Cisco VOIP QoS Policy Review

**lazypo** · 10-18-2010, 02:07 PM

I'm seeking guidance on the following QoS policy that seems to have a few holes in it. There are number of Cisco VOIP phones in a branch that are registered on a Call Manager server in the Head Office. The Head Office is also where the ISDN PRI 30 channel circuit is located. The speed of the link between the branch and Head Office is 10 Mb.

This is what I think is wrong:
1. RTCP, h323, skinny, mgcp and tftp are missing from the Voice-Traffic class-map.
2. Voice-traffic is not included in the DCOS_ShapeAndQueue and so it is ends up in the default queue rather than the EF queue.

Is there anything else I am missing? Are there any other improvements that can be made?

Router Config

class-map match-any Multimedia-EF
match ip dscp ef
class-map match-any Interactive-Traffic
match protocol citrix
match access-group 101
match protocol rtcp
match protocol rtsp
match protocol telnet
match protocol rtp video
class-map match-any Voice-Traffic
match protocol rtp audio
match protocol sip
class-map match-any Interactive-AF31
match ip dscp af31
class-map match-any BRIX-Probe
match access-group 120
!
policy-map DCOS_Queue
class Interactive-AF31
bandwidth remaining percent 30
class class-default
fair-queue
random-detect dscp-based
policy-map DCOS_ShapeAndQueue
class Multimedia-EF
priority 3500
class class-default
shape average 800000
service-policy DCOS_Queue
policy-map DCOS_Classify
class BRIX-Probe
class Voice-Traffic
set ip dscp ef
class Interactive-Traffic
set ip dscp af31
class class-default
set ip dscp default
!
interface FastEthernet0/0
description Connection to Switch
no ip address
service-policy input DCOS_Classify
ip route-cache flow
load-interval 30
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address X.Y.Z.Q
ip accounting output-packets
ip nbar protocol-discovery
service-policy input DCOS_Classify
!
interface FastEthernet0/1
description WAN Connection
bandwidth 10240
ip address E.F.G.H
ip nbar protocol-discovery
service-policy output DCOS_ShapeAndQueue
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nbar discovery on the router.

sh ip nbar protocol-discovery | i rtcp
rtcp 1048172 110785
rtcp 623 12149
sh ip nbar protocol-discovery | i h323
h323 1061526 754623
h323 2000275 1685443
sh ip nbar protocol-discovery | i skinny
skinny 134934 42773
skinny 167071 317588
sh ip nbar protocol-discovery | i sip
sip 2150047 2131439
sip 28228 28267
sh ip nbar protocol-discovery | i mgcp
mgcp 217777 43063
mgcp 240485 194067
sh ip nbar protocol-discovery | i tftp
tftp 8186 10079
tftp 0 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
See the output from the service-policy

sh policy-map int fas 0/0
FastEthernet0/0

Service-policy input: DCOS_Classify

Class-map: BRIX-Probe (match-any)
836753 packets, 114972342 bytes
30 second offered rate 0 bps
Match: access-group 120
836753 packets, 114972342 bytes
30 second rate 0 bps

Class-map: Voice-Traffic (match-any)
784931842 packets, 85110487844 bytes
30 second offered rate 52000 bps, drop rate 0 bps
Match: protocol rtp audio
778541464 packets, 81374447058 bytes
30 second rate 50000 bps
Match: protocol sip
6390413 packets, 3736044342 bytes
30 second rate 0 bps
QoS Set
dscp ef
Packets marked 784931884

Class-map: Interactive-Traffic (match-any)
54785224 packets, 3969391076 bytes
30 second offered rate 4000 bps, drop rate 0 bps
Match: protocol citrix
54445360 packets, 3923652934 bytes
30 second rate 4000 bps
Match: access-group 101
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol rtcp
315170 packets, 43077816 bytes
30 second rate 0 bps
Match: protocol rtsp
35 packets, 2294 bytes
30 second rate 0 bps
Match: protocol telnet
24656 packets, 2657833 bytes
30 second rate 0 bps
Match: protocol rtp video
0 packets, 0 bytes
30 second rate 0 bps
QoS Set
dscp af31
Packets marked 54785795

