QoS – Is This QoS Police vs Bandwidth Configuration Wrong?

bandwidthciscoqosrouterswitch

I understand bandwidth in QOS is use to guarantee a minimum bandwidth

I understand police in QOS is to set a limit to the maximum bandwidth.

class test_out
  police **1608000** 50000 100000 conform-action set-dscp-transmit af31 exceed-action set-dscp-transmit af32 violate-action set-dscp-transmit 28
  **bandwidth 2542**
  random-detect dscp-based
  random-detect exponential-weighting-constant 7
  random-detect dscp 26 50 80 10
  random-detect dscp 28 15 40 5

Can someone tell me if the above configuration is self defeating ?

I have a guarantee bandwidth of 2542Kb, but traffic is being police at 1608000 bits = 1570Kb

==================

Edit:

q1) With the police value configured lowered then the guarantee bandwidth, is my traffic still able to reach the guarantee bandwidth ?

q2) If it is able to reach the guarantee bandwidth due to the fact that the exceed and violate action does not drop traffic, then what is the difference between the exceed and violate action of set-dscp-transmit af32 and dscp 28 ? (both seems to have the same DSCP value)

Best Answer

I understand bandwidth in QOS is use to guarantee a minimum bandwidth

There is really a lot more to QoS than that.

I understand police in QOS is to set a limit to the maximum bandwidth.

Policing is dropping traffic that exceeds certain parameters.

To actually police, you need to drop traffic above your predefined bandwidth. You are still allowing all traffic, only setting the DSCP for traffic exceeding the bandwidth.

Normally, you use a priority queue to guarantee minimum bandwidth for a class, then drop any traffic exceeding the guaranteed minimum bandwidth. Do that in your policy map. For example:

policy-map Test
  class VoIP
    priority percent 23
    police cir percent 23 conform-action transmit exceed-action drop
!

Your example configuration really isn't doing much for you.

Edit:

You are simply changing markings in the class map. It is a policy map that would give you the guaranteed bandwidth by using a priority queue. Policing is dropping traffic outside of your parameters.

You want to classify and mark traffic as close to the source as possible, setting up a trust point. After that, you can treat (police, queue, shape) the traffic based on the marking.

Trying to do both on a router will certainly drive up the CPU utilization, and it doesn't allow you to treat the traffic throughout your whole network. In general, you classify and mark on the access switches, then treat on the routers.

See this two-part answer for more about QoS.

Related Solutions

Cisco – QoS woes – managed IP VPN

To answer your questions:

RDP traffic should get up to the 25% of the remaining bandwidth. Where the already reserved bandwidth is the 35% ( class-default gets 25% by default and EF get 10% ). So, if i'm right, you assigned ~665Kbps to RDP. Anyway you should check if you're dropping packets issuing the command below:

show policy-map <your wan interface> output class REMOTEDESKTOP

and checking for dropped packets.

Cisco assign a queue to each user-defined class that includes the bandwidth or police commands. To make a long-story simple those commands define the amount of bandwidth assigned to every queue during congestions.
In theory every TCP based stream should be OK with drops. In practice some of them aren't. Dropping precedence bits tell the routers what packets should be dropped, within a given class, before congestion happens. Since RDP is the only type of traffic defined in your REMOTEDESKTOP class, you should not worry about it.
Bandwidth percentage are not in order ( as Jeremy stated ).

That said, there are a lot of things that i would change in your configuration:

There are no matches between some of classes of the setTos and the useTos policy-map. For instance the one named AF-HIGH is processing no packets since no class in setTos sets DSCP to AF41.
BE class in setTos is somehow self-defeating since it makes the class-default class useless. Note that class-default is the only system-defined class and get the 25% of the bandwidth by default ( 100 - max-reserved-bandwidth ) .
bandwidth remaining percent is not the best options ( as Jeremy explained ). I would change it to bandwidth percent.
I would prefer to mark EF packets by myself and not to rely on the phones' settings.

Cisco – Auto-QOS configuration for Cisco network

For Cisco IP phones, you've definitely got the right configuration:

!
mls qos
!
interface UPLINK
 ! Unconditionally trust all QoS markings
 auto qos voip trust
!
interface ACCESS
 ! Look for the Cisco Phone's CDP frames, and trust VoIP from the phone...
 auto qos voip cisco-phone

Should I put "auto qos voip trust" on network uplinks for both directions on traffic?

Yes, auto qos voip trust is required on both sides of any uplink for end-to-end QoS functionality (which is what you'd want, of course).

Will there be downtime to be aware of?

There is no downtime associated with QoS settings. I have enabled qos (platform-wide, and on individual links) with no observable impact; even on links that were heavily utilized, there was no perceivable downtime for transit traffic.

For more info, you can reference Cisco's Auto QoS Whitepaper

Best Answer

Related Solutions

Cisco – QoS woes – managed IP VPN

Cisco – Auto-QOS configuration for Cisco network

Related Topic