This discussion is locked

ASK THE EXPERTS - CAMPUS QOS

Unanswered Question
May 24th, 2010
User Badges:
  • Gold, 750 points or more

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on Campus QoS design and implementation QoS with Cisco expert Hatim Badr.  Hatim is a Network Consulting Engineer in Toronto, Canada, who for more than four years with Cisco Advanced Services has been helping Cisco customers across Canada design, implement, and optimize their networks.   He focuses in developing QoS policies, designing and implementing enterprisewide QoS solutions. Hatim has more than 10 years experience in the networking industry and holds CCIE certification in Routing and Switching (CCIE #14847).


Remember to use the rating system to let Hatim know if you have received an adequate response.


Hatim might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 4, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (16 ratings)
Loading.
Ganesh Hariharan Mon, 05/24/2010 - 05:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Hatim,


My genral question is why we need  Qos in LAN where you have open bandwidth of avg. 1 GBPS between switches and servers and switches to switches , which is sufficent for all types of traffic like data,voice and video ?


Ganesh.H

habadr Mon, 05/24/2010 - 07:49
User Badges:
  • Cisco Employee,

Hi Ganesh


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Thanks for your question and it is an excellent question to start our dicussion about Campus QoS. However to answer it I would quote the following paragraph from the Medianet Campus QoS Design 4.0 which explains very thoroughly. 

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html  



The case for Quality of Service (QoS) in WANs/VPNs is largely  self-evident because of the relatively low-speed bandwidth links at  these Places-in-the-Network (PINs), as compared to Gigabit/Ten Gigabit  campus networks, where the need for QoS is sometimes overlooked or even  challenged. This is sometimes due to network administrators equating QoS  with queuing policies only; whereas, the QoS toolset extends  considerably beyond just queuing tools. Classification, marking, and  policing are all important QoS functions that are optimally performed  within the campus network, particularly at the access layer ingress edge  (access edge).

Five strategic QoS design principles discussed in Chapter 1, "Enterprise  Medianet Quality of Service Design 4.0—Overview" are  relevant when deploying QoS in the campus:

Always perform QoS in hardware rather than  software when a choice exists. Cisco IOS routers perform QoS in  software. This places additional demands on the CPU, depending on the  complexity and functionality of the policy. Cisco Catalyst switches, on  the other hand, perform QoS in dedicated hardware Application-Specific  Integrated Circuits (ASICs) and as such do not tax their main CPUs to  administer QoS policies. You can therefore apply complex QoS policies at  Gigabit/Ten Gigabit line rates in these switches.

Classify and mark applications as close to  their sources as technically and administratively feasible. This  principle promotes end-to-end Differentiated Services/Per-Hop Behaviors.  Sometimes endpoints can be trusted to set Class of Service (CoS) of  Differentiated Services Code Point (DSCP) markings correctly, but this  is not always recommended as users could easily abuse provisioned QoS  policies if permitted to mark their own traffic. For example, if DSCP  Expedited Forwarding (EF) received priority services throughout the  enterprise, a user could easily configure the NIC on a PC to mark all  traffic to DSCP EF, thus hijacking network priority queues to service  their non-real time traffic. Such abuse could easily ruin the service  quality of real time applications (like VoIP) throughout the enterprise.

Police unwanted traffic flows as close to  their sources as possible. There is little sense in forwarding  unwanted traffic only to police and drop it at a subsequent node. This  is especially the case when the unwanted traffic is the result of Denial  of Service (DoS) or worm attacks. Such attacks can cause network  outages by overwhelming network device processors with traffic.

Enable queuing policies at every node where  the potential for congestion exists, regardless of how rarely  this in fact may occur. This principle applies to campus edge and  interswitch links, where oversubscription ratios create the potential  for congestion. There is simply no other way to guarantee service levels  than by enabling queuing wherever a potential speed mismatch exists.

Protect the control plane and data plane by enabling control plane policing (on platforms supporting this  feature) as well as data plane policing (scavenger class QoS) on campus  network switches to mitigate and constrain network attacks.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

I hope that answers your question and looking forward to hear your comment.

Thanks


Hatim Badr

amirkarimi Mon, 05/24/2010 - 12:36
User Badges:

Hi Ganesh,


I have a questions about our network,

We have about 300 users in 5 floors. If a user starts downloading a file then the BW gets saturated and other users access become very slow. How can I solve this issue? Should we use a L3 switch and use traffic shaping?

I'd like to know what hardware and technology should I use to take care of this issue.


I look forward to hearing from you.

Thanks,

Amir

habadr Mon, 05/24/2010 - 16:30
User Badges:
  • Cisco Employee,

Hi Amir,


It is hard to tell. Where are the users located and where are the servers.  Do these users access their data over the  WAN or it is in your campus network.

Do you have voice and Video in your network or it is just data. You may also have to look at your network design as well.



Please provide more details to understand the problem


Thanks


Hatim Badr

.

amirkarimi Mon, 05/24/2010 - 18:44
User Badges:

Hi,

First of all, sorry as I placed my reply in a wrong questions by mistake.


Well, I'm talking about a LAN in just a building with 5 floors.

We have an Internet BW of 5MB/s connected to a Cisco ASA firewall and from there, the inside interface is connected to some L2 switches. PCs are connected to these L2 switches too. We don't have any VLAN in our infrastructure.


How can I limit someone's Internet download or upload speed? or like Sales department? For example I want to limit Engineering department to have only 2MB/s download and 1MB/s upload and while they are not using this BW (Internet BW), other departments can use it.


By the way, I'm just talking about the data. No voice/video is involved.


Thanks,

Amir

mohdniyas Wed, 05/26/2010 - 21:24
User Badges:

Hi Hatim,


Can't we use rate-limit ing (CAR-Committed Access Rate) here, to limit the maximum download/upload limit to a group of users based on ACL?


Thanks,

Niyas

habadr Thu, 05/27/2010 - 14:08
User Badges:
  • Cisco Employee,



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Niyas

You are right normally we use what we call today Class based policing, CAR successor, to police traffic however in Amir’s scenario it will be difficult to understand the traffic pattern.

First we have 300 users most probably using Dynamic IP addressing (DHCP) so user’s IP Address may change. If you started configuring static IP Address then there be more administration overhead.

Second point assume that user 1 is watching a business related Video on siteA while user2 is watching non related business video on siteB . with polcing each user will get the same bandwidth since it will be very difficult for you to identify the video sources with just regular IP address or even if you use NBAR .

Using ironport Web security appliance will help you controlling web usage based on the policy that you will create plus it is an application proxy.

Thanks

Hatim Badr

mohdniyas Thu, 05/27/2010 - 22:58
User Badges:

Thank you Hatim

Ganesh Hariharan Mon, 05/24/2010 - 23:16
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Ganesh


Thanks for your question and it is an excellent question to start our dicussion about Campus QoS. However to answer it I would quote the following paragraph from the Medianet Campus QoS Design 4.0 which explains very thoroughly. 

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html  



The case for Quality of Service (QoS) in WANs/VPNs is largely self-evident because of the relatively low-speed bandwidth links at these Places-in-the-Network (PINs), as compared to Gigabit/Ten Gigabit campus networks, where the need for QoS is sometimes overlooked or even  challenged. This is sometimes due to network administrators equating QoS  with queuing policies only; whereas, the QoS toolset extends  considerably beyond just queuing tools. Classification, marking, and  policing are all important QoS functions that are optimally performed  within the campus network, particularly at the access layer ingress edge  (access edge).

#

Five strategic QoS design principles discussed in Chapter 1, "Enterprise  Medianet Quality of Service Design 4.0—Overview" are  relevant when deploying QoS in the campus:

#

Always perform QoS in hardware rather than  software when a choice exists. Cisco IOS routers perform QoS in  software. This places additional demands on the CPU, depending on the  complexity and functionality of the policy. Cisco Catalyst switches, on  the other hand, perform QoS in dedicated hardware Application-Specific  Integrated Circuits (ASICs) and as such do not tax their main CPUs to  administer QoS policies. You can therefore apply complex QoS policies at  Gigabit/Ten Gigabit line rates in these switches.

#

Classify and mark applications as close to  their sources as technically and administratively feasible. This  principle promotes end-to-end Differentiated Services/Per-Hop Behaviors.  Sometimes endpoints can be trusted to set Class of Service (CoS) of  Differentiated Services Code Point (DSCP) markings correctly, but this  is not always recommended as users could easily abuse provisioned QoS  policies if permitted to mark their own traffic. For example, if DSCP  Expedited Forwarding (EF) received priority services throughout the  enterprise, a user could easily configure the NIC on a PC to mark all  traffic to DSCP EF, thus hijacking network priority queues to service  their non-real time traffic. Such abuse could easily ruin the service  quality of real time applications (like VoIP) throughout the enter


Hi Hatim,


Very useful links for qos in campus network, just another question if you need to design a network what will be your opinion on campus qos implementation, would you recommend client to go for qos as recommended practices or not .


Ganesh.H

habadr Tue, 05/25/2010 - 15:56
User Badges:
  • Cisco Employee,

Hi Ganesh;



Thanks Ganesh for your response. It always depends on customer's requirements however with the current business and application requirement and video evolution in the enterprise networks, my first recommendation is to build end to end QoS strategy. Start with QoS application profiling (Data, Voice and Video) and then build your QoS design. I will not worry about implementation and how can I configure the QoS tools sets from Classification, Marking, policing and queuing till alter stage. Implementation will be very easy if you put you have QoS strategy.



I hope this answer your question.



Thanks



Hatim Badr

Ganesh Hariharan Tue, 05/25/2010 - 21:40
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Ganesh;




Thanks Ganesh for your response. It always depends on customer's requirements however with the current business and application requirement and video evolution in the enterprise networks, my first recommendation is to build end to end QoS strategy. Start with QoS application profiling (Data, Voice and Video) and then build your QoS design. I will not worry about implementation and how can I configure the QoS tools sets from Classification, Marking, policing and queuing till alter stage. Implementation will be very easy if you put you have QoS strategy.




I hope this answer your question.




Thanks




Hatim Badr

Hi Hatim,


Thaks for providing valuable suggestions


Ganesh.H

youssef.el.fathi Mon, 05/24/2010 - 05:03
User Badges:


Hello Hatim,



I was working on a Frame Relay network with QoS implementation (CCIE training).

So we can use CBTS to simulate FR Traffic-Shaping. I saw a scenario where CBTS was applied with the match fr-dlci and the solution told that CBTS does not support adaptive FR traffic shaping, but we can use the shape average command.


My question is what are the exact rules, when simulating Frame Relay Traffic Shaping with CBTS?


Thanks


Youssef

habadr Mon, 05/24/2010 - 09:23
User Badges:
  • Cisco Employee,



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Youssef,

There are few restriction when using Adaptive shaping with MQC FRTS. Can you please explain more about what is not not supported regarding adaptive traffic shaping with MQC based FRTS.

http://www.cisco.com/en/US/partner/docs/ios/wan/configuration/guide/wan_mqc_fr_tfshp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056219

I can see this is in prepration for CCIE exam which you should always answer  as the per question however in real life scenarions it is recommended that adaptive shaping be disabled and that the minimum CIR be set equal to the CIR (which means there is no “rating down”). An exception to this rule would occur if a tool such as Frame Relay voice-adaptive traffic shaping was deployed.

I will be happy to answer your quesiong regding FRTS however this dicussion is for Campus QoS  (Cisco Catalyst switches 2950/ 2960/ 3550/3560 3750/4500 and 6500).

Thanks


youssef.el.fathi Tue, 05/25/2010 - 02:05
User Badges:

Hatim,


First of all thanks for replying, even my question is off-topic. In fact, i was talking about only using MQC without mixing it with map-class, i know that in this mode adaptive shaping will work.


So here is an example to illustrate my issue :


class-map DLCI_101

match fr-dlci 101


!

class-map DLCI_102

match fr-dlci 102

!
policy-map PM_FR
class DLCI_101
shape peak 128000 6400 6400
class DLCI_102
shape peak 256000 12800 12800
!
interface Serial 0/0/0
service-policy output PM_FR
!
This example works fine, but as i wrote in my first post, is adaptive shaping working in this case? if not what are the rules regarding this type of implementation. I know that in real world i will certainly implement like in the link you gave me.



Regards.


Youssef
habadr Thu, 05/27/2010 - 13:13
User Badges:
  • Cisco Employee,

Hi Yousef,


Adaptive traffic shaping for Frame Relay networks  is not supported using the Class-Based Shaping feature. You have to use MQC FRTS to enable adaptive shaping.


Thanks


Hatim Badr

youssef.el.fathi Thu, 05/27/2010 - 13:27
User Badges:

Hi Hatim,


Thank you, now it is clear for me.


Really appreciate.


Regards.


Youssef

j.shrewsbury Mon, 05/24/2010 - 10:00
User Badges:

Greetings,


I have noticed that some times the Queuing strategy (in the output of show interface) shows "fair-queuing" and other times it shows "class-based" with a service-policy applied to an interface. I want to ensure when I apply a policy that it is working correctly, is this just software discrepency? Or is CBWFQ not active when the status shows "fair-queuing'?

habadr Mon, 05/24/2010 - 16:20
User Badges:
  • Cisco Employee,

Greetings,


Do you mean you the Queuing strategy as "weighted fair OR fifo" when there is no policy map applied to interface and then you see Queuing strategy as "class-based" when applying the QoS policy map.


If that is the case then the weighted fair OR fifo are the default depending on the interface type for example Ethernet interface queuing strategy is fifo by default while serial interface are weighted fair  by default.


Appreciate if you can provide more details to better answer your question


Thanks


Hatim Badr

amirkarimi Mon, 05/24/2010 - 16:32
User Badges:

Hi,


Well, I'm talking about a LAN in just a building with 5 floors.

We have an Internet BW of 5MB/s connected to a Cisco ASA firewall and from there, the inside interface is connected to some L2 switches. PCs are connected to these L2 switches too. We don't have any VLAN in our infrastructure.


How can I limit someone's Internet download or upload speed? or like Sales department? For example I want to limit Engineering department to have only 2MB/s download and 1MB/s upload and while they are not using this BW (Internet BW), other departments can use it.


By the way, I'm just talking about the data. No voice/video is involved.


Thanks,

Amir

habadr Thu, 05/27/2010 - 10:40
User Badges:
  • Cisco Employee,

My applogies for late response  but I replied to you via my email but for some reason it did not post it.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Arial; mso-bidi-theme-font:minor-bidi;}

I think the best solution for you would be an Ironport web security appliance. It is used for web usage control and web filtering. For more details please go to

http://www.cisco.com/en/US/partner/products/ps10164/index.html

Thx

Hatim Badr

Mohamed Sobair Tue, 05/25/2010 - 06:36
User Badges:
  • Gold, 750 points or more

Hi Hatim,


Its a pleasure to meet you here discussing a bout Campus QOS.


I have three questions:


1- If I needed to implement QoS in a campus Network, and they have a native vlan which is one part of the user traffic which needs to be markes in the trusted boundary? How would I do this for the native vlan (Layer-2) boundary?


2- Have you ever used values 6 & 7 in the type of servis field (TOS) which are reserved for ECN as per the RFC, and how is it exactly configured on the Switches. I mean how does a switch/router tells a host about ECN (This of Course if the host supports ECN).


3- What is the recommended marking mechanism closer to the source? DSCP or IP precedence ? and why?



Appreciate it,


Mohamed

habadr Wed, 05/26/2010 - 00:39
User Badges:
  • Cisco Employee,



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:Arial; mso-bidi-theme-font:minor-bidi;}

Hi Mohamed,

Thank you for your questions, please find my answers below

Q 1- If I needed to implement QoS in a campus Network, and they have a native vlan which is one part of the user traffic which needs to be markes in the trusted boundary? How would I do this for the native vlan (Layer-2) boundary?

Answer:  This may be challenging if you want to use Layer 2 802.1Q/p Class of Service (CoS) bits however it is recommended to classify/mark with IP DSCP value either by trusting DSCP or using untrusted model with Access list. Even layer 2 switches, except for older switches such as 4000 CATOS, will support trusting IP DSCP values.

Q 2- Have you ever used values 6 & 7 in the type of service field (TOS) which are reserved for ECN as per the RFC, and how is it exactly configured on the Switches. I mean how does a switch/router tells a host about ECN (This of Course if the host supports ECN).

Answer:  ECN is supported in Catalyst 4500 switches classic supervisors with its DBL "dynamic Buffer Limiting". DBL tracks the queue length for each traffic flow in the switch. When the queue length of a flow exceeds its limit, DBL drop packets or sets the Explicit Congestion Notification (ECN) bits in the packet headers. To enable ECN you should enter the following command

qos dbl exceed-action ecn

Implementing ECN requires an ECN-specific field that has two bits—the ECN-capable Transport (ECT) bit and the CE (Congestion Experienced) bit—in the IP header. The ECT bit and the CE bit can be used to make four ECN field combinations of 00 to 11. The first number is the ECT bit and the second number is the CE bit. Table below lists each of the ECT and CE bit combination settings in the ECN field and what the combinations indicate.

ECT Bit

CE Bit

Combination   Indicates

0

0

Not ECN-capable

0

1

Endpoints of the transport protocol are ECN-capable

1

0

Endpoints of the transport protocol are ECN-capable

1

1

Congestion experienced

Q3- What is the recommended marking mechanism closer to the source? DSCP or IP precedence ? and why?

Answer: It is always recommended to classify and mark closer to the source as technically and administratively feasible to promote end to end  Differentiated Services/Per-Hop Behaviors.

It is also recommended to use DSCP whenever possible which provide up to 64 classes of traffic and more importantly is to follow standards-based DSCP PHB markings to ensure interoperability and future expansion.

Thanks

Hatim Badr

Mohamed Sobair Wed, 05/26/2010 - 05:04
User Badges:
  • Gold, 750 points or more

Hatim,


According to your bellow Answers 1 & 2, I still have points not clear.


Answer (1):  This may be challenging if you want to use Layer 2 802.1Q/p Class of Service (CoS) bits however it is recommended to classify/mark with IP DSCP value either by trusting DSCP or using untrusted model with Access list. Even layer 2 switches, except for older switches such as 4000 CATOS, will support trusting IP DSCP values.


for the first statment, I mentioned how we can calssify/mark traffic for the native vlan, you said by CoS and DSCp, However, the CoS bits are carried in the tag field of the layer-2 header, So a native vlan by default shouldnt support marking based on CoS I beleive , or we will have to Modify Data Traffic to a non native vlan , Right?


For the second statment, How a layer-2 switches Could classify and Mark based on DSCP, while its layer-2 , meaning it doesnt look and forward at layer-3 , while we have DSCP and IP precedence part of the layer-3 header?


Answer(2):  ECN is supported in Catalyst 4500 switches classic supervisors with its DBL "dynamic Buffer Limiting". DBL tracks the queue length for each traffic flow in the switch. When the queue length of a flow exceeds its limit, DBL drop packets or sets the Explicit Congestion Notification (ECN) bits in the packet headers. To enable ECN you should enter the following command


Do you mean ECN is not supported on different Catalyst switches than 4500 series? the second point is that, does ECN needs another config to be added on the policy map or its just when the queue limit excedded it drops the packet?



**The last enquiry, ( I know its out of the Scope of this conversation), Could you let me know how ECN works in a router with an example**?



Thanks for your valuable input,


Mohamed

habadr Thu, 05/27/2010 - 05:23
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Mohamed,


Sorry for late response however I used my email to reply to you yesterday but for some reason it was not added to the discussion. Please find my comments inline



Q: for the first statement, I mentioned how we can classify/mark traffic for the native vlan, you said by CoS and DSCp, However, the CoS bits are carried in the tag field of the layer-2 header, So a native vlan by default shouldn't support marking based on CoS I believe , or we will have to Modify Data Traffic to a non native vlan , Right?

        Hatim: You are right and that is why I said it challenging I should say it is not possible to classify based on Layer 2 COS for native VLAN if not tagged.


Q: For the second statement, How a layer-2 switches Could classify and Mark based on DSCP, while its layer-2 , meaning it doesn't look and forward at layer-3 , while we have DSCP and IP precedence part of the layer-3 header?


        Hatim: Most of layer 2 switches are able to look at the Layer 3 header and classify/mark IP DSCP. Few older Layer 2 switches are not able to look at Layer 3 header, can you tell me which Switches you are looking for and I'll be able to tell you if it supports IP DSCP classifying and marking.



Q:   ECN Do you mean ECN is not supported on different Catalyst switches than 4500 series? the second point is that, does ECN needs another config to be added on the policy map or its just when the queue limit excedded it drops the packet?


 

       Hatim: ECN is not supported in all Catalyst switches and so far it is only supported 4500. No more configuration required.


Q **The last enquiry, ( I know its out of the Scope of this conversation), Could you let me know how ECN works in a router with an example**?


    I Will be happy to answer your question however there is a very good article about ECN that can be found at

    http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftwrdecn.html


Please let me know if you need more clarification.


Thanks again for your questions


Hatim Badr

gregokada Thu, 05/27/2010 - 14:25
User Badges:

Hi,


I would like to thank you in advance for your help.


We are having problems identifying the discarded packets on a 9MB multilink ppp interface which has 6 serial T1 interfaces binded into a single multilink interface.  Here are the configurations:



controller T1 0/0/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/2/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/2/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
class-map match-any Business-Critical
match access-group 145
class-map match-any Best-Effort
match access-group 146
class-map match-any Voice-RTP
match ip dscp ef
match ip dscp cs3
match ip dscp af31
match access-group 148
class-map match-any Priority-Data
match access-group 141
class-map match-any Mission-Critical
match access-group 143
!
!
policy-map queuing-policies
class Voice-RTP
  set ip dscp ef
  priority percent 50
class Priority-Data
  set ip dscp af41
  bandwidth remaining percent 15
class Mission-Critical
  set ip dscp af31
  bandwidth remaining percent 20
class Business-Critical
  set ip dscp af21
  bandwidth remaining percent 25
class Best-Effort
  set ip dscp default
  bandwidth remaining percent 40

interface Multilink2
description MPLS to Sprint PE DS-3
bandwidth 9216
ip address 10.130.7.42 255.255.255.252
ip accounting output-packets
ip flow ingress
no peer neighbor-route
no cdp enable
ppp multilink
ppp multilink fragment disable
ppp multilink group 2
service-policy output queuing-policies

interface Serial0/0/0:0
bandwidth 1544
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
!
interface Serial0/0/1:0
bandwidth 1544
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
!
interface Serial0/1/0:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/1/1:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/2/0:0

bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/2/1:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2

access-list 148 remark Voice Queue 50 percent
access-list 148 permit udp any host 10.130.19.228 range 1719 1720
access-list 148 permit tcp any host 10.130.19.228 range 1719 1720
access-list 148 permit udp any host 10.130.19.225 range 1719 1720
access-list 148 permit tcp any host 10.130.19.225 range 1719 1720
access-list 148 permit udp any host 10.130.33.132 range 1719 1720
access-list 148 permit tcp any host 10.130.33.132 range 1719 1720
access-list 148 permit udp any host 10.130.33.133 range 1719 1720
access-list 148 permit tcp any host 10.130.33.133 range 1719 1720
access-list 148 permit udp any 10.235.1.128 0.0.0.31
access-list 148 permit udp any 10.235.1.192 0.0.0.31
access-list 148 deny   ip any any

ROS-W2#sho int multilink2
Multilink2 is up, line protocol is up
  Hardware is multilink group interface
  Internet address is 207.130.7.42/30
  MTU 1500 bytes, BW 9216 Kbit, DLY 100000 usec,
     reliability 255/255, txload 8/255, rxload 13/255
  Encapsulation PPP, LCP Open, multilink Open
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 2 seconds on reset
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 1d01h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 325487
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/64/325487 (size/max total/threshold/drops)
     Conversations  0/7/16 (active/max active/max total)
     Reserved Conversations 4/4 (allocated/max allocated)
     Available Bandwidth 2304 kilobits/sec
  5 minute input rate 484000 bits/sec, 63 packets/sec
  5 minute output rate 302000 bits/sec, 72 packets/sec
     6261395 packets input, 3525337169 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     4922917 packets output, 1719617769 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions


The problem is trying to correct the output drops in the configuration as these are voice grade packets.  Please advise....

ahmeds@ca.ibm.com Thu, 05/27/2010 - 15:43
User Badges:

Hi Hatim:


I have two questions please:

1- when preforming traffic queueing, do that take place only when there is a network congestion or queues take effect all time regardless? What happens when priority queue is implemented too?

2- is there any commands on L3 switches such as 3560, 3750 and 4500 series that we can use to verify traffic stats on QoS policies similar to "sh policy-map int <> on ISR?


Regards;

Ahmed

habadr Thu, 05/27/2010 - 16:56
User Badges:
  • Cisco Employee,
/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Ahmed,

Thank you for your questions please see my answers inline



  Normal   0           false   false   false     EN-US   X-NONE   AR-SA                                        MicrosoftInternetExplorer4                                                                                                                                                                                                                                                                                                                          Normal   0           false   false   false     EN-US   X-NONE   AR-SA                                        MicrosoftInternetExplorer4                                                                                                                                                                                                                                                                                                                        1- When performing traffic queuing, do that take place only when there is a
network congestion or queues take effect all time regardless?  What happens
when priority queue is implemented too?


Answer: It will only take place during interface congestion. The priority queue PQ is serviced first until it is empty expect 4500 switches

where you can allocate bandwidth for PQ as well where it will The priority queue is serviced first until it is empty or until it is under its limited rate.


2-    Is there any commands on L3 switches such as 3560, 3750 and 4500 series that we can use to verify traffic stats on QoS policies similar to

"sh policy-map int <> on ISR?


Answer: The same command is available in 3560, 3750 ad 4500 switches however unfortunately bytes counters which show the packet statistics

is not incrementing in 3560 and 3750. In 3560 and 3750 this command is only used for reviewing the policy map applied to an interface.


On the other for 3560/370 switches the show mls qos interface GigabitEthernet
x/y/x statistics command is will help you to verify each interface queuing.
For example and details please visit :
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1099462
 

Thanks


Hatim  Badr

habadr Thu, 05/27/2010 - 16:15
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Greetings

Can you issue the following command to see in which class pakcets are dropped

show policy interface multilink 2

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}


Also it will be good to look at the multilink interface bundle

show ppp multilink


There are few other issues that I would like to comment on regradign your QoS configuraiton

1-      In addition to EF traffic you put IP DSCP cs3 and AF31 and an ACL traffic in the LLQ. I think your intent is to place call signaling in LLQ as well.


It is recommended creating another class for call signaling traffic and place it in a class other than LLQ however even if you want to put call signaling in LLQ I would suggest implement Dual LLQ  where two separate implicit policers will be provisioned, one each for the voice class and another for the call signaling, yet there remains only a single strict-priority queue, which is provisioned to the sum of all LLQ classes. Traffic offered to either LLQ class is serviced on a first-come, first-serve basis until the implicit policer for each specific class has been invoked. For example, if the call signalling class attempts to burst beyond its configured bandwidth rate then it is dropped. In this manner, both voice and call signaling are serviced with strict-priority, but do not starve data flows, nor do they interfere with each other.


2-      Do you implement CAC (Call admission control) in your call manager to control the number of voice calls over you WAN.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} 3-    I noticed the following configuration

interface Multilink2
description MPLS to Sprint PE DS-3
bandwidth 9216
ip address 10.130.7.42 255.255.255.252

     Interface bandwidth commands should be defined only on the physical interfaces, not on multilink interfaces. This way, if any physical interfaces go down, the Cisco IOS Software will reflect the change in the multilink interface’s bandwidth for routing and QoS purposes. This change can be verified by the show interface command. However, if a bandwidth statement is configured under the multilink interface, the bandwidth value for the interface will be static even if an underlying physical interface is lost.

   I4-  noticed is the following configuration

class Mission-Critical
  set ip dscp af31
   bandwidth remaining percent 20


Althouhg this class is not in effect for now since I do not see ACL 143 in your config, it means that such trafficwill treated as prioty or LLQ traffic later in your network.sicne you are configuring


class-map match-any Voice-RTP
match ip dscp ef
match ip dscp cs3
match ip dscp af31
match access-group 148


It is important to have consistent end to end Classification and marking policy to make sure traffic will be placed in the proper queue.


I'm assuming that your Service provided is provission 50% of the link bandwidth for your LLQ.


Thanks


Hatim Badr

gregokada Fri, 05/28/2010 - 13:42
User Badges:

Hatim,


Thank you for your efforts in attempting to help us resolve our issues.   We appreciate it greatly.  I will provide additional information that you requested as we attempt to apply some of the changes you recommended. 


Thank you!


