Switch QoS

[jpopa]

I've done QoS on router serial interfaces using class-map/policy-map to set up diffserv in the past. I need to set up QoS on my switch, and it looks like I can do it, but I have a simple question or two.

1) Is there any way I can classify packets via VLAN? It looks like I can't do it with an ACL... but it would be something like 'access-list 1xx permit vlan y' I know that's an invalid command, just makes things move easier in my head explaining this.

2) Where do I apply the command to input SETDSCP? On the interface? Or the vlan 10,20, etc?

Thanks!

 

[Jsteve]

MQC is the way to go. you may need to do a little research, but here is a quick link

http://www.cisco.com/en/US/products/ps6558/products_white_paper09186a0080123415.shtml

basically it's broken down into three sections.
Class-map - where you classify traffic (even by vlan)
policy-map - where you tie together all of your classes and set policies, like setting the dscp
Service policy - where you apply it to the interface.

i.e

Class-map VLAN10
match input-interface vlan 10
Class-map HTTP
match protocol http
!
policy-map MYPOLICY
class VLAN10
set dscp 18
class HTTP
set dscp 10
!
int e0/0
service-policy input MYPOLICY

 

[jpopa]

Ok... messing with this right now, but the problem I am running into right now is when I apply 'service-policy input qos' on for example f0/4 I get this:

%QoS: policy-map qos with MATCH INPUT-INTERFACE not allowed at this level on SVI interface

Any thoughts?

 

[KiscoKid]

It doesn't seem to support this command: match input-interface vlan 10 in your class-map.

If vlan 10 maps to a single IP subnet, you could instead use the following:

Class-map VLAN10
match access-group 1

access-list 1 permit 192.168.10.0 0.0.0.255

 

[jpopa]

Yeah that's what I've been playing with for the past while. I've done diffserv and llq before on routers, but this is making my head hurt

Right now I have a basic config in similar to what was posted above(except that I'm now filtering based on port number for the RTP voice packets) and when I do a 'show policy-map interface' I see 0 packets were applicable to the policy-map on each interface I applied it to. Will this ever tell me that it is finding traffic? Or no?

 

[Jsteve]

What I posted was just the general format. But you neeed to detemint what you want to accomplish and research a little.

There are a couple of things to note. queueing scheduling happens on egrese of the ports only (with the only exception is the 6500 switches) and you need to mark packets.

So you need to follow the basic rule of thumb;
1. mark packets coming into you ports
2. set queueing policy on output of your ports

as for the vlans you may want to try and classify as they leave to SVI

int vlan 10
service-policy output MYPOLICY

What exactly do you want to accomplish?

As for the marking, I had the same issues with most of my 3550's and 3750's and I openned a TAC case and spent a lot of thime with their engineers trouble shoting this issue. In the end they told me that the "sh policy-map int" command was not supported. Instead use the " show mls qos int f0/1 stat" command verify. We even went a step further to prove it by commecting a sniffer to the down stream switch and captured packets that was coing from a partuciual subnet from the upstream switch and they were being marked. They explained that the I could not capture from the same switch where I was doing the marking, because the marking and scheduling happens after the point to where the packets are captured.

 

[jpopa]

Thanks for the help, this command was exactly what I was looking for. Basically my setup is as follows:

class-map match-any best-effort
match access-group 190
class-map match-all quintum
match access-group 199
class-map match-all voice
match access-group 198
!
!
policy-map voip
class voice
set dscp ef
police 5000000 1000000 exceed-action drop
class quintum
set dscp ef
police 5000000 1000000 exceed-action drop
class best-effort

access-list 190 permit ip any any
access-list 198 permit tcp any any eq 5004
access-list 199 permit ip any any tos 5

From there I have the service-policy command on each interface.

 

[Jsteve]

Your close, you are still not prioritizing your voice packets. It's not a good idea to police the ef traffic, instead use the priority keywprd in your policy.

What kind of switch do you have?

 

[jpopa]

It's a 3650. I guess I'm just lost on what is actually used to prioritize the traffic.

 

[jpopa]

Excuse me, 3560

 

[ADB100]

You can't do egress policing on the 3560 (or 2960, 2970 & 3750). The design guides talk about ingress classifying & policing and egress queueing:

Enterprise QoS Solution Reference Network Design Guide:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf

HTH

Andy

 

[Jsteve]

I would suggest the following

first verify that your PBX is marking the packets as tos 5 by using "ip accounting"

int f0/0
desc connection to PBX
ip accounting input-packets
ip accounting output-packets
ip accounting precedence in
ip accounting precedence out
!
show int f0/0 precedence

than I would suggest the following polcy.

ip cef
mls qos
!
access-list 198 permit tcp any any eq 5004
access-list 199 permit ip any any tos 5
!
class-map match-all quintum
match access-group 199
class-map match-all voice
match access-group 198
!
!
policy-map voip
class voice
set dscp ef
class quintum
set dscp ef
class class-default
fair-queue
random-detect
!
int g0/1
priority-queue out
service-policy out voip

 

[ADB100]

int g0/1
priority-queue out
service-policy out voip

As I stated earlier this isn't possible on the 3560 (or 2960, 2970 & 3750) since they don't support egress policers. It was possible on the 3550 but the newer switches are based on a different platform and there is no way to apply egress policers. All you can do is queue traffic based on the CoS value of the packets. I would suggest reading the design guides to clarify.

HTH

Andy

 

[jpopa]

Not to contradict you, but just reading on Cisco I see the following defined under the 3560.

# Egress queues and scheduling
#

* Four egress queues per port

Also, the command priority-queue out on the port and I've tested it. Either way everyone has been a huge help here.

 

[ADB100]

Hi

Yes, there are 4 egress queues per port on the 3560, when the command 'priority-queue' out is applied Queue 1 becomes a strict priority queue. The other 3 queues operate in Shared Round Robin (SRR) fashion which is similar to Weighted Round Robin in that each queue has a weight and is serviced proportionally to each other.

i.e. Q2 has a weight of 10, Q3 30 and Q4 60

This will result in a 10% weight to Q2, 30% to Q3 and 60% to Q4.

Admission to each egress queue is based on the packets CoS value that is derived from the DSCP-CoS Mappings:

cat-3560-48-s1#show mls qos maps dscp-cos
   Dscp-cos map:
     d1 :  d2 0  1  2  3  4  5  6  7  8  9
     ---------------------------------------
      0 :    00 00 00 00 00 00 00 00 01 01
      1 :    01 01 01 01 01 01 02 02 02 02
      2 :    02 02 02 02 03 03 03 03 03 03
      3 :    03 03 04 04 04 04 04 04 04 04
      4 :    05 05 05 05 05 05 05 05 06 06
      5 :    06 06 06 06 06 06 07 07 07 07
      6 :    07 07 07 07

cat-3560-48-s1#show mls qos maps cos-output-q
   Cos-outputq-threshold map:
              cos:  0   1   2   3   4   5   6   7
              ------------------------------------
  queue-threshold: 3-3 4-3 2-1 2-2 2-1 1-3 2-3 2-3

Just to clarify on the egress policing:

cat-3560-48-s1(config-if)#service-policy output IPPHONE+PC-BASIC
Warning: Assigning a policy map to the output side of an interface not supported

HTH

Andy

 

[Jsteve]

Yes, Andy is correct the 3560 dont not support the service-policy output command. Works fine on the 3550s and 3750s. There is a built in scheduler thay maps the dscp to the cos, as Andy stated. You can create the same type of LLQ policy, the doc provided above is a good read and can lead you in the right direction.

 

[ADB100]

Works fine on the 3550s and 3750s.

It doesn't work on the 3750's - Maybe it works on the 3750 Metro but not the standard 3750 or 3750G's.

Andy