I need to guarantee specific download and upload bandwidth rates for tenants in a business park. The setup is simple. Tenant connections are concentrated at a Catalyst 3650 which uplinks to a 2811 ISR with Ethernet presentation to the service provider's NTE and then Internet. The WAN is a business class connection running at 8Mbps in both directions. The QoS is configured on the 2811, which is its only role other than basic static routing. A diagram is attached.
<br />The important parts of the router configuration are attached also. I've configured CBWFQ to guarantee specific rates for each tenant during congestion. For instance tenant_1 gets 250Kbps, tenant_2 1000Kbps and so on. There are 30 tenants in total. Classification is based on the tenant's unique public WAN address. The policy (QOS_POL) is then applied in the output direction of each interface, to ensure guarantees for both downloads and uploads.
<br />An additional policy (QOS_POL_APPS) is nested within the main policy to prioritise particular applications during congestion - for instance VoIP and interactive traffic are assigned guaranteed bandwidth percentages, whilst P2P traffic is dropped.
<br />I have the following questions:
<br />1. Is this the recommended way to apply guaranteed bandwidth per tenant, including the prioritisation of certain application types?
<br />2. Will it work, given that that policy is applied to the router which doesn't terminate the WAN link and therefore cannot know the true bandwidth of the 8 Mbps WAN - remember the router interface Fa0/1 connects to the NTE at 10Mbps. Will interfaces Fa0/1 and Fa0/0 ever reach congestion point, and actually apply the QoS, if their speed is greater than the WAN?
<br />3. How do you test that the policies are working correctly? I tried to saturate the link from a number of sources (both uploads and down) using http, ftp and bittorent transfers, but I couldn't get the output queues on either interface to start dropping packets. Also, running âshow policy-map interface fast 0/0â or âshow policy-map interface fast 0/1â doesn't indicate any QoS matches.This to me suggests that the router isn't congested and therefore isn't applying the policies yet? I guess this is to be expected - how can one expect an 8Mbps WAN to saturate a 10Mbps Ethernet interface.
<br />4. Is there a way to force the router interfaces to start applying the QoS when the rate reaches 8Mbps? I was thinking along the lines of traffic-shaping /rate limiting applied to the router.
#3 Traffic generator is good tool to have. However, even when there's no congestion, you should see policy matches if policy is configured correctly.
#4 Yes, your thinking correctly about using a shaper, but unsure you can easily accomplish what you want with Cisco QoS features.
There's not much point applying QoS for tennant ingress, you're already downsteam of the 8 Mbps congestion point. Where you want QoS is at the head of the bottleneck. Tennant egress is suitable for QoS.
If you don't want to cap your tennants, ideally want you want is a parent policy with shaper for 8 Mbps, a child policy with class for each tennant for minimum bandwidth guarantee for both VoIP and non-VoIP, and another subordinate policy to allocate bandwidth between the non-Voip classes. (The last two policy maps are similar to what you're doing now, but with VoIP in their own classes.) Such a three tier configuration might not be supported by Cisco QoS, if so you need to combine the last two logical policies into one.
shape average 8000000
interface FastEthnet (facing Internet)
service-policy output masterShaper
Possible issue might be exceeding maximum number of classes per policy.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...