Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Troubleshooting Catalyst QoS with Cisco expert Balaji Siva. Balaji is part of Technical Assistance Center (TAC) based out of Research Triangle Park, North Carolina where he holds the position as the World Wide Subject Matter Expert in LAN Technologies. Feel free to post any questions relating to Troubleshooting Catalyst Qos. Remember to use the rating system to let Balaji know if youve received an adequate response.
Balaji might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through March 14. Visit this forum often to view responses to your questions and the questions of other community members.
A question on "set qos policer" command.what is the burst size that should be assigned using this command.Is it half the bandwidth of the link.How can i test the rate limit function in catalyst switches.
Thanks well in advance
The burst size is one of the confusing parameter for many. The burst size should atleast be equal to max mtu (1500 bytes) packet size which is 13k. This may work for UDP traffic as UDP traffic doesn't reduce their packet rate due to packet drop in the network. But for TCP which uses the windowing scheme, the window size increases exponentially and if they hit the rate limit, they may lose more than one packet at a time and hence their window size would cut to a low value. This is generic TCP/IP behavior in response to packet loss. The traffic throughput pattern would look like SAW-tooth.
Hence for TCP/IP traffic, you have to increase the burst parameters.
We have seen many examples which says to atleast double it to say 26k for a 1 mb policer.
With just a "single" flow going through such a policer, you would still not get the throughput you are hoping for. If huge number of flows, due to the combined traffic pattern, you may get closer to configured rate. Understand that the switch policing is working as expected which is drop the packets when the flow exceeds the configured value.
For single or a few flows, I would suggest that you follow this example
You may still have to modify it based on your specific application or network behavior.
I would suggest using UDP to test the policer so that you get results closer to what you have configured.
Watch closely for ACL configuration so that it matches the desired traffic.
Hope this helps
Constantly getting this error message from one of my cat 4006 switch.
Tried changing the trunk link without any use. The switch is connected to two 6509 switches. All ports are set to dot1q and mode on.
Can u suggest any work around for this.
2003 Feb 28 13:31:27 %SYS-4-P2_WARN: 1/Invalid crc, dropped packet, count = 6376
2003 Feb 28 13:41:35 %SYS-4-P2_WARN: 1/Invalid crc, dropped packet, count = 6377
I would like to limit the questions posted on this session to QoS related issues on the Catalyst Switches.
Thanks for your understanding.
Please open a TAC case as we need to collect addtional information to narrow down this problem you are describing. This is not due to a configuration issue.
Just a simple question - does Cisco support the hierarchical policy on the Catalyst routed interfaces? What platforms?
Thank you for your info. /m
Hierarchical traffic shaping on GE-WAN ports on the OSM-2+4GE-WAN+ since 12.1(13)E3.
But nested polices/classes are not supported otherwise on any other cat switches at this time. Hope this helps.
Is there anything I can do on a 3524-XL-PWR to get voice packets prioritized over non-voice traffic? I keep hearing conflicting answers.
Yes, you can.
Remember that XL switch is only Layer 2 ..i.e. it can only distinguish Layer 2 COS value. So make sure your phone is tagging cos value
Check out FAQ doc here Q7
also check out Q12 for the output scheduling works
So to summarize if the incoming voice packets are correctly tagged by the phone, you would get priority queueing on the egress for the 3524XL.. As good as you can get ;)
Let me know if you any other questions
We are about to introduce VOIP and have 3524XL access switch with 5509 core switches. I have heard that although the 5509 supports QOS it only has one queue per port. Is that correct? How much of a problem is it with voice?
You are correct, Cat5k has limited qos features. with tx being 1q4t with no input scheduling (besides FIFO.)
Do a show port capabilities
The following modules are needed for support at the ingress/egress of the traffic.
WS-X5234-RJ45 24 Port 10/100BaseTX RJ-45
WS-X5236-FX-MT 24 Port 100BaseFX MT-RJ
WS-U5537-FETX 4 Port 10/100BaseTX Uplink Module
WS-U5538-FEFX-MMF 4 Port 10/100BaseFX Uplink Module
WS-X5239-RJ21 36 Port 10/100BaseTX Telco
Anyway, to give better performance for VOIP which uses COS = 5 you can do sowmething like this
set qos enable
set qos map 1q4t 1 1 cos 2
set qos map 1q4t 1 2 cos 4
set qos wred-threshold 1q4t tx queue 1 20 50 100 100
So in this case cos 5 is mapped to Threshold 3 and it won't be dropped until Queue is 100 full. this way COS 4 (control traffic) also gets some preferential treatment .
We typically use the newer switches being deployed for VOIP network. So I would suggest that you upgrade your core to 6500 /4500 and for closet or access, use 3550 PWR if you need significant performance improvement for VOIP networks.
hope this helps
Hi Balaji ,
I configured policer on Cat3550 to police the bandwidth per IP networks.
class-map match-all Branch-1
match access-group 2001
class-map match-all Branch-2
match access-group 2002
police 256000 48000 exceed-action drop
police 256000 48000 exceed-action drop
access-list 2001 permit ip any 192.168.1.0 0.0.0.255
access-list 2002 permit ip any 192.168.2.0 0.0.0.255
I cannot find the command to check the number of dropped packet/bytes per policer. I can only check the dropped packet/bytes per physical interface by "show mls qos interface fa0/1 statistics".
Is it possible to check the packet drop like router by "show policy interface fa0/1"?
It is possible to enter 'show policy-map interface gi0/2'
What bugs me is that such a policy seems to not work as 'service-policy output' on interface. It reports:
0:44:06: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in classmap CLASS
00:44:06: %QM-4-CLASS_NOT_SUPPORTED: Classification is not supported in classmap CLASS
the 'input' direction works
For output direction or egress, matching based on DSCP only is supported on 3550 and hence the problem.
For ingress direction, you can use ACL based classes
The IOS CLI may show many match clauses but not all of them are supported in the 3550 switch. For that matter, even in other switches, not all match clauses are supported. The IOS cLI is based on Rotuer platforms where many of these match statemetns are supported. The reason for not-supporting them is because these switches implement QoS in hardware and the ASICs design does not let all of these match statements to be supported.
Refer to QoS Configuration guide for the respective switches for a list of supported match commands and listing of other caveats.
Hope this helps.
You are correct, show policy interface is not supported command on the Catalyst 3550. Since the mls qos interface cmd combines the statistics, there is no good way to distinguish the stats per policer
you can enable qos monitor on the interface for dscp based granular stats as show above.