Gregory

gregokada Fri, 05/28/2010 - 17:16
User Badges:

Hatim,


Thanks for being patient, I have some output that you requested:


*** show policy interface multilink 2  - Please refer to the attached file for the output..

     NOTE:  I had to issue the show policy-map interface multilink2 in order to work because there is a "policy-manager" parameter that is included in the command.


*** sho ppp multilink  - Please refer to the attached file for the output of the command.


Item 1) In addition to EF traffic you put IP DSCP cs3 and AF31 and an ACL traffic in the LLQ. I think your intent is to place call signaling in LLQ as well.

*** Thank you for pointing this out.  We will be removing all other instances other than ef from that class match.


*** The bandwidth statement you pointed out will be removed from the multilink.  Thank  you for your input and I will let you know the results of our changes after we get approval for implementation.


Kind regards,


Gregory Okada

Sr. Network Engineer

habadr Sat, 05/29/2010 - 19:50
User Badges:
  • Cisco Employee,

Hi Gregory,


As I can see from the policy-map output that All classes are in effect since there are pakcets matched. So you should change the Mission-Critical class mentioned earlier immedialty since packets will be marked as AF31.


Also the Best-Effort class is not required. I suggest you remove it and add its configuration to class-default which is always there for all packets that not matched any class.


policy-map queuing-policies
no class  Best-Effort
class class-default

  set ip dscp default
  bandwidth remaining percent 40


After you remove call signaling packets from LLQ. I suggest that you calcualte the number of calls that your LLQ can carry based on your codec. In total you have around 4600 Kbps in LLQ. Please use the Voice Codec Bandwidth Calculator tool at


http://tools.cisco.com/Support/VBC/do/CodecCalc1.do


Thx


Hatim Badr

IHCowan Fri, 05/28/2010 - 12:55
User Badges:

Hi Hatim,


I originally put this in the wrong forum so I'm re-posting it here:


I have a question about QoS on the Catalyst 3560 switch.  When the priority queue is in "shaped mode", is the assigned bandwidth limited to the configured amount or can the priority queue consume more than it's allocated bandwidth.


For example, I know the "srr-queue bandwidth shape 3 0 0 0" command puts Queue 1, the priority queue, in shaped mode and that it is guaranteed one-third of the interface's bandwidth.  Is the priority queue limited to just one-third or can it consume more than this?


Cisco's documentation is sketchy on this and I have found conflicting descriptions elsewhere on how this works.


For example, have a look at the answer to the 3rd Question in the Quick Questions and Answers section of this article.  The author seems convinced that the priority queue can consume more than it's allocated amount and later in the Q&A mentions he has even tested this to be true.


http://blog.ine.com/2008/06/26/quick-notes-on-the-3560-egress-queuing/


Thanks in advance for your response.


Ian.

habadr Fri, 05/28/2010 - 22:00
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}

Hi Ian,

I know it is confusing but that is true, Priority Queue will override all SRR shaped and shared weights for queue 1. SRR services this queue until it is empty before servicing the other queues even if required all interface bandwidth. Please have a look at this link for more details but the summary is as follows:

·         If the egress expedite queue is enabled, it overrides the SRR shaped and shared weights for queue 1.

·         If the egress expedite queue is disabled and the SRR shaped and shared weights are configured, the shaped mode overrides the shared mode for queue 1, and SRR services this queue in shaped mode.

·         If the egress expedite queue is disabled and the SRR shaped weights are not configured, SRR services this queue in shared mode.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/guide/swqos.html#wp1250091

Although it is recommended to enable priority queue when using Voice traffic it is important to control the type of traffic you place in Priority Queue. The QoS toolset extends considerably beyond just queuing tools and when implemented properly will protect from Priority queue starving. Classification, marking, and policing are all important QoS functions that are optimally performed within the campus network to ensure proper QoS implementation.

I hope that will clarify you concerns and please let me know if you need more information.

Thanks

Hatim Badr


Ben Alex Sat, 05/29/2010 - 09:41
User Badges:

Hi Hatim


Can you tell me what is the use the the priority-queue out  in the output below:

In my opinion since SRR is in shared mode only the priority queue command is not doing anything.  unless I have a srr-queue bandwidth shape



interface GigabitEthernet0/15
description XXXXXXXXXXX
no switchport
bandwidth 40000
ip address 172.26.1.1 255.255.255.252
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust cos
auto qos voip trust




Thanks

habadr Sat, 05/29/2010 - 19:18
User Badges:
  • Cisco Employee,

Greetings


Priority Queue will override all SRR  shaped and shared weights for queue 1 (Priority Queue) . SRR services this queue (PQ) until it  is empty before servicing the other queues even if it requires all  interface bandwidth.


  1. If the egress expedite queue is enabled, it  overrides the SRR shaped and shared weights for queue 1.
  2. If the egress  expedite queue is disabled and the SRR shaped and shared weights are  configured, the shaped mode overrides the shared mode for queue 1, and  SRR services this queue in shaped mode.
  3. If the egress  expedite queue is disabled and the SRR shaped weights are not  configured, SRR services this queue in shared mode.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_50_se/configuration/guide/swqos.html#wp1250091


Thanks


Hatim Badr

habadr Sat, 05/29/2010 - 19:31
User Badges:
  • Cisco Employee,

SInce we are talking about QoS toolset I thought let me show you the QoS port roles based on the QoS toolset. I;m Just copying it from Medianet campus QoS design 4.0 

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1098248


The policy elements discussed thus far can be grouped into roles that various switch ports serve within the medianet campus architecture, such as:

Switch ports connecting to untrusted endpoints:

Endpoint examples include  (unsecured/unmanaged) PCs, PDAs, printers, or other devices.

Trust should be disabled on  these ports.

Optional ingress marking or policing  policies (such as data plane policing policies) may be configured  on these ports.

Ingress queuing policies (if supported and if required due to oversubscription scenarios, such as switch stacks) may be configured on these ports.

Egress queuing policies that support (at a minimum) 1P3QyT queuing should be configured on these ports, preferably with DSCP-to-queue mapping.

Switch ports connecting to trusted  endpoints:

Endpoint examples include secure/centrally-managed PCs and servers, IP video surveillance (IPVS) units, IP conferencing stations, wireless access points, analog and videoconferencing gateways, and similar other devices.

Static trust policies should be configured on these ports, preferably DSCP-trust for maximum classification and marking granularity.

Optional ingress marking or policing  policies (such as data plane policing policies) may be configured  on these ports.

Ingress queuing policies (if supported and if required due to oversubscription scenarios, such as switch stacks) may be configured on these ports.

Egress queuing policies that support  (at a minimum) 1P3QyT queuing should be configured on these ports, preferably with DSCP-to-queue mapping.

Switch ports connecting to  conditionally-trusted endpoints:

Endpoint examples include Cisco IP phones and Cisco TelePresence systems.

Conditional trust policies should be configured on these ports, preferably in conjunction with DSCP-trust extension, for maximum classification and marking granularity.

Optional ingress marking or policing  policies (such as data plane policing policies) may be configured  on these ports.

Ingress queuing policies (if supported and if required due to oversubscription scenarios, such as switch stacks) may be configured on these ports.

Egress queuing policies that support  (at a minimum) 1P3QyT queuing should be configured on these ports, preferably with DSCP-to-queue mapping.

Switch ports connecting to switch (or  router) ports:

Access/distribution uplinks/downlinks; distribution/core uplinks/downlinks; core links; and campus-to-WAN/VPN-edge links

Static trust policies should be configured on these ports, preferably DSCP-trust for maximum classification and marking granularity.

Optional ingress marking or policing  policies (such as data plane policing policies) may be configured  on these ports.

Egress queuing policies that support  (at a minimum) 1P3QyT queuing should be configured on these ports, preferably with DSCP-to-queue mapping. However, switch platforms/linecards that support 1P7QyT queuing are preferred at the distribution and core layers for increased queuing granularity at these aggregation layers.

Distribution downlinks (to the access layer) may be configured with microflow policing or User-Based Rate Limiting (UBRL) to provide a potential second line of policing defense for the medianet campus network.


As you can see QoS toolset will  be applied based on the port role. It is important to define the port role and then map the appropriate QoS toolset.


Thanks


Hatim Badr

cbarras Mon, 05/31/2010 - 02:39
User Badges:

Dear Hatim,

I have some question regarding the deployment of QoS in campus.


Here  they are:

  • Is there any kind of command to see the buffer occupancy in Catalyst 3750? We’ve needed to modify the buffer configuration to support our applications (with the default values the application performance was dramatically reduced) and we would like to check if the current configuration is fine (or if it can be optimize).
  • Is it possible to know the buffer size in Catalyst3750. I’ve found some information, but outside Cisco (I’ve read something about the catalyst3750-E where100% of buffer space is equal to 500 particles (Cisco Cells) at 256 Bytes each).
  • Is there any updated documentation in Cisco for Medianets that includes RFC 5127 for Aggregation of DiffServ Service classes?
  • Is there any QoS guidelines for Telepresence? I’ve read Cisco recommends platform Catalyst3570 to connect TP, but based on my previous experience maybe this platform has not enough buffer to support correctly this traffic. What happens if I use the same cat3750 for TP and other devices? Is this recommended?
  • What tool would you recommend to monitor and configure QoS in Campus LAN? As show policy in Cat3750 doesn’t give any information about the rates, it could be monitoring using other tool? Another question, that issue with show policy command in Catalyst is going to be corrected in a later version?
  • What is the different between Lan Base and IP Services software regarding the QoS? I mean, could I use Lan Base software for sites with VoIP and Video or even TP?
  • I’m planning to install Cat2960 for sites with Video and VoIP. Do you think this model is fine regarding the QoS for supporting these two traffics (apart from the business traffic)? Does it have the same issues with show policy as the model CAt3750?
  • Right now, our applications are being marked in the WAN router and they have some guaranteed bandwidth using CAR. We want to move the application marking to the distribution or access layer. Is this a good option? Has Cisco any tool to discover and marking applications?


Thank you very much in advance. I really appreciate this opportunity to ask you QoS questions.

Best regards,

Carolina

habadr Tue, 06/01/2010 - 06:18
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Carolina,


Sorry for late response but I have problem when replying through email. I have to login to the Netpro and answer the question.


Please find my answers inline


Q Is there any kind of command to see the buffer occupancy in Catalyst 3750? We’ve needed to modify the buffer configuration to support our applications (with the default values the application performance was dramatically reduced) and we would like to check if the current configuration is fine (or if it can be optimize).


Answer: I think you mean the egress queue buffer/threshold details which you can see by issuing the following command


show mls qos queue-set

Queueset: 1

Queue     :       1       2       3       4

----------------------------------------------

buffers   :      25      25      25      25

threshold1:     100      80     100      60

threshold2:     100      90     100     100

reserved :     100     100     100     100

maximum   :     100     400     400     400

 
Queueset: 1
Queue     :       1       2       3       4
----------------------------------------------
buffers   :      15      30      35      20
threshold1:     100      80     100      60
threshold2:     100      90     100     100
reserved  :     100     100     100     100
maximum   :     100     400     400     400


I believe you are referring to known bug CSCsc96037 where customers reported application slowness when applying QoS. This bug is resolved starting 12.2(25)SEE1 by increasing the threshold percentage to 3200 from 400. So if you encountered this issue then you can use the following global commands to increase the threshold for the impacted queue as follows


mls qos queue-set output 1 threshold 2 3200 3200 100 3200
mls qos queue-set output 1 threshold 3 3200 3200 100 3200


Assuming the egress port is using queue-set 1 (default), the above commands would allow traffic to Q2 and Q3 to use more of the buffers when needed. This is the maximum values after bug resolved however you do  not need to configure the maximum.


sh mls qos queue-set

Queueset: 1

Queue     :       1       2       3       4

----------------------------------------------

buffers   :      25      25      25      25

threshold1:     100    3200    3200     100

threshold2:     100    3200    3200     100

reserved  :      50     100     100      50

maximum   :     400    3200    3200     400

Queueset: 2

Queue     :       1       2       3       4

----------------------------------------------

buffers   :      25      25      25      25

threshold1:     100     200     100     100

threshold2:     100     200     100     100

reserved  :      50      50      50      50

maximum   :     400     400     400     400


You may also need to change the buffer allocation where you can allocate fewer buffer to Queue 1 which is the priority Queue when enabled. I recommend you to review the Medianet Campus QoS design to look at recommend buffer allocation for all queues.

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1098008



* Is it possible to know the buffer size in Catalyst3750. I’ve found some information, but outside Cisco (I’ve read something about the catalyst3750-E where100% of buffer space is equal to 500 particles (Cisco Cells) at 256 Bytes each).


Answer: I’m afraid to say that is not true.  It depends on several factors such as the buffer percentage and threshold percentage and the available buffer for each interface.



* Is there any updated documentation in Cisco for Medianets that includes RFC 5127 for Aggregation of DiffServ Service classes?


Answer: As far as I know there is no updated design documentation for RFC 5127. However based on my experience service providers started complying with RFC 5127 and preserving DSCP values.



Q Is there any QoS guidelines for Telepresence? I’ve read Cisco recommends platform Catalyst3570 to connect TP, but based on my previous experience maybe this platform has not enough buffer to support correctly this traffic. What happens if I use the same cat3750 for TP and other devices? Is this recommended?


Answer: Can you please clarify what do you mean by other devices however you can use 3750 to connect Telepresence system. As guideline it is recommend putting TP traffic in the priority queue.



Q What tool would you recommend to monitor and configure QoS in Campus LAN? As show policy in Cat3750 doesn’t give any information about the rates, it could be monitoring using other tool? Another question, that issue with show policy command in Catalyst is going to be corrected in a later version?

Answer: I know that is challenging and you are right show policy counters are always 0 and does not increment however there is another very useful command which tells you how many packet arrived with specific DSSCP value and how many remarked and left eh switch and also number of dropped packets. The command is

show mls qos interface GigabitEthernet 1/0/x 


The following is an example from Medianet campus QoS design v 4.0

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1099462


C3750-E#show mls qos interface GigabitEthernet 1/0/49 statistics
GigabitEthernet1/0/49 (All statistics are in packets)
 
  dscp: incoming
-------------------------------
 
 0 -  4 :        1729            0            0            0         0
 5 -  9 :           0            0            0            0         0
10 - 14 :           0            0            0            0         0
15 - 19 :           0            0            0            0         0
20 - 24 :           0            0            0            0         0
25 - 29 :           0            0            0            0         0
30 - 34 :           0            0            0            0         0
35 - 39 :           0            0            0            0         0
40 - 44 :           0            0            0            0         0
45 - 49 :           0       127292            0         1263         0
50 - 54 :           0            0            0            0         0
55 - 59 :           0            0            0            0         0
60 - 64 :           0            0            0            0 
 
  dscp: outgoing
-------------------------------
 
 0 -  4 :      947678            0            0            0         0
 5 -  9 :           0            0            0     23842155         0
10 - 14 :     1190043            0            0            0         0
15 - 19 :           0            0            0      1061726         0
20 - 24 :           0            0            0            0     10372
25 - 29 :           0            0            0            0         0
30 - 34 :           0            0            0            0   8320623
35 - 39 :           0            0            0            0         0
40 - 44 :           0            0            0            0         0
45 - 49 :           0       127291            0          784         0
50 - 54 :           0            0            0            0         0
55 - 59 :           0            0            0            0         0
60 - 64 :           0            0            0            0
 
  cos: incoming
-------------------------------
 
 0 -  4 :      130653            0            0          998         0
 5 -  7 :      127599          613         3156
 
  cos: outgoing
-------------------------------
 
 0 -  4 :      947754     25032199      1061726        10372   8320623
 5 -  7 :      127291          784         3462
 
  output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------
 queue 0:           0           0      127291
 queue 1:     9382416       10396        4246
 queue 2:           0           0      947611
 queue 3:    23842152     1190043           0
 
  output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------
 queue 0:            0            0            0
 queue 1:            0            0            0
 queue 2:            0            0            0
 queue 3:          892            0            0
 
Policer: Inprofile:            0 OutofProfile:            0



It shows a set of dynamically-updated packet statistic tables for an uplink port on an access layer Catalyst 3750-E switch that is primarily congested in the access-to-distribution direction. The first table shows the incoming DSCP values (from the distribution layer). DSCP values are broken into groups of 4. For example, incoming packets marked DSCP EF/46 are listed in the DSCP 45-49 row in the second column (in this case: 127,292 packets). The second table shows the outgoing packets (to the distribution layer) in a similar format. For example, DSCP CS1/8 is listed in the DSCP 5-9 row in the third column (23,842,155 packets). The third table shows incoming packets (from the distribution layer) by CoS values (again grouped in sets of 4); similarly the fourth table shows outgoing packets (to the distribution layer) by CoS values. The fifth and sixth tables are particularly interesting in terms of queuing statistics: the fifth table shows the number of packets assigned to each queue/threshold combination.



Q What is the different between Lan Base and IP Services software regarding the QoS? I mean, could I use Lan Base software for sites with VoIP and Video or even TP?


Answer: You should have the same QoS features in both of them.


Q I’m planning to install Cat2960 for sites with Video and VoIP. Do you think this model is fine regarding the QoS for supporting these two traffics (apart from the business traffic)? Does it have the same issues with show policy as the model CAt3750?


Answer: It has the same show policy issue as 3750 however it supports the same command shown above.


Q Right now, our applications are being marked in the WAN router and they have some guaranteed bandwidth using CAR. We want to move the application marking to the distribution or access layer. Is this a good option? Has Cisco any tool to discover and marking applications?


Answer: That will be a good idea since all marking and policing is processed in hardware in switches rather than software. Please have a look at my first response or go to http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1098008

For more details about why do we recommend utilizing campus switches QoS toolset.


Switches are able to classify based on IP DSCP, IP TOS, COS or through ACLs. And can mark packets with proper IP DSCP value reagdless if it is layer 2 or Layer 3 switch.



Please let me know if you need more details and I’ll be happy to answer them


Thanks


Hatim Badr

dgaar Mon, 05/31/2010 - 05:12
User Badges:

Hi Hatim,


a short time ago Cisco launched the new Catalyst 2960S/3560X/3750X series switches - as seen in the presentations these devices have a slightly different QoS setup as the predecessors.

Is there already an updated QoS design/config guide available which includes the changes for these models? (or: when will this available?)



kind regards

Dietmar

habadr Tue, 06/01/2010 - 09:11
User Badges:
  • Cisco Employee,

Hi Dietmar


There are no desgin docuemntation yet for 3750X QoS however sa you can noticed in  cisco.com that docuemntation is being added on daily basis for 3750X page. I expect that more documentaion will come as soon 3750X shipped to cusomters.


Thanks


Hatim Badr

tburke100 Tue, 06/01/2010 - 07:30
User Badges:


Hello Hatim,


Thank you for doing this.


I am preparing for certs, and have been wrestling with QoS.


It seems it used to be that you could get by without really understanding things like ingress buffer allocation and the

intricacies of egress queue bandwidth sharing calculations, (i.e. some of the older documentation explicitly says you probably shouldn't

mess with egress buffer sharing ratios) but now with video use growing they are becoming more important, so I really want to

understand this but don't have access to a 3750 to test.


I am trying to reconcile the following statements about egress queue schedulers for the 3750 from the design guides versus

the config guides. This may be really simple, but some of these concepts are quite abstract, and I think I am missing

something basic. Any help, or pointers to publicly available documentation that explains this, would be appreciated.


The Medianet Campus QoS Design 4.0 chapter (p 2-51) uses the following examples for the 3750:
(Note that the example in the Telepresence Network Systems 2.0 Design Guide is very similar)


SNIP


"! This section configures interface egress queuing parameters
C3750-E(config)#interface range GigabitEthernet1/0/1-48
C3750-E(config-if-range)# queue-set 1
! The interface(s) is assigned to queue-set 1
C3750-E(config-if-range)# srr-queue bandwidth share 1 30 35 5
! The SRR sharing weights are set to allocate 30% BW to Q2
! 35% BW to Q3 and 5% BW to Q4
! Q1 SRR sharing weight is ignored, as it will be configured as a PQ
C3750-E(config-if-range)# priority-queue out
! Q1 is enabled as a strict priority queue"


AND...


"(p 2-52) Example 2-26 Verifying Egress Queuing on a Catalyst 3750-E—show mls qos interface interface x/y queueing
C3750-E#show mls qos interface GigabitEthernet 1/0/1 queueing
GigabitEthernet1/0/1
Egress Priority Queue : enabled
Shaped queue weights (absolute) : 25 0 0 0
Shared queue weights : 1 30 35 5
The port bandwidth limit : 100 (Operational Bandwidth:100.0)
The port is mapped to qset : 1
C3750-E#
Example 2-26 shows that strict-priority queueing has been enabled on the interface, and that the queues Q2, Q3, and Q4

receive 30%, 35% and 5% of the remaining bandwidth, respectively."

END SNIP


This seems to imply that only 70% of the remaining bandwidth is used (?), and that the values configured for Q2-Q3-Q4

represent flat percentages, NOT ratios.


However, after stating that "With sharing, the ratio of the weights controls the frequency of dequeuing; the absolute values are meaningless", the 3750 Command Ref and Software Config Guides (p 36-78) say the following:


SNIP


"This example shows how to configure the weight ratio of the SRR scheduler running on an egress port. Four queues are used.

The bandwidth ratio allocated for each queue in shared mode is 1/(1+2+3+4), 2/(1+2+3+4), 3/(1+2+3+4), and 4/(1+2+3+4), which

is 10 percent, 20 percent, 30 percent, and 40 percent for queues 1, 2, 3, and 4. This means that queue 4 has four times the

bandwidth of queue 1, twice the bandwidth of queue 2, and one-and-a-third times the bandwidth of queue 3.


Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# srr-queue bandwidth share 1 2 3 4"


AND...


"(p 36-79) When you configure this (priority-queue out) command, the SRR weight and queue size ratios are affected because

there is one fewer queue participating in SRR. This means that weight1 in the srr-queue bandwidth shape or the srr-queue
bandwidth share command is ignored (not used in the ratio calculation)."


END SNIP


I interpret this as saying after the priority queue is enabled the above example used in the config guide would become,

(after removing the value of "1" for Q1 from the ratio calculation):


2/9 (2/(2+3+4)), 3/9 and 4/9 for Q2, Q3, and Q4,  respectively.


Is this correct?


If so, applying the theory to the examples in the Design Guides would result in the following:

Review of the config in question from the design guides:


"C3750-E(config-if-range)# srr-queue bandwidth share 1 30 35 5
C3750-E(config-if-range)# priority-queue out"


Ignore the vale of "1" for Queue 1,and apply the bandwidth ratios as described in the 3750 command ref:
 
Q2= 30/(30+35+5) = 30/70= 42.8% of the remaining bandwidth after priority queue 1 is serviced. 
Q3= 35/70 = 50%
Q4= 5/70=  7.2%

However, as previosuly noted, the design guides size them as flat percentages of total bandwidth available (30, 35, and 5,

respectively), and not as ratios.


What am I missing?


Thanks.


--Tim

habadr Thu, 06/03/2010 - 12:21
User Badges:
  • Cisco Employee,



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Tim,

I reviewed both and I realized that the Configuration guide is the more accurate. Thanks for pointing that out. I'll reach the author of the Design document for clarification.

Thanks

Hatim Badr

mario-leitao Tue, 06/01/2010 - 13:29
User Badges:

Hi,


     I got confused with WTD on 3750, What if I need to configure queue2 so that if it reaches 40% of utilization than it starts to drop just for cos2, Would that configuration bellow satisfies that? What else should I do?




mls qos srr-queue output cos-map queue 2 threshold 1 2



mls qos srr-queue output cos-map queue 2 threshold 2 3


mls qos queue-set output 1 threshold 2 40 100 100 100



interface FastEthernet0/1

queue-set 1

priority-queue out

habadr Tue, 06/01/2010 - 13:40
User Badges:
  • Cisco Employee,

Greetings



The configuration is accurate. Just got your information that queue-set 1 command in Interface level is redundant since this is the default.



Thanks



Hatim Badr

cbarras Wed, 06/02/2010 - 01:25
User Badges:

Dear Hatim,

I have some more questions regarding the deployment of QoS in campus.

Regarding qos DBL configuration in Catalyst4500.


I have this config:

This section enables and configures DBL


CAT4500(config)# qos dbl
CAT4500(config)# qos dbl exceed-action ecn


Do I need to configure dbl inside the class default?


CAT4500(config)# policy-map DBL
CAT4500(config-pmap)#class class-default
CAT4500(config-pmap-c)# dbl


I also wanted to configure this command:


Regarding the Telepresence, what I wanted to say was if I could have in the same cat3750 the TP system and end users or it's better to have the TP in a switch with no others devices connected.  As we are planning to have a switch dedicated for TP, could we use a cheaper one as Cat2960 (as this switch have the same QoS options than Cat3750).


Thank you very much for sharing you time with us.


Best regards,

Carolina

qos dbl dscp-based 0-45, 47-64 (that avoids dbl for traffic with dscp 46)


Do you have any recommendation about which other DSCP values shouldn't be in dbl?

habadr Wed, 06/02/2010 - 18:02
User Badges:
  • Cisco Employee,



/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Hi Carolina,

Regarding DBL you commands are accurate expect that you need to disable DBL for PQ traffic (DSCP 46, 40 and 32) as follows

no qos dbl dscp-based 32

no qos dbl dscp-based 40

no qos dbl dscp-based 46

DBL is explicitly disabled on DSCP CS4, CS5 and EF as these DSCP values are assigned to the PQ and as such should never experience congestion avoidance drops

The full configuration for dbl is as follows as extracted from Medianet Campus QoS Design guide

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1100731

C4500-CS(config)#qos dbl
 ! DBL is globally enabled
C4500-CS(config)#no qos dbl dscp-based 32
C4500-CS(config)#no qos dbl dscp-based 40
C4500-CS(config)#no qos dbl dscp-based 46
C4500-CS(config)#qos dbl exceed-action ecn
 ! DBL will mark IP ECN bits in the event of congestion
 
 ! This section configures the DBL policy-map
C4500-CS(config)#policy-map DBL
C4500-CS(config-pmap)# class class-default
C4500-CS(config-pmap-c)#  dbl
 ! DBL is enabled on all flows 
 ! (with the exception of DSCP CS4, CS5 and EF)

!Then you need to apply the policy map to the interface.

C4500-CS(config)#interface range GigabitEthernet 1/1-2
C4500-CS(config-if-range)# service-policy output DBL

I do not know how is your network design looks like but QoS perspective I would just plug  TP in the same switch as other traffic as well. I believe you are placing TP in the PQ which will be served fist all times. Moreover if you think to add  extra switch in the same closet to get more ports density I would prefer to use a 3750 stack switches for redundancies rather than using 2950. It is obvious that  2950 is cheaper but 3750 stack will give you more redundancy and flexibility.

Thanks

Hatim Badr

ravisambaji Wed, 06/02/2010 - 04:53
User Badges:

Cisco 6500 QoS on sub-interfaces


am using a Cat6504E (w/Sup32) and WS-X6408A as a hub router for Metro Ethernet.  I will configure the GigE ports facing MetroE as Layer 3 ports with subinterfaces, each subinterface having a distinct IP subnet with /30 address.


On each of these subinterfaces I would like to create a priority (low-latency) queue for my voice and video traffic.  I will configure other QoS classes for other traffic types.


How do I create such QoS policy?  MQC does not work for these subinterfaces.  Do I use PFC3-based queuing?  Can you point me to some examples?


and how the queuing works with sub-interfaces configured?



Regards

Ravi

habadr Wed, 06/02/2010 - 18:01
User Badges:
  • Cisco Employee,

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi Ravi,

Unfortunately egress shaping and policing is not supported in 6500 switches and the challenge that you will face when using the Hardware based (PFC) queuing that you cannot control how much traffic will be allowed in the PQ during congestion PQ may consume all interface bandwidth.

If you need to configure LLQ and egress shaping I would suggest using a router rather than 6500 switch. In fact using a router will help you deploy dual LLQ to protect voice from video and vice versa in the LLQ Please see my previous comments regarding Dual LLQ.

If you have to configure the 6500 please let me know you QOS policy(how many QoS classes do you have and their  IP DSCP values) and I can provide you the configuration.

Thanks

Hatim Badr

suthomas1 Thu, 06/03/2010 - 09:12
User Badges:

Hello Hatim,


I have small query on QOS. Assuming an environment with 2 layered approach, wherein hub layer has a non-cisco QOS(shaping device) and spoke sites have cisco routers as usual. Would it be recommended to apply QOS/shaping on both layers here.

If hub is doing shaping for all sites coming from spokes , would you recommend applying QOS also on all site cisco routers.


If so , please explain in brief so i can understand the concept.


Appreciate all your assistance on this!.


Thanks.

Actions

This Discussion