Solved: How do you prioritise traffic with QOS on a Cisco router?

technthusiast · ‎05-27-2017

I have a Cisco 1941 router and I want to be able to configure a QOS policy which attaches to the WAN port (Gi0/0) for all outgoing traffic.

I want to be able to give priority to traffic in a certain order without needing to specify minimum bandwidth.

I want traffic to be prioritised as it exits Gi0/0 going to the WAN provider in this order:

1: voice over ip

2: citrix

3: http/https

4: sql

5: all data to a /24 subnet

6: all other data

I have access lists to identify the following traffic: citrix, http/https, sql and /24 subnet.

ip access-list extended citrix
permit tcp any any eq 1494
permit udp any any eq 1494

permit tcp any any eq 2598

permit udp any any eq 2598

ip access-list extended http-https

permit tcp any any eq 80

permit tcp any any eq 443

ip access-list extended sql

permit tcp any any eq 1433

ip access-list extended dr-site

permit ip any 172.18.32.0 0.0.0.255

Then i have class maps:

class-map match-any voip
match dscp ef

match dscp af31

match dscp cs5

class-map match-any citrix
match access-group name citrix

class-map match-any http-https
match access-group name http-https

class-map match-any sql
match access-group name sql

class-map match-any dr-site
match access-group name dr-site

A Policy Map to put the above in to:

policy-map qos-to-wan

class voip

!!priority 1!!

class citrix

!!priority 2!!

class sql

!!priority 3!!

class http-https

!!priority 4!!

class dr-site

!!priority 5!!

class class-default

fair-queue

Then attach it outbound to Gi0/0

interface gigabitethernet0/0

service-policy output qos-to-wan

I think i mostly have it but i don't know how you say in the policy map that you want the priorities as listed above. When there is congestion i want the higher priority traffic to come ahead of the lower priority traffic. For example if the outbound link is at 100% bandwidth utilization i want to ensure that sql traffic will always be put before http-https traffic.

What's missing?

Georg Pauwen · ‎05-28-2017

Hello,

you could configure the egress queue on the interface and use SRR shaped weights. The idea is to set the classes to a certain DSCP value, which is mapped to one of the four egress queues, 0 thru 3 (which immediately points to the problem with this solution: you have five classes, but only four egress queues). Either way, in the configuration below, I have mapped the last two classes to queue 3, so they both get the same weight.

The DSCP values are the defaults that map to the four queues:

DSCP 47 = 0

DSCP 15 = 1

DSCP 31 = 2

DSCP 63 = 3

The srr queue assigns weights to each queue, 3 means 1/3 of 100.

So this is what you need to configure:

class voip
set dcsp 47

class citrix
set dscp 15

class sql
set dscp 31

class http-https
set dscp 63

class dr-site
set dscp 63

class class-default
fair-queue

interface GigabitEthernet0/0
srr-queue bandwidth shape 3 4 5 6

Hope this makes sense...

View solution in original post

Georg Pauwen · ‎05-28-2017

Hello,

the priority you configured (1,2,3,4,5) will assign 1,2,3,4,5 Kbps of traffic matching the class, which is not what you want.

Try the below instead:

policy-map qos-to-wan
class voip
priority percentage 30
class citrix
priority percentage 25
class sql
priority percentage 20
class http-https
priority percentage 15
class dr-site
priority percentage 10
class class-default
fair-queue

or (sorry, I guess you indicated that this is not what you want)...

policy-map qos-to-wan
class voip
bandwidth percent 30
class citrix
bandwidth percent 25
class sql
bandwidth percent 20
class http-https
bandwidth percent 15
class dr-site
bandwidth percent 10
class class-default
fair-queue

technthusiast · ‎05-28-2017

What I meant is I want the traffic to be prioritised in that order without needing to specifiy a minimum or maximum bandwidth allocation. I want to know how to prioritise the traffic in that order without needing to allocate a minimum bandwidth (whether 'bandwidth percent' or 'priority percent') to each one.

For example: I want citrix to be prioritised above sql, but i don't want to need to specify what minimum bandwidth it can use, I just want them to be prioritised in that order.

Georg Pauwen · ‎05-28-2017

Hello,

you could configure the egress queue on the interface and use SRR shaped weights. The idea is to set the classes to a certain DSCP value, which is mapped to one of the four egress queues, 0 thru 3 (which immediately points to the problem with this solution: you have five classes, but only four egress queues). Either way, in the configuration below, I have mapped the last two classes to queue 3, so they both get the same weight.

The DSCP values are the defaults that map to the four queues:

DSCP 47 = 0

DSCP 15 = 1

DSCP 31 = 2

DSCP 63 = 3

The srr queue assigns weights to each queue, 3 means 1/3 of 100.

So this is what you need to configure:

class voip
set dcsp 47

class citrix
set dscp 15

class sql
set dscp 31

class http-https
set dscp 63

class dr-site
set dscp 63

class class-default
fair-queue

interface GigabitEthernet0/0
srr-queue bandwidth shape 3 4 5 6

Hope this makes sense...

technthusiast · ‎05-29-2017

Are there only 4 queues available in total?

How did you work out those DSCP values - 47, 15, 31, 63?

Georg Pauwen · ‎05-29-2017

Hello,

there are indeed only 4 egress queues.

The default DSCP values to queue mappings are:

DSCP values 40–47 are mapped to queue 1
DSCP values 0–15 are mapped to queue 2
DSCP values 16–31 are mapped to queue 3
DSCP values 32–39 and 48–63 are mapped to queue 4

So the values I picked are random, you can pick any value from those ranges.

Does that make sense ?

Joseph W. Doherty · ‎05-30-2017

there are indeed only 4 egress queues.

On a 1941?

SRR on a 1941's built-in port?

Are you sure? I thought a 1941 supported ISR QoS.

Georg Pauwen · ‎05-30-2017

Joseph,

you are right, small but important detail: 1941 doesn't support SRR...ouch !

I am thinking, since OP doesn't want to use anything bandwidth, the following might work as well, and it is actually very close to the original policy:

policy-map qos-to-wan
class voip
set ip-precedence 5
class citrix
set ip-precedence 4
class sql
set ip-precedence 3
class http-https
set ip-precedence 2
class dr-site
set ip-precedence 1
class class-default
fair-queue

or

policy-map qos-to-wan
class voip
set ip-dscp cs5
class citrix
set ip-dscp cs4
class sql
set ip-dscp cs3
class http-https
set ip-dscp cs2
class dr-site
set ip-dscp cs1
class class-default
fair-queue

Joseph W. Doherty · ‎05-30-2017

For your scheme, you probably also want class-default to be IPPrec 0 or DSCP BE.

Also, by default, don't believe a 1941 would treat marked ToS differently.

Joseph W. Doherty · ‎05-30-2017

What you're describing sounds much like priority queuing which a) I don't think is supported in later IOS images, b) I only recall it supporting 4 levels and c) higher level traffic can starve lower level traffic of all bandwidth.

Interface WFQ bumps priority based on ToS, but a) I don't believe that's any longer supported in later IOS images and b) FQ within CBWFQ, since HQF, don't auto bump priority based on ToS.

What I would recommend is a general 4 class CBWFQ policy similar to:

policy-map sample
class real-time
priority percent 33
class foregound
bandwidth remaining 81
fair-queue
class background
bandwidth remaining 1
fair-queue
class class-default
bandwidth remaining 9
fair-queue

(Yea I know, bandwidth percentage are being set but some value is required when setting class bandwidth values. What's really being done, relative priority ratios are being set between the classes.)

Map your VoIP bearer traffic to real-time.

Map your VoIP signally and Citrix (screen scraping [can be determined using NBAR]) traffic to foreground. (Be very careful what you map to foreground. It should really need the extra priority and should be light on bandwidth usage.)

Allow everything else to go to class default.

If you have "known" low-priority bandwidth hog traffic, something like backups, map that to the background class.