Kind of hard to believe no

collinsjl · ‎07-13-2016

Please see the proposed configuration. Need help with understanding if this will work as I think it will.

Situation is that the head end 3850 (Version 03.06.04) has dual 250m connections to a VPLS circuit

The remote sites (5) have dual 50m circuits into the VPLS.

Running EIGRP for ECMP across the ISP VPLS.

This is a production environment so I cannot test. I need to be sure.

Need to make sure the 3850 head end does not overrun the remote sites and have packets get dropped in the VPLS.

Of course the policy will be applied outbound to the remote sites.

ip access-list extended HIXSON
permit ip any 192.168.20.0 0.0.0.255
permit ip any 10.2.0.0 0.0.0.255
ip access-list extended GUNBARREL
permit ip any 192.168.30.0 0.0.0.255
permit ip any 10.3.0.0 0.0.0.255
ip access-list extended BONNEYOAKS
permit ip any 192.168.40.0 0.0.0.255
permit ip any 10.4.0.0 0.0.0.255
ip access-list extended CLEVELAND
permit ip any 192.168.50.0 0.0.0.255
permit ip any 10.5.0.0 0.0.0.255
ip access-list exteneded PARKRIDGE
permit ip any 192.168.60.0 0.0.0.255
permit ip any 10.6.0.0 0.0.0.255

class-map match-any Site_2
match access-group name HIXSON
class-map match-any Site_3
match access-group name GUNBARREL
class-map match-any Site_4
match access-group name BONNEYOAKS
class-map match-any Site_5
match access-group name CLEVELAND
class-map match-any Site_6
match access-group name PARKRIDGE

policy-map VPLS_Site_Shape_Policy (Think I should just apply this to the interface)
class Site_2
   shape average 50000000
   service-policy AutoQos-4.0-Output-Policy-VPLS
class Site_3
   shape average 50000000
   service-policy AutoQos-4.0-Output-Policy-VPLS
class Site_4
   shape average 50000000
   service-policy AutoQos-4.0-Output-Policy-VPLS
class Site_5
   shape average 50000000
   service-policy AutoQos-4.0-Output-Policy-VPLS
class Site_6
   shape average 50000000
   service-policy AutoQos-4.0-Output-Policy-VPLS

policy-map VPLS_Shape_Policy (I may need this applied to the interface instead but am not sure)
class class-default
shape average 250000000
service-policy VPLS_Site_Shape_Policy

policy-map AutoQos-4.0-Output-Policy-VPLS
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25

Philip D'Ath · ‎07-15-2016

Only apply VPLS_Shape_Policy to the physical interface.

collinsjl · ‎07-15-2016

For some reason I cannot apply it. It will not take no matter if I do :

service-policy output VPLS_Shape_Policy or service-policy output VPLS_Site_Shape_Policy

Of course this is after I remove the current service-policy

Please see the configuration updated. Any help would be appreciated.

qos queue-softmax-multiplier 600
!
table-map AutoQos-4.0-Trust-Cos-Table
default copy
table-map policed-dscp
map from 0 to 8
map from 10 to 8
map from 18 to 8
map from 24 to 8
map from 46 to 8
default copy
table-map AutoQos-4.0-Trust-Dscp-Table
default copy

class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
match cos 5

class-map match-any Site-4
match access-group name BONNEYOAKS
class-map match-any Site-5
match access-group name CLEVELAND
class-map match-any Site-2
match access-group name HIXSON
class-map match-any Site-3
match access-group name GUNBARREL

class-map match-any Site-6
match access-group name PARKRIDGE

class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
match cos 3
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Default-Class
match access-group name AutoQos-4.0-Acl-Default
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map AutoQos-4.0-Output-Policy-VPLS
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25

policy-map VPLS-Site-Shape-Policy
class Site-2
shape average 50000000
service-policy AutoQos-4.0-Output-Policy-VPLS
class Site-3
shape average 50000000
service-policy AutoQos-4.0-Output-Policy-VPLS
class Site-4
shape average 50000000
service-policy AutoQos-4.0-Output-Policy-VPLS
class Site-5
shape average 50000000
service-policy AutoQos-4.0-Output-Policy-VPLS
class Site-6
shape average 50000000
service-policy AutoQos-4.0-Output-Policy-VPLS

policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10

policy-map VPLS-Shape-Policy
class class-default
shape average 250000000

service-policy VPLS-Site-Shape-Policy

policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25

policy-map Shape-VPLS-Traffic
class class-default
shape average 250000000
service-policy AutoQos-4.0-Output-Policy-VPLS

policy-map AutoQos-4.0-Trust-Cos-Input-Policy
class class-default
set cos cos table AutoQos-4.0-Trust-Cos-Table

policy-map AutoQos-4.0-Trust-Dscp-Input-Policy
class class-default
set dscp dscp table AutoQos-4.0-Trust-Dscp-Table

policy-map AutoQos-4.0-CiscoPhone-Input-Policy
class AutoQos-4.0-Voip-Data-CiscoPhone-Class
set dscp ef
police cir 128000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
set dscp cs3
police cir 32000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Default-Class
set dscp default

ip access-list extended AutoQos-4.0-Acl-Default
permit ip any any
ip access-list extended BONNEYOAKS
permit ip any 192.168.40.0 0.0.0.255
permit ip any 10.4.0.0 0.0.0.255
ip access-list extended CLEVELAND
permit ip any 192.168.50.0 0.0.0.255
permit ip any 10.5.0.0 0.0.0.255
ip access-list extended GUNBARREL
permit ip any 192.168.30.0 0.0.0.255
permit ip any 10.3.0.0 0.0.0.255
ip access-list extended HIXSON
permit ip any 192.168.20.0 0.0.0.255
permit ip any 10.2.0.0 0.0.0.255
ip access-list extended PARKRIDGE
permit ip any 192.168.60.0 0.0.0.255
permit ip any 10.6.0.0 0.0.0.255

interface GigabitEthernet1/0/19
description EPB_VLAN_PRI
no switchport
bandwidth 250000
ip address 172.16.200.1 255.255.255.0
no ip redirects
ip local-proxy-arp
no ip split-horizon eigrp 200
ip route-cache same-interface
load-interval 30
auto qos trust dscp
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output Shape-VPLS-Traffic

interface GigabitEthernet2/0/19
description EPB_VLAN_SEC
no switchport
bandwidth 250000
ip address 172.16.201.1 255.255.255.0
no ip redirects
ip local-proxy-arp
no ip split-horizon eigrp 200
ip route-cache same-interface
load-interval 30
auto qos trust dscp
service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output Shape-VPLS-Traffic

Example of most other interfaces:

interface GigabitEthernet1/0/10
switchport voice vlan 10
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

Philip D'Ath · ‎07-15-2016

When you get an issue like that (won't apply) start with a simpler policy, and then start making it more and more complicated till you find what it doesn't like.

collinsjl · ‎07-17-2016

Kind of hard to believe no one has done this before.

All I am trying to do is have the 1G link limited to 250m

Then per site limit the traffic to 50m in that category and apply QOS to the 50m.

Currently we have bursty traffic and keepalives for the Cisco phones are getting dropped causing random reboots.

The distant end has 50m circuits that I have QOS running on.

Shape policy per remote site for head-end 3850