Equipment Support > Hardware By Brand > Cisco > 1760s+T1 QoS not working?

1760s+T1 QoS not working?

class-map match-any HighPriority
 match access-group name Video
class-map match-any Realtime
 match access-group name ICMP
 
policy-map mcisQoS
 class Realtime
  set precedence 5
 class HighPriority
  set precedence 4
 class class-default
  set precedence 1
 
interface FastEthernet0/0
 ip address 10.81.0.2 255.255.0.0
 speed auto
 service-policy input mcisQoS
 
ip access-list extended ICMP
 permit icmp any any
ip access-list extended Video
 permit ip host 10.81.20.50 any
 permit ip any host 10.81.20.50
 permit ip host 10.243.193.50 any
 permit ip any host 10.243.193.50
 

icmp should be the least of importance... you should calculate your latency prior to sending Video traffic...

what makes you think you've got issue??? are you seeing the issue when you run icmp??

reply to code0
We're seeing delays, etc with the video that wasn't there when we're running over the old routers (with no QoS). Latency on the link is 4-8ms.

reply to code0
You have some pieces of config missing such as the outbound policy-map and its application on the physical/logical interface? Also, I am not sure whether the video conferencing goes through the VPN tunnel or not?

Can you post the config of both ends please minus any identifiers such as global IP addresses, crypto keys, etc.

It seems you will need an outbound policy-map putting icmp into one class (not priority class as it is prone to burst and hence will causes drops in the priority queue), voice from the video conferencing into the priority queue, and the visual component of the call into another class (possibly the same class as ping). You would allocate your priority/bandwidth statements to these class and WFQ everything else.
--
A word to the wise ain't necessary, it's the stupid ones who need the advice!

Sorry... This is my first foray using Cisco QoS. Below is the config for both ends with obvious things removed. Both routers communicate to each other via a PtP T1, and IPSec is only used for communications to/from one host (not the video units).

I'll need to find out what software is used on these units (I don't remember) - I don't know which ports are video vs. audio, so that's why I prioritized comms between units by IP. What would you recommend for a configuration based on what I have? I find it much easier to learn by example (at least in the context I need). Thanks!

Current configuration : 1911 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw1
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-12.bin
boot-end-marker
!
enable secret 5 REMOVED
!
no aaa new-model
memory-size iomem 15
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
class-map match-any HighPriority
 match access-group name Video
class-map match-any Realtime
 match access-group name ICMP
!
!
policy-map mcisQoS
 class Realtime
  set precedence 5
 class HighPriority
  set precedence 4
 class class-default
  set precedence 1
!
! 
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share
crypto isakmp key REMOVED address 10.0.56.150
crypto isakmp key REMOVED address 10.0.56.149
!
!
crypto ipsec transform-set MySet ah-sha-hmac esp-aes 256 
 
!         
crypto map MyMap 1 ipsec-isakmp 
 set peer 10.0.56.150
 set security-association lifetime seconds 190
 set transform-set MySet 
 match address 101
!
!
!
interface FastEthernet0/0
 ip address 10.81.0.2 255.255.0.0
 speed auto
 service-policy input mcisQoS
!
interface Serial0/0
 ip address 10.0.56.149 255.255.255.252
 crypto map MyMap
!
ip route 0.0.0.0 0.0.0.0 GW_TO_WORLD
ip route 10.243.193.0 255.255.255.0 10.0.56.150
!
no ip http server
no ip http secure-server
!
ip access-list extended ICMP
 permit icmp any any
ip access-list extended Video
 permit ip host 10.81.20.50 any
 permit ip any host 10.81.20.50
 permit ip host 10.243.193.50 any
 permit ip any host 10.243.193.50
!
access-list 101 permit ip any host 10.243.193.7
snmp-server community public RO
!
control-plane
 

Current configuration : 2362 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw2
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-12.bin
boot-end-marker
!
enable secret 5 REMOVED
!
no aaa new-model
memory-size iomem 15
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
class-map match-any HighPriority
 match access-group name Video
class-map match-any Realtime
 match access-group name ICMP
!
!
policy-map mcisQoS
 class Realtime
  set precedence 5
 class HighPriority
  set precedence 4
 class class-default
  set precedence 1
!
! 
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share
crypto isakmp key REMOVED address 10.0.56.150
crypto isakmp key REMOVED address 10.0.56.149
!
!
crypto ipsec transform-set MySet ah-sha-hmac esp-aes 256 
!
crypto map MyMap 1 ipsec-isakmp 
 set peer 10.0.56.149
 set security-association lifetime seconds 190
 set transform-set MySet 
 match address 101
!
!
!
interface FastEthernet0/0
 ip address 10.243.193.1 255.255.255.0
 speed auto
 service-policy input mcisQoS
!
interface Serial0/0
 ip address 10.0.56.150 255.255.255.252
 crypto map MyMap
!
ip route 0.0.0.0 0.0.0.0 10.0.56.149
!
no ip http server
no ip http secure-server
!
ip access-list extended ICMP
 permit icmp any any
ip access-list extended Video
 permit ip host 10.81.20.50 any
 permit ip any host 10.81.20.50
 permit ip host 10.243.193.50 any
 permit ip any host 10.243.193.50
!
access-list 101 permit ip host 10.243.193.7 any
snmp-server community public RO
!
control-plane
 

Ok, you are marking packets or "colouring" them but you are not stating what to do with the packet once it is coloured. You will need a queueing mechanism on the outbound interface (Serial0/0) to specify what gets priority and what doesn't.

You will need to know which audio (codec) and video standard you are using to provision the bandwidth apparently on the serial interface.

For argument's sake, lets assume you are using G.711 as that is the worst case scenario, I would personally provision the audio part to be in the priority queue and assuming there are only 2 participants, one at each end, then the queue should be in the region of 90kbps. The video component will go into the CBWF queue and will have, depending on your video, 256kbps. it will also include the signalling protocol for the video setup. To simplify things, I would use NBAR on the LAN interface and mark packets that way so your config would look something like this:

class-map match-any AUDIO-IN
 match protocol rtp audio
class-map match-any VIDEO-IN
 match protocol rtp video
 match protocol h323
!
class-map match-any AUDIO-OUT
 match ip dscp ef
class-map match-any VIDEO-OUT
 match ip dscp cs3
!
policy-map LAN-QOS-IN
 class AUDIO-IN
  set ip dscp ef
 class VIDEO-OUT
  set ip dscp cs3
 class class-default
  set ip dscp default
!
policy-map WAN-QOS-OUT
 class AUDIO-OUT
  priority 90
 class VIDEO-OUT
  bandwidth 256
 class class-default
  fair-queue
!
interface FastEthernet0/0
 ip nbar protocol-discovery
 no service-policy input mcisQoS  
 service-policy input LAN-QOS-IN
!
interface Serial0/0
 service-policy output WAN-QOS-OUT
!
 

reply to code0
i have a lot of success with the tiered style setup. That way any class can use the full amount of bandwidth as long as there is some there, but when congestion occurs then they each get their guaranteed minimum. Heres a little example from my setup.

policy-map firstlevel
class priority_protocols
bandwidth percent 70
class filesharing
bandwidth percent 10
class class-default
bandwidth percent 20

policy-map pol-shape
class tunnel
priority percent 100
class class-default
shape average percent 90
service-policy firstlevel

i usually stick to 90% to leave some overhead so i dont totally saturate the circuit.

Just a option if you want to get a little more detailed with other traffic.