RE: LAN QoS

From: toonsh dosh (toonsh@hotmail.com)
Date: Tue Oct 10 2006 - 11:39:02 ART

Hi Bill,

Quick question. The Call processing server I am using for testing is
Asterisk. It utilizes SIP. The signaling is done using UDP src port 5060 dst
5060.

What I would like to do is police this traffic and ensure that it is marked
with CS3.

This is my config

policy-map VOICE
  class VOICE_PAY
    police 128000 8000 exceed-action policed-dscp-transmit
  class VOICE_SIG
    police 32000 8000 exceed-action policed-dscp-transmit
   set dscp cs3
!interface FastEthernet0/13
switchport access vlan 12
switchport mode access
switchport nonegotiate
switchport voice vlan 20
service-policy input VOICE
load-interval 30
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
auto qos voip trust
no mdix auto
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 12
switchport mode dynamic desirable
switchport voice vlan 20
service-policy input VOICE
load-interval 30
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
priority-queue out
auto qos voip trust
no mdix auto
spanning-tree portfast
!
access-list 150 permit udp any eq 5060 any
access-list 150 permit udp any any eq 5060
!
!
class-map match-all VOICE_PAY
  match access-group name VOICE_PAY
class-map match-all VOICE_SIG
  match access-group 150
!

When I display the policy maps on the two interfaces I am using for testing
Fast 0/13 and 14. All my counters are at 0.

CMELAB_Switch#sh policy-map interface fastEthernet 0/13
FastEthernet0/13

  Service-policy input: VOICE

    Class-map: VOICE_PAY (match-all)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE_PAY

    Class-map: VOICE_SIG (match-all)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: access-group 150

    Class-map: class-default (match-any)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
         rate 0 bps
CMELAB_Switch#sh policy-map interface fastEthernet 0/14
FastEthernet0/14

  Service-policy input: VOICE

    Class-map: VOICE_PAY (match-all)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: access-group name VOICE_PAY

    Class-map: VOICE_SIG (match-all)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: access-group 150

    Class-map: class-default (match-any)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
         rate 0 bps

I thought this might have been a code issue but have upgraded to 12.2.25.

Any ideas anybody ?

Thanks

>From: "Bill Wagner" <billccie2b@hotmail.com>
>To: billccie2b@hotmail.com, toonsh@hotmail.com, ccielab@groupstudy.com
>Subject: RE: LAN QoS
>Date: Mon, 09 Oct 2006 09:35:17 -0600
>
>
>
>Sorry I sent some old classification information that is incorrect. Here is
>what we use for classification. The rest of the config is correct.
>
>Ip access-list extended VVLAN-VOICE
>
> Permit udp 10.132.0.0 0.0.255.255 any range 2048 32767
>
>
>
>Ip access-list extended VVLAN-CALLSIG
>
> Permit tcp 10.132.0.0 0.0.255.255 any eq 1720
>
> Permit udp 10.132.0.0 0.0.255.255 any eq 1719
>
>
>
>Ip access-list extended VVLAN-ANY
>
> Permit ip 10.132.0.0 0.0.255.255 any
>
>
>
>
>
>
>
>
>From: "Bill Wagner" <billccie2b@hotmail.com>
>Reply-To: "Bill Wagner" <billccie2b@hotmail.com>
>To: toonsh@hotmail.com, ccielab@groupstudy.com
>Subject: RE: LAN QoS
>Date: Mon, 09 Oct 2006 08:34:05 -0600
>I believe that typically a phone will tag its traffic with "standard"
>markings. You have to decide if you will trust those markings though. One
>thing I have noticed with auto qos is that it does not turn on the
>priority queue automatically. At least not on the
>3560/3750. Another important note is that the priority queue on a
>2970/3560/3750 is queue 1 not queue 4 like most other switches. Campus
>QoS commands and configuration varies greatly among platforms so you may
>want to do some research specifically to your enviornment. A good book
>by
>Cisco Press is end to end qos design by Tim Szigeti. Chapter 12 will give
>you Campus QoS design and go through various configurations. It covers
>trust, conditional trust, basic and advanced models.
>
>Here is a config that we use on the 3570 (it will work for the 3560
>also). It does not trust the phone DSCP values and marks down out of
>profile traffic. It does a little more than just mark and prioritize
>voice traffic, but you can look over it and use what you like. The config
>has marking, policing, and queueing. This is good for worm protection
>also. To note the 10.132.0.0/16 range is our voice subnets. Only handsets
>go on this range.
>
>Switch port Configuration Marking & Policing
>
>Mls qos map cos-dscp 0 8 16 24 32 46 48 56
>
>#modifies mapping to map CoS 5 to DSCP EF
>
>Mls qos map policed-dscp 0 10 18 24 25 26 34 46 to
>8
>
>#excess DVLAN traffic marked DSCP 0, AF11, AF21, AF31, AF41, CS3, DSCP
>25, EF will be remarked to Scavenger (CS1)
>
>Ip access-list extended VVLAN-VOICE
>
>Permit udp 10.132.0.0 0.0.255.255 any range 2048 32767
>
>Ip access-list extended VVLAN-CALLSIG
>
>Permit tcp 10.132.0.0 0.0.255.255 any eq 1720
>
>Permit tcp 10.132.0.0 0.0.255.255 any eq 1719
>
>permit tcp 10.132.0.0 0.0.255.255 any range 2000 2002
>
>permit tcp 10.132.0.0 0.0.255.255 any range 11000 11999
>
>permit udp 10.132.0.0 0.0.255.255 any eq 2427
>
>!
>
>Ip access-list extended VVLAN-ANY
>
>Permit ip 10.132.0.0 0.0.255.255 any
>
>Class-map match-all VVLAN-VOICE
>
>Match access-group name VVLAN-VOICE
>
>!
>
>Class-map match-all VVLAN-CALLSIG
>
>Match access-group name VVLAN-CALLSIG
>
>!
>
>Class-map match-all VVLAN-ANY
>
>Match
>access-group name VVLAN-ANY
>
>!
>
>Policy-map ACCESS_VOICE_DATA
>
>Class VVLAN-VOICE
>
>Set ip dscp 46
>
>Police 128000 8000 exceed-action policed-dscp-transmit
>
>Class VVLAN-CALLSIG
>
>Set ip dscp af31
>
>Police 32000 8000 exceed-action policed-dscp-transmit
>
>Class VVLAN-ANY
>
>Set ip dscp 0
>
>Police 32000 8000 exceed-action policed-dscp-transmit
>
>Class class-default
>
>Set ip dscp 0
>
>Police 5000000 8000 exceed-action policed-dscp-transmit
>
>Int range <interface>
>
>Service-policy input ACCESS_VOICE_DATA
>
>Switch port Configuration Queuing & Dropping 3750 (1p3q2t)
>
>Mls qos srr-queue output cos-map queue 1 threshold 3 5
>
>#maps CoS to queue 1 threshold 3 (voice gets all of queue 1)
>
>Mls qos srr-queue output cos-map queue 2 threshold 1 2 4
>
>#Maps CoS 2 and CoS 4 to queue 2
>threshold 1
>
>Mls qos srr-queue output cos-map queue 2 threshold 2 3
>
>#Maps CoS 3 to queue 2 threshold 2
>
>Mls qos srr-queue output cos-map queue 2 threshold 3 6 7
>
>#Maps CoS 6 and 7 to queue 2 threshold 3
>
>Mls qos srr-queue output cos-map queue 3 threshold 3 0
>
>#Maps cos 0 to queue 3 threshold 3 (Best effort gets all of Q3)
>
>Mls qos srr-queue output cos-map queue 4 threshold 3 1
>
>#Maps cos 1 to queue 4 threshold 3 (Scavenger gets all of queue 4)
>
>Mls qos srr-queue output dscp-map queue 1 threshold 3 46
>
>#Maps DSCP EF (Voice) to queue 1 threshold 3
>
>Mls qos srr-queue output dscp-map queue 2 threshold 1 16
>
>#Maps DSCP CS2 (Network Management) to queue 2 threshold 1
>
>Mls qos srr-queue output dscp-map queue 2 threshold 1 18 20 22
>
>#Maps DSCP AF21, 22, 23 (Transactional Data) to queue 2 threshold 1
>
>Mls
>qos srr-queue output dscp-map queue 2 threshold 1 25
>
>#Maps DSCP 25 (Mission critical data) to queue 2 threshold 1
>
>Mls qos srr-queue output dscp-map queue 2 threshold 1 32
>
>#Maps DSCP CS4 (Streaming Video) to queue 2 threshold 1
>
>Mls qos srr-queue output dscp-map queue 2 threshold 1 34 36 38
>
>#Maps DSCP AF41, 42, 43 (Interactive Video) to queue 2 threshold 2
>
>Mls qos srr-queue output dscp-map queue 2 threshold 2 24 26
>
>#Maps DSCP CS3 AND DSCP AF31 (Call Signaling) to queue 2 threshold 2
>
>Mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
>
>#Maps DSCP CS6 AND CS7 (Network/internetwork) to queue 2 threshold 3
>
>Mls qos srr-queue output dscp-map queue 3 threshold 3 0
>
>#Maps DSCP 0 (Best Effort) to queue 3 threshold 3
>
>Mls qos srr-queue output dscp-map queue 4 threshold 1 8
>
>#Maps DSCP CS1 (Scavenger) to
>queue 4 threshold 1
>
>Mls qos srr-queue output dscp-map queue 4 threshold 3 10 12 14
>
>#Maps DSCP AF11, 12, 13 (Bulk Data) to queue 4 threshold 3
>
>mls qos queue-set output 1 threshold 1 60 90 100 200
>
>#Sets Q1 threshold 1 to 60% and threshold 2 to 90%
>
>Mls qos queue-set output 1 threshold 2 70 80 100 400
>
>#Sets Q2 threshold 1 to 70% and Q2 threshold 2 to 80%
>
>mls qos queue-set output 1 threshold 3 80 95 100 250
>
># Sets Q3 threshold 1 to 80% and threshold 2 to 95%
>
>Mls qos queue-set output 1 threshold 4 40 100 100 200
>
>#Sets Q4 Threshold 1 to 40% and Q4 threshold 2 to 100%
>
>Int range <interface>
>
>Queue-set 1
>
>#assigns interface to queue-set 1 (default)
>
>Srr-queue bandwidth share 1 70 25 5
>
>#Q2 gets 70% of remaining BW; Q3 gets 25% and Q4 gets 5%
>
>Srr-queue bandwidth shape 30 0 0
>0
>
>#Q1 is limited to 30% of total available BW
>
>Priority-queue out
>
>#Q1 is enabled as PQ
>
>Trunk Configuration Access to Distribution
>
>Srr-queue bandwidth share 1 70 25 5
>
>Srr-queue bandwidth shape 30 0 0 0
>
>Priority-queue out
>
>Mls qos trust dscp
>
><repeat for each uplink>
>
>Hopefully that helps. Also if any QoS gurus look at this config and have
>any suggestions please respond. I am always open to peoples ideas.
>
> --------------------------------------------------------------------
>
> From: "toonsh dosh" <toonsh@hotmail.com>
> Reply-To: "toonsh dosh" <toonsh@hotmail.com>
> To: ccielab@groupstudy.com
> Subject: LAN QoS
> Date: Mon, 09 Oct 2006 13:05:15
>+0000
> Hi,
>
> Was wondering if anyone could assist. I am wanting to attach
> non-Cisco handsets to a Cisco lan consisting of 3560 access layer
> switches.
>
> I would like to some input as to what Qos template I could use to
> configure the access switches.
> I was thinking of using autoqos. auto qos voip cisco-phone. The
> trouble I think with this is the switch uses CDP to discover the
> handset to apply the required marking and queuing mechanisms. If the
> switch does not discover a phone it classifies all traffic as
> best-effort.
>
> What would be the best LAN qos solution for non Cisco devices ?
>
> Is it possible to do the classification using MQC per port. so
> creating acl's
>for signalling and RTP and manually marking the
> traffic ?
>
> Any suggestions would be appreciated
>
> Thanks
>
> _________________________________________________________________
> Get the ultimate real-time chat experience - Windows Live Messenger!
> http://messenger.live.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>------------------------------------------------------------------------
>
>Add fun gadgets and colorful themes to express yourself on Windows Live
>Spaces
>
>_______________________________________________________________________
>Subscription information may be found
>at:
>http://www.groupstudy.com/list/CCIELab.html
>
> Find a local pizza place, music store, museum and morethen map the best
>route!
>

This archive was generated by hypermail 2.1.4 : Wed Nov 01 2006 - 07:29:04 ART