I am having problem in configuring the QOS for my network. I have 6 MB bandwidth for internet. I want to reserver 2 MB bandwidth for my two specific IP addresses. Rest of 4 MB for All other Internet Traffic.
I have made the LLQ for 1 MB priority for my two servers (though they are always use 128 K) and rest of all traffic in default class. but still the my MRTG Graph is showing the 95% usage.
Why it is so. My 1 MB reserve Bandwidth is free only 128 Kb is in use by servers. why i m still getting 95% in MRTG graph.
Kindly see the attachement for configuration.
Why it is so,
You have LLQ enabled - fine, however you must remember - if none of the BW is not being used by the PQ, then the BW is used by the rest of the apps.
You need to apply some traffic shaping on your class default and limit it to the desired amount of bandwdith.
Thanks for the reply, but Cisco says that Priority queue reserve the bandwidth permanently, specific bandwidth always be available in any case, either congestion or not.
what sort of action i have to apply in class-default please tell me, i want to reserver 4 MB and when traffic exceed what action to be taken please tell me how to do this
You are correct - sorry, I was getting confiused on the hardware platform your are using. As you have a gig interface pointing to the internet - I thought you were using a switch, which has a different queueing method.
For the class-default something like:-
police 4194000 conform-action transmit exceed-action drop
This will do the following:-
1) Police the amount of data in bits per-seconed to 4mbs
2) In the event of it going above 4mbs - the data will be dropped
3) A burst data size of 1024 kbps
4) In the event of a burst larger than 1024kbps - the data will be dropped.
Yes, LLQ's PQ "reserves" bandwidth, but as Andrew correctly notes, if it's not being used, other traffic can use it. This doesn't cause a problem because PQ will take bandwidth away from other traffic as it needs it (up to its cap).
If you want to limit other traffic to never use more than 4 Mbps, whether PQ is using its bandwidth or not, then you'll need to police (as shown in Andrew's second post) or shape (suggest shape over police) the other traffic. (There's usually little advantage to doing so, since again, PQ will take the bandwidth as it needs it.)
Another issue to consider, unless you can control both sides of the link, you can easily control outbound bandwidth, but inbound control is a different problem.
still the problem is there, Again link is 95% use.
Please see the detail
sh policy-map interface gigabitEthernet 0/0
Service-policy output: comphone
Class-map: comphone (match-all)
17491 packets, 2835654 bytes
5 minute offered rate 5000 bps, drop rate 0 bps
Match: access-group name comphone
Output Queue: Conversation 264
Bandwidth 1024 (kbps) Burst 25600 (Bytes)
(pkts matched/bytes matched) 345/57814
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
1870170 packets, 293839958 bytes
5 minute offered rate 472000 bps, drop rate 0 bps
cir 4194000 bps, bc 131062 bytes
conformed 1869657 packets, 293785839 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
conformed 472000 bps, exceed 0 bps
Policy Map comphone
Bandwidth 1024 (kbps) Burst 25600 (Bytes)
police cir 4194000 bc 131062
#sh interfaces gigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
Hardware is BCM1125 Internal MAC, address is 001c.f6e7.c640 (bia 001c.f6e7.c640)
Description: *** Connected to ISP through Wateen ***
Internet address is
MTU 1500 bytes, BW 6144 Kbit, DLY 100 usec,
reliability 255/255, txload 19/255, rxload 243/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:00, output hang never
Last clearing of "show interface" counters 01:14:52
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/7/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 3584 kilobits/sec
5 minute input rate 5871000 bits/sec, 847 packets/sec
5 minute output rate 468000 bits/sec, 610 packets/sec
2697474 packets input, 2220203792 bytes, 0 no buffer
Received 12 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 2448 multicast, 0 pause input
0 input packets with dribble condition detected
1983404 packets output, 305767744 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Please help me out what else i m missing.
5 minute input rate 5871000 bits/sec, 847 packets/sec - 5.5mbs INBOUND from the internet
5 minute output rate 468000 bits/sec, 610 packets/sec - 0.44mbs OUTBOUND to the internet
Are you actually trying to reduce the amount of traffic d/l from the internet?
I want to use 4 MB for internet useage, either used by VPN, Internet browsing, email.
1 MB for specific servers. Rest 1 MB i want to reserve for some other purposes. I dont want to use full 6 MB. Please let me know how to solve this problem.
I have implemented LLQ with 1 MB, class default is policing at 4 MB. Then who is using the rest of 1 MB. Why all bandwidth is under use, is my class-default configuration is okay, or shall i reconfigure it for bandwidth 4 MB also.
You ahve implemented this on the OUTPUT of the interface yes??? The interface stats you provided indicate high usage for the INPUT. You never want to limit input traffic.
Bascially you are retereiving alot of data from the internet. The policy you have written is to control data from inside your network out to the internet.
QoS was not designed to limit and control data coming in over a WAN link, only going out over it. If you want to impose in-bound you will not be able to do it on this device.
Do you have a firewall that is connected to your network?
Thanks for the information. Yes i have firewall that is connected to my network. Please let me any another solution that can be possible with firewall.
If you firewall is a Cisco PIX or ASA, running 7.0(x) code you can apply QoS policies on the outside and inside interface.
If you are running 7.2 (x) and above you can apply the QoS policies not only on the interface - but the direction of the traffic at the interface.
So as an example - you could have a policy that limits any HTTP/HTTPs traffic on the inside interface going ONTO the LAN - onto your inside network FROM the internet.
Below is a link to get you started:-
Besides Andrew's suggestion of using your firewall, you can also expand you p2p policy on the router to police inbound (non-priority) traffic.
However, whether controlling inbound traffic on the router or a firewall, you can still encounter congestion on the inbound link. The reason being, traffic can fill the link before your downstream device drops traffic. The issue isn't normally making available 2 Mbps going into your LAN, but making the bandwidth available on the Internet link itself, inbound.
The best solution is management of the otherside of your Internet link's outbound interface, which is the source of the inbound traffic to you. Unfortunately, most ISPs won't offer anything beyond providing more bandwidth (at additional cost).