cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
319
Views
0
Helpful
5
Replies

Will VoIP packets going thru this 6500 interface be prioritized?

jkeeffe
Level 2
Level 2

The 6509 is our access-layer switch and we have Avaya IP phones plugged into each port and a PC plugged into the phone. Usually I have 'mls qos trust dscp' on each port because the IP phone marks the DSCP values and we of course want to trust those.

Also the entire voice world, IP phones, gateways, PBXes etc, are on a seperate network space from the data network like this:

Data = 163.44.0.0

VoIP = 172.23.0.0

Here is a typical port config for the above scenario which works just fine:

mls qos

interface GigabitEthernet1/1

switchport

switchport access vlan 321

switchport mode access

switchport voice vlan 910

no ip address

mls qos trust dscp

spanning-tree portfast

interface Vlan321

ip address 163.x.x.129 255.255.255.128

ip helper-address 163.44.xx.xx

end

interface Vlan910

ip address 172.x.x.129 255.255.255.128

ip helper-address 163.44.xx.xx

end

Now I decided to create a couple of ACLs, one to trust DSCP values of any traffic on the VoIP network, and the other to set all packets coming from the PC to DSCP=0. This is to insure that some smart PC user can't change his DSCP values.

Here is the new config:

mls qos

class-map match-all Trust_phone_DSCP

match access-group 171

class-map match-any Mark_PC_traffic_to_0

match access-group 161

!

!

policy-map Mark_PC_traffic_DSCP=0

class Mark_PC_traffic_to_0

set dscp default

policy-map Trust_phone_DSCP

class Trust_phone_DSCP

trust dscp

interface GigabitEthernet1/1

switchport

switchport access vlan 321

switchport mode access

switchport voice vlan 910

no ip address

mls qos vlan-based

spanning-tree portfast

interface Vlan321

ip address 164.x.x.129 255.255.255.128

ip helper-address 163.44.xx.xx

service-policy input Mark_PC_traffic_DSCP=0

interface Vlan910

ip address 172.x.x.129 255.255.255.128

ip helper-address 163.44.xx.xx

service-policy input Trust_phone_DSCP

end

access-list 161 remark Mark all 164.72.0.0 PC traffic to DSCP=0

access-list 161 permit ip 163.44.0.0 0.0.255.255 any

access-list 171 remark Trust all 172.26.0.0 phone traffic DSCP

access-list 171 permit ip 172.23.0.0 0.0.255.255 any

Now that I have 'mls qos vlan-base' on the interface, the 'sh queueing int g1/1' shows the interface as 'Port QoS enabled' and 'Port is untrusted'.

So after all that, will VoIP packets that traverse int g1/1 be trusted because of the vlan-based service policy and therefore will be effected by the QoS queuing of the port, or will the port config over-ride the vlan-based stuff, resulting in DSCP values being reset to '0' and therefore no QoS will take effect during congestion of the port?

5 Replies 5

paolo bevilacqua
Hall of Fame
Hall of Fame

Hi,

May be this is not what you expect to hear:

You don't even need to bother, it's gigabit - no congestion is possible.

Edit: really I'm not saying that to minimize your efforts in learning how things work and what is the better configuration. It is just that QoS in LAn switching is largely overplayed and in my personal experince I have never seen any production network, even ISP ones experience congestion severe enough to impact VoIP on gigabit interfaces.

I understand your point and agree with it in principle. But these ports will actually be turned to 100mb - not gig - and I just need to set up the case where voice will NEVER be choked out even if a user is doing a huge file transfer. Unix systems can transfer at wire rate and saturate a 100mb link, and many of our users are Unix users - the Windows users I don't much worry about.

Plus the idea of smart users changing their packet markings gals me and I want to insure they can't ride the priority queues throughout our network.

So in theory how does the 6500 platform handle qos trust and service policies? Does the port config or the vlan config take precident?

Thanks for your comments.

Thanks for explaining your very reasonable concerns. Too bad I don't really know the answer to your question. Good luck!

clotheyes
Level 1
Level 1

I suggest you have a read of this http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008014a29f.shtml

This appears to answer your question. Have you also considered marking the voice packets yourself, this would ensure you get the marking of packets that you desire.

dford333
Level 1
Level 1

QOS is per hop based !

so depending on your network toplogy from you trusted switch to you core you want to TRUST your QOS setting but untrust any thing coming from user and maybe ISP depending since the internet is best effort anyway. Since your 6500 is your access layer, then your configs

you have set up engress QOS (internel to external) your Gigibit ethernet is you ingress back into you network which needs to have QOS settings coming back into your network

but since you have gigabit ethernet, unless someone pushs the limit you should be okay

since your using Gigabit ethernet on 6500 which is great, also you may want to provide fair queuing for all other traffic that is non prioritized

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: