cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4687
Views
0
Helpful
11
Replies

QoS Traffic Shaping not working (but policing does work)

jprine224
Level 1
Level 1

I have been through every forum on the net for this on and am getting no where...PLEASE HELP!

Here is my situation,

I have lots of PPPoE users that get Virtual Access interfaces created upon login based on a virtual template. I need to traffic shape them. I know how to get it to work on an individual basis, because the policing within a service policy works fine. As soon as i change it to shaping it leaves things wide open.

I really dont care how it gets done, I just need to be able to specify a speed to be traffic shaped and apply that to a virtual template. I need to limit speeds on the download and upload, i understand that the upload i will use the policing, but the download i need it to smooth out the flow and be traffic shaped, not policed.

Here is my Policies and classes:

***

policy-map CHILD
class class-default
  bandwidth 1650
policy-map PARENT
class class-default
  shape average 1650000
  service-policy CHILD
****

Here is my Virtual Template:

****

interface Virtual-Template8
description pppoe-auth-FTTH
ip unnumbered FastEthernet0/0
ip access-group subs-in-FTTH in
ip mtu 1493
timeout absolute 6120 0
peer default ip address pool FTTH-POOL
ppp authentication pap pppoe-auth
ppp authorization pppoe-auth
ppp timeout idle 84600
service-policy output PARENT

****

Here is the Virtual Access Interface that gets created:

***

7200-ADSL#sho interfaces virtual-access 2.32 configuration
Virtual-Access2.32 is a PPP over Ethernet link (sub)interface

Derived configuration : 284 bytes
!
interface Virtual-Access2.32
ip unnumbered FastEthernet0/0
ip access-group subs-in-FTTH in
timeout absolute 6120 0
peer default ip address pool FTTH-POOL
ppp authentication pap pppoe-auth
ppp authorization pppoe-auth
ppp timeout idle 84600
service-policy output PARENT
end

***

AND HERE IS MY PROBLEM!!!

****

7200-ADSL#sho policy-map interface virtual-access 2.32
Virtual-Access2.32

  Service-policy output: PARENT

    Class-map: class-default (match-any)
      279116 packets, 369905269 bytes
      5 minute offered rate 8990000 bps, drop rate 0 bps
      Match: any
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)
          1650000/1650000   9900   39600     39600     24        4950

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                                   Delayed   Delayed   Active
             -       0               59         3501          0            0           no

      Service-policy : CHILD

        Class-map: class-default (match-any)
          279116 packets, 369905269 bytes
          5 minute offered rate 8990000 bps, drop rate 0 bps
          Match: any
          Queueing
            Output Queue: Conversation 73
            Bandwidth 1650 (kbps)Max Threshold 64 (packets)
           (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

****

The results i am getting is unrestrcited throughput, i am seeing about 40mb of throughput when the target is to limit to 1.65MB. As you can see from the output the PARENT class is seeing 279116 packets, but the shaper only saw 59. In all the examples i see on the internet these two numbers should be the same. Why is the shaper not acting on all the traffic crossing that class/policy?

Hardware/IOS:

Cisco IOS Software, 7200 Software (C7200-IK9SU2-M), Version 12.4(12), RELEASE SOFTWARE (fc1)

Thanks for any Input!

Joel

11 Replies 11

Edison Ortiz
Hall of Fame
Hall of Fame

Why are you using class class-default twice?

Why not having this instead:

policy-map PARENT
class class-default
  shape average 1650000

That would be easy! Unfortunately it gives the same results!

Thanks,

Joel

But if I use as you suggest, but with a "police" statement, it works fine! But I need shaping, not policing!

Thanks,

Joel

After a quick research, I've found that shaping is not supported on virtual-interfaces because the interface is unable to obtain "back pressure" information from the physical interface.

With that said, I suggest opening a TAC case to get a final confirmation. Perhaps, there is a service provider image that may support your requirement. You won't find the cool stuff on the mainline image.

Do you have the link stating this? because in my hours of research, it seems that people were able to get it working, but I will also look into it further.

Joel

All the information I got was from internal cases. I highly suggest you open a case for further troubleshooting. It may be an issue with the image you are running and TAC may offer a different image that works per your requirement.

I understand, however, we do not carry a support contract, so that is not an option.

In any case, i have found two articles that directly reference success using QoS on a virtual-template / Virtual-access, both are a little different from one another. I have not had a chance to test them, I will not be able to until friday now, but i will report back if i have any results.

Any other ideas are very welcome.
Thanks for you input,
Joel

PAnsell86
Level 1
Level 1

Hi Joel,

I may be way off track here but we do something similar to what i think you are trying to achieve....

We terminate a number of PPPoE sessions using radius based authentication. We cant apply a service policy directly to the virtual-template because all our users have different access requirements.  Rather all users access details (including shaping rules) are pushed out from our radius server based on the clients username and password.

So the radius file might look somthing like this: 

"username@domain" Password == "password"

                                        Service-Type              == Framed-User,

                                        Framed-Netmask        == 255.255.255.255,

                                        Framed-IP-Address     == x.x.x.x,

                                        Cisco-AVPair             == "lcp:interface-config=ip load-sharing per-destination"

                                        Cisco-AVPair             == "lcp:interface-config=rate-limit input rate burst maxburst conform-action transmit exceed-action drop"

                                        Cisco-AVPair             == "lcp:interface-config=rate-limit output rate burst maxburst conform-action transmit exceed-action drop"

The net result is somthing that looks like this.....

router#show run int vi12

Building configuration...

Current configuration : 297 bytes

!

interface Virtual-Access12

ip unnumbered Loopback0

ip load-sharing per-packet

rate-limit input 128000 16000 32000 conform-action transmit exceed-action drop

rate-limit output 512000 16000 32000 conform-action transmit exceed-action drop

end

This was taken off a Cisco 7206 running AdvancedIP 12.4 6 T2. We have a similar setup for services that require CB QoS but it requires some different AV Pairs and we had to upgrade our IOS to a different feature set to make it work.  

Not sure if any of that helps you at all.

Regards,

Peter

Yup, this is exactly what we are doing today, but the policing is causing some speed issues as it just drops any traffic over the limit, causing many tcp retransmissions. We have the bursts configured correct per the equation recommended by cisco, but when a customer runs a speed test for example it jumps all over the map because it is super fast until the token bucket is empty, then it slows WAY down because packets start to drop as they hit the cap transfer rate.

So the whole goal is to shape that traffic out so they see a smooth predictable speed limit. With the "rate-limit" and higher speeds such as 10mb or 20mb, it has been very difficult to get the exact limit predictably, it seems to jump all over + or - 3mb.

Thanks for the input!

Joel

Hello,

don't know if this may still be useful or not..

I had exactly the same issue and I succeded to make it work by applying the policy map

on the pvc portion of the configuration:

interface atm 0/0/0

xxx

xxx

xxx

pvc 8/21

service-policy output   Qos-Policy

that's it.

My equipment was a cisci 1841 with ios 15.0 M1

hope this may help.

bye

jprine224
Level 1
Level 1

Alright, very dissapointing but I am giving up, I am convinced there is somthing with my hardware/software that does not support this, everything configures fine, but it never gets shaped on the virtual interface. We have to move forward and since the solution we have in place is working (just not as we desired) we are satisfied. The solution we ended up using was  exactly like the one PAnsell86 posted above.

The only real drawback that we have seen is that because of the quick burst in the policing and then the dropped packets when the limit is exceeeded which is causeing retransmissions. But in production, the only thing this means is that the speedtest sites jump all over the place and do not hold a steady rate. It works much better at sub 10mb/sec, above that it gets crazy unpredictable results.

So in summary, we are willing to try to explain to the customer why the speedtest looks crazy and tell them to FTP for download a file, which gives them perfectly excepted download speeds. We seem to have the best results with the formula from cisco: (CIR * 0.125) * 1.5.

Thanks for all the input,

Joel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: