Hello markmalone2008,

Thanks for your answer.

I going to restrict bandwidth on my ports of catalyst 2960S.

I'll be use traffic Policer for ingress traffic on port and

Switch(config-if)# srr-queue bandwidth limit 50 for egress traffic.

When this command will be configured on interface, the existing tcp sessions via this port will be closed / lost?

They may drop as thats a hardware command which will effect the actual bandwidth of the port  , tcp will retransmit anyway  , use a test port check your show tcp brief see your connections ,  create some form of tcp traffic on the test port with a pc and then use the command see if you drop it , better on a test port than production

Thanks,

mw - you mean maintenance window?

yes just to be sure , we have enabled this on multiple devices never had an issue , 1 time we ran it globally on 1 switch that had a specialized engineering server on it , it caused issues as the server was generating traffic and when the dscp got marked we seen server was marking for cs3 traffic which filled up 1 of our layer 3 queues that was actually using cs3 caused traffic issue

Thanks,

Hi Mark,

mls qos enables qos globally on the switch it should not have an impact

This is what many Cisco customers think - and this is where they are mistaken and can burn themselves terribly. The reality on Catalyst 2960/3560/3750 platforms is strongly different.

Without mls qos, the switch is entirely oblivious to any QoS operations whatsoever. It ignores all priority markings and it pours all frames into a common buffer from which they are dequeued.

When mls qos is enabled on a switch, things change significantly. Without any further configuration, all ports become untrusted ports, meaning they will override any QoS marking present in incoming frames and packets to 0, that is, best effort. In addition, the memory buffer that was undivided before activating the QoS support will now be split into separate subpools for different ports and their Tx queues. This, combined with the fact that all traffic is downgraded to CoS/DSCP 0 and mapped to specific per-port Tx queue 2 by default, means that the traffic queued in the switch will now be getting only a fraction of the buffer space that was available before activating the mls qos. As a result, major traffic drops can occur.

So in other words, activating the mls qos without configuring anything else will have an impact on the traffic, and it may potentially be disastrous. The QoS configuration on the switch must be much more comprehensive before activating mls qos so that the switch actually honors the incoming markings or rewrites them and deals with the now-unequal traffic accordingly.

Best regards,
Peter

Thats good to know Peter thanks , i am only going from experience rolling it out but we always had our specific access ports set at the same time to trust the dscp provided by the end device as qos is usually best marked closest to the source we did however crash 1 server(though only 1 globally)  which i why i suggesteg the mw just in case , our routers would then have the class based queueing set for the wan links , i know doing some of our 6500s with sup2ts we ran into that issue running just auto qos default everything was bundled to 1 queue when looking at show queueing per interface until we set the auto qos on the interfaces as well , didnt know it was the same for  the mls qos

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Just to add to Peter's post.

Another possible issue, when you activate/deactivate QoS, some "inflight" frames/packets might be dropped as the switch reconfigures itself dynamically.  I.e. Cisco doesn't guarantee such configuration changes are totally hit less on these devices.  That said, the reconfiguration change seems to go fast enough that most applications wouldn't "care" (because networks don't generally guarantee 100% delivery of every transmitted frame/packet).  But as Mark has already noted, best to make these kinds of changes during MW.

These switches, at least the 3xxx with later IOS images, support an auto-QoS feature.  Even using it, you can still burn yourself because of the way it manages physical buffers.  Also, the QoS model it uses might not be optimal for your needs.  These switches are limited by the hardware buffering they provide, especially the 2960 series, so whatever QoS model you might use on them, you often need to also tune their buffer management.