Auto-QoS tagging through WAN connections

Adam Hudson · ‎09-24-2015

I have three locations with Cisco IP phones. Let's call them home, location 1 and location 2. All traffic comes back to the phone servers housed at the home location. I want to set up QoS for my phones and it looks like Auto QoS is the easiest way to do this.

I have my phone traffic broken out into it's own VLAN. After reading this documentation ( http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/qos/configuration_guide/b_qos_152ex_2960-x_cg/b_qos_152ex_2960-x_cg_chapter_011.html#ID463 )
it looks like all I need to do is add 'auto qos voip cisco-phone' to my ports with phones plugged into them. As well as adding 'auto qos trust' to ports connecting to a "trust router or switch".

Attached is a rough diagram. For traffic flow, the default path for traffic between Home and Location 1 is the fiber between the switches. Between Location 1 and 2 the default path is the MPLS connection. And Home gets to Location 2 via Location 1.

I have several questions:

1) When everything's working, phone traffic flows like this: Phone Server---Home Core Switch---Location 1 Core Switch---Location 1 router---MPLS---Location 2 Core Switch. So I know I'm going to apply 'auto qos trust' to the interfaces connecting Home core switch and Location 1 Core Switch. But, how do I handle the MPLS connection and the Location 1 router? Would I just apply that command to the port that connects the Location 1 core switch and the router and also the interface on the Location 2 core switch that plugs into the MPLS? Could the router or the trip through the MPLS strip the QoS taggings off the traffic?

2) If any link is not working correctly, it can fail over via GRE tunnel through the internet to another location. Would I need to apply that 'auto qos trust' command on the ports that connect my core switches to the internet? (For Home and Location 1 this would be the ports connecting the core switches to the firewall directly I believe. For Location 2, that would the port connecting the core switch to the Router.)

Thanks in advance for any advice.

Richard Bradfield · ‎09-25-2015

Hi, On the routers you need to apply policy-maps to the WAN interfaces, there is plenty of documentation of how to go about this.

on the router mark the traffic as required, your voice traffic should already be marked, but you also need to give the voice control traffic some bandwidth so that needs to be marked. also any other application that needs some sort of priority needs to be marked as well.

then you create an out bound policy map giving voice the top priority,and the maximum bandwidth required by the voice traffic and required bandwidth for the other applications.

for your backup you need to do something similar

Adam Hudson · ‎09-25-2015

Richard, a few questions:

1) How would I match the policy on the router with the policies auto generated on the switches?

2) If I'm applying those policies for my backup failover connections, would I apply those policies to my GRE tunnels or the actual interface that connects to the firewall/router?

Richard Bradfield · ‎09-25-2015

Adam,

re 1) there is not a direct relationship between the auto QOS policies on the switches and the routers.That's why you have to classify packets coming in to the router, then generate the QOS policy for the WAN interface.

2) the policies would be applied on the Tunnel interfaces

HTH

Richard

Adam Hudson · ‎09-29-2015

Richard, I'm new to the world of QoS so excuse my ignorance. I don't quite understand what you're saying with point 1. As I understand it, running Auto-QoS on the switches classifies and creates the policy for me. Now on the router it was my assumption I could take those settings auto-generated on the switches and copy them manually to the router.

If that's not the case, how would I know what policy and settings to apply to the router?

Peter Koltl · ‎09-29-2015

Switches have hardware queues, routers have software queues. Therefore QoS configs are quite different. The only thing that propagates from a switch to a router is the DSCP field in the packet that the switch may have set. Routers usually have a QoS policy in egress direction while switches often have a (marking) ingress policy on access ports. The router policy-map usually takes the DSCP field into consideration.

Richard Bradfield · ‎09-29-2015

Adam, see link below for overview of QOS

http://www.cisco.com/web/about/ciscoitatwork/downloads/ciscoitatwork/pdf/Cisco_IT_Case_Study_QoS_print.pdf

brief config something like

Assuming packets marked correctly from switches

class-map match-any CONTROL
match ip dscp cs3

class-map match-any RT-VOICE
match ip dscp ef

below basic policy map for a 2Mbps WAN link
policy-map QOS_OUT_2MB
class RT-VOICE
priority percent 20
class CONTROL
bandwidth percent 3
class class-default
shape average 2000000 20000 20000
queue-limit 64 packets
random-detect dscp-based
random-detect dscp 0 32 64

Apply to WAN interface

interface GigabitEthernet0/1

service-policy output QOS_OUT_2MB

HTH

Richard.

Adam Hudson · ‎09-30-2015

Richard, Peter, it looks like Cisco does offer Auto-QoS for routers as well. That might be more my speed, partially because it looks like it would be easy to get information wrong while creating these QoS policies from scratch.

I'm still digging around because ideally what I'd like is something that would generate a proposed config, then I could go in and tweak it if necessary.