From: Joe Astorino (joe_astorino@comcast.net)
Date: Wed Jan 21 2009 - 19:21:07 ARST
Hello guys,
I am pretty new to QoS configurations, but am trying to prioritize some
things in my home network. I am a bit confused, as when I had "match
protocol secure-telnet" configured and was ssh'd into my router when shaping
was active I was not seeing any counters increase. However, when I added a
"match access-group ssh" into it which was just "permit tcp any any eq ssh"
as well as "permit tcp any eq ssh any" those counters did increase. Is
there any reason for this you guys can think of? Here is my configuration:
Note I pay comcast for 8Mb/384kb service. Any input on if my QoS is
actually correct would be appreciated as a side note :) I'll put some
explanations of what I *think* is going on at this point below
*/ So here are my 2 interfaces, fa0/1 is my cable modem, fa0/0.1 is my
inside LAN /*
Bono(config-cmap)#do sh run int fa0/1 | i
description|service-policy|bandwidth
description WAN
bandwidth 384
max-reserved-bandwidth 100
service-policy output parent
Bono(config-subif)#do sh run int fa0/0.1 | i
description|service-policy|bandwidth
description LAN subinterface
bandwidth 8000000
service-policy output lan
*/ I shape the output of the WAN interface to 384k because that is what I
pay for. I nest in the service-policy "priority-traffic" so that it does
cbwfq /* Note, if I do "show queueing int fa0/1" it shows no queueing but
if I do "show policy-map int fa0/1" it shows everything and counters
increment as expected. Not sure if this is an effect of the nesting.
Bono(config-subif)#do sh policy-map parent
Policy Map parent
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 384000 (bps) Max. Buffers Limit 1000 (Packets)
service-policy priority-traffic
*/ If my uplink is congested I want to give 50% of my bandwidth (192k) to my
"priority" traffic which includes www,https,telnet,ssh, email and some other
stuff you see in the class-map. I also wish to give my vonage 128k bandwidth
/*
Policy Map priority-traffic
Class priority-traffic
Bandwidth 50 (%) Max Threshold 64 (packets)
Class call-signalling
Bandwidth 10 (%) Max Threshold 64 (packets)
Class voice
Strict Priority
Bandwidth 128 (kbps) Burst 3200 (Bytes)
Class Map match-any priority-traffic (id 4)
Match protocol http
Match protocol secure-http
Match protocol telnet
Match protocol secure-telnet
Match protocol smtp
Match protocol pop3
Match protocol imap
Match protocol secure-pop3
Match protocol secure-imap
Match protocol secure-ftp
Match protocol ftp
Match access-group name rdp
Match access-group name ssh
Class Map match-any call-signalling (id 1)
Match access-group name sip
Bono(config-subif)#do sh class-map voice
Class Map match-any voice (id 2)
Match protocol rtp audio
*/ Here is where I am not quite sure on some things. The idea here is that
I want to shape traffic coming from the internet to 8Mb but not my internal
network stuff because it is a fastethernet interface. So by nesting
service-policy priority-lan inside of the lan policy-map that has shaping on
it, I am hoping to only shape/queue non 10.0.0.0/8 traffic. /*
Policy Map lan
Class outside
Traffic Shaping
Average Rate Traffic Shaping
CIR 8000000 (bps) Max. Buffers Limit 1000 (Packets)
service-policy priority-lan
Class class-default
Bono(config-subif)#do sh class outside
Class Map match-all outside (id 5)
Match access-group 55
Bono(config-subif)#do sh access-list 55
Standard IP access list 55
10 deny 10.0.0.0, wildcard bits 0.255.255.255 (3039 matches)
20 permit any (1922730 matches)
Policy Map priority-lan
Class priority-traffic
Strict Priority
Bandwidth 50 (%)
So I guess that is it. I am wondering if this is doing what I have
explained, and also about that secure shell thing and show queueing thing.
Any help much appreciated guys!
- Joe A
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0
mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
74k/eLaYWYqu7YI=
=8HMA
-----END PGP PUBLIC KEY BLOCK-----
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST