cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1075
Views
5
Helpful
7
Replies

QoS questions, and aggregate shaping

jamie-nicol
Level 1
Level 1

Hi,

My questions are about QoS classes and aggregate shaping of multiple classes.
This is my setup, across 2 sites (it's a live environment):

4507------ASA-----PE----(400Mbps)----PE------ASA--------6509
Site A                               Site B

The PEs are provided by the service provider, and have a 1Gb interface facing my ASAs.
The 4507 is a  4507R+E (Sup7) running IOS XE (v15).
All connections are 1Gbit, and our service provider rate-limits the inter-site connection to 400Mbps.

I'm having trouble QoSing this setup. I need to shape my bandwidth and ideally I'd like to do this on the 4507 as it gives me the most options. The ASAs don't do shaping.

As I understand it, shaping and other QoS functions only take effect where a queue forms? Is this correct?

If all my connections are 1Gbps, and the maximum flow rate will never exceed 400Mbps, then am I right in thinking that no queues will form anywhere on my equipment? All my equipment will happily shunt traffic out at 1Gbps to the next hop; no queueing necessary.
There may be a queue on the service provider's PE, as that is where the bottleneck is, but I have no control over that!
So, where do my QoS policies apply, if I have no queues to form?


My next question is about QoS classes, and aggregate shaping. 
I have 2 classes (BACKUP_TRAFFIC and EXCHANGE_TRAFFIC) and have assigned both classes to my inter-site link's policy:

policy-map TRAFFIC_REGULATION

  class EXCHANGE_TRAFFIC
   bandwidth 190000
   shape average 390000000
   queue-limit 1024 packets
   dbl
 class BACKUP_TRAFFIC
   bandwidth 190000
   shape average 390000000
   queue-limit 1024 packets
   dbl

int g1/5/1
 service-policy ouput TRAFFIC_REGULATION


The purpose is to allow the 2 traffic types to share the total bandwidth equally, by reserving 190Mbps for each type.
I also shape each traffic type to 390Mbps, so that each one on its own can never saturate the link.
So far so good.
The problem is of course that if they're both using the link at the same time, they both get at least 190Mbps each, and will both attempt to use up whatever bandwidth remains, thus saturating the link. Each class on its own can never attain 390Mpbs, where the shaper actually kicks in.

How can I give them both 190Mbps, but at the same time shape the **aggregate** traffic at 390Mbps?


Next question.
Suppose my "class EXCHANGE_TRAFFIC" matches on 2 separate TCP connections. Does EACH TCP connection get a "bandwidth 190000" reservation (giving 380Mpbs), or are the 2 connections aggregated within the class?

I hope my questions make sense.
Many thanks in advance for your answers :-)

1 Accepted Solution

Accepted Solutions

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"As I understand it, shaping and other QoS functions only take effect where a queue forms? Is this correct?"

Not fully. Some QoS features take effect even when there's no congestion, such as policing or packet marking.  However, features related to congestion management, of course, need packets to queue.

As a general rule, LAN oriented switches, like the 4500 and 6500 series are weak in QoS features, e.g. QoS features such as shaping.  Later iterations of supervisors and IOSs have sometimes added QoS featues.  What are your 4500 and 6500 modules, chassis and IOS?

The feature you really want is hierarchical policies that support shaping (as also described, with an example, in pille1234's post).

"Suppose my "class EXCHANGE_TRAFFIC" matches on 2 separate TCP connections. Does EACH TCP connection get a "bandwidth 190000" reservation (giving 380Mpbs), or are the 2 connections aggregated within the class?"

The shaping is an aggregate for all the flows within the class.

View solution in original post

7 Replies 7

pille1234
Level 3
Level 3

What you are looking for is hierarchical QOS:

 

policy-map PARENT-POLICY

class class-default

shape average 390M

service-policy CHILD-POLICY

 

policy-map CHILD-POLICY

class EXCHANGE_TRAFFIC

bandwidth 190000

queue-limit 1024 packets

class BACKUP_TRAFFIC

bandwidth 190000

queue-limit 1024 packets

 

Best regards

 

 

The 4500 will not allow me to add a service-policy statement within a policy-map :-(

I think you can only do this on ASRs?

 

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"As I understand it, shaping and other QoS functions only take effect where a queue forms? Is this correct?"

Not fully. Some QoS features take effect even when there's no congestion, such as policing or packet marking.  However, features related to congestion management, of course, need packets to queue.

As a general rule, LAN oriented switches, like the 4500 and 6500 series are weak in QoS features, e.g. QoS features such as shaping.  Later iterations of supervisors and IOSs have sometimes added QoS featues.  What are your 4500 and 6500 modules, chassis and IOS?

The feature you really want is hierarchical policies that support shaping (as also described, with an example, in pille1234's post).

"Suppose my "class EXCHANGE_TRAFFIC" matches on 2 separate TCP connections. Does EACH TCP connection get a "bandwidth 190000" reservation (giving 380Mpbs), or are the 2 connections aggregated within the class?"

The shaping is an aggregate for all the flows within the class.

Thanks for your answers Joseph.

The 4507 is a  4507R+E (Sup7) running IOS XE (v15).

The 6509 is old and is being replaced with another 4507 in the near future.

We're also thinking about replacing the ASAs with ASRs; hopefully they will give us much better QoS options.

As mentioned before, I have no control over the service-provider PEs, which is where the main congestion occurs, so I really need to prioritise and shape my traffic before it gets to the PEs.

 

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

An old 6509, with an "old" sup (pre sup2T), will likely not support any shaping.  The sup7 has enhanced QoS features vs. the supV, and earlier, but without looking them up, I don't know if it supports shaping.  Again, (ideally) you want a hierarchical policy whose parent policy supports shaping.  If that's not supported, but you can shape individual classes, like your OP, you could shape the two classes such that their sums won't exceed available bandwidth, or you could oversubscribe to whatever amount you want (that you also believe is "safe" - i.e. assuming it's unlikely both classes would use their permitted maximum at the same time).

Shaping before the PE makes, as it's not under your control (unless you can have them do QoS to your design).

The ASR, like most WAN routers, has more QoS features than L3 switches.  It won't be as strong in its support for FW kind of features, compared to the ASAs.

BTW, beside ASRs, possible other options, to hand off to the PEs, would be Cisco's (new) 4000 series of routers.  Or, some of Cisco's MetroE switches.

Rejohn Cuares
Level 4
Level 4

Cisco ASA can do policing and shaping. TAC has a good document for this. Read it thoroughly are there some caveats (particularly on hierarchical QoS).

 

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html

 

 

Please rate replies and mark question as "answered" if applicable.

I'm using an ASA 5545-X, these do not support shaping:

Note: Traffic shaping is only supported on ASA Versions 5505, 5510, 5520, 5540, and 5550. Multicore models (such as the 5500-X) do not support shaping.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: