Quick howto request (QoS on cisco 837)

growse · 20 Nov 2007 at 13:38

Hi all,

Can I get a quick guide on how to set up a simple QoS policy on a cisco 837 to prioritise dns, http and ssh over bittorrent? I believe this is mainly a latency issue rather than a bandwidth issue, as dns lookups and ssh sessions can get quite slow when I'm downloading a few things. I'm aware that I can only apply QoS to outbound traffic.

I've played with QoS before on cisco stuff so have a vague idea of what's what, but I'm a little sketchy on the details. Also, if there's a good way to test how effective the QoS is being, that'd be useful too

Thanks

growse · 22 Nov 2007 at 14:57

No-one?

growse · 23 Nov 2007 at 09:41

I do have NBAR:

Code:

Cisco IOS Software, C837 Software (C837-K9O3SY6-M), Version 12.3(11)YZ1, RELEASE

and 

ip nbar pdlm bittorrent.pdlm

So what I'm currently thinking is that I have three class-maps for traffic:

Code:

class-map match-any web-class
 match protocol ssh
 match protocol secure-http
 match protocol http
 match protocol dns
class-map match-all everything-else
class-map match-any bittorrent-class
 match protocol bittorrent

I then figure I need a policy that covers these three classes. My uncertainty is what options to set on each class. My options are:

Code:

#?
QoS policy-map class configuration commands:
  bandwidth        Bandwidth
  drop             Drop all packets
  exit             Exit from QoS class action configuration mode
  netflow-sampler  NetFlow action
  no               Negate or set default values of a command
  police           Police
  priority         Strict Scheduling Priority for this Class
  queue-limit      Queue Max Threshold for Tail Drop
  random-detect    Enable Random Early Detection as drop policy
  service-policy   Configure Flow Next
  set              Set QoS values
  shape            Traffic Shaping

growse · 23 Nov 2007 at 13:07

Cool - what if I wanted not to limit bandwidth, but prioritise a certain class over another to reduce the latency?

growse · 26 Nov 2007 at 15:33

Sorry to bring this up again, but i've got a strange issue.

I've applied the following policy to the dialler 1 interface outbound:

Code:

class-map match-all test
class-map match-any web-class
 match protocol ssh
 match protocol secure-http
 match protocol http
 match protocol dns
class-map match-any bittorrent-class
 match protocol bittorrent

policy-map upstream-policy
 class web-class
  police rate percent 50
    conform-action transmit
    exceed-action drop
 class bittorrent-class
  police rate percent 30
    conform-action transmit
    exceed-action drop
 class test
  police rate percent 20
    conform-action transmit
    exceed-action drop

And that seems to kill all https traffic originating from outside to my webserver on my LAN. Removing this policy immediately makes it start working again. Any idea why?

growse · 26 Nov 2007 at 22:52

That seems to have solved that problem, thanks. I'll have to wait and see if it's actually effective at doing what it's meant to