cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

QOS best options for prioritizing traffic

Jump to solution

Hi All,

I am trying to setup traffic shaping to prioritize traffic to or from all of my /24 public subnet over a single address (xx.xx.xx.253/32) in this subnet.  What is the best map option without setting firm bandwidth limits?  (DSCP, Precedence, CoS)

I have a NV3458 setup as a BGP router in front of my firewall that PATs all user traffic.  I want to insure that other vpn routers that connect to the BGP router's switch ports will have access first.

I think I understand the concept that I will mark the PAT'd users packets with a lower value than all the rest of the packets and assume I will put this on the LAN Zone, but I am confused with all the options after that.
Sorry for such a nubie question, but I can't seem to get my head around this one.  I have downloaded and read through the "CONFIGURING QOS in AOS" pdf.  Is there any other documents or samples that would be better?

Labels (2)
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

:

There are multiple changes I would recommend for this design and configuration.

First, I recommend you make the changes I mentioned in the previous post, so the traffic will be prioritized outbound (towards the public Internet).

Second, if the WAN interfaces are saturated inbound, then the ISP needs to setup QoS.  As I mentioned previously, there will not be a bottleneck sending traffic out the 100 Mbps connection toward the LAN, but when the traffic arrives from the ISP, it will not have been differentiated between normal data or high priority data.  There is little the ADTRAN can do at that point, because the traffic has already arrived.

Third, I recommend you review the Configuring Enhanced Ethernet Quality of Service guide, which will review all of the concepts and configurations you have questions about.  Here is a conceptual configuration example based on the information you've provided (again, the inbound QoS policies from the ISP will have little to no effect if the ISP doesn't provide QoS, but I have added this portion per your request😞

qos map WAN1-INBOUND 10

  match ip list acl

  set dscp <value>

!

qos map WAN2-INBOUND 10

  match ip list acl

  set dscp <vlaue>

!

qos map TOWARD-LAN 10

  match ip list first-important-traffic

  bandwidth <value>

qos map TOWARD-LAN 20

  match ip list second-important-traffic

  bandwidth <value>

qos map TOWARD-LAN 30

  match ip list third-important-traffic

  shape average <value>

!

qos map WAN1-OUTBOUND 10

  match ip list acl-outbound

  bandwidth <value>

!      

qos map WAN2-OUTBOUND 10

  match ip list acl-outbound

  bandwidth <value>

!

interface <WAN1>

  qos-policy in WAN1-INBOUND

  qos-policy out WAN1-OUTBOUND

interface <LAN>

  qos-policy out TOWARD-LAN

If after you've made the suggested changes, if you have further questions, please let me know in a reply, but also please include the configuration.

Levi

View solution in original post

0 Kudos
6 Replies
Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

:

Thank you for asking this question in the support community.  Is there any additional information you can provide such as a network diagram?  I'm not sure which traffic and from where you are attempting to prioritize.  If you get a chance, please provide some additional information about the design and what traffic you would like to prioritize.

Please, do not hesitate to reply to this post with any additional questions or information.  I will be happy to help in any way I can.

Levi

Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

I have 2 ISPs providing 10 MB each on eth0/1 y.y.y.y and eth0/2 z.z.z.z.   The switchports are on VLAN67 ( 67.x.x.254/24) - the "LAN" side goes to a switch which has my firewall (67.x.x.253) and other VPN routers for vendor access to the DMZ.  I want to give all 67.x.x.x ips priority over 67.x.x.253 so the VPN traffic is guarantied access in and out.   I tried setting a QOS map at the eth0/1 & 0/2 to mark the VPN traffic as AF11 or AF12 but it didn't help.

Message was edited by: pebo I see the incoming traffic on Eth0/1 or Eth0/2  hit 97+%  at times and the VPN tunnels collapse causing all kinds of business problems. I have attached a QOS status output of VLAN67 during a low traffic time period.

Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

:

Thank you for replying with the additional information.  There are several important things to keep in mind regarding quality of service (QoS).   

In your application, without the firewall, and the WAN connection only being 10 Mbps, the unit will be able to process the traffic nearly at wire speed.  However, for QoS to be implemented on an Ethernet interface, you will need to configure traffic-shaping, because by default, the unit will think it has the entire 100 Mbps bandwidth, when actually, it only has 10 Mbps.  Therefore, you will need to add the command traffic-shape rate 10000000 to the WAN interface (Eth 0/2; Ethernet 0/1 is already hard set to 10 Mbps in the ADTRAN configuration).

In the configuration you attached, you do not have QoS setup outbound on either of the ISP facing Ethernet interfaces.  I would recommend configuring this, as that is where the network constriction point is (not the LAN).  Since the LAN is 100 Mbps, but there will never be more than a theoretical max input from both ISPs of 20 Mbps, the unit will have no problems sending traffic toward the LAN; however, it could be congested when sending traffic outbound, which is why I would suggest setting the QoS maps on the WAN interfaces outbound.

Let me know what questions you have.

Levi

Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

Levi,

Because most of my congestion on my WAN interfaces is inbound.  I have setup some QOS maps to mark the packets coming in by thier destinations and am limiting users inbound traffic on each WAN interface by setting a 7MB out on the LAN interface. All other traffic has unlimited access  Does this make sense?

Here is the output from SHOW QOS MAP:

qos map eth0/1-ISP_A-IN
   map entry 10
     match ACL acl_vpns_DEST
     set DSCP value to af31 (26)

   map entry 20
     match ACL acl_users_DEST
     set DSCP value to af11 (10)

   Interfaces using qos map eth0/1-ISP_A-IN:
     eth 0/1:Input (enabled)


qos map eth0/2-ISP_B-IN
   map entry 10
     match ACL acl_vpns_DEST
     set DSCP value to af41 (34)

   map entry 20
     match ACL acl_users_DEST
     set DSCP value to af12 (12)

   Interfaces using qos map eth0/2-ISP_B-IN:
     eth 0/2:Input (enabled)


qos map LAN-OUTBOUND
   map entry 10
     match IP packets with a DSCP value of af31, af41
     priority bandwidth: unlimited

   map entry 20
     match ACL AmazonAWS_IPs
     class shape rate: 500 (kilobits/sec), average

   map entry 30 match-all
     match IP packets with a DSCP value of af11
     match ACL acl_users_DEST
     class shape rate: 7000 (kilobits/sec), average

   map entry 40 match-all
     match IP packets with a DSCP value of af12
     match ACL acl_users_DEST
     class shape rate: 7000 (kilobits/sec), average

   Interfaces using qos map LAN_OUTBOUND:
     vlan 67:Output (enabled)

ip access-list extended acl_users_DEST
  permit ip any  host 67.x.x.253     log
!
ip access-list extended acl_vpns_DEST
  permit ip any  67.x.x.0 0.0.0.127     log
  permit ip any  host 67.x.x.249     log

Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

:

There are multiple changes I would recommend for this design and configuration.

First, I recommend you make the changes I mentioned in the previous post, so the traffic will be prioritized outbound (towards the public Internet).

Second, if the WAN interfaces are saturated inbound, then the ISP needs to setup QoS.  As I mentioned previously, there will not be a bottleneck sending traffic out the 100 Mbps connection toward the LAN, but when the traffic arrives from the ISP, it will not have been differentiated between normal data or high priority data.  There is little the ADTRAN can do at that point, because the traffic has already arrived.

Third, I recommend you review the Configuring Enhanced Ethernet Quality of Service guide, which will review all of the concepts and configurations you have questions about.  Here is a conceptual configuration example based on the information you've provided (again, the inbound QoS policies from the ISP will have little to no effect if the ISP doesn't provide QoS, but I have added this portion per your request😞

qos map WAN1-INBOUND 10

  match ip list acl

  set dscp <value>

!

qos map WAN2-INBOUND 10

  match ip list acl

  set dscp <vlaue>

!

qos map TOWARD-LAN 10

  match ip list first-important-traffic

  bandwidth <value>

qos map TOWARD-LAN 20

  match ip list second-important-traffic

  bandwidth <value>

qos map TOWARD-LAN 30

  match ip list third-important-traffic

  shape average <value>

!

qos map WAN1-OUTBOUND 10

  match ip list acl-outbound

  bandwidth <value>

!      

qos map WAN2-OUTBOUND 10

  match ip list acl-outbound

  bandwidth <value>

!

interface <WAN1>

  qos-policy in WAN1-INBOUND

  qos-policy out WAN1-OUTBOUND

interface <LAN>

  qos-policy out TOWARD-LAN

If after you've made the suggested changes, if you have further questions, please let me know in a reply, but also please include the configuration.

Levi

0 Kudos
Anonymous
Not applicable

Re: QOS best options for prioritizing traffic

Jump to solution

:

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Levi