3560 QoS

Answered Question


I have the following problem.

I have two 3560E switches connected to each other through a 6M leased line.

I want to set up Qos which considers that 6M is the leased line speed.

What I thought is:

apply srr-queue bandwidth limit 10 on the egress interface which limits the bandwidth to 10M since I cannot make it lower than 10 percent.

I have 3 classes mapped to 3 queues.

After I configure shaped and share queues on the egress and dedicating 4M for the queue 1 (which I don't use in fact) leaving 6M shared for the other 3.

Is it a good approach or if there is no traffic sent to queue 1 the other 3 will utilize the bandwidth dedicated for that shaped queue.

The config would look like this

interface g0/4

service-policy output policy-out

speed 100

duplex full

srr-queue bandwidth limit 10

srr-queue bandwidth shape 3 0 0 0

srr-queue bandwidth share 1 165 65 25

My assumption is the result of the above is

queue 1: 4M

queue 2: ~65% of 10-4

queue 3: ~25% of 10-4

queue 4: ~10% of 10-4

Is that correct?



I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 6 days ago


Apologies for misunderstanding, my mistake.

The answer is yes as far as i know. The one queue in shaped mode is rate limited and cannot use any of the other queue's bandwidth. Equally the other 3 queues can share each other's bandwidth but not that of the shaped queue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Jon Marshall Wed, 12/03/2008 - 06:34


This won't work as you want because when SRR is used on shared mode any bandwidth that is not in use can be used by another of the queues. From the 3560 QOS configuration doc


In shaped mode, the egress queues are guaranteed a percentage of the bandwidth, and they are rate-limited to that amount. Shaped traffic does not use more than the allocated bandwidth even if the link is idle. Shaping provides a more even flow of traffic over time and reduces the peaks and valleys of bursty traffic. With shaping, the absolute value of each weight is used to compute the bandwidth available for the queues.

In shared mode, the queues share the bandwidth among them according to the configured weights. The bandwidth is guaranteed at this level but not limited to it. For example, if a queue is empty and no longer requires a share of the link, the remaining queues can expand into the unused bandwidth and share it among them. With sharing, the ratio of the weights controls the frequency of dequeuing; the absolute values are meaningless. Shaping and sharing is configured per interface. Each interface can be uniquely configured.


Full link - http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_44_se/configuration/guide/swqos.html

So if you want to restrict each queue to it's limit you need to use SRR shaped mode. Details for that configuration is in the above doc.



Yes I know that in share mode the queues can utilize the other's (also in shared mode) if the other queue is empty, but the question is if you have one queue in shaped mode and the other 3 are in shared mode can those utilize the shaped mode's queue if that is empty or?

If my assumption is not correct is there any other solution to achieve this?



Correct Answer
Jon Marshall Wed, 12/03/2008 - 07:18


Apologies for misunderstanding, my mistake.

The answer is yes as far as i know. The one queue in shaped mode is rate limited and cannot use any of the other queue's bandwidth. Equally the other 3 queues can share each other's bandwidth but not that of the shaped queue.


andrew.butterworth Wed, 12/03/2008 - 07:32

Hi Kriztian,

One other thing you mention is the command

'service-policy output policy-out'

This isn't possible on the 3560 since it only supports ingress policers. On egress you only have the option of queuing.



andrew.butterworth Wed, 12/03/2008 - 07:57

Yes, once the packet is marked by an igress policy it will travel through the fabric with the same marking and when it reaches the egress port for transmission it will be handled by the queue that the DSCP value maps to. What you can't do is strictly police traffic at the egress interface with a service policy, which you obviously can with a software-based IOS router.

If you want this ability then some of the Metro switches can do it - ME3400.



Joseph W. Doherty Wed, 12/03/2008 - 07:47


If you can work with a 10/100/1000 port, if you can hard configure the port to run at 10 Mbps, you may then be able to adjust speed closer to 6 Mbps.

Joseph W. Doherty Thu, 12/04/2008 - 05:24

Well that's annoying.

Although a little off-track, you might consider placing a small WAN router between the 3560-E and the WAN Ethernet handoff. Much more featured for traffic management than the L3 switch. Also allows some additional WAN feature module options especially with the 2800 series that provides a NM slot.


The other problem is that this 6M may be increased so then I would need a big router such as 3800 if I want to handle higher speed.

This problem reminds me to other posts where the QoS capability of the L3 switches was compared to IOS routers. If you want to have good QoS you have to go for router (or metro switches as suggested above) but if you need high bandwidth better to go for L3 switch. So somewhere you have to find the balance.


Joseph W. Doherty Thu, 12/04/2008 - 06:17

Yes, that's true a software router isn't going to come anywhere close to most L3 switches in raw performance, and the L3 switches, at least the small ones, are often feature poorer. However, much depends on just how much you might expand your WAN bandwidth, and whether you need to.

The 2811 is rated at 120 Kpps, which in theory allows about 61 Mbps throughput for 64 bytes size packets. I have found them capable of dealing with about 15 Mbps (duplex) with QoS features. I would expect the 2851 to about double that. So there's likely some room for growth unless you expect to jump into much higher WAN bandwidth soon.

Also, with better traffic management and/or WAN acceleration features, you might not need to increase WAN bandwidth.

For an example of the former, had a situation where remote branches implemented client backups to the HQ servers. One hundred hosts, each connected on the LAN at 100 Mbps, each wanting to backup multiple MB (if not GB), tends to want a lot of bandwidth (10 Gbps worth). With 2811, this runs fine across a T1 with VoIP, with vidconf, with Citrix, with other "mission critical" apps, with routine data traffic, with video streams, with FTP transfers, and with remote server backups. It's difficult to accomplish this QoS treatment on the small L3 switches. (Difficult too on the large L3 switches unless you're using some WAN cards.)

I agree with finding the best balance, but this often requires using the right tools for the job. Until your WAN has reached FastEthernet LAN bandwidth, the combination of using both a LAN and WAN device, I find, is often the best balance but much depends on the cost of the WAN bandwidth relative to the cost of two devices.


This Discussion