Cisco QoS

Discussion in '3CX Phone System - General' started by Pentangle, Nov 13, 2008.

Thread Status:
Not open for further replies.
  1. Pentangle

    Pentangle Member

    Joined:
    Dec 6, 2007
    Messages:
    261
    Likes Received:
    0
    Hi all,

    I'm looking at deploying Cisco routers in front of 3CX, so I wonder if any of you have had experience of these (I assume so, given the numbers here).

    My question relates to QoS. Cisco in their flavours of IOS give you several options for the configuration of QoS. These range from DSCP (ToS), EF bit setting, MQC, WRED, and various other TLAs :)

    I *think* i've identified NBAR as the QoS tool of choice for the RTP protocol, and the priority-list command as the QoS tool of choice for other protocols such as SIP signalling etc.

    My question is - is this the best way of doing things? or do people have other ideas? I assume the most important configuration would be NBAR because then I can identify and provide QoS to the RTP protocol which provides the voice streams (and very little else seems to be able to do so).

    All input is valuable!

    Cheers,
    Mike.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. mickp

    Joined:
    Jun 9, 2008
    Messages:
    72
    Likes Received:
    0
    Hi Mike,

    Every time I get it into my head to sit down with the Cisco qos docco to work out what's required, I end up in an infinite loop, clicking on links from one tla to another until my eyes glaze over and I start to rock back and forth :). You seem to have a better handle on it than I. I thought that I'd just use the horrid sdm to set something up but could never get the wizzard/gui to allow me to do what I wanted. NBAR didn't seem to recognise 3cx rtp/voip traffic as voice and the option to add additional protocols to the class is greyed out. I assume that this is because it's not Cisco voip that I'm using but could be wrong.

    What I did find was that the following additions allowed nbar to classify my 3cx traffic and I now see the sdm monitoring graphs etc displaying the correct bandwidth utilisation re: my voip calls;

    Code:
    class-map match-any SDMVoice-Dialer0
    match ip rtp 7000 7499
    match ip rtp 9000 9030
    The relevant section of the config now looks like;

    Code:
    class-map match-any SDMVoice-Dialer0
     match protocol rtp audio
     match ip rtp 7000 7499
     match ip rtp 9000 9030
    class-map match-any SDMTrans-Dialer0
     match protocol citrix
     match protocol finger
     match protocol notes
     match protocol novadigm
     match protocol pcanywhere
     match protocol secure-telnet
     match protocol sqlnet
     match protocol sqlserver
     match protocol ssh
     match protocol telnet
     match protocol xwindows
    class-map match-any SDMScave-Dialer0
     match protocol napster
     match protocol fasttrack
     match protocol gnutella
    class-map match-any SDMBulk-Dialer0
     match protocol exchange
     match protocol ftp
     match protocol irc
     match protocol nntp
     match protocol pop3
     match protocol printer
     match protocol secure-ftp
     match protocol secure-irc
     match protocol secure-nntp
     match protocol secure-pop3
     match protocol smtp
     match protocol tftp
    class-map match-any SDMRout-Dialer0
     match protocol bgp
     match protocol eigrp
     match protocol ospf
     match protocol rip
     match protocol rsvp
    class-map match-any SDMSignal-Dialer0
     match protocol h323
     match protocol rtcp
    class-map match-any SDMManage-Dialer0
     match protocol dhcp
     match protocol dns
     match protocol imap
     match protocol kerberos
     match protocol ldap
     match protocol secure-imap
     match protocol secure-ldap
     match protocol snmp
     match protocol socks
     match protocol syslog
    class-map match-any SDMIVideo-Dialer0
     match protocol rtp video
    class-map match-any SDMSVideo-Dialer0
     match protocol cuseeme
     match protocol netshow
     match protocol rtsp
     match protocol streamwork
     match protocol vdolive
    !
    !
    policy-map SDM-Pol-Dialer0
      class SDMManage-Dialer0
      bandwidth remaining percent 4
      set dscp cs2
      class SDMSignal-Dialer0
      bandwidth remaining percent 50
      set dscp cs3
       compress header ip tcp
      class SDMRout-Dialer0
      bandwidth remaining percent 4
      set dscp cs6
      class SDMTrans-Dialer0
      bandwidth remaining percent 41
      set dscp af21
      class SDMVoice-Dialer0
      set dscp ef
       compress header ip
      priority percent 75
    !
    I've not yet had this config running enough under load to verify that it's having any effect either way on voice traffic. The only traffic that should be on this link is from 3cx so I might have to put something else on the network to cause some more load.

    I'm very interested to see what you come up with. Hopefully someone who actually understands Cisco qos will weigh in and provide some recommendations.

    Regards,

    Mick.
     
  3. Pentangle

    Pentangle Member

    Joined:
    Dec 6, 2007
    Messages:
    261
    Likes Received:
    0
    Hi Mick, and thanks for your informative post.

    I think we're probably pretty much in the same boat here with respect to Cisco IOS etc. It's amazing what a few well-interspersed acronyms will do for my perceived Cisco knowledge :)

    I found out last night that it was pretty much academic currently when talking about NBAR as I don't have a "plus" based IOS and hence they chopped that feature out of the 837 i'm using.

    Anyway, as far as the two Cisco books i'm working from go, NBAR has a couple of things you should know:

    1) RTP is already a classification of application from Cisco. New ones can either be downloaded from Cisco in the form of PDLM files, or created yourself using the ip nbar custom command.

    2) You apparently need to issue a ip nbar protocol-discovery command on the relevant interface to view and classify the protocols

    As far as your config goes, that looks right. The books say to create the class maps (that define which packets we're going to match), then to define the QoS policy, and then to apply the QoS policy to an interface. Your config appears to do that, and has RTP header compression turned on (which is apparently a good thing for QoS), and ef is expedited forwarding (the highest diffserv tag).

    The reason I wanted to delve deeper into it was because I wasn't 100% sure RTP was going to be captured and tagged purely on those (7000-7499 and 9000-9030) ports, and so wanted a system of identifying and labelling the traffic easily. Apparently there's about 30 different subsections of the match protocol rtp command, which deal with the relevant CODECs used. the audio parameter separates it into all the audio CODECs (as opposed to the video ones as well), but you can also go further and specify things such as G.729 etc, which may be more relevant for you in a more congested network.

    Anyhow, thanks for the config details and the confidence that i'm not talking out of my bumhole :) All I need to do now is to get some more flash memory and a "plus" IOS and i'll be with you :)

    Cheers,
    Mike.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. mickp

    Joined:
    Jun 9, 2008
    Messages:
    72
    Likes Received:
    0
    Hey Mike,

    Thanks for the clarification re: nbar. I'll definitely be checking out the "ip nbar custom" options and poking about some more to see what more can be done. SDM setup the ip nbar protocol-discovery option for me so no worries there.

    Thanks also for some confidence that I'm on the right path here. It would be nice if a ccie would pop in and offer a recommended 3cx config but also less fun :)

    Mick.
     
  5. future-data.biz

    Joined:
    Oct 15, 2007
    Messages:
    26
    Likes Received:
    0
    Hi Mick,

    If you need a more granular QoS config, let me know. I am a Cisco CCIE and have a number of deployments out there using Cisco routers for WAN facing QoS. Remember to also configure QoS correctly inside your LAN. You will find that your ISP dos not honour qos if its standard grade dsl. What you need to do is clean up qos inside your network so that when you are talking on the phone and your pc is doing "what ever", you want the voice packets to be prioritised. You can apply this theory to 1 phone or 1000's of phones.

    A good way to handle voice quality if you or your customer can afford it is to have a Voice only dsl connection and a data only dsl connection. Depending on the size of your company, dsl for voice and 4 simultaneous calls should be okay. Check with your voip provider and make sure you can get G729 codecs running across your SIP trunk (Also make sure your 3CX version supports G729).This helps to get more calls across your SIP trunk. If you go for this option, the voice quality is improved (especially that internet traffic is running on the alternate dsl connection). Now days, dsl connections are quite inexpensive, so it may be a good option for you. What you will need for this type of setup though is a good layer 3 switch to handle the multiple subnets for alternate route paths. Once its setup, your customer does not nromally complain unless his dsl goes down or he has maxed his dsl upstream limit for the ammount of calls he is making.

    Setting up your network: I normally setup the voice network in one VLAN and the data network in another VLAN. Set your phones to use 802.1q trunking if the support is there so that the 2 port switch at the back of the phone (depending on your phone make) can use one port for the connection to the network switch and the other to the users PC. The switch port should be configured to carry both the data and voice vlan. This is called 802.1q trunking. Make sure your phone is configured to handle the trunk. Most modern phones can do this. This is inexpensive if you know what switches support trunking and at what price point. The Linksys One layer 3 switch supports trunking and of course layer switching/routing so that you can have this type of setup. Works very well. You can buy Cisco layer 3 switches if its in your budget. A much better option by far.

    If you or your customer can afford it, you should invest in the Cisco layer3 switches to benefit from really granular qos controls. Makes all the difference in a voice deployment.

    With regard to your ip nbar custom option, it all depends on your IOS version and of course your router. You can configure it quite simply. I do think that SDM will probably not be too helpful here. Good old fashioned CLI configuration is required. Cisco's web site has hundreds of qos examples, you just need to search for them. I can offer assistance with a good 3CX qos config, but it will be generic and will need tweaking to support your dsl connection. Here is a link for you that may start you on the correct path (keeping it fun as per your last post!!):


    http://www.cisco.com/en/US/docs/routers/access/800/820/software/configuration/guide/advconf.html



    Anyway, hope this helps.

    KInd regards

    Robert Thompson, CCIE#10302
     
  6. Pentangle

    Pentangle Member

    Joined:
    Dec 6, 2007
    Messages:
    261
    Likes Received:
    0
    Hi Robert,

    Thanks for the info. Could you possibly do a generic QoS config for an 877, and also critique whether we're on the right track as regards the NBAR classification as per the above posts? Also, is LAN QoS really *that* important inside the organisation if you're not saturating the port?

    Cheers,
    Mike.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. future-data.biz

    Joined:
    Oct 15, 2007
    Messages:
    26
    Likes Received:
    0
    Hi Mike,

    Your config looks fine. To see if its doing the trick, do the following when you are in a call (clear the router interface counters first by issuing "clear counters" at the command prompt):

    on the router cli command prompt issue the following command:

    show policy-map interface di0 ---> this is your dialer interface for the dsl connection, I picked this up from your config

    This will show a list of statistics on the port and will also tell you if the interface QoS is working by showing packet statistics per class configured.

    QoS on the LAN is very important even if you have one PC connected to it. Lets say you are speaking to a customer and you browse the internet. Those internet packets are transmitted and received by your router, which then connects to your LAN port and delivers the data to your PC. That LAN port is the same port the outputs packets to the WAN interface (IE - they traverse the LAN port to be processed by the router and outputted by the WAN port, in your case a dialer interface mapped to and ATM ..dsl...interface). You should always configure QoS on inbound and outbound interfaces so that when congestion is experienced, correct packet tagging and queuing takes place. It makes for a really good voice call (remember that your ISP will not honour QoS unless you have paid for it. Standard business DSL or Home DSL ISP's do not honour QoS.)


    Here is an output of some policy maps configured on a cisco router when a call is in progress (counters were cleared to show these stats). The show commands of for both inbound and outbound interfaces (LAN and WAN port)

    rtr1# sh policy-map int f0
    FastEthernet0

    Service-policy input: Packet-Tagging

    Class-map: VoIP-Class-Inbound (match-any)
    1825 packets, 393365 bytes
    5 minute offered rate 15000 bps, drop rate 0 bps
    Match: access-group name VOIP
    1825 packets, 393365 bytes
    5 minute rate 15000 bps
    Match: ip dscp 46
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 72000 bps, bc 9000 bytes
    conformed 1567 packets, 338070 bytes; actions:
    set-prec-transmit 7
    exceeded 258 packets, 55295 bytes; actions:
    set-prec-transmit 7
    conformed 14000 bps, exceed 7000 bps,

    Class-map: Hi-Class-Inbound (match-any)
    122 packets, 7432 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name High
    122 packets, 7432 bytes
    5 minute rate 0 bps
    Match: ip dscp 46
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 85000 bps, bc 10000 bytes
    conformed 123 packets, 7492 bytes; actions:
    set-prec-transmit 6
    exceeded 0 packets, 0 bytes; actions:
    set-dscp-transmit 5
    conformed 0 bps, exceed 0 bps,

    Class-map: Med-Class-Inbound (match-any)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name Medium
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 43000 bps, bc 5000 bytes
    conformed 0 packets, 0 bytes; actions:
    set-prec-transmit 4
    exceeded 0 packets, 0 bytes; actions:
    set-prec-transmit 3
    conformed 0 bps, exceed 0 bps,

    Class-map: class-default (match-any)
    9 packets, 1158 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    QoS Set
    ip precedence 1
    Packets marked 9


    rtr1#sh policy-map int di1
    Dialer1

    Service-policy output: Packet-Queueing

    Class-map: VoIP-Class-Outbound (match-any)
    1823 packets, 378461 bytes
    5 minute offered rate 8000 bps, drop rate 0 bps
    Match: ip precedence 7
    1823 packets, 378461 bytes
    5 minute rate 8000 bps
    Weighted Fair Queueing
    Strict Priority
    Output Queue: Conversation 24
    Bandwidth 50 (%)
    Bandwidth 28 (kbps) Burst 700 (Bytes)
    (pkts matched/bytes matched) 0/0
    (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
    51 packets, 11057 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Weighted Fair Queueing
    Output Queue: Conversation 25
    Bandwidth remaining 95 (%)
    (pkts matched/bytes matched) 0/0
    (depth/total drops/no-buffer drops) 0/0/0
    exponential weight: 9
    mean queue depth: 0

    class Transmitted Random drop Tail drop Minimum Maximum Mark
    pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
    0 0/0 0/0 0/0 20 40 1/10
    1 10/1340 0/0 0/0 22 40 1/10
    2 0/0 0/0 0/0 24 40 1/10
    3 0/0 0/0 0/0 26 40 1/10
    4 0/0 0/0 0/0 28 40 1/10
    5 0/0 0/0 0/0 30 40 1/10
    6 36/9425 0/0 0/0 32 40 1/10
    7 0/0 0/0 0/0 34 40 1/10
    rsvp 0/0 0/0 0/0 36 40 1/10

    hope this helps

    Regards

    Rob
















    thompson-rtr1# sh policy-map int f0
    FastEthernet0

    Service-policy input: Packet-Tagging

    Class-map: VoIP-Class-Inbound (match-any)
    1825 packets, 393365 bytes
    5 minute offered rate 15000 bps, drop rate 0 bps
    Match: access-group name VOIP
    1825 packets, 393365 bytes
    5 minute rate 15000 bps
    Match: ip dscp 46
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 72000 bps, bc 9000 bytes
    conformed 1567 packets, 338070 bytes; actions:
    set-prec-transmit 7
    exceeded 258 packets, 55295 bytes; actions:
    set-prec-transmit 7
    conformed 14000 bps, exceed 7000 bps,

    Class-map: Hi-Class-Inbound (match-any)
    122 packets, 7432 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name High
    122 packets, 7432 bytes
    5 minute rate 0 bps
    Match: ip dscp 46
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 85000 bps, bc 10000 bytes
    conformed 123 packets, 7492 bytes; actions:
    set-prec-transmit 6
    exceeded 0 packets, 0 bytes; actions:
    set-dscp-transmit 5
    conformed 0 bps, exceed 0 bps,

    Class-map: Med-Class-Inbound (match-any)
    0 packets, 0 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: access-group name Medium
    0 packets, 0 bytes
    5 minute rate 0 bps
    police:
    cir 43000 bps, bc 5000 bytes
    conformed 0 packets, 0 bytes; actions:
    set-prec-transmit 4
    exceeded 0 packets, 0 bytes; actions:
    set-prec-transmit 3
    conformed 0 bps, exceed 0 bps,

    Class-map: class-default (match-any)
    9 packets, 1158 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    QoS Set
    ip precedence 1
    Packets marked 9


    thompson-rtr1#sh policy-map int di1
    Dialer1

    Service-policy output: Packet-Queueing

    Class-map: VoIP-Class-Outbound (match-any)
    1823 packets, 378461 bytes
    5 minute offered rate 8000 bps, drop rate 0 bps
    Match: ip precedence 7
    1823 packets, 378461 bytes
    5 minute rate 8000 bps
    Weighted Fair Queueing
    Strict Priority
    Output Queue: Conversation 24
    Bandwidth 50 (%)
    Bandwidth 28 (kbps) Burst 700 (Bytes)
    (pkts matched/bytes matched) 0/0
    (total drops/bytes drops) 0/0

    Class-map: class-default (match-any)
    51 packets, 11057 bytes
    5 minute offered rate 0 bps, drop rate 0 bps
    Match: any
    Weighted Fair Queueing
    Output Queue: Conversation 25
    Bandwidth remaining 95 (%)
    (pkts matched/bytes matched) 0/0
    (depth/total drops/no-buffer drops) 0/0/0
    exponential weight: 9
    mean queue depth: 0

    class Transmitted Random drop Tail drop Minimum Maximum Mark
    pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
    0 0/0 0/0 0/0 20 40 1/10
    1 10/1340 0/0 0/0 22 40 1/10
    2 0/0 0/0 0/0 24 40 1/10
    3 0/0 0/0 0/0 26 40 1/10
    4 0/0 0/0 0/0 28 40 1/10
    5 0/0 0/0 0/0 30 40 1/10
    6 36/9425 0/0 0/0 32 40 1/10
    7 0/0 0/0 0/0 34 40 1/10
    rsvp 0/0 0/0 0/0 36 40 1/10
     
  8. cyberspot

    Joined:
    May 12, 2008
    Messages:
    87
    Likes Received:
    0
    Hi

    I agree with you also for the way you handle traffic i believe this is the best way one vlan for data second vlan for voice but
    i have a question what if you have softphones
    How you handle voice traffic in this situation
    Is there other way except recognize which traffic is voice and which data ?
    I have used hp procurve switches and i think that is very good choice for lan edge solution with lower cost. But for a backbone switch i vote also layer 3 cisco switch

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.