Please find the configuration. Kindly suggest it is ok?
My MPLS link BW = 70 Mbps. I am configuraing QOS at CE router and on PE router again SP will configure QOS. For that we have to remark the traffic in to 5 classes.
class-map match-any VOIP_BEARER_CLASS
match ip dscp ef
match access-group name VOIP_BEARER_CLASS
class-map match-any VIDEO_CONF_CLASS
match ip dscp af41
match ip dscp af42
match access-group name VIDEO_CONF_CLASS
class-map match-any SIGNALING_CLASS
match ip dscp cs3
match ip dscp af31
match access-group name SIGNALING_CLASS
class-map match-any Mission Critical_DATA_CLASS //// (SAP)
match ip dscp af21
match ip dscp af22
match ip dscp cs2
match ip dscp cs6
match access-group name Mission Critical_DATA_CLASS
class-map match-any Default_CLASS
match ip dscp DF
match access-group name Default_CLASS
set dscp af41
priority percent 20
set dscp EF
priority percent 13
set dscp cs3
bandwidth percent 5
class Mission Critical_DATA_CLASS
set dscp af21
bandwidth percent 27
set dscp df
bandwidth percent 35
service-policy output COMAPANY_QOS_POLICY
ip access-list extended VIDEO_CONF_CLASS
permit udp any any range 16384 32767
ip access-list extended VOIP_BEARER_CLASS
permit udp any any range 16384 32767 /// RTP
ip access-list extended SIGNALING_CLASS
permit tcp any any range 2000 2002 /// SCCP
permit tcp any any range 5060 5061 ///SIP
permit udp any any range 5060 5061 /// SIP
permit udp any any eq 1719 ///H.323
permit tcp any any eq 1720 ///H.323
ip access-list extended Critical_DATA_CLASS
permit tcp any any range 3200 3299
permit udp any any range 3600 3699
permit udp any any range 3200 3299
permit tcp any any range 3600 3699
permit tcp any any range 3300 3399
permit udp any any range 3300 3399
permit tcp any any eq 50500 8005 50504
permit udp any any eq 50500 8005 50504
permit tcp any any eq 443 /// HTTPS
permit tcp any any eq 1521 /// ORACLE -SQL *NET
permit udp any any eq 1521 /// ORACLE -SQL *NET
permit tcp any any eq 1526 /// ORACLE
permit udp any any eq 1526 /// ORACLE
permit tcp any any eq 1575 /// ORACLE
permit udp any any eq 1575 /// ORACLE
permit tcp any any eq 1630 /// ORACLE
permit udp any any eq 1630 /// ORACLE
permit tcp any any eq 22 /// SSH
permit tcp any any eq 465 /// Secure SMTP
permit tcp any any eq 995/// Secure POP3
permit tcp any any eq 1914 /// Connected PC Backup
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended DEFAULT_CLASS
permit ip any any
Please suggest this Configuration is ok?
In this case if suppose my 33 % BW used for LLQ is not used and Mission Critical_DATA_CLASS is using all 27% BW.Than this class can use free BW of other class? if not how it can be posible.
Take a look at the following:
If you have congestion on link, no matter what traffic causes it, the priority queues will not allow any traffic to burst in. So, even if 1% of the 33% is being used, no other traffic comes into these two queues.
However, the classes for which you have reserved b/w, if they ave unused b/w, they will allow other traffic to burst in & utilize the unused b/w in time of congestion.
Thanks for the reply.
My Configuration on CE router is OK than?
What configuration shpuld i do in LAN switches. It is ok if i will do Auto QOS? My network has AVAYA Telephony system thats why i need to use only autoqos voip trust only.
Yes the config looks correct apart from typos "match ip dscp DF"<<
You can use: 'auto qos voip trust' only in this case.
There are two options on the switchports connected to the IP
phone, 'auto qos voip cisco-phone' and 'auto qos voip cisco-softphone'. The cisco-phone
option uses CDP to detect a Cisco phone, so I assume that won't work with Avaya.
Thanks for the reply.
I have used DF for the Default traffic.
One more thing want to clear that in my network there are LANLITE version of Cisco Catalyst 2960 switches which do not support AutoQos and only support limited features of Qos. It is ok if I will configure all the ports with mls qos trust dscp where Ip phones are connected and set the priority queue out with default cos-dscp mapping as there is no option to changethe same.
In short I am going to configure :
Access switches - 2960 LanLite : -- all ports with ip phone and trunk ports = mls qos trust cos , priority-queue out.
Access switch - 2960 LAN Base : All port connected with IP Phone and trunk ports == auto qos voip trust
on Distribution and CORE switch all uplink ports == auto qos voip trust.
Should I need to configure Police and class map on Access / Dist/ CORE layer? As auto qos voip trust will not generate classmap configuration.
Even if the LAN lite doesn't support Auto QOS, we could configure it manually & yes, we can use the default COS-DSCP mapppings. What you need to make sure is that this DSCP value doesn't get reset anywhere in the path till it reaches the point where action (policing/shaping) is to be taken.
QOS is end to end. So, yes, you would need to either trust the QOS setting on the uplinks or what you could do is following:
Trust the DSCP/COS on Access.
Match the DSCP/COS on the distribution, core ....remark the traffic to the same value when it leaves the distribution/core.
Just to Add to the nice posts by Amit above
you can use the bellow document as reference for you to understand and configure your WAN/CE router per your needs
if helpful Rate