02-15-2014 10:12 AM - edited 03-07-2019 06:13 PM
i have the following setup
Core Stack(3750)--- Distribution Stack(3750)----Access switches (3560)--- end devices
i want to implement the srr-queue bandwidth shape/share on the interface
my question is
1- on which interfaces should i implement the command and on which boxes ?
Solved! Go to Solution.
02-15-2014 02:54 PM
Hi Asus,
Here is my recommendation & given you some reference post as well to understand logic behind it.
Switch-Switch : Trust DSCP
Switch-AP : Trust DSCP (if APs are local mode & switch port is configured as Access ports)
Switch-AP : Trust CoS (if your APs are in FlexConnect Local Switching mode & switch port is configured as Trunk Port)
http://mrncciew.com/2013/07/23/qos-for-h-reap/
additionally consider the below as well.
Switch- VoIP : Trust CoS (with trust device cisco-phone)
http://mrncciew.com/2013/07/26/voip-phone-switchport-config/
Switch - WLC : Trust CoS
http://mrncciew.com/2013/02/24/best-practice-qos-config/
srr commands should configure on all interfaces with priority queue if you want to do voice traffic prioratization (DSCP EF traffic).
http://mrncciew.com/2012/11/26/375035602960-wired-qos/
Keep note that QoS commands are hareware specific & always refer the specific product configuration guide when configuring.
HTH
Rasika
**** Pls rate all useful responese ***
02-16-2014 01:27 PM
Hi Asus,
Yes, you can ask any number of questions & happy to help
1- why trust dscp between access and aggregation switches, i mean if they are L2 switches with only SVI for management why do i need to trust DSCP not COS ?
Typically you would classify your traffic at access layer (most probably DSCP based). Once classified you want to preserve those classification when it goes to rest of your network. That's the reason you would trust DSCP on your inter-switch links interfaces. You could trust CoS here, then receving switch will trust CoS & rewrite the inner DSCP of IP packet, then depend on this CoS-DSCP mapping configuration of your switches, original trusted DSCP (at the access layer) may alter when it goes to destination.
2- the core stack has ip routing enabled and the wan interface is ospf enabled. on the core stack WAN interface, what configs should i add? srr commands , priority queue out , auto qos voip trust, mls qos trust DSCP... am i missing anything else ?
If it is a L3 routed port & connected to a your own device (trusted) then you can simply configure it to trust DSCP & enable queuing. (srr queue values could be different to given value, here is given what I have configured in my access layer & recommended in certain reference guide SRND 4.0)
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
3- on the interface to the ip phone, i want this port to be trust only the traffic from the ip phone and treat the traffic from the pc connected to the phone as untrusted. will configuring "mls qos trust voip" without the " mls qos trust cos/dscp" do it ?
Below two lines achieve what you require. It will trust CoS only if it coming from a Cisco Phone, otherwise it will act as a untrusted port & re-write to CoS value of 0
mls qos trust device cisco-phone
mls qos trust cos
On those ports as well you can configure queuing & prioratise voice traffic adding below commands line
srr-queue bandwidth share 1 30 35 5
priority-queue out
Pls let us know if you have any further queries on this.
HTH
Rasika
**** Pls rate all useful responses ******
02-17-2014 12:30 AM
Hi Asus,
i also need to configure auto qos voip trust on all the interfaces, including the uplin to the wan , right ?
No, this is only required for the switchports you are connecting VoIP handsets. It is not required on the WAN ports.
If you look at previously given reference post "Best Practice QoS config" once you add "auto qos voip cisco-phone" config line onto a switchport where VoIP phone connected, switch will automatically generating rest of the QoS config for you (classification, queuing, etc for you). You do not want to add any manual QoS config line for those ports.
For the WAN port simply you can manually configure like this. If srr-que bandwidth values are different in my example (compare to auto qos voip cisco-phone added lines to VoIP connected ports) you can stick with the value derived from auto-qos for consistency.
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
Keep in mind, if you are using Auto-QoS, then your manual QoS configuration requirement is minimal
HTH
Rasika
**** Pls rate all useful responses ****
02-15-2014 11:15 AM
another question for the same setup
on trusted ports between switches and trusted ports between the switch and the AP. what should i trust ? dscp or cos ?
02-15-2014 02:54 PM
Hi Asus,
Here is my recommendation & given you some reference post as well to understand logic behind it.
Switch-Switch : Trust DSCP
Switch-AP : Trust DSCP (if APs are local mode & switch port is configured as Access ports)
Switch-AP : Trust CoS (if your APs are in FlexConnect Local Switching mode & switch port is configured as Trunk Port)
http://mrncciew.com/2013/07/23/qos-for-h-reap/
additionally consider the below as well.
Switch- VoIP : Trust CoS (with trust device cisco-phone)
http://mrncciew.com/2013/07/26/voip-phone-switchport-config/
Switch - WLC : Trust CoS
http://mrncciew.com/2013/02/24/best-practice-qos-config/
srr commands should configure on all interfaces with priority queue if you want to do voice traffic prioratization (DSCP EF traffic).
http://mrncciew.com/2012/11/26/375035602960-wired-qos/
Keep note that QoS commands are hareware specific & always refer the specific product configuration guide when configuring.
HTH
Rasika
**** Pls rate all useful responese ***
02-16-2014 11:19 AM
First of all, thank you so much for the helpful post
i have few more questions if you don't mind
1- why trust dscp between access and aggregation switches, i mean if they are L2 switches with only SVI for management why do i need to trust DSCP not COS ?
2- the core stack has ip routing enabled and the wan interface is ospf enabled. on the core stack WAN interface, what configs should i add? srr commands , priority queue out , auto qos voip trust, mls qos trust DSCP... am i missing anything else ?
3- on the interface to the ip phone, i want this port to be trust only the traffic from the ip phone and treat the traffic from the pc connected to the phone as untrusted. will configuring "mls qos trust voip" without the " mls qos trust cos/dscp" do it ?
02-16-2014 01:27 PM
Hi Asus,
Yes, you can ask any number of questions & happy to help
1- why trust dscp between access and aggregation switches, i mean if they are L2 switches with only SVI for management why do i need to trust DSCP not COS ?
Typically you would classify your traffic at access layer (most probably DSCP based). Once classified you want to preserve those classification when it goes to rest of your network. That's the reason you would trust DSCP on your inter-switch links interfaces. You could trust CoS here, then receving switch will trust CoS & rewrite the inner DSCP of IP packet, then depend on this CoS-DSCP mapping configuration of your switches, original trusted DSCP (at the access layer) may alter when it goes to destination.
2- the core stack has ip routing enabled and the wan interface is ospf enabled. on the core stack WAN interface, what configs should i add? srr commands , priority queue out , auto qos voip trust, mls qos trust DSCP... am i missing anything else ?
If it is a L3 routed port & connected to a your own device (trusted) then you can simply configure it to trust DSCP & enable queuing. (srr queue values could be different to given value, here is given what I have configured in my access layer & recommended in certain reference guide SRND 4.0)
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
3- on the interface to the ip phone, i want this port to be trust only the traffic from the ip phone and treat the traffic from the pc connected to the phone as untrusted. will configuring "mls qos trust voip" without the " mls qos trust cos/dscp" do it ?
Below two lines achieve what you require. It will trust CoS only if it coming from a Cisco Phone, otherwise it will act as a untrusted port & re-write to CoS value of 0
mls qos trust device cisco-phone
mls qos trust cos
On those ports as well you can configure queuing & prioratise voice traffic adding below commands line
srr-queue bandwidth share 1 30 35 5
priority-queue out
Pls let us know if you have any further queries on this.
HTH
Rasika
**** Pls rate all useful responses ******
02-16-2014 04:24 PM
Raisik,
I got a quick question if you don't mind. I undersatnd that a L2 port can trust DSCP markings, but how does a L2 port understand DSCP values, if no DSCP information is within a L2 frame and or a 802.1q frame?
Is this done, by the CoS-to-DSCP mapping table?
Also, I would assume a Cisco VoIP phon would mark these are CoS 5?
02-16-2014 04:39 PM
Hi John,
I undersatnd that a L2 port can trust DSCP markings, but how does a L2 port understand DSCP values, if no DSCP information is within a L2 frame and or a 802.1q frame?
Yes, in L2 frame there is no DSCP information. If "trust DSCP" is in use, then switch will simply ignore the CoS value of a incoming L2 frame & pass it (IP packet) on if is going via Access port or L3 routed port. If it is going via trunk port, then it will derive the CoS value based on the DSCP (dscp-cos mapping) and add the CoS value onto L2 frame.
If you trust CoS in these scenario, then switch will trust that & re-write the original packet DSCP based on the cos-dscp mapping table of the switch.
I would assume a Cisco VoIP phon would mark these are CoS 5?
Yes, Cisco phone will mark voice traffic to CoS5 when it is coming from the Phone.
HTH
Rasika
**** Pls rate all useful responses ****
02-16-2014 05:41 PM
Raisik,
So let's say, I have a frame coming in, that has an IP packet encapsualted within with DSCP 46 in the ToS byte of the IP Header. If I have 'mls qos trust dscp' on the trunk port, it will simply ignore the CoS value, and if it's going to a trunk, it will check the dscp-to-cos mapping table, and whatever cos value it maps to, we'll say CoS5, it will go across the trunk, and hit the other switch, with a marking of CoS 5 and the IP header that is still encapsulated from within will have DSCP EF.
Which I would assume you would add 'mls qos trust dscp' although, in theory, you coudl just have 'mls qos trust cos' and as long as the cos-to-dscp mapping table goes CoS5 > DSCP EF, you will be ok.
Sorry for all the questions
02-16-2014 05:54 PM
I have a frame coming in, that has an IP packet encapsualted within with DSCP 46 in the ToS byte of the IP Header. If I have 'mls qos trust dscp' on the trunk port, it will simply ignore the CoS value, and if it's going to a trunk, it will check the dscp-to-cos mapping table, and whatever cos value it maps to, we'll say CoS5, it will go across the trunk, and hit the other switch, with a marking of CoS 5 and the IP header that is still encapsulated from within will have DSCP EF.
Yes, your understanding is correct here.
Which I would assume you would add 'mls qos trust dscp' although, in theory, you coudl just have 'mls qos trust cos' and as long as the cos-to-dscp mapping table goes CoS5 > DSCP EF, you will be ok
Yes,If CoS 5 <-> EF mapping is correct then you would get the same outcome. If you are having DSCP based classification rules for other traffic (for example video AF41, signalinng CS3, etc) then it is important ro have your cos-dscp mapping table correct across the network as you will re-write it at every trunk port interfaces. If you use "trust dscp" then it will not require to do those re-write every time it goes through a trunk.
Sorry for all the questions
No problem at all.. as long as it helps you
HTH
Rasika
**** Pls rate all useful responses
02-16-2014 06:14 PM
John / Rasika
Just wanted to add something to this.
When you say a CoS value is derived from the internal DSCP value and is written into the vlan tag on an egress trunk link i totally agree.
However if you trust DSCP and the egress interface is not a trunk link this does not necessarily mean that a CoS value isn't needed ie. it is not just trunk links where the switch needs to derive a CoS value.
The reason for this is that some switches and some linecards for modular switches only support CoS based egress queueing. So even if you trust DSCP you stiill need to derive a CoS value from the internal DCSP value so the packet can be placed into the correct egress queue. The difference is, if it is not a trunk link, the CoS value is not written into a vlan tag as there obviously isn't one present.
Jon
02-16-2014 07:56 PM
Hi Jon,
Thanks for that correction. Yes you are right with respect to modular switches line cards
Rasika
02-17-2014 12:17 AM
i also need to configure auto qos voip trust on all the interfaces, including the uplin to the wan , right ?
02-17-2014 12:30 AM
Hi Asus,
i also need to configure auto qos voip trust on all the interfaces, including the uplin to the wan , right ?
No, this is only required for the switchports you are connecting VoIP handsets. It is not required on the WAN ports.
If you look at previously given reference post "Best Practice QoS config" once you add "auto qos voip cisco-phone" config line onto a switchport where VoIP phone connected, switch will automatically generating rest of the QoS config for you (classification, queuing, etc for you). You do not want to add any manual QoS config line for those ports.
For the WAN port simply you can manually configure like this. If srr-que bandwidth values are different in my example (compare to auto qos voip cisco-phone added lines to VoIP connected ports) you can stick with the value derived from auto-qos for consistency.
srr-queue bandwidth share 1 30 35 5
priority-queue out
mls qos trust dscp
Keep in mind, if you are using Auto-QoS, then your manual QoS configuration requirement is minimal
HTH
Rasika
**** Pls rate all useful responses ****
02-17-2014 05:50 AM
Ok so i dont need to configure auto qos voip trust on any interfaces other than the one connected to the i phone ? Because i was told i need to configure that on all interfaces to preserve the voip trust
One more question, i was told that if the port is switchport mode then you trust cos if not you trust dscp. How true is that statement?
02-17-2014 06:13 AM
Also, what if i want toconfigure a port between a router and a switch to be trust for ip phones only but remark other services. How is that done ?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: