Extreme Networks

treese · ‎01-08-2020

I have a site connected with a transparent LAN circuit with minimal bw. We just deployed some servers that sync across the link but saturates the connection sometimes. The traffic is mostly SSL . I need to configured some traffic control and believe the best way to do this is to configure qp2 and qp3 and create an ACL with the 2 sources and single destination for the attributes then assign to the correct qp and physical port on the switch. If this is the recommended way to do this I would like to know. Also I’m having trouble understanding the min and max bandwidth. I plan on applying the config ingress too. If I give each source a minimum of 20 and max of 50 then essentially the pipe could be over subscribed if both source servers kicked off at the same time. The sync are not on a schedule.

configure qosprofile QP2 minbw 20 maxbw 50 ports 1:1
configure qosprofile QP3 minbw 20 maxbw 50 ports 2:1

entry WEB1-QP2 {
if match all {
source-address 2.2.2.2/32 ;
destination-address 1.1.1.1/32 ;
}
then {
qosprofile QP2 ;
}
}
entry WEB2-QP3 {
if match all {
source-address 3.3.3.3/32 ;
destination-address 1.1.1.1/32 ;
}
then {
qosprofile QP3 ;
}
}

The devices on each end are 440’s and we do have other traffic traversing the link. These 2 servers are the ones that saturate the link but other traffic is important and don’t want to degrade the remaining traffic. This traffic is not voice related. If you could point me to the right solution or forum and have suggestions it would be most appreciated. Thank you

FredrikB · ‎01-09-2020

Ok, then I see the need for an ACL to classify traffic. You use the minbw setup for the ports. Beware that this is the percentage of the link speed, not the 20 (or later 100) Mbps you have on the metro link. To get, say, 10 Mbps on a 1 Gbps interface you can set minbw 1 %, but you can’t get any more granular than that (and I don’t know how precise that will be in reality) and you won’t be able to set anything lower than 100 Mbps on the 10 G side as 1 % of 10 G is 100 M, so that method won’t work for you. I think prio is the way to go and it’s not any more complicated anyway.

treese · ‎01-09-2020

Untagged traffic and no ISL port in this design, the servers live behind a network unmanaged by us. The LAN on that side hits a pair of ASA FW’s which I have my 440 stack connected too, then the other end connects to my 440 stack at my location. I use a transit vlan to move the destination networks to and from. The transit vlan is tagged but this won’t help when the destination networks are e.g. 172.x.100.x/24, 172.x.101.x/24, 172.x.102.x/24 which live on the other side. Routes on the DC440 send the traffic back to HQ to our subnets. The port interfaces on the DC440 are 1Gb and the other side is DC440G2 10Gb. The circuit is 20Mb metro E. Which are in process of bumping up to 100Mb but I still want QoS in place to not saturate the circuit when the syncs kick off. Thanks

FredrikB · ‎01-09-2020

Are the server ports tagged or untagged? If not tagged, you could just put the port in a QP and have that traffic prioritized with a lower prio than the rest of the traffic. I normally stay away from shaping/policing unless I have to and work with prio instead. Why limit to a certain percent if you can say that other traffic should go first, and then the less important traffic can use whatever is left (up to 100 ? I don’t have the time right now to come up with a command set for you, but if you answer these questions you might get some good help:

Are the server ports tagged or untagged?

Is the inter-switch port/connection tagged or untagged?

What is the actual capacity of the link between the switches and what is the link speed? (Could be 2 Mbps actutal, 1 G link speed)

Do you have any other prio (802.1p) on tagged traffic coming in to any of the switches?

/Fredrik

Extreme Networks

QoS help - non voice related

QoS help - non voice related