Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About Nathan Farrar
08-21-2019
Stats
Member since
04-30-2010
119
Posts
0
Helpful
3
Solutions
08-16-2019
05:51 AM
I did. It all went away after I rebooted the switch. Something weird happened while I was deleting the configuration and making changes.
... View more
07-31-2019
08:27 AM
I found the but, and it might be useful to open up a new topic on it. Seems that if I add the 'violate-action' command or 'exceed-action set-ip-dscp-transmit af31' command to a policy-map, I am not able to apply that policy to an input service policy for an interface. Never experienced this before. As soon as I remove that 'violate-action' or set the exceed-action to drop it will apply. Got to be a bug.
... View more
07-31-2019
07:47 AM
Its a stack of 2, 1 is 3.6.6E and the other is 3.6.5E. Both older versions. Also, I did reload the stack and was able to change the policing on the policy map... but now I can't assign a service policy to an interface. This is just weird. Not to mention that the service policies were in place before I reloaded, and yes I saved the config...
... View more
07-31-2019
06:08 AM
I've got a 3850 with QoS configured that has suddenly decided to stop allowing commands to be added/altered. I go into the policy-map, drop into the class within that policy and no matter the command it will not register. No errors will pop up, no syntax issues. I removed a policing command because it wouldn't change for me figuring I needed to start fresh to make the adjustments... Went to put it back in and nothing. Bug? I really don't want to schedule a reboot of this thing... Thanks!
... View more
07-31-2019
05:39 AM
Okay, I'll have to look into adjustments then. What would you recommend doing to traffic that has exceeded the input policing? Markdown to af31 or similar? Since I have this running, I'm thinking I could use some help interpreting the results. Can you tell me what you see here? I am seeing 'packet' and expecting that this is the number of packets that have been matched by the class within the policy.. but I'm not seeing what I'd expect. I'm seeing some that have packets matched but zero 'conformed' and some that have values for both. Trying to understand that discrepancy. Also, for my output policy that is doing the shaping, I'm seeing zero for just about everything except total drops. What do you think? Here is an example interface with inputs: GigabitEthernet1/0/10
Service-policy input: ENT-INPUT-PMAP
Class-map: Cisco-VOIP-Data (match-any)
312994 packets
Match: cos 5
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
ip dscp ef
police:
cir 128000 bps, bc 8000 bytes
conformed 0 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: Cisco-VOIP-Signal (match-any)
193191 packets
Match: cos 3
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
ip dscp af31
police:
cir 32000 bps, bc 8000 bytes
conformed 1282434 bytes; actions:
transmit
exceeded 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: SMB-TRAFFIC (match-any)
17869 packets
Match: access-group name SMB-MPLS
0 packets, 0 bytes
5 minute rate 0 bps
QoS Set
ip dscp af31
Class-map: class-default (match-any)
3669649 packets
Match: any And here is the output toward the SP router, again not seeing anything happening here. GigabitEthernet2/0/1
Service-policy output: ENT-OUTPUT-PMAP
Class-map: class-default (match-any)
0 packets
Match: any
Queueing
(total drops) 2079529
(bytes output) 768317836
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
Service-policy : ENT-OUTPUT-TEMPLATE
queue stats for all priority classes:
Queueing
(total drops) 0
(bytes output) 19482271
Class-map: realtime (match-any)
0 packets
Match: ip dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Priority: 30% (3000 kbps), burst bytes 75000,
Class-map: foreground (match-any)
0 packets
Match: ip dscp af31 (26)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
(total drops) 1518
(bytes output) 37137977
bandwidth remaining 81%
Class-map: background (match-any)
0 packets
Match: ip dscp cs1 (8)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
(total drops) 0
(bytes output) 78
bandwidth remaining 1%
Class-map: class-default (match-any)
0 packets
Match: any
Queueing
(total drops) 2078011
(bytes output) 711697510
bandwidth remaining 9%
... View more
07-30-2019
02:04 PM
Another question: This is a 3850 platform - no fair-queue option exists. I've implemented the config but have to wait for users to get in to see if things are working. Can you peek at this to see if it doesn't have any major errors? Anything else I can add to ensure queueing is occurring correctly? I really want to make sure traffic is shaped an not just dropped. The client's complaint is mainly with file shares (SMB) and Internet traffic. But there is only so much that can be done. class-map match-any realtime
match ip dscp ef
class-map match-any foreground
match ip dscp af31
class-map match-any background
match ip dscp af11 af12 af13
class-map Cisco-VOIP-Data
match cos 5
class-map Cisco-VOIP-Signal
match cos 3
policy-map ENT-INPUT-PMAP
class Cisco-VOIP-Data
set ip dscp ef
police cir 128000 bc 8000
conform-action transmit
class Cisco-VOIP-Signal
set ip dscp af31
police cir 32000 bc 8000
conform-action transmit
policy-map ENT-OUTPUT-PMAP
class class-default
shape average 10000000
service-policy ENT-OUTPUT-TEMPLATE
policy-map ENT-OUTPUT-TEMPLATE
class realtime
priority percent 30
class foreground
bandwidth remaining percent 81
class background
bandwidth remaining percent 1
class class-default
bandwidth remaining percent 9
... View more
07-29-2019
06:13 PM
Thanks a lot for your input on this. I'll be putting this into production tomorrow. Best
... View more
07-28-2019
02:23 PM
This is great, I'm building a baseline for further learning! Here's what I've put together, let me know if you see flaws in the logic please. I want to have phones take the expected priority. On the host facing interfaces I have an input service policy that looks for the CS5 tags which is expected from a phone voice stream, and then assigns an EF tag. It also looks for the signaling traffic that has a CS3 tag which is expected from voice call setup and assigns the AF31. AF31 = IPP 3 and EF = IPP 5. I am also looking for traffic that is going to a critical server for SMB traffic. You said that this should probably go to the class-default but I'd like to test performance with it in place. It may actually hinder everything. I then have an output policy facing the SP that shapes the traffic to 10Mbps and has a child policy that does the prioritization. Let me know if this seems like a good way of doing things and where I could improve. Also, a few questions: - Does the interface "bandwidth" command need to be stated in order for the percentages to function correctly? - AutoQOS utilized an input and an output service-policy on all interfaces. Is this to priortize data at each interface instead? Should I do the same? - I put a table-map in place since it is what I saw in AutoQoS. I'm using that as a reference tool, maybe not needed? - And lastly, should I be using "trust" commands to trust existing markings or is what I have sufficient? Really appreciate the assistance with this, it is truly clearing things up and I'm sure this thread will be helpful for others. Best
... View more
07-26-2019
05:40 AM
Okay, that makes sense. And working through this is very helpful. How does the bandwidth command come into play if it were to be configured on the interface facing the MPLS router? Would that then inform the correct values for the percentages? So, on the actual marking of traffic. I'll need to mark traffic as it enters the host interfaces or trust the marking already applied. I do want voice to be prioritized and I suspect that will already be marked leaving the device. But we will also need to classify SMB traffic to a specific subnet. I would need a policy on all host facing interfaces in the inbound direction, correct? How does this look?: class-map SMB-TRAFFIC match-any match access-group 100 policy-map ENT-PM-INPUT class SMB-TRAFFIC set What I am still a bit fuzzy on is where the shaping would come into play and bringing it all together. Does this look correct? Goal is to prioritize voice traffic from Cisco phones, then SMB traffic to servers across the MPLS. The rest is best-effort. Do I also need to then ma access-list 100 permit tcp any 10.20.20.0 0.0.0.255 eq 445 class-map SMB-TRAFFIC match-any match access-group 100 class-map VOICE-DATA match-any match cos 5 match ip dscp ef class-map VOICE-SIGNAL match-any match cos 3 policy-map ENT-PM-INPUT class SMB-TRAFFIC set dscp cs3 class-map VOICE-DATA set dscp cs5 class-map VOICE-SIGNAL set dscp cs7 policy-map ENT-PM-OUTPUT class VOICE-DATA priority percent 30 class SMB-TRAFFIC bandwidth remaining percent 81 fair-queue class VOICE-SIGNAL bandwidth remaining percent 81 fair-queue class background bandwidth remaining percent 1 fair-queue class class-default bandwidth remaining percent 9 fair-queue The service provider is using IPP for the MPLS network, so my idea is that I'm matching that internally. From what I gather, the cs5 would match IP Precedence 5 etc. I would apply the INBOUND policies to host and phone facing ports and the OUTBOUND policy toward the MPLS router. Question is where do I do the interface shaping? Do I have to nest a policy? Lastly, for the phones I would have to set the interfaces to trust the existing markings, correct? Thanks!
... View more
07-25-2019
07:11 AM
Thanks for your reply, Hand off is Ethernet to the SP's router, then Ethernet to local switch. Topology is multi-point mesh. Physical hand off bandwidth is 100Mbps. I believe the best way to approach this is to: 1. Shape traffic egress toward the MPLS router to 10Mbps 2. Utilize IPP to tag traffic that the MPLS router will then apply its QoS rules to I'm thinking the best way is to simplify this by getting rid of AutoQoS entirely and setup some kind of map of DSCP markings to precedence that the MPLS router will watch for. Still learning here... so what is the best method to incorporate a shaped overall interface but also map DSCP to IPP. I'm sure I'll figure it out once I get through some more documentation but I like to see what people do with experience, often times its more logical than what is outlined in Cisco docs.
... View more
07-24-2019
05:40 AM
I'm rusty with QoS. Really haven't had to work with it much since a lot of the networks I work on have bandwidth to spare. I've been working with some MPLS sites that have lower bandwidth connections, around 10Mbps is typical for these sites. There have been issues and I believe it is due to the service provider dropping packets due to the CIR being exceeded. I'm trying to understand the QoS configuration better. The goal is to make some adjustments to allow file transfer over SMB to function better (TCP 445). I am looking for some help in how to best implement this as well as understand what is already occurring. The remote site was setup with AutoQoS but I don't think it is taking into account the slower upstream bandwidth. I have the service provider's config as well which is using IPP (precedence) to do it's shaping. Would be super helpful if someone who is more knowledgable could walk me through how the current config is working and where best to adjust to help alleviate issues. Here is the switch where all clients are connecting: class-map match-any AutoQos-4.0-Output-Multimedia-Conf-Queue
match dscp af41 af42 af43
match cos 4
class-map match-any AutoQos-4.0-Output-Bulk-Data-Queue
match dscp af11 af12 af13
match cos 1
class-map match-any AutoQos-4.0-Output-Priority-Queue
match dscp cs4 cs5 ef
match cos 5
class-map match-any AutoQos-4.0-Output-Multimedia-Strm-Queue
match dscp af31 af32 af33
class-map match-any AutoQos-4.0-Voip-Data-CiscoPhone-Class
match cos 5
class-map match-any AutoQos-4.0-Voip-Signal-CiscoPhone-Class
match cos 3
class-map match-any non-client-nrt-class
class-map match-any AutoQos-4.0-Default-Class
match access-group name AutoQos-4.0-Acl-Default
class-map match-any AutoQos-4.0-Output-Trans-Data-Queue
match dscp af21 af22 af23
match cos 2
class-map match-any AutoQos-4.0-Output-Scavenger-Queue
match dscp cs1
class-map match-any AutoQos-4.0-Output-Control-Mgmt-Queue
match dscp cs2 cs3 cs6 cs7
match cos 3
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map AutoQos-4.0-Output-Policy
class AutoQos-4.0-Output-Priority-Queue
priority level 1 percent 30
class AutoQos-4.0-Output-Control-Mgmt-Queue
bandwidth remaining percent 10
queue-limit dscp cs2 percent 80
queue-limit dscp cs3 percent 90
queue-limit dscp cs6 percent 100
queue-limit dscp cs7 percent 100
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Conf-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Trans-Data-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class AutoQos-4.0-Output-Bulk-Data-Queue
bandwidth remaining percent 4
queue-buffers ratio 10
class AutoQos-4.0-Output-Scavenger-Queue
bandwidth remaining percent 1
queue-buffers ratio 10
class AutoQos-4.0-Output-Multimedia-Strm-Queue
bandwidth remaining percent 10
queue-buffers ratio 10
class class-default
bandwidth remaining percent 25
queue-buffers ratio 25
policy-map AutoQos-4.0-Trust-Dscp-Input-Policy
class class-default
set dscp dscp table AutoQos-4.0-Trust-Dscp-Table
policy-map AutoQos-4.0-CiscoPhone-Input-Policy
class AutoQos-4.0-Voip-Data-CiscoPhone-Class
set dscp ef
police cir 128000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Voip-Signal-CiscoPhone-Class
set dscp cs3
police cir 32000 bc 8000
conform-action transmit
exceed-action set-dscp-transmit dscp table policed-dscp
class AutoQos-4.0-Default-Class
set dscp default This is the service policy on the interface facing the MPLS circuit: service-policy input AutoQos-4.0-Trust-Dscp-Input-Policy
service-policy output AutoQos-4.0-Output-Policy On the service provider's router, here's what's configured there: class-map match-any best-effort
match ip precedence 0 1
class-map match-any network-control
match ip precedence 4 6 7
class-map match-any expedited-forwarding
match ip precedence 5
class-map match-any assured-forwarding
match ip precedence 2 3
!
policy-map Template-8
class expedited-forwarding
police cir percent 20
conform-action transmit
exceed-action drop
priority percent 20
class network-control
bandwidth percent 10
random-detect
class best-effort
bandwidth percent 69
random-detect
policy-map QOS
class class-default
shape average 10000000
service-policy Template-8
policy-map rate-limit-20M-out
class class-default
shape average 20000000 And finally, on the SP's router facing into their network: service-policy output QOS
... View more
03-02-2019
09:10 AM
No PBR happening but good thought. We ended up reloading the sup, the secondary sup came online and the issues went away! Must have been a lovely software bug lurking somewhere.
We started by clearing out the cef table, then moved to the routing table... no fixes there. I'm guessing the bug is somewhere in the routing logic and not in the table.
Good to go for now, but unfortunately no real answers
... View more
03-01-2019
12:09 PM
I'm not in the environment right now but this one is a bit interesting. A 4507 has been running in the core of this network just fine for a while now. Something happened over night that caused it to stop routing... kinda. Basically, the only issue seems to be with routes that are redirected to a different address within the same network.
Example. The switch has an SVI in the VLAN and is acting as a default gateway for the VLAN. The switch is peering via EIGRP with a few other devices in the same VLAN. A packet destined for a different network might come into the switch at 10.0.0.1 but be redirected to 10.0.0.254 to reach a different network. This isn't working. If I were to change a host to use the .254 address as the default gateway, traffic to and from that network works. But when the switch is the default gateway, it doesn't.
This isn't a configuration issue since it has been running for well over a year without issue.
I'm not sure what this type of routing would be called... maybe hairpin "ish"? I've considered clearing the routing table but that would be service disruptive. I've thought about clearing the cef table to see if that would fix things but I'm not sure how disruptive that would be.
Any ideas on way to fix this without reloading the entire switch, and what could be causing this? Hasn't happened before.
(Also, this switch is slated for refresh soon since it is way EOL)
... View more
- Tags:
- switch routing
Labels:
Created by
Nathan Farrar
in Unified Computing System Discussions
in Unified Computing System Discussions
10-31-2018
07:31 AM
10-31-2018
07:31 AM
Q1: Yes, replaced with another newer N5k running the same code Q2: Yes, for the most part. Some changes to remove unnecessary alias’s for FC and zonesets that were not applied Q3: I do not know the answer to this question. TAC took a look at the FI and said it looked okay. Q4: I am not sure, I didn’t run this command prior to the cut over unfortunately. But when working with TAC, they confirmed they saw an entry for both sides You are probably correct, I wish I had access to the equipment right now so I could check but it’s production and can’t touch until the next window. The way it appears to be configured is that they had alias’s configured for each device, and then they put all of them in the same zone and applied it. Looks to be very simple.
... View more
Created by
Nathan Farrar
in Unified Computing System Discussions
in Unified Computing System Discussions
10-29-2018
05:33 AM
10-29-2018
05:33 AM
Encountered a few issues an upgrade this weekend. First issue was a bug where a SAN port channel between the Nexus and the fabric interconnect wouldn't form due to the UCS software not recognizing the 5K due to it's new OUI. That required an upgrade to the newer 4.0 code on the chassis, the blades are still on 3.2.
The issue we are seeing now is that the Nimble storage isn't being seen by the hosts on the UCS chassis when connected to the new 5Ks. The WWNs for both the storage and the hosts show up on the 5K but the hosts can't see the storage. We had to revert back to the older 5Ks due to time and found that the storage came right back up.
Thoughts on why this would be?
... View more
Labels:
08-16-2019
I did. It all went away after I rebooted the switch. Something weird
happened while I was deleting t...
08-08-2019
New to Firepower, have a net new setup with some very basic rules in
place. Encountering an issue wi...
07-31-2019
I found the but, and it might be useful to open up a new topic on it.
Seems that if I add the 'viola...
07-31-2019
Its a stack of 2, 1 is 3.6.6E and the other is 3.6.5E. Both older
versions. Also, I did reload the s...
07-31-2019
I've got a 3850 with QoS configured that has suddenly decided to stop
allowing commands to be added/...
Created by
Nathan Farrar
in Routing
07-31-2019
07-31-2019
Okay, I'll have to look into adjustments then. What would you recommend
doing to traffic that has ex...
Created by
Nathan Farrar
in Routing
07-30-2019
07-30-2019
Another question: This is a 3850 platform - no fair-queue option exists.
I've implemented the config...
Created by
Nathan Farrar
in Routing
07-29-2019
07-29-2019
Thanks a lot for your input on this. I'll be putting this into
production tomorrow.Best
Created by
Nathan Farrar
in Routing
07-28-2019
07-28-2019
This is great, I'm building a baseline for further learning! Here's what
I've put together, let me k...
Created by
Nathan Farrar
in Routing
07-26-2019
07-26-2019
Okay, that makes sense. And working through this is very helpful. How
does the bandwidth command com...
Created by
Nathan Farrar
in Routing
07-25-2019
07-25-2019
Thanks for your reply, Hand off is Ethernet to the SP's router, then
Ethernet to local switch. Topol...
Created by
Nathan Farrar
in Routing
07-24-2019
07-24-2019
I'm rusty with QoS. Really haven't had to work with it much since a lot
of the networks I work on ha...
Created by
Nathan Farrar
in Routing
03-02-2019
03-02-2019
No PBR happening but good thought. We ended up reloading the sup, the
secondary sup came online and ...
Created by
Nathan Farrar
in Routing
03-01-2019
03-01-2019
I'm not in the environment right now but this one is a bit interesting.
A 4507 has been running in t...
Created by
Nathan Farrar
in Unified Computing System Discussions
10-31-2018
10-31-2018
Q1: Yes, replaced with another newer N5k running the same codeQ2: Yes,
for the most part. Some chang...
Public Statistics
| Date Registered | 04-30-2010 10:58 AM |
| Date Last Visited | 08-21-2019 12:28 AM |
| Total Messages Posted | 119 |
Helpful Votes Given To
| User | Helpful Count |
|---|---|
| 9 | |
| 5 | |
| 5 | |
| 4 | |
| 4 |
.jpg "VIP Expert"){kind=icon}
