Solved

QoS and ACLs

Posted on 2010-11-15
15
734 Views
Last Modified: 2012-06-21
I am trying to see if we are doing QoS to best practices. We use Avaya phones, which tag the traffic themselves. On our Cisco switches, I have trust dscp on every switchport. Is this correct? ( I used the auto voip command as well)

The router is matching on dscp ef and dscp af, but I don't think we need to match on af according to Cisco. Can someone look at the code and let me know if we should be doing something different?

Thank you

ps: All our voice traffic is on 172.16.11.0 subnet. Thats why the ACL is matching on it


class-map match-all CM4-Priority-Apps

 description ***** Priority-Applications Class Map *****

 match access-group 100

class-map match-all CM5-VoIP-RTP

 description *******  Avaya VoIP RTP Class Map  ********

 match access-group 100

class-map match-any VOICE

 match ip precedence 5

 match ip dscp ef

class-map match-any VOICE_SIGNALING

 match ip precedence 3

 match ip dscp af31

class-map match-all CM3-VoIP-Control

 description ********  VoIP Control Class Map  *********

 match access-group 100

!

!

policy-map VOIP_WAN

 class VOICE

  priority percent 40

 class VOICE_SIGNALING

  bandwidth percent 5

 class class-default

  fair-queue

  random-detect

policy-map QoS-Policy

 description ***** Ensured Marking *****

 class CM5-VoIP-RTP

  set ip dscp ef





access-list 100 permit ip 172.16.11.0 0.0.0.255 any

Open in new window

access switch


interface GigabitEthernet1/0/2
 switchport trunk native vlan 10
 switchport mode trunk
 srr-queue bandwidth share 10 10 60 20
 queue-set 2
 priority-queue out
 mls qos trust dscp
 auto qos voip trust

Open in new window

core switch (router connects to this guy)


interface GigabitEthernet4/24
 description **** SL MPLS ROUTER ****
 switchport mode access
 switchport nonegotiate
 service-policy output autoqos-voip-policy
 speed 1000
 duplex full
 qos trust dscp
 auto qos voip trust
 tx-queue 3
   bandwidth percent 33
   priority high
   shape percent 33
 spanning-tree portfast
 spanning-tree bpduguard enable
end

Open in new window

0
Comment
Question by:orus
  • 7
  • 7
15 Comments
 
LVL 11

Expert Comment

by:diprajbasu
Comment Utility
http://www.cisco.com/application/pdf/paws/46523/2950qosfaq.pdf

all the things related to QOs and COs has given..pls read the document
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
Which service policy are you using on your router? VOIP_WAN and Qos-policy are not attached to the interface.

You can use an ACL to classify RTP traffic. However if Avaya is already marking it, then you do not need the ACL to re-identify RTP stream and re-mark it.
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
Can you let us know how Avaya is marking the Call Signalling and RTP traffic?
0
 

Author Comment

by:orus
Comment Utility
The Avaya should be marking dscp ef from the phones, same for signalling.

The service policy is VOIP_WAN applied outbound on outside interface, of router
QoS-Policy applies inbound on LAN interface of router
0
 

Author Comment

by:orus
Comment Utility
So let me verify if this is the correct way to do this:

On the router, (first code posted), we are marking traffic coming in the LAN and marking traffic exiting into the WAN, with dscp ef

on the switch ports, we are not tagging or remarking, we are simply trusting and queuing the traffic appropriately?
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
If Avaya is already marking with EF, then there is no need for QoS-Policy which marks the Avaya traffic again as EF.
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
The settings applied to interface GigabitEthernet4/24 indicates that your actual physical WAN connection is a Gigabit link on your edge router to the ISP. You're allocating 33%, 330 Mbps priority traffic towards your WAN interface. You need to make sure that the priority traffic will not consume ALL of the bandwidth on your WAN link. If this happens, you will be cut off from the network, as network control traffic like BGP packets will be dropped when priority traffic takes over the whole WAN bandwidth.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:orus
Comment Utility
4/24 is actually a switchport on our 4507. It is connected to the ethernet interface of our router. Our router has a multilink (4 T1s) to SP
0
 

Author Comment

by:orus
Comment Utility
The reason for qos-policy is for traffic coming from other locations. We want to ensure marking remains when going from router to lan.  Is this not needed if phone at remote site marks?
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
>> The reason for qos-policy is for traffic coming from other locations. We want to ensure marking remains when going from router to lan.  Is this not needed if phone at remote site marks?

No, you do not need that. The TOS/DSCP marking is carried over the WAN untouched (unless your WAN SP deliberately overwrites it to void your QoS). You should just trust the received DSCP/TOS value coming from the WAN to your router.


Can you post the output of "show policy-map interface <your WAN interface>" during busy hour? It will tell us if your voice traffic is matched and queued properly.
0
 

Author Comment

by:orus
Comment Utility
I have attached the requested output. Looks like lots of things beign matched on ip precedence 5. What is this and how does it relate to dscp ef

thanks
c3845-MPLS#sh policy-map int multilink1

 Multilink1



  Service-policy output: VOIP_WAN



    Class-map: VOICE (match-any)

      14826 packets, 1033595 bytes

      5 minute offered rate 83000 bps, drop rate 0 bps

      Match: ip precedence 5

        14826 packets, 1033595 bytes

        5 minute rate 83000 bps

      Match: ip dscp ef (46)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Strict Priority

        Output Queue: Conversation 264

        Bandwidth 40 (%)

        Bandwidth 2304 (kbps) Burst 57600 (Bytes)

        (pkts matched/bytes matched) 14531/1012187

        (total drops/bytes drops) 0/0



    Class-map: VOICE_SIGNALING (match-any)

      0 packets, 0 bytes

      5 minute offered rate 0 bps, drop rate 0 bps

      Match: ip precedence 3

        0 packets, 0 bytes

        5 minute rate 0 bps

      Match: ip dscp af31 (26)

        0 packets, 0 bytes

        5 minute rate 0 bps

      Queueing

        Output Queue: Conversation 265

        Bandwidth 5 (%)

        Bandwidth 288 (kbps)Max Threshold 64 (packets)

        (pkts matched/bytes matched) 0/0

        (depth/total drops/no-buffer drops) 0/0/0



    Class-map: class-default (match-any)

      71405 packets, 76937191 bytes

      5 minute offered rate 3598000 bps, drop rate 0 bps

      Match: any

      Queueing

        Flow Based Fair Queueing

        Maximum Number of Hashed Queues 256

        (total queued/total drops/no-buffer drops) 35/19/0

         exponential weight: 9



  class    Transmitted      Random drop      Tail drop    Minimum Maximum  Mark

           pkts/bytes       pkts/bytes       pkts/bytes    thresh  thresh  prob

      0   71364/76911090       19/24738          0/0           20      40  1/10

      1       0/0               0/0              0/0           22      40  1/10

      2       0/0               0/0              0/0           24      40  1/10

      3       0/0               0/0              0/0           26      40  1/10

      4       0/0               0/0              0/0           28      40  1/10

      5       0/0               0/0              0/0           30      40  1/10

      6      22/1363            0/0              0/0           32      40  1/10

      7       0/0               0/0              0/0           34      40  1/10

   rsvp       0/0               0/0              0/0           36      40  1/10



c3845-MPLS#

Open in new window

0
 

Author Comment

by:orus
Comment Utility
and here is the config from that same router for the QoS. I was told we don't need af31 in there anymore, since avaya uses dscp ef for signaling and voice?
class-map match-all CM4-Priority-Apps

 description ***** Priority-Applications Class Map *****

 match access-group 100

class-map match-all CM5-VoIP-RTP

 description *******  Avaya VoIP RTP Class Map  ********

 match access-group 100

class-map match-any VOICE

 match ip precedence 5

 match ip dscp ef

class-map match-any VOICE_SIGNALING

 match ip precedence 3

 match ip dscp af31

class-map match-all CM3-VoIP-Control

 description ********  VoIP Control Class Map  *********

 match access-group 100

!

!

policy-map VOIP_WAN

 class VOICE

  priority percent 40

 class VOICE_SIGNALING

  bandwidth percent 5

 class class-default

  fair-queue

  random-detect

policy-map QoS-Policy

 description ***** Ensured Marking *****

 class CM5-VoIP-RTP

  set ip dscp ef

Open in new window

0
 

Author Comment

by:orus
Comment Utility
So before I close this:

If the IP phones mark the traffic themselves, all I need to do is trust it in my switches and routers. I don't need to remark it going out to service provider?

The same is true for return traffic. As long as it is marked at the remote end, it should cross the SP, go through my CE router and into my LAN, as long as I am trusting dscp ef?
0
 
LVL 9

Accepted Solution

by:
Alex Bahar earned 500 total points
Comment Utility
That is correct. Currently all (well known) voip and video endpoints are capable of marking their RTP streams in the IP header (DSCP).
0
 
LVL 9

Expert Comment

by:Alex Bahar
Comment Utility
However just to be safe, I recommend you to check your vendor's documents whether they are marking DSCP EF or TOS 5. Out there there might be some vendors still marking with TOS 5 (CS 5) instead of DSCP EF. In your config, you are matching both IP Prec 5 and DSCP EF, it is a good approach that covers all.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now