QoS PreClassify Command
Hi Guys,
I hope someone can help me here. Just revising some ONT stuff before exam and realised that i do not understand when the 'qos pre-classify' command is used when implementing QoS over VPNs.
Can someone clearly expalin when exactly you use the QoS Pre-Classisfy command and when not to use it.
Forever Greatful
Stephen
PS - i'm gonna post this over in 'Certifications' also for a bit more exposure.
If the before encapsulation packets have TOS settings that you want to "analyze" after the packets have been encapsulated with a VPN packet, then you can use pre-classify to copy the TOS values to the VPN packet's TOS. NB: The copied TOS can be overwritten, but that won't change the original packet's TOS.
E.g. you have VoIP packets marked with TOS values (perhaps a DSCP EF) so QoS can give them better treatment. If the original packet's TOS isn't copied to the VPN packet's TOS, QoS could no longer tell the difference between VoIP packets and FTP packets since they are now likely to be encrypted. (Pre-Classify is the command to cause the copy.)
Similar Messages
-
Show policy-map interface | Question about QOS show command output
I hope this is the correct place for this question. If not, please let me know.
When I issue the show policy-map interface command (in this case on a 3845) there is some output I don't understand. I have included some output below and formatted the lines I am confused about as "computer code" which show up as red on my screen. A list of the individual lines i'm confused about is below, followed by those liens in the context of the show policy-map command's output.
Any help with this will be greatly appreciated. Thanks in advance.
5 minute offered rate 46000 bps, drop rate 0 bps
5 minute rate 10000 bps
bandwidth remaining 50% (768 kbps)
show policy-map interface
--- previous output omitted ---
GigabitEthernet0/0
Service-policy input: QoS_IN
class-map: Silver (match-any)
164691299 packets, 23570752398 bytes
5 minute offered rate 46000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
4371992 packets, 2311242335 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
13334297 packets, 3051409140 bytes
5 minute rate 5000 bps
Match: access-group name EMAIL
97652823 packets, 10323856470 bytes
5 minute rate 10000 bps
Match: access-group name VOIP-CONTROL
20782858 packets, 1481676784 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
46895 packets, 14669179 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
28502414 packets, 6387897396 bytes
5 minute rate 4000 bps
QoS Set
dscp af31
Packets marked 164691269
show policy-map interface s0/0/0:0
Serial0/0/0:0
Service-policy output: QoS_OUT
--- previous output omitted ---
Class-map: Silver (match-any)
86590227 packets, 12051546524 bytes
5 minute offered rate 3000 bps, drop rate 0 bps
Match: access-group name MAINFRAME
7641084 packets, 2701232492 bytes
5 minute rate 0 bps
Match: access-group name KRONOS
6975052 packets, 1555404656 bytes
5 minute rate 0 bps
Match: access-group name EMAIL
58438150 packets, 5433636586 bytes
5 minute rate 3000 bps
Match: access-group name VOIP-CONTROL
355083 packets, 41252455 bytes
5 minute rate 0 bps
Match: access-group name LOGIXWEB
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name GRINDLOG
0 packets, 0 bytes
5 minute rate 0 bps
Match: access-group name CITRIX
19 packets, 4967 bytes
5 minute rate 0 bps
Match: access-group name CORP_WEB
13180836 packets, 2320015236 bytes
5 minute rate 0 bps
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/18156/0
(pkts output/bytes output) 86421413/12004278837
bandwidth remaining 50% (768 kbps)this is my configuration
DGMGRL> show configuration
Configuration
Name: matrix
Enabled: YES
Protection Mode: MaxPerformance
Databases:
stdby1 - Primary database
stdby2 - Physical standby database
stdby3 - Physical standby database
Fast-Start Failover: DISABLED
Current status for "matrix":
SUCCESS
--- this is my first successful switchover -----
DGMGRL> switchover to stdby2
Performing switchover NOW, please wait...
New primary database "stdby2" is opening...
Operation requires shutdown of instance "stdby1" on database "stdby1"
Shutting down instance "stdby1"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby1" on database "stdby1"
Starting instance "stdby1"...
ORACLE instance started.
Database mounted.
Switchover succeeded, new primary is "stdby2"
-------------------this is my second switchover -------------
DGMGRL> switchover to stdby1
Performing switchover NOW, please wait...
New primary database "stdby1" is opening...
Operation requires shutdown of instance "stdby2" on database "stdby2"
Shutting down instance "stdby2"...
ORA-01109: database not open
Database dismounted.
ORACLE instance shut down.
Operation requires startup of instance "stdby2" on database "stdby2"
Starting instance "stdby2"...
Unable to connect to database
ORA-12514: TNS:listener does not currently know of service requested in connect descriptor
Failed.
You are no longer connected to ORACLE
Please connect again.
Unable to start instance "stdby2"
You must start instance "stdby2" manually
Switchover succeeded, new primary is "stdby1"
DGMGRL>
Edited by: user6981287 on Jan 7, 2010 12:57 AM
Edited by: user6981287 on Jan 7, 2010 1:00 AM -
Qos pre-classify not classifying packets correctly.
This is a little 831 router (12.4.4T) with one private and one public interface connected to a 1000/256 ADSL circuit. There is a VPN to the Head Office with a GRE tunnel and EIGRP.
The Tunnels bandwidth is set to 1544 since there is a frame-relay backup and the service provider hasnt configured their parameters correctly, but this shouldnt affect the QoS.
Whats happening is that we can only see a very small amount of traffic being classified correctly and all other traffic seems to match the last (ip any any) access-list. The fact that the data is being classified seems to indicate that the qos pre-classify is working but we dont know why its not matching the correct data classes.
Any ideas would be greatly appreciated...
router#sh policy-map int eth1
Ethernet1
Service-policy output: soho01-vpn-256
Class-map: AC-CLASS-G1 (match-any)
14110 packets, 2414498 bytes
5 minute offered rate 9000 bps, drop rate 0 bps
Match: access-group name AC-G1
14110 packets, 2414498 bytes
5 minute rate 9000 bps
Queueing
Output Queue: Conversation 73
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 1/60
(depth/total drops/no-buffer drops) 0/0/0
Class-map: AC-CLASS-G2 (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AC-G2
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 74
Bandwidth 8 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: AC-CLASS-G3 (match-any)
12 packets, 968 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AC-G3
12 packets, 968 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 75
Bandwidth 32 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 9/558
(depth/total drops/no-buffer drops) 0/0/0
Class-map: AC-CLASS-G4 (match-any)
1621 packets, 266028 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name AC-G4
1621 packets, 266028 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 76
Bandwidth 64 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 19/1240
(depth/total drops/no-buffer drops) 0/0/0
Class-map: AC-CLASS-G5 (match-any)
9336 packets, 693246 bytes
5 minute offered rate 1000 bps, drop rate 0 bps
Match: access-group name AC-G5
9336 packets, 693246 bytes
5 minute rate 1000 bps
Queueing
Output Queue: Conversation 77
Bandwidth 16 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 8248/511990
(depth/total drops/no-buffer drops) 0/0/0
Class-map: AC-CLASS-G6 (match-any)
369616 packets, 79361172 bytes
5 minute offered rate 164000 bps, drop rate 0 bps
Match: access-group name AC-G6
369616 packets, 79361172 bytes
5 minute rate 164000 bps
Queueing
Output Queue: Conversation 78
Bandwidth 8 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 310/24424
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
4750 packets, 285000 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: anySomeone please correct me if I am wrong but if you add the 5 minute offered rate for all your classes you are classifying about 175K worth of traffic throughout your service policy. If I am reading correctly your circuit is 256 up 1M down.
From looking at your configuration it seems most of your traffic is matching the class named class AC-CLASS-G6. There is no access list defined for this class so essentially all traffic that hasn?t matched a previous class will match here. This explains why you?re not matching any traffic on the default class.
It is recommended to only assign queues for up to 75% of the available bandwidth. IOS determines what this 75% is based on the bandwidth statement. Right now you have queues defined for all but 2K of your available bandwidth which means traffic that doesn?t match any of your classes will be tail dropped during times of congestion. I assume you are intending to do this based on the max-reserved-bandwidth command and the missing access list.
When using qos-preclassify essentially what happens is the ToS bits are copied into the post gre or IPSEC IP header. In this case you are not matching based on DSCP marking you are matching on IP address so therefore when packets egress your E0 interface the post GRE or IPSEC IP header doesn?t have an address or type field that matches your class statements. If you were to mark traffic based on these classes with a DSCP marking (i.e. AF 31, 32, 33) at the inbound interface you could then copy these markings and provide the appropriate PHB on your egress interface E0.
HTH
RS -
Router Crashes after entering "show run" or similar commands
Hello,
Im having a problem with my Company router C3845-ADVSECURITYK9-M, software Version 15.1(4)M. After i issue "show run" it tends to crash in middle of output, router restarts itself to be precise....same thing happened when i tried "show stack" afterwards, it happened several times when trying to show running config, so im guessing it has some problem when trying to display large outputs...i have never heard of such thing though so im asking for advice,
These are some informations i gathered:
show version:....
System returned to ROM by error - a Software forced crash, PC 0x60AD4710 at 14:10:56 CET-SUM Wed Aug 13 2014
xxxx#sh env
SYS PS1 is present.
Fan status: Normal
Input Voltage status: Normal
DC Output Voltage status: Normal
Type: AC
Thermal status: Normal
SYS PS2 is absent.
AUX(-48V) PS1 is absent.
AUX(-48V) PS2 is absent.
Fan 1 OK
Fan 2 OK
Fan 3 OK
Fan Speed Setting: Normal
Alert settings:
Intake temperature warning: Enabled, Threshold: 55
Core temperature warning: Enabled, Threshold: 70 (CPU: 90)
Board Temperature: Normal
Internal-ambient temperature = 38, Normal
CPU temperature = 50, Normal
Intake temperature = 32, Normal
Backplane temperature = 29, Normal
Voltage 1(3300) is Normal, Current voltage = 3284 mV
Voltage 2(5150) is Normal, Current voltage = 5153 mV
Voltage 3(2500) is Normal, Current voltage = 2525 mV
Voltage 4(1200) is Normal, Current voltage = 1203 mV
xxxx#sh logg
Syslog logging: enabled (0 messages dropped, 120 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 62 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 178 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 181 message lines logged
Logging to 10.254.0.49 (udp port 514, audit disabled,
link up),
181 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Logging to 10.254.8.44 (udp port 514, audit disabled,
link up),
181 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Log Buffer (1000000 bytes):
*Aug 13 12:33:24.867: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Aug 13 12:33:24.871: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Aug 13 12:33:25.635: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to reset
*Aug 13 12:33:25.635: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to reset
*Aug 13 12:33:25.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Onboard VPN, changed state to up
*Aug 13 12:33:26.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Aug 13 12:33:26.635: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
*Aug 13 12:33:27.787: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Aug 13 12:33:27.787: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Aug 13 13:33:29.023: %SYS-6-CLOCKUPDATE: System clock has been updated from 12:33:29 UTC Wed Aug 13 2014 to 13:33:29 MET Wed Aug 13 2014, configured from console by console.
*Aug 13 14:33:29.023: %SYS-6-CLOCKUPDATE: System clock has been updated from 13:33:29 MET Wed Aug 13 2014 to 14:33:29 CET-SUM Wed Aug 13 2014, configured from console by console.
*Aug 13 14:33:30.471: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:0, changed state to down
*Aug 13 14:33:30.471: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:1, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:2, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:3, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:4, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:5, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:6, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:7, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:8, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:9, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:10, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:11, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:12, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:13, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:14, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:16, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:17, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:18, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:19, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:20, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:21, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:22, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:23, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:24, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:25, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:26, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:27, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:28, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:29, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:30, changed state to down
*Aug 13 14:33:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0:15, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:0, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:1, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:2, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:3, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:4, changed state to down
*Aug 13 14:33:30.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:5, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:6, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:7, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:8, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:9, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:10, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:11, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:12, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:13, changed state to down
*Aug 13 14:33:30.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:14, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:16, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:17, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:18, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:19, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:20, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:21, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:22, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:23, changed state to down
*Aug 13 14:33:30.507: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:24, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:25, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:26, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:27, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:28, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:29, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:30, changed state to down
*Aug 13 14:33:30.511: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1:15, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:0, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:1, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:2, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:3, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:4, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:5, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:6, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:7, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:8, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:9, changed state to down
*Aug 13 14:33:30.575: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:10, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:11, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:12, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:13, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:14, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:16, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:17, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:18, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:19, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:20, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:21, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:22, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:23, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:24, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:25, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:26, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:27, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:28, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:29, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:30, changed state to down
*Aug 13 14:33:30.579: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/1:15, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:0, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:1, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:2, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:3, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:4, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:5, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:6, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:7, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:8, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:9, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:10, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:11, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:12, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:13, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:14, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:16, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:17, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:18, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:19, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:20, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:21, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:22, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:23, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:24, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:25, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:26, changed state to down
*Aug 13 14:33:30.683: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:27, changed state to down
*Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:28, changed state to down
*Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:29, changed state to down
*Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:30, changed state to down
*Aug 13 14:33:30.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0:15, changed state to down
*Aug 13 14:33:30.731: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up
*Aug 13 14:33:31.535: %LINK-3-UPDOWN: Interface Serial0/1/0:1, changed state to down
*Aug 13 14:33:31.795: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to reset
*Aug 13 14:33:31.999: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to reset
*Aug 13 14:33:32.599: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0:1, changed state to down
*Aug 13 14:33:32.799: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*Aug 13 14:33:32.999: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
*Aug 13 14:33:34.811: %QOS_CLI_DEPRECATE-4-MAX_RESERVED_BW: max-reserved-bandwidth on interface has been deprecated. For further information, please consult Product Bulletin 580832, Legacy QoS CLI Commands Deprecation
*Aug 13 14:33:34.815: Interface Serial0/1/0:1 max_reserved_bandwidth config will not
take effect on the queueing features configured via service-policy
*Aug 13 14:33:35.795: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Aug 13 14:33:35.795: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Aug 13 14:33:36.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Aug 13 14:33:36.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
*Aug 13 14:33:36.811: %LINK-5-CHANGED: Interface Serial0/1/0:1, changed state to administratively down
*Aug 13 14:33:37.419: %LINK-5-CHANGED: Interface Dialer1, changed state to administratively down
*Aug 13 14:33:38.055: %SYS-5-CONFIG_I: Configured from memory by console
*Aug 13 14:33:38.491: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 3800 Software (C3845-ADVSECURITYK9-M), Version 15.1(4)M, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 24-Mar-11 17:29 by prod_rel_team
*Aug 13 14:33:38.495: %SNMP-5-COLDSTART: SNMP agent on host xxxx is undergoing a cold start
*Aug 13 14:33:38.519: %SSH-5-ENABLED: SSH 2.0 has been enabled
*Aug 13 14:33:38.699: %SYS-6-BOOTTIME: Time taken to reboot after reload = 158 seconds
*Aug 13 14:33:38.859: %CONTROLLER-5-UPDOWN: Controller E1 0/0/0, changed state to up
*Aug 13 14:33:38.867: %CONTROLLER-5-UPDOWN: Controller E1 0/0/1, changed state to up
*Aug 13 14:33:38.875: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Aug 13 14:33:38.875: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Aug 13 14:33:38.879: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Aug 13 14:33:38.879: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Aug 13 14:33:38.879: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Aug 13 14:33:38.896: %CONTROLLER-5-UPDOWN: Controller E1 1/0, changed state to up
*Aug 13 14:33:39.140: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.254.0.49 port 514 started - CLI initiated
*Aug 13 14:33:39.140: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10.254.8.44 port 514 started - CLI initiated
*Aug 13 14:33:40.860: %LINK-3-UPDOWN: Interface Serial0/0/0:15, changed state to up
*Aug 13 14:33:40.868: %LINK-3-UPDOWN: Interface Serial0/0/1:15, changed state to up
*Aug 13 14:33:40.884: %LINK-3-UPDOWN: Interface Serial1/0:15, changed state to up
*Aug 13 14:33:41.684: %CSM-5-PRI: add PRI at 0/0/1:15 (index 0)
*Aug 13 14:33:41.688: %CSM-5-PRI: add PRI at 0/0/0:15 (index 1)
*Aug 13 14:33:51.648: %CSM-5-PRI: add PRI at 1/0:15 (index 2)
*Aug 13 14:34:14.956: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 0 state Standby -> Active
*Aug 13 14:34:15.164: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 2 state Standby -> Active
*Aug 13 14:34:15.484: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 3 state Standby -> Active
*Aug 13 14:34:21.600: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.85.212 on GigabitEthernet0/1.86 from LOADING to FULL, Loading Done
*Aug 13 14:34:27.728: %HSRP-5-STATECHANGE: GigabitEthernet0/0.400 Grp 4 state Standby -> Active
*Aug 13 14:20:02.780: %SYS-5-PRIV_AUTH_FAIL: Authentication to privilege level 15 failed by xxxx on vty0 (xxxx)
*Aug 13 14:21:50.405: %SYS-5-CONFIG_I: Configured from console by av-vilenko on vty0 (xxxx)i made some changes, but nothing that would or could cause this. And besides according to my collegues its not a recent problem (before i joined the company), it goes back at least a year or more...but ofc. since router is working fine untill you try to show the config noone bothered to resolve the issue they just kept their hands off it -.-
-
Hello,
I am a little confused on the auto qos voip trust command. I am reading that it should be used on interior switchports like trunk ports connected to another switch. I guess my question is this: If the auto qos voip command tells the switchport to trust the incoming CoS values, then isnt it redundant to tell the port to "trust" the incoming CoS value when the auto qos voip command is already accomplishing this? Or does this have something to do with trusting DSCP values instead of CoS values? If so, why are we trusting DSCP values at the uplinks and not CoS values coming from the IP Phone? Im so confused. Thanks for any light you can shed on this topic.
Chris.Chris
Yes, the trust value used for "auto qos voip trust" depends on the operation of the port as you say.
And yes when you use the "cisco-phone" option it will trust the values but as you say only if it detects a Cisco IP phone and it does this by using CDP.
What is not entirely clear, at least to me, is exactly which markings the "cisco-phone" option trusts. There seems to be conflicting information but the configuration guide talk about DSCP markings so it may be those but i can't say for sure as i have limited experience in that area.
Jon -
Hello, if the command 'mls qos trust xxxxx' is not issued, and qos is turned on for the interface, does this mean the switch will erase all cos and dscp markings received, therefore preventing me from testing packets/frames against these cos/dscp values ?
So if I want to set up class maps, policy maps, and then service policies, it is essential that I:
1. turn on mls qos ?
2. enter a trust statement in order to preserve the cos or dscp values that I want to test against ?
3. now I can test against against cos or dscp values ?
Thanks for clarification.That is correct, when you would use for instance mls qos trust cos. You would need to define you cos<>dscp mappings on the switch and the switch will apply qos accordingly.
So really if you have an ingress switch port and you trust cos or dscp, you can still have egress policies on a port (on the same switch), using these cos or dscp values.
the mls qos trus command is just a way to make it easier to rely on existing cos/dscp values that a phone sends (based on your CUCM configuration,), without the need for you having to configure it explicitly on each access port.
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
Can someone please confirm, I'm configuring a Cisco 3750 running 12.2(25)SEE2 and I can not use the "mls qos trust cos" command on the port-channels, I can on the physical interfaces that make up the port-channel eg Gi 1/0/1, I've been looking round the Cisco web site and think that you only need to put the mls commands on the physical interface but would like a second opinion.
Hi
That's correct - you'll apply QoS (priority-queue, mls qos trust commands) on the physical port..
Then apply other things (like switchport mode trunk etc) on the port-channel... which then cascade down to the physical ports. All very confusing... it would be nicer to see some consistency with these configurations.
You do have it right as it is though.
Regards
Aaron
Please rate helpful posts... -
Hi
I am looking for adding QoS for GRE Tunnel and found this info
Where Do I Apply the Service Policy?
You can apply a service policy to either the tunnel interface or to the underlying physical interface. The decision of where to apply the policy depends on the QoS objectives. It also depends on which header you need to use for classification.
Apply the policy to a physical interface and enable qos-preclassify on a tunnel interface when you want to classify packets based on the pre-tunnel header.
In our environment, I am using service policy under serial interface, the source interface of Tunnel is F0/0, so from above info, which interface is "physical interface" for my case, serial or F0/0 ?
Thanks. LeoHello
You should determine which one is the physical interface by checking which interface (again, physical) will be used to router GRE packets towards the destination.
For instance, you state that your tunnel configuration is as follows:
interface Tunnel0
ip address 10.0.0.1 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 192.168.1.1
If the destination ip 192.168.1.1 is routed via your serial interface, then the physical interface that you will use to apply your Output service policy is SerialX/X.
Your setup seems correct. You only need to review if your policies are correctly configured for the pre-gre header or the GRE encapsulated packets (as stated in the documentation
Adolfo -
How to set up Qos for Microsoft Lyncs 2013 in cisco Switches and Router
Hi
as i am new to Qos part , please send the complete qos configuration command has to apply in my cisco 2960s switchs as well as 4506 chassis(L3 mode act as my router).
as i know from microsoft, DSCP 46 and 34 should give highest priory
please send the completed configuration for priorities this DSCP
thanks
SujishHi,there,
The rule setting should be same as in Exchange 2010,you can configure it via outlook or OWA if you have full access permission. I also believe it should be something related to Repliation,would you please check the event log to see if the
AD and Exchange replication has completed.
In some cases, replication can take longer depending on how many AD sites and Exchange servers in the environment:
http://support.microsoft.com/kb/148381
http://support.microsoft.com/kb/158989
Hope these useful!
Regards,
Sharon
Sharon Shen
TechNet Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. -
Hi Everyone,
I've got a C6504 Chassis with Sup2T with default qos configuration (auto qos default gobal command). When I use the "show platform qos ip" command I can see the following output:
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module, Sid - Switch Id, E - service instance)
(^ - class-copp keyword)
Int Sid Mod Dir Class-map DSCP Agg Trust Fl AgForward AgPoliced
Id Id
CPP 1 1 In ^mcast-v4- 0 1 No 0 0 0
CPP 1 1 In ^match-igm 48 2 No 0 0 0
All 1 1 - Default 0 0* No 0 11780258945376 0
All 1 4 - Default 0 0* No 0 28254137334635 0
1. ¿Why I can only see traffic with DSCP=0 if I know there are traffic with different DSCP markings passing through my C6504?
The interfaces are properly configured to trust cos markings and queue traffic
MLS#show queueing interface gi1/1/1
Interface GigabitEthernet1/1/1 queueing strategy: Weighted Round-Robin
Port QoS is enabled globally
Queueing on Gi1/1/1: Tx Enabled Rx Enabled
MLS#interface GigabitEthernet1/1/1
switchport
platform qos trust cos
2. Does the Sup2T with default qos configuration rewrite to 0 all DSCP markings by default?
Thank you in advance.What is the IOS version you are running & what is the line card in your chassis module 1 ?, the commands output seems different what I am seeing in one of my Sup2T.
CR01#sh ver | in Soft
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.1(2)SY, RELEASE SOFTWARE (fc4)
CR01#show platform qos ip
QoS is in queueing-only mode
CR01#show queueing interface g6/1
Interface GigabitEthernet6/1 queueing strategy: Weighted Round-Robin
Port QoS is enabled globally
Queueing on Gi6/1: Tx Enabled Rx Enabled
Trust boundary disabled
Trust state: trust DSCP
Trust state in queueing: trust COS
Extend trust state: not trusted [COS = 0]
Default COS is 0
Queueing Mode In Tx direction: mode-cos
Transmit queues [type = 1p3q4t]:
Queue Id Scheduling Num of thresholds
01 WRR 04
02 WRR 04
03 WRR 04
04 Priority 01
WRR bandwidth ratios: 100[queue 1] 150[queue 2] 200[queue 3]
queue-limit ratios: 50[queue 1] 20[queue 2] 15[queue 3] 15[Pri Queue]
queue tail-drop-thresholds
1 70[1] 100[2] 100[3] 100[4]
2 70[1] 100[2] 100[3] 100[4]
3 100[1] 100[2] 100[3] 100[4]
queue random-detect-min-thresholds
1 40[1] 70[2] 70[3] 70[4]
2 40[1] 70[2] 70[3] 70[4]
3 70[1] 70[2] 70[3] 70[4]
queue random-detect-max-thresholds
1 70[1] 100[2] 100[3] 100[4]
2 70[1] 100[2] 100[3] 100[4]
3 100[1] 100[2] 100[3] 100[4]
WRED disabled queues:
queue thresh cos-map
1 1 0
HTH
Rasika
**** Pls rate all useful responses **** -
ToS Preservation with egress remarking on inner packet
Hi, I am using DMVPN/IPSEC/VRFs. On the egress of the DMVPN/VRF tunnel interfaces, I have applied a Service Policy to remark traffic. Hence the remarking occurs on the inner packet header.
Assuming qos-preclassify is NOT enabled. Does anyone know how 12.4T IOS code should operate (options)
1. Copy the "remarked" TOS value to the outer headers as part of the TOS preservation feature
2. Copy the original (pre remarking) TOS value of the inner packet header as part of the TOS preservation feature
3. Egress inner packet header remarking disables TOS preservation feature.
4. Other ?
Problem Space : At remote sites, I can easily perform the QOS remarking on the router LAN ingress interface, rather than on the egress DMVPN tunnel interface. However at the head end, the DMVPN/IPSEC/VRF routers also happen to be MPLS PE devices. Hence remarking on Layer3/4 (IP/Ports) criteria on the ingress interface is not possible as we are dealing with MPLS labels. Hence why I am attempting to do this on the egress on the DMVPN tunnel/VRF interface.
thanks
GeorgeAfter testing. I can confirm that 2. appears to apply.
TOS preservation operation utilises the original inner header TOS values, rather than the remarked TOS value.
Hence even if the inner header is remarked (lets say from CS1 to AF11)on egress, the outer IPSEC header will still have the original TOS settings ie. CS1.
This aligns with the QoS Order of Operation.
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080160fc1.shtml
which states -
"On the outbound path, common classification happens before any QoS features are applied. A result of this approach is that any QoS features applied on the outbound policy act upon the original priority value. If you need to take actions based on a remarked value on the same router, then you must mark the packets on the incoming interface and apply other QoS actions based on this new priority on the outgoing interface"
Hopefully the "qos pre-classify" feature should provide the capability to remark both the inner header and outer IPSEC header...back to testing...???
cheers
George
CCIE2980 -
UCS-CUCM Swicthport configuration
Hi There,
I just wanted to ask for best practice port config on BE6K servers.
The BE6K(UCS) is only hosting CUCM server. The switch port is configured as ether-channels.
Below is the config that I am planning to apply. I am just wondering whether we should apply the qos trust command as well " mls qos trust dscp". No other servers will be running on this UCS.
Config:
interface Port-channel1
description ****** UCS1 ports ******
switchport access vlan 18
switchport mode access
speed 1000
duplex full
spanning-tree portfast
Interface gig 1/0/1
description ****** UCS1 port1 ******
switchport access vlan 18
switchport mode access
speed 1000
duplex full
spanning-tree portfast
Interface gig 1/0/2
description ****** UCS1 port2 ******
switchport access vlan 18
switchport mode access
speed 1000
duplex full
spanning-tree portfastHi David,
Yes add the mls qos trust dscp command to set these ports to trust the dscp markings coming from your CUCM server. Also set the trunk links to trust as well to propagate the dscp markings over the network.
-Terry -
Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
Hi All,
I get following log message on my spoke 881 router from time to time.
For instance today I got 80 messages like this.
Frequent %CRYPTO-4-PKT_REPLAY_ERR: log messages
This is dual hub DMVPN connectivity and both tunnels are stable during the day and EIGRP never dropped.
User behind this router also never complained. They run mainly voip traffic and I have QoS both on HUB and Spokes defined under tunnel as qos-preclassify and policy-map is applied on the physical interface.
I have also increased replay window size up to 1024, but it did not help.
Wondering what else can be done here.
IOS ver both on spokes and hub is 15.2.3(T3)Don't know where they came from, but you could turn on debugging ipsec and isakmp to see if there is a relation with other events like rekeying.
Michael
Please rate all helpful posts -
hi ! is there someone who know if it's possible to display the amount of bandwidth a qos class-mapp is using !
in a router you can see it with the sh policy-map interface commandNo. As you have already seen you can show what policy-map is attached to an interface but none of the statistics are displayed. The 'show mls qos interface' command will show what traffic is in and out of policy but that is about it.
I have asked this question a few times before and QoS statistics on most of the Catalyst switching platforms are very limited.
HTH
Andy -
Policy-map on tunnel or physical interface?
Hi all,
I have a 3800 headend router which has a number of ipsec tunnels to remote office sites. Our current QoS design applies a policy-map to each tunnel interface to prioritise and shape outbound traffic.
My question is how does the physical egress interface queue and transmit traffic from tunnel interfaces with this design? For example, if a mixture of large data packets and voice packets from different tunnel interfaces hit the physical interface around the same time what will happen to the voice packets?
Furthermore, would it be a better to apply the policy-map to the physical interface instead of the tunnel interfaces? What advantages if any would this bring?
Many thanks.If you're shaping each tunnel to the outbound physical bandwidth, yes it would be better to just have the policy, without any shaping, on the physical interface. Again, you'll will either need to depend on a copied ToS value in the outbound packet or use qos pre-classify. (A single physical policy would be much like your QUEUE_DATA if using qos pre-classify.)
e.g.
!assumes qos-preclassify
interface Ethernet0
service-policy output QUEUE_DATA
What I thought you might be doing, and you could also do, was shape each tunnel to the far side's ingress bandwidth. This would require a distinct policy, if the shaper values change, for every tunnel interface, or a policy on the physical interface that has a class per tunnel (matches against tunnel destination address).
e.g.
!assume local outbound interface not oversubscribed
policy-map NESTED_QOS_512K
class class-default
shape average 512000
service-policy QUEUE_DATA
policy-map NESTED_QOS_768K
class class-default
shape average 768000
service-policy QUEUE_DATA
policy-map NESTED_QOS_1500K
class class-default
shape average 1500000
service-policy QUEUE_DATA
interface Tunnel1
service-policy output NESTED_QOS_786K
interface Tunnel2
service-policy output NESTED_QOS_512K
interface Tunnel3
service-policy output NESTED_QOS_1500K
interface Tunnel4
service-policy output NESTED_QOS_512K
e.g.
!assume local outbound interface not oversubscribed
class-map match-all Tunnel1
match group (ACL that matches tunnel1 destination address)
class-map match-all Tunnel2
match group (ACL that matches tunnel2 destination address)
policy-map outbound_tunnels
class Tunnel1
shape average 768000
service-policy output QUEUE_DATA
class Tunnel2
shape average 512000
service-policy output QUEUE_DATA
Interface Ethernet 0
service-policy outbound outbound_tunnels
If all the far side bandwidths exceed your local outbound physical bandwidth, then you should have both tunnel policies, that shape each tunnel, and a physical interface policy.
e.g.
!assume local outbound interface is oversubscribed
policy-map NESTED_QOS_512K
class class-default
shape average 512000
service-policy QUEUE_DATA
policy-map NESTED_QOS_768K
class class-default
shape average 768000
service-policy QUEUE_DATA
policy-map NESTED_QOS_1500K
class class-default
shape average 1500000
service-policy QUEUE_DATA
interface Tunnel1
service-policy output NESTED_QOS_786K
interface Tunnel2
service-policy output NESTED_QOS_512K
interface Tunnel3
service-policy output NESTED_QOS_1500K
interface Tunnel4
service-policy output NESTED_QOS_512K
!assumes qos-preclassify
interface Ethernet0
service-policy output QUEUE_DATA
Maybe you are looking for
-
The furture for my ibook ?
Whats the future for my ibook ? i mean will it be excluded from future software/updates including Operating system updates ? I've owned my ibook awhile now and only used it lighly till recently. But strangely starting to use it a bit more often(basic
-
As I stated in a prior post, I reformatted my system and reinstalled Windows XP Pro. After everything was installed and in good working order I installed version 4.0 of the Vista Transformation Pack. I know that it's not the same as Vista Beta 2, but
-
Sloooooooooow Start Up Times.....any ideas?
I used to boot in 13 seconds, then online in 23 or so. Now it takes about 27 seconds to see the main screen, and about another minute (almost) before I can get online. I also looked in activity monitor, the only thing non intel is the Microsoft offic
-
Migrating Stickies content and Safari Reading List from Snow Leopard to Mavericks
I am about to upgrade from Snow Leopard to Mavericks but am concerned about maintaining the integrity of two collections of important material: the contents of hundreds of Stickies notes, and the collection of Reading List bookmarks in Safari. I want
-
Can't import custom class!
I have no idea why as3 is so stupid but it is and I have to deal with it. Basically, I creatd a Server.as file with the Server class but I can't import it into my .fla! Both are in the same folder and when I change properties to use AS2 it works! But