Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

Class based QoS

Hello,
 I'm attempting to roll out some internal QoS on our network.  We are a multi-vendor shop consisting of Cisco (Cat WS-3560), Meraki, and Aruba switches (S1500, S2500, and S3500 all running 7.4.1.2).

I would like to mirror the marking, policing, and interface queueing profiles on our Arubas but am having problems with how to best approach it.

Here's what I do on the Ciscos:
1) Create an access-list defining destinations to mark
ip access-list extended BULK_DATA
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 
2) Write a class-map for the ACL
class-map match-all BULK_DATA_CLASS
 match access-group name BULK_DATA
 
3) Create a policy-map which references the class map for DSCP marking and optional policing
policy-map CLASSIFY-POLICE-POLICY
 class BULK_DATA_CLASS
  set dscp af11
  police 10000000 8000 exceed-action policed-dscp-transmit
 
4) Apply the policy-map to the interface ingress using service-policy
interface FastEthernet0/1
 switchport access vlan 20
 switchport mode access
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 spanning-tree portfast
 service-policy input CLASSIFY-POLICE-POLICY
!
 
How can I recreate this using the Arubas?  I have a spattering of S1500s, S2500s, and a couple S3500s and they all run 7.4.1.2.
 
I've made a few policer-profiles and qos-profiles to set appropriate DSCP values but what is the appropriate approach to bring it all together? 
 
Thanks
Trusted Contributor I

Re: Class based QoS

There's quite a bit of flexibility in regards to how you can apply QoS.  For instance, you can apply QoS to a user role, stateless ACL, or interface.  I suspect you want to apply QoS directly to the interface, so in your case do the following:

 

(switch) # interface gig #/#/#

(switch)(gigabitethernet "0/0/0") # qos-profile profile-name

(switch)(gigabitethernet "0/0/0") # policer-profile profile-name

 

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I

Re: Class based QoS

Thanks for the reply!

 

I think I figured this out.  My problem is that I was using extended ACLs to define services and not stateless ACLs.  Once I switched over to stateless, it let me apply the appropriate qos profiles.

 

Just to verify, if I wanted to tag ssh traffic as DSCP CS3:

 

netservice svc-ssh tcp 22

 

qos-profile "CS3"

    dscp 24

!

 

ip access-list stateless qos-ssh-cs3

    alias any any svc-ssh permit qos-profile cs3

!

 

On the Ciscos, I would then need to apply the ACL to any of the ports I wanted it to mark that traffic on but am I safe to assume the Aruba is now marking port 22 traffic as cs3?

Trusted Contributor I

Re: Class based QoS

Were you able to get this to work?  You'll need a permit any statement at the end of your ACL if applying directly to an interface, rather than a role with multiple ACLs.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor I

Re: Class based QoS

Sorry for the late reply.  Small team, lots to do.

My vendor is extremely late in delivering a MAS to me that I was going to use to test this.  I've been told it will be delivered today and I will be able to run some tests next week and get a definitive answer.

Occasional Contributor I

Re: Class based QoS

OK, I got this working the way I want.

 

  • Add new netservice alias for our services
  • Create a qos-profile
  • Create a policer-profile that will remark as a lower priority if the threshold is passed
  • Create the ACL and apply the appropriate qos-profile and policer-profiles
  • Apply the ACL to an interface 

 

I am still confused on the following:

  • Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?  Will the switch automatically use the correct queue?  I'm used to Cisco where I have to set the DSCP-to-CoS mapping manually.
  •  What does drop-precedence high/low set in a qos-profile?  I'm assuming it's in regards to tail-drop but I can't seem to find any solid information on that.
Contributor I

Re: Class based QoS

i had also have the same dub

 

i am trying to configure a QoS profile that mark SIP traffic with EF DSCP for some IVR servers in their access switch.

 

this last part makes me dubious about it

 

  • "Create a policer-profile that will remark as a lower priority if the threshold is passed"

I dont need a threshold, i need to mark or remark SIP traffic as soon as it ingress at the interface and preserve the marking as they egrees from the switch.

 

and second

"Do I need to also set the CoS/dot1p value for the qos-profiles if I'm setting the DSCP to the values I want?"

 

The manual says the CoS value is not preserved if the traffic comes out from a non tagged (access) Interface. It seems pretty obvius, but then what is the purpose to obligate to configure a CoS value if is it not needed ?

 

 

Contributor I

Re: Class based QoS

also i have read again the Aruba 2930F / 2930M Advanced Traffic Management Guide for ArubaOS-Switch 16.08

 

Page 214

---

Restrictions
Traffic policing comes with the following restrictions:
• Does not support MAC classes.
• Cannot configure burst size even though RFC 2698 allows you to specify committed burst size and peak burst
size. Incorrect burst sizes can either lead to excessive traffic loss, or poor rate-limiting thus reducing the
performance.
• Cannot configure rates in packets-per-second.
Exceeded commit-rate packets are only DSCP remarked.
• Operates only in color blind mode.
• Applicable only for QoS policies and not PBR or mirror policies.
• Cannot configure using Next Gen WEBUI or switch menu.
• QoS policy containing a two rate meter can only be applied on individual physical interfaces, and not on logical
interfaces (VLANs or LAG).
• The Egress ACLs do not support DSCP remarking. As DSCP remarking is the only supported action forcommit-rate violation, traffic policing cannot be enabled on an outward interface.
• If you apply CoS through QoS ACL on the same port as two rate meter, the meter has a higher precedence
over ACLs. The CoS value of the packet is set to zero as CIR/PIR DSCP is applied through a meter.

 

----

 

So I need to create a policy with CIR 1 Kbps in order to achieve this?

 

Occasional Contributor I

Re: Class based QoS

Hey TcoloT-AdolfoZameza,

  When I originally wrote this post, I believe it was pre-HP aquisition and I was dealing with the older Aruba MAS series switches.  Since the HP aquisition, the entire switch line has changed and I'm not sure if the old MAS commands are still relevant or not.  I still have some older MAS's lying around that are using my QoS config if you'd like me to dig it up but my org has moved to Juniper and I don't have any experience with the newer versions of Aruba switches or OS.

Highlighted
Contributor I

Re: Class based QoS

thank you for your kind answer, i fowarded my inquiries to a local Aruba Presales Team. if i have a response i will post here for everybody convenience.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: