6 Replies Latest reply on Sep 6, 2013 10:31 AM by levi

    QOS best options for prioritizing traffic

    pebo New Member

      Hi All,

      I am trying to setup traffic shaping to prioritize traffic to or from all of my /24 public subnet over a single address (xx.xx.xx.253/32) in this subnet.  What is the best map option without setting firm bandwidth limits?  (DSCP, Precedence, CoS)

      I have a NV3458 setup as a BGP router in front of my firewall that PATs all user traffic.  I want to insure that other vpn routers that connect to the BGP router's switch ports will have access first.

       

      I think I understand the concept that I will mark the PAT'd users packets with a lower value than all the rest of the packets and assume I will put this on the LAN Zone, but I am confused with all the options after that.
      Sorry for such a nubie question, but I can't seem to get my head around this one.  I have downloaded and read through the "CONFIGURING QOS in AOS" pdf.  Is there any other documents or samples that would be better?

        • Re: QOS best options for prioritizing traffic
          levi Employee

          pebo:

           

          Thank you for asking this question in the support community.  Is there any additional information you can provide such as a network diagram?  I'm not sure which traffic and from where you are attempting to prioritize.  If you get a chance, please provide some additional information about the design and what traffic you would like to prioritize.

           

          Please, do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

           

          Levi

            • Re: QOS best options for prioritizing traffic
              pebo New Member

              I have 2 ISPs providing 10 MB each on eth0/1 y.y.y.y and eth0/2 z.z.z.z.   The switchports are on VLAN67 ( 67.x.x.254/24) - the "LAN" side goes to a switch which has my firewall (67.x.x.253) and other VPN routers for vendor access to the DMZ.  I want to give all 67.x.x.x ips priority over 67.x.x.253 so the VPN traffic is guarantied access in and out.   I tried setting a QOS map at the eth0/1 & 0/2 to mark the VPN traffic as AF11 or AF12 but it didn't help.

               

              Message was edited by: pebo I see the incoming traffic on Eth0/1 or Eth0/2  hit 97+%  at times and the VPN tunnels collapse causing all kinds of business problems. I have attached a QOS status output of VLAN67 during a low traffic time period.

                • Re: QOS best options for prioritizing traffic
                  levi Employee

                  pebo:

                   

                  Thank you for replying with the additional information.  There are several important things to keep in mind regarding quality of service (QoS).   

                   

                  In your application, without the firewall, and the WAN connection only being 10 Mbps, the unit will be able to process the traffic nearly at wire speed.  However, for QoS to be implemented on an Ethernet interface, you will need to configure traffic-shaping, because by default, the unit will think it has the entire 100 Mbps bandwidth, when actually, it only has 10 Mbps.  Therefore, you will need to add the command traffic-shape rate 10000000 to the WAN interface (Eth 0/2; Ethernet 0/1 is already hard set to 10 Mbps in the ADTRAN configuration).

                   

                  In the configuration you attached, you do not have QoS setup outbound on either of the ISP facing Ethernet interfaces.  I would recommend configuring this, as that is where the network constriction point is (not the LAN).  Since the LAN is 100 Mbps, but there will never be more than a theoretical max input from both ISPs of 20 Mbps, the unit will have no problems sending traffic toward the LAN; however, it could be congested when sending traffic outbound, which is why I would suggest setting the QoS maps on the WAN interfaces outbound.

                   

                  Let me know what questions you have.

                   

                  Levi

                  1 of 1 people found this helpful
                    • Re: QOS best options for prioritizing traffic
                      pebo New Member

                      Levi,

                       

                      Because most of my congestion on my WAN interfaces is inbound.  I have setup some QOS maps to mark the packets coming in by thier destinations and am limiting users inbound traffic on each WAN interface by setting a 7MB out on the LAN interface. All other traffic has unlimited access  Does this make sense?

                       

                      Here is the output from SHOW QOS MAP:

                       

                      qos map eth0/1-ISP_A-IN
                         map entry 10
                           match ACL acl_vpns_DEST
                           set DSCP value to af31 (26)

                         map entry 20
                           match ACL acl_users_DEST
                           set DSCP value to af11 (10)

                         Interfaces using qos map eth0/1-ISP_A-IN:
                           eth 0/1:Input (enabled)


                      qos map eth0/2-ISP_B-IN
                         map entry 10
                           match ACL acl_vpns_DEST
                           set DSCP value to af41 (34)

                         map entry 20
                           match ACL acl_users_DEST
                           set DSCP value to af12 (12)

                         Interfaces using qos map eth0/2-ISP_B-IN:
                           eth 0/2:Input (enabled)


                      qos map LAN-OUTBOUND
                         map entry 10
                           match IP packets with a DSCP value of af31, af41
                           priority bandwidth: unlimited

                         map entry 20
                           match ACL AmazonAWS_IPs
                           class shape rate: 500 (kilobits/sec), average

                         map entry 30 match-all
                           match IP packets with a DSCP value of af11
                           match ACL acl_users_DEST
                           class shape rate: 7000 (kilobits/sec), average

                         map entry 40 match-all
                           match IP packets with a DSCP value of af12
                           match ACL acl_users_DEST
                           class shape rate: 7000 (kilobits/sec), average

                         Interfaces using qos map LAN_OUTBOUND:
                           vlan 67:Output (enabled)

                       

                      ip access-list extended acl_users_DEST
                        permit ip any  host 67.x.x.253     log
                      !
                      ip access-list extended acl_vpns_DEST
                        permit ip any  67.x.x.0 0.0.0.127     log
                        permit ip any  host 67.x.x.249     log

                        • Re: QOS best options for prioritizing traffic
                          levi Employee

                          pebo:

                           

                          There are multiple changes I would recommend for this design and configuration.

                           

                          First, I recommend you make the changes I mentioned in the previous post, so the traffic will be prioritized outbound (towards the public Internet).

                           

                          Second, if the WAN interfaces are saturated inbound, then the ISP needs to setup QoS.  As I mentioned previously, there will not be a bottleneck sending traffic out the 100 Mbps connection toward the LAN, but when the traffic arrives from the ISP, it will not have been differentiated between normal data or high priority data.  There is little the ADTRAN can do at that point, because the traffic has already arrived.

                           

                          Third, I recommend you review the Configuring Enhanced Ethernet Quality of Service guide, which will review all of the concepts and configurations you have questions about.  Here is a conceptual configuration example based on the information you've provided (again, the inbound QoS policies from the ISP will have little to no effect if the ISP doesn't provide QoS, but I have added this portion per your request):

                           

                          qos map WAN1-INBOUND 10

                            match ip list acl

                            set dscp <value>

                          !

                          qos map WAN2-INBOUND 10

                            match ip list acl

                            set dscp <vlaue>

                          !

                          qos map TOWARD-LAN 10

                            match ip list first-important-traffic

                            bandwidth <value>

                          qos map TOWARD-LAN 20

                            match ip list second-important-traffic

                            bandwidth <value>

                          qos map TOWARD-LAN 30

                            match ip list third-important-traffic

                            shape average <value>

                          !

                          qos map WAN1-OUTBOUND 10

                            match ip list acl-outbound

                            bandwidth <value>

                          !      

                          qos map WAN2-OUTBOUND 10

                            match ip list acl-outbound

                            bandwidth <value>

                          !

                          interface <WAN1>

                            qos-policy in WAN1-INBOUND

                            qos-policy out WAN1-OUTBOUND

                           

                          interface <LAN>

                            qos-policy out TOWARD-LAN

                           

                          If after you've made the suggested changes, if you have further questions, please let me know in a reply, but also please include the configuration.

                           

                          Levi

                  • Re: QOS best options for prioritizing traffic
                    levi Employee

                    pebo:

                     

                    I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                    Thanks,

                     

                    Levi