Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

ASK THE EXPERTS - CAMPUS QOS

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on Campus QoS design and implementation QoS with Cisco expert Hatim Badr.  Hatim is a Network Consulting Engineer in Toronto, Canada, who for more than four years with Cisco Advanced Services has been helping Cisco customers across Canada design, implement, and optimize their networks.   He focuses in developing QoS policies, designing and implementing enterprisewide QoS solutions. Hatim has more than 10 years experience in the networking industry and holds CCIE certification in Routing and Switching (CCIE #14847).

Remember to use the rating system to let Hatim know if you have received an adequate response.

Hatim might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 4, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

58 REPLIES

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Hatim,

My genral question is why we need  Qos in LAN where you have open bandwidth of avg. 1 GBPS between switches and servers and switches to switches , which is sufficent for all types of traffic like data,voice and video ?

Ganesh.H

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ganesh


Thanks for your question and it is an excellent question to start our dicussion about Campus QoS. However to answer it I would quote the following paragraph from the Medianet Campus QoS Design 4.0 which explains very thoroughly. 

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html  



The case for Quality of Service (QoS) in WANs/VPNs is largely  self-evident because of the relatively low-speed bandwidth links at  these Places-in-the-Network (PINs), as compared to Gigabit/Ten Gigabit  campus networks, where the need for QoS is sometimes overlooked or even  challenged. This is sometimes due to network administrators equating QoS  with queuing policies only; whereas, the QoS toolset extends  considerably beyond just queuing tools. Classification, marking, and  policing are all important QoS functions that are optimally performed  within the campus network, particularly at the access layer ingress edge  (access edge).

Five strategic QoS design principles discussed in Chapter 1, "Enterprise  Medianet Quality of Service Design 4.0—Overview" are  relevant when deploying QoS in the campus:

Always perform QoS in hardware rather than  software when a choice exists. Cisco IOS routers perform QoS in  software. This places additional demands on the CPU, depending on the  complexity and functionality of the policy. Cisco Catalyst switches, on  the other hand, perform QoS in dedicated hardware Application-Specific  Integrated Circuits (ASICs) and as such do not tax their main CPUs to  administer QoS policies. You can therefore apply complex QoS policies at  Gigabit/Ten Gigabit line rates in these switches.

Classify and mark applications as close to  their sources as technically and administratively feasible. This  principle promotes end-to-end Differentiated Services/Per-Hop Behaviors.  Sometimes endpoints can be trusted to set Class of Service (CoS) of  Differentiated Services Code Point (DSCP) markings correctly, but this  is not always recommended as users could easily abuse provisioned QoS  policies if permitted to mark their own traffic. For example, if DSCP  Expedited Forwarding (EF) received priority services throughout the  enterprise, a user could easily configure the NIC on a PC to mark all  traffic to DSCP EF, thus hijacking network priority queues to service  their non-real time traffic. Such abuse could easily ruin the service  quality of real time applications (like VoIP) throughout the enterprise.

Police unwanted traffic flows as close to  their sources as possible. There is little sense in forwarding  unwanted traffic only to police and drop it at a subsequent node. This  is especially the case when the unwanted traffic is the result of Denial  of Service (DoS) or worm attacks. Such attacks can cause network  outages by overwhelming network device processors with traffic.

Enable queuing policies at every node where  the potential for congestion exists, regardless of how rarely  this in fact may occur. This principle applies to campus edge and  interswitch links, where oversubscription ratios create the potential  for congestion. There is simply no other way to guarantee service levels  than by enabling queuing wherever a potential speed mismatch exists.

Protect the control plane and data plane by enabling control plane policing (on platforms supporting this  feature) as well as data plane policing (scavenger class QoS) on campus  network switches to mitigate and constrain network attacks.


I hope that answers your question and looking forward to hear your comment.

