Traffic prioritization

Unanswered Question
Mar 7th, 2009
User Badges:

Hi, we have two sites which are connected via MPLS.MPLS provider device is connected at both ends to an L3 switch.

If we need to prioritze or assign more bandwidth to a particular application flow based on destination address, where should the QOS be ideally configured..on the L3 switch at the end traffic is emanating from or on the MPLS device?

Small config would also help.

Thanks !

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (4 ratings)
Joseph W. Doherty Sat, 03/07/2009 - 05:04
User Badges:
  • Super Bronze, 10000 points or more

Ideally you want to manage congestion at points of congestions. For MPLS, the common congestion points are the MPLS ingress/egress links (i.e. CE-PE, PE-CE.) Most MPLS vendors would not allow you to directly configure QoS features on their equipment. However, MPLS vendors usually support some QoS features that will operate based on your packet ToS markings. I.e. you would mark or tag your traffic to indicate to the MPLS vendor traffic prioritization or congestion handling. These ToS markings can be applied on any of your devices before the traffic reaches the MPLS vendor's equipment (assuming your devices downstream of the actual marking device will pass along the markings or only reset them as necessary).

If there are only two sites, and if your equipment can limit your traffic to the minimum bandwidth of the lower of either MPLS ingress or egress, you have the option of ignoring the MPLS vendor's QoS and doing whatever you want (within the capabilies of the equipment). This could then allow QoS "better" than what the MPLS vendor supports and might reduce cost since some MPLS vendors charge extra for QoS features.

suthomas1 Sun, 03/08/2009 - 00:02
User Badges:

Thanks for the that means i cud do this on my L3 device connected to the CE routers on either incoming or outgoin QOS prioritising the b.w for the particular application?

Joseph W. Doherty Sun, 03/08/2009 - 06:07
User Badges:
  • Super Bronze, 10000 points or more

Yes, but depends on the capabilities of your L3 switches. Also, your would normally want to prioritize for outgoing. Incomming could be done if such was necessary for the internal network.

suthomas1 Mon, 03/09/2009 - 07:16
User Badges: lets say we need to put a certain application class of traffic on highest priorty and also assign it some bandwidth, to ensure that it has its own share of b.w available each time & that other apps dont eat into this b.w; how would we configure this assuming the app ip is,which is located at after Device B.

Device A wud be source for this source.& we would want the traffic prioritised on either ways & ends.

Also,assuming at some time this app might not use all of its available b.w, then at that point we have to ensure still no one else eats on its b.w

Pls provide the short config for this scenario and brief explaination to get an idea & whether this wil be PQ or someother form.

Thanks in advance!

Joseph W. Doherty Mon, 03/09/2009 - 17:11
User Badges:
  • Super Bronze, 10000 points or more

A short config sample would be very dependent on the equipment and sometimes its IOS.

I'm a little lost about your question's toplogy; relationship between devices A and B and the IP address

"Also,assuming at some time this app might not use all of its available b.w, then at that point we have to ensure still no one else eats on its b.w "

You might do that (assuming the equipment supports doing so), but if the equipment supports it, having a QoS feature that obtains bandwidth for priority traffic usually means you don't need to otherwise restrict other traffic bandwidth.


If you have particular Cisco equipment in mind, often the configuration guide's QoS chapter is a good place to start. It would best explain what can be done. I, or others, might then be able to clarify any point of confusion.

suthomas1 Tue, 03/10/2009 - 04:07
User Badges:

ok..sorry if there was confusion.i was just looking out for a config whereby i hav a 2811 router with Site A trying to access some appl on site B, the app is having ip and would be working on port 5660.

It would help me if you can provide a short config for this scene whereby we need to give priority to this traffic & also assign maybe a fixed bandwidth(around 256K) on the link at either sites,so that this traffic is getting highlighted while coming from either ends.

So, i assume it would mean we apply the config on either ends as outbound or mark it inbound and then allocate b.w on outbound.

Thanks for the help so far!

followurself Tue, 03/10/2009 - 06:08
User Badges:


we have a very similar setup though with many applications.

site A- f0/0--LAN router--f0/1----WAN router A

site B -f0/0- LAN router- f0/1 --WAN router B

WAN router A --MPLS --WAN router B

we only do marking and MPLS provider does the policing on respective WAN routers

policing will restrict the bandwidth

on the same lines we use, config should be like below

class-map match-any app

match access-group name app1

policy-map mpls1

class app

set ip precedence 2

ip access-list extended app1

permit tcp any any eq 5660

permit tcp any eq 5660 any

interface FastEthernet0/0

service-policy input mpls1

inform ISP to restrict bandwidth for any packets marked with precedence 2

when you type show policy-map interface fastethernet 0/0 you will see packets marked

though i have question around the service poilcy input and output command. the doc says input will mark all packets entering the interface and output leaving the interface. what exactly it means. can some one answer


suthomas1 Tue, 03/10/2009 - 06:51
User Badges:

Thanks!So the packs are marked down on the lan interface.Do you apply the same on the other site as well?using policing would actually restrict the bw, shouldnt it be better if we allot some bw using bandwidth command to the specific appls.And any idea how the provider does it on their side..which interface they apply on and how.


Joseph W. Doherty Tue, 03/10/2009 - 06:55
User Badges:
  • Super Bronze, 10000 points or more

Ah, a 2811! A 2811 isn't a L3 switch, as you noted in your first post, although it is a L3 device. That does help much as far as providing a sample config.

I'm still confused what's connected to what, but assuming you have a 2811 at both sites and this is the last device that has an Ethernet handoff to your MPLS provider's device, you might do it much as Munaa's post indicates.

A key issue is whether you're going to work within the MPLS QoS support provided by the vendor or not. For the former, you would mark the traffic to conform both to its importance and with regard to the service guarantees such markings obtain with the MPLS vendor's QoS model.

Munaa's shows marking the special app with IP Precedence 2. Again, the markings to use and what they guarantee depends on the MPLS vendor.

One enhancement to what Munaa shows, the ACLs should probably also include your special IP address. (The ACL is also assuming TCP, but the traffic might be UDP?)


ip access-list extended app1

permit tcp any host eq 5660

permit tcp host eq 5660 any

(NB: In anwser to Munaa's question whether to mark upon ingress or egress, the "book" answer is mark as soon as possible but marking on last egress to the MPLS provider's device will likely be fine too.)

If there are only two sites, you can ignore the MPLS vendor's QoS as long as you know the minimum bandwidth across MPLS. A sample configuration might be much like Munaa's but with a few additions/changes.


class-map match-any app

match access-group name app1

policy-map mpls1

class app

!there's several ways of defining bandwidth allocation for class - absolute bandwidth is one

bandwidth ###

class class-default

bandwidth ###

policy-map mplsBandwidth

class class-default

!shape at 10 to 15% of defined Ethernet bandwidth, e.g. 20 Mbps Ethernet, shape for 17 or 18 Mbps (this allows for Ethernet overhead)

shape average #

service-policy mpls1

ip access-list extended app1

permit tcp any host eq 5660

permit tcp host eq 5660 any

interface FastEthernet #

!since we're queuing, not just marking, outbound (on interface facing MPLS) is important

service-policy output mplsBandwidth

followurself Tue, 03/10/2009 - 08:20
User Badges:

we do marking at both ends on the LAN interface, i guess by doing in this fashion we are marking what is coming in and what is going out. since input says anything entering it will mark both the source packets and destination packets. Since we are not doing shaping personally i think if we can change it as service policy output on the wan interface of both LAN routers A and B so in your case too if you apply the policy as output on the WAN interface connecting to the ISP router should be fine

Check with ISP what CAR (committed access rate) they provide. usually MPLS providers give 3 buckets. you will need to check with them what are they and what marking are supported. it may be like voice, video and buisness class. in your case you can have business class marking ( what i mentioned in my config) precedence 2. As Joseph mentioned its worth checking with ISP and change accordingly. it doesnt matter what it is, as long as supported by ISP.

preferably ISP should do policing or shaping, its unlikely your interface will get congested.Though as Joseph mentioned if you know the minimum bandwidth , you can do shaping by yourself.

note: its not advisable to do shaping for voice

hope this helps

suthomas1 Tue, 03/10/2009 - 08:28
User Badges:

Oh..forgive me for the typo error..we have last device as 6500 on both ends which then are connected to providers 3845 on either ends.

The query is would it be advisable to apply this service policy on our lan as inbound or on wan as outbound..which is better?and when we say bandwidth means the class would get this much amount minimum for its use during congestion..correct or is it other way?

& if we ask the vendor to do so on their devices..would it be better marking on their lan interface facing us inbound or on their wan outbound?

bit confusion on this based on device placements of ours and providers.

Thanks in advance!

Joseph W. Doherty Tue, 03/10/2009 - 08:56
User Badges:
  • Super Bronze, 10000 points or more

A 6500 is a special case because its QoS capabilties also depend on the installed line cards. Most LAN cards QoS, features and configuration, is much different from my sample for 2811. Some WAN cards can support QoS even more complex than the 2811 but would look similar in configuration.

As to QoS placement, it's not so much a question of "better" but where's it's required and/or makes the most sense. Again, the "book" solution would be to classify and mark traffic as close to the ends as possible (often the very edge connection to the end devices), and queue management where needed (WAN interfaces often rank 1st because they usually have limited bandwidth).

If it could be done, outbound on the 3845s would be a place to start. If you have no control to do that, outbound from both 6500s (to the 3845) might be the next choice. (Again, what to do and how to do it, depends on interaction with the vendor's QoS model and/or what your 6500 supports.)

"and when we say bandwidth means the class would get this much amount minimum for its use during congestion..correct or is it other way? "

Often it means a minimum guarantee but it also might be capped at that amount too. I.e. answer could be either, depends on what's being done with QoS.

"if we ask the vendor to do so on their devices..would it be better marking on their lan interface facing us inbound or on their wan outbound? "

Assuming the traffic is flowing toward the WAN (i.e. LAN ingress marking or WAN egress marking), on a 3845 doesn't really matter. Choice really up to the vendor. (If dealing with bandwidth management, not just marking, that's often best done on interface egress.)

suthomas1 Wed, 03/11/2009 - 05:06
User Badges:

thanks for the explaination..ok one more query here..

if i'm correct any amount of QOS optimisation wont help if there is no congestion occuring?

if we prioritise n allocate bandwidth for a class and if there is no congestion on the wont take affect ..correct.


Joseph W. Doherty Wed, 03/11/2009 - 05:36
User Badges:
  • Super Bronze, 10000 points or more

Yes, if there's no congestion, QoS won't have an effect. However, there's almost always congestion, but it varies in degree. The degree of congestion and what the traffic needs to work well is what's important.

For instance, even on a link showing an average utilization of under 1% (which most would think not congested), if you were doing VoIP and someone openned a large Powerpoint file at the same time, VoIP quality during the file load period might be impeded.

QoS techniques attempt to deliver or guarantee, what they're named for, quality of service. Without such, you're left with Best Effort, i.e. no guarantees.

One of my favorite experiences, tried to convince a senior network engineer of the benefit of QoS on "uncongested" links (average utilization was only about 10 to 25%). After activation of QoS, one night router crashed and reloaded itself, but dropped all its QoS settings. Next morning, same engineer couldn't understand why his phone lit up like a Christmas tree with every remote site complaining, "what's wrong with the network". He finally found the missing QoS, reapplied, complaints stopped. Both before and after QoS, links still only showed 10 to 25% utilization.

Keep in mind, 10% utilization really usually means, link running at 100% about 10% of the time, not 10% busy 100% of the time.

suthomas1 Wed, 03/11/2009 - 06:09
User Badges:

That gave a good understanding on the topic.Thanks for getting so detailed.

Voice we know is very much sensitive to delay..would this apply also to applications which hit the server and try navigating/retrieving through them.


Joseph W. Doherty Wed, 03/11/2009 - 07:57
User Badges:
  • Super Bronze, 10000 points or more

It can impact other applications, again a question of degree. As you've noted, something like VoIP is about the most sensitive. Next might be remote desktop applications (driving the screen), next then might be other interactive applications. With VoIP, fractional second delays could be an issue, with interactive applications occasional multi-second delays might be just fine. (Of course, much also depends what you're willing to tolerate or consider "normal". Many, many years ago I used a system that offen had a 30 second delay to scroll a line; not that I was happy using it, but that's what was provided.

suthomas1 Fri, 03/13/2009 - 07:37
User Badges:

Thanks!lets say there are 2 ends A,B.Router at A has interface fa0/0 linked to router B on interface fa0/1.But fa0/1 has been subinterfaced for two seperate links fa0/1.101 , fa0/1.102 landing in.

So,link of interest here is fa0/0 to fa0/1.102.

In this case if i need to apply service policy with minimum bandwidth guarantee features ,would fa0/1.102 on B accept the service policy OR wat is the best way to do this.

Thanks in advance..

Joseph W. Doherty Fri, 03/13/2009 - 16:31
User Badges:
  • Super Bronze, 10000 points or more

Don't recall I've tried it with Ethernet subinterfaces, but what you would want would be either a QoS policy on the parent interface, if the physical port is the congestion point, or on the subinterface if you need to shape the subinterface bandwidth to match the downsteam bandwidth. You would also want to insure either all subinterfaces are shaped and their sums don't over allocate the port's bandwidth, or have QoS policies at both the parent and subinterface levels.


This Discussion