Campus Switching and Routing

Reply
Occasional Contributor I
Posts: 6
Registered: ‎01-26-2015

Class based QoS

Hello,
 I'm attempting to roll out some internal QoS on our network.  We are a multi-vendor shop consisting of Cisco (Cat WS-3560), Meraki, and Aruba switches (S1500, S2500, and S3500 all running 7.4.1.2).

I would like to mirror the marking, policing, and interface queueing profiles on our Arubas but am having problems with how to best approach it.

Here's what I do on the Ciscos:
1) Create an access-list defining destinations to mark
ip access-list extended BULK_DATA
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 
2) Write a class-map for the ACL
class-map match-all BULK_DATA_CLASS
 match access-group name BULK_DATA
 
3) Create a policy-map which references the class map for DSCP marking and optional policing
policy-map CLASSIFY-POLICE-POLICY
 class BULK_DATA_CLASS
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 
4) Apply the policy-map to the interface ingress using service-policy
interface FastEthernet0/1
 switchport access vlan 20
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 spanning-tree portfast
 service-policy input CLASSIFY-POLICE-POLICY
!
 
How can I recreate this using the Arubas?  I have a spattering of S1500s, S2500s, and a couple S3500s and they all run 7.4.1.2.
 
I've made a few policer-profiles and qos-profiles to set appropriate DSCP values but what is the appropriate approach to bring it all together? 
 
Thanks
MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Class based QoS

There's quite a bit of flexibility in regards to how you can apply QoS.  For instance, you can apply QoS to a user role, stateless ACL, or interface.  I suspect you want to apply QoS directly to the interface, so in your case do the following:

 

(switch) # interface gig #/#/#

(switch)(gigabitethernet "0/0/0") # qos-profile profile-name

(switch)(gigabitethernet "0/0/0") # policer-profile profile-name

 

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I
Posts: 6
Registered: ‎01-26-2015

Re: Class based QoS

[ Edited ]

Thanks for the reply!

 

I think I figured this out.  My problem is that I was using extended ACLs to define services and not stateless ACLs.  Once I switched over to stateless, it let me apply the appropriate qos profiles.

 

Just to verify, if I wanted to tag ssh traffic as DSCP CS3:

 

netservice svc-ssh tcp 22

 

qos-profile "CS3"

    dscp 24

!

 

ip access-list stateless qos-ssh-cs3

    alias any any svc-ssh permit qos-profile cs3

!

 

On the Ciscos, I would then need to apply the ACL to any of the ports I wanted it to mark that traffic on but am I safe to assume the Aruba is now marking port 22 traffic as cs3?

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Class based QoS

Were you able to get this to work?  You'll need a permit any statement at the end of your ACL if applying directly to an interface, rather than a role with multiple ACLs.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I
Posts: 6
Registered: ‎01-26-2015

Re: Class based QoS

Sorry for the late reply.  Small team, lots to do.

My vendor is extremely late in delivering a MAS to me that I was going to use to test this.  I've been told it will be delivered today and I will be able to run some tests next week and get a definitive answer.

Occasional Contributor I
Posts: 6
Registered: ‎01-26-2015

Re: Class based QoS

[ Edited ]

OK, I got this working the way I want.

 

  • Add new netservice alias for our services
  • Create a qos-profile
  • Create a policer-profile that will remark as a lower priority if the threshold is passed
  • Create the ACL and apply the appropriate qos-profile and policer-profiles
  • Apply the ACL to an interface 

 

I am still confused on the following:

  • Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?  Will the switch automatically use the correct queue?  I'm used to Cisco where I have to set the DSCP-to-CoS mapping manually.
  •  What does drop-precedence high/low set in a qos-profile?  I'm assuming it's in regards to tail-drop but I can't seem to find any solid information on that.
Search Airheads
Showing results for 
Search instead for 
Did you mean: