10-13-2009 02:27 AM - edited 03-04-2019 06:21 AM
Dears,
Topology:
Its a Carrier Supporting Carrier Scenario.
A------DS/PE--------------CORE/P---------ISP/PE-------P---------ISP/PE------B
The link between Core and ISP is back to back VRF connected via a layer 2 trunk.The ISP is creating a sub-interfaces on his 3800 router with encapsulation and vlan number. AND on Core am creating a SVI with a same vlan number and ip address within the subnet. Am trying to match packets by access-list on core and applying a dedicated bandwith for the particular customer A as per the SLA with the customer, The bandwith command is not accepted on the SVI.It give me this error, " bandwidth command is not supported for this interface"" when i try to execute the service policy output policy1234
The link between Distribution and core is 10 GIG ,I don't want to limit bandwith on distribution switch outbound direction because as i want client to use 10Gig interface between Distribution and core. I want to implement a QOS on egress interface of each VRF on Core facing to ISP
What is the alternate solution u experts can give me.
Each customer VRF for example:(Customer A) is associated with SVI virtual interface on 6500 (Core) and traffic is passed to customer B.
Configs Below:
BGP is routing protocol between CORE nd ISP.
ON 3800 router (ISP End)
int gig0/0
no shut
no ip add
int gig0/0.1
no shut
encapsulation dot1q 50
ip vrf forwarding XX
ip add 10.10.10.1 255.255.255.254
ON MY END (CORE)
int gig5/1
switchport trunk encapsulation dot1q
switch mode trunk
int vlan 50
ip vrf forwarding customer A
ip add 10.10.10.2 255.255.255.254.
Thanks
10-13-2009 10:48 AM
Hello Altaf,
if this is the same scenario of your other thread your multilayer switch should be a C6500.
you haven't provided the policy-map config.
Be aware of following restrictions for QoS on PFC
this can be a starting point for this issue.
Hope to help
Giuseppe
10-13-2009 11:42 AM
Hi,
Expecting ur call,
Yes it is a same secnario with 6500,Am not classifying packet on Distribution switch but classifying packet on core by access-list,
My customer A is using a crypto device which is encryting data at one end and decryting data at other end of customer B on cryto device,The crpto device company is equivalent to IPSEC but not IPSEC,and he told me that the source and destination of each and every packet passing from customer A to customer B will be always the both end crypto boxes.
Am not doing any MPLS QOS as i have read from books that by default TOS byte reflects to EXP bits in mpls and from MPLS to IP again exp bits are copied to TOS.so am deciding to classify traffic by access-list of crypto device on core and assigning a traffic a bandwith of 4 MB and class-default as a fair queue.
The command is rejected on SVI stating that bandwith command rejected on this interface.
access-list 1 permit 10.10.10.0 0.0.0.248
class-map match-all custA
match access-group 1
policy-map custA
class custA
bandwith 4000
class class-default
fair-queue
One more thing i want to ask you on executing a command sh policy map
class class-default bandwith is 0kbs just have a look down,but what i remember is that after allocating bandwith to particular queue the remaining bandwith is to class class-default queue???????? correct me if am wrong.
One more confirmation quilsar customer A has asked 4MB is it necessary to assign bandwith to traffic of class class-default queue or by default the remaining is assigned to it after specifying the required bandwith for useful matches.
Router#sh policy-map custA
Policy Map custA
Class custA
Bandwidth 4000(kbps) Max Threshold 64 (packets)
Class class-default
Flow based Fair Queueing
Bandwidth 0 (kbps) Max Threshold 64 (packets)
10-14-2009 10:46 AM
Hello Altaf,
in the link I've provided among restrictions of PFC QoS there is:
>> PFC QoS does not support these policy map class commands:
â¢bandwidth
â¢priority
â¢queue-limit
â¢random-detect
â¢set qos-group
â¢service-policy
>> end of insert
So to use this kind of QoS you should have or a FlexWAN module or a SIP + SPA combination or the ES20 or ES40 linecards that are more powerful.
on class class-default you can only decide to apply fair-queue and/or WRED I don't think a bandwidth command is accepted in any platform.
The reason is the BW for class default is defined by allocating BW with bandwidth or priority commands to the other classes.
I think application to an SVI of a CBWFQ is not possible because you can have ports on different linecards with different capabilities.
Also CBWFQ implies a physical link where you can measure outgoing traffic.
So you need to change your action plan
note:
I wouldn't worry about that 0 kbps for class class-default in your show.
Hope to help
Giuseppe
10-14-2009 12:18 PM
Hi,
Thank You very much its a very useful link for restrictions for QOS commands on 6500,
The alternate what i have thought is to classify a important traffic and allocate a police cir command to a particular traffic,and also to class class-default instead of bandwith to specific queue becz it not accepting.
Is the above thoughts will work,pls confirm.
Can u explain me the below paragraph.
The bandwidth configured on interface suppose 64 kbs so from that only 75% of bandwith is available???? that means 48 kbs,so while configuring the bandwith or priority command in CBWFQ or LLQ we have to consider 48kbs or 64kbps,
for ex:i gave bandwith 32 command this will calculate from 48kbs or from 64kbps????
My last mail query speaking General not related to 6500 configs.
I have been through wendoll odam book he says that remaining bandwith is by default allocated to class class-defualt
the thread i posted in my last mail is from dynamips,class class-defualt is not getting any bandwith,from this what i understand is if a client SLA is for 4MB for all traffic than i dont have to classify any traffic just assigned a bandwith statement in policy map for 4MB and all it is OK
BUT IF
client requirement says classify voip traffic,WEB traffic to a diffrent bandwith if suppose i assigned a full interface bandwith to these classes then there will be no bandwith for class-default so then for this reason i have to kept measure also for class class-default. In Books it says assigning a bandwith to voip and web not the full interface bandwith the remaining bandwith is assignmed to class default??????????
Thanks,
10-15-2009 08:19 AM
Hi,
Awaiting ur replies experts,
Help to each other will lead to success.
10-15-2009 10:49 AM
Hello Altaf,
unfortunately policing is not the same action on traffic:
dropping exceeding traffic or meaning a queue are different form of traffic volume control.
So you can consider this an approximate solution.
you could simply mark down exceeding traffic.
2)
here I think the book is introducing the concept of the hidden system queue for routing protocol messages.
Most Cisco platforms (but not all platforms) have a parameter that says do not allow to assign more then 75% of declared bandwidth on link to user defined traffic classes.
this interface command
max-reserved-bandwidth ?
<1-100> Max. reservable bandwidth as % of interface bandwidth
says how much BW is usable.
the parameter can be modified specially on high speed link where leaving 25% of bandwidth to signalling traffic is too much.
so in book example you have a 64 Kbps serial link and when you assign 32 kbps to an LLQ queue it leaves:
64-16-32 = 16 kbps that can be assigned to other traffic classes.
>> rom this what i understand is if a client SLA is for 4MB for all traffic than i dont have to classify any traffic just assigned a bandwith statement in policy map for 4MB and all it is OK
this can be an acceptable solution if no diffserv QoS is requested your understanding is correct.
>> n Books it says assigning a bandwith to voip and web not the full interface bandwith the remaining bandwith is assignmed to class default
again for the presence of the hidden system queue that uses 25% of bandwidth by default as explained above.
Notice that in your case with a capable platform you could use hierarchical QoS:
a parent policy that shapes at 4 Mbps that invokes a child policy that is a scheduler
policy-map clientX_4Mbps
class class-default
shape average 4000000
service clientX_LLQ
class voice_clientX
match ip address voice_clientX
class web_traffic_clientX
match ip address web_traffic_clientX
policy-map clientX_LLQ
class voice_clientX
priority 500
class web_traffic_clientX
bandwidth 1000
class class-default
fair-queue
all this on a device that supports hierarchical QoS.
(it can be a C6500/C7600 with the right linecards)
Hope to help
Giuseppe
10-15-2009 12:21 PM
Thanks for ur reply,
The above solution what i have mentioned u have accepted as a approximate solution.Can u provide me with any alternate solution which is perfect as u r aware of requirement.
I want to confirm one more query, as the client has kept a crytpo device connecting to my DS which will create a tunnel from CUST-A crypto to CUST-B crypto,he told me to redistrbute the connected interfaces between DS and Crypto and always a source and destination will be the crypto devices end,the internal routing traffic and all traffic will be encryted and not be seen by us,
So for classification what i have thought is to classify by standard access-list by ip subnet between DS and Crypto as a source,and i shld call that access-list in class-map.Pls coinfirm ,
Awaitng ur reply.
10-15-2009 11:27 PM
Hello Altaf,
>> The above solution what i have mentioned u have accepted as a approximate solution.Can u provide me with any alternate solution which is perfect as u r aware of requirement.
the hierarchical QoS example that I've described in my previous post would be a better solution.
Unfortunately with your current hardware this may be not applicable.
>> to classify by standard access-list by ip subnet between DS and Crypto as a source,and i shld call that access-list in class-map.Pls coinfirm ,
your understanding is correct this would be enough to classify customer traffic.
Hope to help
Giuseppe
10-16-2009 12:02 AM
Hello Altaf,
see this Ask the Expert about QoS on C6500
Hope to help
Giuseppe
10-16-2009 12:22 PM
Hi qiuslar,
I have been through the above link they too are speaking regarding the police a subset of traffic.
Am finalizing the configs by police a subset of traffic for different burst and class default for different burst,As per ur confirmation from last mail the classification by access-list will do BUT i forgot to tell u it will be done on CORE switch not on the DS,pls confirm ,As i dont want to implement unnecessary MPLS QOS becz when a packet arrives from IP-to-MPLS TOS bytes are copied to EXP bits and from mpls-to IP EXP bits to TOS bytes this will be at core when the core will recive the packet.Traffic will pass as IPV4 to ISP.
Pls confirm as i will classify traffic on core not on distribution, Am i correct?????? OR Provide me with any other alternative.
From ur recommended configs on above mail is it shaping works with policing in 6500 ????
Thanks a tons for ur above link,and back to back reply.
10-17-2009 10:49 AM
Hello Altaf,
>> From ur recommended configs on above mail is it shaping works with policing in 6500 ????
Sorry for having created some confusion as explained in the Ask the Expert shaping can be done only on WAN linecards that is flexwan, SIPs or ES linecards.
I had provided the configurations of hierarchical QoS to show how with a platform that supports it a scenario like yours could take advantage of two levels of QoS.
>> this will be at core when the core will recive the packet.Traffic will pass as IPV4 to ISP.
this is correct and allows you to use IP based QoS in the limits of your hardware.
However, if traffic is encrypted you can only apply policies that inspect the external IPv4 header.
So if customer or your PE devices are able to mark traffic with a different TOS byte, this is propagate to outer IPv4 header in IPSec or GRE.
So you should be able to apply different policies to different TOS bytes.
you need to use extended ACLs or to combine two match conditions
access-list 111 permit ip host siteA host siteB
access-list 112 permit ip host siteB host siteA
class-map AtoB_prec0
match ip address 111 112
match precedence 0
class-map AtoB_prec5
match ip address 111 112
match precedence 5
and so on
then on the policy-map you call the classes and apply for each of them a different police action.
Hope to help
Giuseppe
10-18-2009 12:41 AM
Hi qiuslar
Am confusing in the policing theory,help will be appreciated,
i want to do police for all traffic class-default, and the bandwith allocated to me by ISP is 4MB,
what are the preferable configs:
Q1:-- police cir 4000000 conform-action transmit exceed-action transmit violate-action drop
as i know from above confgs i dont need to specify BC and BE as it calculates itself by cir/32 and when pir configured pir/32
switch:(config-pmap-c-police)#do sh policy-map 4MB
Policy Map cisco
Class test
police cir 4000000 bc 125000 be 125000
conform-action transmit
exceed-action transmit
violate-action drop
Q2:-- police cir 2000000 pir 4000000 conform-action transmit exceed-action transmit violate-action drop
just have a look down when i configure the pir statement also there is no change in be as it is suppose to be double of bc, is it necessary to configure be while configuring PIR????????
Switch(config-pmap-c-police)#do sh policy-map cisco
Policy Map cisco
Class test
police cir 2000000 bc 62500 pir 4000000 be 62500
conform-action transmit
exceed-action transmit
violate-action drop
What is the advantage by configuring the PIR appose to single-rate as what actually happens ??? Is it more tokens are send on conform-action that means double the BC??? ,
Help will lead to success.
10-18-2009 11:27 AM
Hello Altaf,
practical results of a single rate 3 colors policer with rate= 4 Mbps
and of a dual rate 3 colors policers with PIR= 4 Mbps.
the first accomodates 4 Mbps and a burst over $ Mbps but for a single interval.
the two rates policer is able to sustain 4 Mbps for every interval because tokens are allocated to fill
Bc= cir/32
and Be = (pir-cir)/32
at every interval.
the single rate policer fills Bc with
CIR1 = 4 Mbps /32;
if Bc is full a spillage goes to Be token bucket.
Be is filled by what is not used in previous time intervals.
So Be starts full but if it is used it is not available in the next time interval.
In your case I would use a single rate 3 colors with CIR= 4 Mbps.
Hope to help
Giuseppe
10-18-2009 12:11 PM
quislar,
U have mentioned in my case u have configured single rate why ?? pls explain.
what i understand Dual rate three colour policer is good as if it is sending sustain 4Mbps every interval becz both buckets are getting filled at a time Bc + Be.As i have read in books the Be calculated when PIR configured is from PIR/32,but in my mail above the Bc+Be why???
If so PIR is configured then the PIR would be maximum the SLA or less than the SLA,In my case the SLA is 4Mbps then the configs would we seem like below.
police cir 2000000 pir 4000000 conform-action transmit exceed-action transmit violate-action drop.
quislar,u told me that single rate three colouir will be best in my case so the configs i have prepared below do they r correct pls confirm ????
police cir 4000000 conform-action transmit exceed-action transmit violate-action drop.
Question3: Attaching the file,i have tested the configs by sending the 50000 packets towards ISP and the output is in attached,have a look in there are voilate action but no exceed action as per my knowledge the packets will get excced first then they will voilate the contract??? here i dont see any exceed packets??? correct if am wrong????
Earl in slot 5
26667688 bytes
5 minute offered rate 325400 bps
aggregate-forwarded 26269860 bytes action: transmit
exceeded 0 bytes action: transmit
violated 397828 bytes action: drop
aggregate-forward 400464 bps exceed 0 bps violate 5872 bps
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: