Hirarchial (nested) policy bandwidth reservation

Similar Messages

• Catalyst 4500x : Shaping traffic and appliying queuing (nested policy-maps)

  Hi Everyone, 
  I got a question on how actually I could put kind of nested policy-maps under an interface on a 4500x switch. 
  This is needed because 100Mbps link connecting 2 head office locations. The 100Mpbs is a metro ethernet link and the provider is fixing port to 100Mbps speed.
  Since 4500x is not supporting 100Mbps speed on interfaces, the provider's port is connected to an intermediary switch at 100Mbps. And the 4500x is connected to intermediary switch at 1Gbps. 
  Hence, I need to shape to 100Mpbs out to my 4500x port. But I also need do perform queuing for traffic. The thing is nested policy-maps doesn't seem to be implemented on 4500x as in routers.
  Any idea on how to workaround this? In a router world I'd do something like this: 
  policy-map SHAPER
  class class-default
  shape average 100000000
  service-policy QUEUING
  policy-map QUEUING
  class VOICE
  priority
  police 5000000 conform-action transmit exceed-action drop
  class INTERACTIVE
  bandwidth 20000
  class BULK
  bandwidth 20000
  class class-default
  dbl
  interface TenGigabitEthernet2/1/9
  description TO_REMOTE_HEADOFFICE
  service-policy output SHAPER
  Thank you.

  I have the same problem. I wanted to do sub-interfaces with dot1q tags and nested shaper policies, but the 4500x doesn't appear to support either nested shapers or subifs. Really wish there was more consistency across platforms.
  Instead of the subifs, I can simply create vlan interfaces (not my favorite method, but it works).
  As far as shaping goes, the best I've been able to come up with is a custom policy that polices for the realtime traffic (i.e marked with EF or AF41, 42, 43) and everything else is matched by a custom class that matches any and sets the shape average % on the interface accordingly.  (i.e. a 10g interface shaped to a 2G pipe would get 19% for all traffic and 100Mb for realtime apps like voice and video). Not perfect, but without nested policies it's hard to do a full 8 class policy and shape each class to a specific rate.
  class-map match-any REALTIME
  match dscp ef
  match dscp af41 af42 af43
  class-map match-any CATCH_ALL
  match any
  policy-map QOS_SHAPE_2G_OUT
   class REALTIME
    priority
    police rate percent 1
   class CATCH_ALL
    shape average percent 19
  int ten1/1/27
  service-policy output QOS_SHAPE_2G_OUT
  If you want queuing, then drop dbl in the catch all class and you're set. This is not ideal and doesn't do as well as a nested shaper policy. If anyone can come up with a better solution, please post it!

• DHCP policy and reservations

  Windows 2012 R2 runs with DHCP role.
  I created DHCP scope policy based on vendor class, to replace some options. All works fine.
  Then I created some reservations to achieve fixed IP addresses for clients.
  I've noticed that my policy options does not apply to reserved clients. If I delete reservation for client, then policy applies OK to this client.
  Is this behavior by design? Does DHCP policies works for reservations?

  Hi,
  Yes, it is by design.
  The priority for options settings is reservation >
  scope policy > server policy >
  scope-level > server-level. See the following figure.          
  If a DHCP client obtains option settings because it matched a reservation, it will ignore the same options settings if they are present in any scope or server polices, or configured globally at the scope or server level.
  For more detailed information, please refer to the link below:
  Introduction to DHCP Policies
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Catalyst 6500 bandwidth reservation

  We have a Cat6500 with a SUP720-3B and a Firewall module and 2 48 port 10/100/1000 cards.
  We are service provider in that we host multiple servers for different customers over a 20 Mb uplink (attached to 1 of the gigabit ethernet interfaces connected directly to the ISP switch).
  All ports on teh switch are layer 2 ports at the moment.
  What we would do is for some customers guarantee a portion of the 20 Mb total bandwidth, eg Customers X is guaranteed 10 Mb and can burst to 15 Mb. If all the other customers use the bandwidth the 10 mb should go to customer X and the remaning 10 Mb should be divided over the rest of the customers. This should go for both incoming traffic to the servers as for outgoing traffic from these servers.
  We have looked at traffic policing and can configure that but how would we guarantee the bandwidth. We can shape the traffic to a maximum but not guarantee a minumin and be able to bust if bandwidth if available.
  Can anyone help me how this should be configured/designed ?

  Hi
  hope this links helps u out..
  http://cisco.com/en/US/partner/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml
  regds

• Policy on reserving iphone?

  So now that the iPhone 4's luanch date has officially come and gone and lot's of people are still waiting for their pre-orders. Can I go into my local BB and pre-order one for when they do get them in stock?

