Hi Rene,
is it OK to say that on a conceptual level ‘End to End QoS’ works in below order ?
Classification------>Marking----->Queuing------>Policing-------->Shaping
thanks
Abhishek
Hi Rene,
is it OK to say that on a conceptual level ‘End to End QoS’ works in below order ?
Classification------>Marking----->Queuing------>Policing-------->Shaping
thanks
Abhishek
Hi Abhishek,
On a LAN environment, you normally only want to use classification, marking and queuing. This allows you to give preference to certain traffic types. Policing and shaping are both used to limit your traffic, either by buffering (shaping) or dropping (policing) it. You could do this on your own network for certain traffic types but it’s not common.
Rene
Hello Rene,
I am hoping you can clarify something for me in regards to the priority queue and the two ingress queues. I watched Kevin’s video and it explained a lot however it is still unclear to me even after reading several Cisco docs and other training material how the ingress queues are serviced. The way I understand it is that there are two ingress queues (1 and 2). By default, queue 2 is the priority queue and is guaranteed 10% of the internal ring bandwidth. This leaves 90% of the internal ring bandwidth to be divided by the two ingress queues 45% each by default. So does that mean that queue 2 really gets 55% (10% priority and 45% normal) or does queue 2 get serviced two times (once for priority traffic and once for normal traffic) for every time queue 1 gets serviced? If queue 2 is truly just a single file line handling both normal and priority traffic how do the priority packets get moved to the front of the line to be expedited by SRR? It seems like there would have to be two sub queues within queue 2, one for normal traffic and one for priority traffic.
Also, if the priority queue of each port is given 10% of the internal ring bandwidth and I have a 24 port GigE switch with a 32Gig backplane this would give each port 1.3 Gbps reserved bandwidth on the internal ring. However, each port is only a 1G port so it seems like in this scenario that the priority traffic could starve out normal traffic even though it is limited to 10% of internal ring bandwidth due to the fact that the faction of internal ring bandwidth allocated to the priority queue of each port exceeds the physical port bandwidth capacities. Do I have my logic and math correct here?
Thanks,
Tom
19 posts were merged into an existing topic: How to configure Queuing on Cisco 3560 and 3750 switch
I read about queues and I am confused. Unfortunately I do not have any real hardware to test this out.
In 3750, we have 2 input and 4 out put queue and we can modify what is the percent of memory each queue gets. I initially thought this is a specific feature of Switches as the QOS is implemented in hardware and it is not there for routers as it is done in software and the IOS takes care of this for us.
But in 3850 where Qos is implemented as MQC and MLS is not supported. I did not find any command to modify the queue parameters.
Can someone please help in understanding this
Hello Kapil
The configuration of QoS in the 3850 has been changed compared to the 3560 and the 3750 switch. It has been streamlined and improved and uses MQC (Universal QoS configuration model) as you mentioned in your post rather than the old MLS QoS configuration. A very thorough explanation of these changes including examples can be found in the following Cisco documentation:
I hope this has been helpful!
Laz
Hi,
What is egress interface and ingress interface ?
Thanks
Egress means outbound, that’s the interface you use to transmit traffic. Ingress means inbound so that’s the interface where you receive traffic on.
Hello Rene,
Can you explain this calculation in details ?
srr-queue bandwidth shape 20 0 0 0
1/20 = 0.05 x 100Mbit = 5Mbit.
I understand it’s weighted value but why 20 0 0 0 will be equal to 1/20 ?
So if i configured “srr-queue bandwidth shape 10 0 0 0”, it should be 1/10 = 0.1 x 100Mbit = 10Mbit? I this correct ?
Hello Ray
You are correct. When implementing shaping, the command syntax is:
srr-queue bandwidth shape
weight1 weight2 weight3 weight4
The syntax of the weight values, as described by Cisco, are as follows:
Specify the weights to specify the percentage of the port that is shaped. The inverse ratio (1/ weight) specifies the shaping bandwidth for this queue. Separate each value with a space. The range is 0 to 65535.
This information was obtained from this Cisco command reference document.
I hope this has been helpful!
Laz
HI Rene,
I have some questions about QoS queuing . Hope to get your insights on it.
mls qos cos x
Q1) When mls cos is turned on and all the ports are untrusted, does the switch reset the COS value for all frames to whatever value set in the “mls qos cos” command ?
Q2) When mls cos is turn on and all the ports are trusted, the switch will only use the value in “mls qos cos” command to set for untagged frames right ?
mls qos trust cos
Q3) When a policy-map + mls qos cos trust is set on the same port, which will have priority ? Assuming the policy-map will set CoS value and the incoming frame also already has a CoS value set.
priority-queue out
Q4) When egress expedite queue is turn on, does the shaped bandwidth defined on queue1 still applies ?
mls qos srr-queue output cos-map queue 2 threshold 3
Q5) Can we mapped the same CoS to more than 1 egress queue ?
CoS 3 to both egress q2 t2 and q3 t1, how will the switch handle the distribution if q2 and q3 has the same weight ?
If the switch send the frame with CoS 3 to q2t2 and q2t2 threshold is already hit, will the switch send the frame to q3t1 or it will simply drop it ?
Regards,
Noob
Hello Sze Jie K
I’ll attempt to answer your questions below:
Yes. When a port is set to untrusted (by default) it does not trust the CoS values of the incoming frames, so those are reset to the value set in the command.
Yes. On a trunk port, if you have the mls qos cos command on a trusted port, then the CoS values will be changed only for untagged frames. The CoS values of tagged frames remain unchanged.
The trust command in a policy map allows you to set the trust state only for the traffic defined within that particular class. mls qos trust applies to ALL traffic entering the interface. Any traffic conforming to the policy map will have priority. Traffic not conforming will have the more general mls qos trust command applied to it.
According to Cisco:
All four queues participate in the SRR unless the expedite queue is enabled, in which case the first bandwidth weight is ignored and is not used in the ratio calculation. The expedite queue is a priority queue, and it is serviced until empty before the other queues are serviced. You enable the expedite queue by using the priority-queue out interface configuration command.
This was obtained from the following documentation, page 29-17:
You can set the same CoS value to be mapped to multiple queues. However, for the rest of your questions, this might need to be labbed up, unless @ReneMolenaar has a ready answer…
I hope this has been helpful!
Laz
Hi Lagapides,
Thank you for your reply.
Actually what I am trying to achieve is to just turn out egress priority queuing for voice traffic with the following conditions
But it seems that I would need to classify the remaining traffic ? can I mark class-default as CoS 0 and mapped them to all the remaining queue ? – however Cisco support says that each CoS value can only be mapped to 1 queue… – so I am quite confuse…
Hi Sze Jie K,
Let me jump in on this. You are using a 3560 or 3750?
Once you enable QoS, all CoS/DSCP values get assigned to 4 different queues. You can’t change or disable these. If you want to mimic something where only voice traffic gets priorited then you could configure something like this:
Q1: 10% of bandwidth
Q2: 80% of bandwidth
Q3/Q4: each 5% of bandwidth
You can assign the CoS/DSCP values that you use for Voice to Q1 and everything else to Q2. It’s a pain to configure QoS on these switches as it affects all your traffic. It’s not as easy as on a router when you can configure only the priority queue for voice and let everything else be forwarded like it was before QoS.
Rene
Hey Rene,
Good to hear from you.
Just a couple of confirmation to clarify with you
For both 3850 and 2960x series switches, besides the priority queue - does lower queue# equates to having higher priority ? (e.g. queue2 has higher priority then queue3)
for 2960x - unlike 3850, we are not able to do CBWFQ. If our intention is just to have priority for voice and all equal fair treatment for default traffic ->
Does that means we have to either
a) mark a CoS value to all traffic in default-class + allocate/map this Cos value to just 1 queue
or
b) assign all possible CoS values to just 1 queue ?
For 2960x, are we able to assign/map the same CoS marking to more then 1 queue ? e.g. Cos 5 to queue 3 and 4 ?
In your earlier response, you assign 5% bandwidth to Q3/Q4, what the point of doing so since everything else is assign to Q2 ?
Hope to hear from you soon!
These switches only have one priority queue, the other queues are served in (weighted) round robin so Q2 doesn’t have a higher priority than Q3.
You can assign a CoS/DSCP value to only one queue and threshold.
I usually keep it simple and assign all CoS/DSCP values to one queue that you use for “best effort” traffic. This saves you the hassle of marking all traffic.
You don’t really use these queues if you use Q1 as the priority queue and Q2 as the “best effort” queue but the problem is that you can’t assign 0 bandwidth or disable the other queues. You can assign the lowest possible values to these queues. I think 1% is possible.
Hi Rene,
Appreciate your wonderful insight.
Hope you bear with me for a couple more of clarifications
q1) I often read in MQC that classification is to be done during ingress and queueing at the egress.
But when defining an egress policy-map using CBWFQ, you will still somehow classify the traffic
e.g.
policy-map VOIP
class VOIP-class <<< isn’t this already classification ?
priority 888
What the point in classifying during ingress then ?
q2) I am seeing the below on my MPLS service provider CE router’s WAN side interface
interface GigabitEthernet0/1
service-policy input xxx-inpolicypolicy-map xxx-inpolicy
class ce_ef_input
class ce_af3_input
class class-default
In xxx-inpolicy, there are just class definitions without any bandwidth policy/shaping, queuing, nor marking done - nothing. What is the point/meaning of classifying the traffic without any action done in the service-policy ?
q3) is there anyway simple way we can monitor the bandwidth usage of a particular queue ? or even a particular class ? I am on 3850 and the show policy-map is reflecting 0 packets/bytes for class-maps (but the queues are reflecting incrementing bytes-output ) – seems like a bug after googling.
Regards,
Alan
Hi Alan,
Let’s have a look.
You are correct, we still classify the traffic here. Usually, we do classification AND marking on the edge of our network. Let’s say we have a network like this:
Phone1 - SW1 - R1 - R2 - R3 - SW2 - Phone2
And let’s say we have some proprietary Voice over IP application that uses a range of UDP ports for RTP. On the edge of my network (SW1 and SW2) I can do something like this:
SW1(config)#ip access-list extended RTP_PROPRIETARY
SW1(config-ext-nacl)#permit udp any any range 16300 17300
SW1(config)#class-map RTP_PROPRIETARY
SW1(config-cmap)#match access-group name RTP_PROPRIETARY
SW1(config)#policy-map MARKING
SW1(config-pmap)#class RTP_PROPRIETARY
SW1(config-pmap-c)#set dscp ef
We do classification and marking here. This means that on my other devices, I can just configure a policy-map that prioritizes traffic when it has DSCP value EF. This saves me the hassle of configuring this access-list on all devices throughout my network.
This can still be used as a counter. If you want an example, take a look at my Control plane policing lesson:
I kinda use the same technique there to see how many packets I receive.
I’d have to check the 3850. On the older platforms, you can use this command:
SW1#show mls qos interface GigabitEthernet 0/1 statistics
GigabitEthernet0/1 (All statistics are in packets)
dscp: incoming
-------------------------------
0 - 4 : 19783 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 3087 0 0 0
60 - 64 : 0 0 0 0
dscp: outgoing
-------------------------------
0 - 4 : 84603 0 0 0 0
5 - 9 : 0 0 0 0 0
10 - 14 : 0 0 0 0 0
15 - 19 : 0 0 0 0 0
20 - 24 : 0 0 0 0 0
25 - 29 : 0 0 0 0 0
30 - 34 : 0 0 0 0 0
35 - 39 : 0 0 0 0 0
40 - 44 : 0 0 0 0 0
45 - 49 : 0 0 0 0 0
50 - 54 : 0 0 0 0 0
55 - 59 : 0 112 0 0 0
60 - 64 : 0 0 0 0
cos: incoming
-------------------------------
0 - 4 : 92908 0 0 0 0
5 - 7 : 0 0 0
cos: outgoing
-------------------------------
0 - 4 : 118383 0 0 0 0
5 - 7 : 74056 0 286048
output queues enqueued:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 19773 360104
queue 2: 0 0 0
queue 3: 0 0 98610
output queues dropped:
queue: threshold1 threshold2 threshold3
-----------------------------------------------
queue 0: 0 0 0
queue 1: 0 0 0
queue 2: 0 0 0
queue 3: 0 0 0
Policer: Inprofile: 0 OutofProfile: 0
This doesn’t tell me which class gets dropped but it does tell me which queues are working and how many packets get dropped in each queue.
Which IOS version are you using on the 3850? I tried a simple policy-map on my 3850:
class-map match-any TELNET
match access-group name TELNET
policy-map COUNT_TELNET
class TELNET
interface GigabitEthernet1/0/24
service-policy output COUNT_TELNET
It does show me packets:
SW1#telnet 192.168.1.2 /vrf TEST1
Trying 192.168.1.2 ... Open
SW5#show policy-map interface GigabitEthernet 1/0/24
GigabitEthernet1/0/24
Service-policy output: COUNT_TELNET
Class-map: TELNET (match-any)
8 packets
Match: access-group name TELNET
0 packets, 0 bytes
5 minute rate 0 bps
Class-map: class-default (match-any)
55 packets
Match: any
This is on a 3850 running 03.06.06E (quite old).
Rene
Hello rene there is something I do not understand … the selection of interface must be one for which comes from the Wan and another for which goes out to the network Lan ?
Hello Sebastian
When you apply QoS to a switch, you apply it to a particular port independently of whether or not it is applied elsewhere on the switch as well. QoS mechanisms begin to function when the egress traffic of a particular port exceeds the maximum speed of that port. Then, frames/packets begin to be queued based on the mechanisms you configure.
The selection of interface is the one that you desire to provide some sort of prioritization to traffic being sent from that port.
I hope this has been helpful!
Laz