07-03-2025 04:51 PM
Hello Experts ,
I have a critical application traffic which passing though my Cisco ISR 4321 and i noticed that some packets being dropped as Taildrop ,
Please find below output from packet-trace debug :
sh platform packet-trace summary | i Gi0/0/1
6 Gi0/0/0.20 Gi0/0/1 DROP 23 (TailDrop)
7 Gi0/0/0.20 Gi0/0/1 DROP 23 (TailDrop)
16 Gi0/0/0.20 Gi0/0/1 DROP 23 (TailDrop)
I need a way to avoid such drop for that specific critical traffic , please advise on which QOS policy config i need to apply ?
Solved! Go to Solution.
07-03-2025 06:48 PM
A CBWFQ policy map, used for egress on the problematic interface(s).
Multiple configuration options might be chosen to remediate your drops. For example, using a default class with FQ might be sufficient, although you might need to increase flow or class queue depths. Or, you identify the critical traffic, and assign it its own class, with sufficient bandwidth and/or queue limit to avoid drops.
07-05-2025 07:20 AM
Hello Joseph,
Thanks for your reply,
Based on your suggestion, i have checked and applied LLQ for that traffic and will monitor for couple of days,
07-03-2025 06:48 PM
A CBWFQ policy map, used for egress on the problematic interface(s).
Multiple configuration options might be chosen to remediate your drops. For example, using a default class with FQ might be sufficient, although you might need to increase flow or class queue depths. Or, you identify the critical traffic, and assign it its own class, with sufficient bandwidth and/or queue limit to avoid drops.
07-05-2025 07:09 AM
BTW, as I don't know how familiar you're with QoS, if you need actual configuration examples, please ask further. Some of the approaches I suggested requires identification of your critical application traffic so it can be treated differently, but as I also noted, that might not be needed, for something like:
Policy-map example
Class class-default
Fair-queue
Int g0/0/1
Service-policy output example
07-05-2025 07:20 AM
Hello Joseph,
Thanks for your reply,
Based on your suggestion, i have checked and applied LLQ for that traffic and will monitor for couple of days,
07-05-2025 08:02 AM
Unless traffic really, really warrants using LLQ (like VoIP), I generally recommend against using LLQ, although it often will correct the immediate issue.
So why not?
In general, possibly the most important issue is you can have a problem in the future when you really do need LLQ kind of SLAs.
Second, LLQ has an implied policer which only is a active when there's congestion. I.e. sometimes your LLQ traffic can obtain 100% of bandwidth and sometimes only the allocated percentage.
For the above issue, some might allocate a very high bandwidth allocation to LLQ, but since it has absolute priority, such an allocation can be very adverse to other traffic.
In your OP, you only mentioned wanting to avoid drops, which is fine, but LLQ also is designed to minimize latency and jitter, which your criteria traffic may, or may not, need.
For example, given an equal bandwidth video stream vs. a VidConf stream, both don't want drops, but only the latter has major latency and jitter requirements.
Possible, just increasing the egress interface's FIFO queue depth might solve the drops issue, but I didn't suggest it as it can easily create its own issues and I know nothing about your traffic. Because I don't know, I cannot make a really good recommendation, but, in general, my prior reply example often works, really, really well.
BTW, another issue with LLQ, it uses a FIFO queue, so even just one bandwidth hog flow in that class is adverse to all the other LLQ class flows.
Off the top of my head, one of the few applications that, somewhat, might be used in LLQ, is a screen scraping, remote desktop, kind of app, but beyond the considerations, above, for why LLQ shouldn't be used for it either, if the app supports disk file copying and/or printing, those can consume much bandwidth. (Citrix [at least it used to] supportd internal traffic kind codes so you could treat disk and printer traffic differently.)
To recap, I don't doubt your critical traffic is now working fine using LLQ, but likely the same results can be obtained otherwise yet avoiding potential issues, both now and in the future.
07-05-2025 03:56 AM
Can I know how you use packet trace
MHM
07-05-2025 07:21 AM
Am using debug platform packet-trace drop command to filter dropped traffic
07-05-2025 07:28 AM
I see
Try use one command
Queue-softmax-multi
This increase queue
MHM
07-05-2025 08:06 AM
Try use one command
Queue-softmax-multi
This increase queue
BTW, I don't believe that command is supported on the ISR 4K routed ports.
07-05-2025 08:10 AM
the command he use for see drop not use for router ISR4k
he have Core SW 9k
that why I ask about command he use to see drop
MHM
07-05-2025 08:53 AM - edited 07-05-2025 11:29 AM
the command he use for see drop not use for router ISR4k
he have Core SW 9k
that why I ask about command he use to see drop
OP states "my Cisco ISR 4321", shows interfaces g0/0/0.20 (subinterface) and g0/0/1, and Cisco, at least back in 2/23, describes the Datapath Packet Trace feature (only) supported on platforms using a QFP, such as the ISR4000 series, wouldn't seem to imply OP posted results are necessarily from a 9K switch. Further a later OP reply noted he fixed problem using LLQ (a router only feature, I believe; switch "equivalent" is PQ), so that too would seem to exclude, results are from a Catalyst 9K.
It's certainly possible OP network is using 9K switches, maybe even one as core.
07-05-2025 08:59 AM
I dont have time to answer you
Dont mention me again
MHM
07-05-2025 11:25 AM
Dont mention me again
Like as in the Harry Potter series "He-Who-Must-Not-Be-Named"?
Does He-Who-Must-Not-Be-Named also desire that I should not continue to provide helpful or even solution votes for He-Who-Must-Not-Be-Named?
If the latter, sorry no, because I provide such votes so the community can easily recognize the value of such replies (which were well deserved by He-Who-Must-Not-Be-Named).
I'll also continue to comment on anyone's replies, likewise anyone are welcome to do same on mine.
As you've made similar requests before, the forgoing is pretty much as I wrote earlier, but I can now, if He-Who-Must-Not-Be-Named truly desires, use He-Who-Must-Not-Be-Named rather than He-Who-Must-Not-Be-Named's name.
Also, as I wrote earlier to these requests, He-Who-Must-Not-Be-Named can resume sending private messages to OP, rather than making public reply and, there by, subject to peer review.
Taking He-Who-Must-Not-Be-Named's a possible request reason into account, rereadimg my prior reply might be taken too negatively, presenting the facts, so I'll amend it.
07-05-2025 11:43 AM
I like lord of the rings
So I may be like sauron lol..
Dont stop post but please dont mention me' my notifications is full and I cannot read reply all.
Let me work by my way
Goodluck
Sauron
07-05-2025 12:18 PM
Laugh.
Ah, you only want exclusion of your name at symbol references?
Okay, I have no problem doing that.
Meanwhile the ring, the ring; it's mine! ; )
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide