QoS and SAN = broke

Answered Question
Oct 6th, 2009
User Badges:
  • Purple, 4500 points or more

All,


I have a SAN that replicates traffic across a 100mb MAN that I need to shape back. I created a policy that guarantees 50mb and shapes to 70mb. The mirrors broke.


We're going to contact the vendor tomorrow to see WHY it couldn't work on 50mb, but I wanted to post my policy to see if there were any changes that you would make:


interface FastEthernet0/1

description Connects to the OpteMAN DR link

ip address 172.27.1.2 255.255.255.0

load-interval 30

speed 100

full-duplex

service-policy output DR

end


class-map match-all SANTRAFFIC

match access-group name SANTRAFFIC


Extended IP access list SANTRAFFIC

10 permit ip 10.131.100.0 0.0.0.255 10.131.1.0 0.0.0.255 (16427 matches)


policy-map DR

class SANTRAFFIC

bandwidth 51200

shape peak 71680

class class-default

!


I'm not sure if I should shape or police it, but I figured that I didn't want to just drop the traffic.


Thanks,

John



Correct Answer by Joseph W. Doherty about 7 years 9 months ago

If your SAN only sends the bulk of traffic in one direction, and there's congestion, that's where you want to apply QoS (i.e. you likely could get by with application of just one policy on one end of the link). However, assuming the SAN might want to "recover" in the reverse direction, having the QoS policy already in place guarantees service levels when that happens.


With regard to your new policy approach, I recommend you try to think of priorities between traffic more than bandwidth allocations. Bandwidth allocations are generally only necessary when the applications really need it to work (well). Otherwise, it's more a question of what traffic is serviced first when there's congestion. Assuming other traffic has users waiting, and SAN replication does not, then we want to prioritize the other traffic over the SAN replication traffic. This can be done with a policy similar to the one in my prior post. Do note, although that sample policy effectively prioritizes non-SAN traffic over SAN traffic, you might still see SAN using 95% of the link. The important point though is, although SAN uses the bandwidth it "moves aside" for non-SAN traffic.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joseph W. Doherty Tue, 10/06/2009 - 18:32
User Badges:
  • Super Bronze, 10000 points or more

I recall(?) unlike class "bandwidth" that's in Kbps, a shaper or policer uses bps. If I'm correct, you're might be shaping for 71 Kbps, not 71 Mbps.


PS:

Depending on the needs of your traffic, and the needs of the SAN mirroring, I would try the minimal bandwidth guarantee and not otherwise restrict the SAN traffic. I.e. if the bandwidth is otherwise available, why limit SAN's usage? This assumes with the minimal bandwidth defined for SAN, other traffic will push SAN aside if the bandwidth is otherwise needed.


I.e.

Something like this might work:


policy-map DR

class SANTRAFFIC

bandwidth remaining percent 1

class class-default


John Blakley Wed, 10/07/2009 - 07:01
User Badges:
  • Purple, 4500 points or more

Joseph,


The reason for this is I've configured failover for all of our branches using this 100mb connection between our corporate office and the other side of the 100mb link. The SAN traffic takes up about 90mb of the pipe, but branches can usually use, and are accustomed to, 20mb. I wanted to guarantee 50mb on the link for the SAN, but I wanted to limit the amount of traffic that it could use, so I could guarantee the users at least 20mb. Maybe I should do something like:


access-list 100 deny ip 10.131.100.0 0.0.0.255 10.131.1.0 0.0.0.255

access-list 100 permit ip any any


access-list 100 deny ip 10.131.100.0 0.0.0.255 10.131.1.0 0.0.0.255


class match-any DR

match access-group 100


class match-all SAN

match access-group 101


policy-map DR

class DR

bandwidth 20480

class SAN

bandwidth remaining percent 95


And in order for this to be effective, do I have to apply at both ends of the link? From what I understand, the SAN only sends in one direction.


Thanks!

John


Correct Answer
Joseph W. Doherty Wed, 10/07/2009 - 08:54
User Badges:
  • Super Bronze, 10000 points or more

If your SAN only sends the bulk of traffic in one direction, and there's congestion, that's where you want to apply QoS (i.e. you likely could get by with application of just one policy on one end of the link). However, assuming the SAN might want to "recover" in the reverse direction, having the QoS policy already in place guarantees service levels when that happens.


With regard to your new policy approach, I recommend you try to think of priorities between traffic more than bandwidth allocations. Bandwidth allocations are generally only necessary when the applications really need it to work (well). Otherwise, it's more a question of what traffic is serviced first when there's congestion. Assuming other traffic has users waiting, and SAN replication does not, then we want to prioritize the other traffic over the SAN replication traffic. This can be done with a policy similar to the one in my prior post. Do note, although that sample policy effectively prioritizes non-SAN traffic over SAN traffic, you might still see SAN using 95% of the link. The important point though is, although SAN uses the bandwidth it "moves aside" for non-SAN traffic.


Actions

This Discussion