cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4145
Views
0
Helpful
20
Replies

QoS

Jerome C.
Level 1
Level 1

Hello

I would like to have your opinion/help. I want to put in place QoS because, sometimes, we have issues with our ToIP. I want to deploy a QoS to reserve a % of bandwidth when our WAN link (50Mbps) is statured. 

 

I have this configuration on my core switches to mark trafic with specific dscp value (ToIP/Videoconf system = AF31, networks for servers = AF21,..). Regarding queue conf, I'm not familar and I'm not sure about the conf...

 

switch core conf

---------------

mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100
mls qos queue-set output 1 threshold 4 40 100 100 100
mls qos
!
class-map match-any CM_REALTIME_VOICE_TOIP
description Infra Voice Flows
match access-group name ACL_REALTIME_VOICE_TOIP
class-map match-any CM_PREMIUM_VIDEO_SKYPE
description Skype Video Flows
match access-group name ACL_PREMIUM_VIDEO_SKYPE
class-map match-any CM_PREMIUM_VIDEOCONFERENCE
description Infra Video Flows
match access-group name ACL_PREMIUM_VIDEOCONFERENCE
class-map match-any CM_REALTIME_VOICE_SKYPE
description Skype Voice Flows
match access-group name ACL_REALTIME_VOICE_SKYPE
class-map match-any CM_DSCP-IN-D2INP
description Standard Data Flows
match access-group name ACL_DSCP-IN-D2INP
class-map match-any CM_DSCP-IN-D3INP
description Miscellaneous Data Flows
match access-group name ACL_DSCP-IN-D3INP
class-map match-any CM_PREMIUM_D1INP
description Premium Data Flows
match access-group name ACL_PREMIUM_D1INP
!
policy-map PM_QOS_MARKING_ACCESS
class CM_REALTIME_VOICE_TOIP
set dscp af31
class CM_REALTIME_VOICE_SKYPE
set dscp af31
class CM_PREMIUM_VIDEO_SKYPE
set dscp af31
class CM_PREMIUM_VIDEOCONFERENCE
set dscp af31
class CM_PREMIUM_D1INP
set dscp af31
class CM_DSCP-IN-D2INP
set dscp af21
class CM_DSCP-IN-D3INP
set dscp af11
class class-default
!
ip access-list extended ACL_CIMPA_DSCP-IN-D2INP
deny ip any any fragments
remark == standard ACL conf
permit ip 192.168.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
permit ip any 192.168.2.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_DSCP-IN-D3INP
permit tcp any any eq ftp
permit tcp any eq ftp any
permit tcp any any eq ftp-data
permit tcp any eq ftp-data any
permit udp any any eq tftp
permit udp any eq tftp any
permit tcp any any eq smtp
permit tcp any eq smtp any
permit tcp any any eq 989
permit tcp any eq 989 any
permit tcp any any eq 990
permit tcp any eq 990 any
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_D1INP
deny ip any any fragments
permit udp any 192.168.3.0 0.0.0.255 eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmptrap
permit udp any 192.168.3.0 0.0.0.255 eq snmptrap
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEOCONFERENCE
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEO_SKYPE
deny ip any any fragments
permit udp any range 50020 50039 any eq 3478
permit udp any range 50020 50099 any range 50000 59999
permit tcp any range 50020 50039 any eq 443
permit tcp any range 50020 50039 any range 50000 59999
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_SKYPE
deny ip any any fragments
permit udp any range 50000 50019 any eq 3478
permit udp any range 50000 50019 any range 50000 59999
permit tcp any range 50000 50019 any eq 443
permit tcp any range 50000 50019 any range 50000 59999
permit udp any range 50000 50019 any eq 3479
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_TOIP
remark == To exlcude fragmented packets
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
permit udp any range 16384 32767 192.172.1.0 0.0.1.255
deny ip any any

!

On my routeur, I have the following configuration. My goal is when our WAN link is satured (50Mbps), I have 20% of the bandwidth reserverd for the ToiP trafic to avoid bad performance, 40% of ramaining bandwidth not used by ToIP for servers trafic, etc... Is my configuration is correct ?

 

Router conf

--------- 

class-map match-all CRITICAL
match ip dscp af31
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
  class CRITICAL
    priority percent 20
 class PRIORITY
    bandwidth remaining percent 40
 class PREMIUM
    bandwidth remaining percent 30
 class LOW
    bandwidth remaining percent 20
 class class-default
    fair queue
policy-map shape_50M
  class class-default
  shape average 50000000
  service-policy LAN-policy
!
interface GigabitEthernet0/0
description WAN-IF
ip address xx.xx.xx.xx 255.255.255.248
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 xxxxxxxxx
load-interval 30
service-policy output shape_50M

 

BR

Jerome

20 Replies 20

Joseph W. Doherty
Hall of Fame
Hall of Fame

When it comes to what's right for QoS, that really depends on your service needs. There's not enough information to really comment on that.

As to your router policy, I suggest your define class-deffault's bandwidth allocation too. (You might be assuming it's getting the unallocated 10% remaining, but Cisco, I believe, isn't clear what the allocation is for classes that don't explicitly allocate bandwidth.)

I'm unsure all router's shapers account for L2 overhead. If yours does not, allocate about 85% of nominal bandwidth.

BTW, you realize that LLQ has an implicit policer? I.e. if you exceed 20% for your CRITICAL class, excess might be dropped.

FQ is an excellent queuing choice. So much so, I find it often avoids the needs to have multiple non-LLQ classes. You might consider mapping your other non-LLQ into class-default as your bandwidth allocations between the ohter non-LLQ don't differ all that much.

When you say "BTW, you realize that LLQ has an implicit policer?", I don't really understand what you mean... 

It means there's a hidden "police 20%" function on the class. However, unlike an explicit policer, the implicit policer, on many platforms, only engages when traffic is being queued. In such a case, it means if there was only your CRITICAL traffic consuming 80% of link,, that would be allowed, but if there was other traffic that the offered rate exceeded 100% of link capacity, CRITICAL traffic offered in excess of your 20% would be dropped.

I hope that my critical traffic used for Voice call and Visioconference will never use all my WAN bandwidth (50Mpbs)...

 

But, my configuration is compliant with my objective to have always 20% of my WAN bandwitdth (20% of 50Mpbs) dedicated for my critical trafic and if I have user who launch many download, I will have always 20% of 50Mbps reserved for the critical trafic ? 

Yes, your CRITICAL class is guaranteed 20%, although under certain conditions it may use more.

Further, this bandwidth is guaranteed, not reserved. Whatever your CRITICAL class doesn't use is available to other traffic.

So with this configuration, I can reach my objective to reserve 20% of bandwidth (50Mbps) when the link is satured to be sure that I have no poor performance for my critical traffic (ToIP + Videoconference) ? So with this method, even if I have lot of traffic on the WAN, I'm already sûre that 20% of 50Mbps will always allocated for Critical traffic ? 

 

And about your comment regarding to define a class-default bandwidth allocation, is it ok with this conf ? 

 

class-map match-all CRITICAL
match ip dscp af31 ef
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
   class CRITICAL
     priority percent 20
  class PRIORITY
    bandwidth remaining percent 40
  class PREMIUM
    bandwidth remaining percent 30
  class class-default
    bandwidth remaining percent 25
    fair-queue
policy-map shape_50M
  class class-default
  shape average 50000000
  service-policy LAN-policy

"So with this configuration, I can reach my objective to reserve 20% of bandwidth (50Mbps) when the link is satured . . ."

Again, as noted in prior post, you're guaranteed a bandwidth, it's not reserved.

". . . that I have no poor performance for my critical traffic (ToIP + Videoconference) ?"

I understand your objective but . . .

"So with this method, even if I have lot of traffic on the WAN, I'm already sûre that 20% of 50Mbps will always allocated for Critical traffic ? "

. . . also again, you'll get your 20%, but that alone, without know much more about your traffic, cannot say whether your goal of not adverse impact will be achieved.

QoS implementations normally requirie monitoring and adjustment to insure your goals are being met (and whether QoS alone can meet them - sometime you do need more bandwidth (although not nearly as often as when you don't use QoS).

"And about your comment regarding to define a class-default bandwidth allocation, is it ok with this conf ? "

Did you intend to drop the LOW class?

I recommend you normally try to allocate 100% of bandwidth but at least now you do have an explicit bandwidth allocation for class-default.

Hello

I put in place the configuration discussed (guarantee 25% of our WAN bandwidth for my CRITICAL traffic) . When I enter the following command "show policy-map interface gigabitEthernet 0/0", I have this result : 

 

GigabitEthernet0/0

Service-policy output: shape_50M

Class-map: class-default (match-any)
   127441582 packets, 68356174282 bytes
   30 second offered rate 21565000 bps, drop rate 180000 bps
   Match: any
   Queueing
   queue limit 64 packets
   (queue depth/total drops/no-buffer drops) 0/262771/0
   (pkts output/bytes output) 127228666/68091757995
   shape (average) cir 50000000, bc 200000, be 200000
   target shape rate 50000000

 

Service-policy : LAN-policy

 

 queue stats for all priority classes:
     Queueing
     queue limit 64 packets
     (queue depth/total drops/no-buffer drops) 0/0/0
     (pkts output/bytes output) 10506038/2664004999

 

 Class-map: CRITICAL (match-all)
     20236258 packets, 8638014904 bytes
     30 second offered rate 1304000 bps, drop rate 0000 bps
     Match: ip dscp af31 (26) ef (46)
     Priority: 25% (12500 kbps), burst bytes 312500, b/w exceed drops: 72


Class-map: PRIORITY (match-all)
    60819347 packets, 43916041054 bytes
    30 second offered rate 17102000 bps, drop rate 31000 bps
    Match: ip dscp af21 (18)
    Queueing
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops) 0/41024/0
    (pkts output/bytes output) 33042188/25117719310
    bandwidth remaining 45%

 

Class-map: PREMIUM (match-all)
   224000 packets, 32181757 bytes
   30 second offered rate 7000 bps, drop rate 0000 bps
   Match: ip dscp af11 (10)
   Queueing
   queue limit 64 packets
   (queue depth/total drops/no-buffer drops) 0/0/0
   (pkts output/bytes output) 83426/11900533
   bandwidth remaining 35%

 

Class-map: class-default (match-any)
   46161978 packets, 15769937953 bytes
   30 second offered rate 3153000 bps, drop rate 131000 bps
   Match: any
   Queueing
   queue limit 64 packets
   (queue depth/total drops/no-buffer drops/flowdrops) 0/79663/0/79663
   (pkts output/bytes output) 46149450/15735720378
   bandwidth remaining 20%
   Fair-queue: per-flow queue limit 16 packets

 

The "drop 72" information in CRITICAL section  that means I have traffic droped even whith 12500kpbs (25% of 50Mbps) guarantee ?

 

BR

 

"The "drop 72" information in CRITICAL section that means I have traffic droped even whith 12500kpbs (25% of 50Mbps) guarantee ?"

That would seem to be the case, especially as those drops are labeled "b/w exceed". However, keep in mind that's only 72 drops out of 20,236,258 packets, so likely it's not harmful. How are the applications in that class behaving (to users)?

If you want, you might increase the BW allocation for that class.

BTW, for your other classes showing thousands of drops, the default 64 queue limit might be rather small for a 50 Mbps WAN circuit. Transit congestion drops can often be mitigated with an increase of queue depths. With TCP BDP in mind, what's your latency across the WAN?

If I launch a ping from my router to my other router, I have arround 12ms of latency. 

I increased the BW allocation with 25% of guarantee for the Critical traffic (VOIP traffic) and this evening, I have that : 

 

Class-map: CRITICAL (match-all)
  24696570 packets, 9962622136 bytes
  30 second offered rate 115000 bps, drop rate 0000 bps
  Match: ip dscp af31 (26) ef (46)
  Priority: 25% (12500 kbps), burst bytes 312500, b/w exceed drops: 191

 

Regarding your recommandation to increase the queue depths, how I can perform this modification to reduce the packet dropped ?

 

BR

See if there is a queue-length command in policy-map class commands.

 

Oh, and for 12 ms and 50 Mbps, 64 packets is "in the ball park", so your might only trying doubling the value.

No there is no command in the policy-map command...

 

How I can change the value and which value do you recommend?

 

BR

Yes, that's a possibility. The command isn't always supported. However, if it is, I recall, it would be under class commands. Something like:

policy-map LAN-policy
class class-default
queue-length #

As to a value, as I mentioned in my prior post try doubling (the default [of 64] - i.e. 128).

Hi

Now, I have this configuration on my router. Do you think with this configuration, I can reach my main objective to guarantee always 25% of the WAN link (50Mbps) for Critical traffic (ToIP, Skype, Videoconferencing system) and to avoid to have dropped packet for all class ? And be certain that traffic generated by the class Priority, Premieux, default-class will never used all bandwidth ?

 

class-map match-all CRITICAL
  match ip dscp af31 ef
class-map match-all PRIORITY
   match ip dscp af21
class-map match-all PREMIUM
  match ip dscp af11
!
policy-map LAN-policy
   class CRITICAL
   priority percent 25
   queue-limit 128 packets
class PRIORITY
   bandwidth remaining percent 45
   queue-limit 128 packets
class PREMIUM
   bandwidth remaining percent 35
   queue-limit 128 packets
class class-default
   bandwidth remaining percent 20
   fair-queue
   queue-limit 128 packets

!
policy-map shape_50M
  class class-default
  shape average 50000000
  queue-limit 128 packets
  service-policy LAN-policy

!

interface GigabitEthernet0/0
 description WAN-IF

 ip address xx.xx.xx.xx 255.255.255.248

 no ip redirects
 no ip proxy-arp
 load-interval 30
 service-policy output shape_50M