cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1834
Views
0
Helpful
12
Replies

(Emergency!) Aggregated speed control for ASR 9k

arshink
Level 1
Level 1
Hi there,
 
Based on the following configuration, I have some PPPoE subscribers connected to a BNG which is ASR 9912,
each user assigned to a service profile defined in AAA and ASR which contains two sub-service(or may be more in the future); one of them is for INTERNAL traffic and another one for the other destinations.
 
As it can be seen from the configuration, each sub-service has a policing speed control set to 10 Mbps which is equal for both of them, but I can change it to the different values for each sub-service.
 
Every thing works fine in this configuration except that there is no aggregated policy-map or configuration to limit the total speed for each subscriber.
I want to limit the total speed for every subscriber; not just only for sub-service(s).
 
It simply means that in my configuration, every subscriber can download/upload 10 Mbps for each sub-service separately, so; the total speed for connections becomes to 20 Mbps, but I want to limit the total aggregated speed to some values less than the sum of the individual speeds for sub-services (let's say for example to 15 Mps) while keeping granular speed for each sub-service to 10 Mbps.
 
Any help will be appreciated.
 
Best Regards,
Arshin
 
=========================================================================
Partial related configuration:
 
dynamic-template
 !
 type ppp PPPoE
  ppp authentication ms-chap chap pap
  keepalive 30 1
  ppp ipcp dns 4.2.2.4 8.8.8.8
  accounting aaa list ISG type session periodic-interval 5
  ipv4 unnumbered Loopback0
 !
 type service INTERNAL__10240
  ! Service-Package for Internal Traffic based on a ACL named INTERNAL
  service-policy input INTERNAL__10240 merge 20 acct-stats
  service-policy output INTERNAL__10240 merge 20 acct-stats
  accounting aaa list ISG type service periodic-interval 5
 !
 type service INTERNET__10240
  ! Service-Package for Internet Traffic based on a ACL named INTERNET
  service-policy input INTERNET__10240 merge 30 acct-stats
  service-policy output INTERNET__10240 merge 30 acct-stats
  accounting aaa list ISG type service periodic-interval 5
 !
!
policy-map INTERNAL__10240
 class INTERNAL
  police rate 10240 kbps
  !
 !
 class class-default
 !
 end-policy-map
!
policy-map INTERNET__10240
 class INTERNET
  police rate 10240 kbps
  !
 !
 class class-default
 !
 end-policy-map
!
===========================================================================
12 Replies 12

xr-escalation
Level 1
Level 1
Have you tried creating a 2-level hierarchical QoS policy? At the parent level it would only have a class-default with a shaper (or policer). The QoS policy you are using at the moment should be the child policy.

/Aleksandar

Hi Alexander,

 

Thanks for replying,

No, I didn't configure any 2-level hierarchical QoS policy because I don't know how to do it for PPPoE subscribers. May I ask to share some samples based on the attached configuration?

 

Best Regards.

Arshin

Sure, here you go:

policy-map SERVICE_A_P
class class-default
service-policy SERVICE_A
shape average 10 mbps
!
policy-map SERVICE_A
class EF
priority level 1
police rate 1 mbps


policy-map SERVICE_B_P
class class-default
service-policy SERVICE_B
shape average 10 mbps !
!
policy-map SERVICE_B
class AF4
bandwidth 2 mbps !


policy-map SERVICE_C_P
class class-default
service-policy SERVICE_C
shape average 10 mbps
!
policy-map SERVICE_C
class class-default
bandwidth 3 mbps

dynamic-template
type service SERVICE_1
service-policy output SERVICE_A_P merge 10 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2

dynamic-template
type service SERVICE_2
service-policy output SERVICE_B_P merge 20 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2

dynamic-template
type service SERVICE_3
service-policy output SERVICE_C_P merge 30 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2


RADIUS server profile example:

vsa cisco generic 1 string "ip:ipv4- unnumbered=loopback2222"
vsa cisco generic 1 string "ip:addr-pool=ROY"
vsa cisco generic 1 string "subscriber:sa=SERVICE_1"
vsa cisco generic 1 string "subscriber:sa=SERVICE_2"
vsa cisco generic 1 string “subscriber:sa=SERVICE_3

What you should see when the above config is applied:

RP/0/RSP0/CPU0:ASR9K-42-BNG#sh policy-map applied int Bundle- Ether1.61.pppo$
Output policy-map applied to Bundle-Ether1.61.pppoe57:
policy-map type merge __merge_ffffff8439ffffff9a1
class class-default
service-policy type merge __merge_ffffffd8ffffffa7ffffffd6ffffffc1
shape average 10 mbps !

Child policy-map(s) of policy-map __merge_ffffff8439ffffff9a1:

policy-map type merge __merge_ffffffd8ffffffa7ffffffd6ffffffc1
class EF
priority level 1
police rate 1 mbps
!
!
class AF4
bandwidth 2 mbps
!
class class-default
bandwidth 3 mbps

/Aleksandar

Thank you so much Alexander,

I'm going to implement that and I'll take the result.

 

best regards,

Arshin.


@xr-escalation wrote:
Sure, here you go:

policy-map SERVICE_A_P
class class-default
service-policy SERVICE_A
shape average 10 mbps
!
policy-map SERVICE_A
class EF
priority level 1
police rate 1 mbps


policy-map SERVICE_B_P
class class-default
service-policy SERVICE_B
shape average 10 mbps !
!
policy-map SERVICE_B
class AF4
bandwidth 2 mbps !


policy-map SERVICE_C_P
class class-default
service-policy SERVICE_C
shape average 10 mbps
!
policy-map SERVICE_C
class class-default
bandwidth 3 mbps

dynamic-template
type service SERVICE_1
service-policy output SERVICE_A_P merge 10 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2

dynamic-template
type service SERVICE_2
service-policy output SERVICE_B_P merge 20 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2

dynamic-template
type service SERVICE_3
service-policy output SERVICE_C_P merge 30 acct-stats
accounting aaa list AAA_ACCNT_ML type service periodic-interval 2


RADIUS server profile example:

vsa cisco generic 1 string "ip:ipv4- unnumbered=loopback2222"
vsa cisco generic 1 string "ip:addr-pool=ROY"
vsa cisco generic 1 string "subscriber:sa=SERVICE_1"
vsa cisco generic 1 string "subscriber:sa=SERVICE_2"
vsa cisco generic 1 string “subscriber:sa=SERVICE_3

What you should see when the above config is applied:

RP/0/RSP0/CPU0:ASR9K-42-BNG#sh policy-map applied int Bundle- Ether1.61.pppo$
Output policy-map applied to Bundle-Ether1.61.pppoe57:
policy-map type merge __merge_ffffff8439ffffff9a1
class class-default
service-policy type merge __merge_ffffffd8ffffffa7ffffffd6ffffffc1
shape average 10 mbps !

Child policy-map(s) of policy-map __merge_ffffff8439ffffff9a1:

policy-map type merge __merge_ffffffd8ffffffa7ffffffd6ffffffc1
class EF
priority level 1
police rate 1 mbps
!
!
class AF4
bandwidth 2 mbps
!
class class-default
bandwidth 3 mbps

/Aleksandar

Hello again Aleksandar

 

That configuration didn't solve my problem, let me explain more and please let me know if I have misunderstanding in each step:

 

1) USER1 sends authentication requests to the BNG and it forwards the request to the AAA.

 

2) AAA checks the user information and it finds that USER1 assigned to 3 different services
named Service-1, Service-2 and Service-3. So, AAA sends back a message (ACCESS-ACCEPT) to the BNG which contains the name of these services in the AAA-Attributes.

 

3) BNG finds that it already has configuration for these services, so it accept the list from AAA and begins to send 4 different accounting-start requests corresponding to these 3
services plus one more for total accounting to the AAA.


Also in this step BNG establish the PPPoE connection for USER1 and assigns the following speeds for each service:
3-1) Service-1 = 10 Mbps
3-2) Service-2 = 5 Mbps
3-3) Service-3 = 15 Mbps
So the total speed for that user in each direction becomes (10+5+15) = 30 Mbps

 

4) In a live session and at the Interim-Intervals, BNG sends 4 accounting records consecutively to the AAA for usage calculation and AAA checks that if one (or more than one) of these services counts to zero credit, then it sends a COA message to the BNG to disconnect that service.

 

5) If all of the services counts to zero credit, then user-session will be terminated by COA or may be redirected to a Web-Portal for further processing.

 


My question is about speed-limit for all of the services in each direction to some value less than (10+5+15=40). For example to 60% of this number which is 60% * 40 = 24 Mbps.

 

In a sample 2-level policer which is presented kindly, still I can not find a force-limit for speed of (Service1 + Service2 + Service3),
it only shows me how can I control speed internally inside a service using a child policy, but I need an speed control externally outside of all of these 3 services.

The sample configuration that I have share should have resulted in a single parent shaper of 10Mbps, where your 3 services would be part of the child policy. Can you share the "sh policy-map applied interface " from your BNG where you tried this out?

/Aleksandar

Sure, here it is:

 

RP/0/RP0/CPU0:ASR#sh policy-map applied int BE2.2000.pppoe59660
Fri Jun 15 11:33:16.259 UTC
 
Input policy-map applied to Bundle-Ether2.2000.pppoe59660:
  policy-map type merge __merge_e8c12525
   class Service-3
    police rate 15360 kbps
    ! 
   class Service-2
    police rate 5120 kbps
    !
   class Service-1
    police rate 10240 kbps
    ! 
   class class-default
   !
Output policy-map applied to Bundle-Ether2.2000.pppoe59660:
  policy-map type merge __merge_e8c12525
   class Service-3
    police rate 15360 kbps
    !
   class Service-2
    police rate 5120 kbps
    ! 
   class Service-1
    police rate 10240 kbps
    ! 
   class class-default
   !
 
======================================================================
And also output from this command:
 
RP/0/RP0/CPU0:ASR#sh subscriber running-config interface name BE2.2000.pppoe59660
Fri Jun 15 11:38:35.357 UTC
 
Building configuration...
!! IOS XR Configuration 5.3.4
subscriber-label 0x747
 
dynamic-template
 type user-profile U00000747
  timeout idle 900
  accounting aaa list ISG type session periodic-interval 5
  ppp ipcp mask 255.255.255.255
  ppp timeout absolute 16063 14
 !
 type service Service-3
  accounting aaa list ISG type service periodic-interval 5
  service-policy input POLICE_15Mbps merge 10 acct-stats
  service-policy output POLICE_15Mbps merge 10 acct-stats
 !
 type service Service-2
  accounting aaa list ISG type service periodic-interval 5
  service-policy input POLICE_5Mbps merge 20 acct-stats
  service-policy output POLICE_5Mbps merge 20 acct-stats
 !
 type service Service-1
  accounting aaa list ISG type service periodic-interval 5
  service-policy input POLICE_10Mbps merge 30 acct-stats
  service-policy output POLICE_10Mbps merge 30 acct-stats
 !
 type ppp DT_FR_ISG
  ipv4 verify unicast source reachable-via rx
  ipv4 unnumbered Loopback0
  ppp ipcp dns 4.2.2.4 8.8.8.8
  ppp max-bad-auth 3
  ppp authentication ms-chap chap pap
  keepalive 30 1
 !
!
end
* Suffix indicates the configuration item can be added by aaa server only
 

what I want is that if a subscriber uses all of 3 services together, then the bandwidth should be limit something less than 30 Mbps (10+5+15), for example I need to set the bandwidth to 24 Mbps.

The configuration that you have shared doesn't match what I have suggested. Note that in my proposed config each of the 3 services uses a 2-level policy. The parent level is merged into a single parent shaper, as you can see in the "show" command output that I have shared. Can you try with that kind of config?

Well, If I try your suggested configuration, still I have the same problem, because there is no any speed limitation over all of the parent services. We should push a limit over 3 parent services together so that they doesn't exceed 24 Mbps for each subscriber.

 

Any Idea?

Dear Alexandar,

 I'm still waiting for kindly response,

As I explained, I lose control over services if put them in a child policy.

In this case, I can't activate or deactivate the child, because actually they are parent and should be controlled in dynamic templates and AAA in the parent level, so they can not be moved to a child policy.

 

Best regards,

Arshin

hi Arshin, 

 

I was on PTO, hence the delay. The configuration you shared didn't follow what I suggested earlier because in your config I still see a single level QoS policy instead of a hierarchical two-level QoS policy. Can you try that again?

 

Aleksandar