit tcp any eq 3389 any
!
interface BVI1
 service-policy output PM-QoS-Gold
!

First thing i want to get clear is the "bandwidth percent" command.

I know this command will ensures the RDP traffic does not uses more than 75% of the bandwidth.

But does this command/this config also ensures RDP traffic always get 75% of the bandwidth when it needs to? i can't really find a answer for this one. Also cbt nuggets doesn't really go deep on this command;).

Also, i have a problem with the above config.

Just to get more info about the setup:

I have a test router, which gets DHCP on BVI1.

I manage the router on a loopback IP.

We can assume routing and the whole config whit ACLs is working fine.

When i apply the above configuration, there is no traffic possible any more to or from the BVI1 interface or loopback interface.

But when i run a ping from the inside "LAN" to the outside "WAN" (so, inbound to outbound traffic) ping will keep running for like 5 minutes or so.

Then the BVI interface loses his IP address.

When i delete the policy map on the bvi interface, traffic doesn't come back and a reboot of the router is needed.

Maybe someone got an idea of what i am doing wrong? 

13 Replies 13

e.ciollaro
Level 4
Level 4

Hi Geoffrey

I know this command will ensures the RDP traffic does not uses more than 75% of the bandwidth.

Not exactly: this is not policing, this is CBWFQ so the policy apply only when interf is congested (i.e tx-ring si full). Moreover bandwidth guarantees that, in case of congestion, each queue has, as a minimum, the amount of bandwidth  you specify but in case you have n queues and some of them require less bandwidth then you specify, their bandwidth is proportionally split between the others queues. So, if you have 3 queue with bandwidth 50, 30 and 10%  and there is no traffic for the second one, the available bandwidth is split between the other two with a rate of 5:1 more or less 83% to the first and 17% to the third.

For the config I don't know what's wrong, I've never used CBWFQ under BVI interf.

Did you try to configure it under physical interf that are part of the BVI group ?

enrico

Enrico,

Thanks for replying, and give me a lot more to read about rx/tx rings and CBWFQ;).

about applying the policy map at the physical interface, thats a good point. Stupid that i didn't think about this one. This also seems to be a little logical, as the physical interface really has the bandwidth. I will test this tomorrow morning first thing, as I just looked myself out of the test router at the office(forgot to do a reload in....):D

Just to be sure i have it right about the bandwidth percents.

1. at this point i have 2 queues, one for the specified traffic and one for the default traffic?

2. the "specified traffic queue" will always get at least 75 of the interface bandwidth?

For example:

lets say i have a 100 kbps interface bridged at my bvi1. 

In this case all traffic hitting the ACL-QoS-Gold will get at least 75 kbps, or more when available?

and al other will get at least 25 kbps or more when available?

Just watched another CBT nugget on this topic, where they explain it all. So the "bandwidth percent" is not a question any more. 

Its guarantees at least the minimum of bandwidth specified in the command.

But still the configuration does not work:(

Hello,

Refer to http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-policing/10104-qos-subint.html

I believe the same concept applies to the BVI interface as its a logical interface. You cannot do queueing on logical interfaces. 

Cisco IOS logical interfaces do not inherently support a state of congestion and do not support the direct application of a service policy that applies a queueing method. Instead, you first need to apply shaping to the subinterface using either generic traffic shaping (GTS) or class-based shaping.

Just to be sure i have it right about the bandwidth percents.

1. at this point i have 2 queues, one for the specified traffic and one for the default traffic?

yes,

2. the "specified traffic queue" will always get at least 75 of the interface bandwidth?

yes

In this case all traffic hitting the ACL-QoS-Gold will get at least 75 kbps, or more when available?

and al other will get at least 25 kbps or more when available?

right (remember that CBWFQ works just in case of congestion)

Enrico,

We bridge the bvi with a sub atm interface.

So when i apply the policy map on the atm0.32 we get the following message:

 CBWFQ : Not supported on subinterfaces

Because we use VRF, and put each sub interface in a VRF, its not possible to apply the policy-map on the atm0.

But if we wan't to apply, i get the following message.

GTS: Not supported on this ATM interface. Queueing policies must be attached to a specific ATM PVC.

At this point, i'm really lost in this problem...:D 

Could you post the whole config, a network draft , and show policy-map interf PM-QoS-Gold ?

I'm a little bit confused about the network architecture. BVI is the WAN, right ? And it gets its IP address via DHCP ?

Without the policy-map everything works fine ?

But when i run a ping from the inside "LAN" to the outside "WAN" (so, inbound to outbound traffic) ping will keep running for like 5 minutes or so.

5 minutes... I wonder if it has something to do with Mac Address Table

enrico

Enrico,

Because we are a managing our own WAN, i rather not put a network draft on here.

I'm a little bit confused about the network architecture. BVI is the WAN, right ? And it gets its IP address via DHCP ?

Yes

Without the policy-map everything works fine ?

Yes

This is the show run of my test router.

For your view, the ATM0 is connected to a DSL. Which ends at our juniper core.

version 15.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TEST-C32099
!
boot-start-marker
boot system flash flash:c880data-universalk9-mz.154-3.M7.bin
boot-end-marker
!
!
logging buffered 123000 informational
logging console critical
!
aaa new-model
!
!
aaa group server radius RadiusServers
server x.x.x.x auth-port 1812 acct-port 1813
!
aaa authentication login default group RadiusServers local
aaa authentication ppp default if-needed group RadiusServers local
aaa authorization exec default group RadiusServers local
aaa authorization network default group RadiusServers local
aaa accounting delay-start
aaa accounting exec default start-stop group RadiusServers
aaa accounting network default start-stop group RadiusServers
!
!
!
!
!
aaa session-id common
memory-size iomem 10
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
errdisable recovery cause bpduguard
errdisable recovery cause rootguard
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery interval 60
!
!
!
!
!
!
!
no ip source-route
ip arp proxy disable
!
!
!
!
!
!
!
!


!
ip vrf VR-TEST-VOICE
description VR-TEST-VOICE
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name twsnetworks.com
ip cef
login delay 2
login on-failure log
login on-success log every 5
no ipv6 cef
!
!
multilink bundle-name authenticated
cts logging verbose
!
!
vtp mode transparent
!
!
!
!
!
controller VDSL 0
!
vlan 10
!
vlan 20
name TEST-voice
no cdp run
!
!
class-map match-any CM-QoS-Gold
match access-group name ACL-QoS-Gold
!
policy-map PM-QoS-Gold
class CM-QoS-Gold
bandwidth percent 75
!
!
!
!
!
!
bridge irb
!
!
!
!
interface Loopback1
ip address y.y.y.y 255.255.255.255
!
interface Ethernet0
no ip address
shutdown
!
interface Ethernet0.32
description TEST-data
encapsulation dot1Q 32
bridge-group 1
!
interface Ethernet0.33
description TEST-voice
encapsulation dot1Q 33
bridge-group 2
!
interface ATM0
no ip address
load-interval 30
no atm ilmi-keepalive
!
interface ATM0.32 point-to-point
bridge-group 1
pvc 2/32
encapsulation aal5snap
!
!
interface ATM0.33 point-to-point
bridge-group 2
pvc 3/33
vbr-rt 256 256 1
encapsulation aal5snap
!
!
interface FastEthernet0
description klant_data-voice
switchport trunk allowed vlan 1,2,20,1002-1005
switchport mode trunk
no ip address
!
interface FastEthernet1
description klant-DATA
no ip address
shutdown
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface Vlan1
description TEST-data
ip address 10.255.255.254 255.255.255.0
ip helper-address w.w.w.w
ip helper-address v.v.v.v
ip virtual-reassembly in
ip tcp adjust-mss 1436
no autostate
!
interface Vlan20
description TEST-voice
ip vrf forwarding VR-TEST-VOICE
ip address 10.255.254.254 255.255.255.0
ip helper-address w.w.w.w
ip helper-address v.v.v.v
ip virtual-reassembly in
ip tcp adjust-mss 1460
no autostate
!
interface BVI1
ip address dhcp
ip virtual-reassembly in
service-policy output PM-QoS-Gold
!
interface BVI2
ip vrf forwarding VR-TEST-VOICE
ip address dhcp
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
ip access-list extended ACL-QoS-Gold
permit tcp any any eq 3389
permit tcp any eq 3389 any
!
!
snmp-server community rmvRO RO 23
snmp-server community TESTReadOnly RO 23
access-list 23 remark TTY Security
access-list 23 remark TWSNET-MGT
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
banner login ^CCC
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in vrf-also
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

!

!

TEST-C32099#show policy-map interface bvi 1
BVI1

Service-policy output: PM-QoS-Gold

Class-map: CM-QoS-Gold (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ACL-QoS-Gold
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 75% (3456 kbps)

Class-map: class-default (match-any)
1 packets, 354 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any

queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 1/354

This is the output of a debug dhcp detail:

000117: *Jul 5 16:38:10.207 CEST: DHCP: Client socket is opened
000118: *Jul 5 16:38:11.207 CEST: DHCP: QScan: Renewal..T2 fired..Rebinding
000119: *Jul 5 16:38:11.207 CEST: DHCP: SRequest attempt # 1 for entry:
000120: *Jul 5 16:38:11.207 CEST: Temp IP addr: 172.31.254.99 for peer on Interface: BVI1
000121: *Jul 5 16:38:11.207 CEST: Temp sub net mask: 255.255.255.0
000122: *Jul 5 16:38:11.207 CEST: DHCP Lease server: 172.31.254.250, state: 6 Rebinding
000123: *Jul 5 16:38:11.207 CEST: DHCP transaction id: 24EB
000124: *Jul 5 16:38:11.207 CEST: Lease: 300 secs, Renewal: 150 secs, Rebind: 262 secs
000125: *Jul 5 16:38:11.207 CEST: Temp default-gateway addr: 172.31.254.250
000126: *Jul 5 16:38:11.207 CEST: Next timer fires after: 00:00:39
000127: *Jul 5 16:38:11.207 CEST: Retry count: 1 Client-ID: cisco-4c00.823d.8d2c-BV1
000128: *Jul 5 16:38:11.207 CEST: Client-ID hex dump: 636973636F2D346330302E383233642E
000129: *Jul 5 16:38:11.207 CEST: 386432632D425631
000130: *Jul 5 16:38:11.207 CEST: Hostname: TEST-C32099
000131: *Jul 5 16:38:11.207 CEST: DHCP: SRequest - ciaddr: 172.31.254.99
000132: *Jul 5 16:38:11.207 CEST: DHCP: SRequest placed class-id option: 636973636F706E70
000133: *Jul 5 16:38:11.207 CEST: DHCP: SRequest: 312 bytes
000134: *Jul 5 16:38:11.207 CEST: DHCP: SRequest: 312 bytes
000135: *Jul 5 16:38:11.207 CEST: B'cast on BVI1 interface from 172.31.254.99
000136: *Jul 5 16:38:50.207 CEST: DHCP: QScan: Rebind..LT fired..Halting
000137: *Jul 5 16:38:50.207 CEST: DHCP: Sending notification of TERMINATION:
000138: *Jul 5 16:38:50.207 CEST: Address 172.31.254.99 mask 255.255.255.0
000139: *Jul 5 16:38:50.207 CEST: DHCP: Address lease expired. Attempting Shutdown
000140: *Jul 5 16:38:50.207 CEST: DHCP: Releasing ipl options:
000141: *Jul 5 16:38:50.207 CEST: Clearing default gateway and route to 172.31.254.250
000142: *Jul 5 16:38:50.207 CEST: Removing old default route 172.31.254.250
000143: *Jul 5 16:38:50.207 CEST: %DHCP-5-RESTART: Interface BVI1 is being restarted by DHCP
000144: *Jul 5 16:38:50.207 CEST: DHCP: Release IPL called for interface BVI1 in state 11
000145: *Jul 5 16:38:50.207 CEST: RAC: DHCP stopped on interface BVI1
000146: *Jul 5 16:38:52.207 CEST: %LINK-5-CHANGED: Interface BVI1, changed state to administratively down
000147: *Jul 5 16:38:53.207 CEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
000148: *Jul 5 16:38:53.211 CEST: DHCP: DHCP client process started: 10
000149: *Jul 5 16:38:53.211 CEST: RAC: Starting DHCP discover on BVI1
000150: *Jul 5 16:38:53.211 CEST: DHCP: Try 1 to acquire address for BVI1
000151: *Jul 5 16:38:53.215 CEST: DHCP: allocate request
000152: *Jul 5 16:38:53.215 CEST: DHCP: zapping entry in DHC_PURGING state for BV1
000153: *Jul 5 16:38:53.215 CEST: DHCP: deleting entry 8A2C1D88 172.31.254.99 from list
000154: *Jul 5 16:38:53.215 CEST: Temp IP addr: 172.31.254.99 for peer on Interface: BVI1
000155: *Jul 5 16:38:53.215 CEST: Temp sub net mask: 255.255.255.0
000156: *Jul 5 16:38:53.215 CEST: DHCP Lease server: 172.31.254.250, state: 11 Purging
000157: *Jul 5 16:38:53.215 CEST: DHCP transaction id: 24EB
000158: *Jul 5 16:38:53.215 CEST: Lease: 300 secs, Renewal: 150 secs, Rebind: 262 secs
000159: *Jul 5 16:38:53.215 CEST: Next timer fires after: 00:00:31
000160: *Jul 5 16:38:53.215 CEST: Retry count: 0 Client-ID: cisco-4c00.823d.8d2c-BV1
000161: *Jul 5 16:38:53.215 CEST: Client-ID hex dump: 636973636F2D346330302E383233642E
000162: *Jul 5 16:38:53.215 CEST: 386432632D425631
000163: *Jul 5 16:38:53.215 CEST: Hostname: TEST-C32099
000164: *Jul 5 16:38:53.215 CEST: DHCP: new entry. add to queue, interface BVI1
000165: *Jul 5 16:38:53.215 CEST: DHCP: SDiscover attempt # 1 for entry:
000166: *Jul 5 16:38:53.215 CEST: Temp IP addr: 0.0.0.0 for peer on Interface: BVI1
000167: *Jul 5 16:38:53.215 CEST: Temp sub net mask: 0.0.0.0
000168: *Jul 5 16:38:53.215 CEST: DHCP Lease server: 0.0.0.0, state: 3 Selecting
000169: *Jul 5 16:38:53.215 CEST: DHCP transaction id: 11E0
000170: *Jul 5 16:38:53.215 CEST: Lease: 0 secs, Renewal: 0 secs, Rebind: 0 secs
000171: *Jul 5 16:38:53.215 CEST: Next timer fires after: 00:00:04
000172: *Jul 5 16:38:53.215 CEST: Retry count: 1 Client-ID: cisco-4c00.823d.8d2c-BV1
000173: *Jul 5 16:38:53.215 CEST: Client-ID hex dump: 636973636F2D346330302E383233642E
000174: *Jul 5 16:38:53.219 CEST: 386432632D425631

