Deployment Applications/DSL CPE QoS
From Cisco Clue
Contents |
QoS for DSL links
Some notes for deploying QoS (upstream only, for obvious reasons) on the little various Cisco router devices for homes and offices.
Huh?
Why is it here? It seems to be a hot topic and its not really ever done right.
Stuff this config does
- Not all Cisco devices have the same NAT PDLMs for various protocols built in and bug-free; tk has added a couple of custom ones for VoIP applications to work.
- Various infrastructure (DNS, TCP session connection) gets higher priority so flow-based fair queue gets the chance to actually -get- connections to shape.
- ADSL lines are generally asymmetric (the 'A', right?) - so you can tell your DSL interface about the available ATM bandwidth for upstream but not for downstream -but- it doesn't matter as you can't really apply QoS on stuff coming in anyway (unless you feel like rate-shaping downloads - but then you do classification on ingress and shaping on the egress ports; that exercise is left to the reader.)
The configuration snippets
Load in PDLMs:
ip nbar pdlm flash:/pdlm/rtp-124.pdlm ip nbar pdlm flash:/pdlm/skinny.pdlm
The class maps:
class-map match-any interactive match protocol ssh match protocol telnet class-map match-any voice match ip dscp ef match ip dscp 6 match protocol rtp class-map match-any www match access-group name http match access-group name https class-map match-any signaling match ip dscp cs3 match ip dscp af31 match access-group name tcp-syn match protocol dns match access-group name tcp-initial match protocol skinny !
The ACLs used by the above class maps:
ip access-list extended http permit tcp any any eq www permit tcp any eq www any ip access-list extended https permit tcp any any eq 443 permit tcp any eq 443 any ip access-list extended tcp-initial permit tcp any any match-all +ack +syn ip access-list extended tcp-syn permit tcp any any syn !
The policy-map:
policy-map dsl-upstream-qos class voice priority percent 50 class signaling priority percent 5 class interactive priority percent 20 class www bandwidth remaining percent 50 class class-default fair-queue 32 queue-limit 32 !
The ATM interface and sub-interface configuration:
interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp load-interval 30 no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.3 point-to-point no snmp trap link-status pvc 8/35 vbr-rt 384 384 1 tx-ring-limit 2 service-policy output dsl-upstream-qos pppoe-client dial-pool-number 1 ! !
The VLAN interface (its an 877; so the ethernet ports are an internal switch..) - note the NBAR:
interface Vlan1 ip address 10.10.10.1 255.255.255.0 no ip redirects no ip proxy-arp ip nbar protocol-discovery ip nat inside ip virtual-reassembly ip flow ingress ip tcp adjust-mss 1452 load-interval 30 ipv6 address 2001:4988:DEAD:BEEF:CAFE:1:0:1/96 ipv6 enable !
The dialer interface (note the NBAR):
interface Dialer0 ip address negotiated no ip redirects no ip proxy-arp ip mtu 1452 ip nbar protocol-discovery ip nat outside ip virtual-reassembly ip flow ingress encapsulation ppp ip tcp adjust-mss 1300 load-interval 30 dialer pool 1 dialer idle-timeout 0 dialer string nada dialer persistent delay 30 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname sung ppp chap password 0 not4u !
Because NATting SIP with the PDLM can be frought with pain:
no ip nat service sip udp port 5060
Credits
Config snippets by Tony Kapela. This document prepared by Adrian Chadd. This was built for a Cisco 877. Adrian tested it on a Cisco 827 by munging the NBAR rules into protocol/port ACLs as the 827 isn't grunty enough for NBAR.
Tony needs to remember how he verified this worked fine (I believe it involved plenty of iperf streams and connection attempts whilst testing VoIP.) I remember he found crack in the ATM interface tx-ring-queue setting.
Be prepared to test it set to 2. A value of 1 causes link flapping due to queue starvation causing PPP keepalive frame drops, as well as higher CPU usage. Also be aware that PPP keepalive frames (& all other non-IP traffic such as CDP, IS-IS, etc) are always matched by the "class-default" class, so if that queue is starved by priority queues long enough to discard them the link will drop.
This stuff only works "properly" if your ISP applies some sane QoS on the downstream from them to the client - not all ISPs do. This configuration does avoid early performance degredation due to piss-poor DSL upstream bandwidth - eg 8mbit downstream / 384kbit upstream. YMMV.
