Switch – How to use a layer 3 switch for QOS between gateway and hosts

cisco-ioslayer3qosswitchvoip

In the following scenario, is it possible to prioritize VOIP/RTP from x.x.x.51 through the gateway with a Cisco switch, and how? I need to prevent x.x.x.50 from saturating the WAN connection.

                    Public Internet
                         |
                         |
                  Gateway/Edge Router
                      x.x.x.49
           (WAN/10Mbps symmetrical connection to ISP)
                         |
                         |
                    Switch port 1
_________________________________________________________
Switch port 2                               Switch port 3
  |                                           |
  |                                           |
x.x.x.50                                   x.x.x.51
Firewall/NAT                               Firewall/NAT
  |                                           |
  |                                           |
LAN/Desktops                               LAN/Phone System

Do I need to tell the switch to limit the speed of port 1 to the 10/10Mbps of the gateway/WAN?

Best Answer

QoS is all about fairness, as you define it. There are multiple parts to QoS.

There is layer-2 QoS, which uses 802.1P to set the COS bits in layer-2 headers for layer-2 domains. Cisco switches have full COS marking, but limited layer-2 queuing.

There is layer-3 QoS, which uses the TOS bits in IP packets. Cisco routers have pretty extensive layer-3 queuing capabilities.

You also have things related to queuing, e.g. shaping and policing. You will need to decide on policies for these.

First you need to classify the traffic. Basically marking the packets with separate TOS/DSCP marking for the different traffic types. This is best done as close to the traffic source as possible, and Cisco switches can do this as traffic enters the switch from the host.

Once you have classified and marked the traffic, you can apply your fairness doctrine. In your case, it sounds like you want a priority queue on the WAN interface for the VoIP traffic. You will need to decide which percentage of the bandwidth to dedicate to VoIP, and configure your queuing accordingly.

Understand that your QoS markings and policies will not be honored on the Internet, and that you have no real control over incoming traffic, since by the time you see the incoming traffic, the bandwidth has already been used. Since VoIP is a two-way conversation, you can have perfect QoS on your network, but still get crappy VoIP calls because there is no QoS on the Internet, and your incoming WAN link can be saturated, and your QoS policies have no real effect on that.

QoS is a really huge subject, too large for this site. You would need to provide a lot of information about your devices and their configurations, and make some decisions about a lot of things. There is no real way to say, "this" is the answer to how you should accomplish what you want.

Related Solutions

Cisco – QoS voice traffic on WAN of Cisco 1841

The short answer is no. Your queuing policy needs to be applied outbound at the point of bottleneck. In this case, the bottleneck is the WAN connection (20 Mbps) between the pfSense and the 1841. Thus, the proper location of your queuing policies are outbound on the LAN interface (a bit of a misnomer) of the pfSense and outbound on Fa0/01 of the 1841, which you have.

All that being said, your policy on the 1841 is flawed. In your example, you've reserved 1 Mbps of bandwidth for VoIP and applied the policy to a 100 Mbps interface. What happens when the PCs start pushing 70Mbps of traffic while trying to make a VoIP call? From a queuing standpoint on the 1841, the answer is nothing. There is only 70 Mbps of data flowing out Fa0/1. Therefore, there is always 1 Mbps available for VoIP. However, once this traffic reaches the pfSense, at least 50 Mbps of data and VoIP will be dropped. Your calls would be terrible at best.

Without getting into all of the details, and using your prior example, the policy should be something like this:

class-map match-any CM-VOICE-TRAFFIC
 match access-group 145
!
policy-map PM-PRIORITISE-VOICE-child
 class CM-VOICE-TRAFFIC
   set ip dscp ef
   priority 1000
 class class-default
   fair-queue
!
policy-map Shape-20Mb-parent
 class class-default
  shape average 20000000
  service-policy PM-PRIORITISE-VOICE-child
!
interface FastEthernet0/1
 service-policy output Shape-20Mb-parent
!
access-list 145 permit ip 10.0.59.0 0.0.0.255 any

This policy creates an artificial bandwidth limit on all traffic leaving the Fa0/1 on the 1841. Thus, the pfSense will never have the opportunity to drop traffic indiscriminately. Also, instead of the bandwidth command, the priority command should be used to limit latency and jitter. The tagging and the ACL change should be self-explanatory.

Equal WAN bandwidth for all LAN devices using Sonicwall NSA 2400/2600

I know this is an older post, but in case someone else stumbles upon it like I did, I wanted to provide some input.

So far, the only way to do this that I know of is with Mikrotik's PCQ (per-connection queuing) algorithm. It's not too hard to set up and there's a ton of guides out there to show you how. But it basically makes a packet queue for each device on your network and as the link hits your specified bandwidth limit (typically you set it to your ISP's limit) it begins dropping packets from the highest speed queues until all queues reach the same speed. Then it drops packets equally from each.

There is an option to set a fixed limit per queue, but if you don't set a limit it works the way I described.

This is particularly useful in hospitality environments, like hotels, since it basically dynamically adjusts your bandwidth limits per device as your occupancy changes.

Best Answer

Related Solutions

Cisco – QoS voice traffic on WAN of Cisco 1841

Equal WAN bandwidth for all LAN devices using Sonicwall NSA 2400/2600

Related Topic