Re: QoS Implementation

sameero10 · ‎08-02-2007

Hi,

i faced strange issue really regarding implementing end to end QoS on cisco routers,i have the following network scenario:

1-headquarter network with main policy router and databse and appliction servers

2-100 remote branch that r using application from headquarter.

3-we have brnches that are connected to the headquarter with VSAT connection

4-we have GRE tunneling running between all the brnches and headquarter with 128K fofr each tunnel..

5.the problem i am facing is in the brnches that uses VSAT connection to the headquarter,the appliction performance is really slow in all these branches

6.i tried to solve the problem using QoS since the 128 link for each branch is used also for mail access and inertnet.

the problem i am facing is that i tried to implement end to end QoS for the application that remote branches uses coz they said its running slow..but with no real improvment for the performance!!i tried CBWFQ,LLQ,MQC,i implemented qos pre-classify command coz i have tunnels but i didnt get any enhacement,can anybody help me in this case?what is the proper configuration.

hdommath · ‎08-03-2007

What kind of applications are u running at the HQ?..You may not see any improvement on a 128K VSAT link as the b/w itslef is so low. Not to mention about the added delay. btw, are you marking the packets before queing?..

-Harish

sameero10 · ‎08-03-2007

Hi,the application is oracle application,acually we have 2 versions of the application,charecter mood and GUI mood,the charecter mood is running in fast way while the GUI is slow and its performance need to be improved becasue we will relay on GUI mood in the near future..

I implemented CBWFQ and MQC,i applied policy maps on interface and used qos pre-clssify command on the tunnel,and i applied Qos on tunnel level by creating parent and child policy maps,but i didnt see any changes in our application perfoamce and i think i didnt mark the packets..how can i do it?

cjnwodo · ‎08-03-2007

Hi,

I completetly agree with Harish, there is the possibility that the VSAT links are so slow and of low bandwidth that the latency it induces is almost unacceptable to the GUI version of your Oracle app- which may not be optimized for such slow links.

Try doing some pings across the VSAT links to see what the latency is like- RTT. Having said that you want to capture the GUI Oracle traffic -and nothing else- and mark/colour those and then allocate that class an appropriate bandwidth. The you can use another class-map to capture the text mode allocate some bandwidth and leave everyhing else in the default queue. This assumes that there is a way to classify the GUI traffic on its own.

sameero10 · ‎08-03-2007

Hi,

The VSAT link delay is 750ms,i am working acually in VSAT too and i think the best delay can VSAT user get is 500-750ms.

you suggest to leave the GUI application in default class?is there anyway that i can improve the performance?i did lots of configuration but with no real result.

Pavel Bykov · ‎08-03-2007

No, what they are saying is that even if the link is empty, GUI will run slow.

QoS is about congestion management - that is you are "preferring" one traffic type against the other in a time of high load.

Therefore in times when link is only filled with GUI traffic, and nothing else, QoS will not be able to help.

Pavel Bykov · ‎08-03-2007

please issue "show policy-map interface XXX" commands on both sides, and look if there are packets in classess that you have set up.

Also, please post your configuration.

sameero10 · ‎08-03-2007

Hi,

I issued that command for sure, traffic classification is working and there is matches for the access list i created.

i wana clear something really that the GUI is not the only traffic on the link,there is mail traffic also and internet but in specific time and the text mood of our application.

i will list for u the different configurations i sued:

1. This is the headquarter configuration:

class-map match-any class1

match access-group 700

match access-group 105

match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"

!

policy-map policy1-child

class class1

bandwidth percent 70

class class-default

fair-queue

or ;

Class-map match-any class1

match access-group 700

match access-group 105

match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"

!

policy-map policy1-child

class class1

shape peak 1600000

bandwidth 1200

class class-default

bandwidth 150

access-list 700 permit 0017.951b.2b50 0000.0000.0000

access-list 700 permit 0011.85e6.d9d0 0000.0000.0000

access-list 700 permit 0011.85e6.da1b 0000.0000.0000

access-list 700 permit 0011.85e6.da45 0000.0000.0000

access-list 700 permit 0011.85e6.da06 0000.0000.0000

access-list 105 permit tcp host 10.0.1.28 eq 7778 any

access-list 105 permit tcp host 10.0.1.29 eq 7777 any

access-list 105 permit tcp host 10.0.1.29 eq 7778 any

access-list 105 permit tcp host 10.0.1.50 eq 7777 any

access-list 105 permit tcp host 10.0.1.50 eq 7778 any

access-list 105 permit tcp host 10.0.1.26 eq 7777 any

access-list 105 permit tcp host 10.0.1.26 eq 7778 any

access-list 105 permit tcp host 10.0.1.27 eq 7778 any

access-list 105 permit tcp host 10.0.1.27 eq 7777 any

access-list 105 permit tcp host 10.0.1.28 eq 7777 any

interface Tunnel149

description

bandwidth 128

ip address ....

ip mtu 1524

qos pre-classify

tunnel source ......

tunnel destination .......

interface Serial3/1

description WAN ACCESS

bandwidth 2000000

ip address ............

service-policy output policy1-child

ip route-cache flow

serial restart-delay 0

no cdp enable

2.Branch Config:

class-map match-any thin

match protocol http url "http://10.0.1.50:7778/j2ee/index.jsp"

match access-group 102

match access-group 110

!

policy-map thin-policy

class thin

bandwidth 100

class class-default

fair-queue

or ; policy-map thin-policy

class thin

bandwidth percent 60

shape peak percent 65

class class-default

bandwidth percent 10

nterface Tunnel1

description

bandwidth 128

ip address .....

ip mtu 1524

qos pre-classify

tunnel source .....

tunnel destination .......

nterface FastEthernet0/1

description

ip address ......

duplex auto

speed auto

service-policy output thin-policy

access-list 102 permit tcp any any eq 7777

access-list 102 permit tcp any any eq 7778

access-list 110 permit gre host ...(Source tunnel ip) host ...(dest tunnel ip)

3. Another config for headquarter router:

implementing QoS on tunnel:

policy-map policy1-child

class class1

bandwidth 100 ; or percent 60

policy-map tunnel143

class class-default

shape average 2000000

service-policy policy1-child

this is the configuration that i used..what do u think? any advices?

bbaillie · ‎08-03-2007

A few things aren't addressed here, so you may want to confirm if they have been considered or not. The first is you are using GRE tunnels, this brings with it MTU issues due to encapsulation of the packets so address MTU or confirm MTU is not an issue. fragmentation can be disguised as slow performance and packet drops due to oversize can appear as slow connections. The next issue is unless you configure GRE to copy the DSCP or TOS value to the encapsulated frame it doesn't and all packets end up in the default queue on the egress interface, don't apply the QOS policy to the tunneled virtual interface it just doesn't work correctly. High delay in the VSAT arena means you need to tune the end nodes for high delay environments, this means the IP stacks of the server and workstation need adjustment because the vendors assume they are used in a LAN environment and the default IP stack settings reflects this fact. If you can't change the workstation's or server's IP stacks then investigate Cisco's RBSCP or WAAS for possible use in your environment because they are designed to compensate for the shortcomings of high delay and default end node configurations.

Cheers,

Brian

P.S. here are a few links for more information

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml

http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a0080795c5e.html

http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a0080683d9d.html

sameero10 · ‎08-03-2007

Hi,

The MTU size is 1524,regarding GRE and TOS value,i used qos pre-classify comand that suppose to evercome QoS implementation in tunneled environment,it should copy the TOS byte to the tunnel header so mark application packets for Qos..

i suffered really when i applied QoS on the virtual tunnel interface,the performance even become worst!

i can not go for tunning the end nodes (servers) because there is other non VSAT branches working alos in the network..

bbaillie · ‎08-07-2007

The MTU issue and fragmentation is the result of the extra 24 Bytes of encapsulation GRE puts on the original packet. Increasing the MTU on the tunnel only disguises the activity and the result is a perception of slow response times. Confirm this by dropping the MTU on a remote workstation to 1400 Bytes and test the response time.

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a0080093f1f.shtml

That aside here is my recommendation.

New set up for QOS

access-list 106 permit tcp 10.0.1.24 0.0.0.7 range 7777 7778 any

access-list 106 permit tcp any range 7777 7778 10.0.1.24 0.0.0.7

access-list 106 permit tcp host 10.0.1.50 range 7777 7778 any

access-list 106 permit tcp any range 7777 7778 host 10.0.1.50

class-map match-any Oracle-Traffic

match access-group 106

match ip precedence 5

policy-map Oracle-Color

class Oracle-Traffic

set precedence 5

policy-map Oracle-Clients

class Oracle-Traffic

bandwidth percent 60

class class-default

fair-queue 256

random-detect

interface ingress

service-policy input Oracle-Color

interface egress

service-policy output Oracle-Clients

This applies to the head office router and the remote site routers. I have used the access list differently to make them reusable for both functions and the ingress interface policy is there to mark all Oracle traffic as precedence 5. Apply this to the physical interfaces not the tunnel. The fair-queue 256 is there because at 128k you will only get 32 by default, a few more is good and showing the use of queues on the interface will show you are indeed supporting more than 32 sessions at a time.

Use the show policy commands to confirm it is having the desired effect.

As for the server you can add another LAN interface and tune that one interface for the high delay environment. Then create a DNS entry that points to this IP address and is resolvable by only the remote sites. I realize this will cause your server folks a brain cramp but for high delay environment default installs don't cut it. You could invest in in Cisco's WAAS but thats a lot more money than an extra LAN card in a server and some pain killers :-).

Cheers,

Brian

sameero10 · ‎08-09-2007

Hi,

Thank you Braian, i will implement this configuration and get back to you.

Thanx

Sam