Configure QoS on C3 SecureStack to prioritize video/voice traffic.


I have a DR site connected to my corporate office. The DR site is using a older C3G Securestack. The corporate office is using a N7 switch with platinum DFEs.

My question is how do I configure QoS. The config guide and feature guide on the Extreme website might as well be in ancient Babylonian. It doesn't make any sense to me. All I'm trying to do is ensure VoIP traffic and my video conference system gets first priority. If the video conference system is tagging packets as EF, why can't I just create an access-list in the (router) like this and assign it to a vlan interface.

access-list 100 permit ip any any dscp ef assign-queue 5
access-list 100 permit ip any any assign-queue 4

I this should work but I never lose my jitter on the video system and the Enterasys documentation doesn't ever seem to offer this as an example.

21 replies

Userlevel 4
Can you give us more information as to how these different systems and sites are connected? If they are connected via a WAN, do you know if the WAN vendor is honoring QOS?
The two sites are connected over AT&T MPLS network over an IPSec tunnel via some Cisco routers. QoS is configured on those. My issue is how to configure the last mile on the C3 switch. For some reason I can't seem to wrap my brain around how to do it.
I could generate the code you would need to do this in "policy". That is the Enterasys way of doing things.
I can still implement "policy" if I don't have Netsight installed right? If so I would love your block of code
Joshua Sanders wrote:

I can still implement "policy" if I don't have Netsight installed right? If so I would love your block of code

Sure, give me a little bit.
set policy profile 1 name "Default Policy" pvid-status enable pvid 4095 cos-status enable cos 6

you can also mess with

#cos stateset cos state enable
!

#cos setting
set cos setting 0 irl-reference 0
set cos setting 1 irl-reference 1
set cos setting 2 irl-reference 2
set cos setting 3 irl-reference 3
set cos setting 4 irl-reference 4
set cos setting 5 irl-reference 5
set cos setting 6 irl-reference 6
set cos setting 7 irl-reference 7

You can also apply a policy to a port by

set policy port ge.1.4 1 <- 1 is the policy ID.

show policy profile all
Userlevel 4
Jeremy Gibbs wrote:

set policy profile 1 name "Default Policy" pvid-status enable pvid 4095 cos-status enable cos 6

you can also mess with

#cos stateset cos state enable
!

#cos setting
set cos setting 0 irl-reference 0
set cos setting 1 irl-reference 1
set cos setting 2 irl-reference 2
set cos setting 3 irl-reference 3
set cos setting 4 irl-reference 4
set cos setting 5 irl-reference 5
set cos setting 6 irl-reference 6
set cos setting 7 irl-reference 7

You can also apply a policy to a port by

set policy port ge.1.4 1 <- 1 is the policy ID.

show policy profile all

This looks correct, great example Jeremy.
Where in this is the prioritization happening? I entered what you gave me (except I used policy index 8 and called it "video" but I'm still seeing about 20ms of jitter and a large amount of packet loss on the video conference system plugged into ge.1.4
Userlevel 7
Hi,

did you see the command
set cos state enable[/code]in the above (it was appended to the preceding line and could be overlooked). This is needed for re-marking.

The C3 prioritizes on the CoS bits by default. The policy in the above re-marks inbound frames with CoS 6. This policy is used if it is bound to a port or user. That could be accomplished using
set policy port PORTSTRING POLICY_ID[/code]In the example above, PORTSTRING was ge.1.4 and POLICY_ID was 1.

You might be interested in one of the following GTAC Knowledge articles:
The QoS documentation is indeed hard to read, because it describes a complex system in just a few pages.

Erik
yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.
Userlevel 4
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

Remember QOS does not really "kick in" until there is congestion on the switch. WANs and choke points are where QOS really helps.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

Well, if I'm seeing jitter on my system that would indicate congestion no?
Userlevel 4
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

You probably have congestion somewhere. Unless you have a huge WAN connection or you generating a lot of traffic locally, I doubt the C3 is the source of your bottleneck. A couple of things you can look at on the C3 is CPU utilization and the amount of broadcast traffic. Firewalls, routers, and WANs are usually the bottlenecks.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

Well I'm double checking my cisco routers that connect the two sites to verify the config but shouldn't there be some sort of prioritization that happens at layer 3 on the C series. The voice traffic is on 1 VLAN and the subnet that the router is connected to is on another VLAN.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

Are you routing on the C3? IPsec itself adds delay because it requires CPU cycles on the router. (unless you running some sort off offload.) Are you giving your voice packets priority in the IPSec queue?

On the C3 you are able to assign priority based on VLAN but once that packet leaves the C3 you have to identify voice packets another way like with DiffServ.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

I am routing on the C3. core, distribution & access are all collapsed on this C3 (it's a small site).
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

How are you identifying the voice packets when they leave the C3 and hit the cisco router?
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

The endpoints are marking them with dscp values. My cisco routers are identifying the dscp headers and prioritizing as appropriate to their value.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

I can only Monday morning quarterback from here but I would put the C3 at the bottom of the list of possible reasons for jitter. The C3 is a reasonably high-speed CPU, gigabit switch but I bet the cisco routers could not come close to processing a gigabit of IPsec traffic.
Joshua Sanders wrote:

yup. ran both cost state enable as well as mapped it to the port. Not sure, maybe there is something with the Cisco routers linking the sites.

right, I'm verifying my Cisco config now. It's actually only a megabit of traffic. The Cisco router at one of the sites only has a Fast Ethernet connection.
Userlevel 4
Joshua I would be looking at the choke points in the path and the Fast Ethernet connection would be my target. Good luck. It looks like you have already received some great advice from the community.

Reply