Calling DSCP or IP Precedence on traffic Policing
Hi Guys,
I have a good question and I can say it's challenging questiion. we have some policy-map on some interfaces but because these interfaces are dedicated to some customers that they are using just for voice and video. I put some detaqil for better understanding
router#sh policy-map QOS:POLICE:100M:pm-q
Policy Map QOS:POLICE:100M:pm-q
Class class-default
police cir 100000000 bc 3125000
conform-action transmit
exceed-action drop
service-policy QOS:RATE:30-x:pm-q
router#sh policy-map QOS:RATE:30-x:pm-q
Policy Map QOS:RATE:30-x:pm-q
Class QOS:REALTIME:cm-q
set qos-group 5
police cir percent 30
conform-action transmit
exceed-action drop
Class QOS:INTERACTIVE:cm-q
set qos-group 3
Class QOS:CONTROL:cm-q
set qos-group 6
police cir percent 10
conform-action transmit
exceed-action drop
Class QOS:BUSINESSDATA:cm-q
set qos-group 1
Class class-default
set qos-group 0
we put this because we expected gauranty 30% of that bandwidth. It means we expected gauranty 30mbps but now guys saying this type of configuration is not working because calling dscp on policing is not working.
now we have to change it to below
router#Policy Map QOS:POLV2:GWS:100M:pm-q
Class QOS:INT:MPLS:cm-q
police cir 120000000 bc 21000000 be 42000000
conform-action transmit
exceed-action drop
violate-action drop
now question is this change right ?
Thanks
Majid
Sarah
1) L2 switches can trust the dscp marking as well. The 2960 is a layer 2 only switch and the default is untrusted but if you then enter
"mls qos trusted" you have a choice of 'cos|dscp|ip-precedence'. The default if no choice is entered is DSCP.
2) If "mls qos trust dscp" is entered then the switch will use the DSCP marking found in the packet. This will then be used as the internal DSCP marking that all switches use. Unless you have a DSCP-DSCP mutation map the value used will be the value received in the packet.
Jon
Similar Messages
-
Traffic policing question on Cisco ASR 1001
Hi Experts,
I have a request to setup aggregated traffic policing on a Cisco ASR 1001 router for multiple networks within a router.
Lets say I have a router with several subinterfaces:
interface GigabitEthernet0/2
description WAN
ip address x.x.x.x x.x.x.x
interface GigabitEthernet0/1.70
description Lan_1
encapsulation dot1Q 70
ip address 192.168.55.1 255.255.255.0
interface GigabitEthernet0/1.80
description LAN_2
encapsulation dot1Q 80
ip address 192.168.56.1 255.255.255.0
interface GigabitEthernet0/1.90
description Servers
encapsulation dot1Q 90
ip address 172.16.10.1 255.255.255.0
I have a WAN link 100Mbit/s and I need to police traffic, so that I have 30Mbit/s for servers (GigabitEthernet0/1.90) and the rest 70Mbit I want to share between Interface Lan_1 and LAN_2. The Idea is that I need 70Mbit/s equally shared between two interfaces, so that I have fair policing on both iunterfaces. What is the best way to achieve this?
Many ThanksHello
The below configuration is a possible option, Its provides policing inbound from the clients interfaces and LLQ priority queung on the wan interface for the servers and shaping values from LAN1 & 2 traffic is set to 35MB.each.
Notice nothing is defined for the default class, however i am on the understanding this is given by default 1% of Hqos implementations.
Maybe others on here could review to verify any problems with this post and share their thoughts?
ip access-list extended SRVS_acl
permit ip 172.16.10.0 0.0.0.255 any
ip access-list extended LAN1_acl
permit ip 192.168.55.0 0.0.0.255 any
ip access-list extended LAN2_acl
permit ip 192.168.56.0 0.0.0.255 any
class-map match-all SRVS_CM
match access-group name SRVS_acl
class-map match-all LAN_1_CM
match access-group name LAN1_acl
class-map match-all LAN_2_CM
match access-group name LAN2_acl
policy-map SRVS_PM
class SRVS_CM
police 30720000 conform-action transmit exceed-action drop
policy-map LAN_2_PM
class LAN_2_CM
police 35840000 conform-action transmit
policy-map LAN_1_PM
class LAN_1_CM
police 35840000 conform-action transmit
interface GigabitEthernet0/1.70
service-policy input LAN_1_PM
interface GigabitEthernet0/1.90
service-policy input SRVS_PM
interface GigabitEthernet0/1.80
service-policy input LAN_2_PM
policy-map WAN_CHILD
class SRVS_CM
priority 30720
class LAN_1_CM
shape average 35840000
class LAN_2_CM
shape average 35840000
class class-default
fair-queue
policy-map WAN_PARENT
class class-default
shape average 102400000
service-policy WAN_CHILD
int GigabitEthernet0/2
bandwidth 102400
service-policy output WAN_PARENT
res
Paul -
Hello friends,
For host remediation we shld allow for access to a particular destination or by default it is accessible?????
OR
traffic policies are applied after a host passes posture assessment and remediation.??? to limit network access.
ThanksHello Faisal,
Thanks for reponse,
My setup is IN-band virtual mode.
From ur mail what i understand is if the host want to succeed posture assesment he has to be permited for the particular destination.
for example: host is not updated with full AV then he has to permit access to AV server for the updates in the temporary role,
access-list will be like : permit tcp any host 10.10.10.10 (AV Server) eq (port)
correct me if i m wrong ?????
2) After host get success in host posture assessment after that also we can limit the host for a particular destination.
where is option that we can specify such access-list.
Thanks -
ISG: Service with traffic policing counts dropped packets.
Hello,
Our company has a router Cisco 7304 NPEG100. ("show version" in the bottom of this message). We are planing to start ISG services at this router, but there is a bug CSCei4190. When I set traffic policing in service, accounting in this service counts packets that has been dropped by traffic policing.
Here is example of my definition of service in RADIUS:
User-Name = 'Internet-Service'
Cisco-AVPair += "ip:traffic-class=in access-group 2000 priority 10"
Cisco-AVPair += "ip:traffic-class=out access-group 2001 priority 10"
Cisco-AVPair += "ip:traffic-class=in default drop"
Cisco-AVPair += "ip:traffic-class=out default drop"
Cisco-AVPair += "prepaid-config=TRAFFIC_PREPAID"
Cisco-AVPair += "accounting-list=ISG_ACCT"
Cisco-Service-Info += "QU;256000;D;512000"
Acct-Interim-Interval += '60'
When I remove Cisco-Service-Info += "QU;256000;D;512000" from service definition, all traffic are counting correctly.
I did not found in Bug Details, which version of IOS, I should use in my 7304 router where this bug is fixed.
Cisco IOS Software, 7300 Software (C7300-A3JK91S-M), Version 12.2(31)SB17, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 30-Oct-09 12:35 by vpernank
ROM: System Bootstrap, Version 12.2(22r)S, RELEASE SOFTWARE (fc1)
BOOTLDR: 7300 Software (C7300-BOOT-M), Version 12.2(20)S6, RELEASE
SOFTWARE (fc4)
7304 uptime is 17 hours, 24 minutes
Uptime for this control processor is 17 hours, 24 minutes
System returned to ROM by reload at 06:22:24 TSK Wed Feb 23 2005
System restarted at 18:46:54 TSK Mon Mar 22 2010
System image file is "disk0:c7300-a3jk91s-mz.122-31.SB17.bin"
cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of memory.
SB-1 CPU at 800Mhz, Implementation 0x401, Rev 0.2, 512KB L2 Cache
4 slot midplane, Version 67.49
Last reset from software reset or reload
4 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1021K bytes of non-volatile configuration memory.
62592K bytes of ATA compact flash in bootdisk (Sector size 512 bytes).
125952K bytes of ATA compact flash in disk0 (Sector size 512 bytes).
Configuration register is 0x2102I am getting other logs sent to the syslog server, yes, just not the firewall-related "dropped packet" logs. Here's an example of one that does make it through:
5790: *Apr 30 15:05:27.039 UTC: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:-647534746 1500 bytes is out-of-order; expectedseq:3647406270. Reason: TCP reassembly queue overflow - session 192.168.1.179:3895 to 54.240.160.142:80 on zone-pair inside-to-Transitclass WB-Browsing
I am not allowing all the traffic across the box. The "self-to-inside" zone-pair just allows the *firewall itself* to initiate any traffic to the inside zone. That's temporary until I get all the management traffic to and from the firewall defined, then I will lock it down further.
And I added the "ip inspect log drop-pkt" and it did not appear to make any difference.
Any other suggestions?
-Mat -
Hi,
I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:
class-map match-all ALL-TRAFFIC
match access-group 1
policy-map 10mbs
class ALL-TRAFFIC
police 10000000 65536 exceed-action drop
access-list 1 permit any
Here's the interface config:
interface FastEthernet0/24
switchport access vlan 53
load-interval 30
service-policy input 10mbs
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree link-type point-to-point
What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.
I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).
http://www.cisco.com/en/US/partner/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml
Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.
HTH
Andy -
Traffic Policing on Service Provider Edge router.
Hi,
I'm confused about the traffic policing on service provider edge router. Suppose I have taken internet bandwidth from my ISP and he says that they will give me 100 Mbps bandwidth burstable upto 1Gbps. What does that mean? what is burstable here?
I would appreiciate if anyone from service provider organization, can give a output of their edge router's running config. I just have to understand how the police our traffic. Here I'm talking about the Internet leased lines.This is probably something you will have to get your service provider to answer. Different service providers use the term burst in a different context. Some SP's are "NICE' and will setup no policer or shaper and will purely monitor the link for fair use allowing you to exceed what you have purchased as long as you don’t abuse the privilege. Other Serves providers may setup a dual rate policer with a CIR and a PIR to achieve the same. a 3rd scenario is as explained above where the SP will setup a policer for 100Mb/s and then calculate the burst value at 1/8 of a second (or less in some cases) which allows your traffic to burst to full line rate for that time slice,
There are other scenarios but the point I’m trying to make is that service providers don’t all do this the same way which is why you should ask them what they mean and how long your traffic would be allowed to burst to line rate.
PJ -
Cisco ASA QoS traffic policing - how to count conform burst
hi,
I have cisco ASA 8.4(5). I will do configuration for QoS traffic policing. Maximum output/input rate will be 850 Mbits/s.
I am not sure if I need to do configuration also for conform burst ? if yes, can I count suitable value for it ? I must admit that I dont understand difference between conform rate and conform burst.
access-list acl_qos_policing_admin extended permit ip any any
class-map class_qos_policing_admin
match access-list acl_qos_policing_admin
policy-map policy_qos_policing_admin
class class_qos_policing_admin
police output 850000000 xxxxxxx
police input 850000000 xxxxxxx
service-policy policy_qos_policing_admin interface
inside_ADMHi, I already have done configuration on production firewall. Bandwidth test worked very good for 200Mbps or 300 Mbps. But I got little strange results for bigger rate limits such 600Mbps or 850 Mbps. I could not see any dropped packets. I did test via http://www.speedtest.net. Maybe because
I need to set conform-burst? there is now only default value (If you set bigger conform-rate then you get bigger conform-burst with default value).
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Input police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Input police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Input police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes
Input police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes -
DSCP to CoS mapping: Avaya traffic
It appears that Avaya marks its voice traffic as follows:
L2 signaling cos 6 L3 signaling dscp 34
L2 audio cod 6 L3 audio dscp 46
Has anyone interacted with theses settings and what are the right mappings for 6500 series Modules?
I am about to use the following:
#mls qos map dscp-cos 34 46 to 6
#mls qos map dscp-cos 48 to 5 "move IP control to cos 5)
#mls qos map cos-dscp 0 8 16 24 32 46 48 56 leave cos to dscp unchanged.
Finally use: #mls qos thrust dscp on input interfaces.
Can anyone clarify?
Thanks.The 6608 and 6624 internal port is treated as trust-cos to the Catalyst 6000. So the default COS-to-DSCP mapping of the cards will determine the DSCP values with which the IP packets are marked unless they are changed in the switch.
The 6608 and 6624 will tag packets as follows:
COS = 5 for rtp traffic
COS = 3 for signalling traffic
By default on the Catalyst 6000, these COS values map in IP packets to DSCP 24 (COS = 3) and 40 (COS = 5) as shown in the table below.
Generally, the recommended DSCP values to use in a VoIP network differ slightly. They are:
DSCP = 46 for rtp traffic (Recommended Expedited Forwarding (EF) value)
COS = 26 for signalling traffic (AF31)
It may be necessary to change the default COS-DSCP mapping on the Catalyst 6000 so that the DSCP markings in packets generated by the 6608 and 6624 cards conform to the network policy. For example, if other devices in the network are marking packets with the recommended values.
Information on how to change the default COS-DSCP mapping is provided in the Mapping Received CoS Values to Internal DSCP Values section of Catalyst 6000 Family Software Configuration Guide. -
Hi,
Thanks for your previous helpful responses.
I will be doing a POC at Customer site, I have the following applications listed that I will optimizing:
Oracle
MS windows (CIFS)
MS Exchange
EFAX- oracle
RTGS- Real Traffic Gross settlements
T24
internet thru proxy server.
Banknet - Intranet Service.
DNS.
Mcafee antivirus updates service.
I guess one way to capture the traffic types is to run a sniffer on the network, how do i know exactly how the application works so as to know what kind of ATP to create for some of these applications mentioned and what kind of optimation to apply since all do not have a ATP defined in the default Cisco ATP.
ThanksObiora,
There are several apps you list that are in the default application policies (CIFS, Oracle, Proxy server, etc.). I would recommend that you create a policy for Exchange via destination IP with full optimization as long is it's not encrypted by the Outlook clients.
For the other apps, you are correct, you may have to run a sniffer to look at them as they may be customer apps. After you have found out what ports and/or IP addresses they will use, you can create customer policies if they don't fit into the default set.
Hope that helps,
Dan -
Need help understanding IP Precedence traffic types
I was reading through the different IP Precedence values and most seemed to be fairly straight forward, but I'd like to make sure I have my facts correct. According to the list below, IP Precedence treats traffic lowest to highest priority with numbers 0-7, respectively, is that correct?
Is it a matter of drop rates increase with the IP precedence value then as well?
What type of traffic would fall under 4? I've never heard of Flash, or Flash Overide type traffic, a little clarity would be much appreciated.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Interface fair-queue treats IP Prec marked traffic differently. As interface FQ was the default on serial interfaces E1 or slower, you might consider it as "automatic". (NB: FQ within pre-HQF class default, works the the later interface WFQ.)
Explicitly configured QoS WRED (on interface or within CBWFQ), with defaults, treats IP Prec marked traffic differently. -
CUCM - DSCP for TelePresence Calls Enterprise Parameter
Hi All,
There is an enterprise parameter in newer versions of CUCM called "DSCP for TelePresence Calls" that is separate from "DSCP for Video Calls".
Does anyone know what endpoints the former applies to? Is it just the traditional CTS endpoints (e.g CTS-3000), or is it all devices that include TelePresence in the name in CUCM for example Cisco TelePresence EX60?
Cheers,
GilesIt's only for immersive room endpoints (e.g. CTS1300, 3000, TX9000, and the like).
Sorry for the delayed response, I just spotted this as part of an unrelated Google search and am answering incase someone else finds this in their search results. -
Qos for H323 Video tele conference traffic
Hi All,
I am using Tandberg video equipment(bridge MPS200, endpoint MPX2000, MPX6000). My WAN routers are Cisco 2800/3800 connecting to MPLS network.
Jitters are between 4ms - 20ms. Picture quality is not very good when I use the bridge calls out to 8 endpoints at 384Kbps.
would you put audio and video traffic into the same class and mark it as EF, or seperate them with marking RTP audio as EF and RTP video = Ip precedence 4?
thanks
PHJust for the record
The Cisco Enterprise QoS SRND reccomends putting Video AF41 in the PQ.
1st ref 3-12
policy-map WAN-EDGE
class Voice
priority percent 18 ! Voice gets 552 kbps of LLQ
class Interactive Video
priority percent 15 ! 384 kbps IP/VC needs 460 kbps of LLQ
class Call Signaling
bandwidth percent 5 ! BW guarantee for Call-Signaling
class Network Control
bandwidth percent 5 ! Routing and Network Management get min 5% BW
class Critical Data
bandwidth percent 27 ! Critical Data gets min 27% BW
random-detect dscp-based ! Enables DSCP-WRED for Critical-Data class
class Bulk Data
bandwidth percent 4 ! Bulk Data gets min 4% BW guarantee
www.cisco.com/go/srnd
When provisioning for Interactive Video (IP Videoconferencing) traffic, the following guidelines are
recommended:
? Interactive Video traffic should be marked to DSCP AF41; excess Interactive-Video traffic can be
marked down by a policer to AF42 or AF43.
? Loss should be no more than 1 %.
? One-way Latency should be no more than 150 ms.
? Jitter should be no more than 30 ms.
? Overprovision Interactive Video queues by 20% to accommodate bursts
Because IP Videoconferencing (IP/VC) includes a G.711 audio codec for voice, it has the same loss,
delay, and delay variation requirements as voice, but the traffic patterns of videoconferencing are
radically different from voice. -
URGENT! Setting QoS DSCP value on switches
Hi,
I desperately need replies to my problem below.
I tried to set DSCP values to 2 applications, video and video conference, on cisco 3560 and cisco 2950 swtiches based on the source ip address of the servers.
So on the switches, I created an access-list to identify the servers' ip addresses.
Then I use "class-map match-any video" followed by "match access-group" for the access-list.
Then I use "policy-map policy1", then "class video" then "set dscp ef".
Finally I apply the policy to the INPUTS of all ports "service-policy input policy1"
But when I use a sniffer to sniff the ports, I see that the DSCP value is not "EF", instead it is "0x20, class 4".
Why is this so?
Where have I done wrongly?
Finally, on routers, where do I apply QOS policy? On input ports or output ports of routers?
I urgently need help.
Thank you.
Regards,
RachelRachel,
Without seeing what you have in place so far, I'll see if I can answer some of those questions. If the switch connects to a router, then the outbound (egress) interface would in fact be that interface on the switch that connects to a router. Best practices dictate that the classification and marking should be done on the inbound (ingress) interface which connects the switch to the network where the host resides.
If you wanted to implement an end-to-end QoS solution, then you should configure QoS on every interface between the source and destination. This is because even FastE/GigE ports can become congested due to worm outbreak or DOS attack. But if all you want to do right now is guarantee bandwidth to the video traffic across the WAN, that can be accomplished by a) classifying and marking the video traffic as close to the source as possible, and b) configuring queuing/scheduling on the outbound WAN interface based on those markings.
Once the switch has marked the traffic with a DSCP value per (a), that DSCP value should remain intact until it reaches the WAN router per (b), and all the way until it reaches its destination. That is, unless there is a device somewhere in between that is remarking traffic. If the switch you reference is not directly connected to the router you reference, there could be another switch or router in between marking everything back to DSCP 0, meaning that all traffic is untrusted.
I don't have a 2950 here with me, but without checking syntax this is basically what you should have, if you just want to mark video traffic EF and then guarantee bandwidth on the wan:
2950:
access-list permit
class-map match-any VIDEO
match access-group
policy-map POLICY1
class VIDEO
set ip dscp 46 !
interface
service-policy input POLICY1
Router:
class-map match-any EF_VIDEO
match ip dscp 46
policy-map VIDEO_OUT
class EF_VIDEO
priority 1600
interface
service-policy output VIDEO_OUT
If you are sniffing traffic on that switch to ensure that video traffic is being marked, make sure that you are sniffing the outbound interface toward the router, not the inbound interface from the host. That will ensure that your sniffer trace picks up the traffic after it has been marked DSCP 46.
Just in case this post is related to your post where you want to lock the router WAN interface so that the 1.6 megs of video gets through but other traffic is dropped when the video takes the full 1.6 megs of bandwidth...
QoS queuing/scheduling only kicks in when the interface experiences congestion. If there is no congestion on the interface, traffic will still be marked and policed per the service policy, but not queued/scheduled - it will just fly right through the interface with the new markings. The only way to force such congestion at 1.6 megs is to use traffic shaping. You would need to shape the entire interface down to 1.6 megs, and THEN apply the priority bandwidth. This can be accomplished with a hierarchical policy-map as follows:
Router:
class-map match-any EF_VIDEO
match ip dscp 46
policy-map VIDEO_OUT
class EF_VIDEO
priority 1600
policy-map SHAPE_OUT
class class-default
shape average 1600000
service-policy VIDEO_OUT
interface
service-policy output SHAPE_OUT
I really hope I am helping you out here, please let me know how this works out. Good luck!
Best Regards
Robert -
Wireless QoS - CAPWAP getting tagged DSCP 26 while inner packet is DSCP 24.
Hello,
I'm facing an issue regarding QoS and wireless. I've attached a drawing of my set up as well.
My set up consists of a Cisco wireless 7925 phone, a 3702i access point, and a WISM2 controller (running newest 7.6 code).
My access point is connected to a 3750 switch, the switchport is in access mode, and is trusting the dscp values from the access point (mls qos trust dscp). QoS is also enabled on the switch (mls qos).
Please see my attached picture of a visual representation to what I'm going to describe.
In my particular scenario I'm looking at SKINNY traffic between the phone and the call manager. Per our Wired QoS design SKINNY traffic is tagged with DSCP 24 or CS3. Traffic from the call manager to the phone is being tagged correctly all the way through (from the wired segment, to the controller and from the controller to the access point) the inner packet and the CAPWAP header is tagged correctly with DSCP 24.
Return traffic from the phone to the call manager is a different story. The phone is clearly tagging the SKINNY traffic with DSCP 24 as well, this is evident by looking at the inner packet in captures. However, the CAPWAP header is being tagged DSCP 26 for some reason. Basically it looks like the access point is building the CAPWAP header with the value of 26 despite the fact that the original packet is marked 24.
I'd like to further understand why this is happening in only one direction (from AP to the controller) and if there is any way to change the behavior.
One thing I might have stumbled on is how the 802.11e values map to DSCP values. Looking at the binary representations of 24 and 26, they both end up mapping back to the 802.11e value 3. My current thinking is the access point just sees this 802.11e value #3 and then tags it to 26 automatically instead of 24. I'm not sure why the access point can't read the correct DSCP value of the inner packet (being tagged by the phone) and simply map that same value to the CAPWAP header.
Any help or further insight into this would be greatly appreciated.
Thanks!Return traffic from the phone to the call manager is a different story. The phone is clearly tagging the SKINNY traffic with DSCP 24 as well, this is evident by looking at the inner packet in captures. However, the CAPWAP header is being tagged DSCP 26 for some reason. Basically it looks like the access point is building the CAPWAP header with the value of 26 despite the fact that the original packet is marked 24.
Note that when AP receives packet, it will only see the wireless header UP (user prioroity) value & not inner IP packet DSCP header. So all mapping of outer CAPWAP DSCP is based on UP value. Refer this table & UP3 will map to AF31 (DSCP value 26)
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobility/emob73dg/emob73/ch5_QoS.html#_Ref167257742
I'd like to further understand why this is happening in only one direction (from AP to the controller) and if there is any way to change the behavior.
When it comes from UCCM side, signaling traffic already marked with CS3. So when WLC map that to CAPWAP, it will simply use that IP packet DSCP value to derive the outer CAPWAP DSCP. So packet goes as CS3 in that direction.
If you want to change this behavior (client to AP-> WLC), you can apply a qos service policy to re-write DSCP26 to CS3 on your 3750 switch where AP connects.
http://mrncciew.com/2012/11/30/understanding-wireless-qos-part-2/
Refer this post from Jerome to see background of this AF31 or CS3 debate when classifying voice control traffic.
http://wirelessccie.blogspot.com.au/2011/02/wired-qos-for-voice-control-af31-dscp.html
HTH
Rasika
**** Pls rate all useful responses **** -
"mls qos trust dscp" vs. "mls qos trust cos"
Are these statements correct ?
1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
- downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
2. If using QoS profile with setting "wired qos protocol",
- use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
- use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
4. Always use "mls qos trust dscp" on non-HREAP AP ports
Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunksAre these statements correct ?
1. If using QoS profile without setting "wired qos protocol", always use "mls qos trust dscp" on the WLC trunk port
- downstream wmm traffic will be policed down to "?" (this one I'm not sure, is it "not policed" or "policed down to cos 6 for platinum, etc")
Ans: Not sure about always. you can use both 'mls qos trust dscp' and 'mls qos trust cos'. Since it is a trunk port the packets will have a cos value (802.1p tag) and hence you can trust cos. Downstream and upstream traffic both are capped to the WLAN max QoS value. for example if Wlan is set to silver, and if a packet comes in at platinum QoS, the AP will cap it to silver in upstream direction. Same holds true for a cos 5 / dscp 46 packet coming in from the wired side.
2. If using QoS profile with setting "wired qos protocol",
- use "mls qos trust cos" on the WLC trunk port if you want outgoing LWAPP traffic COS/DSCP to reflect QoS profile setting and if you want to rewrite DSCP in the outgoing upstream traffic to QoS profile setting
- use "mls qos trust dscp" on the WLC trunk port if you want LWAPP traffic COS/DSCP to reflect original DSCP setting and if you want to leave DSCP alone in the outgoing upstream traffic
Ans:
3. With either "mls qos trust cos" or "mls qos trust dscp" on WLC trunk port, downstream wmm traffic will be policed down to "wired qos protocol" setting (What if "wired qos protocol" is not set, will it be policed down to, for example, cos 6 for Platinum?)
Ans: Traffic in both direction wil always get capped to WLAN max QoS. Untagged (802.1p = 0) traffic will be treated as best effort.
4. Always use "mls qos trust dscp" on non-HREAP AP ports
Use "mls qos trust dscp" on HREAP AP ports, if you want to preserve upstream DSCP for locally switched WLANs
Use "mls qos trust cos" on HREAP AP ports, if you want to QoS profile 802.1p to override upstream DSCP for locally switched WLANs
Ans:
5. Use either "mls qos trust dscp" or "mls qos trust cos" on switch-to-switch trunks
Ans: I think on purely layer 2 switches you can trust dscp, but am not 100% sure.
Maybe you are looking for
-
Dear All, i am Generate the Report in Report Builder and set the output in HTML when i Run the report, then i save the report in .XLS (Excel) and open in Excel it does not Give the Right Output in Excel,The Data are Splited in to Different Cells but
-
Tabs in Safari 5.1/Lion
Just installed Lion today, so not sure if this is a Sarafi or Lion thing, but working with tabs is now terrible. - Most times they dont seem to load content when not in the foreground; for instance if I hit a link to open in a new tab and then go bac
-
iCal on my macbookpro moves events to the day before I originally saved them..especially birthdays. I will create an event for the 2nd of September, for example, and then when I restart my computer and open iCal the same event is saved for the 1st ev
-
Restart message scheduled for outbound processing
Hi, I'm having a BPM process that collects IDocs. A lot of messages got stuck now in the status message scheduled for outbound processing. Can I manually restart these messages? What will it happen if I restart them? Will they be sent twice or just o
-
One Portal Multiple BI systems
Hi, I have a scenario wherein there are two BI systems and one portal that is used for displaying the data. Now I know we need a BI JAVA on the portal for this scenario. My doubts are: 1. Can we use BI JAVA to connect and pull data from multiple BI s