Thanks


Hatim Badr

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ganesh,

I have a questions about our network,

We have about 300 users in 5 floors. If a user starts downloading a file then the BW gets saturated and other users access become very slow. How can I solve this issue? Should we use a L3 switch and use traffic shaping?

I'd like to know what hardware and technology should I use to take care of this issue.

I look forward to hearing from you.

Thanks,

Amir

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Amir,


It is hard to tell. Where are the users located and where are the servers.  Do these users access their data over the  WAN or it is in your campus network.

Do you have voice and Video in your network or it is just data. You may also have to look at your network design as well.


Please provide more details to understand the problem

Thanks

Hatim Badr

.

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi,

First of all, sorry as I placed my reply in a wrong questions by mistake.

Well, I'm talking about a LAN in just a building with 5 floors.

We have an Internet BW of 5MB/s connected to a Cisco ASA firewall and from there, the inside interface is connected to some L2 switches. PCs are connected to these L2 switches too. We don't have any VLAN in our infrastructure.

How can I limit someone's Internet download or upload speed? or like Sales department? For example I want to limit Engineering department to have only 2MB/s download and 1MB/s upload and while they are not using this BW (Internet BW), other departments can use it.

By the way, I'm just talking about the data. No voice/video is involved.

Thanks,

Amir

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Amir,

I think you should look at Ironport web security appliance. It is used for web usage control and web filtering. For more details please go to

http://www.cisco.com/en/US/partner/products/ps10164/index.html

Thx

Hatim Badr

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Hatim,

Can't we use rate-limit ing (CAR-Committed Access Rate) here, to limit the maximum download/upload limit to a group of users based on ACL?

Thanks,

Niyas

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Niyas

You are right normally we use what we call today Class based policing, CAR successor, to police traffic however in Amir’s scenario it will be difficult to understand the traffic pattern.

First we have 300 users most probably using Dynamic IP addressing (DHCP) so user’s IP Address may change. If you started configuring static IP Address then there be more administration overhead.

Second point assume that user 1 is watching a business related Video on siteA while user2 is watching non related business video on siteB . with polcing each user will get the same bandwidth since it will be very difficult for you to identify the video sources with just regular IP address or even if you use NBAR .

Using ironport Web security appliance will help you controlling web usage based on the policy that you will create plus it is an application proxy.

Thanks

Hatim Badr

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Thank you Hatim

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ganesh


Thanks for your question and it is an excellent question to start our dicussion about Campus QoS. However to answer it I would quote the following paragraph from the Medianet Campus QoS Design 4.0 which explains very thoroughly. 

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html  



The case for Quality of Service (QoS) in WANs/VPNs is largely self-evident because of the relatively low-speed bandwidth links at these Places-in-the-Network (PINs), as compared to Gigabit/Ten Gigabit campus networks, where the need for QoS is sometimes overlooked or even  challenged. This is sometimes due to network administrators equating QoS  with queuing policies only; whereas, the QoS toolset extends  considerably beyond just queuing tools. Classification, marking, and  policing are all important QoS functions that are optimally performed  within the campus network, particularly at the access layer ingress edge  (access edge).

#

Five strategic QoS design principles discussed in Chapter 1, "Enterprise  Medianet Quality of Service Design 4.0—Overview" are  relevant when deploying QoS in the campus:

#

Always perform QoS in hardware rather than  software when a choice exists. Cisco IOS routers perform QoS in  software. This places additional demands on the CPU, depending on the  complexity and functionality of the policy. Cisco Catalyst switches, on  the other hand, perform QoS in dedicated hardware Application-Specific  Integrated Circuits (ASICs) and as such do not tax their main CPUs to  administer QoS policies. You can therefore apply complex QoS policies at  Gigabit/Ten Gigabit line rates in these switches.

#

Classify and mark applications as close to  their sources as technically and administratively feasible. This  principle promotes end-to-end Differentiated Services/Per-Hop Behaviors.  Sometimes endpoints can be trusted to set Class of Service (CoS) of  Differentiated Services Code Point (DSCP) markings correctly, but this  is not always recommended as users could easily abuse provisioned QoS  policies if permitted to mark their own traffic. For example, if DSCP  Expedited Forwarding (EF) received priority services throughout the  enterprise, a user could easily configure the NIC on a PC to mark all  traffic to DSCP EF, thus hijacking network priority queues to service  their non-real time traffic. Such abuse could easily ruin the service  quality of real time applications (like VoIP) throughout the enter

Hi Hatim,

Very useful links for qos in campus network, just another question if you need to design a network what will be your opinion on campus qos implementation, would you recommend client to go for qos as recommended practices or not .

Ganesh.H

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ganesh;

Thanks Ganesh for your response. It always depends on customer's requirements however with the current business and application requirement and video evolution in the enterprise networks, my first recommendation is to build end to end QoS strategy. Start with QoS application profiling (Data, Voice and Video) and then build your QoS design. I will not worry about implementation and how can I configure the QoS tools sets from Classification, Marking, policing and queuing till alter stage. Implementation will be very easy if you put you have QoS strategy.

I hope this answer your question.

Thanks

Hatim Badr

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ganesh;

Thanks Ganesh for your response. It always depends on customer's requirements however with the current business and application requirement and video evolution in the enterprise networks, my first recommendation is to build end to end QoS strategy. Start with QoS application profiling (Data, Voice and Video) and then build your QoS design. I will not worry about implementation and how can I configure the QoS tools sets from Classification, Marking, policing and queuing till alter stage. Implementation will be very easy if you put you have QoS strategy.

I hope this answer your question.

Thanks

Hatim Badr

Hi Hatim,

Thaks for providing valuable suggestions

Ganesh.H

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hello Hatim,

I was working on a Frame Relay network with QoS implementation (CCIE training).

So we can use CBTS to simulate FR Traffic-Shaping. I saw a scenario where CBTS was applied with the match fr-dlci and the solution told that CBTS does not support adaptive FR traffic shaping, but we can use the shape average command.

My question is what are the exact rules, when simulating Frame Relay Traffic Shaping with CBTS?

Thanks

Youssef

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Youssef,

There are few restriction when using Adaptive shaping with MQC FRTS. Can you please explain more about what is not not supported regarding adaptive traffic shaping with MQC based FRTS.

http://www.cisco.com/en/US/partner/docs/ios/wan/configuration/guide/wan_mqc_fr_tfshp_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056219

I can see this is in prepration for CCIE exam which you should always answer  as the per question however in real life scenarions it is recommended that adaptive shaping be disabled and that the minimum CIR be set equal to the CIR (which means there is no “rating down”). An exception to this rule would occur if a tool such as Frame Relay voice-adaptive traffic shaping was deployed.

I will be happy to answer your quesiong regding FRTS however this dicussion is for Campus QoS  (Cisco Catalyst switches 2950/ 2960/ 3550/3560 3750/4500 and 6500).

Thanks


New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hatim,

First of all thanks for replying, even my question is off-topic. In fact, i was talking about only using MQC without mixing it with map-class, i know that in this mode adaptive shaping will work.

So here is an example to illustrate my issue :

class-map DLCI_101

match fr-dlci 101

!

class-map DLCI_102

match fr-dlci 102

!
policy-map PM_FR
class DLCI_101
shape peak 128000 6400 6400
class DLCI_102
shape peak 256000 12800 12800
!
interface Serial 0/0/0
service-policy output PM_FR
!
This example works fine, but as i wrote in my first post, is adaptive shaping working in this case? if not what are the rules regarding this type of implementation. I know that in real world i will certainly implement like in the link you gave me.

Regards.

Youssef
Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Yousef,

Adaptive traffic shaping for Frame Relay networks  is not supported using the Class-Based Shaping feature. You have to use MQC FRTS to enable adaptive shaping.

Thanks

Hatim Badr

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Hatim,

Thank you, now it is clear for me.

Really appreciate.

Regards.

Youssef

New Member

Interface - Queuing Strategy

Greetings,

I have noticed that some times the Queuing strategy (in the output of show interface) shows "fair-queuing" and other times it shows "class-based" with a service-policy applied to an interface. I want to ensure when I apply a policy that it is working correctly, is this just software discrepency? Or is CBWFQ not active when the status shows "fair-queuing'?

Cisco Employee

Re: Interface - Queuing Strategy

Greetings,

Do you mean you the Queuing strategy as "weighted fair OR fifo" when there is no policy map applied to interface and then you see Queuing strategy as "class-based" when applying the QoS policy map.

If that is the case then the weighted fair OR fifo are the default depending on the interface type for example Ethernet interface queuing strategy is fifo by default while serial interface are weighted fair  by default.

Appreciate if you can provide more details to better answer your question

Thanks

Hatim Badr

New Member

Re: Interface - Queuing Strategy

Hi,

Well, I'm talking about a LAN in just a building with 5 floors.

We have an Internet BW of 5MB/s connected to a Cisco ASA firewall and from there, the inside interface is connected to some L2 switches. PCs are connected to these L2 switches too. We don't have any VLAN in our infrastructure.

How can I limit someone's Internet download or upload speed? or like Sales department? For example I want to limit Engineering department to have only 2MB/s download and 1MB/s upload and while they are not using this BW (Internet BW), other departments can use it.

By the way, I'm just talking about the data. No voice/video is involved.

Thanks,

Amir

Cisco Employee

Re: Interface - Queuing Strategy

My applogies for late response  but I replied to you via my email but for some reason it did not post it.


I think the best solution for you would be an Ironport web security appliance. It is used for web usage control and web filtering. For more details please go to

http://www.cisco.com/en/US/partner/products/ps10164/index.html

Thx

Hatim Badr

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Hatim,

Its a pleasure to meet you here discussing a bout Campus QOS.

I have three questions:

1- If I needed to implement QoS in a campus Network, and they have a native vlan which is one part of the user traffic which needs to be markes in the trusted boundary? How would I do this for the native vlan (Layer-2) boundary?

2- Have you ever used values 6 & 7 in the type of servis field (TOS) which are reserved for ECN as per the RFC, and how is it exactly configured on the Switches. I mean how does a switch/router tells a host about ECN (This of Course if the host supports ECN).

3- What is the recommended marking mechanism closer to the source? DSCP or IP precedence ? and why?

Appreciate it,

Mohamed

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Mohamed,

Thank you for your questions, please find my answers below

Q 1- If I needed to implement QoS in a campus Network, and they have a native vlan which is one part of the user traffic which needs to be markes in the trusted boundary? How would I do this for the native vlan (Layer-2) boundary?

Answer:  This may be challenging if you want to use Layer 2 802.1Q/p Class of Service (CoS) bits however it is recommended to classify/mark with IP DSCP value either by trusting DSCP or using untrusted model with Access list. Even layer 2 switches, except for older switches such as 4000 CATOS, will support trusting IP DSCP values.

Q 2- Have you ever used values 6 & 7 in the type of service field (TOS) which are reserved for ECN as per the RFC, and how is it exactly configured on the Switches. I mean how does a switch/router tells a host about ECN (This of Course if the host supports ECN).

Answer:  ECN is supported in Catalyst 4500 switches classic supervisors with its DBL "dynamic Buffer Limiting". DBL tracks the queue length for each traffic flow in the switch. When the queue length of a flow exceeds its limit, DBL drop packets or sets the Explicit Congestion Notification (ECN) bits in the packet headers. To enable ECN you should enter the following command

qos dbl exceed-action ecn

Implementing ECN requires an ECN-specific field that has two bits—the ECN-capable Transport (ECT) bit and the CE (Congestion Experienced) bit—in the IP header. The ECT bit and the CE bit can be used to make four ECN field combinations of 00 to 11. The first number is the ECT bit and the second number is the CE bit. Table below lists each of the ECT and CE bit combination settings in the ECN field and what the combinations indicate.

ECT Bit

CE Bit

Combination   Indicates

0

0

Not ECN-capable

0

1

Endpoints of the transport protocol are ECN-capable

1

0

Endpoints of the transport protocol are ECN-capable

1

1

Congestion experienced

Q3- What is the recommended marking mechanism closer to the source? DSCP or IP precedence ? and why?

Answer: It is always recommended to classify and mark closer to the source as technically and administratively feasible to promote end to end  Differentiated Services/Per-Hop Behaviors.

It is also recommended to use DSCP whenever possible which provide up to 64 classes of traffic and more importantly is to follow standards-based DSCP PHB markings to ensure interoperability and future expansion.

Thanks

Hatim Badr

Re: ASK THE EXPERTS - CAMPUS QOS

Hatim,

According to your bellow Answers 1 & 2, I still have points not clear.

Answer (1):  This may be challenging if you want to use Layer 2 802.1Q/p Class of Service (CoS) bits however it is recommended to classify/mark with IP DSCP value either by trusting DSCP or using untrusted model with Access list. Even layer 2 switches, except for older switches such as 4000 CATOS, will support trusting IP DSCP values.

for the first statment, I mentioned how we can calssify/mark traffic for the native vlan, you said by CoS and DSCp, However, the CoS bits are carried in the tag field of the layer-2 header, So a native vlan by default shouldnt support marking based on CoS I beleive , or we will have to Modify Data Traffic to a non native vlan , Right?

For the second statment, How a layer-2 switches Could classify and Mark based on DSCP, while its layer-2 , meaning it doesnt look and forward at layer-3 , while we have DSCP and IP precedence part of the layer-3 header?


Answer(2):  ECN is supported in Catalyst 4500 switches classic supervisors with its DBL "dynamic Buffer Limiting". DBL tracks the queue length for each traffic flow in the switch. When the queue length of a flow exceeds its limit, DBL drop packets or sets the Explicit Congestion Notification (ECN) bits in the packet headers. To enable ECN you should enter the following command

Do you mean ECN is not supported on different Catalyst switches than 4500 series? the second point is that, does ECN needs another config to be added on the policy map or its just when the queue limit excedded it drops the packet?

**The last enquiry, ( I know its out of the Scope of this conversation), Could you let me know how ECN works in a router with an example**?

Thanks for your valuable input,

Mohamed

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Mohamed,

Sorry for late response however I used my email to reply to you yesterday but for some reason it was not added to the discussion. Please find my comments inline

Q: for the first statement, I mentioned how we can classify/mark traffic for the native vlan, you said by CoS and DSCp, However, the CoS bits are carried in the tag field of the layer-2 header, So a native vlan by default shouldn't support marking based on CoS I believe , or we will have to Modify Data Traffic to a non native vlan , Right?

        Hatim: You are right and that is why I said it challenging I should say it is not possible to classify based on Layer 2 COS for native VLAN if not tagged.

Q: For the second statement, How a layer-2 switches Could classify and Mark based on DSCP, while its layer-2 , meaning it doesn't look and forward at layer-3 , while we have DSCP and IP precedence part of the layer-3 header?

        Hatim: Most of layer 2 switches are able to look at the Layer 3 header and classify/mark IP DSCP. Few older Layer 2 switches are not able to look at Layer 3 header, can you tell me which Switches you are looking for and I'll be able to tell you if it supports IP DSCP classifying and marking.

Q:   ECN Do you mean ECN is not supported on different Catalyst switches than 4500 series? the second point is that, does ECN needs another config to be added on the policy map or its just when the queue limit excedded it drops the packet?

 

       Hatim: ECN is not supported in all Catalyst switches and so far it is only supported 4500. No more configuration required.

Q **The last enquiry, ( I know its out of the Scope of this conversation), Could you let me know how ECN works in a router with an example**?

    I Will be happy to answer your question however there is a very good article about ECN that can be found at

    http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftwrdecn.html

Please let me know if you need more clarification.

Thanks again for your questions

Hatim Badr

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi,

I would like to thank you in advance for your help.

We are having problems identifying the discarded packets on a 9MB multilink ppp interface which has 6 serial T1 interfaces binded into a single multilink interface.  Here are the configurations:


controller T1 0/0/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/2/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/2/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24
!
class-map match-any Business-Critical
match access-group 145
class-map match-any Best-Effort
match access-group 146
class-map match-any Voice-RTP
match ip dscp ef
match ip dscp cs3
match ip dscp af31
match access-group 148
class-map match-any Priority-Data
match access-group 141
class-map match-any Mission-Critical
match access-group 143
!
!
policy-map queuing-policies
class Voice-RTP
  set ip dscp ef
  priority percent 50
class Priority-Data
  set ip dscp af41
  bandwidth remaining percent 15
class Mission-Critical
  set ip dscp af31
  bandwidth remaining percent 20
class Business-Critical
  set ip dscp af21
  bandwidth remaining percent 25
class Best-Effort
  set ip dscp default
  bandwidth remaining percent 40

interface Multilink2
description MPLS to Sprint PE DS-3
bandwidth 9216
ip address 10.130.7.42 255.255.255.252
ip accounting output-packets
ip flow ingress
no peer neighbor-route
no cdp enable
ppp multilink
ppp multilink fragment disable
ppp multilink group 2
service-policy output queuing-policies

interface Serial0/0/0:0
bandwidth 1544
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
!
interface Serial0/0/1:0
bandwidth 1544
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 2
!
interface Serial0/1/0:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/1/1:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/2/0:0

bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2
!
interface Serial0/2/1:0
bandwidth 1544
no ip address
encapsulation ppp
ip route-cache flow
ppp multilink
ppp multilink group 2

access-list 148 remark Voice Queue 50 percent
access-list 148 permit udp any host 10.130.19.228 range 1719 1720
access-list 148 permit tcp any host 10.130.19.228 range 1719 1720
access-list 148 permit udp any host 10.130.19.225 range 1719 1720
access-list 148 permit tcp any host 10.130.19.225 range 1719 1720
access-list 148 permit udp any host 10.130.33.132 range 1719 1720
access-list 148 permit tcp any host 10.130.33.132 range 1719 1720
access-list 148 permit udp any host 10.130.33.133 range 1719 1720
access-list 148 permit tcp any host 10.130.33.133 range 1719 1720
access-list 148 permit udp any 10.235.1.128 0.0.0.31
access-list 148 permit udp any 10.235.1.192 0.0.0.31
access-list 148 deny   ip any any

ROS-W2#sho int multilink2
Multilink2 is up, line protocol is up
  Hardware is multilink group interface
  Internet address is 207.130.7.42/30
  MTU 1500 bytes, BW 9216 Kbit, DLY 100000 usec,
     reliability 255/255, txload 8/255, rxload 13/255
  Encapsulation PPP, LCP Open, multilink Open
  Open: IPCP, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 2 seconds on reset
  Last input 00:00:00, output never, output hang never
  Last clearing of "show interface" counters 1d01h
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 325487
  Queueing strategy: Class-based queueing
  Output queue: 0/1000/64/325487 (size/max total/threshold/drops)
     Conversations  0/7/16 (active/max active/max total)
     Reserved Conversations 4/4 (allocated/max allocated)
     Available Bandwidth 2304 kilobits/sec
  5 minute input rate 484000 bits/sec, 63 packets/sec
  5 minute output rate 302000 bits/sec, 72 packets/sec
     6261395 packets input, 3525337169 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     4922917 packets output, 1719617769 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions

The problem is trying to correct the output drops in the configuration as these are voice grade packets.  Please advise....

New Member

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Hatim:

I have two questions please:

1- when preforming traffic queueing, do that take place only when there is a network congestion or queues take effect all time regardless? What happens when priority queue is implemented too?

2- is there any commands on L3 switches such as 3560, 3750 and 4500 series that we can use to verify traffic stats on QoS policies similar to "sh policy-map int <> on ISR?

Regards;

Ahmed

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Hi Ahmed,

Thank you for your questions please see my answers inline



1- When performing traffic queuing, do that take place only when there is a
network congestion or queues take effect all time regardless?  What happens
when priority queue is implemented too?

Answer: It will only take place during interface congestion. The priority queue PQ is serviced first until it is empty expect 4500 switches

where you can allocate bandwidth for PQ as well where it will The priority queue is serviced first until it is empty or until it is under its limited rate.

2-    Is there any commands on L3 switches such as 3560, 3750 and 4500 series that we can use to verify traffic stats on QoS policies similar to

"sh policy-map int <> on ISR?

Answer: The same command is available in 3560, 3750 ad 4500 switches however unfortunately bytes counters which show the packet statistics

is not incrementing in 3560 and 3750. In 3560 and 3750 this command is only used for reviewing the policy map applied to an interface.


On the other for 3560/370 switches the show mls qos interface GigabitEthernet
x/y/x statistics command is will help you to verify each interface queuing.
For example and details please visit :
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1099462
 

Thanks

Hatim  Badr

Cisco Employee

Re: ASK THE EXPERTS - CAMPUS QOS

Greetings

Can you issue the following command to see in which class pakcets are dropped

show policy interface multilink 2

Also it will be good to look at the multilink interface bundle

show ppp multilink

There are few other issues that I would like to comment on regradign your QoS configuraiton

1-      In addition to EF traffic you put IP DSCP cs3 and AF31 and an ACL traffic in the LLQ. I think your intent is to place call signaling in LLQ as well.

It is recommended creating another class for call signaling traffic and place it in a class other than LLQ however even if you want to put call signaling in LLQ I would suggest implement Dual LLQ  where two separate implicit policers will be provisioned, one each for the voice class and another for the call signaling, yet there remains only a single strict-priority queue, which is provisioned to the sum of all LLQ classes. Traffic offered to either LLQ class is serviced on a first-come, first-serve basis until the implicit policer for each specific class has been invoked. For example, if the call signalling class attempts to burst beyond its configured bandwidth rate then it is dropped. In this manner, both voice and call signaling are serviced with strict-priority, but do not starve data flows, nor do they interfere with each other.

2-      Do you implement CAC (Call admission control) in your call manager to control the number of voice calls over you WAN.

3-    I noticed the following configuration

interface Multilink2
description MPLS to Sprint PE DS-3
bandwidth 9216
ip address 10.130.7.42 255.255.255.252

     Interface bandwidth commands should be defined only on the physical interfaces, not on multilink interfaces. This way, if any physical interfaces go down, the Cisco IOS Software will reflect the change in the multilink interface’s bandwidth for routing and QoS purposes. This change can be verified by the show interface command. However, if a bandwidth statement is configured under the multilink interface, the bandwidth value for the interface will be static even if an underlying physical interface is lost.

   I4-  noticed is the following configuration

class Mission-Critical
  set ip dscp af31
   bandwidth remaining percent 20

Althouhg this class is not in effect for now since I do not see ACL 143 in your config, it means that such trafficwill treated as prioty or LLQ traffic later in your network.sicne you are configuring

class-map match-any Voice-RTP
match ip dscp ef
match ip dscp cs3
match ip dscp af31
match access-group 148

It is important to have consistent end to end Classification and marking policy to make sure traffic will be placed in the proper queue.

I'm assuming that your Service provided is provission 50% of the link bandwidth for your LLQ.

Thanks

Hatim Badr

3526
Views
76
Helpful
58
Replies
CreatePlease to create content