Guaranteed bandwidth in multi-tenant network

Unanswered Question
Feb 2nd, 2009

I need to guarantee specific download and upload bandwidth rates for tenants in a business park. The setup is simple. Tenant connections are concentrated at a Catalyst 3650 which uplinks to a 2811 ISR with Ethernet presentation to the service provider's NTE and then Internet. The WAN is a business class connection running at 8Mbps in both directions. The QoS is configured on the 2811, which is its only role other than basic static routing. A diagram is attached.

<br />

<br />The important parts of the router configuration are attached also. I've configured CBWFQ to guarantee specific rates for each tenant during congestion. For instance tenant_1 gets 250Kbps, tenant_2 1000Kbps and so on. There are 30 tenants in total. Classification is based on the tenant's unique public WAN address. The policy (QOS_POL) is then applied in the output direction of each interface, to ensure guarantees for both downloads and uploads.

<br />

<br />An additional policy (QOS_POL_APPS) is nested within the main policy to prioritise particular applications during congestion - for instance VoIP and interactive traffic are assigned guaranteed bandwidth percentages, whilst P2P traffic is dropped.

<br />

<br />I have the following questions:

<br />

<br />1. Is this the recommended way to apply guaranteed bandwidth per tenant, including the prioritisation of certain application types?

<br />2. Will it work, given that that policy is applied to the router which doesn't terminate the WAN link and therefore cannot know the true bandwidth of the 8 Mbps WAN - remember the router interface Fa0/1 connects to the NTE at 10Mbps. Will interfaces Fa0/1 and Fa0/0 ever reach congestion point, and actually apply the QoS, if their speed is greater than the WAN?

<br />3. How do you test that the policies are working correctly? I tried to saturate the link from a number of sources (both uploads and down) using http, ftp and bittorent transfers, but I couldn't get the output queues on either interface to start dropping packets. Also, running “show policy-map interface fast 0/0” or “show policy-map interface fast 0/1” doesn't indicate any QoS matches.This to me suggests that the router isn't congested and therefore isn't applying the policies yet? I guess this is to be expected - how can one expect an 8Mbps WAN to saturate a 10Mbps Ethernet interface.

<br />4. Is there a way to force the router interfaces to start applying the QoS when the rate reaches 8Mbps? I was thinking along the lines of traffic-shaping /rate limiting applied to the router.

<br />

<br />I hope this makes sense.

<br />

<br />Thanks

<br />Franco

<br />

<br />

<br />

<br />

<br />1) Multi-tenant diagram.png - 2811 config.txt

<br />2) 2811 config.txt

<br />

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joseph W. Doherty Sun, 02/08/2009 - 17:59

#1 I wouldn't recommend what you have.

#2 Won't work as you intend.

#3 Traffic generator is good tool to have. However, even when there's no congestion, you should see policy matches if policy is configured correctly.

#4 Yes, your thinking correctly about using a shaper, but unsure you can easily accomplish what you want with Cisco QoS features.

There's not much point applying QoS for tennant ingress, you're already downsteam of the 8 Mbps congestion point. Where you want QoS is at the head of the bottleneck. Tennant egress is suitable for QoS.

If you don't want to cap your tennants, ideally want you want is a parent policy with shaper for 8 Mbps, a child policy with class for each tennant for minimum bandwidth guarantee for both VoIP and non-VoIP, and another subordinate policy to allocate bandwidth between the non-Voip classes. (The last two policy maps are similar to what you're doing now, but with VoIP in their own classes.) Such a three tier configuration might not be supported by Cisco QoS, if so you need to combine the last two logical policies into one.

e.g.

policy-map masterShaper

class class-default

shape average 8000000

service-policy tennants

policy-map tennants

class voipTennant1

priority ###

class voipTennant#

priority ###

class InteractiveTennant1

bandwidth ###

class InteractiveTennant#

bandwidth ###

class ImportantTennant1

bandwidth ###

class ImportantTennant#

bandwidth ###

class defaultTennant1

bandwidth ###

class defaultTennant#

bandwidth ###

class Restrict

drop

interface FastEthnet (facing Internet)

service-policy output masterShaper

Possible issue might be exceeding maximum number of classes per policy.

Actions

This Discussion