Solved: I will definitly lab this.

reaven · ‎07-03-2016

HI,
I am pretty raw on layer 3 qos and I want to know if I'm missing something or which one is the easiest/best way to do this. I have a cisco c881 on my provider MPLS network and am trying to do qos from router on location1 to router on location2.
I am trying to tag 3 types of traffic to give priority and reserved bandwidth to some and shape the other, I have tag them with access-list, traffic like voip, important traffic 1 based on ports, important traffic 2 based on ports. i haved create the class maps matched access group those access lists, then the policy-maps on those classes and this is where it's get confusing.

AFAIK:
1) I have to apply the tagging policy map to the input of my local-lan interface and the policing to the output of my out interface ?
2) QoS only applies when theres is congestion on the network ?
3) viewing all the qos types there are, you have to choose or you can mix them i get confuse between DSCP and IP Precedence which one is better
4) after all this do I still have to command in the interface like fair-queue or just by policing the interface am good ?

* I dont have control over the provider router on the MPLS and i don't have a managed switch

Thanks for everything let me know if i am in the right direction.

sdefriez1 · ‎07-04-2016

Ok quite a general question you've asked but i'll try my best to answer it for you. Yes you need to mark your packets, you can do that inbound on the LAN interface that will work fine. Mark using IP prec (0-7) or DSCP (https://www.tucny.com/Home/dscp-tos). That link will give you the numbers for both the DSCP or IP prec markings in decimal and by class name. Personally if you are a newby to QoS I think just use IP prec its far simpler.

For IP prec you can ignore classes 6&7 they are for routing and control protocols, which are (platform dependent admittedly) marked by the router automatically to be preferred. Class 5 is usually used for voice traffic, 4 for video, 1-3 for data traffic depending on its importance and 0 for best effort traffic.

So the first step is to decide what you want to mark to what levels. Create ACLs or similar to match the traffic you want to match, then mark that traffic to the relevant IP precedent level.

Next on the outbound queue to the provider you want to prioritise. So if you have voice traffic and you have marked it to IP prec 5 (exp its often called) then generally you would setup a low latency queue to ensure that traffic is always prioritised above all others and immediately forwarded - reason being to reduce jitter which causes major issues to voice packets. You do that by using the priority command. Be careful with this command as the bandwidth you put in after priority statement is also a policer to that number. Next in other class-maps you match other IP precedence numbers and use "bandwidth" statements to give them specific levels of bandwidth - these arent policers but packets matching these statements are less prefered than ones matching the "priority" queue.

As below:

http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10100-priorityvsbw.html

This part is more complex and may not be necessary depending on what you are doing, but you may want to do some child/parent shaping at this point as well. Some people will create a parent policy-map which calls the previous policy-map within it and shapes to the CIR of the circuit you have from the ISP. This helps avoid traffic maxing the link and deals better with bursty traffic profiles than a policer. That or you can just put policers into your class-maps rather than "bandwidth" statements if you know what each class requires.

Finally, and probably the hardest bit as it could involve talking to your ISP, make sure they are carrying your markings through their core to your other sites. If they are you should be able to create a policy-map on your other sites inbound on the WAN matching different IP precedence markings. You can then send test traffic and you should see the policy-map stats matching traffic on the far end if the ISP is carrying your markings. Most do.

Hope that covers everything you need, please rate answer if so.

View solution in original post

Philip D'Ath · ‎07-03-2016

Take a look at my Cisco Config Wizard for Cisco 890 series routers. Most of it will be "cut and paste" to an 881. Select a "UFB" option. Adjust the bandwidth in the config to suit (it sets it to 50Mb/s).

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

I tend to use DSCP. A lot of systems, like VoIP phones, will tag their packets automatically.

reaven · ‎07-04-2016

Thanks, but what I really want is to first clarify if what I think is correct so far and to really know what I would be doing, copy-paste wont give me that really, but examples are always welcome thanks.

sdefriez1 · ‎07-04-2016

Ok quite a general question you've asked but i'll try my best to answer it for you. Yes you need to mark your packets, you can do that inbound on the LAN interface that will work fine. Mark using IP prec (0-7) or DSCP (https://www.tucny.com/Home/dscp-tos). That link will give you the numbers for both the DSCP or IP prec markings in decimal and by class name. Personally if you are a newby to QoS I think just use IP prec its far simpler.

For IP prec you can ignore classes 6&7 they are for routing and control protocols, which are (platform dependent admittedly) marked by the router automatically to be preferred. Class 5 is usually used for voice traffic, 4 for video, 1-3 for data traffic depending on its importance and 0 for best effort traffic.

So the first step is to decide what you want to mark to what levels. Create ACLs or similar to match the traffic you want to match, then mark that traffic to the relevant IP precedent level.

Next on the outbound queue to the provider you want to prioritise. So if you have voice traffic and you have marked it to IP prec 5 (exp its often called) then generally you would setup a low latency queue to ensure that traffic is always prioritised above all others and immediately forwarded - reason being to reduce jitter which causes major issues to voice packets. You do that by using the priority command. Be careful with this command as the bandwidth you put in after priority statement is also a policer to that number. Next in other class-maps you match other IP precedence numbers and use "bandwidth" statements to give them specific levels of bandwidth - these arent policers but packets matching these statements are less prefered than ones matching the "priority" queue.

As below:

http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10100-priorityvsbw.html

This part is more complex and may not be necessary depending on what you are doing, but you may want to do some child/parent shaping at this point as well. Some people will create a parent policy-map which calls the previous policy-map within it and shapes to the CIR of the circuit you have from the ISP. This helps avoid traffic maxing the link and deals better with bursty traffic profiles than a policer. That or you can just put policers into your class-maps rather than "bandwidth" statements if you know what each class requires.

Finally, and probably the hardest bit as it could involve talking to your ISP, make sure they are carrying your markings through their core to your other sites. If they are you should be able to create a policy-map on your other sites inbound on the WAN matching different IP precedence markings. You can then send test traffic and you should see the policy-map stats matching traffic on the far end if the ISP is carrying your markings. Most do.

Hope that covers everything you need, please rate answer if so.

reaven · ‎07-04-2016

great stuff thanks, I will be posting a config based on my understanding of your post to see if I got it right.

Thanks again

reaven · ‎07-05-2016

so far I have this:

*Now am confuse from what goes in the marking policy to be applied to the lan int. and the policing policy that goes to the outside int.

I think am doing both in the same policy

access-list 110 remark - Voip traffic
access-list 110 permit udp any any range 16384 32000
access-list 110 permit tcp any any eq 1720
!
access-list 120 remark - intTraffic1
access-list 120 permit ip any host 10.10.10.60
!
access-list 130 remark - intTraffic2
access-list 130 permit tcp any any range 26000 26010
!
access-list 140 remark - intTraffic3
access-list 140 permit ip any host 10.10.10.62
!
!
class-map voip
 match access-group 110
!
class-map Traffic1
 match access-group 120
!
class-map Traffic2
 match access-group 130
!
class-map Traffic3
 match access-group 140
!
! Do I need to create this policy below 
!policy-map markingTraffic
! class 
! 
policy-map voip
 class class-default
 police cir percent 20
!
!
policy-map policingTraffic 
 class voip
 set ip precedence 5
 service policy voip
 class traffic1
 shape average 3000000
 class traffic2
 set ip precedence 2
 bandwidth percent 10
 class traffic3
 shape average 3000000
 class class-default
 fair-queue
!
! out int. to provider
int fa4
service-policy output policingTraffic
!
!
! in int. from local lan
!int fa0
!service-policy input markingTraffic

sdefriez1 · ‎07-06-2016

Hi,

Well you can do it all on one interface if you like, there's no one correct way its just preference really. The one major error i think is the voip policy-map, that isnt required. Also the classes you call under the policy-maps require a capital T, its case sensitive matches. So this would work:

policy-map policingTraffic
class voip
set ip precedence 5
police cir percent 20
class Traffic1
shape average 3000000
class Traffic2
set ip precedence 2
bandwidth percent 10
class Traffic3
shape average 3000000
class class-default
fair-queue

! out int. to provider
int fa4
service-policy output policingTraffic

However you may want to use

class voip
set ip precedence 5
priority percent 20

Rather than police if you want voip using the priority queue.

If you want to be a bit cleaner (in my personal opinion anyway :) ) then the below is the way i would do it but its a bit longer on CLI. It also means if traffic goes elsewhere in your network rather than just out the WAN its marked and you can do things with it if you want to.

access-list 110 remark - Voip traffic
access-list 110 permit udp any any range 16384 32000
access-list 110 permit tcp any any eq 1720
!
access-list 120 remark - intTraffic1
access-list 120 permit ip any host 10.10.10.60
!
access-list 130 remark - intTraffic2
access-list 130 permit tcp any any range 26000 26010
!
access-list 140 remark - intTraffic3
access-list 140 permit ip any host 10.10.10.62
!
!
class-map voip
match access-group 110
!
class-map Traffic1
match access-group 120
!
class-map Traffic2
match access-group 130
!
class-map Traffic3
match access-group 140

policy-map markingTraffic
class voip
set ip precedence 5
class Traffic1
set ip precedence ?
class Traffic2
set ip precedence 2
class Traffic3
set ip precedence ?
class class-default
set ip precedence 0
!

class-map IP-PREC-0
match ip precedence 0

class-map IP-PREC-1
match ip precedence 1

class-map IP-PREC-2
match ip precedence 2

class-map IP-PREC-3
match ip precedence 3

class-map IP-PREC-4
match ip precedence 4

class-map IP-PREC-5
match ip precedence 5

class-map IP-PREC-6
match ip precedence 6

class-map IP-PREC-7
match ip precedence 7

policy-map policingTraffic
class IP-PREC-5
priority x
class IP-PREC-2
bandwidth percent 10
etc
etc
etc

! out int. to provider
int fa4
service-policy output policingTraffic
!
!
! in int. from local lan
!int fa0
!service-policy input markingTraffic

I think the above is all correct but you may want to lab it first. Also on some platforms you see problems using mixes of bandwidth percent and bandwidth xxx, and some will also potentially error trying to use shapers per class.

Dont forget to rate helpful posts!

Sam

reaven · ‎07-06-2016

I will definitly lab this.

My main goal beside voip qos is:

* prioritization and bandwidth guarantee of intTraffic2 (my most important traffic)

* shaping of intTraffic1 and 3 so it wont consume the whole bw.

Joseph W. Doherty · ‎07-06-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

If you want suggested policies, or review of what you're created, it would help if you would tell what platform(s) and IOS(s) you'll be using. It would also help if you might explain any topology restrictions. Without that information, cannot say whether your two embedded shapers make any sense.

As Sam also noted, you shouldn't need to a child policy for VoIP, but beyond what he noted, VoIP traffic is normally placed in PQ or LLQ, the latter having an implicit policer.

Oh, and on platforms that support NBAR, you might find a protocol that will match VoIP traffic.

reaven · ‎07-06-2016

Cisco c881

Cisco IOS Software, C880 Software (C880VOICE-UNIVERSALK9-M), Version 15.1(4)M4

reaven · ‎07-13-2016

I have a doubt, how is the priority percent and bandwidth percent calculation based on ?

I mean from where is that percent calculated ?

is it from the bandwidth command in the interface ?

and

if i want to police the bandwidth to the cir of my circuit or to a percent of it, that is done on the policy map or directly in the interface ?

finally for a complete QoS i have to implemented in both routers on both side of the MPLS right ?

thanks !

Joseph W. Doherty · ‎07-05-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

1) I have to apply the tagging policy map to the input of my local-lan interface and the policing to the output of my out interface ?

"have to" - depends on what you're trying to accomplish, and what you're working with.

Ideally, the source of traffic tags traffic if and as needed.

Policing is often brutal to traffic, and should be used with much care.

You did mention running across a 3rd party network, so your tagging might need to be set to work with you MPLS provider's QoS.

2) QoS only applies when theres is congestion on the network ?

Usually, but perhaps not always. For example, you might implement changes to improve quality when there's not congestion.

3) viewing all the qos types there are, you have to choose or you can mix them i get confuse between DSCP and IP Precedence which one is better

IP Precedence was replaced by DSCP, but DSCP generally uses IP Precedence bits is much the same way. Given a choice, you'll want to use DSCP, but IP Precedence is often sufficient for actual QoS needs.

4) after all this do I still have to command in the interface like fair-queue or just by policing the interface am good ?

Depends on what you're trying to accomplish. Again, as noted above, policing can be brutal to your traffic.

What you might need/want to do, is shape your traffic, and use FQ to manage the shaper's congestion.

Enabling QoS on router