Re: QoS - Layer 2 WAN connection

mindgame71 · ‎05-29-2018

Dear all

We have a use case where a customer just want to deploy QoS on a Layer 2 WAN (1 Gbit/s) connection. My approach is to mark the traffic by Access Lists (just example below).

DC 1 - Switch A ---PE--- Layer 2 WAN ---PE--- DC 2 - Switch B

Does anybody has experience with QoS just on a Layer 2 conenction where a provider is between? Did the provider destroy the QoS marking?

ACL--------------------------------------------------

ip access-list extended VOIP

permit udp any range 16384 32767 any range 16384 32767

!

ip access-list extended SSH

permit tcp any eq 22 any

permit udp any eq 22 any

permit tcp any any eq 22

permit udp any any eq 22

!

ip access-list extended SERVER-XY

permit tcp any <SERVER-XY>

permit tcp <SERVER-XY>

any permit udp any <SERVER-XY>

permit udp <SERVER-XY> any

!

Class------------------------------------------------

class-map match-any VOIP

match access-group name VOIP

!

class-map match-any SSH

match access-group name SSH

!

class-map match-any SERVER-XY

match access-group name SERVER-XY

etc.

MARKING-----------------------------------------------

policy-map QOS-INPUT

class VOIP

set dscp ef

class SERVER

set dscp af31

class SSH

set dscp cs2

class class-default

set dscp default

!

policy-map QOS_POLICY-EGRESS

class VOIP

priority

class SERVER-XY

bandwidth remaining percent 5

class BULK_DATA

bandwidth remaining percent 5

class SSH

bandwidth remaining percent 5

class class-default

bandwidth remaining percent 75

dbl

!

Switch Branch A interface giX/Y

service-policy output QOS_POLICY-EGRESS

service-policy input QOS_INGRESS

Switchport mode trunk

!

Switch Branch B interface giX/Y

service-policy output QOS_POLICY-EGRESS

service-policy input QOS_INGRESS

Switchport mode trunk

!

Thanks a lot in advance and best Regards

Georg Pauwen · ‎05-29-2018

Hello,

your example uses IP and DSCP, these are layer 3 and probably won't work if you have just a layer 2 connection.

QoS options are heavily dependent on the platform you are using: which switch do you have ?

mindgame71 · ‎05-29-2018

Dear Gregor

Thanks a lot for your answer.

Yes thats true, DSCP is for Layer 3, I should apply COS values. The config snippet is more to show how I would do it ACL marking.

There are 4500-X (Layer 3, Layer 2) and 3850 Stack as Access (Layer 2).

The Layer 2 Connection is from a 4500-X from one DC to also a 4500-X to the other DC. They are using GLC-T Modules for the 1 Gbit/s connection to the provider (Layer 2).

So the customer wants the QoS deployment just on this Layer 2 connection that includes 4500-X where I want to deploy the QoS Settings. Do you have experience with the Platform 4500-X?

Thanks and best Regards

Georg Pauwen · ‎05-29-2018

Hello,

the 4500-X (running XE ?) gives you the entire range of options for QoS, including auto QoS.

Do you know already have an idea of the traffic you want to apply QoS to (e.g. voice, video, etc.) ?

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/01xo/configuration/guide/config/qos.html

mindgame71 · ‎05-29-2018

Hi Georg

Yes, they are running IOS-XE Software - Version 03.04.05.SG RELEASE SOFTWARE (fc1).

Thank you for the link.

QoS - Classes:
- Voice
> Priority Queue
> COS 5

- Citrix - ICA traffic
> Priories
> COS 2
- Printer traffic
> Priories but should not impact User Sessions (Citrix)

> COS 1
- Router traffic / Network Management (SSH, HSRP, OSPF usw.)
> Priories
> COS 3 or COS 6
- Backup
> Is deployed during night
> not sure If I it is better to keep it in the default class

I would deploy an input policy marked based on ACLs and and Egress Policy on the Interface to Provider.

Best Regards

Oliver

mindgame71 · ‎05-30-2018

Hi

I decided to change the approach from just applying QoS on the L2 connection to End-To-End-QoS.

Server A - 10.20.0.100/24

|

A-4500-X------------Layer-2-------------B-4500-X-----Server B - 10.10.0.100/24

|

3850 (Access Switch)
|

Client 10.0.0.5/24

I will do the marking for specific Server at Access Switch - ACL (where it is needed for specific Services) based and apply an input policy at Access Ports. Deploying Egress Policy for queuing on the Uplink port and the same from 4500-X via L2 to the other 4500-X.

If I am marking a traffic which is going to Server B lets say with dscp 18 and L3 domain ends on Device B-4500-X, do I have to configure explicitly DSCP-to-COS mapping on A-4500-X so that the Layer 2 connection is treated by QoS with COS values?

Thanks and best Regards