cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2407
Views
18
Helpful
18
Replies

Traffic prioritization

suthomas1
Level 6
Level 6

Hi, we have two sites which are connected via MPLS.MPLS provider device is connected at both ends to an L3 switch.

If we need to prioritze or assign more bandwidth to a particular application flow based on destination address, where should the QOS be ideally configured..on the L3 switch at the end traffic is emanating from or on the MPLS device?

Small config would also help.

Thanks !

18 Replies 18

Joseph W. Doherty
Hall of Fame
Hall of Fame

Ideally you want to manage congestion at points of congestions. For MPLS, the common congestion points are the MPLS ingress/egress links (i.e. CE-PE, PE-CE.) Most MPLS vendors would not allow you to directly configure QoS features on their equipment. However, MPLS vendors usually support some QoS features that will operate based on your packet ToS markings. I.e. you would mark or tag your traffic to indicate to the MPLS vendor traffic prioritization or congestion handling. These ToS markings can be applied on any of your devices before the traffic reaches the MPLS vendor's equipment (assuming your devices downstream of the actual marking device will pass along the markings or only reset them as necessary).

If there are only two sites, and if your equipment can limit your traffic to the minimum bandwidth of the lower of either MPLS ingress or egress, you have the option of ignoring the MPLS vendor's QoS and doing whatever you want (within the capabilies of the equipment). This could then allow QoS "better" than what the MPLS vendor supports and might reduce cost since some MPLS vendors charge extra for QoS features.

Thanks for the inputs...so that means i cud do this on my L3 device connected to the CE routers on either sites..as incoming or outgoin QOS prioritising the b.w for the particular application?

Yes, but depends on the capabilities of your L3 switches. Also, your would normally want to prioritize for outgoing. Incomming could be done if such was necessary for the internal network.

Ok...so lets say we need to put a certain application class of traffic on highest priorty and also assign it some bandwidth, to ensure that it has its own share of b.w available each time & that other apps dont eat into this b.w; how would we configure this assuming the app ip is 192.168.54.2,which is located at after Device B.

Device A wud be source for this source.& we would want the traffic prioritised on either ways & ends.

Also,assuming at some time this app might not use all of its available b.w, then at that point we have to ensure still no one else eats on its b.w

Pls provide the short config for this scenario and brief explaination to get an idea & whether this wil be PQ or someother form.

Thanks in advance!

A short config sample would be very dependent on the equipment and sometimes its IOS.

I'm a little lost about your question's toplogy; relationship between devices A and B and the IP address 192.168.54.2.

"Also,assuming at some time this app might not use all of its available b.w, then at that point we have to ensure still no one else eats on its b.w "

You might do that (assuming the equipment supports doing so), but if the equipment supports it, having a QoS feature that obtains bandwidth for priority traffic usually means you don't need to otherwise restrict other traffic bandwidth.

PS:

If you have particular Cisco equipment in mind, often the configuration guide's QoS chapter is a good place to start. It would best explain what can be done. I, or others, might then be able to clarify any point of confusion.

ok..sorry if there was confusion.i was just looking out for a config whereby i hav a 2811 router with Site A trying to access some appl on site B, the app is having ip 192.168.210.21 and would be working on port 5660.

It would help me if you can provide a short config for this scene whereby we need to give priority to this traffic & also assign maybe a fixed bandwidth(around 256K) on the link at either sites,so that this traffic is getting highlighted while coming from either ends.

So, i assume it would mean we apply the config on either ends as outbound or mark it inbound and then allocate b.w on outbound.

Thanks for the help so far!

Hello,

we have a very similar setup though with many applications.

site A- f0/0--LAN router--f0/1----WAN router A

site B -f0/0- LAN router- f0/1 --WAN router B

WAN router A --MPLS --WAN router B

we only do marking and MPLS provider does the policing on respective WAN routers

policing will restrict the bandwidth

on the same lines we use, config should be like below

class-map match-any app

match access-group name app1

policy-map mpls1

class app

set ip precedence 2

ip access-list extended app1

permit tcp any any eq 5660

permit tcp any eq 5660 any

interface FastEthernet0/0

service-policy input mpls1

inform ISP to restrict bandwidth for any packets marked with precedence 2

when you type show policy-map interface fastethernet 0/0 you will see packets marked

though i have question around the service poilcy input and output command. the doc says input will mark all packets entering the interface and output leaving the interface. what exactly it means. can some one answer

Thanks

Thanks!So the packs are marked down on the lan interface.Do you apply the same on the other site as well?using policing would actually restrict the bw, shouldnt it be better if we allot some bw using bandwidth command to the specific appls.And any idea how the provider does it on their side..which interface they apply on and how.

Thanks..

Ah, a 2811! A 2811 isn't a L3 switch, as you noted in your first post, although it is a L3 device. That does help much as far as providing a sample config.

I'm still confused what's connected to what, but assuming you have a 2811 at both sites and this is the last device that has an Ethernet handoff to your MPLS provider's device, you might do it much as Munaa's post indicates.

A key issue is whether you're going to work within the MPLS QoS support provided by the vendor or not. For the former, you would mark the traffic to conform both to its importance and with regard to the service guarantees such markings obtain with the MPLS vendor's QoS model.

Munaa's shows marking the special app with IP Precedence 2. Again, the markings to use and what they guarantee depends on the MPLS vendor.

One enhancement to what Munaa shows, the ACLs should probably also include your special IP address. (The ACL is also assuming TCP, but the traffic might be UDP?)

e.g.

ip access-list extended app1

permit tcp any host 192.168.210.21 eq 5660

permit tcp host 192.168.210.21 eq 5660 any

(NB: In anwser to Munaa's question whether to mark upon ingress or egress, the "book" answer is mark as soon as possible but marking on last egress to the MPLS provider's device will likely be fine too.)

If there are only two sites, you can ignore the MPLS vendor's QoS as long as you know the minimum bandwidth across MPLS. A sample configuration might be much like Munaa's but with a few additions/changes.

e.g.

class-map match-any app

match access-group name app1

policy-map mpls1

class app

!there's several ways of defining bandwidth allocation for class - absolute bandwidth is one

bandwidth ###

class class-default

bandwidth ###

policy-map mplsBandwidth

class class-default

!shape at 10 to 15% of defined Ethernet bandwidth, e.g. 20 Mbps Ethernet, shape for 17 or 18 Mbps (this allows for Ethernet overhead)

shape average #

service-policy mpls1

ip access-list extended app1

permit tcp any host 192.168.210.21 eq 5660

permit tcp host 192.168.210.21 eq 5660 any

interface FastEthernet #

!since we're queuing, not just marking, outbound (on interface facing MPLS) is important

service-policy output mplsBandwidth

we do marking at both ends on the LAN interface, i guess by doing in this fashion we are marking what is coming in and what is going out. since input says anything entering it will mark both the source packets and destination packets. Since we are not doing shaping personally i think if we can change it as service policy output on the wan interface of both LAN routers A and B so in your case too if you apply the policy as output on the WAN interface connecting to the ISP router should be fine

Check with ISP what CAR (committed access rate) they provide. usually MPLS providers give 3 buckets. you will need to check with them what are they and what marking are supported. it may be like voice, video and buisness class. in your case you can have business class marking ( what i mentioned in my config) precedence 2. As Joseph mentioned its worth checking with ISP and change accordingly. it doesnt matter what it is, as long as supported by ISP.

preferably ISP should do policing or shaping, its unlikely your interface will get congested.Though as Joseph mentioned if you know the minimum bandwidth , you can do shaping by yourself.

note: its not advisable to do shaping for voice

hope this helps

Oh..forgive me for the typo error..we have last device as 6500 on both ends which then are connected to providers 3845 on either ends.

The query is would it be advisable to apply this service policy on our lan as inbound or on wan as outbound..which is better?and when we say bandwidth 20%..it means the class would get this much amount minimum for its use during congestion..correct or is it other way?

& if we ask the vendor to do so on their devices..would it be better marking on their lan interface facing us inbound or on their wan outbound?

bit confusion on this based on device placements of ours and providers.

Thanks in advance!

A 6500 is a special case because its QoS capabilties also depend on the installed line cards. Most LAN cards QoS, features and configuration, is much different from my sample for 2811. Some WAN cards can support QoS even more complex than the 2811 but would look similar in configuration.

As to QoS placement, it's not so much a question of "better" but where's it's required and/or makes the most sense. Again, the "book" solution would be to classify and mark traffic as close to the ends as possible (often the very edge connection to the end devices), and queue management where needed (WAN interfaces often rank 1st because they usually have limited bandwidth).

If it could be done, outbound on the 3845s would be a place to start. If you have no control to do that, outbound from both 6500s (to the 3845) might be the next choice. (Again, what to do and how to do it, depends on interaction with the vendor's QoS model and/or what your 6500 supports.)

"and when we say bandwidth 20%..it means the class would get this much amount minimum for its use during congestion..correct or is it other way? "

Often it means a minimum guarantee but it also might be capped at that amount too. I.e. answer could be either, depends on what's being done with QoS.

"if we ask the vendor to do so on their devices..would it be better marking on their lan interface facing us inbound or on their wan outbound? "

Assuming the traffic is flowing toward the WAN (i.e. LAN ingress marking or WAN egress marking), on a 3845 doesn't really matter. Choice really up to the vendor. (If dealing with bandwidth management, not just marking, that's often best done on interface egress.)

thanks for the explaination..ok one more query here..

if i'm correct any amount of QOS optimisation wont help if there is no congestion occuring?

if we prioritise n allocate bandwidth for a class and if there is no congestion on the line..it wont take affect ..correct.

Thanks!!

Yes, if there's no congestion, QoS won't have an effect. However, there's almost always congestion, but it varies in degree. The degree of congestion and what the traffic needs to work well is what's important.

For instance, even on a link showing an average utilization of under 1% (which most would think not congested), if you were doing VoIP and someone openned a large Powerpoint file at the same time, VoIP quality during the file load period might be impeded.

QoS techniques attempt to deliver or guarantee, what they're named for, quality of service. Without such, you're left with Best Effort, i.e. no guarantees.

One of my favorite experiences, tried to convince a senior network engineer of the benefit of QoS on "uncongested" links (average utilization was only about 10 to 25%). After activation of QoS, one night router crashed and reloaded itself, but dropped all its QoS settings. Next morning, same engineer couldn't understand why his phone lit up like a Christmas tree with every remote site complaining, "what's wrong with the network". He finally found the missing QoS, reapplied, complaints stopped. Both before and after QoS, links still only showed 10 to 25% utilization.

Keep in mind, 10% utilization really usually means, link running at 100% about 10% of the time, not 10% busy 100% of the time.