Apply QoS policies to MPLS interfaces

Hello all,
We are deploying an MPLS transport network for our research project, and we are getting undefined errors about the QoS application over tunnel interfaces. The tunnel interfaces are those we configure between end points.
For example, if we apply a rate-limit to a tunnel interface, this is not applied, although the router anc CLI let configure the policy.
Does anybody know how to manage this kind of policies or shaping to MPLS?
Thanks for your help.

Hello,
No, in fact, what we want to configure is output policies. For example, at the ingress LER of the MPLS cloud, we receive some traffic that we set it as an specific class of service, for example, "interactive traffic". Once the traffic is classified, we route it to the correct output tunnel interface, i.e., to the next LSR. It's at that interface where we want to set the policy, so.
When we set the policy, with the "service-policy output tunnel0", for example, the CLI doesn't return any message of error. In fact, it lets to configure it, and if we use the command "show policy-map interface tunnel0", CLI returns the configuration of the policy at that interface.
Thanks for your help.

Similar Messages

Router Dead , when i applied QOS on virtual-temp interface for vpn !!

hi all ,
i have a simple brief topology below :
PSTN======(R1-7206)>F1=======F2>(R2-7604 catalyst)>>>F1=========Internet
i have two router
R2========>MLS 7604
R1======>cisco 7204
on R2 , Im doing matching to QOS by dscp , im matching acls ips from internet with dscp values :
here is CONFIG for matching :
Gateway7600#sh policy-map LLQX
Policy Map LLQX
    Class YOUTUBE
      set ip dscp af43
    Class FACEBOOKVIDEOS
      set ip dscp af33
    Class HTTP
      set dscp af23
    Class DNSQOS
      set dscp af13
    Class class-default
      set ip dscp af11
================
Gateway7600#sh class-map
Class Map match-all FACEBOOKVIDEOS (id 7)
   Match access-group name facebookvideos
Class Map match-all DNSQOS (id 8)
   Match access-group name dnsqos
Class Map match-all HTTP (id 6)
   Match access-group name browsing
Class Map match-any class-default (id 0)
   Match any
Class Map match-all YOUTUBE (id 5)
   Match access-group name youtube
Gateway7600#
=========================================================
on this router i applied this policy map on interfaxce F1 in direction
and here matching is well :
Gateway7600#sh policy-map interface gigabitEthernet 1/5 in
GigabitEthernet1/5
Service-policy input: LLQX
    class-map: rate-limit (match-all)
      Match: access-group name rate-limit
      police :
        4088000 bps 384000 limit 384000 extended limit
      Earl in slot 1 :
        139044930 bytes
        30 second offered rate 143032 bps
        aggregate-forwarded 134420937 bytes action: transmit
        exceeded 4623993 bytes action: drop
        aggregate-forward 22544 bps exceed 0 bps
    class-map: YOUTUBE (match-all)
      Match: access-group name youtube
      set dscp 38:
      Earl in slot 1 :
        132693939697 bytes
        30 second offered rate 212144928 bps
        aggregate-forwarded 132693939697 bytes
    class-map: FACEBOOKVIDEOS (match-all)
      Match: access-group name facebookvideos
      set dscp 30:
      Earl in slot 1 :
        10726758352 bytes
        30 second offered rate 20682720 bps
        aggregate-forwarded 10726758352 bytes
    class-map: HTTP (match-all)
      Match: access-group name browsing
      set dscp 22:
      Earl in slot 1 :
        56874058537 bytes
        30 second offered rate 92669832 bps
        aggregate-forwarded 56874058537 bytes
    class-map: DNSQOS (match-all)
      Match: access-group name dnsqos
      set dscp 14:
      Earl in slot 1 :
        160308954 bytes
        30 second offered rate 303552 bps
        aggregate-forwarded 160308954 bytes
    class-map: class-default (match-any)
      Match: any
      set dscp 10:
      Earl in slot 1 :
        67394864030 bytes
        30 second offered rate 126884864 bps
        aggregate-forwarded 67394864030 bytes
=================================================================================
now the problem is below
on router 7200 , it is LNS router connected with LAC roiuter for ADSL customers.
now here is config of policy map on 7200 router:
R11#sh policy-map
Policy Map MATCH_MARKS
    Class MATCH_YOUTUBE
      bandwidth 220000 (kbps)
    Class MATCH_FACEBOOKVIDEOS
      bandwidth 20000 (kbps)
    Class MATCH_HTTP
      bandwidth 100000 (kbps)
=========================================================
R1#sh class-map
Class Map match-all MATCH_FACEBOOKVIDEOS (id 2)
   Match ip dscp af33 (30)
Class Map match-all MATCH_HTTP (id 3)
   Match ip dscp af23 (22)
Class Map match-any class-default (id 0)
   Match any
Class Map match-all MATCH_YOUTUBE (id 1)
   Match ip dscp af43 (38)
==========================================================
here is virtual-template interface before i apply the QOS
R1#sh running-config interface virtual-template 1
Building configuration...
Current configuration : 352 bytes
interface Virtual-Template1
bandwidth 1000000
ip unnumbered Loopback0
ip tcp adjust-mss 1412
ip policy route-map private
no logging event link-status
qos pre-classify
peer default ip address pool bitsead1 bitsead2
ppp mtu adaptive
ppp authentication pap vpdn
ppp authorization vpdn
ppp accounting vpdn
max-reserved-bandwidth 90
end
=========================================
when i apply the command
(service-poliy output MATCH_MAKRS ) under virtual-template interface i have console logs :
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
Insufficient bandwidth 149760 kbps for the bandwidth guarantee (220000)
also i have
*Jul 9 22:28:38.242: Interface Virtual-Access2551 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.250: Interface Virtual-Access627 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.258: Interface Virtual-Access786 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.266: Interface Virtual-Access623 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.274: Interface Virtual-Access2559 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.282: Interface Virtual-Access2281 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:38.290: Interface Virtual-Access142 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACCD0z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
*Jul 9 22:28:40.262: %SYS-2-INTSCHED: 'suspend' at level 3 -Process= "VTEMPLATE Background Mgr", ipl= 3, pid= 278, -Traceback= 0x756FF0z 0x3439C58z 0x2778D70z 0x2CACD28z 0x2CC63E0z 0x2CC7FF8z 0x2CADC74z 0x2CBE058z 0x2CA0340z 0x2CA04F8z 0x2E0BB18z 0x2D23378z 0x2D1825Cz 0x2D18738z 0x2E66FE0z 0x2D971ACz
after i apply it ,
the cpu is 100 % and the router got down !!!
now
what is the problem ????
here is ios for 7200 router
R1#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
Bras1 uptime is 13 weeks, 1 day, 9 hours, 24 minutes
System returned to ROM by reload at 16:24:51 GMT+3 Tue Jun 17 2003
System image file is "disk2:c7200p-adventerprisek9-mz.124-24.T7.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 917504K/65536K bytes of memory.
Processor board ID 36858624
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.11
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================================
wish to Help ASAP
regards

hi ,
i did
the same issue ,
i did a TEST policymap that has 30 percent gurantee
but the same result!!!!!!!!!!!!!!!!
the router god down agian !
here is logs :
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.605: Interface Virtual-Access1896 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.797: Interface Virtual-Access1317 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.809: Interface Virtual-Access993 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.817: Interface Virtual-Access1699 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.981: Interface Virtual-Access254 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:33.993: Interface Virtual-Access687 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.001: Interface Virtual-Access35 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.009: Interface Virtual-Access160 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.017: Interface Virtual-Access1337 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.029: Interface Virtual-Access1670 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.037: Interface Virtual-Access1948 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.049: Interface Virtual-Access1669 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.109: Interface Virtual-Access1334 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.117: Interface Virtual-Access151 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.125: Interface Virtual-Access761 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.137: Interface Virtual-Access810 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.197: Interface Virtual-Access1522 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.237: Interface Virtual-Access1692 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.257: Interface Virtual-Access368 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.305: Interface Virtual-Access1758 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.317: Interface Virtual-Access2061 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.325: Interface Virtual-Access1203 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.337: Interface Virtual-Access188 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.345: Interface Virtual-Access1975 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.357: Interface Virtual-Access1172 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.509: Interface Virtual-Access1647 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.517: Interface Virtual-Access458 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.609: Interface Virtual-Access608 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.621: Interface Virtual-Access2128 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.633: Interface Virtual-Access1167 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.641: Interface Virtual-Access487 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.653: Interface Virtual-Access1793 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.665: Interface Virtual-Access2280 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.769: Interface Virtual-Access839 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.781: Interface Virtual-Access2311 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.793: Interface Virtual-Access1788 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.857: Interface Virtual-Access8 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.869: Interface Virtual-Access2243 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:34.881: Interface Virtual-Access580 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.057: Interface Virtual-Access6 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.065: Interface Virtual-Access1331 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.077: Interface Virtual-Access1235 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.177: Interface Virtual-Access1748 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.189: Interface Virtual-Access2262 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Jul 11 02:40:35.205: Interface Virtual-Access2136 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
i want to ask a question , could this be from IOS ????

How to apply Qos in the precedence of cache server

m in an isp and iwant to apply the QOS to enhance my network internet performance
actually i have two requests , i will start with showing brief topology about my network and start asking the questions .
here is the topology below :
from the topology above , my access is only on R1 which is BGP internet gateway router and R2 is my ISP router.
1- i want to apply Qos on R1 so that a subnet of 32 ips to have gurantee bandwidth of 30M .
assume the subnet is 10.20.30.0/27 that need to be bw gurantee .
2- i want the download traffic by idman or ftp on my Router R1 dont exceed 50 % of my total bw .
i mean that i have 450M bandwith from my isp , & sometimes we have a slow in browsing , so i want to enhance the browsing quality because its more important that downloading files from internet.
here is my two requests above , i dont know how it will work with the precedence of the cache server .
anyway , i will paste my config of router and i will replace my puplic ips with xxx for privacy .
7200Gateway#sh run
Building configuration...
Current configuration : 10149 bytes
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 7200Gateway
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 50000
enable secret xxxxxxxxxxxxxx
no aaa new-model
ip source-route
ip wccp 80 redirect-list CACHE80
ip wccp 90 redirect-list CACHE90
ip cef
no ip domain lookup
ip accounting-threshold 4294967295
login block-for 180 attempts 3 within 60
login quiet-mode access-class telnet
login on-failure log
login on-success log
no ipv6 cef
multilink bundle-name authenticated
username xxxxxx password xxxxx
archive
log config
hidekeys
interface GigabitEthernet0/1
description LAN
bandwidth 230000
ip address 10.160.150.2 255.255.255.0
ip wccp 80 redirect in
ip policy route-map CACHE-REDIRECT
load-interval 30
duplex auto
speed auto
media-type rj45
negotiation auto
interface FastEthernet0/2
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/2
description Cache
bandwidth 150000
ip address x.x.x.x 255.255.255.248
ip wccp redirect exclude in
load-interval 30
duplex auto
speed 1000
media-type rj45
negotiation auto
interface GigabitEthernet0/3
description Internet
bandwidth 230000
ip address x.x.x.x 255.255.255.252
ip wccp 90 redirect in
load-interval 30
duplex full
speed 1000
media-type sfp
negotiation auto
router bgp zzzzzzz
no synchronization
bgp log-neighbor-changes
network xxxx mask xxxxx
network xxxx mask xxxx
network xxxx mask xxxxx
network xxxx mask xxxx
network xxxx mask xxxxx
network xxxx mask xxxx
redistribute connected
redistribute static
neighbor zzzzzzzz remote-as zzzzzzz
neighbor zzzzzzz password zzzzzzz
neighbor zzzzzz route-map Pipo out
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
ip route xxxxxxxx 255.255.0.0 xxxxxxxxxx
no ip http server
no ip http secure-server
ip flow-top-talkers
top 200
sort-by bytes
cache-timeout 5000
ip access-list extended bb
permit ip xxxx.xxxx.xx.0 0.0.1.255 any
ip access-list extended CACHE80
permit tcp xxxxxxx any eq www
ip access-list extended CACHE90
permit tcp any xxxxx.0 0.0.0.255
ip access-list extended pipo
permit ip xxxxx xxxxxxx any
permit ip xxxxx xxxxxxx any
ip access-list extended private
permit tcp 172.16.0.0 0.0.255.255 any eq www
permit ip 10.20.30.0 0.0.0.255 any
ip access-list extended telnet
permit ip xxxxxx xxxxxxx.255.255 any log
permit ip xxxx xxxxx 0.0.0.255 any log
ip prefix-list bb seq 5 permit xxxxx
ip prefix-list bbseq 10 permit xxxxxx
logging history size 500
no cdp run
route-map pipo permit 10
match ip address prefix-list pipo1
route-map pipo permit 20
match ip address prefix-list newsubnet
set metric 500
set origin incomplete
set as-path prepend xxxxxxxxx
route-map permit 10
match ip address prefix-list bibo
route-map CACHE-REDIRECT permit 10
match ip address private
set ip next-hop 1vvvvvv
route-map CACHE-REDIRECT permit 20
match ip address bibo e1
set ip next-hop vvvvvv
route-map CACHE-REDIRECT permit 30
match ip address pipo
set ip next-hop vvvvvvvvvv
route-map CACHE-REDIRECT permit 100
snmp-server community xxxxxx RO
control-plane
dial-peer cor custom
line con 0
password xxxxxxxx
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 60 0
password xxxxxxxxxxxxxxxxx
logging synchronous
login local
end

Hi Vinay,
Please check the program. I have used the replace statement but it is not working.
IF NOT v_sap_bom_rec IS INITIAL.
Spliting the records at '~' delimiter
    SPLIT v_sap_bom_rec AT c_del INTO wa_bom_file-model_name
                                       wa_bom_file-product_code
                                       wa_bom_file-description
                                       wa_bom_file-product_type
                                       wa_bom_file-mfg_part_num
                                       wa_bom_file-mfg_part_desc.
    REPLACE cl_abap_char_utilities=>horizontal_tab IN wa_bom_file-mfg_part_desc WITH space .
    wa_bom_file-status = c_status.
    APPEND wa_bom_file TO i_bom_file.
But it is not working.
Please help me..
Thanks
Neelima

Where to apply qos

We have this:
src/dst---ORtr1---100Mbps---SPRtr---512kbps---Ortr2---T1---Ortr2---src/dst
Where should we apply qos? We don't have access to SPRtr(service provider) and here is sample config on our router 1 (Ortr1):
interface FastEthernet0/0
service-policy output OUR-POLICY
Class-map voice-signaling
match access-group 102
class-map voice-traffic
match access-group 101
policy-map OUR-POLICY
class voice-traffic
priority 64
class voice-signaling
bandwidth 16
class class-default
fair-queue
access-list 101 permit udp any any range 16384 32767
access-list 102 permit tcp any eq 1720 any
access-list 102 permit tcp any any eq 1720

Hi,
Qos should be applied to ORtr1 FE, ORtr2 512k, ORtr3 (?) T1.
On ORtr2 and ORtr3 - connected through T1 - you can use f.e. your posted policy.
The tricky one is ORtr1 and your policy will not work. The underlying reason is: you are configuring queueing and it will only be involved IF the physical interface is overloaded. This means that there should be more than 100 Mbps traffic before your config is involved. Obviously the problem occurs already if there is more than 512k.
The solution to the problem is called "nested policy". It would look like this taking your initial policy:
interface FastEthernet0/0
service-policy output Shape512k
Class-map voice-signaling
match access-group 102
class-map voice-traffic
match access-group 101
policy-map OUR-POLICY
class voice-traffic
priority 64
class voice-signaling
bandwidth 16
class class-default
fair-queue
policy-map Shape512k
class class-default
shape 500
service-policy output OUR-POLICY
access-list 101 permit udp any any range 16384 32767
access-list 102 permit tcp any eq 1720 any
access-list 102 permit tcp any any eq 1720
The policy Shape512k will only allow 500 kbps to pass through the F0/0 interface. Once this SHAPER is overloaded you apply the policy OUR-POLICY to prioritize voip.
The idea is never overload your SPRtr interface. Thus you should not shape to 512k exactly to account for OSI layer2 overhead.
Hope this helps! Please rate all posts.
Regards, Martin

What is the best way to apply QoS to CAD

The CAD agent that are working remotely are seeing performance issues. Hence, would it really be better to apply QOS to the CAD workers for better performance or would it just be better to give the remote workers a VMachine and have all the CAD application run locally?

Enterprise
all the teleworkers have business class cable connection with a Cisco 800 router. I know big companies are seeing the same issue latancy that is probably caused by convergence time) maybe from a WAN hiccup. in reference to the VMare -Citrix, was just idea to throw out as a better solution for a more stable enviornment, but the service control messages maybe see a lag over the WAN ...its trading one evil for another...I know CIsco mobile workers are using the CVO solution...(similar to our setup)...thoughts?

OSPF problem in a GSR12000 with MPLS interfaces

Hi,
I am using an MPLS interface connected to other vendor routers.
OSPF is set on the MPLS interface.
The OSPF did not synched with the other vendor OSPF due to the following :
00:45:55: OSPF: Rcv DBD from 10.10.55.113 on GigabitEthernet4/0 seq 0x178476E opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART
00:45:55: OSPF: First DBD and we are not SLAVE
00:46:00: OSPF: Retransmitting DBD to 10.10.55.113 on GigabitEthernet4/0
00:46:00: OSPF: Up DBD Retransmit cnt to 1 for 10.10.55.113 on GigabitEthernet4/0
00:46:00: OSPF: Send DBD to 10.10.55.113 on GigabitEthernet4/0 seq 0x745 opt 0x52 flag 0x7 len 32
00:46:00: OSPF: Rcv DBD from 10.10.55.113 on GigabitEthernet4/0 seq 0x178476E opt 0x42 flag 0x7 len 32 mtu 1500 state EXSTART
00:46:00: OSPF: First DBD and we are not SLAVE
After diagnosing the problem we found out that if the loopback router-id address value is bigger then the neighbores IP address then you will get this problem.
If you will change the router-id ip address for 1.1.1.1 and the MTU is set ok (to be 1500 on the MPLs i/fs) then it will work well !
Regards,
Simhon Doctori.

Hi,
Sorry for barging in on this. Can you please tell me how this Master/Slave relationship comes into play in conjunction with DR. DR is a focal point for distributing LSD and propagating all the updates on broadcast or NBMA networks.
a. What if DR has a RID of 1.1.1.1 which is lower
than any other RID on a segment?
b. Will it be chosen as Master anyhow?
c. What if a topology change occurs on a Slave
router, it is allowed to update the Master?
Is there the same Master/Slave notion in other routing protocols, specifically ISIS, EIGRP and BGP?
Thank you very much.
David

Bandwidth Management(Rate Limit) Using QoS Policies

Hello,
I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
Need input please,
Thanks,
D

Hello,
That's a question that you as the network admin of that organization could answer.
How much traffic for business purposes must travel via HTTP/HTTPS?
How much bandwith are you willing to provide to this 2 protocols?
Those are the kind of answers you need to answer before setting the number
Regards
Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
Julio

NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS

Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
Joshua

Hi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew.

Applying QoS to a port channel

Hi,
I've just applied QoS across our network and everything works fine with one exception. We have a 6509 with PFC running Version NmpSW: 6.1(2). The blade in question is a WS-X6348-RJ-45. Two ports on this blade are running as a port channel and a simple acl has been assigned to the individual ports to trust CoS values, see config below.
set qos acl ip trustcos trust-cos ip any any
set port qos 6/11-12 vlan-based
set qos acl map trustcos 6/48
set port channel 6/48 mode on
For some reason the DSCP values are being stripped from packets and left with a dscp/cos value of 0.
My question is Do I need to apply this acl to the port channel group? If I do, how do I do this. I've seen options for placing port channels into an admin group but I haven't done this yet and can't see any commands that would then allow me to apply an acl to such an admin group.
Any suggestions would be appriciated.
regards

You can implememnt VACLs as described below
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a0080160a7e.html#wp1054941

Apply QoS profile using RADIUS attributes

Hi all,
Anyone delved into the use of RADIUS attributes to apply QoS values (DSCP/802.1p) to wireless users via a WLC?
With the emergence of ISE and the concept of a shared SSID for several user types I may want to apply QoS profiles by user rather than SSID.
Do you need to apply the maximum value to the SSID for the attribute-derived value to work?
Can non-WMM client traffic be marked using this approach?
Plenty to think about here...
Any discussion welcome!
Cheers
Rob

Yo can apply QoS RADIUS override.
http://www.cisco.com/en/US/products/ps6307/products_tech_note09186a0080870334.shtml
Yes it would be best to apply the wlan max qos value to the level that you intend to use with the radius override. for example if you want to apply platinum qos for voice clients on the ssid, i would map the wlan to platinum qos.
i am not sure on the next question. I think u can assign a DSCP/802.1p to a non WMM clients but I dont think the non wmm clients will benefit from it as they will not tag their traffic and hence the AP and subsequently the wired network will treat it as best effort (untagged).
Thanks,

How do people manage QoS Policies in large network without using QPM

We are using QPM to manage QoS polices however we are looking at decommissioning CiscoWorks. How are people managing with their QoS settings in large environments?

I have no idea about the modem and bridge mode (I don't do networking -- hopefully Bob Timmons, Tesserax, or one of the other networking gurus will drop in and address that).
But . . . you should be able to back up to the TC as long as it's on your network and recognized by your Macs. I think being in bridge mode means it will be rather slow, but it should work. Until/unless we hear otherwise, you might want to see #Q1 in Using Time Machine with a Time Capsule.

Apply QOS to vrf traffic?(Ethernet SubInts)

Hi,
I'm trying to apply "GOLD" QOS to vrf traffic that is terminated on eth subints, but class-map is not allowing me to match on subinterfaces:
class-map match-any GOLD
match mpls experimental topmost 5
match ip precedence 5
match input-interface fastEthernet 0/0 (Subints not allowed)
I also cannot match on access-group, as the traffic is within a vrf.
Should I be creating a seperate policy-map marking the traffic as GOLD, and then apply this as a "service-policy input" to each eth subint the vrf is associated with?

Hi,
when you apply the service-policy to an interface you do NOT need to specify the interface in the class-map! Example:
class-map match-any VoIP
match ip precedence 5
match ip dscp ef
policy-map Marking
class VoIP
set mpls experimental imposition 5
interface FastEthernet0/0.100
ip address ...
encapsulation dot1q 100
service-policy input Marking
This will set MPLS exp bits on all traffic coming into F0/0.100 and being marked with either Prec 5 or DSCP EF.
Sidenote: using an ACL in class VoIP will also only match traffic on the interface, where the policy is applied. So overlapping customer addresses are not an issue.
Hope this helps! Please rate all posts.
Regards, Martin

3650 QoS Policing

Hi,
I am trying to do some policing on a 3650 and for some reason, the interface doesn't seem to want to apply my service policy. Here is my config:
class-map match-any ExchangeClass
match vlan 410
policy-map ExchangePolicy
class ExchangeClass
police cir percent 25 conform-action transmit exceed-action drop violate-action drop
I use the command service-policy input ExchangePolicy on the gi1/0/1 interface, I then do a sh run int gi1/0/1 and there is no input service policy shown in the config. Does anybody know why it hasn't applied the service policy? If I use an auto qos input service policy then it seems to apply it.

The log will have a reason as to why is was not applied.
I have the same problem on a 3850 have asked this question:
https://supportforums.cisco.com/discussion/12467066/qos-routed-ports-3850
e.g.
Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!!

Catalyst 3850 QoS police

Hello,
Here is the config for Catalyst 3560 found under the link below.
I would like to do same setting on Catalyst 3850.
http://itknowledgeexchange.techtarget.com/network-engineering-journey/how-to-configure-per-vlan-qos-in-cisco-3550-and-3560/
mls qos
interface fa0/2
mls qos vlan-based
class-map INT
match input-interface fa0/2
policy-map NESTED_POLICE
class INT
policy 12800 1600 exceed-action drop
class-map HTTP
match protocol http
policy-map PARENT_MARK
class HTTP
set dscp af11
service-policy NESTED_POLICE
interface vlan 10
service-policy input PARENT_MARK
But commands like "mls qos", "mls qos vlan-based" and "match input-interface " doesn't work on 3850.
There is no helpful Cisco manual for it.
Could anyone help me?
Thanks in advance,
Taro

Hello Paul,
Thank you for the attention.
Here is the information.
#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 20-Mar-13 17:10 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
SW01 uptime is 21 weeks, 6 days, 14 hours, 27 minutes
Uptime for this control processor is 21 weeks, 6 days, 14 hours, 30 minutes
System returned to ROM by reload at 22:27:58 JST Wed Jan 8 2014
System restarted at 22:27:52 JST Wed Jan 8 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1717V01B
24 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.
Base Ethernet MAC Address          : 44:ad:d9:6d:4e:00
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17163HB8
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1717V01B
Switch Ports Model              SW Version        SW Image              Mode
     1 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
     2 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime                      : 21 weeks, 6 days, 14 hours, 31 minutes
Base Ethernet MAC Address          : 20:bb:c0:01:86:80
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17163HCM
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1717V01K
Configuration register is 0x102
SW01#sh sdm prefer
Showing SDM Template Info
This is the Advanced template.
Number of VLANs:                                 4094
Unicast MAC addresses:                           32768
Overflow Unicast MAC addresses:                  512
IGMP and Multicast groups:                       8192
Overflow IGMP and Multicast groups:              512
Directly connected routes:                       32768
Indirect routes:                                 8192
Security Access Control Entries:                 3072
QoS Access Control Entries:                      2816
Policy Based Routing ACEs:                       1024
Netflow ACEs:                                    1024
Input Microflow policer ACEs:                    256
Output Microflow policer ACEs:                   256
Flow SPAN ACEs:                                  256
Tunnels:                                         256
Control Plane Entries:                           512
Input Netflow flows:                             8192
Output Netflow flows:                            16384
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

QoS Capabilities in MPLS 2

Hi:
Based on paper titled "L3 MPLS VPN Enterprise Consumer Guide" page 16 (http://www.cisco.com/en/US/partner/netsol/ns465/networking_solutions_white_papers_list.html). My SP has only 3 CoS for its VPN service. I have classified up to 10 different classes on my sites using a BW Manager device. I need to carry my CoS (based on DSCP or other way) through the MPLS VPN transparently.
1) Is it possible to map my CoS values to the CoS values used by the SP so that they can be mapped back to my network at the opposite end of the VPN?
2) If yes, How? Who would it be responsible to do that? Please explain.

Hello,
As a MPLS SP I would not like to deal with customer DSCP values in any place in my PE routers except the input interface from a pure operational point of view.
So SPs offering QoS will either remark on ingress OR transparently transport DSCP values of the customer across the MPLS domain. For transparent DSCP transport MPLS exp bits are set along with the SP policy and service purchased on the ingress interface. The trick on the egress interface, where a pure IP packet needs to be handled, is to map incoming MPLS exp (in the VPN label) to a qos group and use the qos group in the egress class-map for traffic classification. This way a SP does not need to mess with customer DSCP values.
But this is technology ... your specific SP product and technical implementation might differ, f.e. because he has other vendor PEs not able to offer those features.
Hope this helps! Please rate all posts.
Regards, Martin

Apply QoS policies to MPLS interfaces

Similar Messages

Maybe you are looking for