Wired Intelligent Edge

last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Configuring QoS in 2930M switch

This thread has been viewed 13 times

  • 1.  Configuring QoS in 2930M switch

    Posted May 29, 2019 09:52 AM

    My customer wants to apply strict QoS priority policy for traffic destined to VPN server 10.10.10.10 (I used this IP in my configuration below, but it will be public IP in actual configuration), all other traffic should be treated as best effort with lower priority than VPN traffic.

     

    The network is a flat one vlan network with GW as a firewall connected to Internet. The idea is to mark VPN traffic as access ports, then apply QoS at uplink ports and Internet link. 

     

    The design I am following is based on the points below:

     

    1- Two queues only

     

    2- For future flexibilities, I am using advanced classifier and not global classifiers

     

    3- Uplink ports are not tagged

     

    The configuration I suggested in below, and I have the following comments:

     

    1- Is this the best way applying this policy?

     

    2- Is there any performance impact by applying service-policy on all ports?

     

    3- Does quoues apply even if the port is not tagged? I am using default mapping and DSCP ef should map to 802.1P 7, but all uplink ports are untagged and customer want to keep it this way as firewall ports are untagged also

     

    class ipv4 "VPN"
    10 match ip 0.0.0.0 255.255.255.255 10.10.10.10 0.0.0.0
    exit
    policy qos "VPN-Policy"
    10 class ipv4 "VPN" action dscp ef
    default-class action dscp default

    !

    qos type-of-service diff-services
    qos queue-config 2-queues

    !

    interface 1/1-1/23 service-policy VPN-Policy in

    interface 1/24 bandwidth-min output 0 100

    !

     

    show qos queue-config

    Egress Queue Configuration

    Number of Queues : 2
    Traffic Template : default-tcgt

    802.1p
    Queue Priorities
    ----- ----------
    1 0-3
    2 4-7

     

     

    show bandwidth output 1/1

    Outbound Guaranteed Minimum Bandwidth Percentage

    Port Q1 Q2 Q3 Q4 Q5 Q6 Q7 Q8
    ----- ------ ------ ------ ------ ------ ------ ------ ------
    1/1 0 strict * * * * * *

     

     

     

    show qos dscp-map

    DSCP Policies

    DSCP CodePoint DSCP Value 802.1p tag DSCP Policy name
    -------------- ---------- ----------- --------------------------------
    000000 0 0 cs0
    000001 1 0
    000010 2 0
    000011 3 0
    000100 4 0
    000101 5 0
    000110 6 0
    000111 7 0
    001000 8 1 cs1
    001001 9 1
    001010 10 1 af11
    001011 11 1
    001100 12 1 af12
    001101 13 1
    001110 14 1 af13
    001111 15 1
    010000 16 2 cs2
    010001 17 2
    010010 18 2 af21
    010011 19 2
    010100 20 2 af22
    010101 21 2
    010110 22 2 af23
    010111 23 2
    011000 24 3 cs3
    011001 25 3
    011010 26 3 af31
    011011 27 3
    011100 28 3 af32
    011101 29 3
    011110 30 3 af33
    011111 31 3
    100000 32 4 cs4
    100001 33 4
    100010 34 4 af41
    100011 35 4
    100100 36 4 af42
    100101 37 4
    100110 38 4 af43
    100111 39 4
    101000 40 5 cs5
    101001 41 5
    101010 42 5
    101011 43 5
    101100 44 5
    101101 45 5
    101110 46 7 ef
    101111 47 5
    110000 48 6 cs6
    110001 49 6
    110010 50 6
    110011 51 6
    110100 52 6
    110101 53 6
    110110 54 6
    110111 55 6
    111000 56 7 cs7
    111001 57 7
    111010 58 7
    111011 59 7
    111100 60 7
    111101 61 7
    111110 62 7
    111111 63 7

     

     

    Thank you,