Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco Qos - Edge Router Sample Config

Status
Not open for further replies.

rflanary

IS-IT--Management
Apr 21, 2006
89
US
Anyone have a qos configuration for an edge router. I know around about what i need to do but i am curious to see what other people are doing.

What types of traffic is priority and what traffic gets reduced or dropped.

Thanks
 
Here is a quick breakdown of how I try to classify my traffic.
Priority = Voip
Interactive video and Streaming video are next
Mission Critical traffic which is primarily internal telnet and citrix traffic
Network management is internal ssh and traffic to/from my monitoring servers
Bulk traffic is network printing primarily with some NCP

 
where i work we have 4 classes of service for customers, they decide what to put in each. usually class 1 is for voip, 2 is for critical traffic, etc. however we also have management and routing traffic we need to protect so we classify management traffic by ip address and bgp by tcp port number. for voip, usually we match dscp ef.

ip access-list extended COS3APPLICATION
permit ip any any
access-list 178 permit tcp any eq bgp any
access-list 178 permit tcp any any eq bgp
access-list 180 remark management subnet
access-list 180 permit x.x.x.x 0.0.1.255 any

class-map match-any MGMTCLASSFORPOLICING
match access-group 180
class-map match-any RPCLASSFORPOLICING
match access-group 178
class-map match-any APPCLASSFORPOLICING
match access-group name COS3APPLICATION
class-map match-any VOIPCLASSFORPOLICING
match dscp ef

since they are allowed to burst past their contracted rates, we just mark down anything that exceeds the limit (except for mgmt and bgp). voip is in the LLQ and exceeding traffic gets dropped

policy-map MGMTPOLICY
class RPCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 48 exceed-action set-dscp-transmit 48
class MGMTCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 18
policy-map COS3POLICY
class APPCLASSFORPOLICING
police 768000 96000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 20
policy-map VOIPPOLICY
class VOIPCLASSFORPOLICING
police 128000 16000 conform-action set-dscp-transmit 46 exceed-action drop

we have some fancy nested policies, and the above all get put into the "mother" policy:

policy-map QOSPOLICY
class CONTROLCLASSFORQUEUING (NOT SHOWN)
bandwidth remaining percent 1
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 100 200 10
random-detect dscp 48 200 300 10
service-policy MGMTPOLICY <---- NESTED
class VOIPCLASSFORQUEUING (NOT SHOWN)
priority 128
service-policy VOIPPOLICY <---- NESTED
class COS3FORQUEUING (NOT SHOWN)
bandwidth remaining percent 99
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 200 300 10
random-detect dscp 20 50 100 10
service-policy COS3POLICY <---- NESTED

then apply to WAN interface:

interface ATM0/IMA0.101 point-to-point
bandwidth 1544
no ip proxy-arp
pvc toper 1/101
service-policy output QOSPOLICY
max-reserved-bandwidth 100

i have yet to master the art of nested hierarchical policies, but they are pretty cool. i hope that gives you some ideas

 
Thanks for the example. Just for clarification i am not an ISP. I just wanted to see how http, https, smtp traffic was handled.

I am in a situation were we have a single t1 for internet and not enough bandwidth to go around. I was looking at Qos to limit someone from hogging all the bandwidth.

 
I understand policy maps and car. I wanted to get other users input on how they manage there traffic outgoing to the net.

Do you give a higher priority to smtp or http. What is considered good traffic? Where I work email and web is critical.

I the real world how do you manage traffic?

Obviously p2p traffic can be dropped.
 
Oh, I got ya. Sorry.
With p2p traffic, you can also use CBAC. You should have all the protocols (or most) in the PAM database...
sh ip port-map

Burt
 
Determining what is good vs what is bad traffic I think is more of an art, and also depends on your business needs. From what I've found, you really need to understand how to profile the different traffic as far what is and is not tolerant to dropped packets.

If you are using VoIP, no matter what that should be a priority. Where I work, Telnet and Citrix are key methods to our business critical systems, so I have those set rather high too. Internal HTTP traffic is favored over Internet HTTP. I could post how I'm marking traffic, but I don't think it would be much help without understanding better what every application is for.

Another thing I should have mentioned, on my edge (which is my connections back to the corporate head quarters) I'm running CBWFQ. For my metronet connections I'm using CBWFQ and Shaping where possible.

The thing I don't care for in the Cisco guides for QoS is how they label the queues. I try very hard when I'm talking to my customers to not tell them "well, your traffic is in the Bulk queue, not Mission Critical". I know I'll have directors jump me because everyone thinks there applications are the most important.
 
Based on any of your experience should i give dedicated bandwidth to http/https, smtp, etc.. or should i do a Weighted que. If so what would any recommend?

http/https and smtp are the only priority applications i have so far.

What i am really after is the web browsing everyone tends to complain in the middle of the day and end of the day about how slow the internet is. I want to make sure everyone can get there fair share.

More bandwidth is probably the way i need to go. But i want to try some qos first.

 
From what you've given, I think I'd look at CBWFQ and put http/https traffic in one queue, smtp in another, and let everything else go to class-default.

As far as how much bandwidth to allocate to each, you'll have to probably do some playing with it to see what is enough.

If it is a specific time of day that people are complaining about, you may want to do some more digging and see if something else is chewing up the bandwidth. I've had a lot of trouble with Antivirus software not being configured correctly and everyone going out to the internet (instead of internal servers) for updates at the same time.
 
Oh, I got ya. Sorry.
With p2p traffic, you can also use CBAC. You should have all the protocols (or most) in the PAM database...
sh ip port-map

Burt

CBAC? Don't you mean NBAR..

Andy
 
Isn't he talking about file sharing networks, like Kazaa, E Donkey, etc.?

Burt
 
Yes I want to limit those applications. However my goal for posting this thread was to find out what other people are doing in the real world to config qos on an internet connection.

I have some examples on nbar and car.
 
The real question doesn't revolve around what we are doing, but instead what your internal polices state.
 
rflanary, I was responding to andy (ADB). I thought CBAC with PAM would stop p2p traffic without it even having to go to a queue to see what priority it takes...
Also, usually people always give top precedence to VoIP. That seems to be the only constant in the equation. Do you host anything, your own site, ftp, etc? Are you a top secret government entity that cannot allow even Google searches? You may just have to set everything to the way lerdalt has suggested, and see how that goes.

Burt
 
Thanks for everyones comments. I appreciate it.

I was looking at sdm 2.5 at the qos wizard. It seems more geared to voice and not video.

On my wan side I setup qos but sdm doesn't seem to reconize the policy maps.

Should I delete all the policy maps and create them from sdm instead of the cli?
 
Well, I have done that with dynamic DNS, and it goofed it up more---a LOT more! I would say no. Post the config, and let us know what is working and what is not.

Burt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top