• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Cisco QoS

Status
Not open for further replies.

Pentangle

Joined
Dec 6, 2007
Messages
261
Reaction score
1
Hi all,

I'm looking at deploying Cisco routers in front of 3CX, so I wonder if any of you have had experience of these (I assume so, given the numbers here).

My question relates to QoS. Cisco in their flavours of IOS give you several options for the configuration of QoS. These range from DSCP (ToS), EF bit setting, MQC, WRED, and various other TLAs :)

I *think* i've identified NBAR as the QoS tool of choice for the RTP protocol, and the priority-list command as the QoS tool of choice for other protocols such as SIP signalling etc.

My question is - is this the best way of doing things? or do people have other ideas? I assume the most important configuration would be NBAR because then I can identify and provide QoS to the RTP protocol which provides the voice streams (and very little else seems to be able to do so).

All input is valuable!

Cheers,
Mike.
 
Hi Mike,

Every time I get it into my head to sit down with the Cisco qos docco to work out what's required, I end up in an infinite loop, clicking on links from one tla to another until my eyes glaze over and I start to rock back and forth :). You seem to have a better handle on it than I. I thought that I'd just use the horrid sdm to set something up but could never get the wizzard/gui to allow me to do what I wanted. NBAR didn't seem to recognise 3cx rtp/voip traffic as voice and the option to add additional protocols to the class is greyed out. I assume that this is because it's not Cisco voip that I'm using but could be wrong.

What I did find was that the following additions allowed nbar to classify my 3cx traffic and I now see the sdm monitoring graphs etc displaying the correct bandwidth utilisation re: my voip calls;

Code:
class-map match-any SDMVoice-Dialer0
match ip rtp 7000 7499
match ip rtp 9000 9030

The relevant section of the config now looks like;

Code:
class-map match-any SDMVoice-Dialer0
 match protocol rtp audio
 match ip rtp 7000 7499
 match ip rtp 9000 9030
class-map match-any SDMTrans-Dialer0
 match protocol citrix
 match protocol finger
 match protocol notes
 match protocol novadigm
 match protocol pcanywhere
 match protocol secure-telnet
 match protocol sqlnet
 match protocol sqlserver
 match protocol ssh
 match protocol telnet
 match protocol xwindows
class-map match-any SDMScave-Dialer0
 match protocol napster
 match protocol fasttrack
 match protocol gnutella
class-map match-any SDMBulk-Dialer0
 match protocol exchange
 match protocol ftp
 match protocol irc
 match protocol nntp
 match protocol pop3
 match protocol printer
 match protocol secure-ftp
 match protocol secure-irc
 match protocol secure-nntp
 match protocol secure-pop3
 match protocol smtp
 match protocol tftp
class-map match-any SDMRout-Dialer0
 match protocol bgp
 match protocol eigrp
 match protocol ospf
 match protocol rip
 match protocol rsvp
class-map match-any SDMSignal-Dialer0
 match protocol h323
 match protocol rtcp
class-map match-any SDMManage-Dialer0
 match protocol dhcp
 match protocol dns
 match protocol imap
 match protocol kerberos
 match protocol ldap
 match protocol secure-imap
 match protocol secure-ldap
 match protocol snmp
 match protocol socks
 match protocol syslog
class-map match-any SDMIVideo-Dialer0
 match protocol rtp video
class-map match-any SDMSVideo-Dialer0
 match protocol cuseeme
 match protocol netshow
 match protocol rtsp
 match protocol streamwork
 match protocol vdolive
!
!
policy-map SDM-Pol-Dialer0
  class SDMManage-Dialer0
  bandwidth remaining percent 4
  set dscp cs2
  class SDMSignal-Dialer0
  bandwidth remaining percent 50
  set dscp cs3
   compress header ip tcp
  class SDMRout-Dialer0
  bandwidth remaining percent 4
  set dscp cs6
  class SDMTrans-Dialer0
  bandwidth remaining percent 41
  set dscp af21
  class SDMVoice-Dialer0
  set dscp ef
   compress header ip
  priority percent 75
!

I've not yet had this config running enough under load to verify that it's having any effect either way on voice traffic. The only traffic that should be on this link is from 3cx so I might have to put something else on the network to cause some more load.

I'm very interested to see what you come up with. Hopefully someone who actually understands Cisco qos will weigh in and provide some recommendations.

Regards,

Mick.
 
Hi Mick, and thanks for your informative post.

I think we're probably pretty much in the same boat here with respect to Cisco IOS etc. It's amazing what a few well-interspersed acronyms will do for my perceived Cisco knowledge :)

I found out last night that it was pretty much academic currently when talking about NBAR as I don't have a "plus" based IOS and hence they chopped that feature out of the 837 i'm using.

Anyway, as far as the two Cisco books i'm working from go, NBAR has a couple of things you should know:

1) RTP is already a classification of application from Cisco. New ones can either be downloaded from Cisco in the form of PDLM files, or created yourself using the ip nbar custom command.

2) You apparently need to issue a ip nbar protocol-discovery command on the relevant interface to view and classify the protocols

As far as your config goes, that looks right. The books say to create the class maps (that define which packets we're going to match), then to define the QoS policy, and then to apply the QoS policy to an interface. Your config appears to do that, and has RTP header compression turned on (which is apparently a good thing for QoS), and ef is expedited forwarding (the highest diffserv tag).

The reason I wanted to delve deeper into it was because I wasn't 100% sure RTP was going to be captured and tagged purely on those (7000-7499 and 9000-9030) ports, and so wanted a system of identifying and labelling the traffic easily. Apparently there's about 30 different subsections of the match protocol rtp command, which deal with the relevant CODECs used. the audio parameter separates it into all the audio CODECs (as opposed to the video ones as well), but you can also go further and specify things such as G.729 etc, which may be more relevant for you in a more congested network.

Anyhow, thanks for the config details and the confidence that i'm not talking out of my bumhole :) All I need to do now is to get some more flash memory and a "plus" IOS and i'll be with you :)

Cheers,
Mike.
 
Hey Mike,

Thanks for the clarification re: nbar. I'll definitely be checking out the "ip nbar custom" options and poking about some more to see what more can be done. SDM setup the ip nbar protocol-discovery option for me so no worries there.

Thanks also for some confidence that I'm on the right path here. It would be nice if a ccie would pop in and offer a recommended 3cx config but also less fun :)

Mick.
 
Hi Mick,

If you need a more granular QoS config, let me know. I am a Cisco CCIE and have a number of deployments out there using Cisco routers for WAN facing QoS. Remember to also configure QoS correctly inside your LAN. You will find that your ISP dos not honour qos if its standard grade dsl. What you need to do is clean up qos inside your network so that when you are talking on the phone and your pc is doing "what ever", you want the voice packets to be prioritised. You can apply this theory to 1 phone or 1000's of phones.

A good way to handle voice quality if you or your customer can afford it is to have a Voice only dsl connection and a data only dsl connection. Depending on the size of your company, dsl for voice and 4 simultaneous calls should be okay. Check with your voip provider and make sure you can get G729 codecs running across your SIP trunk (Also make sure your 3CX version supports G729).This helps to get more calls across your SIP trunk. If you go for this option, the voice quality is improved (especially that internet traffic is running on the alternate dsl connection). Now days, dsl connections are quite inexpensive, so it may be a good option for you. What you will need for this type of setup though is a good layer 3 switch to handle the multiple subnets for alternate route paths. Once its setup, your customer does not nromally complain unless his dsl goes down or he has maxed his dsl upstream limit for the ammount of calls he is making.

Setting up your network: I normally setup the voice network in one VLAN and the data network in another VLAN. Set your phones to use 802.1q trunking if the support is there so that the 2 port switch at the back of the phone (depending on your phone make) can use one port for the connection to the network switch and the other to the users PC. The switch port should be configured to carry both the data and voice vlan. This is called 802.1q trunking. Make sure your phone is configured to handle the trunk. Most modern phones can do this. This is inexpensive if you know what switches support trunking and at what price point. The Linksys One layer 3 switch supports trunking and of course layer switching/routing so that you can have this type of setup. Works very well. You can buy Cisco layer 3 switches if its in your budget. A much better option by far.

If you or your customer can afford it, you should invest in the Cisco layer3 switches to benefit from really granular qos controls. Makes all the difference in a voice deployment.

With regard to your ip nbar custom option, it all depends on your IOS version and of course your router. You can configure it quite simply. I do think that SDM will probably not be too helpful here. Good old fashioned CLI configuration is required. Cisco's web site has hundreds of qos examples, you just need to search for them. I can offer assistance with a good 3CX qos config, but it will be generic and will need tweaking to support your dsl connection. Here is a link for you that may start you on the correct path (keeping it fun as per your last post!!):


http://www.cisco.com/en/US/docs/routers/access/800/820/software/configuration/guide/advconf.html



Anyway, hope this helps.

KInd regards

Robert Thompson, CCIE#10302
 
future-data.biz said:
With regard to your ip nbar custom option, it all depends on your IOS version and of course your router. You can configure it quite simply. I do think that SDM will probably not be too helpful here. Good old fashioned CLI configuration is required. Cisco's web site has hundreds of qos examples, you just need to search for them. I can offer assistance with a good 3CX qos config, but it will be generic and will need tweaking to support your dsl connection.

Hi Robert,

Thanks for the info. Could you possibly do a generic QoS config for an 877, and also critique whether we're on the right track as regards the NBAR classification as per the above posts? Also, is LAN QoS really *that* important inside the organisation if you're not saturating the port?

Cheers,
Mike.
 
Hi Mike,

Your config looks fine. To see if its doing the trick, do the following when you are in a call (clear the router interface counters first by issuing "clear counters" at the command prompt):

on the router cli command prompt issue the following command:

show policy-map interface di0 ---> this is your dialer interface for the dsl connection, I picked this up from your config

This will show a list of statistics on the port and will also tell you if the interface QoS is working by showing packet statistics per class configured.

QoS on the LAN is very important even if you have one PC connected to it. Lets say you are speaking to a customer and you browse the internet. Those internet packets are transmitted and received by your router, which then connects to your LAN port and delivers the data to your PC. That LAN port is the same port the outputs packets to the WAN interface (IE - they traverse the LAN port to be processed by the router and outputted by the WAN port, in your case a dialer interface mapped to and ATM ..dsl...interface). You should always configure QoS on inbound and outbound interfaces so that when congestion is experienced, correct packet tagging and queuing takes place. It makes for a really good voice call (remember that your ISP will not honour QoS unless you have paid for it. Standard business DSL or Home DSL ISP's do not honour QoS.)


Here is an output of some policy maps configured on a cisco router when a call is in progress (counters were cleared to show these stats). The show commands of for both inbound and outbound interfaces (LAN and WAN port)

rtr1# sh policy-map int f0
FastEthernet0

Service-policy input: Packet-Tagging

Class-map: VoIP-Class-Inbound (match-any)
1825 packets, 393365 bytes
5 minute offered rate 15000 bps, drop rate 0 bps
Match: access-group name VOIP
1825 packets, 393365 bytes
5 minute rate 15000 bps
Match: ip dscp 46
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 72000 bps, bc 9000 bytes
conformed 1567 packets, 338070 bytes; actions:
set-prec-transmit 7
exceeded 258 packets, 55295 bytes; actions:
set-prec-transmit 7
conformed 14000 bps, exceed 7000 bps,

Class-map: Hi-Class-Inbound (match-any)
122 packets, 7432 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name High
122 packets, 7432 bytes
5 minute rate 0 bps
Match: ip dscp 46
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 85000 bps, bc 10000 bytes
conformed 123 packets, 7492 bytes; actions:
set-prec-transmit 6
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit 5
conformed 0 bps, exceed 0 bps,

Class-map: Med-Class-Inbound (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name Medium
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 43000 bps, bc 5000 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps,

Class-map: class-default (match-any)
9 packets, 1158 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
QoS Set
ip precedence 1
Packets marked 9


rtr1#sh policy-map int di1
Dialer1

Service-policy output: Packet-Queueing

Class-map: VoIP-Class-Outbound (match-any)
1823 packets, 378461 bytes
5 minute offered rate 8000 bps, drop rate 0 bps
Match: ip precedence 7
1823 packets, 378461 bytes
5 minute rate 8000 bps
Weighted Fair Queueing
Strict Priority
Output Queue: Conversation 24
Bandwidth 50 (%)
Bandwidth 28 (kbps) Burst 700 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0

Class-map: class-default (match-any)
51 packets, 11057 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Weighted Fair Queueing
Output Queue: Conversation 25
Bandwidth remaining 95 (%)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
exponential weight: 9
mean queue depth: 0

class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 0/0 0/0 0/0 20 40 1/10
1 10/1340 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 36/9425 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10

hope this helps

Regards

Rob
















thompson-rtr1# sh policy-map int f0
FastEthernet0

Service-policy input: Packet-Tagging

Class-map: VoIP-Class-Inbound (match-any)
1825 packets, 393365 bytes
5 minute offered rate 15000 bps, drop rate 0 bps
Match: access-group name VOIP
1825 packets, 393365 bytes
5 minute rate 15000 bps
Match: ip dscp 46
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 72000 bps, bc 9000 bytes
conformed 1567 packets, 338070 bytes; actions:
set-prec-transmit 7
exceeded 258 packets, 55295 bytes; actions:
set-prec-transmit 7
conformed 14000 bps, exceed 7000 bps,

Class-map: Hi-Class-Inbound (match-any)
122 packets, 7432 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name High
122 packets, 7432 bytes
5 minute rate 0 bps
Match: ip dscp 46
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 85000 bps, bc 10000 bytes
conformed 123 packets, 7492 bytes; actions:
set-prec-transmit 6
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit 5
conformed 0 bps, exceed 0 bps,

Class-map: Med-Class-Inbound (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name Medium
0 packets, 0 bytes
5 minute rate 0 bps
police:
cir 43000 bps, bc 5000 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 4
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps,

Class-map: class-default (match-any)
9 packets, 1158 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
QoS Set
ip precedence 1
Packets marked 9


thompson-rtr1#sh policy-map int di1
Dialer1

Service-policy output: Packet-Queueing

Class-map: VoIP-Class-Outbound (match-any)
1823 packets, 378461 bytes
5 minute offered rate 8000 bps, drop rate 0 bps
Match: ip precedence 7
1823 packets, 378461 bytes
5 minute rate 8000 bps
Weighted Fair Queueing
Strict Priority
Output Queue: Conversation 24
Bandwidth 50 (%)
Bandwidth 28 (kbps) Burst 700 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0

Class-map: class-default (match-any)
51 packets, 11057 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Weighted Fair Queueing
Output Queue: Conversation 25
Bandwidth remaining 95 (%)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
exponential weight: 9
mean queue depth: 0

class Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
0 0/0 0/0 0/0 20 40 1/10
1 10/1340 0/0 0/0 22 40 1/10
2 0/0 0/0 0/0 24 40 1/10
3 0/0 0/0 0/0 26 40 1/10
4 0/0 0/0 0/0 28 40 1/10
5 0/0 0/0 0/0 30 40 1/10
6 36/9425 0/0 0/0 32 40 1/10
7 0/0 0/0 0/0 34 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
 
future-data.biz said:
Hi Mick,

If you need a more granular QoS config, let me know. I am a Cisco CCIE and have a number of deployments out there using Cisco routers for WAN facing QoS. Remember to also configure QoS correctly inside your LAN. You will find that your ISP dos not honour qos if its standard grade dsl. What you need to do is clean up qos inside your network so that when you are talking on the phone and your pc is doing "what ever", you want the voice packets to be prioritised. You can apply this theory to 1 phone or 1000's of phones.

A good way to handle voice quality if you or your customer can afford it is to have a Voice only dsl connection and a data only dsl connection. Depending on the size of your company, dsl for voice and 4 simultaneous calls should be okay. Check with your voip provider and make sure you can get G729 codecs running across your SIP trunk (Also make sure your 3CX version supports G729).This helps to get more calls across your SIP trunk. If you go for this option, the voice quality is improved (especially that internet traffic is running on the alternate dsl connection). Now days, dsl connections are quite inexpensive, so it may be a good option for you. What you will need for this type of setup though is a good layer 3 switch to handle the multiple subnets for alternate route paths. Once its setup, your customer does not nromally complain unless his dsl goes down or he has maxed his dsl upstream limit for the ammount of calls he is making.

Setting up your network: I normally setup the voice network in one VLAN and the data network in another VLAN. Set your phones to use 802.1q trunking if the support is there so that the 2 port switch at the back of the phone (depending on your phone make) can use one port for the connection to the network switch and the other to the users PC. The switch port should be configured to carry both the data and voice vlan. This is called 802.1q trunking. Make sure your phone is configured to handle the trunk. Most modern phones can do this. This is inexpensive if you know what switches support trunking and at what price point. The Linksys One layer 3 switch supports trunking and of course layer switching/routing so that you can have this type of setup. Works very well. You can buy Cisco layer 3 switches if its in your budget. A much better option by far.

If you or your customer can afford it, you should invest in the Cisco layer3 switches to benefit from really granular qos controls. Makes all the difference in a voice deployment.

With regard to your ip nbar custom option, it all depends on your IOS version and of course your router. You can configure it quite simply. I do think that SDM will probably not be too helpful here. Good old fashioned CLI configuration is required. Cisco's web site has hundreds of qos examples, you just need to search for them. I can offer assistance with a good 3CX qos config, but it will be generic and will need tweaking to support your dsl connection. Here is a link for you that may start you on the correct path (keeping it fun as per your last post!!):


http://www.cisco.com/en/US/docs/routers/access/800/820/software/configuration/guide/advconf.html



Anyway, hope this helps.

KInd regards

Robert Thompson, CCIE#10302

Hi

I agree with you also for the way you handle traffic i believe this is the best way one vlan for data second vlan for voice but
i have a question what if you have softphones
How you handle voice traffic in this situation
Is there other way except recognize which traffic is voice and which data ?
I have used hp procurve switches and i think that is very good choice for lan edge solution with lower cost. But for a backbone switch i vote also layer 3 cisco switch

Thanks
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,635
Messages
748,994
Members
144,754
Latest member
deanhbs
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.