Class-map: class-default (match-any)
6037421629 packets, 3559833828847 bytes
30 second offered rate 8255000 bps, drop rate 0 bps
Match: any
QoS Set
dscp default
Packets marked 6037470776
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sh policy-map int fas 0/1
FastEthernet0/1

Service-policy output: DCOS_ShapeAndQueue

Class-map: Multimedia-EF (match-any)
261522097 packets, 31492831960 bytes
30 second offered rate 33000 bps, drop rate 0 bps
Match: ip dscp ef
261522104 packets, 31492833894 bytes
30 second rate 33000 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 3500 (kbps) Burst 87500 (Bytes)
(pkts matched/bytes matched) 3010020/579682063
(total drops/bytes drops) 0/0

Class-map: class-default (match-any)
455892953 packets, 129030396272 bytes
30 second offered rate 812000 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
800000/800000 5000 20000 20000 25 2500

Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 95 455873584 156722945 42523482 2074352864 yes

Service-policy : DCOS_Queue

Class-map: Interactive-AF31 (match-any)
16865680 packets, 1074834715 bytes
30 second offered rate 12000 bps, drop rate 0 bps
Match: ip dscp af31
16865680 packets, 1074834715 bytes
30 second rate 12000 bps
Queueing
Output Queue: Conversation 265
Bandwidth remaining 30 (%) Max Threshold 64 (packets)
(pkts matched/bytes matched) 1275951/82893756
(depth/total drops/no-buffer drops) 1/0/0

Class-map: class-default (match-any)
439027249 packets, 127955554841 bytes
30 second offered rate 799000 bps, drop rate 0 bps
Match: any
Queueing
Flow Based Fair Queueing
Maximum Number of Hashed Queues 256
(total queued/total drops/no-buffer drops) 91/20685/0
exponential weight: 9

dscp Transmitted Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 0/0 32 40 1/10
af12 0/0 0/0 0/0 28 40 1/10
af13 0/0 0/0 0/0 24 40 1/10
af21 0/0 0/0 0/0 32 40 1/10
af22 0/0 0/0 0/0 28 40 1/10
af23 0/0 0/0 0/0 24 40 1/10
af31 0/0 0/0 0/0 32 40 1/10
af32 0/0 0/0 0/0 28 40 1/10
af33 0/0 0/0 0/0 24 40 1/10
af41 0/0 0/0 0/0 32 40 1/10
af42 0/0 0/0 0/0 28 40 1/10
af43 0/0 0/0 0/0 24 40 1/10
cs1 0/0 0/0 0/0 22 40 1/10
cs2 0/0 0/0 0/0 24 40 1/10
cs3 0/0 0/0 0/0 26 40 1/10
cs4 0/0 0/0 0/0 28 40 1/10
cs5 0/0 0/0 0/0 30 40 1/10
cs6 202460/18456972 0/0 0/0 32 40 1/10
cs7 0/0 0/0 0/0 34 40 1/10
ef 0/0 0/0 0/0 36 40 1/10
rsvp 0/0 0/0 0/0 36 40 1/10
default 438807215/127913203805 20685/24966023 0/0 20 40 1/10

**voiceCCIE** · 10-18-2010, 02:07 PM

I've found that with QoS, it's important to keep the original configuration. The output of 'show run' is so mixed around that it's hard to really get a feel for what's going on. So first, let me reorganize and filter. At the minimum, this will show how I think things through in my head.

Mind you, I'm not expert on QOS, though I play one on TV.

Code:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Step 1: Classify on ingress.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

! ACL 120 is undefined, and BRIX-Probe is unused... This should be removed for housekeeping purposes.
class-map match-any BRIX-Probe
match access-group 120

! Voice traffic will be assigned EF
class-map match-any Voice-Traffic
match protocol rtp audio
match protocol sip

! Interactive traffic will be assigned AF31
class-map match-any Interactive-Traffic
match protocol citrix
match access-group 101
match protocol rtcp
match protocol rtsp
match protocol telnet
match protocol rtp video

! DCOS_Classify is used to mark packets on ingress
policy-map DCOS_Classify
class BRIX-Probe
class Voice-Traffic
set ip dscp ef
class Interactive-Traffic
set ip dscp af31
class class-default
set ip dscp default

! Assign to interfaces. I think you only need this on fa0/0.1, and it's unnecessary on
! fa0/0, but would need to test to verify.
interface FastEthernet0/0
description Connection to Switch
service-policy input DCOS_Classify
!
interface FastEthernet0/0.1
service-policy input DCOS_Classify

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!
! Step 2: Identify and treat classes differently on egress
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!
class-map match-any Multimedia-EF
match ip dscp ef

class-map match-any Interactive-AF31
match ip dscp af31

! DCOS_Queue is used within the next policy-map... applying back pressure?
! Gives AF31 traffic 30% of the 800kbps assigned
policy-map DCOS_Queue
class Interactive-AF31
bandwidth remaining percent 30
class class-default
fair-queue
random-detect dscp-based

! DCOS_ShapeAndQueue is applied on egress
! Gives voice traffic 3.5Mbps of priority queue
! Gives remaining traffic 800kbps of remaining traffic
policy-map DCOS_ShapeAndQueue
class Multimedia-EF
priority 3500
class class-default
shape average 800000
service-policy DCOS_Queue
!
interface FastEthernet0/1
description WAN Connection
bandwidth 10240
service-policy output DCOS_ShapeAndQueue

First, I need to plead ignorance on the policy-map within a policy-map stuff. I've read about it being used to provide back-pressure, but that doesn't seem appropriate in this case.

Looking at the DCOS_ShapeAndQueue, what I think is happening is that voice traffic is being allocated and limited to 3.5Mbps, while remaining traffic is being shaped to 800kbps. Of that 800kbps, 30% is being allocated to AF31. The combination of these things seems wasteful, but I might not understand the process correctly.

Regarding your comments:
reloadin10 wrote:
1. RTCP, h323, skinny, mgcp and tftp are missing from the Voice-Traffic class-map.

Frankly, I would remove sip from the voice traffic class. You want to guarantee it bandwidth, but you don't want it competing with the actual RTP stream since it isn't delay or jitter sensitive. Throw SIP, H.323, and Skinny traffic into their own "Voice Control Traffic" and mark them AF41 or AF31. Leave tftp and similar to class default since they can usually take their time.

Quote:
2. Voice-traffic is not included in the DCOS_ShapeAndQueue and so it is ends up in the default queue rather than the EF queue.

Voice-Traffic is marked EF on ingress, and DCOS_ShapeAndQueue handles EF first. This seems right to me. Again, I'm not an expert, so I might be missing something, but I think the voice traffic is being handled correctly (other than it including the control traffic)

Quote:
Is there anything else I am missing? Are there any other improvements that can be made?

Tons of improvements can be made. QoS is never done. I'll have to sort through your 'show' commands at a later time.

My thoughts are:
(1) Voice Control should be assigned to a class, and allocated its own bandwidth.
(2) I think you're artificially limiting your 10Mbps connection to 4.3Mbps, at least in times of congestion. This may or may not be what was intended, and I may not understand the policy-map-within-policy-map behavior correctly, but it seems like you'd be better off using a 'bandwidth' reservation for the Interactive-AF31 class and then using fair-queue within class-default and getting rid of the recursive QoS (Unless you are trying to create back-pressure toward your LAN, which maybe you are, but you're probably missing a 0).
(3) Remove the BRIX-Probe stuff, since it appears to be unused.

Letting the rest fall into class default is fine, but you may also want to consider assigning certain bulk traffic (FTP, P2P, SMTP, etc) to a scavenger class and assigning it a smaller bandwidth reservation (if not shaping or policing it).

Again, you need to do your own research. I haven't yet formally studied this stuff, so this is all based on vague understanding. Don't quote me on any of this.

**susan** · 06-06-2011, 07:12 PM

I would also agree that you should assign certain bulk traffic to a smaller bandwidth. Sometimes all it takes is trial and error. You may want to try a few different scenarios and then pick the one that best suits you. You could always try getting a professional's help.

_________________
Does anyone use a business voip?