QOS giving outbound priority to a port, is it possible with C850/IOS 12.3?

Answered Question
May 12th, 2008

I've got a realtime application that uses a particular port, say, 9000 for inbound and outbound UDP traffic. Since I have off-site users that can use up all my outbound bandwidth at times, when they do this, the realtime app suffers. I would love to give this port priority, so these packets go out first no matter what else is going on (I know I cannot control the order the packets arrive...). Unfortunately, I have little IOS experience. I can tweak Access lists and NAT settings, but I don't see how to do this QOS feature with my router. Is it even possible? I've been told it will support QOS, but I'm not so sure... If my current config would help, let me know and I will post it.

Thanks for any insights/direction you can provide.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
bbiales00 Tue, 05/13/2008 - 08:55

It appears to be an 857, here is the result of show version with the stuff about cryptographic export cut out...

#sh ver

Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.3(8)YI1, RE LEASE SOFTWARE (fc1)

Synched to technology version 12.3(10.3)T2

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2005 by Cisco Systems, Inc.

Compiled Fri 22-Apr-05 16:04 by ealyon

ROM: System Bootstrap, Version 12.3(8r)YI1, RELEASE SOFTWARE

ROM: Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.3(8)YI 1, RELEASE SOFTWARE (fc1)

r12 uptime is 28 weeks, 1 day, 1 hour, 24 minutes

System returned to ROM by power-on

System image file is "flash:c850-advsecurityk9-mz.123-8.YI1.bin"

Cisco 857 (MPC8272) processor (revision 0x100) with 59392K/6144K bytes of memory .

Processor board ID FHK092922S0

MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

4 FastEthernet interfaces

1 ATM interface

128K bytes of non-volatile configuration memory.

20480K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

I cannot tell from your posting if you can apply a QoS policy on your device.

Try to see if it's possible, in your configuration try creating a test policy:

access-list 101 permit udp any any eq 9000

class-map match-all pri-app

match access-group 101

policy-map mark-app

class pri-app

set dscp ef

interface ethernet or fa x/x

service-policy input mark-app

Once all the above is in, to see if it's working at the cli type:-

show policy-map interface e or fa x/x

You want to see something like:-

Class-map: pri-app (match-all)

5982400 packets, 368368823 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group 101

QoS Set

dscp EF

Packets marked 5982400

bbiales00 Tue, 05/20/2008 - 05:04

Well, it doesn't look so good... I went to configuration in terminal mode, and it didn't like the second line (class-map). So I guess I need a new router if I want QOS? Or did I have to turn on QOS before entering these commands?

Here is the output:

r12(config)#access-list 101 permit udp any any eq 1194

r12(config)#class-map mark-voip

^

% Invalid input detected at '^' marker.

just pulled this from a data sheet @:-

http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/prod_qas0900aecd8028a982.html

Q. What QoS features are supported on the Cisco 870 platforms?

A. The Cisco 870 Series supports advanced QoS features on the WAN interface to strictly prioritize different types of traffic, especially voice traffic. These advanced QoS features include Class-Based Weighted Fair Queuing (CBWFQ), Low Latency Queuing (LLQ), class-based marking, policing, Class-Based Weighted Random Early Detection (CBWRED), Network-Based Address Recognition (NBAR), QoS preclassify, prefragmentation, Resource Reservation Protocol (RSVP), Priority and Custom queuing, and LFI. Starting with Cisco IOS Software Releases 12.4(9)T2 and 12.4(11)T, DSCP and IP precedence marking are also supported on the LAN using the switched virtual interface (SVI).

Q. What QoS features are supported on the Cisco 850 platforms?

A. The Cisco 850 Series supports basic QoS features, such as weighted fair queuing (WFQ), policy-based routing (PBR), per-VC queuing, per-VC traffic shaping. NOTE: Cisco 850 does not support the advanced QoS features listed for voice.

In essence - you need another router :o(

bbiales00 Mon, 06/02/2008 - 06:27

Ok, then, I've got another router :-)

I've replaced the 857 with an 877, and your suggested commands are not quite working, but close. You have to bear with me, I know how to change NAT's and do some access-list stuff, but applying policy to interfaces is new to me. So here's what I've got...

I was able to enter a slightly modified version of what you suggested, here's how far I've gotten, I had to change your line:

set dscp ef

to

set precedence critical

So now in my config I have this class setup:

class-map match-all pri-app

match access-group 101

!

!

policy-map mark-app

class pri-app

set precedence 5

!

!

And of course I have the access-list 101 setup as:

access-list 101 permit udp any any eq 9000

Now I assume I have to turn this policy on at one or more interfaces, you said to enter:

interface ethernet or fa x/x

service policy mark-app

Give the following info, do I turn this on for interface Dialer1, or VLAN1? or all 4 FastEthernet interfaces? All of the above?

The interfaces I have are (from my config file):

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 0/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

no cdp enable

!

interface FastEthernet1

no cdp enable

!

interface FastEthernet2

no cdp enable

!

interface FastEthernet3

no cdp enable

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.55.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1400

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username myUserName password 0 myPasswrd

!

So do I enter:

interface Vlan 1

service policy mark-app

or

interface fa 0

service policy mark-app

interface fa 1

service policy mark-app

interface fa 2

service policy mark-app

interface fa 3

service policy mark-app

Please help me solve this last part of the puzzle :-)

Thanks a lot!

Brian,

You would place the policy map on the interface where you expect the application traffic to originate at layer 3? So the VLAN interface would be where I would place it, and place it in-bound - coming in from the LAN would be your best bet.

Are you sure you cannot set the marking as DSCP?? I have not configured a 8xx router so I do not know - can you post the output from a set ? in the class map?

bbiales00 Mon, 06/02/2008 - 08:45

Here it is:

r12(config-pmap-c)#set ?

atm-clp Set ATM CLP bit to 1

cos Set IEEE 802.1Q/ISL class of service/user priority

discard-class Discard behavior identifier

fr-de Set FR DE bit to 1

ip Set IP specific values

mpls Set MPLS specific values

precedence Set precedence in IP(v4) and IPv6 packets

qos-group Set QoS Group

bbiales00 Mon, 06/02/2008 - 12:22

Ok,

I tried set ip ?

and just get "set ip precedence"

But "set ip precedence ?" returns an error at the ?

I did the "show policy-map interface vlan1" and it showed zero packets.

So I changed my access-list to also include

"permit udp any eq 1194 any"

as well as " permit udp any any eq 1194",

and then the "show policy-map" showed some figures:

r12#show policy-map interface vlan1

Vlan1

Service-policy input: mark-app

Class-map: pri-app (match-all)

793 packets, 160831 bytes

5 minute offered rate 3000 bps, drop rate 0 bps

Match: access-group 101

QoS Set

precedence 5

Packets marked 793

Class-map: class-default (match-any)

66126 packets, 8997475 bytes

5 minute offered rate 5000 bps, drop rate 0 bps

Match: any

so it seems to be working!

Thanks again!

bbiales00 Mon, 06/02/2008 - 12:32

Oh... One more question though...

You said:

"Once you have applied the policy - and the traffic is being marked, then you can prioritise the traffic for the app!"

Does that mean I still have one more step? Or that this is now prioritizing the packets?

Thanks!

bbiales00 Tue, 06/03/2008 - 04:27

Well, once I've gotten the hang of this, there could well be other things to prioritize. For instance, I have a web page used for customers to download rather large files via HTTP / HTTPS. I'd actually like to drop the priority of these packets, so any outbound traffic required by other applications will always take precedence. This is easy traffic to recognize, as I know the source address and port for that app.

So how do I now put these marked packets in the high priority queue, then? I guess I figured that would happen automatically, since I marked them as "critical"...

Thanks again.

bbiales00 Tue, 06/03/2008 - 04:52

Well, to make this easier, I've attached a scrubbed version of my config. This is, in fact, also my ADSL router, the interface is called Dialer1. There is also a site-to-site VPN in the config, but I think we can ignore that for now. I've removed all the NAT's from the config (which are required to go through the site-to-site VPN...).

I believe our service is 6Mbs in to the router, and 768Kbs out to the internet.

Let me know what's next. Thanks.

Attachment: 

OK - I would try something like:-

!

class-map match-all pri-app

match access-group 101

!

!

policy-map mark-app

class pri-app

set precedence 5

class class-default

set precedence 0

!

policy-map App-QoS

class pri-app

priority xx - the number in kilo bits per second you want to assign the app in LLQ

class class-default

fair-queue

random-detect dscp-based

!

interface Dialer1

service-policy output App-QoS

There is an addition to the marking policy - to mark all other traffic = class default.

bbiales00 Tue, 06/03/2008 - 06:48

Ok, I'm almost there...

I now have:

class-map match-all pri-app

match access-group 101

!

!

policy-map App-QoS

class pri-app

priority 200

class class-default

fair-queue

policy-map mark-app

class pri-app

set precedence 5

class class-default

set precedence 0

I had to leave off the "random-detect dscp-based" because these are not available on my 877:

Here are the available commands:

r12(config)#policy-map App-QoS

r12(config-pmap)#class class-default

r12(config-pmap-c)#?

QoS policy-map class configuration commands:

bandwidth Bandwidth

compression Activate Compression

drop Drop all packets

exit Exit from QoS class action configuration mode

fair-queue Enable Flow-based Fair Queuing in this Class

netflow-sampler NetFlow action

no Negate or set default values of a command

police Police

priority Strict Scheduling Priority for this Class

queue-limit Queue Max Threshold for Tail Drop

service-policy Configure Flow Next

set Set QoS values

shape Traffic Shaping

And finally, I got an error setting this policy for the Dialer1 interface:

r12(config)#interface dialer1

r12(config-if)#service-policy output App-QoS

Must remove fair-queue configuration first.

Class Based Weighted Fair Queueing will be applied only to the Virtual-Access interfaces associated with an MLP bundle.

r12(config-if)#

I don't fully comprehend the error message. Should I just remove the fair-queue line? So default class packets will simply be FIFO?

Thanks again!

bbiales00 Tue, 06/03/2008 - 10:35

Well, I configured no fair-queue and then applied the QoS policy, but not all at once, and here is what it said at that time:

r12(config)#int dialer1

r12(config-if)#service-policy output App-QoS

I/f Virtual-Access1 class pri-app requested bandwidth 200 (kbps), available only 42 (kbps)

r12(config-if)#

I did a DSL Reports bandwidth test and it reported 4000+ receive speed and 600+ upload speed, so I don't understand why it thinks there is only 42kbs to reserve...

This QoS stuff is anything but simple, that is for sure!

So now, I see things are not setup properly, I don't think I ever "saved" that config. So I went back to config mode, entered the following, and my router dropped all its connections, and my telnet session was cancelled...

Here is what I tried:

r12(config)#interface dialer1

r12(config-if)#no fair-queue

r12(config-if)#service-policy output App-QoS

Anyway, when I reconnect, and look at the config, the dialer1 interface has no fair-queue but no policy-map either. So I typed "write mem" and looked again, and the fair-queue is back, here is what Dialer1 looks like...

Still no service policy defined :-(

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

fair-queue 64 16 256

no cdp enable

ppp authentication pap callin

ppp pap sent-username MyUserName password 0 MyPW

crypto map r12vpn

bbiales00 Wed, 06/04/2008 - 06:18

Odd. I could not add to interface atm0.1 I did not write down the error, but it said it could not be put on a subinterface. So I put it on the ATM interface, but while it is there, some counts at the bottom of this report make me think nothing is matching...

Well, here are a couple reports, maybe it is working... What do you think?

r12#sh policy-map int atm0

ATM0

Service-policy output: App-QoS

Class-map: pri-app (match-all)

22365 packets, 6707964 bytes

5 minute offered rate 22000 bps, drop rate 0 bps

Match: access-group 101

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 200 (kbps) Burst 5000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

251771 packets, 62042165 bytes

5 minute offered rate 170000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 3/0/0

r12#sh policy-map int atm0

ATM0

Service-policy output: App-QoS

Class-map: pri-app (match-all)

22712 packets, 6840907 bytes

5 minute offered rate 26000 bps, drop rate 0 bps

Match: access-group 101

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 200 (kbps) Burst 5000 (Bytes)

(pkts matched/bytes matched) 0/0

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

251873 packets, 62084585 bytes

5 minute offered rate 162000 bps, drop rate 0 bps

Match: any

Queueing

Flow Based Fair Queueing

Maximum Number of Hashed Queues 256

(total queued/total drops/no-buffer drops) 3/0/0

r12#

Actions

This Discussion