01-13-2014 04:29 AM - edited 03-07-2019 05:31 PM
hi all ,
i have a simple brief topology below :
PSTN======(R1-7206)>F1=======F2>(R2-7604 catalyst)>>>F1=========Internet
i have two router
R2========>MLS 7604
R1======>cisco 7204
on R2 , Im doing matching to QOS by dscp , im matching acls ips from internet with dscp values :
here is CONFIG for matching :
Gateway7600#sh policy-map LLQX
Policy Map LLQX
Class YOUTUBE
set ip dscp af43
Class FACEBOOKVIDEOS
set ip dscp af33
Class HTTP
set dscp af23
Class DNSQOS
set dscp af13
Class class-default
set ip dscp af11
================
Gateway7600#sh class-map
Class Map match-all FACEBOOKVIDEOS (id 7)
Match access-group name facebookvideos
Class Map match-all DNSQOS (id 8)
Match access-group name dnsqos
Class Map match-all HTTP (id 6)
Match access-group name browsing
Class Map match-any class-default (id 0)
Match any
Class Map match-all YOUTUBE (id 5)
Match access-group name youtube
Gateway7600#
=========================================================
on this router i applied this policy map on interfaxce F1 in direction
and here matching is well :
Gateway7600#sh policy-map interface gigabitEthernet 1/5 in
GigabitEthernet1/5
Service-policy input: LLQX
class-map: rate-limit (match-all)
Match: access-group name rate-limit
police :
4088000 bps 384000 limit 384000 extended limit
Earl in slot 1 :
139044930 bytes
30 second offered rate 143032 bps
aggregate-forwarded 134420937 bytes action: transmit
exceeded 4623993 bytes action: drop
aggregate-forward 22544 bps exceed 0 bps
class-map: YOUTUBE (match-all)
Match: access-group name youtube
set dscp 38:
Earl in slot 1 :
132693939697 bytes
30 second offered rate 212144928 bps
aggregate-forwarded 132693939697 bytes
class-map: FACEBOOKVIDEOS (match-all)
Match: access-group name facebookvideos
set dscp 30:
Earl in slot 1 :
10726758352 bytes
30 second offered rate 20682720 bps
aggregate-forwarded 10726758352 bytes
class-map: HTTP (match-all)
Match: access-group name browsing
set dscp 22:
Earl in slot 1 :
56874058537 bytes
30 second offered rate 92669832 bps
aggregate-forwarded 56874058537 bytes
class-map: DNSQOS (match-all)
Match: access-group name dnsqos
set dscp 14:
Earl in slot 1 :
160308954 bytes
30 second offered rate 303552 bps
aggregate-forwarded 160308954 bytes
class-map: class-default (match-any)
Match: any
set dscp 10:
Earl in slot 1 :
67394864030 bytes
30 second offered rate 126884864 bps
aggregate-forwarded 67394864030 bytes
=================================================================================
now the problem is below
on router 7200 , it is LNS router connected with LAC roiuter for ADSL customers.
now here is config of policy map on 7200 router:
R11#sh policy-map
Policy Map MATCH_MARKS
Class MATCH_YOUTUBE
bandwidth 220000 (kbps)
Class MATCH_FACEBOOKVIDEOS
bandwidth 20000 (kbps)
Class MATCH_HTTP
bandwidth 100000 (kbps)
=========================================================
R1#sh class-map
Class Map match-all MATCH_FACEBOOKVIDEOS (id 2)
Match ip dscp af33 (30)
Class Map match-all MATCH_HTTP (id 3)
Match ip dscp af23 (22)
Class Map match-any class-default (id 0)
Match any
Class Map match-all MATCH_YOUTUBE (id 1)
Match ip dscp af43 (38)
==========================================================
here is virtual-template interface before i apply the QOS
R1#sh running-config interface virtual-template 1
Building configuration...
Current configuration : 352 bytes
!
interface Virtual-Template1
bandwidth 1000000
ip unnumbered Loopback0
ip tcp adjust-mss 1412
ip policy route-map private
no logging event link-status
qos pre-classify
peer default ip address pool bitsead1 bitsead2
ppp mtu adaptive
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
max-reserved-bandwidth 90
end
=========================================
when i apply the command
(service-poliy output MATCH_MAKRS ) under virtual-template interface i have console logs :
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
also i have
*Jul 9 22:28:38.242: Interface Virtual-Access2551 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.250: Interface Virtual-Access627 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.258: Interface Virtual-Access786 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.266: Interface Virtual-Access623 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.274: Interface Virtual-Access2559 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.282: Interface Virtual-Access2281 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.290: Interface Virtual-Access142 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACCD0z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACD28z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
after i apply it ,
the cpu is 100 % and the router got down !!!
now
what is the problem ????
here is ios for 7200 router
R1#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
Bras1 uptime is 13 weeks, 1 day, 9 hours, 24 minutes
System returned to ROM by reload at 16:24:51 GMT+3 Tue Jun 17 2003
System image file is "disk2:c7200p-adventerprisek9-mz.124-24.T7.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36858624
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================================
wish to Help ASAP
regards
01-14-2014 01:41 AM
here is verifying from vi users session :
R1#sh interfaces virtual-access 2 configuration
Virtual-Access2 is an VPDN link (sub)interface
Derived configuration : 506 bytes
!
interface Virtual-Access2
mtu 1460
bandwidth 1000000
ip unnumbered Loopback0
rate-limit input 192000 36000 72000 conform-action continue exceed-action drop
rate-limit output 1120000 210000 420000 conform-action continue exceed-action drop
ip tcp adjust-mss 1412
ip policy route-map private
no logging event link-status
peer default ip address pool xxx xxxxx xxxxxxxx
ppp mtu adaptive
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
max-reserved-bandwidth 90
end
=====
R1# sh interfaces virtual-access 2
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
Interface is unnumbered. Using address of Loopback0 (ZZZZZZZZ
MTU 1460 bytes, BW 1000000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
Vaccess status 0x44
Protocol l2tp, tunnel id 20929, session id 42188, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters 05:52:24
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1003
Queueing strategy: fifo (QOS pre-classification)
Output queue: 0/40 (size/max)
5 minute input rate 43000 bits/sec, 36 packets/sec
5 minute output rate 44000 bits/sec, 35 packets/sec
136941 packets input, 19025299 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
140354 packets output, 50493301 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
========================================
this is just a sample vi access SESSION , note that i have about 1700 vi access on the router.
hope this config help in tshoot
regards
01-14-2014 07:53 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Could you use, or have you tried using, percentages?
01-14-2014 08:15 AM
hi ,
i did
the same issue ,
i did a TEST policymap that has 30 percent gurantee
but the same result!!!!!!!!!!!!!!!!
the router god down agian !
here is logs :
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.605: Interface Virtual-Access1896 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.797: Interface Virtual-Access1317 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.809: Interface Virtual-Access993 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.817: Interface Virtual-Access1699 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.981: Interface Virtual-Access254 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.993: Interface Virtual-Access687 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.001: Interface Virtual-Access35 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.009: Interface Virtual-Access160 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.017: Interface Virtual-Access1337 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.029: Interface Virtual-Access1670 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.037: Interface Virtual-Access1948 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.049: Interface Virtual-Access1669 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.109: Interface Virtual-Access1334 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.117: Interface Virtual-Access151 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.125: Interface Virtual-Access761 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.137: Interface Virtual-Access810 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.197: Interface Virtual-Access1522 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.237: Interface Virtual-Access1692 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.257: Interface Virtual-Access368 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.305: Interface Virtual-Access1758 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.317: Interface Virtual-Access2061 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.325: Interface Virtual-Access1203 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.337: Interface Virtual-Access188 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.345: Interface Virtual-Access1975 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.357: Interface Virtual-Access1172 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.509: Interface Virtual-Access1647 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.517: Interface Virtual-Access458 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.609: Interface Virtual-Access608 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.621: Interface Virtual-Access2128 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.633: Interface Virtual-Access1167 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.641: Interface Virtual-Access487 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.653: Interface Virtual-Access1793 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.665: Interface Virtual-Access2280 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.769: Interface Virtual-Access839 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.781: Interface Virtual-Access2311 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.793: Interface Virtual-Access1788 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.857: Interface Virtual-Access8 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.869: Interface Virtual-Access2243 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.881: Interface Virtual-Access580 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.057: Interface Virtual-Access6 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.065: Interface Virtual-Access1331 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.077: Interface Virtual-Access1235 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.177: Interface Virtual-Access1748 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.189: Interface Virtual-Access2262 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.205: Interface Virtual-Access2136 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
i want to ask a question , could this be from IOS ????
01-14-2014 09:21 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Try removing "max-reserved-bandwidth 90", under your "interface Virtual-Template1".
01-14-2014 11:27 PM
Hi ,
Mr JOSEPH ,
thanks alot for reply and intersting
1st of all ,
it failed before and after i put the bandwidth command
and
max-reserved-bandwidth 90 command
========================================================================
after alot of investigation in the issue ,
i found that i cant apply qos under the virtual template interface
because each vi has its rate limit commands that is gived from radius attribute AAA
as an example above:
rate-limit input 192000 36000 72000 conform-action continue exceed-action drop
rate-limit output 1120000 210000 420000 conform-action continue exceed-action drop
those two commands are given from AAA radius , and as a result we cant use service policy for all vi access with different speeds ,
i will try the follwoign solution
i found that radius attribtue can give the vi access a service policy command
i will try it and if it succeeded i will give u a reply ,
also , if you find a more easy solution for me for my issue above plz tell me it
regards
01-15-2014 03:10 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Ah, passing bandwidths via RADIUS - yea, that's a factoid worth knowing.
So, when I asked about using bandwidth percentages, you replaced all absolute values with percentages? You also removed the max-bandwidth statement?
Unfortunately, a virtual template is one of the interfaces that's I have worked QoS on, and QoS features are often tied to "kinds" of interfaces often, but not always, improved in later IOS versions.
01-15-2014 03:45 AM
hi ,
actually no
i applied percentages wihout max bandwidht gurtantee removal ,
but i applied bw values with exit of gurantee removal
both failed !
================================
but you didnt tell me to update the ios ??
is ios 15 is better ?
==================================================
actually i dont want to down my router agian , it is on production network and all my pvc users will go down agian !
=================================
now im migrating to distibute service policy from AAA radius and i will use shape instead of rate-limit like the above.
=============
plz give me ur opinion for rate-limit command ? is it suitable for adsl customers ??
as i understand rate-limit==policing
but shaping is better than policing , especailly for customers
1st thing i will try shaping with bw gurantee,
but if it got more my LNS consuption resources , i will go to policing with bw gurantee
you can see my next questiion here about shaping with bw gurtantee in the same time :
https://supportforums.cisco.com/message/4138322#4138322
agian ,
thanks alot for time and cooperation
with my best regards
01-18-2014 12:02 PM
ohhhh god ,
another new problems agian !!
plz follow my question in radius attribute service policy !!!
https://supportforums.cisco.com/message/4141588#4141588
it cant access shaping and bw command !!
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide