Re: QoS on C2960S

Simon1337 · ‎08-26-2018

Hello Together

I need help with the following scenario.

We have a 2960S Swich which is connected to the MPLS router of the ISP. Now we want to enable QoS on the UPLINK port to ISP router to prioritize the important traffic.

[c2960S]-----[MPLS Router ISP]

In the forum I read that the Cisco Catalyst 2960 Series are Layer 2 switches with intelligent Layer 2 - 4 services.(https://community.cisco.com/t5/switching/qos-cos-on-a-l2-switch/td-p/1119431)

My QoS scenario I want to create looks like this:
Three classes (Platium, Gold and Silver). In the Platium class only VoIP traffic should be prioritized (highest priority). In the Gold class Citrix traffic should be prioritized (medium priority) and in the Silver class the remaining traffic (low priority).

I want to set a fix bandwidth for the Platium class. The Gold and Silver class should share the remaining traffic according to availability.

Does the traffic via DSCP have to be marked? Or is it possible to prioritize based on ports or subnets (the 2960S switch has intelligent L3 and L4 functions)?

Can someone show me an example configuration how best to solve this?

Many thanks for your help

Simon

Georg Pauwen · ‎08-26-2018

Hello,

classes won't work because on the 2960 you can only police classes. Ingress queuing is not supported either, so all you are left with is egress queuing.

Typically, VoIP traffic uses DSCP 46 for voice traffic and DSCP 24 for signaling, DSCP 34 for video. ICA uses port 1194, but I think you can set the DSCP values for Citrix traffic manually. What value have you set it to ? These values are important to configure the egress queues on the 2960...

Simon1337 · ‎08-27-2018

Hello,

thank you for your answer. Correctly the VoIP traffic we mark with the DSCP value 46 and 24 since the different classes are not possible, we will prioritize the Citrix traffic at a later time.

The VoIP traffic should get a fixed bandwidth.

Georg Pauwen · ‎08-27-2018

Hello,

ok, I'll see if I can work out the queues...will get back with you...

Georg Pauwen · ‎08-27-2018

Hello,

for prioritizing just DSCP values 24 and 46, you can use the config below:

mls qos queue-set output 1 buffers 40 20 20 20
mls qos queue-set output 1 threshold 1 40 60 100 200
mls qos srr-queue output dscp-map queue 1 threshold 1 24 46

!
interface gigabitethernet1/1/1
switchport mode trunk
queue-set 1
priority-queue out
mls qos trust dscp

If you know what DSCP value your Citrix/Ica traffic has, add it that value to this line:

mls qos srr-queue output dscp-map queue 1 threshold 1 24 46 ..

Simon1337 · ‎08-27-2018

Hi Georg

Thanks for the configuration.
At which values can I set the fixed bandwidth for VoIP traffic (percent)?

For Citrix traffic I want to be in another queue which is dynamic (bandwidth), but higher prioritized than the normal traffic. How can this be achieved?

I would like to understand the configuration myself. Is it possible to comment the following lines so that I know what they do exactly?

mls qos queue-set output 1 buffers 40 20 20 20 20
mls qos queue-set output 1 threshold 1 40 60 100 200
mls qos srr-queue output dscp-map queue 1 threshold 1 24 46

Georg Pauwen · ‎08-27-2018

Hello,

basically, what you do is configure the queues and then assign DSCP values to these queues.

mls qos queue-set output 1 buffers 40 20 20 20

--> there are two queue sets, 1 and 2. I am using queue-set 1. Both queue sets have 4 egress queues. Here I have assigned buffer percentages to the queues: queue 1 gets 40 percent, queues 2,3, and 4 get 20 percent

mls qos queue-set output 1 threshold 1 40 60 100 200

--> Here, the drop thresholds for queue 1 are set to 40 and 60 percent of the allocated memory. 100 percent of the allocated memory is guaranteed/reserved, and 200 percent is the maximum memory that this queue can have before packets are dropped:

mls qos srr-queue output dscp-map queue 1 threshold 1 24 46

--> Here, DSCP values 24 and 46 are mapped to queue set 1

There are numerous ways to achieve similar results. Take a look at the document below for reference...

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/15-0_2_se/configuration/guide/scg2960/swqos.pdf

Simon1337 · ‎08-29-2018

Thank you for the explanation. Now I have one more question. The traffic of VoIP devices is marked via TOS value. How do I tell the switch to accept it as a TOS value? Or converts the TOS value to the DSCP value?

Georg Pauwen · ‎08-29-2018

Hello,

do you mean ToS or CoS ? ToS is part of the IP header used for precedence, by configuring 'mls qos trust dscp', you basically tell the switch to accept whatever ToS/DSCP is sent from the phones.

If you mean CoS, the default CoS to DSCP mapping (which you can view with the command 'show mls qos maps cos-dscp') is usually sufficient. The default map maps CoS values 0 - 7 to DSCP values 0 8 16 24 32 46 48 56 respectively.

Joseph W. Doherty · ‎08-29-2018

I think what you desire can be accomplished on a 2960. (Reason for "think", what you ask for can be done on a 3560/3750, and I believe the 2960 QoS architecture is very might like the 3560/3750 QoS architecture. NB: all my following comments are actually based on the 3560/3750 QoS architecture.)

BTW, is your MPLS bandwidth full port bandwidth? If not, part of your QoS model would be to "shape" your egress to not send faster than your CIR. (NB: If feature not available, and your CIR is less than egress port's bandwidth, you're going to want to use a "better" QoS featured device.)

The QoS architecture support 4 hardware egress queues per port. One port can be configured to use PQ and might also be shaped too; which should meet your goals for the platinum class. The other queues would share bandwidth in ratios you define, which should meet your goals for the gold and silver classes.

"Does the traffic via DSCP have to be marked?"

Yes and no. I believe the QoS architecture needs either CoS or ToS markings to direct traffic to the egress queues. Those markings can be set, though, during ingress based on L3 header information.

Let me know the answer to whether your MPLS egress needs shaping, and if I have the time, I'll post a sample config.

Simon1337 · ‎08-29-2018

Hello Joseph

I have three different locations. First 100/100, second 10/10 at third 6/6.
The first two locations should not cause any problems in terms of speed. At the third location I imagined that the bandwidth could be adjusted as a percentage of the 10mbit port speed or that fixed bandwidths could be assigned to the classes.

Joseph W. Doherty · ‎08-29-2018

For the third location, yes, ideally you want to run port at 10 Mbps, but limit its usage to 60% of that, using, on egress interface:

srr-queue bandwidth limit 60

Simon1337 · ‎09-05-2018

Hello Joseph

Do you have a sample configuration that matches my classes?

Joseph W. Doherty · ‎09-05-2018

If you haven't already, read through: https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91862-cat3750-qos-config.html.

What you'll likely need to do is have an ingress policy that assigns DSCP values. You may need to reassign the defaults for DSCP to egress queue. (If your traffic has DSCP values, you can "trust" and use those markings.)

You'll want to enable PQ, and if desired, place a shape limit on the first queue (which is what PQ uses too). (This to support your Platinum class.)

You'll then want to assign bandwidth percentages to your queues for Gold and Silver classes. (NB: you'll be using 3 of your 4 egress queues.)

If you have additional questions, please post them.