[c-nsp] Question about CBWFQ and PING times

Andy Saykao andy.saykao at staff.netspace.net.au
Tue Mar 24 20:15:52 EDT 2009 

Hi All,
 
Two questions...
 
1/ We have a 200mb link between two POPS that is being congested in the
evening. Congestion is happening on the outbound direction from POP2 to
POP1, so from a user's perspective in GROUP1 it would be impacting their
download.
 
[GROUP1] --> [ POP1] <--> [POP2] --> [HOSTED SERVICES + INTERNET]
 
Users in GROUP1 traverse POP1 and POP2 to reach the Internet and hosted
services (eg: dns, web, etc). During periods of congestion, I would like
to ensure that users in GROUP1 have bandwidth readily available to
access our hosted services. To do this I have used CBWFQ and applied the
service-policy on the POP2 router in the outbound direction.
 
class-map match-all POP2-POP1-PRIORITY-CLASS
  match access-group name POP2-POP1-PRIORITY-ACL
!
policy-map POP2-POP1-QOS-POLICY
  class POP2-POP1-PRIORITY-CLASS
    bandwidth percent 5
  class class-default
    random-detect
!
ip access-list extended POP2-POP1-PRIORITY-ACL
 permit ip <DNS_SERVER_FARM> any
 permit ip <WEB_SERVER_FARM> any
!
interface GigabitEthernet4/0/2
 service-policy output POP2-POP1-QOS-POLICY

I can see matches for this when doing a show policy-map interface. Is it
as simple as this to ensure that users in GROUP1 will be assured of
bandwidth to access our hosted services?

2/ If I wanted to prioritze ping times between POP1 to POP2, how would
this be done? During non-congested periods, a ping from POP1 to POP2
will have a round trip time of less than 20ms. During congestion, this
jumps up to over 150ms. Can you prioritze the ping response so that
during congestion, the round trip times are still relatively low. I
tried permitting ICMP to the ACL above, but it didn't make any
difference to the ping time.
 
eg:
 
ip access-list extended POP2-POP1-PRIORITY-ACL
 permit ip <DNS_SERVER_FARM> any
 permit ip <WEB_SERVER_FARM> any
 permit icmp any any
 permit icmp any any echo-reply
 permit icmp any any traceroute

In desperation, I even tried putting everything into the LLQ, but no
change to the ping times. 
 
eg:
 
policy-map POP2-POP1-QOS-POLICY
  class POP2-POP1-PRIORITY-CLASS
    priority percent 5
  class class-default
    random-detect
 
I thought with the ping traffic being in the LLQ they would be serviced
first, but not so. Could it be that eventhough the ping packets are
being placed in the hardware queue before any other packets in the
software queues, they still have to wait their turn to be serviced while
in the hardware queue. So if there are already a lot of packets in the
hardware queue, the ping packets in there will suffer and just have to
wait their turn?? I'm just trying to understand the queuing mechanisms
between the hardware and software queues and whether there's a way to
prioritize ping times.
 
Any help with the two above scenarios would be greatly appreciated.
 
Thanks.
 
Andy

More information about the cisco-nsp mailing list