10-21-2019 12:18 AM
Hello
I would like to have your opinion/help. I want to put in place QoS because, sometimes, we have issues with our ToIP. I want to deploy a QoS to reserve a % of bandwidth when our WAN link (50Mbps) is statured.
I have this configuration on my core switches to mark trafic with specific dscp value (ToIP/Videoconf system = AF31, networks for servers = AF21,..). Regarding queue conf, I'm not familar and I'm not sure about the conf...
switch core conf
---------------
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 2 4
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 25 32 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
mls qos queue-set output 1 threshold 2 70 80 100 100
mls qos queue-set output 1 threshold 4 40 100 100 100
mls qos
!
class-map match-any CM_REALTIME_VOICE_TOIP
description Infra Voice Flows
match access-group name ACL_REALTIME_VOICE_TOIP
class-map match-any CM_PREMIUM_VIDEO_SKYPE
description Skype Video Flows
match access-group name ACL_PREMIUM_VIDEO_SKYPE
class-map match-any CM_PREMIUM_VIDEOCONFERENCE
description Infra Video Flows
match access-group name ACL_PREMIUM_VIDEOCONFERENCE
class-map match-any CM_REALTIME_VOICE_SKYPE
description Skype Voice Flows
match access-group name ACL_REALTIME_VOICE_SKYPE
class-map match-any CM_DSCP-IN-D2INP
description Standard Data Flows
match access-group name ACL_DSCP-IN-D2INP
class-map match-any CM_DSCP-IN-D3INP
description Miscellaneous Data Flows
match access-group name ACL_DSCP-IN-D3INP
class-map match-any CM_PREMIUM_D1INP
description Premium Data Flows
match access-group name ACL_PREMIUM_D1INP
!
policy-map PM_QOS_MARKING_ACCESS
class CM_REALTIME_VOICE_TOIP
set dscp af31
class CM_REALTIME_VOICE_SKYPE
set dscp af31
class CM_PREMIUM_VIDEO_SKYPE
set dscp af31
class CM_PREMIUM_VIDEOCONFERENCE
set dscp af31
class CM_PREMIUM_D1INP
set dscp af31
class CM_DSCP-IN-D2INP
set dscp af21
class CM_DSCP-IN-D3INP
set dscp af11
class class-default
!
ip access-list extended ACL_CIMPA_DSCP-IN-D2INP
deny ip any any fragments
remark == standard ACL conf
permit ip 192.168.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
permit ip any 192.168.2.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_DSCP-IN-D3INP
permit tcp any any eq ftp
permit tcp any eq ftp any
permit tcp any any eq ftp-data
permit tcp any eq ftp-data any
permit udp any any eq tftp
permit udp any eq tftp any
permit tcp any any eq smtp
permit tcp any eq smtp any
permit tcp any any eq 989
permit tcp any eq 989 any
permit tcp any any eq 990
permit tcp any eq 990 any
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_D1INP
deny ip any any fragments
permit udp any 192.168.3.0 0.0.0.255 eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmp
permit udp 192.168.3.0 0.0.0.255 any eq snmptrap
permit udp any 192.168.3.0 0.0.0.255 eq snmptrap
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEOCONFERENCE
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
deny ip any any
ip access-list extended ACL_CIMPA_PREMIUM_VIDEO_SKYPE
deny ip any any fragments
permit udp any range 50020 50039 any eq 3478
permit udp any range 50020 50099 any range 50000 59999
permit tcp any range 50020 50039 any eq 443
permit tcp any range 50020 50039 any range 50000 59999
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_SKYPE
deny ip any any fragments
permit udp any range 50000 50019 any eq 3478
permit udp any range 50000 50019 any range 50000 59999
permit tcp any range 50000 50019 any eq 443
permit tcp any range 50000 50019 any range 50000 59999
permit udp any range 50000 50019 any eq 3479
deny ip any any
ip access-list extended ACL_CIMPA_REALTIME_VOICE_TOIP
remark == To exlcude fragmented packets
deny ip any any fragments
permit ip 192.168.4.0 0.0.0.255 any
permit ip any 192.168.4.0 0.0.0.255
permit udp any range 16384 32767 192.172.1.0 0.0.1.255
deny ip any any
!
On my routeur, I have the following configuration. My goal is when our WAN link is satured (50Mbps), I have 20% of the bandwidth reserverd for the ToiP trafic to avoid bad performance, 40% of ramaining bandwidth not used by ToIP for servers trafic, etc... Is my configuration is correct ?
Router conf
---------
class-map match-all CRITICAL
match ip dscp af31
class-map match-all PRIORITY
match ip dscp af21
class-map match-all PREMIUM
match ip dscp af11
!
policy-map LAN-policy
class CRITICAL
priority percent 20
class PRIORITY
bandwidth remaining percent 40
class PREMIUM
bandwidth remaining percent 30
class LOW
bandwidth remaining percent 20
class class-default
fair queue
policy-map shape_50M
class class-default
shape average 50000000
service-policy LAN-policy
!
interface GigabitEthernet0/0
description WAN-IF
ip address xx.xx.xx.xx 255.255.255.248
no ip redirects
no ip proxy-arp
ip ospf message-digest-key 1 md5 7 xxxxxxxxx
load-interval 30
service-policy output shape_50M
BR
Jerome