QoS with NBAR (8-Class)

John.Mayer · ‎10-23-2023

Hi

Basically, I'm trying to implement QoS between our WAN routers with NBAR (8-Class QoS). Currently, I'm running IP Nbar discovery under my interfaces to see what's running. Also, create a class-map for my apps.
Our issue is we use subinterfaces between all connections and have different platforms from 2911 to ASR1002.

After I tried using service-policy under subinterfaces I got an error saying "CBWFQ: not supported on subinterface", then I tried using PARENT and hierarchical QoS, and I got an error saying "Cannot attach queining-based child policy to a non-queuing-based class".

some part of config:

class-map match-any MS-Teams-Traffic
match protocol ms-teams-video
match protocol ms-teams-audio
match protocol ms-teams-app-sharing
match protocol ms-teams
match protocol ms-teams-media

class-map match-any Business-Traffic
match protocol HTTP
match protocol SSL
match protocol ssl-local-net
match protocol adobe-services

policy-map QoS
class Data-Traffic
priority percent 25
class MS-Teams-Traffic
priority percent 25
class Business-Traffic
priority percent 15
class Default-Traffic
priority percent 5

pieterh · ‎10-23-2023

>>> "Cannot attach queining-based child policy to a non-queuing-based class". <<<
I suggest NBAR is only looking at the protocol used, not the QoS field (TOS/CS/DSCP etc )
-> you need to assign a QoS tag to the protocols discovered within the class-map
table-3 in QoS Best Practices At-a-Glance (cisco.com)
based on this tag, the packet can be placed in the respective queue

Joseph W. Doherty · ‎10-24-2023

"I suggest NBAR is only looking at the protocol used, not the QoS field (TOS/CS/DSCP etc )"

Correct, NBAR doesn't examine the ToS.

"you need to assign a QoS tag to the protocols discovered within the class-map

table-3 in QoS Best Practices At-a-Glance (cisco.com)

based on this tag, the packet can be placed in the respective queue"

Since, OP didn't post exactly what they did, what they need to do is unknowable, but unless Cisco has recently changed how NBAR works with CBWFQ, it can direct traffic to egress queues without ToS tags.

Joseph W. Doherty · ‎10-24-2023

"After I tried using service-policy under subinterfaces I got an error saying "CBWFQ: not supported on subinterface", . . ."

That's because CBWFQ doesn't know when to queue (for the subinterface).

". . . then I tried using PARENT and hierarchical QoS, and I got an error saying "Cannot attach queining-based child policy to a non-queuing-based class".

Since you didn't post what you actually did, I can only suspect what the problem might be.

John.Mayer · ‎10-25-2023

what information do you need.

at the moment I do the below:

1. enable NBAR on my outgoing interface

2. create class-mape based on my requirement

3. create policy map to shape my traffic based on class-maps

4. create a PARENT policy map with below config

policy-map PARENT
class class-default
shape average 20000
service-policy CBWFQ
if I use the shape average under PARENT policy, it accepted by subinterface

Joseph W. Doherty · ‎10-25-2023

"if I use the shape average under PARENT policy, it accepted by subinterface"

That's EXACTLY what I suspected your problem to be.

The shaper creates a known bandwidth restriction so that now the sub interface policy knows when to queue packets.

John.Mayer · ‎10-25-2023

so which method do you prefer to have a better QoS: using the manual class-maps based on NBAR or using the dscp tags?

I need QoS to prioritize ms-teams (include voice and video), office365, Webex and http(s) over other traffics.

Joseph W. Doherty · ‎10-25-2023

ToS tags are more "efficient".

The question, though, how/what sets the tags.

A recommended approach is at a trust boundary, like the host's edge port, you validate and/or reset ToS tags which you alone use within the trust boundary. For example, you might use an ingress policy, using NBAR, at the edge to insure ToS is set as desired. Then you can just use ToS for egress policies as you transit additional network devices.