04-09-2008 05:03 PM - edited 03-05-2019 10:18 PM
OK i am trying to setup LLQ on my 2621, so i have priority on the internet (web traffic).. My net diagram is as follows.....
CABLE Model........(fa0/0)-2621-(fa0/1)---switch
Here is what i run into...
i cannot set QOS on FA0/0 for a few reasons. #1 it is connected to the cable modem at 100Mbps, so it is hardly going to drop packets. The 2621 is Nating, so i cannot apply an ACL that will match, as the incoming and outgoing IPs will not be local IPs.
If i apply my service-policy to the fa0/1 int i again run into the problem that traffic will not be dropped there. How on earth can i get around these obsticles, or am i looking at this wrong?
Config as follows...
!
class-map match-all MIKEQOS
match access-group 102
!
!
policy-map LLQ
class MIKEQOS
priority 8000
class class-default
fair-queue
!
interface FastEthernet0/0
description <<Connection to Comcast>>
bandwidth 12000
ip address dhcp
ip nat outside
service-policy output LLQ
no ip mroute-cache
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface FastEthernet0/1
description <<DHCP for House>>
bandwidth 12000
ip address 192.168.1.2 255.255.255.0
ip directed-broadcast
ip nat inside
service-policy output LLQ
no ip mroute-cache
duplex auto
speed auto
!
...
!
access-list 102 permit ip host 192.168.1.200 any
access-list 102 permit ip any host 192.168.1.200
Thoughts?
04-09-2008 05:15 PM
You shouldn't need an outbound policy on your inside interface, fe0/1.
As to outbound, the normal solution, if supported on your platform, is a hierarchal policy.
e.g. (pseudo code)
policy-map ComcastUplink
class class-default
shape average 128kbs (your uplink speed here)
policy LLQ
interface FastEthernet0/0
service-policy output ComcastUplink
04-10-2008 02:44 AM
well see the thing is that when i apply the LLQ policy onto fa0/0 and i do a show access-lists... ACL102 never gets any matches. I believe that is because of NAT. Which is part of my dilemma. I cant match the packets so how can i QOS them
04-10-2008 02:59 AM
What are you Natting the packets to and have you tried added the Natted address(es) to access-list 102 ?
Jon
04-10-2008 03:49 AM
Sorry, overlooked that!
What you might try is using an inbound service policy on the inside interface to mark your priority packets using an ACL like 102. Then amend your outside interface's outbound policy to match on the marked packets for your LLQ traffic.
e.g. (pseudo code)
policy-map LLQmarker
class MIKEQOS
set dscp cs1 (mark as you choose)
class-map MIKELLQ
match dscp cs1
policy-map LLQ
class MIKELLQ
priority 8000
class class-default
fair-queue
interface FastEthernet0/0
service-policy input LLQmarker
04-10-2008 08:48 AM
if i do this the problem will arise that the fa0/0 is not dropping packets because it is not the weakest link. The cable modem is and i cannot QOS that. I see where you are going with marking it so i can match the traffic, but fa0/0 connected at 100Mbps will not drop packets if it doesnt get congested. The cable modem will be dropping.
04-10-2008 10:00 AM
Sorry, my last post probably wasn't clear. The example showed what needed to be changed, i.e. it assumed shaper would still be present on fa0/0 as shown in my first post. Set the shaper bandwidth to correspond with your upstream cable bandwidth.
04-10-2008 10:02 AM
ahh okey i got you. I will check it out today when i get home and hope for the best.
04-10-2008 10:06 AM
Hi Michael,
You are using congestion management QOS so if the interface is not congested then the qos does nothing.
We have to know what is exactly bandwidth you've got from ISP. 12 Mbps,right?
Thing is you try to use llq as well as natting. Nat has been done before QOS so referencing the IP address in ACL is meaningless.
I would do as follows:
- Mark the packets you want first at the inbound interface.
- Use marked packets to do qos.
- Shape all packets to the limited bandwidth .
- Apply the child qos with qos you want
##################################
access-list 100 permit ip host 192.168.1.200 any
class-map match-any Mark-192-168-1-200
match ip address 100
policy-map Mark-It-cs5
class Mark-192-168-1-200
set dscp cs5
interface FastEthernet0/1
service-policy input Mark-It-cs5
Hopes marking will work. ;-)
#################################
class-map Match-Cs5
match dscp cs5
policy-map LLQ-You-Want
class Match-Cs5
priority 8000
class class-default
fair-queue
####Shaping must be deployed.
policy-map Shape12000
class class-default
shape average 12000000
service-policy LLQ-You-Want
interface FastEthernet0/0
service-policy output Shape12000
##################################
Hopes I did something helps
Thot
04-10-2008 02:29 PM
If i do a show policy-map on fa0/1 it is matching packets......
If i lower the shape average REALLY low ALL traffic gets slow. I am thinking that my packets after the NAT are not retaining the EF value?. i am to tired to play anymore. Will tackel again later. Hopefully i missed something ha.
if i do it on fa0/0
QOS#show policy-map int fa0/0
FastEthernet0/0
Service-policy output: SHAPE
Class-map: class-default (match-any)
390339 packets, 179921330 bytes
5 minute offered rate 391000 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
16000000/16000000 100000 400000 400000 25 50000
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 85568 31546771 4425 596078 no
Service-policy : LLQ
Class-map: MATCH_EF (match-all)
48196 packets, 2635219 bytes
5 minute offered rate 24000 bps, drop rate 0 bps
Match: dscp ef
Queueing
Strict Priority
Output Queue: Conversation 24
Bandwidth 16000 (kbps) Burst 400000 (Bytes)
(pkts matched/bytes matched) 60/8233
(total drops/bytes drops) 6/3849
Class-map: class-default (match-any)
35873 packets, 28824695 bytes
5 minute offered rate 358000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 16
(total queued/total drops/no-buffer drops) 0/139/0
class-map match-all MATCH_EF
match dscp ef
class-map match-all MIKEQOS
match access-group 102
!
!
policy-map MARK
class MIKEQOS
set dscp ef
policy-map LLQ
class MATCH_EF
priority 16000
class class-default
fair-queue
policy-map SHAPE
class class-default
shape average 16000000
service-policy LLQ
interface FastEthernet0/0
description <
ip address dhcp
ip nat outside
service-policy output SHAPE
no ip mroute-cache
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface FastEthernet0/1
description <
bandwidth 18000
ip address 192.168.1.2 255.255.255.0
ip directed-broadcast
ip nat inside
service-policy input MARK
no ip mroute-cache
duplex auto
speed auto
04-10-2008 05:25 PM
i got it :) I will have to do some tweaking but here it is... I now have QOS priority over my roommates. I tested by saturating the upload with torrent traffic and then testing my PC with speed tests, download files, and web traffic. All zip along like nothing is going on. Thanks for all your help.... Config with some tweaking left.
class-map match-all MATCH_EF
match dscp ef
class-map match-all MIKEQOS
match access-group 102
!
!
policy-map MARK
class MIKEQOS
set dscp ef
policy-map LLQ
class MATCH_EF
priority 16000
class class-default
fair-queue
policy-map SHAPE
class class-default
shape average 16000000
service-policy LLQ
policy-map SHAPE2
class MATCH_EF
shape average 2000000
!
!
!
interface FastEthernet0/0
description <
ip address dhcp
ip nat outside
service-policy output SHAPE2
no ip mroute-cache
duplex auto
speed auto
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface FastEthernet0/1
description <
bandwidth 18000
ip address 192.168.1.2 255.255.255.0
ip directed-broadcast
ip nat inside
service-policy input MARK
no ip mroute-cache
duplex auto
speed auto
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: