03-02-2008 11:50 AM - edited 03-15-2019 09:10 AM
Hi,
I have a CallManager 5.x connected to a 3750 stack with auto-qos enabled. Also off that stack, on another VLAN, I have my router connecting across the WAN. However, my service-policy on the router serial interface indicates that no control packets marked with eitehr COS3 or AF31 are coming in. "Show mls qos interface stat" on the 3750 shows packets coming in from CM marked with AF24 (CS3), however, the output of the 3750 port towards the router doesn't indicate packets with those same markings being transmitted towards the router. It appears as though the 3750 stack is re-writing the DSCP values for call-control. I have not done any QoS config on the 3750 interface VLANS. Does anyone have any idea? Please see the attached notepad for better illustrative purposes. THANKS!
03-07-2008 08:51 AM
DiffServ is one of two QoS architectures for IP networks defined by the IETF. In this model, packets entering a DiffServ-enabled network are grouped into a small number of classes. For example, VoIP packets can be grouped into the premium class, while e-commerce HTTP packets are grouped into the gold class, and so on. Furthermore, each class has a color or mark associated with it. This makes packet classification extremely scalable and assures appropriate bandwidth and delay guarantees in the network core. Thus, when they enter the network, packets are marked based on classification policies at the network boundary nodes. The boundary nodes also apply traffic conditioning functions to control the amount of traffic entering the network. Traffic conditioning includes shaping (smoothing the rate at which packets are sent into the network) and policing (dropping packets that are in excess of a subscribed-to rate; or re-coloring the ones exceeding the rate, so that the probability of dropping them increases when there is congestion in the core). Each node within the network then applies different queuing and dropping policies on every packet based on the marking that packet carries.
03-10-2008 12:25 PM
Typically for both CallManager and Routers, you will want to trust DSCP rather than COS. The outgoing queue indicates that all of your traffic is being marked as COS 0 for that port as it is put on the wire.
A few things:
1) If you are going to stick with AutoQOS, try trusting DSCP on the CallManager and Router ports using mls qos trust dscp.
2) Use a service policy to map traffic:
class-map match-all VOICE
match access-group name RTP
class-map match-any SIGNALING
match access-group name SIGNALING
class-map match-any ROUTING
match ip dscp cs6
policy-map Mark-DSCP
class ROUTING
set dscp cs6
class VOICE
set dscp ef
class SIGNALING
set dscp cs3
class class-default
set dscp default
ip access-list extended RTP
permit udp any any range 16383 32767
ip access-list extended SIGNALING
remark *** H245 ***
permit tcp any any range 11000 11999
permit tcp any range 11000 11999 any
remark *** H323 ***
permit udp any any range 1718 1719
permit tcp any range 1718 1719 any
permit tcp any any range 1720 1721
permit tcp any range 1720 1721 any
remark *** MGCP ***
permit udp any any eq 2427
permit udp any eq 2427 any
permit tcp any any eq 2428
permit tcp any eq 2428 any
permit udp any any eq 2727
permit udp any eq 2727 any
remark *** SCCP ***
permit tcp any any range 2000 2002
permit tcp any range 2000 2002 any
remark *** SIP ***
permit udp any any eq 5060
permit udp any eq 5060 any
permit tcp any any eq 5060
permit tcp any eq 5060 any
remark *** UCCX ***
permit tcp any any eq 2748
permit tcp any eq 2748 any
permit tcp any any eq 42027
permit tcp any eq 42027 any
remark *** RTSP ***
permit tcp any any eq 554
permit tcp any eq 554 any
permit udp any any eq 554
permit udp any eq 554 any
permit tcp any any eq 7070
permit tcp any eq 7070 any
permit udp any any eq 7070
permit udp any eq 7070 any
interface GigabitEthernet1/0/14
service policy input Mark-DSCP
interface GigabitEthernet1/0/23
service policy input Mark-DSCP
Hope this helps.
Matt
03-12-2008 11:47 AM
Thanks! I like #1. I'll give that a whirl. Very detailed listing on #2- I'll keep this for my records.
Thanks!
03-12-2008 01:15 PM
The above recommendation to trust DSCP is a good one. Enabling mls qos in a switch also means that ports are NOT trusted unless specifically configured to do so. Not being trusted means the switch rewrites everything to 0 that is not trusted.
Also, just as an FYI --
DSCP is in the Layer 3 IP header, so it will go end-end.
COS is in the layer 2 VLAN header and only seen where packets trunked.
Trust DSCP per the QOS SRND( solution reference network design ).
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf
Here is a list of all the design guides.
http://www.cisco.com/en/US/netsol/ns656/networking_solutions_design_guidances_list.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide