If we configure some min/mac

kishore · ‎06-13-2017

Actually i have a isp with 100 Mbps connection. I need to assign 5 Mbps to each port on a SG300 switch connected to the router. Such that each port in the switch is assigned to different vlans ( eg: gigabit port 1 is assigned to vlan 2, g2 is assigned to vlan 3 etc).

So, how to do shaping using class & policy to set the download and upload limit. Please help me to implement the qos in CISCO 3925 Router.

Joseph W. Doherty · ‎06-13-2017

You would define a class-map that matches the IP address block used by each VLAN. Then you can police each VLAN for 5 Mbps on the WAN interface for ingress and egress you can also, rather than police, shape each VLAN for 5 Mbps egress.

e.g.:

ip access-list extended VLAN1
permit ip 192.168.0.0 255.255.255.0 any
permit ip any 192.168.0.0 255.255.255.0
.
.
ip access-list extended VLAN#
permit ip 192.168.0.0 255.255.255.0 any
permit ip any 192.168.0.0 255.255.255.0

class-map match-all VLAN1
match access-group name VLAN1
.
.
class-map match-all VLAN#
match access-group name VLAN1

policy-map ingress
class VLAN1
police average 5000000
.
.
class VLAN#
police average 5000000

policy-map egress
class VLAN1
shape (or police) average 5000000
.
.
class VLAN#
shape (or police) average 5000000

interface fastethernet 0
service-policy input ingress
service-policy output egress

jagannath.iob · ‎06-28-2017

Hi Joseph

Hope you are doing good.

we have an QoS drops issue in the default class for output traffic . in the process of troubleshooting we changed the queue limit till 2048 but still no luck . i am attaching you the config and also some command outputs. kindly let us know the issue for further proceedings.

Device type:3925 router with SPE/200.

DLHRT7001#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is iGbE, address is 5897.bdac.a301 (bia 5897.bdac.a301)
Description: Link to Shanghai Consulting - China Unicom - 100M - ID:DC00R60277
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 3/255, rxload 10/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 00:01:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:52
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 142
Queueing strategy: Class-based queueing
Output queue: 0/2048/142 (size/max total/drops)
30 second input rate 39780000 bits/sec, 5139 packets/sec
30 second output rate 12387000 bits/sec, 4662 packets/sec
271719 packets input, 261592075 bytes, 0 no buffer
Received 67 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 46 multicast, 0 pause input
244592 packets output, 81420654 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
3 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

DLHRT7001# sh interfaces g0/1 stats
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1018 115884 2056 443748
Route cache 472714 451538353 432322 150427165
Total 473732 451654237 434378 150870913
DLHRT7001#
DLHRT7001# sh interfaces g0/1 stats
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1036 117863 2069 445302
Route cache 485437 462699807 444801 155040117
Total 486473 462817670 446870 155485419

Thank you,

jagannath

Joseph W. Doherty · ‎06-28-2017

I see you're using WRED in the default class and that what accounts for your drops.

My general recommendation is to not use WRED unless you're a QoS expert.

jagannath.iob · ‎06-28-2017

we are using WRED in default class from long time and it was in the standard for us.as per my observation when i check the interface stats i can see the below output.

in the below output i can see no cache misses (correct me if i am wrong)

DLHRT7001#sh int g0/1 switching
GigabitEthernet0/1 Link to Shanghai Consulting - China Unicom - 100M - ID:DC00R60277
Throttle count 0
Drops RP 0 SP 0
SPD Flushes Fast 40 SSE 0
SPD Aggress Fast 0
SPD Priority Inputs 107751434 Drops 0

Protocol IP
Switching path Pkts In Chars In Pkts Out Chars Out
Process 55536572 9296739403 122734782 25639109286
Cache misses 0 - - -
Fast 52141185198 36270611007314 58007516295 19890923965917
Auton/SSE 0 0 0 0

DLHRT7001# sh interfaces g0/1 stats ( we observe more packets to route cache not to processor )
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1066 122392 2092 448724
Route cache 501592 477456039 460475 160790512
Total 502658 477578431 462567 161239236
DLHRT7001#
DLHRT7001# sh interfaces g0/1 stats
GigabitEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 1083 124266 2147 459344
Route cache 512246 487665330 469764 164333295
Total 513329 487789596 471911 164792639

please advice for further troubleshooting . Thanks for reply

Joseph W. Doherty · ‎06-28-2017

Class-map: class-default (match-any)
190691 packets, 56779685 bytes
30 second offered rate 6814000 bps, drop rate 5000 bps
Match: any
Queueing
queue limit 2048 packets
(queue depth/total drops/no-buffer drops) 0/142/0
(pkts output/bytes output) 190549/56716461
bandwidth 12976 kbps
    Exp-weight-constant: 9 (1/512)
    Mean queue depth: 0 packets
    dscp       Transmitted         Random drop      Tail drop          Minimum        Maximum     Mark
            pkts/bytes            pkts/bytes       pkts/bytes          thresh         thresh     prob

    default   190551/56716625       12/8496         130/54728             20            40 1/10

Just try deactivating WRED.

jagannath.iob · ‎06-28-2017

Ok will try deactivating WRED.apart from that are there in issues in cef and in other config.

Thanks

jagannath.iob · ‎06-29-2017

Hi Joseph,

we are not supposed to deactivate WRED as the config comes under the standard config template .any other way of troubleshooting it . please kindly help us on this .

Joseph W. Doherty · ‎06-29-2017

Ah, well if your config is a part of a standard config which you cannot modify, I would suggest you speak to whoever oversees that standard.

The egress drops that your posted stats show are due to WRED drops, and since WRED stands for Weighted Random Early Drop, the drops may be intended as part of your standard.

I've already advised against using WRED unless you're a QoS expert. Without going into a treatise why not, I will mention the default drops settings appears to be the default settings, which I believe are "tuned" for WAN T1/E1.

I also might mention your posted stats are 142 drops over 190691 packets, a drop percentage of .07%. A general rule of thumb in not to be concerned until drops exceed 1%.

jagannath.iob · ‎06-29-2017

Hi Joseph,

we are seeing huge drops when we have maximum load on default class.

DLHRT7001>sh int g0/1

GigabitEthernet0/1 is up, line protocol is up

Hardware is iGbE, address is 5897.bdac.a301 (bia 5897.bdac.a301)

Description: Link to Shanghai Consulting - China Unicom - 100M - ID:DC00R60277

MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

reliability 255/255, txload 3/255, rxload 3/255

Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set

Keepalive set (10 sec)

Full Duplex, 1Gbps, media type is RJ45

output flow-control is XON, input flow-control is XON

ARP type: ARPA, ARP Timeout 00:01:00

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters 05:52:10

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 535814

Queueing strategy: Class-based queueing

Output queue: 38/2048/535765 (size/max total/drops)

30 second input rate 14232000 bits/sec, 4152 packets/sec

30 second output rate 15131000 bits/sec, 5016 packets/sec

92296292 packets input, 54202669556 bytes, 0 no buffer

Received 24266 broadcasts (0 IP multicasts)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 19741 multicast, 0 pause input

104561377 packets output, 40171162966 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

1114 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

DLHRT7001>sh policy-map interface g0/1 output

GigabitEthernet0/1

Service-policy output: SHAPE-WAN-OUT

Class-map: class-default (match-any)

105171545 packets, 40566219824 bytes

30 second offered rate 15616000 bps, drop rate 38000 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/535890/0

(pkts output/bytes output) 104642015/40202183859

shape (average) cir 99000000, bc 1000000, be 0

target shape rate 99000000

Service-policy : WAN-COS-OUT

queue stats for all priority classes:

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 11998773/2634722877

Class-map: ROUTING (match-any)

252346 packets, 31422943 bytes

30 second offered rate 11000 bps, drop rate 0000 bps

Match: ip dscp cs6 (48)

252346 packets, 31422943 bytes

30 second rate 11000 bps

Match: ip dscp cs7 (56)

0 packets, 0 bytes

30 second rate 0 bps

Match: access-group name routing

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 252346/31422943

bandwidth 1024 kbps

Class-map: VOICE (match-any)

11998773 packets, 2634722877 bytes

30 second offered rate 1452000 bps, drop rate 0000 bps

Match: ip dscp ef (46)

11998773 packets, 2634722877 bytes

30 second rate 1452000 bps

police:

cir 40000000 bps, bc 1250000 bytes

conformed 11998774 packets, 2634723013 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 1452000 bps, exceeded 0000 bps

Priority: Strict, b/w exceed drops: 0

Class-map: PLATINUM (match-any)

4295561 packets, 1210203350 bytes

30 second offered rate 444000 bps, drop rate 0000 bps

Match: ip dscp cs3 (24)

4295561 packets, 1210203350 bytes

30 second rate 444000 bps

Match: ip dscp af31 (26)

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/84/0

(pkts output/bytes output) 4295477/1210186849

bandwidth 5000 kbps

police:

cir 5000000 bps, bc 156250 bytes

conformed 4295561 packets, 1210203350 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

set-dscp-transmit af32

conformed 444000 bps, exceeded 0000 bps

Class-map: VIDEOCONF (match-any)

0 packets, 0 bytes

30 second offered rate 0000 bps, drop rate 0000 bps

Match: ip dscp cs4 (32)

0 packets, 0 bytes

30 second rate 0 bps

Match: ip dscp af41 (34)

