×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Multi-layer QoS policy to manage traffic

Unanswered Question
Dec 23rd, 2005
User Badges:

Bear with me - the questions are at the bottom !!


A (MPLS) network delivers many VPNs to a number of sites. MPLS is not the issue.


--------------------------------------------------------------------------------------------


We want a traffic management policy that


a) controls traffic sent into the MPLS cloud that can make sure that traffic

for one VPN gets into MPLS over another VPN


b) traffic within a VPN is controlled by destination as an attempt to prevent

one site in a VPN flooding other sites


c) We can set specific limits if required but not in this text


d) We can't control PE device QoS policies so can only control traffic sent into the

MPLS cloud.


--------------------------------------------------------------------------------------------


So here is the idea for a site's access router into MPLS where the link bandwidth is 100M

but the logical bandwidth = 10M (i.e. the MPLS throws away > 10M sent to it):


1) input marking so that different VPNs use different DSCP


2) With WRED set on the output interface (note no WRED policy set in this doc

to differentiate what drops when)


3) Now want to shape for each VPN and each destination for each VPN.


--------------------------------------------------------------------------------------------


Here is the parent matching to the 10M ingress policy


policy-map output-parent

class class-default

shape average 10000000

service-policy VPN1-VPN1dst-1 <--- child for VPN1 remote site 1

service-policy VPN1-VPN1dst-2

service-policy VPN1-VPN1dst-3

...

service-policy VPN2-VPN2dst-1 <--- child for VPN1 remote site 2

service-policy VPN2-VPN2dst-2

service-policy VPN2-VPN2dst-3

...


Here are the childden for each remote site for each VPN

policy-map VPN1-VPN1dst-1

class class-default

bandwidth percent X


policy-map VPN1-VPN1dst-2

class class-default

bandwidth percent X


policy-map VPN1-VPN1dst-3

class class-default


policy-map VPN2-VPN2dst-1

class class-default

bandwidth percent X


policy-map VPN2-VPN2dst-2

class class-default

bandwidth percent X


policy-map VPN2-VPN2dst-3

class class-default

bandwidth percent X


policy-map VPN1-VPN1dst-1

class class-default

bandwidth percent X


The big questions forgetting the details of bandwidth and shaping is ....


What are the implications of having lots of child policies ?

Is there a child limit ?

Are there some big caveats (memory etc)

Has anyone done something similar ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mheusinger Fri, 12/23/2005 - 07:43
User Badges:
  • Green, 3000 points or more

Hi,


I thought the child limit is ONE. Maybe I am missing a new feature, but the idea of nested policies is to create a "virtual interface hardware queue" with the shaper and apply ONE service-policy child to it.


So you should look for


class-map VLAN1

match interface vlan1

class-map VLAN2

match interface vlan2


policy-map child

class VLAN1

bandwidth percent 10

class VLAN2

bandwidth percent 35


policy-map output-parent

class class-default

shape average 10000000

service-policy output child


Be aware that VPN1 to VPN2 is not limited this way to less than 10 Mbps.


Hope this helps


Martin


Actions

This Discussion