QoS ingress or egress?

[Deepseadata]

Hey there,

I'm about to take a stab at implementing QoS on my Cisco 3560. One port is routed to my gateway (Cisco 2801) and I don't know which way I'm supposed to do the QoS.

What I'm going to try to do is limit bandwidth to certain vlans. I need to push them aside when my important vlans start browsing the net.

I'm reading that I need to classify the vlan with an ACL then setup a policy. Do I need to setup an ACL and policy for each direction?

 

[ADB100]

QoS should be implemented both ways - ingresss & egress. With the 3560 you can apply ingress QoS service policies to classify & police inbound traffic as well as simply 'trust' the CoS or DSCP values of the inbound packets. On egress you can only queue traffic based on its QoS tag (either CoS or DSCP). You have four hardware queues that operate in SRR mode (Shared Round Robin, similar to WRR). Optionally one of theses queues (Q1) can be an expedite queue, this would typically be used to transport RTP voice traffic.

Have a read of the configuration guide for QoS on the 3560:

http://www.cisco.com/en/US/docs/swi...ase/12.2_46_se/configuration/guide/swqos.html

I also recommend you read the QoS SRND guide as there are good starting examples for almost all switch platforms, as well as router QoS etc:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.html

Really the SRND site has lots of good guides:

http://www.cisco.com/go/srnd

HTH

Andy

 

[Deepseadata]

Oh man that was a good reply. Most of the stuff I read is about VOIP

I've been reading this, too.

http://www.zdnetasia.com/insight/network/0,39044847,61974078,00.htm

Do I need a class-map if I don't care about what type of traffic.. can I just put a range of IP's (a vlan) in an access list, create a policy-map, and then apply it to an interface?

The first link you gave me is what I'd been going off of.. but it's typical cisco.com, the info is there but it's cryptic if you've never seen an example.

 

[ADB100]

It might be worth posting what is it you are trying to achieve?

If you are going to write an ingress service-policy then yes you need class-maps. Class-maps can match against layer-3 addresses using ACLs or DSCP/IP Precedence.

Andy

 

[Minue]

Hello
In your case without voice I would use CBWFQ.You should classify and mark the traffic on the 3560 using the Vlan interface as the match case.Build your classes for every Vlan.Then mark the packets with Ip precedence or DCSP.The 2800 would be best the handle the Queuing because it's where the congestion will happen.If you agree with this solution I can post an QOS policy example.
Regards

 

[Deepseadata]

Hi Minue!

Actually I do have voice running. There are 2 fxs ports on the 2801 router/gateway and I'll assume they have QoS running on it. I figured no matter what I do behind the router their QoS will take care of their voice traffic on the WAN link.

If other vlans on my switch aren't included in any access-lists on my switch, will they still be pushed aside by my QoS'd vlans? I hope so.

I just want to give the address range
192.168.51.1 --> 192.168.51.199 and 192.168.52.1 --> 192.168.52.199 bandwidth on port 0/48 (the link to the router). So I guess that would be in both directions, too

I also read that there's two types of of Policing; bandwidth and precedence. I think I need a bandwidth, no?
I just don't want users complaining to me about a slow internet because the crew just went on break and they are stealing all the guests' browsing bandwidth.

I'm going to do a read on CBWFQ now to see if that looks like my best option.

Thanks guys!

 

[VinceWhirlwind]

I know what you mean about the Cisco doco - everything's explained, but it doesn't actually teach you how to actually do it.

FIRST - your 3560 cannot apply bandwidth statements to egress traffic, so essentially you can't do what you want to do. (Unless it's a 3560E, in which case I don't know - I'm getting my first pair of these in 2 weeks).

SECOND - you *can* classify your traffic on ingress, as follows:

a/ Match it:

ip access-list extended appln.traffic
permit tcp any any eq 12345
ip access-list extended video.traffic
permit tcp any any range 5555 5574
permit ip host 10.2.4.13 any
ip access-list extended voice.traffic
permit ip 10.16.0.0 0.15.255.255 any

b/ classify it:
class-map match-all appln
match access-group name appln.traffic
class-map match-all video
match access-group name video.traffic
class-map match-all voice
match access-group name voice.traffic

c/ mark it:
policy-map Assign.DSCP
class voice
set dscp ef
class video
set dscp af41
class appln
set dscp af21

 

[Minue]

Hello
The vlan's not included will fall into the default class.QOS is a very complex and personal tool.You will need to monitor your network ,know your traffic and then decide which is the best tools.You mention policing but if you choose the right QOS tools,you won't need it.Policing is normally use to kill scavenger traffic.
Regards