Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
8
Helpful
4
Replies

QOS: policing

colmgrier
Level 1
Level 1

‎05-28-2009 03:23 AM - edited ‎03-06-2019 05:59 AM

I'm trying to finding a solution for a customer to police backup traffic on a 100MB WAN circuit. The customer only wants to allow backup traffic to use a max of 60% bandwidth ingree/egress on the WAN port (fa5/1).

I cannot use NBAR because port fa5/1 is configured as a trunk port. Please advise.

note: The WAN circuit does not respect QOS markings (DSCP/COS/IP Prec)

### Site A Backup Servers ###

Srv 1: TCP/IP 172.16.38.100 TCP Port 3225

Srv 2: TCP/IP 172.16.35.152 TCP Port 3225

### Site B Backup Servers ###

Srv 1: TCP/IP 172.18.38.100 TCP Port 3225

Srv 2: TCP/IP 172.18.35.125 TCP Port 3225

### Site A 6509 ###

int vlan 35

172.16.35.1 255.255.255.0

int vlan 38

172.16.38.1 255.255.255.0

interface Vlan99

description "WAN"

ip address 172.31.1.1 255.255.255.0

interface fa/1

description "100MB WAN Circuit"

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 99

switchport trunk allowed vlan 99

switchport mode trunk

ip route 0.0.0.0 0.0.0.0 172.31.1.1

### Site B 6509 ###

int vlan 35

172.18.35.1 255.255.255.0

int vlan 38

172.18.38.1 255.255.255.0

interface Vlan99

description "WAN"

ip address 172.31.1.2 255.255.255.0

interface fa/1

description "100MB WAN Circuit"

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 99

switchport trunk allowed vlan 99

switchport mode trunk

ip route 0.0.0.0 0.0.0.0 172.31.1.2

Labels:
0 Helpful
4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

‎05-28-2009 06:22 AM

I would shape the traffic on both ends when destined to your other location.

SiteA:

access-list 101 permit ip 172.16.0.0 0.0.255.255 172.18.0.0 0.0.255.255

class-map SHAPE

match ip address 101

policy-map OUTBOUND

class SHAPE

shape average 60000000

int fa/1

policy-map OUTBOUND out

SiteB:

access-list 101 permit ip 172.18.0.0 0.0.255.255 172.16.0.0 0.0.255.255

class-map SHAPE

match ip address 101

policy-map OUTBOUND

class SHAPE

shape average 60000000

int fa/1

policy-map OUTBOUND out

This is *ALL IN THEORY*. I've never done this over a backup route or in a switch. I do have two sites that I'm running this same type of configuration between two sites, and it works great. (Both sites have 20MB circuits, but I'm shaping back to 3MB for just this one site.) I don't know how this is a backup link, and I can only assume that you have two separate circuits coming in. If you're tracking one interface (without a policy), and that interface goes down, your traffic should go out the backup link (policy applied). If you have two routes in your routing table for the same destination though, it's going to load balance, and your traffic will be affected that's going out the backup link.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

colmgrier
Level 1
Level 1
In response to John Blakley

‎05-28-2009 07:50 AM

Thanks John for the excellent advise.

The customer only has a 100MB circuit going to each site. The backup traffic is data being backed to a SAN in site B.

0 Helpful

nate-miller
Level 1
Level 1
In response to colmgrier

‎06-01-2009 01:45 PM

What device is this? The 6500/7600 don't support traffic shaping on ethernet ports- only on FlexWAN modules.

Shaping is better than policing, becasue a policer will just drop packets, a shaper will try to at least be polite and buffer things a bit.

If you've got a full dedicated 100Mb port between sites, the carrier shouldn't have to be QoS aware- you can police at your egress.

Thinking about this makes me realize that there's issues with the COS based queue-mappings I've been using, and the fact that scavenger is COS1 and "bulk data" is recomended to be AF11. AF11 is going to suffer considerably from the small buffers and no queue-ratios that it gets by being associated with the Scavenger COS. Hmmm.

At the edges where your backup servers are, I'd mark their traffic to a specific DSCP value.

At the WAN link, give that DSCP value about 60% of that interface via a policer.

That'd be the first approach I can think of.

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎06-02-2009 04:14 AM

The particulars for the 6500s depend on what's installed. In general, most "LAN" type Ethernet intefaces might only restrict bandwidth via some policer.

The problem with restricting bandwidth, for something like backups, it doesn't allow such traffic to use additional bandwidth that might otherwise be availble. Second, assuming it's "low" priority, when it's at its permitted max, you might want to have some of that bandwidth for more important traffic.

What you might consider is using different queues for backup and other traffic, then adjust the ratios such that non-backup traffic is seldom delayed by backup traffic regardless of its bandwidth demand.

NB: such queuing can only be done for egress, but if you control both sides, one side's ingress is the other's egress.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card