Low latency queueing over Tunnel interfaces

Discussion in 'Cisco' started by Scooty, Aug 30, 2006.

  1. Scooty

    Scooty Guest

    Hi
    Can anyone tell me if you can do low latency queueing over tunnel
    interfaces?
    We wish to setup some QOS for a client between their sites over the
    tunnels that are currently in place
    Here are tags used for Qos.
    Priority Class for Signaling Data: AF31
    Priority Class for Fax/Modem Payload: AF11
    Priority Class for Network Control: CS7
    Priority Class for Voice Payload: EF
    QoS Procedure: Autodetect

    Any suggestions and or pointers would be most welcome

    Regards

    Scott
    Scooty, Aug 30, 2006
    #1
    1. Advertising

  2. Scooty

    KingKey Guest

    Maybe this document will help.
    http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804dfa7f.html

    Thanks,
    KK


    Scooty wrote:
    > Hi
    > Can anyone tell me if you can do low latency queueing over tunnel
    > interfaces?
    > We wish to setup some QOS for a client between their sites over the
    > tunnels that are currently in place
    > Here are tags used for Qos.
    > Priority Class for Signaling Data: AF31
    > Priority Class for Fax/Modem Payload: AF11
    > Priority Class for Network Control: CS7
    > Priority Class for Voice Payload: EF
    > QoS Procedure: Autodetect
    >
    > Any suggestions and or pointers would be most welcome
    >
    > Regards
    >
    > Scott
    KingKey, Aug 30, 2006
    #2
    1. Advertising

  3. Scooty

    Guest

    KingKey wrote:
    > Maybe this document will help.
    > http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00804dfa7f.html
    >
    > Thanks,
    > KK
    >
    >
    > Scooty wrote:
    > > Hi
    > > Can anyone tell me if you can do low latency queueing over tunnel
    > > interfaces?
    > > We wish to setup some QOS for a client between their sites over the
    > > tunnels that are currently in place
    > > Here are tags used for Qos.
    > > Priority Class for Signaling Data: AF31
    > > Priority Class for Fax/Modem Payload: AF11
    > > Priority Class for Network Control: CS7
    > > Priority Class for Voice Payload: EF
    > > QoS Procedure: Autodetect
    > >
    > > Any suggestions and or pointers would be most welcome


    OK.

    This really, really works.
    I have been hacking at this for about a year and
    finally, recently, I got it to actually work.
    One problem is that the behaviour varies between platforms.
    To me this is not at all documented on CCO.

    The following does work on a 2801 and does not work on an 837.
    It looks like it will work on an 877/878. It does not work on an 857.

    Shapes then priority queues.

    class-map match-any ClM.voice
    match dscp ef
    match dscp cs3
    match access-group name ACL.voice.sources
    ! above line is hack since our QoS is not really OK,
    !
    !
    policy-map PM.450000.child
    class ClM.voice
    priority 200 ! 200kbps for voice
    set dscp ef ! We need to set the DSCP values for pkts that
    ! are not already set since once it is in the
    GRE then IPSEC
    ! tunnel we cannot match by address.
    policy-map PM.450000.parent
    class class-default
    shape average 450000 ! this is for a 512k ADSL. //BE CONSERVATIVE//
    !! 256k link is OK with 210000 but gets wrecked with 220000.
    service-policy PM.450000.child

    interface Tunnel17000
    ip address 172.19.6.1 255.255.255.252
    service-policy output PM.450000.parent

    The above tunnel is over an ADSL with 512k bps.

    The plan is to shape the traffic so that the ADSL can handle it
    when it gets there and then to prioritise voice traffic within that
    limit.


    Here is some stuff I wrote the other day -
    It is the whole thing, proven test results everything.
    QoS over tunnels really works.


    We can control the behaviour of a slow interface (say an ADSL)
    with/from a tunnel.

    This works on a 2801 by the way: (yes really really works)

    Not on 837:-(

    flash:c2800nm-advipservicesk9-mz.124-8.bin

    class-map match-any ClM.voice
    match dscp ef
    match dscp cs3
    match access-group name ACL.voice.sources ! dscp not working
    correctly so use addresses
    ! should do something for
    ospf too.

    !Hierarchical policy maps:

    policy-map PM.450000.child
    class ClM.voice
    priority 200
    set dscp ef ! set DSCP so that tunnel and crypto traffic
    can be matched.

    policy-map PM.450000.parent
    class class-default
    shape average 450000 ! FIRST shape to 512k (inc crypto)
    service-policy PM.450000.child ! SECOND do priority queuing as
    defined in ...child.


    interface Tunnel17000
    ip address 172.17.6.1 255.255.255.252
    ip access-group ACL.block.home-home in
    ip mtu 1400 ! We do crypto later, avoid double fragmentation.
    ip tcp adjust-mss 1360
    ip ospf cost 1
    load-interval 30
    keepalive 7 3 ! for management but choose timer to bring down OSPF
    ! to avoid interference with ospf hello timer
    ! WHY NOT try to keep clear of bugs?
    tunnel source FastEthernet0/0
    tunnel destination x.x.x.x
    service-policy output PM.450000.parent

    vpn1#sh policy-map int tu 17000
    Tunnel17000
    Service-policy output: PM.450000.parent ! SHAPING
    Class-map: class-default (match-any)
    813489 packets, 268760589 bytes
    30 second offered rate 1000 bps, drop rate 0 bps
    Match: any
    Traffic Shaping

    Target/Average Byte Sustain Excess Interval
    Increment
    Rate Limit bits/int bits/int (ms)
    (bytes)
    450000/450000 2700 10800 10800 24 1350

    Adapt Queue Packets Bytes Packets Bytes
    Shaping
    Active Depth Delayed Delayed Active
    - 0 813093 249714100 174677 137403351 no !
    not at present

    Service-policy : PM.450000.child ! PRIORITY QUEUING

    Class-map: ClM.voice (match-any)
    261799 packets, 54848070 bytes
    30 second offered rate 0 bps, drop rate 0 bps

    Match: dscp ef (46)
    0 packets, 0 bytes
    30 second rate 0 bps

    Match: dscp cs3 (24)
    0 packets, 0 bytes
    30 second rate 0 bps

    Match: access-group name ACL.voice.sources
    261799 packets, 54848070 bytes
    30 second rate 0 bps

    Queueing
    Strict Priority
    Output Queue: Conversation 40
    Bandwidth 200 (kbps) Burst 5000 (Bytes)
    (pkts matched/bytes matched) 74935/15218890
    (total drops/bytes drops) 0/0
    QoS Set
    dscp ef
    Packets marked 245666

    Class-map: class-default (match-any)
    551690 packets, 213912519 bytes
    30 second offered rate 1000 bps, drop rate 0 bps
    Match: any





    Using: shape average 200000 on our end since we are
    limited in this case by the 256k upload chez moi.


    No load

    H:\>ping 172.17.7.192

    Pinging 172.17.7.192 with 32 bytes of data:
    Reply from 172.17.7.192: bytes=32 time=26ms TTL=250
    Reply from 172.17.7.192: bytes=32 time=28ms TTL=250
    Reply from 172.17.7.192: bytes=32 time=24ms TTL=250
    Reply from 172.17.7.192: bytes=32 time=27ms TTL=250


    10 of these ought to fill it up.
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0
    H:\>start cmd /c fping 172.17.7.192 -i -s 1300 -n 10000 -t 0


    And full it is :)

    Reply[217] from 172.17.7.192: bytes=1300 time = 555 ms TTL=250
    Reply[218] from 172.17.7.192: bytes=1300 time = 524 ms TTL=250
    Reply[219] from 172.17.7.192: bytes=1300 time = 552 ms TTL=250
    Reply[220] from 172.17.7.192: bytes=1300 time = 527 ms TTL=250
    Reply[221] from 172.17.7.192: bytes=1300 time = 552 ms TTL=250
    Reply[222] from 172.17.7.192: bytes=1300 time = 558 ms TTL=250
    Reply[223] from 172.17.7.192: bytes=1300 time = 530 ms TTL=250
    Reply[224] from 172.17.7.192: bytes=1300 time = 545 ms TTL=250
    Reply[225] from 172.17.7.192: bytes=1300 time = 555 ms TTL=250
    Reply[226] from 172.17.7.192: bytes=1300 time = 556 ms TTL=250
    Reply[227] from 172.17.7.192: bytes=1300 time = 526 ms TTL=250

    Ping from VOICE VLAN
    C:\>ping 172.17.7.192 -t
    Pinging 172.17.7.192 with 32 bytes of data:
    Reply from 172.17.7.192: bytes=32 time=82ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=78ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=39ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=78ms TTL=251

    PERFECTO!!! Or even better?

    In action:-

    vpn1#sh policy-map int tu 17000
    Tunnel17000
    Service-policy output: PM.450000.parent
    Class-map: class-default (match-any)
    821618 packets, 276772681 bytes
    30 second offered rate 200000 bps, drop rate 0 bps
    Match: any
    Traffic Shaping
    Target/Average Byte Sustain Excess Interval
    Increment
    Rate Limit bits/int bits/int (ms)
    (bytes)
    200000/200000 2000 8000 8000 40 1000

    Adapt Queue Packets Bytes Packets Bytes
    Shaping
    Active Depth Delayed Delayed Active
    - 9 821214 257523298 181177 144980711 yes

    Service-policy : PM.450000.child

    Class-map: ClM.voice (match-any)
    261923 packets, 54857194 bytes
    30 second offered rate 0 bps, drop rate 0 bps
    Match: dscp ef (46)
    0 packets, 0 bytes
    30 second rate 0 bps
    Match: dscp cs3 (24)
    0 packets, 0 bytes
    30 second rate 0 bps
    Match: access-group name ACL.voice.sources
    261923 packets, 54857194 bytes
    30 second rate 0 bps
    Queueing
    Strict Priority
    Output Queue: Conversation 40
    Bandwidth 200 (kbps) Burst 5000 (Bytes)
    (pkts matched/bytes matched) 75002/15223866
    (total drops/bytes drops) 0/0
    QoS Set
    dscp ef
    Packets marked 245790

    Class-map: class-default (match-any)
    559695 packets, 221915487 bytes
    30 second offered rate 199000 bps, drop rate 0 bps
    Match: any
    vpn1#

    There are no drops since I am using ping to generate the test traffic
    and
    we are just waiting for the return traffic to come back before we send
    anything else.

    Crap I know but it's what there is right now.



    Now add a voice call:- (G.711 codec)

    RTT doubles

    Reply[947] from 172.17.7.192: bytes=1300 time = 995 ms TTL=250
    Reply[948] from 172.17.7.192: bytes=1300 time = 1000 ms TTL=250
    Reply[949] from 172.17.7.192: bytes=1300 time = 980 ms TTL=250
    Reply[950] from 172.17.7.192: bytes=1300 time = 1002 ms TTL=250
    Reply[951] from 172.17.7.192: bytes=1300 time = 1004 ms TTL=250
    Reply[952] from 172.17.7.192: bytes=1300 time = 980 ms TTL=250
    Reply[953] from 172.17.7.192: bytes=1300 time = 1021 ms TTL=250
    Reply[954] from 172.17.7.192: bytes=1300 time = 996 ms TTL=250
    Reply[955] from 172.17.7.192: bytes=1300 time = 981 ms TTL=250
    Reply[956] from 172.17.7.192: bytes=1300 time = 1014 ms TTL=250
    Reply[957] from 172.17.7.192: bytes=1300 time = 966 ms TTL=250
    Reply[958] from 172.17.7.192: bytes=1300 time = 1010 ms TTL=250
    Reply[959] from 172.17.7.192: bytes=1300 time = 996 ms TTL=250


    >From voice VLAN addresses:-

    PING RTT unchanged by adding voice call

    C:\>ping 172.17.7.192 -t

    Pinging 172.17.7.192 with 32 bytes of data:

    Reply from 172.17.7.192: bytes=32 time=89ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=91ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=91ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=92ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=93ms TTL=251
    Reply from 172.17.7.192: bytes=32 time=95ms TTL=251

    vpn1#sh policy-map int tu 17000
    Tunnel17000

    Service-policy output: PM.450000.parent

    Class-map: class-default (match-any)
    829781 packets, 282801361 bytes
    30 second offered rate 201000 bps, drop rate 0 bps
    Match: any
    Traffic Shaping
    Target/Average Byte Sustain Excess Interval
    Increment
    Rate Limit bits/int bits/int (ms)
    (bytes)
    200000/200000 2000 8000 8000 40 1000

    Adapt Queue Packets Bytes Packets Bytes
    Shaping
    Active Depth Delayed Delayed Active
    - 15 829370 263354478 189333 150811891 yes

    Service-policy : PM.450000.child

    Class-map: ClM.voice (match-any)
    265516 packets, 55656742 bytes
    30 second offered rate 82000 bps, drop rate 0 bps
    Match: dscp ef (46)
    0 packets, 0 bytes
    30 second rate 0 bps
    Match: dscp cs3 (24)
    0 packets, 0 bytes
    30 second rate 0 bps
    Match: access-group name ACL.voice.sources
    265516 packets, 55656742 bytes
    30 second rate 82000 bps
    Queueing
    Strict Priority
    Output Queue: Conversation 40
    Bandwidth 200 (kbps) Burst 5000 (Bytes)
    (pkts matched/bytes matched) 78595/15937266
    (total drops/bytes drops) 0/0
    QoS Set
    dscp ef
    Packets marked 249383

    Class-map: class-default (match-any)
    564265 packets, 227144619 bytes
    30 second offered rate 117000 bps, drop rate 0 bps
    Match: any




    ###########################################
    # Has anyone managed to get crypto queuing working?
    # I set it all up but there is no actual queuing?
    ###########################################
    , Aug 30, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,066
  2. Replies:
    0
    Views:
    379
  3. Mark Williams
    Replies:
    2
    Views:
    793
    clubfoot
    Apr 25, 2006
  4. Replies:
    2
    Views:
    8,786
    Michael Newbery
    Jun 19, 2006
  5. Replies:
    2
    Views:
    795
    Johann Lo
    Feb 9, 2008
Loading...

Share This Page