With all this knowledge filling my head for the CCIE, I wanted to try to do something useful with the QoS! I’m not entirely sure I’ve accomplished what I set out to do, but I hope so. Maybe some of you QoS experts out there can lend a hand or a comment.

Here is the situation:  I pay Comcast for 8Mb/384Kb internet service. I also have Vonage for phone service. Comcast comes into my Cisco 3725 router’s Fa0/1 interface. It’s other interface, Fa0/0 is trunked down to a cisco switch. The Fa0/0 interface is divided into 3 subinterfaces to provide VLANs. Fa0/0.1 is VLAN 1 for my wired network, Fa0/0.2 is VLAN 2 for my wireless segment, and Fa0/0.4 is for Vonage.

A problem I often run into is that if I am downloading a large file using bit-torrent or some such thing, it can really smoke all my bandwidth. It is not uncommon for me to be pulling down at 800KB/s (yes kilo-Bytes! , which comes out to about 6.5 Mb/s). This puts a damper on simple things like checking email, and especiall web browsing, DNS query’s, etc. Also, if I do a speed test from speakeasy.net I can pull up to 16Mb/s during non-peak hours. My goal was to prioritize traffic such that if bit-torrent or some such thing was sucking all my bandwidth, priority protocols (such as http, pop3, https, smtp, dns, etc) would get guaranteed traffic. Additionally, if the phone rings or I place a call I want Vonage to have guaranteed traffic.

This presented more problems than I thought!!! Well what can I do? I first thought about CBWFQ. Going out fa0/1 to the internet it was easy. I set bandwidth 384 on the interface, and created the following: Basically, I have to shape the interface going to the internet to 384Kb/s outbound or else there will NEVER BE CONGESTION and thus NO queueing because it is just 384Kb going out a 100Mb interface! What this does is shape all the outbound traffic to 384Kb/s and gives my priority protocols 50% (192Kb), Vonage voice 128Kb and the SIP the other 10%.

Policy Map parent
Class class-default
Traffic Shaping
Average Rate Traffic Shaping
CIR 384000 (bps) Max. Buffers Limit 1000 (Packets)
service-policy priority-traffic

Policy Map priority-traffic
Class priority-traffic
Bandwidth 50 (%) Max Threshold 64 (packets)
Class call-signalling
Bandwidth 10 (%) Max Threshold 64 (packets)
Class voice
Strict Priority
Bandwidth 128 (kbps) Burst 3200 (Bytes)

Class Map match-any priority-traffic (id 4)
Match protocol http
Match protocol secure-http
Match protocol telnet
Match protocol smtp
Match protocol pop3
Match protocol imap
Match protocol secure-pop3
Match protocol secure-imap
Match protocol secure-ftp
Match protocol ftp
Match access-group name rdp
Match protocol ssh
Match protocol icmp
Match protocol dns

interface FastEthernet0/1
description WAN
bandwidth 384

no ip dhcp client request dns-nameserver
ip dhcp client route track 1
ip address dhcp
ip access-group firwall-wan in
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
no ip mroute-cache
load-interval 30
duplex auto
speed auto
no cdp enable
max-reserved-bandwidth 100
service-policy output parent

This actually worked really well so far as I can tell! That wasn’t so bad. But then I started thinking about the traffic coming back IN. So right now by queueing outbound it is good if I am uploading a bunch of traffic and need to go to a webpage…the GET request from me will get priority during congestion. But what about downloading? What if I am downloading a huge file and it is sucking all 8Mb of my bandwidth and I go to surf the net? Those http,dns, voice packets coming back into my network are going to get crapped on. So, I started thinking about outbound queueing on the LAN facing interfaces. This is where I ran into the bulk of my problems.

IF there is nothing priority going on, I want my PC to be able to pull down as much as possible from comcast, which as I said I have seen in speed tests peak to 16Mb/s. However, if say about 75% of the bandwidth I pay for is being sucked up, I want to prioritize my “priority” traffic and voice traffic so they are always fast. One problem again is that my Fa0/0.1 and fa0/0.2 , fa0/0.4 subinterfaces cannot have queueing without shaping first. After shaping you can nest in your CBWFQ configurations. What happens is that by shaping, you are actually creating congestion, which then allows queueing to happen. OK, so how do I shape those subinterfaces? If I use MQC to “shape average” to 8Mb it will not allow throughput of over 8Mb/s on average over time. Then, I could create congestion and queue, but lose out on that peak to 16Mb thing. If I “shape peak” with CIR of 8Mb and PIR of 16Mb it seems the shaper only goes active at 16Mb, which basically will never happen. Which I think means I will no longer have active queueing as there will be no congestion. So I was kind of stuck.

Here is what I came up with. I am pretty much learning QoS for the CCIE lab exam so am very new to it. I’d love to hear any feedback from you guys on 1) If I am doing this correctly and 2) Better ways or ideas!!!!

So here is my fa0/0.1 interface… Oh yeah, you will notice the class “outside” which nests the other stuff instead of class class-default. This is so that only traffic from the internet coming into my LAN gets shaped. Otherwise, I would have Inter-VLAN routing traffic from WLAN –> LAN shaped!

So the idea here is this, and again I’m not sure this is a correct implementation of what I have explained.   Anything with a source address of ANYTHING not 10.x.x.x gets shaped to 8Mb/s. Thus, if there is more than 8Mb/s traffic coming into the lan (out the fa0/0.1 interface) it is shaped and thus creates congestion, which in turn allows queueing. IF there is congestion my priority traffic should get a guaranteed 4.5Mb/s of traffic. That should be more than enough to keep my stuff snappy.  Now, a problem. What happens to traffic that is NOT priority during congestion? It still gets passed as best effort through the default-class right? So say I am sucking down a huge download and it is taking all my bandwidth…the queueing kicks in and 4.5Mb gets allocated to my priority stuff and life is good. Now, the phone rings …..well the rest of the bandwidth is being chewed up by the large download so I’m screwed. Remember, Vonage is on a seperate sub-interface which is not bound by this queueing system. This is why I have a class called “other” which is basically the opposite of anything defined as priority traffic. It actually gets put into a priority queue with 1.5Mb because by creating a priority queue I also police! So hopefully if I am sucking down a huge download, 4.5Mb will be allocated to priority, 1.5Mb will be given to the rest of the junk (large download) and NO MORE than 1.5Mb ….this adds to 6Mb and should still leave me with more than enough for quality phone conversations. Note fa0/0.4 is a /30 and only has 1 device on it, the vonage phone, so the ONLY traffic going out that queue is voice traffic so I should not have to queue it.

interface FastEthernet0/0.1
bandwidth 8000

encapsulation dot1Q 1 native
ip address x.x.x.x secondary
ip address
ip access-group firewall-lan in
ip pim sparse-mode
ip nat inside
ip virtual-reassembly
no ip mroute-cache
ipv6 address xxxx:F4B8:2600:C::1/64
ipv6 address xxxx:F4B8:2600:C::/64 eui-64
ipv6 enable
ipv6 nd prefix xxxx:F4B8:2600:C::/64
service-policy output lan

Policy Map lan
Class outside

Traffic Shaping
Average Rate Traffic Shaping
CIR 8000000 (bps) Max. Buffers Limit 1000 (Packets)
service-policy priority-lan
Class class-default

Class Map match-all outside (id 5)
Match access-group 55

Standard IP access list 55
10 deny, wildcard bits (29740 matches)
20 permit any (8771772 matches)

Policy Map priority-lan
Class priority-traffic
Bandwidth 4500 (kbps) Max Threshold 64 (packets)
Class other
Strict Priority
Bandwidth 1500 (kbps) Burst 37500 (Bytes)
Class class-default

Class Map match-all other (id 6)
Match not class-map priority-traffic

I guess that is it! I am still pretty uncertain about this and would love some feedback. On a sidenote, I am still screwed on that 16Mb burst thing so far as I can tell since I am shaping!

– Joe A