Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
345
Views
10
Helpful
2
Replies

Question on QoS on Tunnel Interface

byme88
Level 1
Level 1

‎08-16-2022 05:45 PM

Hi Everyone,

I have a Cisco 4221 router with below configuration for QoS shaping and applied on the Tunnel interface:

policy-map SHAPE
class class-default
shape average 5000000

interface Tunnelxxx
description xxxxx
bandwidth 5000
ip unnumbered Loopbackxxx
no ip redirects
no ip proxy-arp
ip mtu 1400
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 xxxxx
ip access-group xxxxx_inbound in
ip tcp adjust-mss 1314
load-interval 30
delay 1000000
tunnel source Cellular0/1/0
tunnel destination xx.xxx.xxx.xx
tunnel protection ipsec profile xxxxxxxxxx
service-policy output SHAPE
end

Show policy-map on Tunnel XXX:

router#sh policy-map interface tunnel xxx
Tunnelxxx

Service-policy output: SHAPE

Class-map: class-default (match-any)
43866 packets, 41655241 bytes
30 second offered rate 20000 bps, drop rate 8000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/24969/0
(pkts output/bytes output) 27799/19241092
shape (average) cir 5000000, bc 20000, be 20000
target shape rate 5000000

My question is the total drop of 24969 packets which occurred during the period of 90 minutes (queue depth/total drops/no-buffer drops). Since our circuit is set at 5MB by the ISP, this drop is normal? Can it be improved so there is no more or less dropping?

Thanks,

byme88 

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎08-17-2022 03:26 AM

May be to test - you are using peak of the Link provided.

how is your Physical Interface stats - which connected to ISP.

Try loweing the shaping value to 95% of bandwidth from ISP, clear the counter and observ.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎08-17-2022 11:39 AM - edited ‎08-17-2022 11:41 AM

The drops you are observing are due to shaping drops, i.e. nothing to do with your ISP possibly dropping.

Likely "bursts" to your tunnel's shaper are overrunning the 5 Mbps shape rate, and as the shaper might only be using a 64 packet size queue, it's also likely your filling that and overflowing.

What might be done, if the router supports it, is increasing the shaper's queue size (64 packets is probably shallow for 5 Mbps).  NB: for "ideal" queue depth, for TCP, I've found half the BDP (bandwidth delay product) seems about right.  (For 5 Mbps, and "typical" WAN latency, you might try a queue size of 256.)

What also may, or may not, reduce overall drops is using FQ or WRED (the latter I generally only recommend for "expert" QoS engineers).  "Busy" flows should be those FQ hits with drops, "protecting" your other flows - FQ also avoids the global tail drop issue.)

BTW, although the drops you're seeing have nothing to do with ISP possibly dropping, exceeding your ISP's CIR of 5 Mbps, often will cause provider drops (which I assume you're trying to avoid using a shaper).  I suspect, some Cisco shapers don't account for L2 bandwidth overhead, but a provider likely does.  If so, with such shapers, to avoid provider drops, shape about 15% slower than CIR.  (NB: how do you know if provider is dropping, since you have tunnel, compare egress packet count, to other side's ingress packet count, for same time period.)

PS:

BTW adjust-mss is generally set to 40 less than IP MTU.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card