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 10000 kbps

police:

cir 10000000 bps, bc 312500 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

set-dscp-transmit af42

conformed 0000 bps, exceeded 0000 bps

Class-map: GOLD (match-any)

13287460 packets, 6183409617 bytes

30 second offered rate 2126000 bps, drop rate 0000 bps

Match: ip dscp cs2 (16)

13231257 packets, 6171833552 bytes

30 second rate 2123000 bps

Match: ip dscp af21 (18)

0 packets, 0 bytes

30 second rate 0 bps

Match: access-group name management

56203 packets, 11576147 bytes

30 second rate 1000 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/167/0

(pkts output/bytes output) 13287293/6183315112

QoS Set

dscp cs2

Packets marked 13287460

bandwidth 30000 kbps

police:

cir 30000000 bps, bc 937500 bytes

conformed 13287460 packets, 6183409699 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

set-dscp-transmit af22

conformed 2126000 bps, exceeded 0000 bps

Class-map: BRONZE (match-any)

0 packets, 0 bytes

30 second offered rate 0000 bps, drop rate 0000 bps

Match: ip dscp cs1 (8)

0 packets, 0 bytes

30 second rate 0 bps

police:

cir 14000000 bps, bc 437500 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0000 bps, exceeded 0000 bps

Class-map: class-default (match-any)

75337405 packets, 30506461396 bytes

30 second offered rate 11582000 bps, drop rate 29000 bps

Match: any

Queueing

queue limit 2048 packets

(queue depth/total drops/no-buffer drops) 0/535639/0

(pkts output/bytes output) 74808126/30142536078

bandwidth 12976 kbps

Exp-weight-constant: 9 (1/512)

Mean queue depth: 0 packets

dscp Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob

default 74560223/29994910788 36096/28171211 419569/267140697 20 40 1/10

af22 247905/147626772 1182/1121949 78792/67733141 28 40 1/10

af32 1/82 0/0 0/0 28 40 1/10

Joseph W. Doherty · ‎06-29-2017

Ah, now I see a "few" more drops. ;)

Still seems most of those drops are due to WRED, which, BTW, negates your setting queue limit to 2048.

I.e. my advise still stands, either remove WRED or adjust its drop parameters. (You tune WRED to achieve the maximum transfer rate using the least amount of drops.)

That said (again), there's only so much you can do when traffic wants more bandwidth than what's available. (Also note, too large queue can be harmful too.)

jagannath.iob · ‎06-30-2017

Hi Joseph,

From below we can see the drops also from af22 and default as well on default class . if it issue with WRED how we can see drops of af22 on default class. sorry if it is wrong question.please help in this.

Class-map: class-default (match-any)
376979887 packets, 188417487804 bytes
30 second offered rate 8249000 bps, drop rate 0000 bps
Match: any
Queueing
queue limit 2048 packets
(queue depth/total drops/no-buffer drops) 0/4195442/0
(pkts output/bytes output) 372836525/185089654142
bandwidth 12976 kbps
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob

default 372385433/184843839831 175079/155100116 3313833/2517036482 20 40 1/10
af22 451092/245814311 2247/2150461 704283/655525695 28 40 1/10

Joseph W. Doherty · ‎06-30-2017

dscp Transmitted Random drop Tail drop Minimum Maximum Mark

pkts/bytes pkts/bytes pkts/bytes thresh thresh prob

default 74560223/29994910788 36096/28171211 419569/267140697 20 40 1/10

af22 247905/147626772 1182/1121949 78792/67733141 28 40 1/10

Do you see the column headings? Your AF22 packets are also being dropped by WRED as are BE packets.

I've answered your question now three times. I'm sorry if it's not what you're hoping to hear, but if WRED is your company's standard, you need to take this issue up with whoever set those standards.

jagannath.iob · ‎07-07-2017

Hi Joesph,

Hope you are doing good.

If we configure some min/mac threshold values on default class . it works???

if yes, can you please guide me how much values threshold can be configured on this default class. can you please help me in this.

Joseph W. Doherty · ‎07-07-2017

If we configure some min/mac threshold values on default class . it works???

Yes, if you work very, very hard to tune the parameters, it can work.

if yes, can you please guide me how much values threshold can be configured on this default class. can you please help me in this.

Sorry, no, again in my experience it takes a lot of work to find a good set of parameters. I've already suggested you don't use it; still suggest the same. Use FQ instead.

BTW, you can research RED on the internet. You'll find lots of "improved" versions and variants. If it works so well, it sort of begs the question, why are there so many "improved" versions and variants (including Cisco's FRED variant). You'll also find conflicting information on setting its parameters. Heck, even Dr. Floyd, who invented the methodology, revised how it works not too long after the first version.

Also keep in mind, today's traffic mixes and current TCP stacks were not what Dr. Floyd was working with when RED was "invented".

How to do qos configurations on CISCO 3925 Router?