Here are the commands that I use to enable basic upstream QoS on a Cisco 887VA on VSDL2 FTTC Fibre. Remember that you can/should only queue/shape/police on egress..
For home Internet their is little point shaping downloads (egress shaping on the inside interface), but shaping your upstream will have a big impact on keeping your downloads fast, and VoIP calls running without jitter, all when your kids are running torrents, games or something ;)
NB: consuming upload capacity impedes the download capacity, due to the contention introduced on the upstream ACKs.
If you are an office, then yes you should definitely shape downstream (egress on the inside interface) to ensure that "flows" are playing nice and sharing the total download bandwidth across all users.
class-map match-any CLSMP-High
description High Prio and Realtime
match access-group name HighPrio
match dscp ef
match dscp cs7
match dscp cs6
!
policy-map PLCMP-Shaped
class CLSMP-High
priority percent 90 <- Priority drops packets above figure
class class-default
fair-queue
bandwidth percent 10 <- Bandwidth is allowed to "borrow" from root
policy-map PLCMP-Shaper
class class-default
shape average 20000000
service-policy PLCMP-Shaped
!
interface Ethernet0.101
service-policy output PLCMP-Shaper
!
ip access-list extended HighPrio
permit tcp any any ack <- This is important (TCP packets with the ACK flag set)
permit icmp any any
permit tcp any any tos min-delay
permit udp any any eq domain
permit udp any any eq ntp
#Add VoIP stuff here too :) (Or even better, create a separate class)
rt1#show access-lists HighPrio
Extended IP access list HighPrio
10 permit tcp any any ack (35488476 matches)
30 permit icmp any any (17365 matches)
40 permit tcp any any tos min-delay (8 matches)
50 permit udp any any eq domain (345229 matches)
60 permit udp any any eq ntp (160793 matches)
rt1#show policy-map interface ethernet 0.101
Ethernet0.101
Service-policy output: PLCMP-Shaper
Class-map: class-default (match-any)
54539399 packets, 20315187264 bytes
5 minute offered rate 9000 bps, drop rate 0000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/33001/0
(pkts output/bytes output) 54504938/20266047087
shape (average) cir 20000000, bc 80000, be 80000
target shape rate 20000000
Service-policy : PLCMP-Shaped
queue stats for all priority classes:
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/1303/0
(pkts output/bytes output) 35886434/8950446892
Class-map: CLSMP-High (match-any)
36009819 packets, 9010338472 bytes
5 minute offered rate 3000 bps, drop rate 0000 bps
Match: access-group name HighPrio
36009736 packets, 9010327411 bytes
5 minute rate 3000 bps
Match: dscp ef (46)
0 packets, 0 bytes
5 minute rate 0 bps
Match: dscp cs7 (56)
14 packets, 1404 bytes
5 minute rate 0 bps
Match: dscp cs6 (48)
66 packets, 9792 bytes
5 minute rate 0 bps
Priority: 90% (17999 kbps), burst bytes 449950, b/w exceed drops: 197
Class-map: class-default (match-any)
18529581 packets, 11304849987 bytes
5 minute offered rate 6000 bps, drop rate 0000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops/flowdrops) 0/31301/0/31301
(pkts output/bytes output) 18498444/11259866445
Fair-queue: per-flow queue limit 16 packets
bandwidth 10% (1999 kbps)
PS; If you are wondering why the Priority queue size is so high (90%) on the class "CLSMP-High" with only 10% for the rest? This is because packets above the 90% throughput rate get aggressively dropped for "priority", even when there is spare capacity. Whereas the Bandwidth queue can borrow from the other queues and grow larger than its 10% definition.
I.e. if the traffic in the class "CLSMP-High" is only 1% full, the traffic in the class "class-default" can still use the remaining 99%.
But if the traffic in the "CLSMP-High" is 99%, 9% will get dropped regardless of the size of "class-default".
This is due to the fact that the internal queues/buckets for "Priority" type queues, always get forwarded first, and so can starve other queues of resources. However in the case of shaping upload traffic, this is quite common (unless you are hosting servers, and you need to account for them).
No comments:
Post a Comment