How can I reasonably verify my QoS configuration is working?

  • Context

    I've deployed a standard QoS config to a customer site running a Cisco 891 router with IOS 15.1(4)M4. The WAN link is a single ADSL2+ link (24/1Mbps) connected to FE8.

    I've previously tested this configuration at another site by using iperf from the LAN to generate 1+ Mbps of upstream traffic and confirmed a noticeable change in call quality when enabling QoS on the WAN interface. This is how I initially confirmed my configuration worked.

    I've recently deployed this same configuration to another site, but they are still having issues with upstream VOIP bandwidth. I would like to reasonably confirm that QoS is working without going to the effort of actually saturating the link (particularly because they are out of state, and there's no tech onsite). And then try and isolate what I might be able to teak to get better voice quality.

    Questions

    Given the policy-map output below, focusing specifically on the VOICE class-map as an example, what do the following statistics mean?:

    • 3860628 packets, 1070196895 bytes: Can I assume that this is the total number of packets/bytes matched in the class-map?

    • 5 minute offered rate 0 bps, drop rate 0 bps: Is the "offered rate" the rate in bps of traffic that has been prioritised, if not then what? And similarly, is the drop rate the excess rate of traffic that could not be prioritised due to lack of bandwidth? Would that then indicate that we need X bps more bandwidth for VOICE to accommodate such traffic peaks?

    • Priority: 40% (340 kbps), burst bytes 8500, b/w exceed drops: 5: In this line, I'm unsure what b/w exceed drops means?

    Logging

    Given that these statistics are likely to change (I imagine) during peak times (which is when you'd most want to see them). Is there some way that I can log these numbers, or perhaps query them via SNMP so they can be graphed programmatically?

    Learning

    I understand that QoS is a fairly wide-ranging topic. When trying to learn about this, I am often being overwhelmed by different information either because I'm reading about different types of QoS implementations, or because of differing IOS verions (eg. Older docs using commands where the syntax or output has changed).

    To this end, can anyone recommend some Cisco training docs or video courses that might help me focus in on getting a better grip on working with QoS?

    Some additional Info

    Here's a sample QoS config:

    class-map match-any SSH
     match protocol ssh
    class-map match-any LogMeIn
     match access-group name LogMeIn
    class-map match-any VOICE
     match protocol sip
     match protocol rtp
    
    policy-map ADSLPrioritisationOutbound
     class VOICE
      priority percent 40
     class SSH
      bandwidth 80
     class LogMeIn
      priority percent 20
     class class-default
      fair-queue
    policy-map ADSLPrioritisationOutboundParent
     class class-default
      shape average 850000
      service-policy ADSLPrioritisationOutbound
    
    interface FastEthernet8
     no ip address
     ip virtual-reassembly in
     duplex auto
     speed auto
     pppoe-client dial-pool-number 1
     service-policy output ADSLPrioritisationOutboundParent
    

    And policy-map interface output:

    FastEthernet8
    
    Service-policy output: ADSLPrioritisationOutboundParent
    
    Class-map: class-default (match-any)
      18968101 packets, 6998385051 bytes
      5 minute offered rate 3000 bps, drop rate 0 bps
      Match: any
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/93737/0
      (pkts output/bytes output) 18874363/6936577128
      shape (average) cir 850000, bc 3400, be 3400
      target shape rate 850000
    
      Service-policy : ADSLPrioritisationOutbound
    
        queue stats for all priority classes:
    
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 3860623/1070194985
    
        Class-map: VOICE (match-any)
          3860628 packets, 1070196895 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol sip
            97348 packets, 49867304 bytes
            5 minute rate 0 bps
          Match: protocol rtp
            3763280 packets, 1020329591 bytes
            5 minute rate 0 bps
          Match: access-group name NEC-PBX
            0 packets, 0 bytes
            5 minute rate 0 bps
          Priority: 40% (340 kbps), burst bytes 8500, b/w exceed drops: 5
    
    
        Class-map: SSH (match-any)
          89497 packets, 19838544 bytes
          5 minute offered rate 2000 bps, drop rate 0 bps
          Match: protocol ssh
            89497 packets, 19838544 bytes
            5 minute rate 2000 bps
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 89497/19838544
          bandwidth 80 kbps
    
        Class-map: LogMeIn (match-any)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group name LogMeIn
            0 packets, 0 bytes
            5 minute rate 0 bps
          Priority: 20% (170 kbps), burst bytes 4250, b/w exceed drops: 0
    
    
        Class-map: class-default (match-any)
          15017976 packets, 5908349612 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
          Queueing
          queue limit 64 packets
          (queue depth/total drops/no-buffer drops/flowdrops) 0/93732/0/93732
          (pkts output/bytes output) 14924243/5846543599
          Fair-queue: per-flow queue limit 16
    

    I'm assuming you mean IOS version 15.1 in the first sentence? I just want to clarify before making an edit.

    Heh, yes. Sorry. Don't know what's going on... Keys are getting stuck tonight. Lots of typo's.

  • Your question's pretty broad. There's a lot of different commands you can use to troubleshoot and monitor QoS, so I'll focus on the primary question you have, which is how to reasonably verify your QoS configuration is working and how to read the policy-map interface output.

    The only true way to verify that QoS is working is to hook up a traffic generator and monitor your drop rate in various queues. Since that isn't typically feasible, particularly in a production environment, all you can really do is verify that the traffic is being marked and classified properly.

    What you're really looking for, when it comes to verifying if your QoS configuration is working, is for the counters in the policy-map interface command to increment.

    So, for example, in the output your provided:

    Class-map: VOICE (match-any)
      3860628 packets, 1070196895 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol sip
        97348 packets, 49867304 bytes
        5 minute rate 0 bps
      Match: protocol rtp
        3763280 packets, 1020329591 bytes
        5 minute rate 0 bps
      Match: access-group name NEC-PBX
        0 packets, 0 bytes
        5 minute rate 0 bps
      Priority: 40% (340 kbps), burst bytes 8500, b/w exceed drops: 5
    

    You can see that you're seeing packets under SIP and RTP, but not NEC-PBX. If you know you're getting SIP and RTP traffic across a link, you should see the packet counts increment and that's a reasonable way to know that your configuration is basically working.

    Thanks. What do you mean by "monitor drop rate in various queues"? Is this the "drop rate X bps"? Regarding my example with needing a parent shaper for ADSL QoS, I had originally decided QoS was working when I saw the traffic get matched - but in the end it wasn't really doing any good. I agree that the question is still broad (I even tried to re-write it before I posted!). I'll make some edits shortly, and would appreciate any insights. Thanks again!

    Ok there. I think if I at least fully understood those bits about the policy-map output, I'd be able to understand what's happening.

    There's two things in particular you need to look at when you're verifying the configuration. The first is the total packet count and rate under the entire class and each individual "Match" line. That will tell you if packets are matching the policies and being classified/marked/prioritized appropriately (depending on what kind of policy you're looking at). The other thing is the drop rate under each, as well. Under normal network conditions, you probably shouldn't see drops in most classes, so a 0 isn't a problem. But if you are congested, then you'll see drops.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM