Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco Qos - Edge Router Sample Config
- Thread starter rflanary
- Start date
- Thread starter
- #2
Here is a quick breakdown of how I try to classify my traffic.
Priority = Voip
Interactive video and Streaming video are next
Mission Critical traffic which is primarily internal telnet and citrix traffic
Network management is internal ssh and traffic to/from my monitoring servers
Bulk traffic is network printing primarily with some NCP
Priority = Voip
Interactive video and Streaming video are next
Mission Critical traffic which is primarily internal telnet and citrix traffic
Network management is internal ssh and traffic to/from my monitoring servers
Bulk traffic is network printing primarily with some NCP
norteldude78
IS-IT--Management
where i work we have 4 classes of service for customers, they decide what to put in each. usually class 1 is for voip, 2 is for critical traffic, etc. however we also have management and routing traffic we need to protect so we classify management traffic by ip address and bgp by tcp port number. for voip, usually we match dscp ef.
ip access-list extended COS3APPLICATION
permit ip any any
access-list 178 permit tcp any eq bgp any
access-list 178 permit tcp any any eq bgp
access-list 180 remark management subnet
access-list 180 permit x.x.x.x 0.0.1.255 any
class-map match-any MGMTCLASSFORPOLICING
match access-group 180
class-map match-any RPCLASSFORPOLICING
match access-group 178
class-map match-any APPCLASSFORPOLICING
match access-group name COS3APPLICATION
class-map match-any VOIPCLASSFORPOLICING
match dscp ef
since they are allowed to burst past their contracted rates, we just mark down anything that exceeds the limit (except for mgmt and bgp). voip is in the LLQ and exceeding traffic gets dropped
policy-map MGMTPOLICY
class RPCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 48 exceed-action set-dscp-transmit 48
class MGMTCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 18
policy-map COS3POLICY
class APPCLASSFORPOLICING
police 768000 96000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 20
policy-map VOIPPOLICY
class VOIPCLASSFORPOLICING
police 128000 16000 conform-action set-dscp-transmit 46 exceed-action drop
we have some fancy nested policies, and the above all get put into the "mother" policy:
policy-map QOSPOLICY
class CONTROLCLASSFORQUEUING (NOT SHOWN)
bandwidth remaining percent 1
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 100 200 10
random-detect dscp 48 200 300 10
service-policy MGMTPOLICY <---- NESTED
class VOIPCLASSFORQUEUING (NOT SHOWN)
priority 128
service-policy VOIPPOLICY <---- NESTED
class COS3FORQUEUING (NOT SHOWN)
bandwidth remaining percent 99
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 200 300 10
random-detect dscp 20 50 100 10
service-policy COS3POLICY <---- NESTED
then apply to WAN interface:
interface ATM0/IMA0.101 point-to-point
bandwidth 1544
no ip proxy-arp
pvc toper 1/101
service-policy output QOSPOLICY
max-reserved-bandwidth 100
i have yet to master the art of nested hierarchical policies, but they are pretty cool. i hope that gives you some ideas
ip access-list extended COS3APPLICATION
permit ip any any
access-list 178 permit tcp any eq bgp any
access-list 178 permit tcp any any eq bgp
access-list 180 remark management subnet
access-list 180 permit x.x.x.x 0.0.1.255 any
class-map match-any MGMTCLASSFORPOLICING
match access-group 180
class-map match-any RPCLASSFORPOLICING
match access-group 178
class-map match-any APPCLASSFORPOLICING
match access-group name COS3APPLICATION
class-map match-any VOIPCLASSFORPOLICING
match dscp ef
since they are allowed to burst past their contracted rates, we just mark down anything that exceeds the limit (except for mgmt and bgp). voip is in the LLQ and exceeding traffic gets dropped
policy-map MGMTPOLICY
class RPCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 48 exceed-action set-dscp-transmit 48
class MGMTCLASSFORPOLICING
police 8000 8000 8000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 18
policy-map COS3POLICY
class APPCLASSFORPOLICING
police 768000 96000 conform-action set-dscp-transmit 18 exceed-action set-dscp-transmit 20
policy-map VOIPPOLICY
class VOIPCLASSFORPOLICING
police 128000 16000 conform-action set-dscp-transmit 46 exceed-action drop
we have some fancy nested policies, and the above all get put into the "mother" policy:
policy-map QOSPOLICY
class CONTROLCLASSFORQUEUING (NOT SHOWN)
bandwidth remaining percent 1
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 100 200 10
random-detect dscp 48 200 300 10
service-policy MGMTPOLICY <---- NESTED
class VOIPCLASSFORQUEUING (NOT SHOWN)
priority 128
service-policy VOIPPOLICY <---- NESTED
class COS3FORQUEUING (NOT SHOWN)
bandwidth remaining percent 99
random-detect dscp-based
random-detect exponential-weighting-constant 1
random-detect dscp 18 200 300 10
random-detect dscp 20 50 100 10
service-policy COS3POLICY <---- NESTED
then apply to WAN interface:
interface ATM0/IMA0.101 point-to-point
bandwidth 1544
no ip proxy-arp
pvc toper 1/101
service-policy output QOSPOLICY
max-reserved-bandwidth 100
i have yet to master the art of nested hierarchical policies, but they are pretty cool. i hope that gives you some ideas
- Thread starter
- #5
Thanks for the example. Just for clarification i am not an ISP. I just wanted to see how http, https, smtp traffic was handled.
I am in a situation were we have a single t1 for internet and not enough bandwidth to go around. I was looking at Qos to limit someone from hogging all the bandwidth.
I am in a situation were we have a single t1 for internet and not enough bandwidth to go around. I was looking at Qos to limit someone from hogging all the bandwidth.
- Thread starter
- #7
I understand policy maps and car. I wanted to get other users input on how they manage there traffic outgoing to the net.
Do you give a higher priority to smtp or http. What is considered good traffic? Where I work email and web is critical.
I the real world how do you manage traffic?
Obviously p2p traffic can be dropped.
Do you give a higher priority to smtp or http. What is considered good traffic? Where I work email and web is critical.
I the real world how do you manage traffic?
Obviously p2p traffic can be dropped.
Determining what is good vs what is bad traffic I think is more of an art, and also depends on your business needs. From what I've found, you really need to understand how to profile the different traffic as far what is and is not tolerant to dropped packets.
If you are using VoIP, no matter what that should be a priority. Where I work, Telnet and Citrix are key methods to our business critical systems, so I have those set rather high too. Internal HTTP traffic is favored over Internet HTTP. I could post how I'm marking traffic, but I don't think it would be much help without understanding better what every application is for.
Another thing I should have mentioned, on my edge (which is my connections back to the corporate head quarters) I'm running CBWFQ. For my metronet connections I'm using CBWFQ and Shaping where possible.
The thing I don't care for in the Cisco guides for QoS is how they label the queues. I try very hard when I'm talking to my customers to not tell them "well, your traffic is in the Bulk queue, not Mission Critical". I know I'll have directors jump me because everyone thinks there applications are the most important.
If you are using VoIP, no matter what that should be a priority. Where I work, Telnet and Citrix are key methods to our business critical systems, so I have those set rather high too. Internal HTTP traffic is favored over Internet HTTP. I could post how I'm marking traffic, but I don't think it would be much help without understanding better what every application is for.
Another thing I should have mentioned, on my edge (which is my connections back to the corporate head quarters) I'm running CBWFQ. For my metronet connections I'm using CBWFQ and Shaping where possible.
The thing I don't care for in the Cisco guides for QoS is how they label the queues. I try very hard when I'm talking to my customers to not tell them "well, your traffic is in the Bulk queue, not Mission Critical". I know I'll have directors jump me because everyone thinks there applications are the most important.
- Thread starter
- #10
Based on any of your experience should i give dedicated bandwidth to http/https, smtp, etc.. or should i do a Weighted que. If so what would any recommend?
http/https and smtp are the only priority applications i have so far.
What i am really after is the web browsing everyone tends to complain in the middle of the day and end of the day about how slow the internet is. I want to make sure everyone can get there fair share.
More bandwidth is probably the way i need to go. But i want to try some qos first.
http/https and smtp are the only priority applications i have so far.
What i am really after is the web browsing everyone tends to complain in the middle of the day and end of the day about how slow the internet is. I want to make sure everyone can get there fair share.
More bandwidth is probably the way i need to go. But i want to try some qos first.
From what you've given, I think I'd look at CBWFQ and put http/https traffic in one queue, smtp in another, and let everything else go to class-default.
As far as how much bandwidth to allocate to each, you'll have to probably do some playing with it to see what is enough.
If it is a specific time of day that people are complaining about, you may want to do some more digging and see if something else is chewing up the bandwidth. I've had a lot of trouble with Antivirus software not being configured correctly and everyone going out to the internet (instead of internal servers) for updates at the same time.
As far as how much bandwidth to allocate to each, you'll have to probably do some playing with it to see what is enough.
If it is a specific time of day that people are complaining about, you may want to do some more digging and see if something else is chewing up the bandwidth. I've had a lot of trouble with Antivirus software not being configured correctly and everyone going out to the internet (instead of internal servers) for updates at the same time.
- Thread starter
- #14
rflanary, I was responding to andy (ADB). I thought CBAC with PAM would stop p2p traffic without it even having to go to a queue to see what priority it takes...
Also, usually people always give top precedence to VoIP. That seems to be the only constant in the equation. Do you host anything, your own site, ftp, etc? Are you a top secret government entity that cannot allow even Google searches? You may just have to set everything to the way lerdalt has suggested, and see how that goes.
Burt
Also, usually people always give top precedence to VoIP. That seems to be the only constant in the equation. Do you host anything, your own site, ftp, etc? Are you a top secret government entity that cannot allow even Google searches? You may just have to set everything to the way lerdalt has suggested, and see how that goes.
Burt
- Thread starter
- #17
Thanks for everyones comments. I appreciate it.
I was looking at sdm 2.5 at the qos wizard. It seems more geared to voice and not video.
On my wan side I setup qos but sdm doesn't seem to reconize the policy maps.
Should I delete all the policy maps and create them from sdm instead of the cli?
I was looking at sdm 2.5 at the qos wizard. It seems more geared to voice and not video.
On my wan side I setup qos but sdm doesn't seem to reconize the policy maps.
Should I delete all the policy maps and create them from sdm instead of the cli?
- Status