From: Mohamed T. Kondela (mtaib@sagia.gov.sa)
Date: Mon Feb 26 2007 - 16:44:31 ART
I think my question was too long and boring.. Is it..? well, the
problem is I don't know how to make it more 'readable'?
Hope someone can shed some light on this. It is interesting though..
Regards
Mohamed T. Kondela
Senior Network Engineer
IT Dept.
Fax: 4473037 x 303
mtaib@sagia.gov.sa
Saudi Arabian General Investment Authority
--------------------------------------------------------
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
--------------------------------------------------------
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mohamed T. Kondela
Sent: Sunday, February 25, 2007 9:50 PM
To: CCIE Group
Subject: Qos Police + LLQ
Dear Group,
I do have this little bit confused QOS Question (real case), my access
list reads as follows:
ip access-list extended VOICE
permit udp any any range 16384 32767
permit udp any any dscp ef
permit udp any any precedence critical
ip access-list extended BR1-VOICE
permit ip any 10.10.1.0 0.0.1.255
ip access-list extended BR2-VOICE
permit ip any 10.20.1.0 0.0.1.255
ip access-list extended VOICE-SIGNAL
permit tcp any eq 1719 any
permit tcp any any eq 1719
permit tcp any eq 1720 any
permit tcp any any eq 1720
permit tcp any range 2000 2002 any
permit tcp any any range 2000 2002
permit tcp any range 8001 8002 any
permit tcp any any range 8001 8002
permit tcp any range 2427 2428 any
permit tcp any any range 2427 2428
permit tcp any eq 5060 any
permit tcp any any eq 5060
permit udp any eq 5060 any
permit udp any any eq 5060
ip access-list extended HOST-PRIORITY
permit ip host 10.8.0.19 any
My out going interface is a serial interface (ppp) connected to
providers IP-VPN network. Remote sites are 512kb each and the local site
is 2mb (for whatever reason). SO there is an issue of over-burst from
local to remote sites. My goals are as follows (I will through the
config, please correct me if there is correction or enhancements
required):
Goal 1:
LLQ 112kb for Voice (RTP) towards both BR1 and BR2, so my class-map
reads as below:
class-map match-any VOICE-BR1
match access-group name VOICE
match access-group name BR1-VOICE
class-map match-any VOICE-BR2
match access-group name VOICE
match access-group name BR1-VOICE
Yes.. All IP phones are in 10.x.1.0 subnet in remote sites. (The
complete Policy-map is added in the last portion of this mail)
Goal 2 :
Minimum Guarantee 12kb for voice-Signaling. Here is the class map:
class-map match-all VOICE-SIGNAL
match access-group name VOICE-SIGNAL
Goal 3 :
Police the traffic 392kb to each Branch (so this means 392 x 2, since
there are two branches connected to the same link). Again inside this
each 392kb policing, I need to prioritize 256kb traffic from ACL
"HOST-PRIORITY" . Then after this 392 x 2 policing + prioritizing of
Intra-police traffic, the rest of remote sites aggregated speed will be
left for FIFO class-default.
End-0f-the day, out of 2 mb, I am trying to allocated 512 kb to each
remote site (1 mb total) . From each 512 allocation, I need to QOS as
mentioned above. i.e. LLQ for VOICE, Bandwidth Reservation for
VOICE-SIGNAL, Policing for rest of the traffic, but within the policing
I need priority for HOST-PRIORITY. Again all these need to be done on a
single ppp serial interface outbound.. Any work around, FRTS do has a
solution but unfortunately I am connecting to IP-VPN world.
My Goal 3 class-map as follows:
class-map match-all REST_4_POLICE
match any
Here is the actual Policy-map :
policy-map QOS-to-BRANCHES
class VOICE-BR1
priority 112
class VOICE-BR2
priority 112
class VOICE-SIGNAL
bandwidth 12
class REST_4_POLICE
police cir 784000
exceed-action drop
*********and I am stuck over here, I cannot do nested policy, since
nested policy allows only shaping to default-class, what can be other
work-around..?
Regards
Mohamed T. Kondela
Senior Network Engineer
IT Dept.
Fax: 4473037 x 303
mtaib@sagia.gov.sa
Saudi Arabian General Investment Authority
--------------------------------------------------------
This message contains confidential information and is intended only for
the individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and
delete this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the contents of this message, which arise as a
result of e-mail transmission. If verification is required please
request a hard-copy version.
--------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART