Turns out it was an issue with Megaport. They had some weird stuff going on, lots of hops along the way. But, you are correct. It was just a trunk port heading to them and us tagging on the internal VLAN setup in Azure. Thanks! ... View more

Not interested in pricing, this isn’t a marketing forum. No where in my question did I ask what a port was or how much it would cost. ... View more

That's what I figured as well but it doesn't seem to be working. They gave me the outside "s-tag" as being 4001 and I setup the private tag in Azure as 1001. So that would lead me to believe we need to participate in the QinQ process. Their support has been slow and not super helpful so far. Trying to get someone with more insight. Megaport is the last hop provider into Azure. They are using 4001 with our local service provider. ... View more

The service provider is setup like this:   interface GigabitEthernet0/0/0/17 mtu 9216 transceiver permit pid all ! interface GigabitEthernet0/0/0/17.4001 l2transport encapsulation dot1q 4001 rewrite ingress tag pop 1 symmetric ... View more

Okay, I'll have to look into adjustments then. What would you recommend doing to traffic that has exceeded the input policing? Markdown to af31 or similar?   Since I have this running, I'm thinking I could use some help interpreting the results. Can you tell me what you see here? I am seeing 'packet' and expecting that this is the number of packets that have been matched by the class within the policy.. but I'm not seeing what I'd expect. I'm seeing some that have packets matched but zero 'conformed' and some that have values for both. Trying to understand that discrepancy.   Also, for my output policy that is doing the shaping, I'm seeing zero for just about everything except total drops. What do you think?   Here is an example interface with inputs:   GigabitEthernet1/0/10 Service-policy input: ENT-INPUT-PMAP Class-map: Cisco-VOIP-Data (match-any) 312994 packets Match: cos 5 0 packets, 0 bytes 5 minute rate 0 bps QoS Set ip dscp ef police: cir 128000 bps, bc 8000 bytes conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceeded 0000 bps Class-map: Cisco-VOIP-Signal (match-any) 193191 packets Match: cos 3 0 packets, 0 bytes 5 minute rate 0 bps QoS Set ip dscp af31 police: cir 32000 bps, bc 8000 bytes conformed 1282434 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceeded 0000 bps Class-map: SMB-TRAFFIC (match-any) 17869 packets Match: access-group name SMB-MPLS 0 packets, 0 bytes 5 minute rate 0 bps QoS Set ip dscp af31 Class-map: class-default (match-any) 3669649 packets Match: any And here is the output toward the SP router, again not seeing anything happening here.   GigabitEthernet2/0/1 Service-policy output: ENT-OUTPUT-PMAP Class-map: class-default (match-any) 0 packets Match: any Queueing (total drops) 2079529 (bytes output) 768317836 shape (average) cir 10000000, bc 40000, be 40000 target shape rate 10000000 Service-policy : ENT-OUTPUT-TEMPLATE queue stats for all priority classes: Queueing (total drops) 0 (bytes output) 19482271 Class-map: realtime (match-any) 0 packets Match: ip dscp ef (46) 0 packets, 0 bytes 5 minute rate 0 bps Priority: 30% (3000 kbps), burst bytes 75000, Class-map: foreground (match-any) 0 packets Match: ip dscp af31 (26) 0 packets, 0 bytes 5 minute rate 0 bps Queueing (total drops) 1518 (bytes output) 37137977 bandwidth remaining 81% Class-map: background (match-any) 0 packets Match: ip dscp cs1 (8) 0 packets, 0 bytes 5 minute rate 0 bps Queueing (total drops) 0 (bytes output) 78 bandwidth remaining 1% Class-map: class-default (match-any) 0 packets Match: any Queueing (total drops) 2078011 (bytes output) 711697510 bandwidth remaining 9% ... View more

Another question:   This is a 3850 platform - no fair-queue option exists. I've implemented the config but have to wait for users to get in to see if things are working. Can you peek at this to see if it doesn't have any major errors? Anything else I can add to ensure queueing is occurring correctly? I really want to make sure traffic is shaped an not just dropped. The client's complaint is mainly with file shares (SMB) and Internet traffic. But there is only so much that can be done.   class-map match-any realtime match ip dscp ef class-map match-any foreground match ip dscp af31 class-map match-any background match ip dscp af11 af12 af13 class-map Cisco-VOIP-Data match cos 5 class-map Cisco-VOIP-Signal match cos 3 policy-map ENT-INPUT-PMAP class Cisco-VOIP-Data set ip dscp ef police cir 128000 bc 8000 conform-action transmit class Cisco-VOIP-Signal set ip dscp af31 police cir 32000 bc 8000 conform-action transmit policy-map ENT-OUTPUT-PMAP class class-default shape average 10000000 service-policy ENT-OUTPUT-TEMPLATE policy-map ENT-OUTPUT-TEMPLATE class realtime priority percent 30 class foreground bandwidth remaining percent 81 class background bandwidth remaining percent 1 class class-default bandwidth remaining percent 9 ... View more

Thanks a lot for your input on this. I'll be putting this into production tomorrow. Best ... View more

This is great, I'm building a baseline for further learning!   Here's what I've put together, let me know if you see flaws in the logic please.    I want to have phones take the expected priority. On the host facing interfaces I have an input service policy that looks for the CS5 tags which is expected from a phone voice stream, and then assigns an EF tag. It also looks for the signaling traffic that has a CS3 tag which is expected from voice call setup and assigns the AF31. AF31 = IPP 3 and EF = IPP 5.   I am also looking for traffic that is going to a critical server for SMB traffic. You said that this should probably go to the class-default but I'd like to test performance with it in place. It may actually hinder everything.   I then have an output policy facing the SP that shapes the traffic to 10Mbps and has a child policy that does the prioritization.   Let me know if this seems like a good way of doing things and where I could improve.   Also, a few questions:  - Does the interface "bandwidth" command need to be stated in order for the percentages to function correctly?  - AutoQOS utilized an input and an output service-policy on all interfaces. Is this to priortize data at each interface instead?      Should I do the same?   - I put a table-map in place since it is what I saw in AutoQoS. I'm using that as a reference tool, maybe not needed?  - And lastly, should I be using "trust" commands to trust existing markings or is what I have sufficient?     Really appreciate the assistance with this, it is truly clearing things up and I'm sure this thread will be helpful for others.   Best ... View more

Okay, that makes sense. And working through this is very helpful.   How does the bandwidth command come into play if it were to be configured on the interface facing the MPLS router? Would that then inform the correct values for the percentages?    So, on the actual marking of traffic. I'll need to mark traffic as it enters the host interfaces or trust the marking already applied. I do want voice to be prioritized and I suspect that will already be marked leaving the device. But we will also need to classify SMB traffic to a specific subnet. I would need a policy on all host facing interfaces in the inbound direction, correct? How does this look?:   class-map SMB-TRAFFIC match-any  match access-group 100   policy-map ENT-PM-INPUT  class SMB-TRAFFIC  set    What I am still a bit fuzzy on is where the shaping would come into play and bringing it all together. Does this look correct?   Goal is to prioritize voice traffic from Cisco phones, then SMB traffic to servers across the MPLS. The rest is best-effort. Do I also need to then ma   access-list 100 permit tcp any 10.20.20.0 0.0.0.255 eq 445   class-map SMB-TRAFFIC match-any  match access-group 100 class-map VOICE-DATA match-any  match cos 5  match ip dscp ef class-map VOICE-SIGNAL match-any  match cos 3     policy-map ENT-PM-INPUT  class SMB-TRAFFIC   set dscp cs3  class-map VOICE-DATA   set dscp cs5  class-map VOICE-SIGNAL   set dscp cs7   policy-map ENT-PM-OUTPUT  class VOICE-DATA   priority percent 30  class SMB-TRAFFIC   bandwidth remaining percent 81   fair-queue   class VOICE-SIGNAL   bandwidth remaining percent 81   fair-queue  class background   bandwidth remaining percent 1   fair-queue  class class-default   bandwidth remaining percent 9   fair-queue   The service provider is using IPP for the MPLS network, so my idea is that I'm matching that internally. From what I gather, the cs5 would match IP Precedence 5 etc.   I would apply the INBOUND policies to host and phone facing ports and the OUTBOUND policy toward the MPLS router. Question is where do I do the interface shaping? Do I have to nest a policy?   Lastly, for the phones I would have to set the interfaces to trust the existing markings, correct?   Thanks!       ... View more