  Please learn from the many preorderers who chose to purchase an iphone with BB.  BB is notorius for not receiving many iPhone shipments and not knowing when they will receieve their iPhone shipments.  I have read that other users on the forums are reporting that their local BB stores have received as little as 2 iPhones.  BB often blames Apple for their preoder shipment disaster, since Apple is in charge of all shipments to every BB store.  Since BB seems to have no idea what is going on and is at the mercy of Apple I would suggest that you walk into your local Apple or AT&T store, where iPhone stock will be plentiful, and get on their waiting lists.  You will have a much better chance of getting your iphone within a couple of weeks.  Also consider ordering online from AT&T.  I have heard that many iPhone orders have shipped after one week.  Best of luck to you.

• Group Policy issue - Bandwidth detection failed

  Hi
  We have a major issue affecting multiple users (>100) where they are unable to login to the machine.It looks like core windows services do not start such as DHCPClient, EventLog, UserProfileService.
  Looking at the events on the pc I can see the following events:
  Event 6314
  Group policy bandwidth estimation failed. Group policy processing will continue. Assuming fast link.
  Event 6323
  Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
  I can see the NLA service started but I am worried alot more machines will become unusable. A change was made to group policy regarding searching items in the start menu
  User Configuration\Administrative Templates\Start Menu and Taskbar
  Do not search files
  Enabled
  Do not search Internet
  Enabled
  Remove Games link from Start Menu
  Enabled
  Remove Help menu from Start Menu
  Enabled
  Remove Music icon from Start Menu
  Enabled
  Remove Network Connections from Start Menu
  Enabled
  Remove Network icon from Start Menu
  Enabled
  Remove Run menu from Start Menu
  Disabled
  Remove the networking icon
  Enabled
  Remove the volume control icon
  Disabled
  Remove user's folders from the Start Menu
  Enabled
  The clients are mostly Vista SP2 with some Windows 7. DCs are Server 2008.
  Any help in resolving this much appreciated.

  Hi,
  >>Group Policy dependency (Network Location Awareness) did not start. As a result, network related features of Group Policy such as bandwidth estimation and response to network changes will not work.
  Network Location Awareness service is a needed service for processing group policy settings since Windows Vista. It helps check the network location of the computers and helps detect slow link when processing group policy settings.
  Before going further, does this happen to all clients in our environment? Please check our network configuration and make sure that the clients are able to correctly communicate with DCs. Besides, we can try to reinstall network
  adapters to see if it helps. Moreover, please further check event logs to see if some other error events were logged.
  Here, we can also try to clean boot our clients to troubleshoot if this is caused by some third party services or applications.
  Regarding how to perform clean boot, the following article can be referred to for more information.
  How to perform a clean boot in Windows
  http://support.microsoft.com/kb/929135
  In addition, if everything goes clean, we can try to delay the application of Group Policy at startup by following the procedure described in the Resolution section in the article below to see if it helps.
  Windows 7 Clients intermittently fail to apply group policy at startup
  http://support.microsoft.com/kb/2421599
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• RSVP reserved TE bandwidth

  Hi,
  I have a scenerio where i wish to configure a TE tunnel to run across a link which is only utilised as a backup link by the current MPLS network.
  Am i right in assuming the RSVP bandwidth reservation carried out by the TE tunnel would not be seen by the normal MPLS traffic. IE, in the event of a failure the normal MPLS traffic would not see that perhaps 50% of the link is reserved by the TE tunnel and possibly starve the tunnel of the required bandwidth?
  Garry

  You are right in your assumption. MPLS TE tunnel will seamlessly integrated with the normal IP or MPLS traffic without causing any trouble.
  Also you may want to use 'AutoBandwidth Allocator' for reserving bandwidth instead of allocating constant value manually.
  http://www.cisco.com/en/US/products/ps6608/products_white_paper09186a00800a4472.shtml#wp39742

• Max-reserved bandwidth confusion

  Hi all,
  Can someone please help me to understand bandwidth reservation for CBWFQ.
  By default you cannot allocate more than 75% of the interface bandwidth to your classes. My question is what is the point? theoretically it is reserved for your routing protocols etc.etc. but in reality if the interface is saturated isn't that extra 25% used by whatever traffic anyway? it not like you guarantee a maximum of 75%, you guarantee a minimum of 75% so the additional 25% is still up for grabs, it's just that it's not reserved for any class in particular.
  hope the question makes sense.
  Thanks,
  Andres

  Hi Andres,
  On low speed links, WFQ is the default. So in the case that you have a link with less than 768 kbps, it will be running WFQ. With WFQ, it's not so much 'up for grabs'. WFQ is based on packet size, DSCP values, and time in queue.
  Generally, router control packets aren't very large, and by default they are usually in the DSCP 48-64 range, which is very high. So in this case, the control packets are very high priority.
  As well, control packets are marked with a special tag on the backplane of most routers (platform specific) to give an even high level of precedence within the router.
  When the max-reserved bandwidth is a very high value, it is more likely for the traffic to have a higher interference with these two methods (particularly the first).
  hth,
  nick

• Bandwidth being reserved for AE guest networks?

  Page 24 of the "Apple AirPort Networks" document (http://www.apple.com/support/manuals/airport) says, "When you set up a guest network, a portion of your connection to the Internet is reserved for 'guests', wireless clients that can join the guest network and connect to the Internet without accessing your private network." Question: Does setting up a guest network carve out a fixed and constant amount of available bandwidth such that even when no guest clients are present, the available bandwidth for my private network is less than what otherwise would be available if no guest network was defined?

  Welcome to the discussion area, pokerpal!
  Question: Does setting up a guest network carve out a fixed and constant amount of available bandwidth such that even when no guest clients are present, the available bandwidth for my private network is less than what otherwise would be available if no guest network was defined?
  Apple does not publish a certain specification relating to your question, but several Apple support people mentioned that they had been told by engineers that the bandwidth "reservation" was in the 15-20% range when the Guest network is enabled.
  So, makes sense to turn off the Guest network if you don't have "guests", if you want full bandwidth available on the "main" network.

• Service Policy won't attach to interface - NO error

  Hi,
  Am doing some simple CE VoIP QoS for a IPSEC/GRE Customer. I try to ATTACH the policy to the tunnel outbound and the command is accepted without any error but nothing appears in the config.
  Here's the base config:
  class-map match-all IPSEC-VPN
  match access-group name IKE_ACL
  class-map match-all ROUTING
  match ip dscp cs6
  class-map match-all NETWORK-MANAGEMENT
  match ip dscp cs2
  class-map match-any VOICE-SIGNAL
  match protocol rtp
  match ip precedence 3
  match ip dscp cs3
  match ip dscp af31
  match ip dscp af32
  class-map match-any VOICE-BEARER
  match ip precedence 5
  match ip dscp ef
  match ip dscp cs5
  policy-map SHAPE-ADSL-UPLINK
  class class-default
  bandwidth remaining percent 50
  random-detect
  random-detect ecn
  policy-map VoIP-QoS
  class VOICE-BEARER
  priority percent 34
  class VOICE-SIGNAL
  bandwidth percent 5
  class ROUTING
  bandwidth percent 2
  class NETWORK-MANAGEMENT
  bandwidth percent 2
  class IPSEC-VPN
  bandwidth percent 2
  class class-default
  (config)# int t203
  (config-if)#service-policy output SHAPE-ADSL-UPLINK
  NOTHING appears in the config and sh policy-map int t100 shows an unapplied policy.
  Using:
  c836-k9o3s8y6-mz.123-8.T5
  Another bug?
  Thx

  Policy should read (nested):
  policy-map SHAPE-ADSL-UPLINK
  class class-default
  bandwidth remaining percent 50
  random-detect
  random-detect ecn
  service-policy VoIP-QoS

• Traffic shaping and BW reservation/prioritization - L2 header included?

  Hi,
  This question might seem to be dumb but I will still ask.
  On ISR platform, does it take into consideration of the L2 header size when specifying the bandwidth? Please see below for the configuration. My question is the rates configured in "shape", "priority" and "bandwidth".
  policy-map TEST
  class class-default
  shape average 512000
  service-policy TEST-nested
  policy-map TEST-nested
  class Voice
  priority 60
  <... some other classes>
  class class-default
  bandwidth 100
  I am asking because in the "show policy-map interface xxx" output, I see that number of bytes matched in each class does include the L2 header size.
  Thanks!

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  "So is "priority" same as the "bandwidth" which only assigns the dequeuing weights?"
  No, priority is the keyword for LLQ.  Traffic in the LLQ is always has absolute priority over all other traffic.  Although there's only one LLQ, each LLQ class also has its own implicit policer.
  "Traffic exceeding the "priority" or "bandwidth" configured will fall in the "class-default" and will be handled equally with the traffic in that class, correct?"
  No.  Traffic always says in the matched class.  The class-default class if the class that matches "none-of-the-above".  You always have a class-defaut.  (I.e. it doesn't have to be explicitly defined, but when explicitly defined, you have set different options.)
  "Another question which is irrelevant, is that what queuing does class-default use?"
  By default, FIFO.
  "Should I use "fair-queue"?"
  I personally like FQ in all classes that support it, but insufficient information to say whether you you use it.
  "I know that "fair-queue" cares for the DSCP dynamically."
  Not post HQF.  (Which should be the case on a 39xx router.)
  "Does it also care about packet size or smaller packets get better treatment than big TCP file transfer packet?"
  Yes and no.  FQ monitors bandwidth usage.  In theory, a single small packet gets "better" treatment vs. a single large packet because the former consumes less bandwidth.  However, if the sum consumption of a sequence of small packets equals the single large packet, the transmission rate from two queues should be about equal (I'm also assuming the two flows are prioritized the same).

• Service policy direction

  I'm trying to get some input on the direction policy maps should be applied, inbound vs outbound. If I have a central site that is hosting resources that include web related apps, Citrix, and SQL, and want users at a remote end of a point 2 point connection or VPN tunnel to have QoS guarantees such as bandwidth reservation and cbwfq, should the policy be applied in the outbound direction of the serial interface on the remote router that makes the point 2 point connection, and the inbound direction of the central site router's serial interface that is the other end of that point 2 point?
  Or, from the remote site, should it be the outbound direction on the serial interface that classifies traffic such as http to certain urls, citrix, and sql servers, but on the central router's serial interface that marking would be using acls, having the source being the http, citrix, and sql servers and the remote clients being the destination?
  What?s the recommended method of implementing something like this in terms of the direction of the policy maps?
  Thank you
  Bill

  If the policy map is being used for classification marking (e.g. DSCP marking), the usual recommendation is mark as close to the source as possible, usually "IN" on an ingress edge interface.
  If the policy map is being used for congestion management, and since congestion usually is found on an egress interface, such policies are applied there.
  So, from end-to-end, you might have an inbound policy on the local LAN device's edge interface, and an outbound policy on the local WAN device's WAN interface. Same on the remote side's devices for return traffic.
  Since congestion is usually of primary concern on the WAN device, the inbound classification could be done inbound on that device's LAN interface, or even as part of the outbound policy.
  Sample IOS policies (NB: syntax is incorrect):
  wan router
  class map VoIP
  match protocol Voice
  class map mission-critical match-any
  match protocol citrix
  match protocol sql
  match protocol http
  class map real-time
  match dscp ef
  class map gold
  match dscp af31
  policy map classify
  class VoIP
  set dscp ef
  class mission-critical
  set dscp af31
  class class-default
  set dscp best-effort
  policy CBWFQ
  class real-time
  priority 50 percent
  class gold
  bandwidth remaining 80 percent
  interface ethernet
  service policy classify in
  interface serial
  service policy CBWFQ out

• Policy-map going into suspended mode over a GRE

  Hi
  I have a GRE tunnel over another GRE tunnel. When I apply a nested policy on the Child GRE the policy map does not attach, what is the cause. The sho policy-map int Tux/x showed that it is suspended I am not making a breakthrough here. The hard ware platform is ASR 1001
  Thanks
  Don

  Download RecBoot. You can kick it out of recovery mode with that. You may have an underlying issue though causing that. A restore may be in order.
  Check out the new remodeled MacOSG website! 24-hour Apple-related news & support.
   MacOSG: An Apple User Group  iTunes: MacOSG Podcast  Follow us on Twitter: MacOSG

• QPM Shaping and Nested Policies

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  I'm getting ready for a QPM deployment and I have come across some issues in testing.
  I have an Ethernet interface which I need to apply a shaper so I can limit the egress traffic sent to our WAN provider. Then do CB queuing under the shaper.
  It looks like I do this via nested polices, but the documentation isn't too clear on how I use the nested policy I create. I think the policies in the nested policies would be the children policies, but it's not really clear. Does anyone have any experience with this?
  Also when I attempt to create a shaper it will not allow me to enter a CIR above 154400Kbps and I need a shaper for 200000Kbps. Is there a setting somewhere to increase the limit?
  Thanks for any help,
  Joe

  Hi,
  Is this occurring on all devices? What kind of device is having the problem?
  Just on Cisco 3845 that has level 3 policies applied
  QPM limitation is 12 classes per interface so you could be running into a bug
  I have qpm 4.1.5 installed where this bug should be resolved?
  Show ver and screenshot in attachment.
  Thank you,
  Ivana

• USB Controller Bandwidth

  Using Windows 2000 with a logitech orbit webcam. Tried to initialize JMF and got an error when detecting the camera stating that the USB controller bandwidth was overutilized. There are no other USB devices taking up bandwidth. Basically it stated that there was bandwidth reserved for the system. Anyone run into this or know how to fix?
  Dell Latitude D600
  USB 2.0
  Windows 2000

  hey
  dont angry with me.i m making video conference and all logical parts is over(i mean i test it by using avi file)but in webcam i cannot connect the web cam.i used logitec webcam for
  test my programme .pls reply me how did u connect the web cam
  pls pls pls