Configure QoS on C3 SecureStack to prioritize video/voice traffic.

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I have a DR site connected to my corporate office. The DR site is using a older C3G Securestack. The corporate office is using a N7 switch with platinum DFEs.

My question is how do I configure QoS. The config guide and feature guide on the Extreme website might as well be in ancient Babylonian. It doesn't make any sense to me. All I'm trying to do is ensure VoIP traffic and my video conference system gets first priority. If the video conference system is tagging packets as EF, why can't I just create an access-list in the (router) like this and assign it to a vlan interface. 

access-list 100 permit ip any any dscp ef assign-queue 5 
access-list 100 permit ip any any assign-queue 4 

I this should work but I never lose my jitter on the video system and the Enterasys documentation doesn't ever seem to offer this as an example. 
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
  • frustrated

Posted 2 years ago

  • 0
  • 1
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
Can you give us more information as to how these different systems and sites are connected?     If they are connected via a WAN, do you know if the WAN vendor is honoring QOS?  
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
The two sites are connected over AT&T MPLS network over an IPSec tunnel via some Cisco routers. QoS is configured on those. My issue is how to configure the last mile on the C3 switch. For some reason I can't seem to wrap my brain around how to do it. 
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
I could generate the code you would need to do this in "policy".  That is the Enterasys way of doing things.
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
I can still implement "policy" if I don't have Netsight installed right? If so I would love your block of code
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
Sure, give me a little bit.
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
set policy profile 1 name "Default Policy" pvid-status enable pvid 4095 cos-status enable cos 6

you can also mess with

#cos stateset cos state enable
!

#cos setting
set cos setting 0 irl-reference 0
set cos setting 1 irl-reference 1
set cos setting 2 irl-reference 2
set cos setting 3 irl-reference 3
set cos setting 4 irl-reference 4
set cos setting 5 irl-reference 5
set cos setting 6 irl-reference 6
set cos setting 7 irl-reference 7



You can also apply a policy to a port by 

set policy port ge.1.4 1  <- 1 is the policy ID.  

show policy profile all 
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
This looks correct, great example Jeremy.
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
Where in this is the prioritization happening? I entered what you gave me (except I used policy index 8 and called it "video" but I'm still seeing about 20ms of jitter and a large amount of packet loss on the video conference system plugged into ge.1.4
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,498 Points 10k badge 2x thumb
Hi,

did you see the command
set cos state enable
in the above (it was appended to the preceding line and could be overlooked). This is needed for re-marking.

The C3 prioritizes on the CoS bits by default. The policy in the above re-marks inbound frames with CoS 6. This policy is used if it is bound to a port or user. That could be accomplished using
set policy port PORTSTRING POLICY_ID
In the example above, PORTSTRING was ge.1.4 and POLICY_ID was 1.

You might be interested in one of the following GTAC Knowledge articles:
The QoS documentation is indeed hard to read, because it describes a complex system in just a few pages.

Erik
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites. 
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
I am routing on the C3. core, distribution & access are all collapsed on this C3 (it's a small site).
Photo of Curtis Parish

Curtis Parish

  • 102 Points 100 badge 2x thumb
How are you identifying the voice packets when they leave the C3 and hit the cisco router?  
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
The endpoints are marking them with dscp values. My cisco routers are identifying the dscp headers and prioritizing as appropriate to their value.
Photo of Curtis Parish

Curtis Parish

  • 102 Points 100 badge 2x thumb
I can only Monday morning quarterback from here but I would put the C3 at the bottom of the list of  possible reasons for jitter.    The C3 is a reasonably high-speed CPU,  gigabit switch but I bet the cisco routers could not come close to processing a gigabit of IPsec traffic.   
Photo of Joshua Sanders

Joshua Sanders

  • 190 Points 100 badge 2x thumb
right, I'm verifying my Cisco config now. It's actually only a megabit of traffic. The Cisco router at one of the sites only has a Fast Ethernet connection.
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
Joshua I would be looking at the choke points in the path and the Fast Ethernet connection would be my target.  Good luck. It looks like you have already received some great advice from the community.