I'm trying to get a fairly simple QoS policy up and running on my DSL line using a Cisco 877. My aims are fairly simple – make sure that realtime and management stuff like RTP and SSH works regardless of congestion, then make sure that HTTP, FTP, SMTP etc. protocols get a good shout in times of congestion and throttle back things like bittorrent when things get busy.
I've tried applying the config below, but it seems to have no effect. If I pull down a couple of ubuntu torrents, and also download a large file via HTTP, the HTTP download slows to a crawl, whereas the torrents merilly carry on downloading at 300kbps+. The only effect it seems to have is upstream bittorrent slows to about 0.1kbps.
My understanding is that I need to have a policy applied outbound on my ATM subinterface, and inbound on the VLAN so the router knows how to deal with the different packets flowing in both ways. I tried adding a police only policy inbound on the ATM subinterface, but again, this seemed to make no difference. Bittorrent incoming traffic romps over everything.
Oddly, no matter how much I try and configure it, I can't get the Packet-Queueing policy to show up outbound on the ATM0.1 interface. The inbound one shows up fine.
Any ideas?
class-map match-any BESTEFFORT
match protocol http
match protocol secure-http
match protocol icmp
match protocol secure-imap
match protocol smtp
match protocol ipsec
match protocol dns
class-map match-any REALTIME
match protocol rtp
match protocol rtcp
match protocol sip
match protocol ssh
class-map match-any SCAVENGER
match protocol bittorrent
!
!
policy-map Packet-Queueing
class REALTIME
priority 400
class BESTEFFORT
bandwidth percent 50
random-detect
class SCAVENGER
bandwidth percent 5
random-detect
class class-default
fair-queue
random-detect
!
policy-map Input-Police
class SCAVENGER
police rate 8000 bps
conform-action transmit
exceed-action drop
!
policy-map Packet-Tagging
class REALTIME
set precedence 5
class BESTEFFORT
set precedence 4
class SCAVENGER
set precedence 0
!
!
interface ATM0
description ATM ADSL Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode adsl2
dsl enable-training-log
!
!
interface ATM0.1 point-to-point
pvc 0/38
vbr-rt 886 886
encapsulation aal5mux ppp dialer
dialer pool-member 1
service-policy in Input-Police
!
interface Vlan1
description internal private VLAN
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip route-cache same-interface
ip tcp adjust-mss 1452
service-policy input Packet-Tagging
hold-queue 100 out
!
Best Answer
The fundamental problem you have is that QoS in the inbound direction (in to your router) to control traffic headed in your direction is relatively useless.
The congestion is occurring at the egress of the ISP device to which your Router attaches. That ISP interface has no relevant QoS applied - it is most certainly a FIFO queue. Thus if the bittorrent end points are sending you data faster than your HTTP end point, bittorrent wins in a classic FIFO queue and your HTTP download is starved.
This is a very common problem in almost every home networking setup. Bittorrent can easily starve not only SSH or RTP traffic, but VoIP traffic as well.
Use your Bittorrent software's built in rate limiting to cap up and down speeds at a rate lower than what is available.