QOS help required

Unanswered Question
May 28th, 2008

i want to implement LLQ for my users. I want that when specific user try to access specific subnets it gets

only 8 KBps. I have cisco router 2821 with two FE ports.

I have made the following configuration but still not able to restrict the user to 8 KBps, user when try to download

from remote computer, no policing and LLQ comes in action.

below mention is configuration that I made on router.

Building configuration...

Current configuration : 1307 bytes

!class-map match-all testclass

match access-group 150

!

!

policy-map testpolicy

class testclass

police cir 8000 bc 1000 be 1000

conform-action transmit

exceed-action drop

violate-action drop

!

!

!

!

!

!

interface FastEthernet0/0

ip address 10.1.3.1 255.255.255.0

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

service-policy input testpolicy

!

interface FastEthernet0/1

ip address 10.1.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.3.2

!

!

ip http server

no ip http secure-server

ip nat inside source list 100 interface FastEthernet0/0 overload

!

access-list 100 permit ip any any

access-list 150 permit ip host 10.1.4.3 any

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end

Router-C#

Router-C#wr me

Building configuration...

[OK]

Router-C#show int

Router-C#show poli

Router-C#show policy-map inte

Router-C#show policy-map interface fas

Router-C#show policy-map interface fastEthernet 0/0

FastEthernet0/0

Service-policy input: testpolicy

Class-map: testclass (match-all)

14 packets, 1605 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: access-group 150

police:

cir 8000 bps, bc 1000 bytes, be 1000 bytes

conformed 1 packets, 243 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

violated 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)

315852 packets, 461648032 bytes

30 second offered rate 2000 bps, drop rate 0 bps

Match: any

Router-C#show int

Router-C#show interfaces fas

Router-C#show interfaces fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

Hardware is MV96340 Ethernet, address is 001d.a16c.9b70 (bia 001d.a16c.9b70)

Internet address is 10.1.3.1/24

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:27, output 00:00:03, output hang never

Last clearing of "show interface" counters 00:16:00

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

30 second input rate 0 bits/sec, 0 packets/sec

30 second output rate 0 bits/sec, 0 packets/sec

315916 packets input, 461657577 bytes

Received 461 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

167296 packets output, 11153399 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Edison Ortiz Wed, 05/28/2008 - 13:24

You have a NAT configuration that is translating every IP device transiting F0/1 to 10.1.3.1 IP Address.

You have the class-map pointing to ACL 150 and the source IP is of the host 10.1.4.3

Are you sure you are matching the host 10.1.4.3 in order to execute the input policy?

__

Edison.

wasiimcisco Wed, 05/28/2008 - 14:17

Thanks for the reply, I wil change it in the morning and then let u know the effect, one thing more please tell me i m using ethernet interface and ethernet has bandwidth 100 Mbps,

is there any need to change the bandwidth to actual bandwidth like 2 MB, 3 MB that i will get from my service provider.

bcz router will assign bandwidth by seeing the interface actual bandwidth.?????? am i right or

Edison Ortiz Wed, 05/28/2008 - 15:52

one thing more please tell me i m using ethernet interface and ethernet has bandwidth 100 Mbps,

is there any need to change the bandwidth to actual bandwidth like 2 MB, 3 MB that i will get from my service provider.

No. The bandwidth statement is useful for QoS and Dynamic Routing Protocols.

With QoS, is implemented when using the 'percentage' option instead of the whole number.

For instance, priority percent 90 instead of priority 90000

With Dynamic Routing Protocols, is used to calculate the best metric.

In short, it does not affect the speed of the circuit.

__

Edison.

jim_berlow Wed, 05/28/2008 - 14:04

It doesn't look like you are correctly matching the traffic on your policy map due to NAT. Since you are trying to affect downloads and key on the ip address, you might be able to apply the policy map on the inside interface and police the traffic that way (you'd have to adjust your acl 150 accordingly).

HTH,

Jim

thotsaphon Thu, 05/29/2008 - 02:15

Hi wasim,

- Nat has been done before queuing method.So it does not make any sense if we still use the source ip address to classify packets to be used by QOS

- To trigger QOS(Congestion management) when you use the fastethernet interface connecting to ISP. I should use shaping method and child-policy.

You want to apply qos to 10.1.4.3. I would mark this host first. I should do as follows:

!

class-map match-all match10-1-4-3

match access-group name only10-1-4-3

!

!

policy-map mark10-1-4-3

class match10-1-4-3

set ip dscp af31

!

!

ip access-list extended only10-1-4-1

permit ip host 10.1.4.1 any

!

!

interface FastEthernet0/0

service-policy input mark10-1-4-3

!

Now marking should work.Then I would shape all traffics to confine link's bandwidth that ISP has provided. Let's say 2M. When packets are sent to shaping queue then LLQ should be applied.

!

class-map match-all matchaf31

match dscp af31

policy-map LLQ-10-1-4-3

class match af31

priority 8000

class class-default

fair-queue

random-detect

policy-map Shape2M

class class-default

shape average 2000000

service-policy output LLQ-10-1-4-3

interface FastEthernet0/0

service-policy output Shape2M

Hopes this helps

Thot

wasiimcisco Thu, 05/29/2008 - 05:24

I modify the access list and direction of service policy now i m able to do the police and it is working fine. But one problem arise, i want to configure LLQ on same setup so that one user get fix amount of bandwidth but still not able to configure it see the belwo mention configuration for LLQ

I want to configure LLQ on my Router which has 2 FE interface.

I want only specific application always gets min 74990 Bandwidth in either case. and one user get 8 kbps.

I configure the router with below mention command but still not able to get the desired result.

both users are able to get bandwidth in MB and no LLQ is working.

version 12.4

!

!

class-map match-all testclass2

match access-group 160

class-map match-all testclass

match access-group 150

!

!

policy-map testpolicy

class testclass

priority 8

class testclass2

priority 74990

!

!

interface FastEthernet0/0

bandwidth 8000

ip address 10.1.3.1 255.255.255.0

ip nat outside

ip virtual-reassembly

load-interval 30

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.1.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.3.2

!

ip nat inside source list 100 interface FastEthernet0/0 overload

!

access-list 150 permit ip host 10.1.4.3 any

access-list 160 permit ip host 10.1.4.5 any

Router-C#show policy-map interface fastEthernet 0/0

FastEthernet0/0

Service-policy output: testpolicy

Class-map: testclass (match-all)

91678 packets, 5680284 bytes

30 second offered rate 698000 bps, drop rate 0 bps

Match: access-group 150

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 8 (kbps) Burst 200 (Bytes)

(pkts matched/bytes matched) 9/612

(total drops/bytes drops) 0/0

Class-map: testclass2 (match-all)

144133 packets, 8696430 bytes

30 second offered rate 898000 bps, drop rate 0 bps

Match: access-group 160

Queueing

Strict Priority

Output Queue: Conversation 264

Bandwidth 5990 (kbps) Burst 149750 (Bytes)

(pkts matched/bytes matched) 22/1251

(total drops/bytes drops) 0/0

Class-map: class-default (match-any)

27 packets, 2235 bytes

30 second offered rate 0 bps, drop rate 0 bps

Actions

This Discussion