RE: QOS service policy problem

If you are marking on the router at ingress and the egress is a tunnel, you
need 'qos pre-classify' on the tunnel interface.

'qos pre-classify' isn't needed if the packets are marked from the source
and you are just matching | trusting the packet at the router.

http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a0080
17405e.shtml

Edison Ortiz

Routing and Switching, CCIE # 17943

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Andy
Reid
Sent: Wednesday, August 26, 2009 11:02 AM
To: <ccielab_at_groupstudy.com>
Subject: QOS service policy problem

Hi all,

I need a set of fresh eyes on a QOS problem, as I am out of ideas.

In summary, the problem relates to packets classified based on their RTP

port range and setting dscp to ef as they enter vlan 10. The

service-policy shows the packets marked, which increments when an IP

call connects. This looks good, except they are not incrementing as they

exit tunnel 1 - the VOICE-OUT class-map has zero packets.

In contrast, I am also classifying voice signaling packets (based on tcp

ports) again as they enter vlan 10. These packets are incrementing the

VOICE-SIGNAL-IN class-map and the VOICE-SIGNAL-OUT class-map with the

same number of packets.

Any idea what the difference is? and what other show commands/debugs I

can run - for VOICE I am setting dscp EF and for VOICE-SIGNAL I am

setting dscp cs3.

Here is the configuration (note that the tunnel interface is attached to

a dialer interface, which in turn, is attached to an ATM sub interface -

hence the requirement for a parent policy-map):

class-map match-all VOICE-SIGNAL-OUT

 match ip dscp cs3

exit

!

class-map match-all VOICE-OUT

 match ip dscp ef

exit

!

class-map match-all VOICE-SIGNAL-IN

 match access-group name VOICE-SIGNAL

exit

!

class-map match-all VOICE-IN

 match ip rtp 16384 16383

exit

!

policy-map CLASSIFIED

 description Egress Congestion Management

 class VOICE-OUT

    priority percent 10

   police rate percent 10

     conform-action transmit

     exceed-action drop

     violate-action drop

   exit

 exit

 class VOICE-SIGNAL-OUT

    bandwidth percent 10

    queue-limit 30 packets

 exit

 class class-default

     random-detect dscp-based

 exit

exit

policy-map TO-BE-CLASSIFIED

 class VOICE-IN

  set ip dscp ef

 exit

 class VOICE-SIGNAL-IN

  set ip dscp cs3

 exit

 class class-default

  set ip dscp default

 exit

exit

policy-map PARENT-CLASSIFIED

 class class-default

    shape average 512000

  service-policy CLASSIFIED

 exit

exit

interface tunnel 1

 service-policy output PARENT-CLASSIFIED

exit

interface Vlan10

 service-policy input TO-BE-CLASSIFIED

exit

ip access-list extended VOICE-SIGNAL

 permit tcp any any range 2000 2002

 permit tcp any any eq 1720

 permit tcp any any range 11000 11999

exit

------------------------------------------------------------

lab#show policy-map interface vlan 10

 Vlan10

  Service-policy input: TO-BE-CLASSIFIED

    Class-map: VOICE-IN (match-all)

      20 packets, 2409 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: ip rtp 16384 16383

      QoS Set

        dscp ef

          Packets marked 20

    Class-map: VOICE-SIGNAL-IN (match-all)

      92 packets, 5940 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: access-group name VOICE-SIGNAL

      QoS Set

        dscp cs3

          Packets marked 92

    Class-map: class-default (match-any)

      101737 packets, 87813140 bytes

      30 second offered rate 927000 bps, drop rate 0 bps

      Match: any

      QoS Set

        dscp default

          Packets marked 101737

------------------------------------------------------------

lab#show policy-map interface tunnel1

 Tunnel1

  Service-policy output: PARENT-CLASSIFIED

    Class-map: class-default (match-any)

      302 packets, 22170 bytes

      30 second offered rate 0 bps, drop rate 0 bps

      Match: any

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      shape (average) cir 512000, bc 2048, be 2048

      target shape rate 512000

      Service-policy : CLASSIFIED

        queue stats for all priority classes:

          queue limit 64 packets

          (queue depth/total drops/no-buffer drops) 0/0/0

          (pkts output/bytes output) 0/0

        Class-map: VOICE-OUT (match-all)

          0 packets, 0 bytes

          30 second offered rate 0 bps, drop rate 0 bps

          Match: ip dscp ef (46)

          Priority: 10% (5 kbps), burst bytes 1500, b/w exceed drops: 0

          police:

              rate 10 %

              rate 51000 bps, burst 1593 bytes, peak-burst 1500 bytes

            conformed 0 packets, 0 bytes; actions:

              transmit

            exceeded 0 packets, 0 bytes; actions:

              drop

            violated 0 packets, 0 bytes; actions:

              drop

            conformed 0 bps, exceed 0 bps, violate 0 bps

        Class-map: VOICE-SIGNAL-OUT (match-all)

          92 packets, 6568 bytes

          30 second offered rate 0 bps, drop rate 0 bps

          Match: ip dscp cs3 (24)

          Queueing

          queue limit 30 packets

          (queue depth/total drops/no-buffer drops) 0/0/0

          (pkts output/bytes output) 0/0

          bandwidth 10% (5 kbps)

        Class-map: class-default (match-any)

          210 packets, 15602 bytes

          30 second offered rate 0 bps, drop rate 0 bps

          Match: any

          queue limit 64 packets

          (queue depth/total drops/no-buffer drops) 0/0/0

          (pkts output/bytes output) 0/0

            Exp-weight-constant: 9 (1/512)

            Mean queue depth: 0 packets

            dscp Transmitted Random drop Tail

drop Minimum Maximum Mark

                      pkts/bytes pkts/bytes

pkts/bytes thresh thresh prob

Many thanks, Andy

Blogs and organic groups at http://www.ccie.net

 
Received on Wed Aug 26 2009 - 16:48:13 ART