asked on
QoS and ACLs
I am trying to see if we are doing QoS to best practices. We use Avaya phones, which tag the traffic themselves. On our Cisco switches, I have trust dscp on every switchport. Is this correct? ( I used the auto voip command as well)
The router is matching on dscp ef and dscp af, but I don't think we need to match on af according to Cisco. Can someone look at the code and let me know if we should be doing something different?
Thank you
ps: All our voice traffic is on 172.16.11.0 subnet. Thats why the ACL is matching on it
The router is matching on dscp ef and dscp af, but I don't think we need to match on af according to Cisco. Can someone look at the code and let me know if we should be doing something different?
Thank you
ps: All our voice traffic is on 172.16.11.0 subnet. Thats why the ACL is matching on it
class-map match-all CM4-Priority-Apps
description ***** Priority-Applications Class Map *****
match access-group 100
class-map match-all CM5-VoIP-RTP
description ******* Avaya VoIP RTP Class Map ********
match access-group 100
class-map match-any VOICE
match ip precedence 5
match ip dscp ef
class-map match-any VOICE_SIGNALING
match ip precedence 3
match ip dscp af31
class-map match-all CM3-VoIP-Control
description ******** VoIP Control Class Map *********
match access-group 100
!
!
policy-map VOIP_WAN
class VOICE
priority percent 40
class VOICE_SIGNALING
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map QoS-Policy
description ***** Ensured Marking *****
class CM5-VoIP-RTP
set ip dscp ef
access-list 100 permit ip 172.16.11.0 0.0.0.255 any
access switch
interface GigabitEthernet1/0/2
switchport trunk native vlan 10
switchport mode trunk
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
core switch (router connects to this guy)
interface GigabitEthernet4/24
description **** SL MPLS ROUTER ****
switchport mode access
switchport nonegotiate
service-policy output autoqos-voip-policy
speed 1000
duplex full
qos trust dscp
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree portfast
spanning-tree bpduguard enable
end
Voice Over IPNetwork ArchitectureNetworking Hardware-Other
Last Comment
Alex Bahar
Which service policy are you using on your router? VOIP_WAN and Qos-policy are not attached to the interface.
You can use an ACL to classify RTP traffic. However if Avaya is already marking it, then you do not need the ACL to re-identify RTP stream and re-mark it.
You can use an ACL to classify RTP traffic. However if Avaya is already marking it, then you do not need the ACL to re-identify RTP stream and re-mark it.
Can you let us know how Avaya is marking the Call Signalling and RTP traffic?
ASKER
The Avaya should be marking dscp ef from the phones, same for signalling.
The service policy is VOIP_WAN applied outbound on outside interface, of router
QoS-Policy applies inbound on LAN interface of router
The service policy is VOIP_WAN applied outbound on outside interface, of router
QoS-Policy applies inbound on LAN interface of router
ASKER
So let me verify if this is the correct way to do this:
On the router, (first code posted), we are marking traffic coming in the LAN and marking traffic exiting into the WAN, with dscp ef
on the switch ports, we are not tagging or remarking, we are simply trusting and queuing the traffic appropriately?
On the router, (first code posted), we are marking traffic coming in the LAN and marking traffic exiting into the WAN, with dscp ef
on the switch ports, we are not tagging or remarking, we are simply trusting and queuing the traffic appropriately?
If Avaya is already marking with EF, then there is no need for QoS-Policy which marks the Avaya traffic again as EF.
The settings applied to interface GigabitEthernet4/24 indicates that your actual physical WAN connection is a Gigabit link on your edge router to the ISP. You're allocating 33%, 330 Mbps priority traffic towards your WAN interface. You need to make sure that the priority traffic will not consume ALL of the bandwidth on your WAN link. If this happens, you will be cut off from the network, as network control traffic like BGP packets will be dropped when priority traffic takes over the whole WAN bandwidth.
ASKER
4/24 is actually a switchport on our 4507. It is connected to the ethernet interface of our router. Our router has a multilink (4 T1s) to SP
ASKER
The reason for qos-policy is for traffic coming from other locations. We want to ensure marking remains when going from router to lan. Is this not needed if phone at remote site marks?
>> The reason for qos-policy is for traffic coming from other locations. We want to ensure marking remains when going from router to lan. Is this not needed if phone at remote site marks?
No, you do not need that. The TOS/DSCP marking is carried over the WAN untouched (unless your WAN SP deliberately overwrites it to void your QoS). You should just trust the received DSCP/TOS value coming from the WAN to your router.
Can you post the output of "show policy-map interface <your WAN interface>" during busy hour? It will tell us if your voice traffic is matched and queued properly.
No, you do not need that. The TOS/DSCP marking is carried over the WAN untouched (unless your WAN SP deliberately overwrites it to void your QoS). You should just trust the received DSCP/TOS value coming from the WAN to your router.
Can you post the output of "show policy-map interface <your WAN interface>" during busy hour? It will tell us if your voice traffic is matched and queued properly.
ASKER
I have attached the requested output. Looks like lots of things beign matched on ip precedence 5. What is this and how does it relate to dscp ef
thanks
thanks
c3845-MPLS#sh policy-map int multilink1
Multilink1
Service-policy output: VOIP_WAN
Class-map: VOICE (match-any)
14826 packets, 1033595 bytes
5 minute offered rate 83000 bps, drop rate 0 bps
Match: ip precedence 5
14826 packets, 1033595 bytes
5 minute rate 83000 bps
Match: ip dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 40 (%)
Bandwidth 2304 (kbps) Burst 57600 (Bytes)
(pkts matched/bytes matched) 14531/1012187
(total drops/bytes drops) 0/0
Class-map: VOICE_SIGNALING (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3
0 packets, 0 bytes
5 minute rate 0 bps
Match: ip dscp af31 (26)
0 packets, 0 bytes
5 minute rate 0 bps
Queueing
Output Queue: Conversation 265
Bandwidth 5 (%)
Bandwidth 288 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
71405 packets, 76937191 bytes
5 minute offered rate 3598000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 35/19/0
exponential weight: 9
class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 71364/76911090 19/24738 0/0 20 40 1/10
1 0/0 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 22/1363 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
c3845-MPLS#
ASKER
and here is the config from that same router for the QoS. I was told we don't need af31 in there anymore, since avaya uses dscp ef for signaling and voice?
class-map match-all CM4-Priority-Apps
description ***** Priority-Applications Class Map *****
match access-group 100
class-map match-all CM5-VoIP-RTP
description ******* Avaya VoIP RTP Class Map ********
match access-group 100
class-map match-any VOICE
match ip precedence 5
match ip dscp ef
class-map match-any VOICE_SIGNALING
match ip precedence 3
match ip dscp af31
class-map match-all CM3-VoIP-Control
description ******** VoIP Control Class Map *********
match access-group 100
!
!
policy-map VOIP_WAN
class VOICE
priority percent 40
class VOICE_SIGNALING
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map QoS-Policy
description ***** Ensured Marking *****
class CM5-VoIP-RTP
set ip dscp ef
ASKER
So before I close this:
If the IP phones mark the traffic themselves, all I need to do is trust it in my switches and routers. I don't need to remark it going out to service provider?
The same is true for return traffic. As long as it is marked at the remote end, it should cross the SP, go through my CE router and into my LAN, as long as I am trusting dscp ef?
If the IP phones mark the traffic themselves, all I need to do is trust it in my switches and routers. I don't need to remark it going out to service provider?
The same is true for return traffic. As long as it is marked at the remote end, it should cross the SP, go through my CE router and into my LAN, as long as I am trusting dscp ef?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
However just to be safe, I recommend you to check your vendor's documents whether they are marking DSCP EF or TOS 5. Out there there might be some vendors still marking with TOS 5 (CS 5) instead of DSCP EF. In your config, you are matching both IP Prec 5 and DSCP EF, it is a good approach that covers all.
all the things related to QOs and COs has given..pls read the document