Hi

looking the config make me more confused:

  • router has no route or routing protocol, I guess routing is to the default gateway learned by the DHCP, really unusual in my experience
  • why you didn't just config an IP address for BVI instead of using DHCP ?
  • traffic between ATM and Ethernet is bridged not routes so it doesn't go through the BVI (traffic through the BVI is just the traffic to/from Loopback). If so, what's the purpose of the policy-map ? It can't limit RDP from Ethernet. If the purpose is to limit RDP from LAN to WAN  and you can't configure the policy-map on ATM interf, why don't you route between LAN and MAN and configure an input policer on LAN interf ?

Reguarding DHCP the debug isn't very clear to me but I noticed that lease is 5 minutes:

000124: *Jul 5 16:38:11.207 CEST: Lease: 300 secs, Renewal: 150 secs, Rebind: 262 secs

so I suppose that BVI looses the IP every 5 minute because the lease is over.

Enrico

  • router has no route or routing protocol, I guess routing is to the default gateway learned by the DHCP, really unusual in my experience

Yes

  • why you didn't just config an IP address for BVI instead of using DHCP ?

It's easier to roll out DSL routers this way

  • traffic between ATM and Ethernet is bridged not routes so it doesn't go through the BVI (traffic through the BVI is just the traffic to/from Loopback).

Please explain to me some more? in my opinion traffic from vlan 1 is routed to the atm interface right? its not in the same bridge (broadcast) domain...?

  • If so, what's the purpose of the policy-map ? It can't limit RDP from Ethernet. If the purpose is to limit RDP from LAN to WAN  and you can't configure the policy-map on ATM interf, why don't you route between LAN and MAN and configure an input policer on LAN interf ?

If i apply the policy map on the LAN interface, it will take 75% of the bandwidth op that interface. so i will have to shape the LAN interface to the bandwidth the WAN interface has, or shape to kbps and make a different policy map for each DSL speed. So this way seemed to be easier to apply on different interfaces:D. 

  • traffic between ATM and Ethernet is bridged not routes so it doesn't go through the BVI (traffic through the BVI is just the traffic to/from Loopback).

Please explain to me some more? in my opinion traffic from vlan 1 is routed to the atm interface right? its not in the same bridge (broadcast) domain...?

Yes, you're right I forgot that interface :-(

Reguarding DHCP the debug isn't very clear to me but I noticed that lease is 5 minutes:

000124: *Jul 5 16:38:11.207 CEST: Lease: 300 secs, Renewal: 150 secs, Rebind: 262 secs

so I suppose that BVI looses the IP every 5 minute because the lease is over.

Yes;) thats why i put the debug on here.

Review Cisco Networking for a $25 gift card