ASR1001 WAN edge QoS policy

I'm soon to start to configure a QoS policy for ASR1001 routers that act as CE devices.
The access circuit is 1G, limited by the SP to 300Mbps. Within that 300Mbps I will have 4 classes of traffic, each one sourced from a different VRF.
Within those 4 classes, I need to furthur sub-divide the QoS policy.
As I have no kit to play with yet I've had a read through the appropriate sections in the Cisco press book End-to-End QoS network design, which suggests these routers support 3 levels of hierarchy., but there are no examples, and no shaping based configurations. The Cisco ASR1000 QoS guides only talk about two level policing.
What is the best way to approach this policy, my thought is as follows:
Outer policy, shape all traffic to 300Mbps, as the SP drops anything above that.
Inner policy shape traffic from each vrf (based on source address) to the appropriate value for the sub-interface that acts as a transit for the particular VRF
Inner sub-policy, prioritise voice traffic, and provide bandwidth guarantees via shaping for 2 or 3 traffic sub-classes.
As far as I understand this is 3 layers of hierarchy, Is this feasible with the ASR1001? It will be running latest code with IP base licencies
Andy

Now I have the routers and having trouble setting up the QoS policy. The ASR will be a CE with a dot.1q trunk supporting multiple sub-interfaces, one for each VRF/VPN.
The SP allows 300Mbps on a 1 Gig link to support all VPN's. Each VPN is allowed 40Mbps towards the SP.
The default VPN requires 40mbps bandwidth with 2Mbps prioritsed for voice, so initially I configured this with a shaper and a priority class for the voice traffic, and applied this to the untagged interface, without any problem.
I then configured g0/0/0/.102, and tried to apply a shaper to that interface as it also requires 40Mbps for the associated VRF.
This isn't allowed.
So I tried the same approach with policers instead of shapers, same still not allowed.
How do I approach this:
G0/0/0 with shaper/policer setting outer to 300Mbps, then two sub-classes, one with 40Mbps and the other to prioritise voice with 2Mbps.
G0/0/0.100 with shaper/policer setting this to 40Mbps.
The documents don't described this in enough detail. Does the router regard g0/0/0 and g0/0/0.100 as seperate interfaces, each having a qos policy, that is how I'm trying to get this to work.
Or, should I define an ACL for each VPN, apply shaping or policing to each class and apply the service-policy to the main interface?
-Andy

Similar Messages

  • Per user QoS Policy in ASA

    is there a way to configure per user QoS Policy in ASA?
    I need this because to configure ssl vpn users to have different bandwidth

    Hi,
    Please can you explain me how "per SSL VPN group basis" is going to work.
    For my requirement that per group policy is also OK. Then it is needed to configure bandwidth limiters per group policy.
    thanks & regards
    Chandana

  • N5k QoS Policy Statistics

    Hi there,
    I've got the follwoing problem, I would like to enable the QoS policy statistics on my Nexus 5010 running  firmware 5.0(3)N2(2a).
    This is where I am at:
    nexus# show policy-map interface
    Global Statistics status : enable
    Ethernet1/1
         Service-policy (qos) input:      default-in-policy
              policy statistics status:     disabled
         Service-policy (queuing) input:     default-in-policy
              policy statistics status:          disabled
         Service-policy (queuing) output: adapted-out-policy
              policy statistics status:        disabled
    As you can see I managed to enable the statistics globally via "(config)# qos statistics" but I don't have any clue how to enable  the statistics for every service-policy on every interface. The config guides and examples already had them enabled but didn't mention the corresponding command(s).
    I really hope someone can help me on this.
    Thanks in advance!
    Greetings!

    Hi,
    thanks for answering. (How) Do the policy statistics status and the "show queuing interface e x/y" information differ?
    Is it planned to support the policy statictics status with a later NX-OS release?
    And what I really don't understand, why is it possible to enable the policy statistics globally when I can't see anything afterwards? What is this command good for in the current release?
    Looking forward to get more answers ;-)
    Thx again!

  • Polycom V500 over WAN and QoS

    we are trying to run two polycoms over WAN. One side is able to see the other while the other side cannot. The side that is unable to see the other has the following QoS setup on the WAN interface:
    srr-queue bandwidth share 10 10 60 20
    srr-queue bandwidth shape 10 0 0 0
    queue-set 2
    msl qos trust dscp
    auto qos voip trust

    Your configuration is not from a WAN port but from a LAN port. Please note that just because the service provider hands you an Ethernet port, that does not mean you can use any old LAN switch to connect to it. The service provider is using Ethernet to keep their costs down but it is still a WAN port and requires a WAN interface on your terminating equipment to properly schedule and queue the traffic.
    Examples of a WAN Ethernet (FastEthernet, GigabitEthernet) port are most any ISR router, a Catalyst Metro switch (i.e. 3750-METRO), the WAN blades on a 6500 switch (not LAN blades!), or the Ethernet WAN/Metro SPA adapters for a 6500/7600 SIP module.
    Note that a LAN switch assumes high speed interfaces and not much of a speed mismatch between ports. A LAN port connected to a slow WAN will not be able to buffer anywhere close to amount of traffic that comes through the switch to this port and will cause a HOL (head of line) blocking scenario; and this assumes you setup the port speed and shaping/sharing parameters correctly.
    A LAN switch port output buffers are measured in K and will handle 4 to 10 packets of bursting; on the other hand, a WAN port's output buffers are measured in M and will handle thousands of packets of burst.
    The effects can be staggering. It is not uncommon for a service provider WAN/MAN to be terminated with a bunch of cheap LAN switches that drop upwards of 90% of the traffic destined for the WAN! Just because of lack of buffers on the output queue side and massive oversubscription between the LAN side and the WAN side, using a LAN port.
    And we haven't even started talking about traffic shaping yet to match the speed of transmission from a WAN port to that of the contracted rate such that it doesn't exceed the speed on the receiving side.
    Remember, regardless of the size of the WAN port (T1, E1, DS-3, OC-3, 10Mb, 100Mb, 1000Mb), the 'width' of the connection is serial and still only 1 bit wide. Just the rate of bits being sent per second is different.
    The key concept that often gets lost is if you have a GigabitEthernet port on a LAN switch connected to a WAN or MAN in which you are purchasing 200Mb of service, you are, by definition, dropping 80% of the traffic in the service provider network (or at the ingress port to the service provider!). This is regardless of how 'busy' or utilized the GigabitEthernet link is. A single packet of data, say 500 bytes, will be sent out the GigabitEthernet port at 1 *billion* bits per second. Unfortunately, you may only have paid for 200 *million* bits per second as your contracted access to the service provider's network. Trust me, the service provider will deal with this discrepancy by policing 80% of your data to the bit bucket and they don't care what type of data it is.
    So it doesn't matter how much data you are sending, a 1% utilized WAN connection using a LAN switch in this way could still be dropping 80% (or more) of the traffic!
    A final note: Please don't be confused by most switch vendor's terminology regarding shaping or sharing of multiple limited output queue resources on their LAN switches, this is *NOT* the same thing as traffic shaping or long queues on a WAN router port or WAN/METRO switch port. This includes Cisco. This is why Cisco (and Juniper and Foundry, etc.) sell switches with METRO or WAN interfaces on them and why they are more expensive than LAN only switches.

  • QOS Policy gets Policy hits but doesn't seem to do anything when put to the test

    I have been trying to implement a policy that prioritizes certain types of of traffic over another namyly Lync Voice Traffic, Cisco CAPWAP traffic from controllers to AP's, and Citrix ICA Traffic. 
    I do recieve policy hits but when I load the connection up with say copying a file the policy seems to not work. This is on a 1921 router. 
    I will include the config as I may be doing somthing wrong.
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    aaa new-model
    aaa authentication login default group radius local
    aaa authorization exec default group radius local
    aaa session-id common
    ip cef
    ip domain name pmp.local
    no ipv6 cef
    multilink bundle-name authenticated
    username XXXXXXXXXXXXXXXXXXXX
    ip ssh time-out 60
    ip ssh version 2
    class-map match-any CAPWAP
     match access-group 104
    class-map match-any LYNC
     match access-group 103
    class-map match-any CITRIX
     match protocol citrix
     match access-group 110
    policy-map OUTBOUND
     class LYNC
      priority percent 25
     class CITRIX
      priority percent 50
     class CAPWAP
      priority percent 20
     class class-default
      shape average 20000000
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    interface GigabitEthernet0/0
     no ip address
     duplex auto
     speed auto
    interface GigabitEthernet0/0.1
     description LAN Facing
     encapsulation dot1Q 1 native
     ip address 172.16.27.254 255.255.255.0
     ip helper-address 10.128.4.48
     ip helper-address 10.128.4.20
     ip helper-address 172.16.27.79
     no ip redirects
     ip flow ingress
    interface GigabitEthernet0/0.5
     encapsulation dot1Q 5
     ip address 172.16.127.254 255.255.255.0
     ip helper-address 10.128.4.48
     no ip redirects
     ip flow ingress
    interface GigabitEthernet0/0.50
     description ITTestVlan Interface
     encapsulation dot1Q 50
    interface GigabitEthernet0/1
    description PointToPoint
    bandwidth 20480
    ip address 10.0.27.254 255.255.255.0
     no ip redirects
     ip flow ingress
     duplex full
     speed 100
     service-policy output OUTBOUND
    router eigrp 10
     network 10.0.27.0 0.0.0.255
     network 172.16.27.0 0.0.0.255
     network 172.16.127.0 0.0.0.255
    ip forward-protocol nd
    ip forward-protocol udp 4011
    ip forward-protocol udp bootps
    no ip http server
    ip http access-class 23
    ip http authentication aaa login-authentication default
    ip http authentication aaa exec-authorization default
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 1000
    ip route 0.0.0.0 0.0.0.0 172.16.27.253 200
    access-list 23 permit 10.0.27.0 0.0.0.255
    access-list 23 permit 172.16.0.0 0.0.0.255
    access-list 23 permit 172.16.27.0 0.0.0.255
    access-list 23 permit 172.16.127.0 0.0.0.255
    access-list 103 remark LYNC-Priorisation
    access-list 103 permit tcp any any eq 3389
    access-list 104 remark CAPWAP-Priority
    access-list 104 permit udp any eq 5246 any
    access-list 104 permit udp any any eq 5246
    access-list 104 permit udp any eq 5247 any
    access-list 104 permit udp any any eq 5247
    access-list 110 remark Citrix-Priorisation
    access-list 110 permit tcp any eq 2598 any
    access-list 110 permit tcp any any eq 2598
    access-list 110 permit tcp any eq 1494 any
    access-list 110 permit tcp any any eq 1494
    snmp-server enable traps entity-sensor threshold
    radius-server host 10.128.4.20 key XXXXXXXXXXXXXXXXXXXXXXXXXX
    control-plane

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    So what do you have, a 100 Mbps Ethernet hand-off with a 20 Mbps bandwidth cap?
    If so, you want to shape for your logical bandwidth cap and then priorize, as desired, in a child policy.
    BTW, you normally don't use LLQ for other than very time critical traffic, e.g. VoIP bearer, and Cisco recommends you don't allocate more than a third of your bandwidth to LLQ.
    I would suggest you just shape for your 20 Mbps and try FQ for all traffic.
    e.g.
    policy-map Sample
    class class-default
    shape average 20000000
    fair-queue
    NB: I'm unsure whether FQ will apply to the shaped traffic, if not:
    policy-map SampleParent
    class class-default
    shape average 20000000
    service-policy SampleChild
    policy-map SampleChild
    class class-default
    fair-queue
    NB: SampleChild is where/how you would provide a custom policy for your shaped traffic.
    PS:
    BTW, you apply the policy with the shaper to the interface.

  • WAN multi-site traffic shaping/QoS setup

    We have multiple sites connected to a private WAN cloud (Layer 2) with varying CIR's.  Our QoS setup from our main site is 3 tiered in order to shape traffic to our overall CIR at the main site and shape traffic on different child classes based on the remote CIR.  Parent policy is applied to interface connected to the service provider.  We continue to have drops even though we don't seem to be reaching the CIRs for the remote sites or the CIR limit on the ciruit.  I've worked with TAC and we have adjusted queue limits based on drops but this is an ongoing issue.  Should there be a relationship between the queue limits and shape averages?
    Sample config
    NOTE: Shape averages are 95% of CIR
    Policy-map Parent
    class class-default
      shape average 142500000
      queue-limit 1024 packets
       service-policy ASE-Remotes-Policy
    policy-map ASE-Remotes-Policy
    Class site1
    shape average 4750000
      queue-limit 400 packets
       service-policy ASE-QoS-Policy
    Class site2
    shape average 19000000
      queue-limit 1024 packets
       service-policy ASE-QoS-Policy
    class site 3
    shape average 95000000
      queue-limit 1024 packets
       service-policy ASE-QoS-Policy
    multiple other sites
    policy-map ASE-QoS-Policy
     class VoIP
      priority percent 40
      queue-limit 1024 packets
     class Citrix
      bandwidth percent 40
      queue-limit 1024 packets
     class class-default
      queue-limit 1024 packets

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    Logically, what you're doing makes sense, but only Cisco "knows" how their queuing really works.  I've long suspected their embedded CBWFQ shapers have their own queues, which you may not have direct control over for setting their queue depths.
    Yes, logically, there's a relationship between bandwidth (including shaping) and queue limits, but it depends on multiple factors.  Shaping is also a special case, because although you're trying to emulate a certain link bandwidth, it's not the same.

  • Radius accounting for QoS pppoe policy-map

    Hi folks
    I have a radius pushing an AVPAIR ip:sub-qos-policy-out to a virtual template for clients connected to a BRAS through PPPOE.
    The AVPAIR is correctly applied to each and every pppoe session but the following link  http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sbbbrs1c.html  is indicating that I should be able to push back to the RADIUS some traffic info per class-map/policy map. This would allow some Quota stuff and getting some info about traffic used per customer
    From what I have been able to configure, i'm not getting any of this stats back to the RADIUS
    the debug radius accounting :
    *Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E):Orig. component type = PPPoE
    *Mar 12 05:29:00.419: RADIUS/ENCODE(0000000E): Acct-session-id pre-pended with Nas Port = 0/0/3/0
    *Mar 12 05:29:00.419: RADIUS(0000000E): Config NAS IP: 0.0.0.0
    *Mar 12 05:29:00.419: RADIUS(0000000E): sending
    *Mar 12 05:29:00.419: RADIUS/ENCODE: Best Local IP-Address 192.168.38.133 for Radius-Server 192.168.38.131
    *Mar 12 05:29:00.419: RADIUS(0000000E): Send Accounting-Request to 192.168.38.131:1813 id 1646/55, len 299
    *Mar 12 05:29:00.419: RADIUS:  authenticator ED 94 CF EE BD 73 30 7E - 93 07 A4 C3 50 A6 03 DE
    *Mar 12 05:29:00.419: RADIUS:  Acct-Session-Id     [44]  18  "0/0/3/0_00000005"
    *Mar 12 05:29:00.419: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
    *Mar 12 05:29:00.419: RADIUS:  Framed-IP-Address   [8]   6   10.10.10.2
    *Mar 12 05:29:00.419: RADIUS:  User-Name           [1]   9   "olivier"
    *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  35
    *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   29  "connect-progress=LAN Ses Up"
    *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  29
    *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   23  "nas-tx-speed=10000000"
    *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  29
    *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   23  "nas-rx-speed=10000000"
    *Mar 12 05:29:00.419: RADIUS:  Acct-Session-Time   [46]  6   2582
    *Mar 12 05:29:00.419: RADIUS:  Acct-Input-Octets   [42]  6   7232
    *Mar 12 05:29:00.419: RADIUS:  Acct-Output-Octets  [43]  6   7232
    *Mar 12 05:29:00.419: RADIUS:  Acct-Input-Packets  [47]  6   517
    *Mar 12 05:29:00.419: RADIUS:  Acct-Output-Packets [48]  6   517
    *Mar 12 05:29:00.419: RADIUS:  Acct-Authentic      [45]  6   RADIUS                    [1]
    *Mar 12 05:29:00.419: RADIUS:  Acct-Status-Type    [40]  6   Watchdog                  [3]
    *Mar 12 05:29:00.419: RADIUS:  NAS-Port-Type       [61]  6   Virtual                   [5]
    *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  15
    *Mar 12 05:29:00.419: RADIUS:   cisco-nas-port     [2]   9   "0/0/3/0"
    *Mar 12 05:29:00.419: RADIUS:  NAS-Port            [5]   6   50331648
    *Mar 12 05:29:00.419: RADIUS:  NAS-Port-Id         [87]  9   "0/0/3/0"
    *Mar 12 05:29:00.419: RADIUS:  Vendor, Cisco       [26]  41
    *Mar 12 05:29:00.419: RADIUS:   Cisco AVpair       [1]   35  "client-mac-address=aabb.cc00.6430"
    *Mar 12 05:29:00.419: RADIUS:  Service-Type        [6]   6   Framed                    [2]
    *Mar 12 05:29:00.419: RADIUS:  NAS-IP-Address      [4]   6   192.168.38.133
    *Mar 12 05:29:00.419: RADIUS:  Ascend-Session-Svr-K[151] 10
    *Mar 12 05:29:00.419: RADIUS:   37 39 38 32 45 41 38 30          [ 7982EA80]
    *Mar 12 05:29:00.419: RADIUS:  Acct-Delay-Time     [41]  6   0
    *Mar 12 05:29:00.419: RADIUS(0000000E): Started 5 sec timeout
    *Mar 12 05:29:00.419: RADIUS: Received from id 1646/55 192.168.38.131:1813, Accounting-response, len 20
    *Mar 12 05:29:00.419: RADIUS:  authenticator A7 0E 79 40 C5 B5 CF DC - 09 46 27 48 52 BE 01 7D
    What I get in the freeradius log :
    Tue Mar 11 22:30:04 2014
            Acct-Session-Id = "0/0/3/0_00000005"
            Framed-Protocol = PPP
            Framed-IP-Address = 10.10.10.2
            User-Name = "olivier"
            Cisco-AVPair = "connect-progress=LAN Ses Up"
            Cisco-AVPair = "nas-tx-speed=10000000"
            Cisco-AVPair = "nas-rx-speed=10000000"
            Acct-Session-Time = 2646
            Acct-Input-Octets = 7428
            Acct-Output-Octets = 7428
            Acct-Input-Packets = 531
            Acct-Output-Packets = 531
            Acct-Authentic = RADIUS
            Acct-Status-Type = Interim-Update
            NAS-Port-Type = Virtual
            Cisco-NAS-Port = "0/0/3/0"
            NAS-Port = 50331648
            NAS-Port-Id = "0/0/3/0"
            Cisco-AVPair = "client-mac-address=aabb.cc00.6430"
            Service-Type = Framed-User
            NAS-IP-Address = 192.168.38.133
            X-Ascend-Session-Svr-Key = "7982EA80"
            Acct-Delay-Time = 0
            Acct-Unique-Session-Id = "523eac6ae326a778"
            Timestamp = 1394602204
            Request-Authenticator = Verified
    user config in the users file on the freeradius server :
    olivier Cleartext-Password := "olivier"
            Service-Type = Framed-User,
            Cisco-AVPair += "ip:addr-pool=pppoepool",
            Cisco-AVpair += "ip:sub-qos-policy-out=TEST"
    I see that the policy map name is pulled correctly from the radius server and applied to the session :
    #sh policy-map session uid 14
     SSS session identifier 14 -
      Service-policy output: TEST
        Class-map: TEST (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
          police:
              cir 8000 bps, bc 1500 bytes
            conformed 0 packets, 0 bytes; actions:
              transmit
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
    Any input very welcome

    Cisco sever is working fine. When you do use non-standard or non-RFC requests from your NAS to the AAA server for instance, you have to configure your server accordingly to instruct it how to handle this kind of requests.
    This is typically done with something called "dictionary", which should be included in your radius server. The server typically decodes all RFC 2865 VSAs (or should), but when a new NAS model is introduced into the network, you can modify it to add any VSAs not appearing in the dictionary, which is your case.
    As an example, imagine you want to change the attribute cisco-vsa-port-string to tagged-string, your dictionary will look somethign similar than:
    And finally you will have to modify with a text editor, or XML editor and change type="tagged-string" supposing your device comply with RFC 2868. Probably
    the AAA server will have to restarted for taking this
    changes into account.
    Also,since this does apply to all devices for this vendor, you've got other option more, which is define your own dictionary for a specific vendor, or even if you wish for a specific NAS or group or NASes.
    In NavisRadius you could associate a dictionary to a
    device adding a client-class:
    # Client-IP Client-Secret Client-Class
    10.0.0.1 secret taos-old
    And then specifying the dictionary later in client_properties for this device:
    # This file contains information about client classes # and is used to set per-client specific information.
    # TAOS Devices in OLD mode with RFC conflicts
    taos-old
    Client-Dictionary=max_dictionary
    # Other devices now, etc.
    Hope it helps

  • QoS group policy in UCCE 9.0 getting refreshed

    Hello,
    We upgraded a couple clients onto our HCS environment. Since we have had a couple outages where the A side loses connection with the B side. Normally this is related to some network interruption and it appears that way in the logs. However when I look in the system event viewer on the call server I see the following:
    Log Name:      System
    Source:        Tcpip
    Date:          2/10/2014 6:39:07 PM
    Event ID:      16501
    Task Category: None
    Level:         Information
    Keywords:      Classic
    User:          N/A
    Computer:      USPHXXXXX
    Description:
    Computer QoS policies successfully refreshed. Policy changes detected.
    AND
    The Advanced QoS Setting for inbound TCP throughput level successfully refreshed.  Setting value is not specified by any QoS policy. Local computer default will be applied.
    I can match these up before every outage. As you guys know after 8.5 Cisco switched from packet scheduler based qos to the group policy. So I'm wondering if anyone else has seen this in 9.0. The first time I thought maybe it was coeincedence but since have seen it on other outages on completely seperate instances. The thing I wonder is if this is just an affect of an outage but I see this before is loses connection to the call server's duplexed partner. So believe it may actually be the cause.

    Yes eventually we did after bringing up the firmware, adapter driver, bios. Here is a chart I made for different C-series. Disregard column 2.
    C-Series CIMC
    C210-M2 Broadcom NIC driver version does not match required version for UCS release 1.4.3j
    Interoperability and stability issues
    Confirm with Cisco TAC then update to versions
    Adapter Driver   = 2.2.1l.v50.1
    Adapter Firmware = 6.0.0
    Boot Code / BIOS = 6.4.4
    C-Series CIMC
    C210-M1 Intel Onboard NIC driver version does not match required version for UCS release 1.4.3j
    Interoperability and stability issues
    Confirm with Cisco TAC then update to versions
    Adapter Driver   = 2.1.11.1
    Adapter Firmware = 1.4-3
    Boot Code / BIOS = 1.3.35
    C-Series CIMC
    C240-M3 Intel NIC driver version does not match required version for UCS 1.5.1f
    Interoperability and stability issues
    Confirm with Cisco TAC then update to versions
    Adapter Driver   = 4.0.17
    Adapter Firmware = 1.6-1
    Boot Code / BIOS = v1.3.98
    C-Series CIMC
    C240-M3 Intel NIC driver version does not match required version for UCS 1.5.3
    Interoperability and stability issues
    Confirm with Cisco TAC then update to versions
    Adapter Driver   = 4.2.16.3
    Adapter Firmware = 1.6-3
    Boot Code / BIOS = v1.5.04

  • Assign QoS Service Policy via RADIUS to Catalyst 45k/37k?

    hi,
    is there a way to assigen a QoS service policy via Radius to an Caltalyst 4500/3750 Switchport?
    in detail, we would like to assign this policy
        policy-map SET_EF
         class class-default
           set dscp ef
    to an interface. All traffic should be marked with a defined DSCP value.
    This works find when doing it statically with
        interface FastEthernet2/1
             service-policy input SET_EF
    but we would need to assign such a policy via Radius during the 802.1x Authentication. different users should get differnt policies. We use Cisco ACS 5.2 as Radius Server and there actually is a field for
    that in the Authorization Profile Common Tasks Configuration. in detail, this uses the cisco-av-pair "sub-policy-In=<policy name>" attribute to assign a service policy to an NAS.
    we found also two other attributes "sub-qos-policy-in" and "ip:sub-qos-polcy-in" for that. CCO says that "ip:sub-qos-polcy-in" works with Catalyst 65k (http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1926523)
    unfortunately this seems to not work on Catalyst 45k and 37k.
    In the ACS Logs we can see that these attributes are attached to the Radius Reply, but unfortunately they are ignored by the switch.
    it is interesing that when entering "show aaa attributes" on the Catalyst 45k, these attributes are displayd - so for my understanding the switch should understand these attibutes (?)
        4503-E#sh aaa attributes
        AAA ATTRIBUTE LIST:
            Type=1     Name=disc-cause-ext                 Format=Enum
            Type=2     Name=Acct-Status-Type               Format=Enum
        <snip>
            Type=345   Name=sub-policy-In                  Format=String
            Type=346   Name=sub-qos-policy-in              Format=String
            Type=347   Name=sub-policy-Out                 Format=String
            Type=348   Name=sub-qos-policy-out             Format=String
    any input is welcome :-))
    best reagrds

    additionally to this discussion, i've just opened a service request with TAC.
    unfortunately the engineer told me that by now per-User QoS is definitely no supported on this two plattforms but it's listed on the roadmap and will be possibly availabe mid 2012......

  • Qos for H323 Video tele conference traffic

    Hi All,
    I am using Tandberg video equipment(bridge MPS200, endpoint MPX2000, MPX6000). My WAN routers are Cisco 2800/3800 connecting to MPLS network.
    Jitters are between 4ms - 20ms. Picture quality is not very good when I use the bridge calls out to 8 endpoints at 384Kbps.
    would you put audio and video traffic into the same class and mark it as EF, or seperate them with marking RTP audio as EF and RTP video = Ip precedence 4?
    thanks
    PH

    Just for the record
    The Cisco Enterprise QoS SRND reccomends putting Video AF41 in the PQ.
    1st ref 3-12
    policy-map WAN-EDGE
    class Voice
    priority percent 18 ! Voice gets 552 kbps of LLQ
    class Interactive Video
    priority percent 15 ! 384 kbps IP/VC needs 460 kbps of LLQ
    class Call Signaling
    bandwidth percent 5 ! BW guarantee for Call-Signaling
    class Network Control
    bandwidth percent 5 ! Routing and Network Management get min 5% BW
    class Critical Data
    bandwidth percent 27 ! Critical Data gets min 27% BW
    random-detect dscp-based ! Enables DSCP-WRED for Critical-Data class
    class Bulk Data
    bandwidth percent 4 ! Bulk Data gets min 4% BW guarantee
    www.cisco.com/go/srnd
    When provisioning for Interactive Video (IP Videoconferencing) traffic, the following guidelines are
    recommended:
    ? Interactive Video traffic should be marked to DSCP AF41; excess Interactive-Video traffic can be
    marked down by a policer to AF42 or AF43.
    ? Loss should be no more than 1 %.
    ? One-way Latency should be no more than 150 ms.
    ? Jitter should be no more than 30 ms.
    ? Overprovision Interactive Video queues by 20% to accommodate bursts
    Because IP Videoconferencing (IP/VC) includes a G.711 audio codec for voice, it has the same loss,
    delay, and delay variation requirements as voice, but the traffic patterns of videoconferencing are
    radically different from voice.

