Re: Qos

atiye.bigdeli · ‎07-23-2018

Hi my friends.

I want to configure qos in my brach router .

We have 2 Tunnel in branch router and have 2 different Wan Links that hast different speeds and each has a subinterface

fa 0/1.200 ==> 256 Kbps

fa 0/2.500 ==> 512 Kbps

I dont know I should enable qos in which interface

fa0/1 or subinterfaces or tunnels?

Best Regards

Georg Pauwen · ‎07-24-2018

Hello,

QoS over tunnel interfaces is usually not a good idea, better put your QoS on the subinterfaces.

The below should work:

policy-map 256_KBPS_POLICY
class class-default
shape average 256000
fair-queue

policy-map 512_KBPS_POLICY
class class-default
shape average 512000
fair-queue

fa 0/1.200 ==> 256 Kbps
service-policy 256_KBPS_POLICY out

fa 0/2.500 ==> 512 Kbps
service-policy 512_KBPS_POLICY out

atiye.bigdeli · ‎07-24-2018

Thank you for your answer and help.

I want to specify certain bandwidth for some server and protocol, using access lists and NBAR.

Can I config something like that, below the subinterface?

policy-map child-policy
class Important-class
bandwidth percent 60
class Medium-class
bandwidth percent 20
class MGMT
bandwidth percent 20
class class-default
fair-queue

policy-map 512_kbps_Policy
class class-default
shape average 512000
service-policy child-policy

policy-map 256_kbps_Policy
class class-default
shape average 256000
service-policy child-policy

Joseph W. Doherty · ‎07-24-2018

You might, but unless you really understand QoS, I would suggest you first try FQ for all your traffic. Also, BTW, your child policy allocates 100% of the bandwidth leaving "none" for class-default.

atiye.bigdeli · ‎07-24-2018

"You might, but unless you really understand QoS, I would suggest you first try FQ for all your traffic."

could you please, explain more about this.

Cant I use parent and child policy in this situation. and should I use fair-queue?

Best Regards

Joseph W. Doherty · ‎07-24-2018

"Cant I use parent and child policy in this situation. and should I use fair-queue?"

Yes you can use parent and child policies. What I was suggesting was for you to first try just using FQ in class-default for all your traffic. I.e. avoid using other classes unless you find you really need to use them.

FQ generally keeps a few bandwidth hogs from impacting other lightweight flows. Normally, I only suggest using other classes if you have lots of bandwidth hogs and/or delay or drop sensitive traffic that really needs SLA guarantees.

BTW, often people think for QoS to be effective, you must bump up your "important" traffic. However, sometimes, much the same might be accomplished by bumping down less important bulk traffic instead.

A good example of how easy it's to overlook something, for one company I placed SSH traffic in our "important-class" as we used SSH for network device management. That worked great until the day someone started doing bulk data transfers using SCP, which uses SSH. That one SCP flow "crushed" all other traffic in the same "important" class, and since its class pretty much had priority over other classes too, it also crushed them.

atiye.bigdeli · ‎07-24-2018

Hi

Yes we have delay or drop sensitive traffic and we need to guarantee BW for some traffics towards specific servers, I want to do that using ACL.

"A good example of how easy it's to overlook something, for one company I placed SSH traffic......"

That was a great example. thanks

Joseph W. Doherty · ‎07-25-2018

"Yes we have delay or drop sensitive traffic and we need to guarantee BW for some traffics towards specific servers, I want to do that using ACL."

Well then, you can accomplish that with an ACL to match the traffic you want to treat differently. You can use different child policy classes, like what you've posted.

BTW, a few more points to keep in mind. When using tunnels, don't forget to do all you can to do so in such a way to avoid fragmentation. With shapers, I'm not always convinced that Cisco's account for L2 overhead. If it appears they do not, just shape "slower" than your "nominal" bandwidth (usually about 15% seems to work well).

atiye.bigdeli · ‎07-27-2018

Hi Joseph

Joseph W. Doherty · ‎07-30-2018

How to Tshoot? Well, first insure you're ACLs are structured correctly. If you post them, we might spot something.

Joseph W. Doherty · ‎07-24-2018

"QoS over tunnel interfaces is usually not a good idea . . ."

Georg could you explain your thinking on this?

"policy-map ###_KBPS_POLICY
class class-default
shape average ###000
fair-queue"

BTW, I'm not 100% sure what kind of behavior this class policy will provide, especially across different IOSs. If you're trying to insure the shaped traffic is fair-queued, per class, you might need to do this . . .

policy-map ##_KBPS_POLICY
class class-default
shape average ###000
service-policy FQ

policy-map FQ
class class-default
fair-queue

Joseph W. Doherty · ‎07-24-2018

"I dont know I should enable qos in which interface

fa0/1 or subinterfaces or tunnels?"

This is an "it depends" answer. Sometimes you'll want QoS on both a physical interface and logical interface. If there's only one tunnel/subinterface per physical interface, you can often just place QoS on the physical interface.

BTW, Georg shows using a shaper. Using a shaper if often crucial whenever there's a known downstream reduction of bandwidth compared to what the physical interface offers.

atiye.bigdeli · ‎07-24-2018

Hi.

Thanks so much for your help.

really I have 2 WAN links and 4 tunnels, because we have 2 cores and I created 2 tunnel for every WAN Link

tu1: wan 1 => core 1

tu2: wan 1 => core 2

tu3: wan 2 => core 1

tu4: wan 2 => core 2

wan 1 fa0/1.200: 256 Kbps

wan 2 fa0/1.500: 512 Kbps

according to your answer because I have more than one subinterface/tunnel per physical interface I cant place QoS on the physical interface, and I should apply 2 policy for 2 subinterfaces?

Best Regars

Joseph W. Doherty · ‎07-24-2018

"according to your answer because I have more than one subinterface/tunnel per physical interface I cant place QoS on the physical interface, and I should apply 2 policy for 2 subinterfaces?"

Not exactly. Yes, if you have more than one subinterface/tunnel, you'll likely want QoS specific for it. However, in such cases, sometimes you still want QoS on the physical interface. Such would be desired if the aggregate of the subordinates can exceed maximum available bandwidth (probably not true in this case).

So, yes, if you have multiple subinterface/tunnels you would likely want QoS on each.

BTW, why do you have subinterfaces and tunnels? (I suspect the subinterfaces are for some logical circuit between sites, if so, you're using tunnels are to add encryption?)

atiye.bigdeli · ‎07-24-2018

Hi

We use sub-interfaces to get separate services from ISP. and use tunnel to route LAN traffics, use IPsec and create HA with two core Routers in central point.

Best Regards