Policing in QOS
If my class map is set as listed below -
Bandwidth is 8 Meg, however I am policing at 110 Kbps. So happens to the unused bandwidth? Will it be shared with default?
Class-map: af3_output (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp xx xx xx
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 266
Bandwidth 8000 (kbps)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
exponential weight: 8
mean queue depth: 0
police:
cir 100000 bps, bc 84500 bytes, be 169000 bytes
conformed 0 packets, 0 bytes; actions:
set-dscp-transmit af31
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af31
violated 0 packets, 0 bytes; actions:
set-dscp-transmit af32
conformed 0 bps, exceed 0 bps, violate 0 bps
Hi,
I have not seen such policy applied on any customer network but If this config is supported yes remaining bandwidth will be available for the class-default. And in this config traffic is not rate-limited to 100 kbps since exceed and violate actions are transmit and are being used to set dscp value to a different value.
So traffic on class af3_output may go till 8mbps or even till link bandwidth and if it is not being utilized completely remaining bandwidth will be available to class-default
You can also use below "Ask the expert" event for QoS to further queries related to QoS.
https://supportforums.cisco.com/discussion/12259571/ask-expert-quality-service-qos-cisco-ios-routers
Regards,
Akash
Similar Messages
-
Configuring rate-limit in switch 6500
Good morning gentlemen
Consider a 6509E (supervisor 720 3B) switch with many interface VLANs configured, one of each related to each customer. Each interface VLAN had configured a rate-limit input and output configured representing the maximum bandwidth permitted for the customer.
I could configured that way using the old IOS s72033-ipservicesk9_wan-mz.122-18.SXF7.
Last weekend I had to upgrade that IOS to s72033-ipservicesk9_wan-mz.122-33.SXJ7. All rate-limits in VLAN interfaces disappeared, probably not supported in this new version.
Now, what's you recommendation to perform the same in this IOS version?...I only found the policy-map/service-policy way.
Follow my questions:
1 - "mls qos" is globally disabled. Should I configure globally or by interface VLAN?... Expected any impact?
I believe that only need "police" for QOS. No need for any other kind of QOS.
2 - Should I enable "mls qos vlan-based" for each physical layer 2 port connected to that switch related to each interface vlan with police?
Expected only one physical port (or port-channel) for each customer (and each VLAN) connected to a switch.
Thank you and regards
ChristianInteresting that I have just upgraded the IOS to the last version 12 release.
I think that for the reason that we are facing high CPU usage for "IP Input" process, something related to mls/cef is not tunned.
Anyone has any idea regarding the configuration presented?
Regards
Christian -
2960 and configuring with a browser
I am thinking about buying a 2960. I am not good with command line can I do advanced configuring such as traffic policing and Qos with some type of Cisco admin software?
As a matter of fact, you can use Cisco Network Assistant (CNA) with the 2960. CNA is a free GUI-based tool that allows you to perform fairly advanced configuration including QoS.
Here's a link with more info on it:
http://www.cisco.com/en/US/products/ps5931/products_data_sheet0900aecd8034fbf1.html
Hope that helps - pls rate the post if it does.
Paresh -
UCSM 2.0(1s) Patch Availalbe on CCO
Greetings All,
A new patch has been released today on CCO. This patch addresses the following bugs:
CSCtt27260
•IOM backplane port 1 of a 5108 chassis will not be falsely reported as administratively down when a blade is present in slot-1 of the chassis.
CSCtt18526
•After upgrade to 2.0(1s), blades with UCS M81KR adapters will not show the error "initialize error 4" during FC boot.
CSCtt41541 - Upgrade to 2.0 is disruptive if customer has QoS policies.
•While upgrading to UCS 2.0 with QoS policies defined , QoS policies will not generate error messages and VIFs with QoS policies defined on them will remain up after upgrading the subordinate interconnect but before upgrading the primary interconnect.
Full release notes available here:
http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL_25363.html
For customers asking "which version of 2.0 should I upgrade to" - this would be it as of today. After the major release of 2.0, these minor patches only address bug fixes and do not introduce new major features. There is an upcoming Maintenance Release (MR1) will which include new functionality.
As always, if there are any issues please let us know.
Cheers,
RobertGrant,
You can verify that it's only cosmetic by doing the following:
1) SSH into your FI's
2) Issue the following commands:
connect nxos b
show interface brief
And look for interface 2511 (you could also use show interface brief | grep 2511 to show only that line but then you wouldn't have the headers)
You could also do a "show flogi database" on the upstream switch and look for that vfc's WWPN.
Here's the bug I think you were told you were hitting:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn89396 -
Good day.
Subject feature seems to be a usefull one, but with a couple of nasty restrictions. Correct me, if I'm wrong, but we can't:
- give a subscriber arbitrary number of IP adresses, only powers of 2, like 4, 8, 16, 32, etc;
- place two different address spaces in one session, like 4 + 16 addresses from different parts of address space. We'll have to give him a new block of 32 IPs, or create 2 different sessions with separate configuration(like policer or QoS).
This seems to be a lot of inconvenience to me.
Isn't there another way to place different IPs in one session? In example, giving a list of these IPs in a RADIUS attribute upon user authentication(I assume we have routed or L2-connected subscriber, with well-known MACs/IPs)?Hi Vladimir,
for IP subnet sessions, ISG will actually be configured in the same way of IP sessions, meaning that it will create an IP session when a packet with an unknown source address is received.
When the subscriber will be authorized, it may have a Framed-IP-Netmask attribute in the Radius profile.
If the attribute is present, ISG will convert the session to IP subnet session.
So the limitation is actually given by the Framed-IP-Netmask you configure in Radius.
The alternative would be to assign the whole interface (or subinterface) to a single session, matching whatever IP the users may have there.
Regards
Marco -
Bandwidth Management(Rate Limit) Using QoS Policies
Hello,
I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
Need input please,
Thanks,
DHello,
That's a question that you as the network admin of that organization could answer.
How much traffic for business purposes must travel via HTTP/HTTPS?
How much bandwith are you willing to provide to this 2 protocols?
Those are the kind of answers you need to answer before setting the number
Regards
Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
Julio -
Hi,
I'm trying to setup QoS policing to limit bandwith for some protocols. I'm using a 881 router.
I just want to police the traffic for the protocols and configured this:
class-map filetransfer
match protocol itunes
match protocol bittorrent
match protocol ftp
policy-map qos_filetransfer
class filetransfer
police 100000
conform-action transmit
exceed-action drop
int f4
service-policy input qos_filetransfer
service-policy output qos_filetransfer
But when I'm testing to download a file with ftp the traffic is not limited.
If I run: sh ip nbar protocol-discovery stats bit-rate top-n 10, I can see the ftp traffic:
FastEthernet4
Last clearing of "show ip nbar protocol-discovery" counters 00:05:03
Input Output
Protocol 5min Bit Rate (bps) 5min Bit Rate (bps)
ftp 3340000 104000
stun-nat 14000 97000
ipsec 1000 1000
icmp 0 1000
isakmp 0 0
dns 0 0
skype 0 0
unknown 0 1000
Total 3355000 204000
If i run: sh policy-map interface f4
FastEthernet4
Service-policy input: qos_filetransfer
Class-map: filetransfer (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol itunes
Match: protocol bittorrent
Match: protocol ftp
police:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: class-default (match-any)
96296 packets, 139493940 bytes
5 minute offered rate 3050000 bps, drop rate 0000 bps
Match: any
Service-policy output: qos_filetransfer
Class-map: filetransfer (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol itunes
Match: protocol bittorrent
Match: protocol ftp
police:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: class-default (match-any)
59355 packets, 7299832 bytes
5 minute offered rate 161000 bps, drop rate 0000 bps
Match: any
Seems that the Class-map class-default are matching the packets, but I have not configured any class-defaults.
Please advice what to do.
ThanksHi,
Tested but can't get it to work.
I have tested:
class-map filetransfer
match protocol itunes
match protocol bittorrent
match protocol ftp
match any
and:
class-map match-all filetransfer
match protocol itunes
match protocol bittorrent
match protocol ftp
match any
and:
class-map match-any filetransfer
match protocol itunes
match protocol bittorrent
match protocol ftp
match any
I still get full bandwith when downloading a file with ftp from internet --> a computer on vlan1
Any more idea?
router#sh policy-map interface f4
FastEthernet4
Service-policy input: qos_filetransfer
Class-map: filetransfer (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol itunes
Match: protocol bittorrent
Match: protocol ftp
Match: any
police:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: class-default (match-any)
260290 packets, 385289380 bytes
5 minute offered rate 6399000 bps, drop rate 0000 bps
Match: any
Service-policy output: qos_filetransfer
Class-map: filetransfer (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol itunes
Match: protocol bittorrent
Match: protocol ftp
Match: any
police:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps
Class-map: class-default (match-any)
163215 packets, 16962903 bytes
5 minute offered rate 283000 bps, drop rate 0000 bps
Match: any -
Tweaking QoS port parameters and policing
Hi,
Is there a mathematical method of configuring bandwidth weights and queue limits or is it more art than science? For example, using the 3550 series switches, when you perform auto-qos, it chooses the following parameters:
wrr-queue bandwidth 10 20 70 1
wrr-queue queue-limit 50 25 15 10
I need to know the reason for how this values were chosen, in order to understand how changing these values affect the overall queueing process. Is there some kind of best practice (recommended) values for setting them? I notice a pattern that bandwidth weights with the exception of the priority queue (qid 4) are larger; whereas the queue-limit values are lower for higher priority traffic, i.e. they get the smallest slice of the egress buffers.
Also the burst-byte value parameter in policing under policy map. How do you obtain an appropriate value for this? How does that relate to the access-rate?
In the auto-qos it gives the same 8000 byte value to the burst byte, see below:
policy-map AutoQoS-Police-SoftPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
Any help is greatly appreciated.
Many thanksTo allocate bandwidth between standard transmit queue 1 (low priority) and standard transmit queue 2 (high priority), use the wrr-queue bandwidth command is used. Use the no form of this command to return to the default settings.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_command_reference_chapter09186a00801026fa.html#wp1085797 -
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
JoshuaHi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew. -
Hi,
I am trying to do some policing on a 3650 and for some reason, the interface doesn't seem to want to apply my service policy. Here is my config:
class-map match-any ExchangeClass
match vlan 410
policy-map ExchangePolicy
class ExchangeClass
police cir percent 25 conform-action transmit exceed-action drop violate-action drop
I use the command service-policy input ExchangePolicy on the gi1/0/1 interface, I then do a sh run int gi1/0/1 and there is no input service policy shown in the config. Does anybody know why it hasn't applied the service policy? If I use an auto qos input service policy then it seems to apply it.The log will have a reason as to why is was not applied.
I have the same problem on a 3850 have asked this question:
https://supportforums.cisco.com/discussion/12467066/qos-routed-ports-3850
e.g.
Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!! -
Hello,
Here is the config for Catalyst 3560 found under the link below.
I would like to do same setting on Catalyst 3850.
http://itknowledgeexchange.techtarget.com/network-engineering-journey/how-to-configure-per-vlan-qos-in-cisco-3550-and-3560/
mls qos
interface fa0/2
mls qos vlan-based
class-map INT
match input-interface fa0/2
policy-map NESTED_POLICE
class INT
policy 12800 1600 exceed-action drop
class-map HTTP
match protocol http
policy-map PARENT_MARK
class HTTP
set dscp af11
service-policy NESTED_POLICE
interface vlan 10
service-policy input PARENT_MARK
But commands like "mls qos", "mls qos vlan-based" and "match input-interface " doesn't work on 3850.
There is no helpful Cisco manual for it.
Could anyone help me?
Thanks in advance,
TaroHello Paul,
Thank you for the attention.
Here is the information.
#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 20-Mar-13 17:10 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
SW01 uptime is 21 weeks, 6 days, 14 hours, 27 minutes
Uptime for this control processor is 21 weeks, 6 days, 14 hours, 30 minutes
System returned to ROM by reload at 22:27:58 JST Wed Jan 8 2014
System restarted at 22:27:52 JST Wed Jan 8 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1717V01B
24 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.
Base Ethernet MAC Address : 44:ad:d9:6d:4e:00
Motherboard Assembly Number : 73-12238-06
Motherboard Serial Number : FOC17163HB8
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24T
System Serial Number : FOC1717V01B
Switch Ports Model SW Version SW Image Mode
1 32 WS-C3850-24T 03.02.01.SE cat3k_caa-universalk9 INSTALL
2 32 WS-C3850-24T 03.02.01.SE cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime : 21 weeks, 6 days, 14 hours, 31 minutes
Base Ethernet MAC Address : 20:bb:c0:01:86:80
Motherboard Assembly Number : 73-12238-06
Motherboard Serial Number : FOC17163HCM
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24T
System Serial Number : FOC1717V01K
Configuration register is 0x102
SW01#sh sdm prefer
Showing SDM Template Info
This is the Advanced template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 8192
Overflow IGMP and Multicast groups: 512
Directly connected routes: 32768
Indirect routes: 8192
Security Access Control Entries: 3072
QoS Access Control Entries: 2816
Policy Based Routing ACEs: 1024
Netflow ACEs: 1024
Input Microflow policer ACEs: 256
Output Microflow policer ACEs: 256
Flow SPAN ACEs: 256
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created. -
Apply QoS policies to MPLS interfaces
Hello all,
We are deploying an MPLS transport network for our research project, and we are getting undefined errors about the QoS application over tunnel interfaces. The tunnel interfaces are those we configure between end points.
For example, if we apply a rate-limit to a tunnel interface, this is not applied, although the router anc CLI let configure the policy.
Does anybody know how to manage this kind of policies or shaping to MPLS?
Thanks for your help.Hello,
No, in fact, what we want to configure is output policies. For example, at the ingress LER of the MPLS cloud, we receive some traffic that we set it as an specific class of service, for example, "interactive traffic". Once the traffic is classified, we route it to the correct output tunnel interface, i.e., to the next LSR. It's at that interface where we want to set the policy, so.
When we set the policy, with the "service-policy output tunnel0", for example, the CLI doesn't return any message of error. In fact, it lets to configure it, and if we use the command "show policy-map interface tunnel0", CLI returns the configuration of the policy at that interface.
Thanks for your help. -
Cisco ASA QoS traffic policing - how to count conform burst
hi,
I have cisco ASA 8.4(5). I will do configuration for QoS traffic policing. Maximum output/input rate will be 850 Mbits/s.
I am not sure if I need to do configuration also for conform burst ? if yes, can I count suitable value for it ? I must admit that I dont understand difference between conform rate and conform burst.
access-list acl_qos_policing_admin extended permit ip any any
class-map class_qos_policing_admin
match access-list acl_qos_policing_admin
policy-map policy_qos_policing_admin
class class_qos_policing_admin
police output 850000000 xxxxxxx
police input 850000000 xxxxxxx
service-policy policy_qos_policing_admin interface
inside_ADMHi, I already have done configuration on production firewall. Bandwidth test worked very good for 200Mbps or 300 Mbps. But I got little strange results for bigger rate limits such 600Mbps or 850 Mbps. I could not see any dropped packets. I did test via http://www.speedtest.net. Maybe because
I need to set conform-burst? there is now only default value (If you set bigger conform-rate then you get bigger conform-burst with default value).
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Input police Interface inside_EDU:
cir 200000000 bps, bc 6250000 bytes
Interface inside_EDU:
Service-policy: policy_qos_policing_edu
Class-map: class_qos_policing_edu
Output police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Input police Interface inside_EDU:
cir 600000000 bps, bc 18750000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Input police Interface inside_ADM:
cir 300000000 bps, bc 9375000 bytes
Interface inside_ADM:
Service-policy: policy_qos_policing_admin
Class-map: class_qos_policing_admin
Output police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes
Input police Interface inside_ADM:
cir 850000000 bps, bc 26562500 bytes -
CoS or DSCP based QoS Policies
I have to configure QoS on a VSS with the following modules installed:
Switch Number: 1 Role: Virtual Switch Active
Mod Ports Card Type Model Serial No.
1 48 CEF720 48 port 1000mb SFP WS-X6848-SFP SAL16042610
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6848-GE-TX SAL16095Y48
4 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6848-GE-TX SAL16095Y3F
5 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1543TRQ9
9 8 DCEF2T 8 port 10GE WS-X6908-10G SAL1539QYTC
Mod MAC addresses Hw Fw Sw Status
1 c464.1341.7a50 to c464.1341.7a7f 1.0 12.2(18r)S1 15.0(1)SY4 Ok
3 0007.7df7.4618 to 0007.7df7.4647 1.0 12.2(18r)S1 15.0(1)SY4 Ok
4 442b.0311.4a58 to 442b.0311.4a87 1.0 12.2(18r)S1 15.0(1)SY4 Ok
5 7081.0583.88e8 to 7081.0583.88ef 1.1 12.2(50r)SYS 15.0(1)SY4 Ok
9 0007.7d90.a1a0 to 0007.7d90.a1a7 1.1 12.2(50r)SYL 15.0(1)SY4 Ok
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6K-DFC4-A SAL16085BLE 1.2 Ok
3 Distributed Forwarding Card WS-F6K-DFC4-A SAL16085BLL 1.2 Ok
4 Distributed Forwarding Card WS-F6K-DFC4-A SAL16095GH7 1.2 Ok
5 Policy Feature Card 4 VS-F6K-PFC4 SAL1544UAL2 1.1 Ok
5 CPU Daughterboard VS-F6K-MSFC5 SAL1544UB95 1.1 Ok
9 Distributed Forwarding Card WS-F6K-DFC4-E SAL1529K4QC 1.0 Ok
On Cat6500 with SUP 2T and PFC4 QoS is enabled by default.
DSCP is trusted and preserved by default, independent of port state.
CoS is preserved by default for Layer 2 packets by default, independent of port state.
Additional Info about the queuing on the modules installed:
SUP 2T 10G - with Gigabit Ethernet Ports enabled it works CoS-based, with this interfaces disabled it works DSCP-based.
WS-X6848-GE-TX an WS-X6848-SFB works CoS-based, does not support DSCP-based queuing.
WS-X6908-10G - supports DSCP-based queuing
The options now are:
1) All policies CoS-based although the WS-X6980-10G supports DSCP-based queuing.
2) Policies for SUP and WS-X6848 CoS-based and the policies for the WS-X6908 DSCP-based
3) Disable Gigabit Ethernet Interfaces on the SUP hence it supports DSCP-based queuing policies, also use DSCP-based policies for the WS-X6908 and use CoS-based queuing policies for the WS-X6848.
The recommendation in the core is to use DSCP-based QoS.
The question is what to do?
Option 1) Less complexity and simpler configuration if only CoS-based policies are used.
Option 2) Least configuration necessary, mixture of CoS and DSCP-based policies
Option 3) Gigabit Ethernet ports on SUP have to be disabled, uses then DSCP-based queuing on all supported modules and CoS-based policies on all other modules.You don't trust "to" a device, only from.
The advice I've gotten from switching guys is "If you're not sure - just trust DSCP".
If you try to trust cos on an access port where there is no VLAN header, there is no cos, and you can have problems.
If you have a trunk to another switch, you can trust cos and you shouldn't have any problems.
hth,
nick -
How do people manage QoS Policies in large network without using QPM
We are using QPM to manage QoS polices however we are looking at decommissioning CiscoWorks. How are people managing with their QoS settings in large environments?
I have no idea about the modem and bridge mode (I don't do networking -- hopefully Bob Timmons, Tesserax, or one of the other networking gurus will drop in and address that).
But . . . you should be able to back up to the TC as long as it's on your network and recognized by your Macs. I think being in bridge mode means it will be rather slow, but it should work. Until/unless we hear otherwise, you might want to see #Q1 in Using Time Machine with a Time Capsule.
Maybe you are looking for
-
How can I sort photos by file name in Photos?
New Photos seems to be very limiting, even compared to iPhoto. How can I sort photos by filename? Many photos that worked in iPhoto, can't be viewed in Photos.
-
Embedding fonts in existing PDF
Is there a way to embed the fonts in a PDF? We often receive PDFs from outside sources that we don't have access to the native file. If the font is not on my system, I occasionally replace with a similar font, but it isn't always feasible. Any help w
-
Automatic start workflow for ALL records
Hi Experts, Does anyone know a way to start workflow automatically for ALL records without human interference? I want to start workflows every day. For instance to recalculate, re-validate, re-assign or syndicate ALL records of a table. Kind regards,
-
Is there a way to batch process color corrected RAW files to tif files?
I got over 160 color corrected RAW files from my photographer when I thought I was getting TIf or PSD files. I need to put them into an indesign doc to send out for printing. Is there a way to convert all of these in one fell swoop without messing up
-
Hows it going every one? I have a WRT54G V8.0 wireless ro...
Hows it going every one? I have a WRT54G V8.0 wireless router, and I tried to update it's firmware earlier and I guess I failed miserably! The thing wont network, wont let me into thelinksys GUI toconfigure anything. But all the lights work... and it