  • QoS on engine 0 LC

    Hi,
    We applied "tx-cos" command (MDRR) on our GSR's Engine 0 DS3 Line Card. I would like to know the command which will show the statistics output of this command (similar to the one when we apply policy map command).. Is there any specific command to view the statistics?
    thanks in advance

    Someone will have to correct me if I am wrong but CBWFQ is not supported on Virtual interfaces like Dialers, - basically it tries to apply hardware queueing on a virtual interface. You can use nested policy-maps though. Here is an example of what I had to do for a connection that the provider had given me where 6 megs where for internet and 14 megs were for MPLS connection and in order to apply QoS to a sub-interface I used nested policy map but it will be the same concept for Dialers I believe.
    class-map match-any VoIP-Control
    match ip dscp cs3
    match ip dscp af31
    class-map match-any VoIP-RTP
    match ip dscp ef
    policy-map WAN-EDGE
    class VoIP-RTP
    priority 768
    class VoIP-Control
    bandwidth percent 5
    class class-default
    fair-queue
    policy-map MPLS-14Meg
    class class-default
    shape average 14000000
    service-policy WAN-EDGE
    policy-map Internet-6Meg
    class class-default
    shape average 6000000
    interface Serial1/0
    description WAN/MPLS
    bandwidth 20000
    interface Serial1/0.1 point-to-point
    bandwidth 14000
    service-policy output MPLS-14Meg
    interface Serial1/0.2 point-to-point
    bandwidth 6000
    service-policy output Internet-6Meg

  • ASR9000/XR - QoS - Limit overall amount of bandwidth per IP

    We have a few thousand broadband customers in our network with various speed packages.  The highest speed package of 500Mbps. 
    I'm trying to create an ingress QoS policy that I can apply on my interface facing my upstream providers that will limit put a bandwidth cap PER IP ADDRESS of 500Mbps.  
    I don't want to limit the overall interface to 500Mbps.
    Goal of this is to protect my links deeper in my network from getting over run in the event of a DDoS attack.
    Now I know this is not going to protect or mitigate any DDoS attack (like the vDDoS solution with the VSM and Arbor Networks), as budgets are not allowing me to go down that road at this time.
    Any ideas on how a QoS policy would look like?
    I can limit the overall interface, but struggling with how to limit an interface on a PER IP basis because i want to utilize as much of the 10GE port as possible (under normal conditions). 
    Simple diagram below.
    Look forward to any ideas on this!
    -ae
    +----------------+            
    |  INTERNET      |            
    |  PROVIDER      |            
    +-------+--------+            
            |                     
            |                     
            +---------------+10 GE
            |                     
    +-------+--------+            
    |   BGP EDGE     |            
    |   ASR 9000     |            
    +---+---+---+----+            
        |   |   |                 
        |   |   |                 
        |   |   |                 
        |   |   |                 
    +---+---+---+----+            
    |   BROADBAND    |            
    |   CUSTOMERS    |            
    +----------------+            

    I think "Flow aware QoS" is the feature you are looking for:
    http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-1/qos/configuration/guide/b_qos_cg51xasr/b_qos_cg51xasr_chapter_01010.html
    Florian

  • Eight-Class Model QoS for voice and video

    One of the QoS recomendation in the SRND "Enterprise QoS" is to create a Eight-Class QoS Model utilizing a seperate priority queue for voice and video.
    It says that even though you have only one physical priority queue, that LLQ has an implicit policer that allows for time-division multiplexing of the single priority queue. This implicit policer abstract the fact that there is essentially a single LLQ within the algorithm and, thus, allows for the "provisioning" of multiple LLQs.
    My question is if anyone has tried this and if there are any limitations on the platforms that can support this "dual-LLQ design."

    Design guide which is basically the QoSDesign recommendation bible.
    http://www.cisco.com/univercd/cc/td/doc/solution/esm/qossrnd.pdf
    It has a large section for WAN recommendations...while you may not
    need to follow one of these Based on my understanding what what you
    have for a link (DS3) and what you are trying to accomplish, I
    believe the following section would be a good place to start.
    - WAN Aggregator QoS Design
    - WAN Edge Classification and Provisioning Models
    - High Link Speed QoS Class Model
    - Eight-Class Model

  • URGENT: QoS Design on Data Center MPLS - MediaNet Question...

    Hello,
    I am posting this in hopes I can get some guidance from anyone who has done this in the field.  We have a large enterprise customer with 21 sites all around the world, they have Verizon MPLS and are experiencing QoS related issues on their WAN regarding Video/Voice.  We have proposed remediating their network acccording to the Enterprise QoS SRND 3.3 and the new MediaNet SRND to account for Video and TP QoS (     
    http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html )
    Here is the problem/question that was proposed in our presales meeting and I honestly don't know where to look for an answer... I am not asking for anyone to design a solution for me, just merely point me in the right direction:
    The Data Center has a ~40MB MPLS Connection ( full mesh ) into the cloud ( Verizon )
    Site A has a 8MB connection
    Site B has a 4MB connection
    I know on the Service policy and the interfaces at SiteA and SiteB I can assign "Bandwidth xxxx" and use ~95% of the bandwidth to do queuing and shaping/policing ect.  I am not concerned with SiteA and SiteB, that I think I can handle...
    Question was posed from the customer, "How can we ensure at the DataCenter level the 40MB MPLS is "chopped" up so that only 8MB of the total speed goes to SiteA ALONG with an attached QoS policy designed for that specific site, as well as ensure only 4MB goes to SiteB with an attached QoS policy.
    So I am looking for a way to allocate bandwith per site on the DC 40MB connection going into the cloud ( so that SiteB cannot use more than 4MB ) and attach a MediaNet specific QoS Service policy to that site.  The customer does not have seperate MPLS circuits for each site, they all come into the DC on 40MB shared ethernet connection ( no VC, or dedicated circuits to other sites ). 
    Any thoughts on if this is possible? 
    Thanks!
    Alex

    This is an example I have seen and I hope that is useful to you.
    Site A
    Subnet: 172.16.1.0/24
    Site B
    Subnet:172.16.2.0/24
    HeadOffice:
    ip access-list extended Site_A
    permit ip any 172.16.1.0 0.0.0.255
    ip access-list extended Site_B
    permit ip any 172.16.2.0 0.0.0.255
    class-map match-any Site_A
    match access-group name Site_A
    class-map match-any Site_B
    match access-group name Site_B
    policy-map To_Spokes
    class Site_A
    shape average 8000000
    service-policy Sub_Policy(Optional)
    class Site_B
      shape average 4000000
      service-policy Sub_Policy(Optional)
    class class-default
      shape average 28000000
      service-policy Sub_Policy(Optional)
    Interface G0/0
    Description To MPLS cloud
    bandwidth 40000000
    service-policy output To_Spokes
    interface G0/1
      Description To HeadOffice
    bandwidth 40000000
    service-policy output To_Spokes
    It would be greatly appreciated if someone can correct this or improve it as I am still learning.
    Please see the netflow graph from one of our routers using a similar policy as above.

  • Setting Qos for the Cisco C20plus codec endpoints.

    My company has implemented a cisco video conferencing system using the Cisco C20plus codecs as H323 endpoints.
    We currently utilise the Optus evolve network (MPLS) for our WAN
    Our network WAN utilises Qos per VLAN settings.
    For example, phones are in their own VLANs per site and the video conferencing system has its own VLAN.
    We policy map ACLs to the following Qos classes specified by Optus in order of priority (Highest to lowest):
     Gold-RT
     Gold-NRT
     Silver-NRT3
     Silver-NRT2
     Silver-NRT1
     Default
    Cisco recommend that Gold-RT is reserved for audio (phones) so I would like to set the C20plus video and audio traffic in the Gold-NRT class.
    This class has the DSCP bits set to af42 which is more than ample priority for the video conferencing traffic.
    Can anyone tell me what ports I need to specify in a permit statement in the Gold-NRT ACL to apply dscp af42 to the video and audio traffic please?
    All C20plus endpoints RTP ports range are set to 2326 - 2486 so I will need a UDP permit statement for those ports for the C20plus endpoint ip address.
    Are these the only ports that I need add to the Gold-NRT ACL?

    As Dejan has said, this question would be better placed in the TelePresence section of the forums where endpoints such as the C20 are discussed.
    In any case, if you set your switch ports to trust the DSCP markings on the packets, the tags themselves can be applied on the endpoint.
    If you go to the web interface of the C20 and log in, then go to Configuration > System Configuration > Network.
    Scroll down near the bottom and you'll find the QoS section.  Here you can set the Mode to "Diffserv" and set each of the individual values as required, ie, if you want AF42, enter 36 in the field (see the Assured Forwarding table on wikipedia for other value mappings).
    Wayne
    Please remember to rate responses and to mark your question as answered if appropriate.

Maybe you are looking for

  • Can not startup the oracle db after reboot

    Hi. I have an Oracle 10g DB running on Linux9 server. It works well before I reboot the server this morning. I can not startup the db. $ sqlplus /NOLOG SQL> CONNECT sys/password AS SYSDBA Connected to an idle instance. SQL> STARTUP ORA-17503: ksfdopn

  • Anyone tried the new Weblogic Scripting Tool (WLST)?

    Has anyone tried using the new WebLogic Scripting Tool (WLST) that was recently posted on the dev2dev WebLogic Utilities site: http://dev2dev.bea.com/resourcelibrary/utilitiestools/adminmgmt.jsp It looks to be a handy tool that is built upon jython a

  • Business Role, Technical Profile, Application, Start Page in UI for service

    Hi CRM 2007 gurus, I have made all the settings in accordance with C04 to use the UI for the services role (copy of business role SERVICEPRO). Created the relevant PFCG role and a position in the org model; with a user and the business role assigned

  • Can someone explain this kernel Panic text?

    I have a Macbook Pro 15" Mid-2010 2.66 GHz Intel Core i7 4GB 1067 MHz DDR3 Intel HD Graphics 288 MB Now running Yosemite v10.10.2 I just recently upgraded my OS to Yosemite.  When I did this, I wiped my computer completely, installed the new OS, and

  • Export notes in pdf

    How do I export the notes (yellow notes sidebar ) with the document while exporting to PDF? Is it even possible?