Practical uses for hierarchical qos??

Answered Question
Sep 14th, 2009
User Badges:

I am doing some reading up on Cisco's hierarchical qos implementation, but I am struggling to see when/why I would ever need to use it?? Can someone provide some real world examples to clear this up??

Correct Answer by Joseph W. Doherty about 7 years 7 months ago

Looks like you've gotten the concept.


For an actual implmentation:


You probably should match just against remote network (this would also cover situation one remote bouncing off hub to another remote).


e.g.

instead of

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255

use

access-list 100 permit ip any 10.10.11.0 0.0.0.255


Within your child policy (if supported), using percent based bandwidths is often more flexible.


On many platforms/IOSs, FQ within class-default can take bandwidth from defined classes (except LLQ classes).


You should use WRED with great care and understanding. Values of 100..200 are usually excessive for 1.5 Mbps.


Not 100% positive, but on many platforms/IOSs believe shaper might not account for L2 overhead. For really accurate shaping, you'll need to shape slower to allow for this. Also, when working with LLQ traffic, you might need to decrease Tc.


BTW, on many(?) platforms/IOSs, you can directly match against DSCP values (i.e. don't need ACLs 102..105). Also, if you used named ACLs for 100 and 101, you might save the ACL remark statements.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
nsn-amagruder Mon, 09/14/2009 - 07:46
User Badges:

I used it to provide a base set of qos policy for voice/data/etc and applied that policy to a list of subnets/sites so each site/subnet got x percent for voice, etc...

Edison Ortiz Mon, 09/14/2009 - 07:52
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Real world example?


You want to apply a shaper to all QoS classes.


policy-map CHILD_QOS

class voip

priority xxx

class video

bandwidth xxx

class signalling

bandwidth xxx


policy-map PARENT_QOS

shape average xxxxx

service-policy CHILD_QOS


interface fx/x

service-policy out PARENT_QOS


__


Edison.

Giuseppe Larosa Mon, 09/14/2009 - 07:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Dennis,

by using hierarchical QoS you can provide a logical pipe of speed X to be used with a tunnel interface or a vlan subinterface that misses a resource concept.

The parent policy is typically a shaper.

The child policy is typically a CBFWQ where traffic is diffentiated for example voip bearer streams are placed in a LLQ and so on.


see this example taken from production network:


h policy-map int tunnel75

Tunnel75


Service-policy output: parent_F1


Class-map: class-default (match-any)

24367222 packets, 14714927832 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

Traffic Shaping

Target/Average Byte Sustain Excess Interval Increment

Rate Limit bits/int bits/int (ms) (bytes)

8000000/8000000 50000 200000 200000 25 25000


Adapt Queue Packets Bytes Packets Bytes Shaping

Active Depth Delayed Delayed Active

- 0 24899346 1091271492 11855790 2759995037 no


Service-policy : voiceformula1


Class-map: cm_voiceformula1 (match-all)

1724152 packets, 353511833 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: access-group name voiceformula1

Queueing

Strict Priority

Output Queue: Conversation 40

Bandwidth 350 (kbps) Burst 8750 (Bytes)

(pkts matched/bytes matched) 754969/127880958

(total drops/bytes drops) 0/0


Class-map: class-default (match-any)

22643071 packets, 14361415995 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any





Hope to help

Giuseppe


Joseph W. Doherty Mon, 09/14/2009 - 09:09
User Badges:
  • Super Bronze, 10000 points or more

As the other posters have noted, most common reason for a hierarchical QoS policy it to shape all traffic at a certain rate and then manage any congestion for that rate within a subordinate policy. What might not be clear is the need to do so.


A very common situation with WAN cloud technologies (e.g. frame-relay, ATM, Internet), one site has more bandwidth to/from the cloud than another site. For example, perhaps you have a HQ site with a DS3 (45 Mbps) connection and many remote sites with DS1 (1.5 Mbps) connections. One issue might be HQ can send to a remote site faster than the remote site can accept the data. However, this point of possible congestion is at cloud egress where we often do not have control how to manage such congestion.


So, what we do is, at the HQ site, we shape all traffic to the same remote site at it's maximum speed using a parent policy, and if there's congestion, manage it with the subordinate policy.

unclerico Mon, 09/14/2009 - 11:09
User Badges:

Wow, thank you all for your very helpful and informative replies.


Ok, so I'm going one step further now and trying to actually implement what you guys are telling me. Say I have HQ with a 3mpbs pipe and two remote offices each with 1.5mbps pipes. Can you see the attached mock up of this qos implementation?? I'm essentially shaping traffic from HQ to Site1 to 1.5mpbs and the same from HQ to Site2. Is my thinking correct here?? The bandwidth numbers are just off the top of my head as are the classes of traffic so don't hold me to those please lol...



Attachment: 
Correct Answer
Joseph W. Doherty Mon, 09/14/2009 - 12:40
User Badges:
  • Super Bronze, 10000 points or more

Looks like you've gotten the concept.


For an actual implmentation:


You probably should match just against remote network (this would also cover situation one remote bouncing off hub to another remote).


e.g.

instead of

access-list 100 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255

use

access-list 100 permit ip any 10.10.11.0 0.0.0.255


Within your child policy (if supported), using percent based bandwidths is often more flexible.


On many platforms/IOSs, FQ within class-default can take bandwidth from defined classes (except LLQ classes).


You should use WRED with great care and understanding. Values of 100..200 are usually excessive for 1.5 Mbps.


Not 100% positive, but on many platforms/IOSs believe shaper might not account for L2 overhead. For really accurate shaping, you'll need to shape slower to allow for this. Also, when working with LLQ traffic, you might need to decrease Tc.


BTW, on many(?) platforms/IOSs, you can directly match against DSCP values (i.e. don't need ACLs 102..105). Also, if you used named ACLs for 100 and 101, you might save the ACL remark statements.

unclerico Mon, 09/14/2009 - 13:01
User Badges:

so Joseph, how many books have you written?? I love it!! I'll take your points and try to commit them to memory.


As an aside, do you have any references to your item stating the FQ within the class-default can tke bandwidth from defined classes?? is there any Cisco documentation stating this or is this just something that you've seen in the field??


Also, how is the priority queue affected by the child classes?? I know that if I have two priority classes in a single policy that they will share the same priority queue. Is this the case also with having child policies each using LLQ?? I hope this makes sense.


Lastly, are there any hard and fast rules about the minimum and maximum threshold's for WRED?? You say that 100 and 200 are excessive for a 1.5mbps link; is there a mathematical formula?? we actually have managed routers (AT&T) and looking through their QoS configs, they have things like random-detect dscp 18 200 300 10 so that's why I ask.


Thanks a lot!!!

Joseph W. Doherty Mon, 09/14/2009 - 17:00
User Badges:
  • Super Bronze, 10000 points or more

No, I haven't written any books; have read quite a few. However, there are a few points I think are easily overlooked concerning QoS and one QoS approach that I've "invented" that works (usually) very well, yet searching the Internet, I've only found one passing reference to the technique. From time to time, I've thought of submitting an article to Cisco's Internet Journal, but haven't yet. Perhaps, some day.


To your question about FQ and class-default, this is what I have in mind: http://www.cisco.com/en/US/tech/tk39/tk48/technologies_tech_note09186a00800fe2c1.shtml#platform.


(There was an thread that got into this issue, with an off Cisco reference to some testing how much class weights might be distorted. See:http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2d915)


"Also, how is the priority queue affected by the child classes?? I know that if I have two priority classes in a single policy that they will share the same priority queue. Is this the case also with having child policies each using LLQ?? I hope this makes sense."


No, not fully. Child policy only has one actual LLQ. What I was warning about, was since a shaper can and will pass bursts within a Tc, you sometimes need to decrease a shaper's Tc so that LLQ traffic is queued before other traffic. (This is a similar issue, to one I haven't yet mentioned, where you sometimes need to manually decrease an interface's tx-ring-limit to insure LLQ isn't delayed by non-LLQ traffic.)


Doing WRED "right" is a bit complex; even defining what's "right". Generally RED is one technique to try to improve goodput for TCP traffic. (For more info on RED, you might start here: http://www.icir.org/floyd/red.html)


High queue depths, as provided by some ISPs, generally tries to avoid equipment congestions drops, at least until congestion is extreme. However, this assumes latency isn't a much of a consideration for network applications (300 1500 byte packets would take about 2 seconds to transmit at 1.5 Mbps [assuming my math is correct]) nor exceed TCP timeout timer causing needless retransmission and TCP flow dropping back to slow start.

unclerico Mon, 09/14/2009 - 17:24
User Badges:

Awesome stuff man, awesome stuff. Thanks for sharing, and yes, you should write a book. You rock dude!!!

Actions

This Discussion