[c-nsp] Per-user QoS/Multilink on Virtual-Access interfaces?

Reuben Farrelly reuben-cisco-nsp at reub.net
Fri Feb 9 09:56:47 EST 2007 

Hi,

I've been asked to set up some form of QoS on our LNS so that we can selectively 
enable QoS for users who require QoS facilities, but not globally enable it for 
all users.  Much to my disappointment it seems to be a less than straightforward 
excercise in IOS configuration.

The users are all DSL users using PPPoATM into a 7200 NPE-G1.  Most are coming 
in as VPDN over IP but some are VPDN over ATM PVCs.   Currently we have 12.4 
mainline on the router which we want to test this on but this can be changed if 
required.  The users are currently authenticating via RADIUS.

By default, the router applies FIFO to the Virtual-Access interfaces which is no 
use for QoS at all.

The initial plan I had was to use per-user QoS which is in 12.4, ie in radius 
set this up:

cisco-avpair = "ip:sub-policy-Out=QoS-Policy"

That then applies the QoS policy which has been preconfigured on the LNS, to the 
user as they are logging in.

The policy I wanted to do was just to enable a single default class using 
fair-queueing per user since I understand that fair-queue is IP DSCP aware. 
This would save us configuring loads of per-site QoS policies on the LNS, 
instead relying on appropriate IP DSCP marking and outbound queueing on the edge 
by the CPEs, which we also manage.

Something like this:

policy-map QoS-Policy
   class class-default
     fair-queue

Unfortunately debugging shows that the 7200 won't apply any QoS policy to a user 
unless they are running PPP Multilink, and it's easy to tell after the 
Virtual-Access interface has come up that there is no queueing at all.  I've no 
issue with running Multilink LFI, as it may well help QoS anyway by fragmenting 
large packets up.  However it seems that there is no way to enable PPP multilink 
*per user* also unless you do aaa preauthentication, which is of course only 
available on the AS5xx0s and only works on ISDN.

I've tested the QoS policy avpair above by globally enabling PPP multilink and 
fair-queue on the Virtual-Template interface and then logging in, and then 
retesting it with the QoS policy picked up via RADIUS, and sure enough, the 
per-user policy is applied.  However I'm not game to globally PPP multilink for 
all users either for fear of the potential impact that this might cause end 
users given it also can't be turned off per-user either.

I would have thought this would have been dead easy to do, has anyone else tried 
or managed to get per-user QoS working under IOS on VPDN sessions?

If so, what code did you use, and what was the trick?  Is there a completely 
alternative approach different to what I am thinking which actually will achieve 
my objective as outlined in my first paragraph?

Thanks,
Reuben

More information about the cisco-nsp mailing list