Solved: Qos Issues

tonderai.chinowona · ‎09-04-2009

Please could you help.I need to mix up traffic shaping for both tcp protocols and ip protocols.My scenario is:

I have got a router that does traffic shaping using CBWFQ. find my configs attached.shaping is ok.All the 3 clients are dsl clients and they have a network behind the given ip addresses.The problem is, if one pc from a client eg 192.168.1.200 is downloading a file from the internet, everyone under that network cannot browse.Thus means all bandwidth will be used up for the file downloads.Web and ftp traffic will be affected for that network in particular.can i reserve bandwidth for www and ftp and how can i do it with my current configs.I tried adding this to my config but its not working

class-map web

match protocol http

match protocol ftp

match protocol secure-http

policy-map traffic-shaping

class web

shape average 128000

bandwidth 128

simontibbitts · ‎09-05-2009

Hello

Just to let you know what I looking for in advance. Possible causes I think might be:

1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases.

2) Class maps in a policy statement are read in the order they are configured, so if the web traffic you are trying to limit is already matched by a previous class map then your new class map will never be used. To fix this you will have to reconfigure your policy so the web class is at the top.

Simon

View solution in original post

simontibbitts · ‎09-04-2009

Hello.

Did you configure 'class-map web' or did you configure 'class-map match-any web' ?

If you did the first one 'class-map web' then this means it will be a 'match-all' which means your class will never work as you cannot match a packet which is http, ftp and https all at the same time.

Do a 'show run | s class-map'

and see if it says 'match-any' or 'match-all'

Simon

tonderai.chinowona · ‎09-04-2009

find the output of sh policy-map int command

Class-map: web (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol ftp

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol secure-http

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

Output Queue: Conversation 277

Bandwidth 128 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 0/0

(depth/total drops/no-buffer drops) 0/0/0

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

128000/128000 1984 7936 7936 62 992

Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 0 0 0 0 no

it looks like no matches are found. but the other classes are working, that is:

Class-map: 256k-clients (match-any)

3542006 packets, 2805904757 bytes

5 minute offered rate 1000 bps, drop rate 0 bps

Match: access-group 100

2786602 packets, 2149435661 bytes

5 minute rate 1000 bps

Match: access-group 114

755404 packets, 656468250 bytes

5 minute rate 0 bps

Match: access-group 116

0 packets, 0 bytes

5 minute rate 0 bps

Queueing

Output Queue: Conversation 267

Bandwidth 256 (kbps) Max Threshold 64 (packets)

(pkts matched/bytes matched) 2054229/1923513698

(depth/total drops/no-buffer drops) 0/0/0

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

256000/256000 1984 7936 7936 31 992

Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 3509338 2765047394 1979081 1913716974 no

simontibbitts · ‎09-04-2009

Hello.

Can you please paste the full qos config including all the config under the interface you are applying it to. What version of IOS are you running?

Simon

simontibbitts · ‎09-05-2009

Hello

Just to let you know what I looking for in advance. Possible causes I think might be:

1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases.

2) Class maps in a policy statement are read in the order they are configured, so if the web traffic you are trying to limit is already matched by a previous class map then your new class map will never be used. To fix this you will have to reconfigure your policy so the web class is at the top.

Simon

Joseph W. Doherty · ‎09-05-2009

"1) You need to configure 'ip nbar protocol-discovery' under your interface that you have the qos on. This command is required for NBAR to work in older releases. "

I don't recall that. Which IOS versions?

simontibbitts · ‎09-05-2009

Hi Joseph.

I haven't tested it myself but I remember this from the Cisco Press CCIE R&S v3 Certification Guide. Page 426:

NOTE: Before the 12.2T/12.3 IOS releases, the 'ip nbar protocol-discovery' command was required on an interface before using a service-policy command that used NBAR matching. With 12.2T/12.3 train releases, this command is no longer required.

The use of the match protocol command implies that NBAR will be used to match the packet.

I might test it out when back in work on Monday.

Simon

Joseph W. Doherty · ‎09-05-2009

Ah, from a certification guide, eh? Still don't recall this limitation, but my memory isn't what it once was. I do recall various "flavors" of AutoQoS are tied to NBAR protocol discovery. If you do get a chance to try it, please post the result. I too, if I get the chance might lab it up (but it won't be Monday).

tonderai.chinowona · ‎09-05-2009

Thank you very much.This is what i wanted.Its working.Great!!!!!!!!!!!!!