cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
10
Replies

QOS 2621

mikegrous
Level 3
Level 3

OK i am trying to setup LLQ on my 2621, so i have priority on the internet (web traffic).. My net diagram is as follows.....

CABLE Model........(fa0/0)-2621-(fa0/1)---switch

Here is what i run into...

i cannot set QOS on FA0/0 for a few reasons. #1 it is connected to the cable modem at 100Mbps, so it is hardly going to drop packets. The 2621 is Nating, so i cannot apply an ACL that will match, as the incoming and outgoing IPs will not be local IPs.

If i apply my service-policy to the fa0/1 int i again run into the problem that traffic will not be dropped there. How on earth can i get around these obsticles, or am i looking at this wrong?

Config as follows...

!

class-map match-all MIKEQOS

match access-group 102

!

!

policy-map LLQ

class MIKEQOS

priority 8000

class class-default

fair-queue

!

interface FastEthernet0/0

description <<Connection to Comcast>>

bandwidth 12000

ip address dhcp

ip nat outside

service-policy output LLQ

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

no ip address

no ip mroute-cache

shutdown

!

interface FastEthernet0/1

description <<DHCP for House>>

bandwidth 12000

ip address 192.168.1.2 255.255.255.0

ip directed-broadcast

ip nat inside

service-policy output LLQ

no ip mroute-cache

duplex auto

speed auto

!

...

!

access-list 102 permit ip host 192.168.1.200 any

access-list 102 permit ip any host 192.168.1.200

Thoughts?

10 Replies 10

Joseph W. Doherty
Hall of Fame
Hall of Fame

You shouldn't need an outbound policy on your inside interface, fe0/1.

As to outbound, the normal solution, if supported on your platform, is a hierarchal policy.

e.g. (pseudo code)

policy-map ComcastUplink

class class-default

shape average 128kbs (your uplink speed here)

policy LLQ

interface FastEthernet0/0

service-policy output ComcastUplink

well see the thing is that when i apply the LLQ policy onto fa0/0 and i do a show access-lists... ACL102 never gets any matches. I believe that is because of NAT. Which is part of my dilemma. I cant match the packets so how can i QOS them

What are you Natting the packets to and have you tried added the Natted address(es) to access-list 102 ?

Jon

Sorry, overlooked that!

What you might try is using an inbound service policy on the inside interface to mark your priority packets using an ACL like 102. Then amend your outside interface's outbound policy to match on the marked packets for your LLQ traffic.

e.g. (pseudo code)

policy-map LLQmarker

class MIKEQOS

set dscp cs1 (mark as you choose)

class-map MIKELLQ

match dscp cs1

policy-map LLQ

class MIKELLQ

priority 8000

class class-default

fair-queue

interface FastEthernet0/0

service-policy input LLQmarker

if i do this the problem will arise that the fa0/0 is not dropping packets because it is not the weakest link. The cable modem is and i cannot QOS that. I see where you are going with marking it so i can match the traffic, but fa0/0 connected at 100Mbps will not drop packets if it doesnt get congested. The cable modem will be dropping.

Sorry, my last post probably wasn't clear. The example showed what needed to be changed, i.e. it assumed shaper would still be present on fa0/0 as shown in my first post. Set the shaper bandwidth to correspond with your upstream cable bandwidth.

ahh okey i got you. I will check it out today when i get home and hope for the best.

Hi Michael,

You are using congestion management QOS so if the interface is not congested then the qos does nothing.

We have to know what is exactly bandwidth you've got from ISP. 12 Mbps,right?

Thing is you try to use llq as well as natting. Nat has been done before QOS so referencing the IP address in ACL is meaningless.

I would do as follows:

- Mark the packets you want first at the inbound interface.

- Use marked packets to do qos.

- Shape all packets to the limited bandwidth .

- Apply the child qos with qos you want

##################################

access-list 100 permit ip host 192.168.1.200 any

class-map match-any Mark-192-168-1-200

match ip address 100

policy-map Mark-It-cs5

class Mark-192-168-1-200

set dscp cs5

interface FastEthernet0/1

service-policy input Mark-It-cs5

Hopes marking will work. ;-)

#################################

class-map Match-Cs5

match dscp cs5

policy-map LLQ-You-Want

class Match-Cs5

priority 8000

class class-default

fair-queue

####Shaping must be deployed.

policy-map Shape12000

class class-default

shape average 12000000

service-policy LLQ-You-Want

interface FastEthernet0/0

service-policy output Shape12000

##################################

Hopes I did something helps

Thot

If i do a show policy-map on fa0/1 it is matching packets......

If i lower the shape average REALLY low ALL traffic gets slow. I am thinking that my packets after the NAT are not retaining the EF value?. i am to tired to play anymore. Will tackel again later. Hopefully i missed something ha.

if i do it on fa0/0

QOS#show policy-map int fa0/0

FastEthernet0/0

Service-policy output: SHAPE

Class-map: class-default (match-any)

390339 packets, 179921330 bytes

5 minute offered rate 391000 bps, drop rate 0 bps

Match: any

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

16000000/16000000 100000 400000 400000 25 50000

Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 85568 31546771 4425 596078 no

Service-policy : LLQ

Class-map: MATCH_EF (match-all)

48196 packets, 2635219 bytes

5 minute offered rate 24000 bps, drop rate 0 bps

Match: dscp ef

Queueing

Strict Priority

Output Queue: Conversation 24

Bandwidth 16000 (kbps) Burst 400000 (Bytes)

(pkts matched/bytes matched) 60/8233

(total drops/bytes drops) 6/3849

Class-map: class-default (match-any)

35873 packets, 28824695 bytes

5 minute offered rate 358000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 16

(total queued/total drops/no-buffer drops) 0/139/0

class-map match-all MATCH_EF

match dscp ef

class-map match-all MIKEQOS

match access-group 102

!

!

policy-map MARK

class MIKEQOS

set dscp ef

policy-map LLQ

class MATCH_EF

priority 16000

class class-default

fair-queue

policy-map SHAPE

class class-default

shape average 16000000

service-policy LLQ

interface FastEthernet0/0

description <>

ip address dhcp

ip nat outside

service-policy output SHAPE

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

no ip address

no ip mroute-cache

shutdown

!

interface FastEthernet0/1

description <>

bandwidth 18000

ip address 192.168.1.2 255.255.255.0

ip directed-broadcast

ip nat inside

service-policy input MARK

no ip mroute-cache

duplex auto

speed auto

i got it :) I will have to do some tweaking but here it is... I now have QOS priority over my roommates. I tested by saturating the upload with torrent traffic and then testing my PC with speed tests, download files, and web traffic. All zip along like nothing is going on. Thanks for all your help.... Config with some tweaking left.

class-map match-all MATCH_EF

match dscp ef

class-map match-all MIKEQOS

match access-group 102

!

!

policy-map MARK

class MIKEQOS

set dscp ef

policy-map LLQ

class MATCH_EF

priority 16000

class class-default

fair-queue

policy-map SHAPE

class class-default

shape average 16000000

service-policy LLQ

policy-map SHAPE2

class MATCH_EF

shape average 2000000

!

!

!

interface FastEthernet0/0

description <>

ip address dhcp

ip nat outside

service-policy output SHAPE2

no ip mroute-cache

duplex auto

speed auto

!

interface Serial0/0

no ip address

no ip mroute-cache

shutdown

!

interface FastEthernet0/1

description <>

bandwidth 18000

ip address 192.168.1.2 255.255.255.0

ip directed-broadcast

ip nat inside

service-policy input MARK

no ip mroute-cache

duplex auto

speed auto

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco