[c-nsp] configure 876 with qos

Tue Jul 17 04:55:41 EDT 2007

Hello,

The right place to activate policy-map in case of DSL WAN connection 
is PVC inside interface ATM0:

interface ATM0
 pvc x/y
  cbr <speed>
  service-policy output voice

where <speed> is the bandwidth in kilobits/s in upload direction of 
your DSL line. This bandwidth needs to include ATM headers and also 
depends on size of IP packets transmitted through the line.
I have best practices when using:
atm_bandwidth = 1.13 * ip_bandwidth

There is another useful command inside pvc configuration:
tx-ring-limit <size>

It is used to lower hardware queue of ATM interface. This is very 
important when you want to prioritize delay/jitter sensitive data. 
The right value depends on average size of transmitted packets, 
setting the size to 3-5 should be safe.

When you use IPSec, then data leaving uplink interface are already 
encrypted, so the policy-map is not able to match packets based on 
ACL. You should put 'qos pre-classify' command under crypto map 
configuration to ensure the right function of your QoS.

regards
Ivan

On Tuesday 17 July 2007 09:31, Ahmad Cheikh Moussa wrote:
> Hi Guys,
>
> Brad Henshaw wrote:
> > As suggested by others, in short, you probably want to attach
> > this policy as an output service-policy on the egress port
> > rather than an input policy on the ingress port.
>
> Yes, this was my first idea too. I tried to implement it
> with priority queuing on the outside interface. In this case
> a dialer interface, configured for pppoe and ipsec. The VoiP
> traffic should go through the ipsec vpn tunnel. But my first
> tries wasn't succesfull. Therefore I wanted to try, what happens
> if I activate it on the inside interface, in this case the vlan 1.
> The config I have paste to the list was one of my last tries, so
> it can be that it is a little bit senseless, but I wanted to find
> out , why this error occured.
>
> >What exactly are you trying to achieve? Do you simply want to
> >provide priority to all traffic that matches your ACL?
> >(i.e. such traffic will be dequeued first on egress)
>
> What I want to achieve is, a soho environment for a customer, which
> is capable for voip. One Router, one or two IP Phones and qos for
> voip traffic. I still not know, why I got this error message on the
> ingress interface (vlan 1), but this was only a test.
>
> The original config was :
>
> class-map match-all TEST_VOICE
>  match access-group name qos
> !
> !
> policy-map voice
>  class TEST_VOICE
>   priority 128
>
> interface Dialer1
>  description DSL LAN
>  bandwidth 1024
>  ip address negotiated
>  ip nat outside
>  crypto ipsec client ezvpn TEST
>  service-policy output voice
>
>
> What I do not understand is, why I do not have any matches ?
>
> IP Address IP Phone: 10.2.1.1
>
> Router#sh ip access-lists nat
> Extended IP access list nat
>     10 deny ip 10.2.1.0 0.0.0.255 10.1.1.0 0.0.255.255 (21868
> matches) 20 permit ip 10.2.1.0 0.0.0.255 any (67 matches)
>
>
> Router#sh ip access-lists qos
> Extended IP access list qos
>     10 permit ip host 10.2.1.1 10.1.1.0 0.0.0.255
>
>
>
>
> Router#show policy-map interface dialer 1
>  Dialer1
>
>   Service-policy output: voice
>
>     Class-map: TEST_VOICE (match-all)
>       0 packets, 0 bytes
>       5 minute offered rate 0 bps, drop rate 0 bps
>       Match: access-group name qos
>       Queueing
>         Strict Priority
>         Output Queue: Conversation 264
>         Bandwidth 128 (kbps) Burst 3200 (Bytes)
>         (pkts matched/bytes matched) 0/0
>         (total drops/bytes drops) 0/0
>
>     Class-map: class-default (match-any)
>       22 packets, 1804 bytes
>       5 minute offered rate 0 bps, drop rate 0 bps
>       Match: any
> Router#
>
>
>
>
> Regards,
>  Ahmad