05-28-2009 03:23 AM - edited 03-06-2019 05:59 AM
I'm trying to finding a solution for a customer to police backup traffic on a 100MB WAN circuit. The customer only wants to allow backup traffic to use a max of 60% bandwidth ingree/egress on the WAN port (fa5/1).
I cannot use NBAR because port fa5/1 is configured as a trunk port. Please advise.
note: The WAN circuit does not respect QOS markings (DSCP/COS/IP Prec)
### Site A Backup Servers ###
Srv 1: TCP/IP 172.16.38.100 TCP Port 3225
Srv 2: TCP/IP 172.16.35.152 TCP Port 3225
### Site B Backup Servers ###
Srv 1: TCP/IP 172.18.38.100 TCP Port 3225
Srv 2: TCP/IP 172.18.35.125 TCP Port 3225
### Site A 6509 ###
int vlan 35
172.16.35.1 255.255.255.0
int vlan 38
172.16.38.1 255.255.255.0
interface Vlan99
description "WAN"
ip address 172.31.1.1 255.255.255.0
interface fa/1
description "100MB WAN Circuit"
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 99
switchport mode trunk
ip route 0.0.0.0 0.0.0.0 172.31.1.1
### Site B 6509 ###
int vlan 35
172.18.35.1 255.255.255.0
int vlan 38
172.18.38.1 255.255.255.0
interface Vlan99
description "WAN"
ip address 172.31.1.2 255.255.255.0
interface fa/1
description "100MB WAN Circuit"
switchport
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport trunk allowed vlan 99
switchport mode trunk
ip route 0.0.0.0 0.0.0.0 172.31.1.2
05-28-2009 06:22 AM
I would shape the traffic on both ends when destined to your other location.
SiteA:
access-list 101 permit ip 172.16.0.0 0.0.255.255 172.18.0.0 0.0.255.255
class-map SHAPE
match ip address 101
policy-map OUTBOUND
class SHAPE
shape average 60000000
int fa/1
policy-map OUTBOUND out
SiteB:
access-list 101 permit ip 172.18.0.0 0.0.255.255 172.16.0.0 0.0.255.255
class-map SHAPE
match ip address 101
policy-map OUTBOUND
class SHAPE
shape average 60000000
int fa/1
policy-map OUTBOUND out
This is *ALL IN THEORY*. I've never done this over a backup route or in a switch. I do have two sites that I'm running this same type of configuration between two sites, and it works great. (Both sites have 20MB circuits, but I'm shaping back to 3MB for just this one site.) I don't know how this is a backup link, and I can only assume that you have two separate circuits coming in. If you're tracking one interface (without a policy), and that interface goes down, your traffic should go out the backup link (policy applied). If you have two routes in your routing table for the same destination though, it's going to load balance, and your traffic will be affected that's going out the backup link.
HTH,
John
05-28-2009 07:50 AM
Thanks John for the excellent advise.
The customer only has a 100MB circuit going to each site. The backup traffic is data being backed to a SAN in site B.
06-01-2009 01:45 PM
What device is this? The 6500/7600 don't support traffic shaping on ethernet ports- only on FlexWAN modules.
Shaping is better than policing, becasue a policer will just drop packets, a shaper will try to at least be polite and buffer things a bit.
If you've got a full dedicated 100Mb port between sites, the carrier shouldn't have to be QoS aware- you can police at your egress.
Thinking about this makes me realize that there's issues with the COS based queue-mappings I've been using, and the fact that scavenger is COS1 and "bulk data" is recomended to be AF11. AF11 is going to suffer considerably from the small buffers and no queue-ratios that it gets by being associated with the Scavenger COS. Hmmm.
At the edges where your backup servers are, I'd mark their traffic to a specific DSCP value.
At the WAN link, give that DSCP value about 60% of that interface via a policer.
That'd be the first approach I can think of.
06-02-2009 04:14 AM
The particulars for the 6500s depend on what's installed. In general, most "LAN" type Ethernet intefaces might only restrict bandwidth via some policer.
The problem with restricting bandwidth, for something like backups, it doesn't allow such traffic to use additional bandwidth that might otherwise be availble. Second, assuming it's "low" priority, when it's at its permitted max, you might want to have some of that bandwidth for more important traffic.
What you might consider is using different queues for backup and other traffic, then adjust the ratios such that non-backup traffic is seldom delayed by backup traffic regardless of its bandwidth demand.
NB: such queuing can only be done for egress, but if you control both sides, one side's ingress is the other's egress.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: