[c-nsp] 3750 with IP-BASE, QoS

John Gill johgill at cisco.com
Thu Dec 8 17:44:38 EST 2011

Hi Mark,
You can use a policer to mark on conform and exceed, but you can mark 
separately from a policer configuration as well:

One can police on ingress, but we already drop within the output queues 
based on the queue or buffer available.  I don't believe the OP is 
looking to drop traffic unless it's lower priority under congestion, 
perhaps Joe can clarify?  If you prioritize your traffic on egress you 
will guarantee the rate you configure in the worst case scenario and 
will not limit it during times of no congestion.  A policer would work 
well in the scenario where you have a contractual agreement with 
downstream subscribers and they have to pay for overage.  Why limit 
yourself with a policer during times of no congestion?

One thing I can't determine is what the egress interface is, if it's an 
enterprise 1Gb/s port or maybe a transparent LAN service, maybe Joe can 
expand on that. If it is a sub-rate ethernet interface, there is another 
feature on this platform that can idle the Tx interface to make these 
ratios comparable for something less than line rate.  The srr-queue 
bandwidth-limit command will let you assume the interface is a different 
speed, and the ratios of bandwidth can be calculated off of this new value.

John Gill

On 12/8/11 4:48 PM, Mack McBride wrote:
> Errr not to be contrary but you use input policing to mark(classify) CoS on conform and exceed.
> I don't think the OP wants to use drop though.
> Mack
> -----Original Message-----
> From: John Gill [mailto:johgill at cisco.com]
> Sent: Thursday, December 08, 2011 2:20 PM
> To: Mack McBride
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] 3750 with IP-BASE, QoS
> Well, you wouldn't want to police unless there was congestion.  The 3750 can use shared SRR queues as well as priority queuing to guarantee strict priority.
> You will need to familiarize yourself with the QoS operations in the
> plagform:
> http://www.cisco.com/en/US/products/hw/switches/ps5023/products_tech_note09186a0080883f9e.shtml
> You can use the access lists to classify this traffic into different DSCP or COS values, and then map those values to the desired queue and threshold.
>   From there, you can then configure your srr queuing to guarantee a % of the time to a given queue.  Note you cannot set a bandwidth in Mb/s, but rather a ratio of weights will be used.
> For example:
> srr-queue bandwidth share 10 20 30 40
> priority-queue out
> This means if there is traffic in the priority queue, it is serivced.
> While there is no traffic in the priority queue, you will see queue 1 get 10/100 or 10% of the interface time to transmit, guaranteed (again, assuming no priority traffic).  If that is a 1Gb/s interface, that's 100Mb.  If it was a 100Mb/s interface, you would be guaranteeing 10Mb/s.
>    You can adjust the shared values accordingly to get acceptable numbers, the range is 1-255 last time I checked.
> Regards,
> John Gill
> cisco
> On 12/8/11 2:24 PM, Mack McBride wrote:
>> On the 3750 you would use a police statement with rate, burst, exceeds and violates.
>> The rate would be your various bandwidths.
>> The burst would be calculated from the rate.
>> It sounds like you only want to push these into queues, so you mark
>> your CoS on input using the police statements.  Then the queue sizes would be set on the various ports.
>> LR Mack McBride
>> Network Architect
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joe Freeman
>> Sent: Thursday, December 08, 2011 12:02 PM
>> To: Cisco-nsp
>> Subject: [c-nsp] 3750 with IP-BASE, QoS
>> I've inherited a site that's a mix of a 3750 stack and Force 10 gear.
>> the 3750 stack is where the layer 3 is happening between vlans in that site. I have a need to implement QoS for some voice traffic.
>> Since the 3750 doesn't do QoS the way the routers do, I'm sort of at a standstill..
>> ip access-list extended AgentVoice1
>> permit tcp XX.XX.XX.0 eq 80 permit tcp
>> XX.XX.XX.0 eq 443 permit tcp
>> XX.XX.XX.0 eq 8081 permit tcp
>> XX.XX.XX.0 eq 8843 permit tcp
>> XX.XX.XX.0 eq 8880 permit tcp
>> XX.XX.XX.0 range 2200 2300 permit udp
>> XX.XX.XX.0 range 1024 65535 permit udp
>> XX.XX.XX.0 range 5060 5063 permit udp
>> XX.XX.XX.0 range 8000 8007
>> ip access-list ext AgentAppsList
>> permit ip host permit ip
>> XX.XX.XX.230 permit ip host
>> permit ip XX.XX.XX.230
>> ip access-list ext AgentVoice2
>> permit ip permit ip
>> permit ip
>> permit ip
>> class-map match-all Voice1
>> descr All voice traffic for agent group 1 match access-group name
>> AgentVoice1
>> class-map match-all AgentApps
>> descr Agent application traffic to/from Agent Applications match
>> access-group name AgentAppsList
>> class-map match-all Agent_Voice_other
>> descr Agent group2 voice traffic
>> match access-group name Agent_Voice2
>> policy-map Basic_QoS
>> class Voice1
>> ! should be set to guarantee 32Mbps, low latency, priority queuing
>> class AgentApps ! should be set to guarantee 8M, normal queuing
>> (mostly http and rdp traffic) class Agent_Voice_other ! should be set
>> to guarantee 12M, low latency, priority queuing class class-default !
>> gets whatever is leftover/available
>> So, the question is... how do I map that into a qos config that works
>> (well) on the 3750?

More information about the cisco-nsp mailing list