Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Class based QoS

This thread has been viewed 11 times

  • 1.  Class based QoS

    Posted Feb 23, 2016 02:34 PM
    Hello,
     I'm attempting to roll out some internal QoS on our network.  We are a multi-vendor shop consisting of Cisco (Cat WS-3560), Meraki, and Aruba switches (S1500, S2500, and S3500 all running 7.4.1.2).

    I would like to mirror the marking, policing, and interface queueing profiles on our Arubas but am having problems with how to best approach it.

    Here's what I do on the Ciscos:
    1) Create an access-list defining destinations to mark
    ip access-list extended BULK_DATA
     permit tcp any any eq 22
     permit tcp any any eq 465
     permit tcp any any eq 143
     permit tcp any any eq 993
     
    2) Write a class-map for the ACL
    class-map match-all BULK_DATA_CLASS
     match access-group name BULK_DATA
     
    3) Create a policy-map which references the class map for DSCP marking and optional policing
    policy-map CLASSIFY-POLICE-POLICY
     class BULK_DATA_CLASS
      set dscp af11
      police 10000000 8000 exceed-action policed-dscp-transmit
     
    4) Apply the policy-map to the interface ingress using service-policy
    interface FastEthernet0/1
     switchport access vlan 20
     switchport mode access
     srr-queue bandwidth share 1 30 35 5
     priority-queue out
     spanning-tree portfast
     service-policy input CLASSIFY-POLICE-POLICY
    !
     
    How can I recreate this using the Arubas?  I have a spattering of S1500s, S2500s, and a couple S3500s and they all run 7.4.1.2.
     
    I've made a few policer-profiles and qos-profiles to set appropriate DSCP values but what is the appropriate approach to bring it all together? 
     
    Thanks


  • 2.  RE: Class based QoS

    Posted Feb 26, 2016 11:32 AM

    There's quite a bit of flexibility in regards to how you can apply QoS.  For instance, you can apply QoS to a user role, stateless ACL, or interface.  I suspect you want to apply QoS directly to the interface, so in your case do the following:

     

    (switch) # interface gig #/#/#

    (switch)(gigabitethernet "0/0/0") # qos-profile profile-name

    (switch)(gigabitethernet "0/0/0") # policer-profile profile-name

     



  • 3.  RE: Class based QoS

    Posted Feb 26, 2016 12:19 PM

    Thanks for the reply!

     

    I think I figured this out.  My problem is that I was using extended ACLs to define services and not stateless ACLs.  Once I switched over to stateless, it let me apply the appropriate qos profiles.

     

    Just to verify, if I wanted to tag ssh traffic as DSCP CS3:

     

    netservice svc-ssh tcp 22

     

    qos-profile "CS3"

        dscp 24

    !

     

    ip access-list stateless qos-ssh-cs3

        alias any any svc-ssh permit qos-profile cs3

    !

     

    On the Ciscos, I would then need to apply the ACL to any of the ports I wanted it to mark that traffic on but am I safe to assume the Aruba is now marking port 22 traffic as cs3?



  • 4.  RE: Class based QoS

    Posted Mar 07, 2016 12:38 PM

    Were you able to get this to work?  You'll need a permit any statement at the end of your ACL if applying directly to an interface, rather than a role with multiple ACLs.



  • 5.  RE: Class based QoS

    Posted Mar 31, 2016 05:32 PM

    Sorry for the late reply.  Small team, lots to do.

    My vendor is extremely late in delivering a MAS to me that I was going to use to test this.  I've been told it will be delivered today and I will be able to run some tests next week and get a definitive answer.



  • 6.  RE: Class based QoS

    Posted Apr 28, 2016 12:53 PM

    OK, I got this working the way I want.

     

    • Add new netservice alias for our services
    • Create a qos-profile
    • Create a policer-profile that will remark as a lower priority if the threshold is passed
    • Create the ACL and apply the appropriate qos-profile and policer-profiles
    • Apply the ACL to an interface 

     

    I am still confused on the following:

    • Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?  Will the switch automatically use the correct queue?  I'm used to Cisco where I have to set the DSCP-to-CoS mapping manually.
    •  What does drop-precedence high/low set in a qos-profile?  I'm assuming it's in regards to tail-drop but I can't seem to find any solid information on that.


  • 7.  RE: Class based QoS

    Posted Feb 13, 2019 01:09 PM

    i had also have the same dub

     

    i am trying to configure a QoS profile that mark SIP traffic with EF DSCP for some IVR servers in their access switch.

     

    this last part makes me dubious about it

     

    • "Create a policer-profile that will remark as a lower priority if the threshold is passed"

    I dont need a threshold, i need to mark or remark SIP traffic as soon as it ingress at the interface and preserve the marking as they egrees from the switch.

     

    and second

    "Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?"

     

    The manual says the CoS value is not preserved if the traffic comes out from a non tagged (access) Interface. It seems pretty obvius, but then what is the purpose to obligate to configure a CoS value if is it not needed ?

     

     



  • 8.  RE: Class based QoS

    Posted Feb 13, 2019 01:26 PM

    also i have read again the Aruba 2930F / 2930M Advanced Traffic Management Guide for ArubaOS-Switch 16.08

     

    Page 214

    ---

    Restrictions
    Traffic policing comes with the following restrictions:
    • Does not support MAC classes.
    • Cannot configure burst size even though RFC 2698 allows you to specify committed burst size and peak burst
    size. Incorrect burst sizes can either lead to excessive traffic loss, or poor rate-limiting thus reducing the
    performance.
    • Cannot configure rates in packets-per-second.
    Exceeded commit-rate packets are only DSCP remarked.
    • Operates only in color blind mode.
    • Applicable only for QoS policies and not PBR or mirror policies.
    • Cannot configure using Next Gen WEBUI or switch menu.
    • QoS policy containing a two rate meter can only be applied on individual physical interfaces, and not on logical
    interfaces (VLANs or LAG).
    • The Egress ACLs do not support DSCP remarking. As DSCP remarking is the only supported action forcommit-rate violation, traffic policing cannot be enabled on an outward interface.
    • If you apply CoS through QoS ACL on the same port as two rate meter, the meter has a higher precedence
    over ACLs. The CoS value of the packet is set to zero as CIR/PIR DSCP is applied through a meter.

     

    ----

     

    So I need to create a policy with CIR 1 Kbps in order to achieve this?

     



  • 9.  RE: Class based QoS

    Posted Feb 15, 2019 12:13 PM

    Hey TcoloT-AdolfoZameza,

      When I originally wrote this post, I believe it was pre-HP aquisition and I was dealing with the older Aruba MAS series switches.  Since the HP aquisition, the entire switch line has changed and I'm not sure if the old MAS commands are still relevant or not.  I still have some older MAS's lying around that are using my QoS config if you'd like me to dig it up but my org has moved to Juniper and I don't have any experience with the newer versions of Aruba switches or OS.



  • 10.  RE: Class based QoS

    Posted Feb 18, 2019 01:35 PM

    thank you for your kind answer, i fowarded my inquiries to a local Aruba Presales Team. if i have a response i will post here for everybody convenience.