10-21-2019 12:18 AM
Hello
I would like to have your opinion/help. I want to put in place QoS because, sometimes, we have issues with our ToIP. I want to deploy a QoS to reserve a % of bandwidth when our WAN link (50Mbps) is statured.
I have this configuration on my core switches to mark trafic with specific dscp value (ToIP/Videoconf system = AF31, networks for servers = AF21,..). Regarding queue conf, I'm not familar and I'm not sure about the conf...
switch core conf
---------------
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100
mls qos queue-set output 1 threshold 4 40 100 100 100
mls qos
!
class-map match-any CM_REALTIME_VOICE_TOIP
description Infra Voice Flows
match access-group name ACL_REALTIME_VOICE_TOIP
class-map match-any CM_PREMIUM_VIDEO_SKYPE
description Skype Video Flows
match access-group name ACL_PREMIUM_VIDEO_SKYPE
class-map match-any CM_PREMIUM_VIDEOCONFERENCE
description Infra Video Flows
match access-group name ACL_PREMIUM_VIDEOCONFERENCE
class-map match-any CM_REALTIME_VOICE_SKYPE
description Skype Voice Flows
match access-group name ACL_REALTIME_VOICE_SKYPE
class-map match-any CM_DSCP-IN-D2INP
description Standard Data Flows
match access-group name ACL_DSCP-IN-D2INP
class-map match-any CM_DSCP-IN-D3INP
description Miscellaneous Data Flows
match access-group name ACL_DSCP-IN-D3INP
class-map match-any CM_PREMIUM_D1INP
description Premium Data Flows
match access-group name ACL_PREMIUM_D1INP
!
policy-map PM_QOS_MARKING_ACCESS
class CM_REALTIME_VOICE_TOIP
set dscp af31
class CM_REALTIME_VOICE_SKYPE
set dscp af31
class CM_PREMIUM_VIDEO_SKYPE
set dscp af31
class CM_PREMIUM_VIDEOCONFERENCE
set dscp af31
class CM_PREMIUM_D1INP
set dscp af31
class CM_DSCP-IN-D2INP
set dscp af21
class CM_DSCP-IN-D3INP
set dscp af11
class class-default
!
ip access-list extended ACL_CIMPA_DSCP-IN-D2INP
deny ip any any fragments
remark == standard ACL conf
permit ip 192.168.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
permit ip any 192.168.2.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_DSCP-IN-D3INP
permit tcp any any eq ftp
permit tcp any eq ftp any
permit tcp any any eq ftp-data
permit tcp any eq ftp-data any
permit udp any any eq tftp
permit udp any eq tftp any
permit tcp any any eq smtp
permit tcp any eq smtp any
permit tcp any any eq 989
permit tcp any eq 989 any
permit tcp any any eq 990
permit tcp any eq 990 any
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_D1INP
deny ip any any fragments
permit udp any 192.168.3.0 0.0.0.255 eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmptrap
permit udp any 192.168.3.0 0.0.0.255 eq snmptrap
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEOCONFERENCE
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEO_SKYPE
deny ip any any fragments
permit udp any range 50020 50039 any eq 3478
permit udp any range 50020 50099 any range 50000 59999
permit tcp any range 50020 50039 any eq 443
permit tcp any range 50020 50039 any range 50000 59999
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_SKYPE
deny ip any any fragments
permit udp any range 50000 50019 any eq 3478
permit udp any range 50000 50019 any range 50000 59999
permit tcp any range 50000 50019 any eq 443
permit tcp any range 50000 50019 any range 50000 59999
permit udp any range 50000 50019 any eq 3479
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_TOIP
remark == To exlcude fragmented packets
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
permit udp any range 16384 32767 192.172.1.0 0.0.1.255
deny ip any any
!
On my routeur, I have the following configuration. My goal is when our WAN link is satured (50Mbps), I have 20% of the bandwidth reserverd for the ToiP trafic to avoid bad performance, 40% of ramaining bandwidth not used by ToIP for servers trafic, etc... Is my configuration is correct ?
Router conf
---------
class-map match-all CRITICAL
match ip dscp af31
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
class CRITICAL
priority percent 20
class PRIORITY
bandwidth remaining percent 40
class PREMIUM
bandwidth remaining percent 30
class LOW
bandwidth remaining percent 20
class class-default
fair queue
policy-map shape_50M
class class-default
shape average 50000000
service-policy LAN-policy
!
interface GigabitEthernet0/0
description WAN-IF
ip address xx.xx.xx.xx 255.255.255.248
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 xxxxxxxxx
load-interval 30
service-policy output shape_50M
BR
Jerome
10-21-2019 05:52 AM - edited 10-21-2019 05:53 AM
When it comes to what's right for QoS, that really depends on your service needs. There's not enough information to really comment on that.
As to your router policy, I suggest your define class-deffault's bandwidth allocation too. (You might be assuming it's getting the unallocated 10% remaining, but Cisco, I believe, isn't clear what the allocation is for classes that don't explicitly allocate bandwidth.)
I'm unsure all router's shapers account for L2 overhead. If yours does not, allocate about 85% of nominal bandwidth.
BTW, you realize that LLQ has an implicit policer? I.e. if you exceed 20% for your CRITICAL class, excess might be dropped.
FQ is an excellent queuing choice. So much so, I find it often avoids the needs to have multiple non-LLQ classes. You might consider mapping your other non-LLQ into class-default as your bandwidth allocations between the ohter non-LLQ don't differ all that much.
10-21-2019 05:58 AM
When you say "BTW, you realize that LLQ has an implicit policer?", I don't really understand what you mean...
10-21-2019 06:41 AM
10-21-2019 07:03 AM
I hope that my critical traffic used for Voice call and Visioconference will never use all my WAN bandwidth (50Mpbs)...
But, my configuration is compliant with my objective to have always 20% of my WAN bandwitdth (20% of 50Mpbs) dedicated for my critical trafic and if I have user who launch many download, I will have always 20% of 50Mbps reserved for the critical trafic ?
10-21-2019 08:20 AM
10-21-2019 09:56 AM
So with this configuration, I can reach my objective to reserve 20% of bandwidth (50Mbps) when the link is satured to be sure that I have no poor performance for my critical traffic (ToIP + Videoconference) ? So with this method, even if I have lot of traffic on the WAN, I'm already sûre that 20% of 50Mbps will always allocated for Critical traffic ?
And about your comment regarding to define a class-default bandwidth allocation, is it ok with this conf ?
class-map match-all CRITICAL
match ip dscp af31 ef
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
class CRITICAL
priority percent 20
class PRIORITY
bandwidth remaining percent 40
class PREMIUM
bandwidth remaining percent 30
class class-default
bandwidth remaining percent 25
fair-queue
policy-map shape_50M
class class-default
shape average 50000000
service-policy LAN-policy
10-21-2019 11:05 AM - edited 10-21-2019 11:06 AM
"So with this configuration, I can reach my objective to reserve 20% of bandwidth (50Mbps) when the link is satured . . ."
Again, as noted in prior post, you're guaranteed a bandwidth, it's not reserved.
". . . that I have no poor performance for my critical traffic (ToIP + Videoconference) ?"
I understand your objective but . . .
"So with this method, even if I have lot of traffic on the WAN, I'm already sûre that 20% of 50Mbps will always allocated for Critical traffic ? "
. . . also again, you'll get your 20%, but that alone, without know much more about your traffic, cannot say whether your goal of not adverse impact will be achieved.
QoS implementations normally requirie monitoring and adjustment to insure your goals are being met (and whether QoS alone can meet them - sometime you do need more bandwidth (although not nearly as often as when you don't use QoS).
"And about your comment regarding to define a class-default bandwidth allocation, is it ok with this conf ? "
Did you intend to drop the LOW class?
I recommend you normally try to allocate 100% of bandwidth but at least now you do have an explicit bandwidth allocation for class-default.
10-22-2019 07:05 AM
Hello
I put in place the configuration discussed (guarantee 25% of our WAN bandwidth for my CRITICAL traffic) . When I enter the following command "show policy-map interface gigabitEthernet 0/0", I have this result :
GigabitEthernet0/0
Service-policy output: shape_50M
Class-map: class-default (match-any)
127441582 packets, 68356174282 bytes
30 second offered rate 21565000 bps, drop rate 180000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/262771/0
(pkts output/bytes output) 127228666/68091757995
shape (average) cir 50000000, bc 200000, be 200000
target shape rate 50000000
Service-policy : LAN-policy
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 10506038/2664004999
Class-map: CRITICAL (match-all)
20236258 packets, 8638014904 bytes
30 second offered rate 1304000 bps, drop rate 0000 bps
Match: ip dscp af31 (26) ef (46)
Priority: 25% (12500 kbps), burst bytes 312500, b/w exceed drops: 72
Class-map: PRIORITY (match-all)
60819347 packets, 43916041054 bytes
30 second offered rate 17102000 bps, drop rate 31000 bps
Match: ip dscp af21 (18)
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/41024/0
(pkts output/bytes output) 33042188/25117719310
bandwidth remaining 45%
Class-map: PREMIUM (match-all)
224000 packets, 32181757 bytes
30 second offered rate 7000 bps, drop rate 0000 bps
Match: ip dscp af11 (10)
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 83426/11900533
bandwidth remaining 35%
Class-map: class-default (match-any)
46161978 packets, 15769937953 bytes
30 second offered rate 3153000 bps, drop rate 131000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops/flowdrops) 0/79663/0/79663
(pkts output/bytes output) 46149450/15735720378
bandwidth remaining 20%
Fair-queue: per-flow queue limit 16 packets
The "drop 72" information in CRITICAL section that means I have traffic droped even whith 12500kpbs (25% of 50Mbps) guarantee ?
BR
10-22-2019 09:26 AM
10-22-2019 09:45 AM
If I launch a ping from my router to my other router, I have arround 12ms of latency.
I increased the BW allocation with 25% of guarantee for the Critical traffic (VOIP traffic) and this evening, I have that :
Class-map: CRITICAL (match-all)
24696570 packets, 9962622136 bytes
30 second offered rate 115000 bps, drop rate 0000 bps
Match: ip dscp af31 (26) ef (46)
Priority: 25% (12500 kbps), burst bytes 312500, b/w exceed drops: 191
Regarding your recommandation to increase the queue depths, how I can perform this modification to reduce the packet dropped ?
BR
10-22-2019 10:26 AM - edited 10-22-2019 10:31 AM
See if there is a queue-length command in policy-map class commands.
Oh, and for 12 ms and 50 Mbps, 64 packets is "in the ball park", so your might only trying doubling the value.
10-22-2019 11:26 AM
No there is no command in the policy-map command...
How I can change the value and which value do you recommend?
BR
10-22-2019 12:58 PM
10-22-2019 10:57 PM
Hi
Now, I have this configuration on my router. Do you think with this configuration, I can reach my main objective to guarantee always 25% of the WAN link (50Mbps) for Critical traffic (ToIP, Skype, Videoconferencing system) and to avoid to have dropped packet for all class ? And be certain that traffic generated by the class Priority, Premieux, default-class will never used all bandwidth ?
class-map match-all CRITICAL
match ip dscp af31 ef
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
class CRITICAL
priority percent 25
queue-limit 128 packets
class PRIORITY
bandwidth remaining percent 45
queue-limit 128 packets
class PREMIUM
bandwidth remaining percent 35
queue-limit 128 packets
class class-default
bandwidth remaining percent 20
fair-queue
queue-limit 128 packets
!
policy-map shape_50M
class class-default
shape average 50000000
queue-limit 128 packets
service-policy LAN-policy
!
interface GigabitEthernet0/0
description WAN-IF
ip address xx.xx.xx.xx 255.255.255.248
no ip redirects
no ip proxy-arp
load-interval 30
service-policy output shape_50M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide