Qos Issues

Unanswered Question
Sep 4th, 2009

Please could you help.I need to mix up traffic shaping for both tcp protocols and ip protocols.My scenario is:

I have got a router that does traffic shaping using CBWFQ. find my configs attached.shaping is ok.All the 3 clients are dsl clients and they have a network behind the given ip addresses.The problem is, if one pc from a client eg 192.168.1.100 is downloading a file from the internet, everyone under that network cannot browse.Thus means all bandwidth will be used up for the file downloads.Web and ftp traffic will be affected for that network in particular.can i reserve bandwidth for www and ftp and how can i do it with my current configs.I tried adding this to my config but its not working

class-map web

match protocol http

match protocol ftp

match protocol secure-http

policy-map traffic-shaping

class web

shape average 128000

bandwidth 128

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
andrew.prince@m... Fri, 09/04/2009 - 03:30

Yes you can do this - it means you are going to have to get veru creative with your class maps.

For example you could use several access-lists will be required, in your instance, instead of just using IP address, you should also use destination tcp ports e.q 80, 20-21, 443 or you can use policing and priority policies.

What is your ultimate goal here?

tonderai.chinowona Fri, 09/04/2009 - 03:48

Thank you for the quick response.I have got a low speed wan link and would like to shape traffic so that clients don't abuse the bandwidth.Please can you explain further on how to mix up ip addresses and ports on my access lists such that www and ftp dont get affected with normal downloads.

Joseph W. Doherty Fri, 09/04/2009 - 03:56

Your likely issue is, trying to manage bandwidth downstream (". . . downloading a file from the internet . . .") of the congested link is difficult to impossible.

If you "know" a certain inbound traffic stream is causing issues, e.g. FTP, and if it uses TCP, you can police (not shape) its rate. You may find, though, you have to police (or rate limit) the such traffic at a lower rate than you desire to truly control its inbound bandwidth utilization.

PS:

For outbound, in many cases, a simple FQ implementation will keep a bandwidth demanding flow from adversely impacting your other flows.

tonderai.chinowona Fri, 09/04/2009 - 04:07

are you saying we cannot manage bandwidth for downstream traffic?from they way i configured, it shows that traffic shaping is functional after typing this command: sh policy-map int f0/1.The only thing i want to do is to reserve bandwidth for ftp and www.

andrew.prince@m... Fri, 09/04/2009 - 04:19

No - its practicially impossible to limit what people are D/L from the internet. QoS was not invented to limit traffic coming in - but traffic going out.

Example

PC1<>LAN1<>RT1<>WAN<>RT2<>LAN2<>PC2

to stop a PC1 from d/l a large file from PC2 and use all WAN bandwidth - you would QoS the connection from RT2 to the WAN limiting the traffic and vice versa.

In your instance you have

PC1<|

PC2<|>RT1<>Internet

PC3<|

QoS in this instance would be to limit the amount of traffic that the PC1/2/3 would be UPLOADING to the internet - not D/L, however if you have:-

PC1<|

PC2<|>RT1<>RT2<>Internet

PC3<|

You could implement a policy in the RT2 interface facing RT1 to limit the D/L from the internet.

Also rememeber you are applying QoS on a FA interface 100mbs - which means you will use 75% of that 75mbs available interface bw. If you have a 1mbs wan link.....how do you tell the router to use only 300kbs on a FA interface - you can't, because normal QoS is congenstion management (meaning full pipe usage) you MUST using Shaping & Policing.

tonderai.chinowona Fri, 09/04/2009 - 04:29

i made a mistake, maybe.Iam implementing shaping and if you check my configs i posted, they indicate traffic shaping.the actual setup is like:

PC1<|

PC2<|>RT1<>RT2<>internet

PC3<|

RT1 is doing traffic shaping, outbound on the interface facing the PC's.all i want is to shape web traffic, otherwise if i guarantee 256k to PC2, iam getting that one, so my shaping is okey.i guess i made myself clear.

andrew.prince@m... Fri, 09/04/2009 - 04:39

OK - things are getting clearer, but now you have to consider, FA0/0 on RT1 faces the LAN, and is the man layer3 interface for all comms on that network. By shaping going out - not only are you affecting all Internet traffic, but potentially all LAN inter-site traffic also.

To get the below working:-

class-map web

match protocol http

match protocol ftp

match protocol secure-http

policy-map traffic-shaping

class web

shape average 128000

bandwidth 128

Change class-map web to

class-map match-any web

match protocol http

match protocol ftp

match protocol secure-http

The default is to "match-all" = will never work with multiple protocol statements, as they must ALL match, which will never happen.

tonderai.chinowona Fri, 09/04/2009 - 17:48

find the output of sh policy-map int command

Class-map: web (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol ftp

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol secure-http

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

Output Queue: Conversation 277

Bandwidth 128 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

128000/128000 1984 7936 7936 62 992

Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 0 0 0 0 no

it looks like no matches are found. but the other classes are working, that is:

Class-map: 256k-clients (match-any)

3542006 packets, 2805904757 bytes

5 minute offered rate 1000 bps, drop rate 0 bps

Match: access-group 100

2786602 packets, 2149435661 bytes

5 minute rate 1000 bps

Match: access-group 114

755404 packets, 656468250 bytes

5 minute rate 0 bps

Match: access-group 116

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

Output Queue: Conversation 267

Bandwidth 256 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 2054229/1923513698

(depth/total drops/no-buffer drops) 0/0/0

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

256000/256000 1984 7936 7936 31 992

Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 3509338 2765047394 1979081 1913716974 no

Joseph W. Doherty Fri, 09/04/2009 - 06:32

I believe Andrew has covered this, but "are you saying we cannot manage bandwidth for downstream traffic?", again, difficult to impossible. Traffic shaping on the LAN interface just controls the bandwidth utilization going to clients, not exactly the same as controlling the bandwidth utilization on your inbound Internet link, which is likely the problem. Ideally, you would want to manage egress on the other side of the Internet link, i.e. the ISP's router.

Actions

This Discussion