[c-nsp] Per-user QoS/Multilink on Virtual-Access interfaces?
Reuben Farrelly
reuben-cisco-nsp at reub.net
Fri Feb 9 09:56:47 EST 2007
Hi,
I've been asked to set up some form of QoS on our LNS so that we can selectively
enable QoS for users who require QoS facilities, but not globally enable it for
all users. Much to my disappointment it seems to be a less than straightforward
excercise in IOS configuration.
The users are all DSL users using PPPoATM into a 7200 NPE-G1. Most are coming
in as VPDN over IP but some are VPDN over ATM PVCs. Currently we have 12.4
mainline on the router which we want to test this on but this can be changed if
required. The users are currently authenticating via RADIUS.
By default, the router applies FIFO to the Virtual-Access interfaces which is no
use for QoS at all.
The initial plan I had was to use per-user QoS which is in 12.4, ie in radius
set this up:
cisco-avpair = "ip:sub-policy-Out=QoS-Policy"
That then applies the QoS policy which has been preconfigured on the LNS, to the
user as they are logging in.
The policy I wanted to do was just to enable a single default class using
fair-queueing per user since I understand that fair-queue is IP DSCP aware.
This would save us configuring loads of per-site QoS policies on the LNS,
instead relying on appropriate IP DSCP marking and outbound queueing on the edge
by the CPEs, which we also manage.
Something like this:
policy-map QoS-Policy
class class-default
fair-queue
Unfortunately debugging shows that the 7200 won't apply any QoS policy to a user
unless they are running PPP Multilink, and it's easy to tell after the
Virtual-Access interface has come up that there is no queueing at all. I've no
issue with running Multilink LFI, as it may well help QoS anyway by fragmenting
large packets up. However it seems that there is no way to enable PPP multilink
*per user* also unless you do aaa preauthentication, which is of course only
available on the AS5xx0s and only works on ISDN.
I've tested the QoS policy avpair above by globally enabling PPP multilink and
fair-queue on the Virtual-Template interface and then logging in, and then
retesting it with the QoS policy picked up via RADIUS, and sure enough, the
per-user policy is applied. However I'm not game to globally PPP multilink for
all users either for fear of the potential impact that this might cause end
users given it also can't be turned off per-user either.
I would have thought this would have been dead easy to do, has anyone else tried
or managed to get per-user QoS working under IOS on VPDN sessions?
If so, what code did you use, and what was the trick? Is there a completely
alternative approach different to what I am thinking which actually will achieve
my objective as outlined in my first paragraph?
Thanks,
Reuben
More information about the cisco-nsp
mailing list