8

I have the following type of links at the edge of my ISP cloud:

                                                                    +-----------------------+
                                                                    |    Customer 1         |
                                                                    |-----------------------|
  +-----------------------+                             +----------->                       |
  |        XMR            |                             |           |                       |
  |-----------------------|                             |           +-----------------------+
  |                       |         +-------------------+--+
  |                       |         |      BT Cloud        |
  |                       |         |----------------------|
  |                       |         |                      |
  |                       +--------->                      |        +-----------------------+
  |                       |         |                      |        |    Customer 2         |
  +-----------------------+         +-------------------+--+        |-----------------------|
                                                        |           |                       |
                                                        +----------->                       |
                                                                    +-----------------------+

On the left is a Brocade XMR. This is connected via a single gig link to many carriers, in this example BT. BT provide us with many point to point links over this single link at the A end. The B end then segregate and go to each geographically disperse site. On the A end, the XMR port, we specify which site the traffic goes to via a pre agreed upon vlan ID.

This all works perfectly fine and we have many of these links to BT and a load of other carriers.

The issue mainly is QoS outbound from the XMR. While there is a gig link between my XMR and the carriers, those inner circuits could be anything from 2Mb up to a gig.

Let's assume that Customer 1 has a 10Mb link. They want 25% of this link to be reserved for EF marked traffic. This is easy to do outbound on the CPE level as I can shape the interface to 10Mb and then give priority percent 25 to EF marked packets. On the A end however, the XMR considers this entire link to be 1Gb. It doesn't know that vlan 2000 off to Customer site 1 is only 10Mb (BT is policing it to 10Mb within their own network)

H-QoS would be ideal as I could shape vlan 2000 to 10Mb, and then within that shaped value give 25% to EF. The issue is that H-QoS on the XMR is only supported on the 8X10Gb module. None of the carriers we use are giving native 10Gb yet straight to us (Just plenty of 1Gb links)

My plan is to stick another device between the XMR and the carrier that simply does H-QoS. I've been looking at the Cisco ME3600X which supposedly can do H-QoS based on the vlan ID. Does anyone have experience with this particular feature on the ME3600X or perhaps give me a better idea of doing this?

Essentially I would like to have a config that looks sort of like this if it makes more sense:

policy-map out-policy-parent
class vlan2000
 shape average 10000000
 service-policy out-policy
class vlan2001
 shape average 20000000
 service-policy out-policy

policy-map out-policy
 class EF
 priority percent 25
 class AF21
 bandwidth percent 50

interface gigabitethernet0/1
service-policy output out-policy-parent
mellowd
  • 3,824
  • 19
  • 24
  • Have you asked BT about QoS service? They should be able to deliver it on the congestion point (they do for us) then you don't need any QoS on the NNI, just ensure your markings as correct. – ytti Jun 20 '13 at 06:42
  • I know BT offer, but other carriers don't. Virgin/Colt/TalkTalk etc don't have as robust a policy. I need something that will be carrier-neutral completely. Also, as always in the case of business, BT's QoS offering comes at a higher cost and the business wants less cost – mellowd Jun 20 '13 at 06:57
  • ACK. Looks like you need to go shopping. ME3600X does work for this, but has limited buffers ME3800X has deeper buffers. But frankly, I'd go ASR9001 or MX104 as your NNI router and leave XMR in core/nonQoS termination. – ytti Jun 20 '13 at 08:29
  • ME3800X is three times price of the ME3600X. If I had the budget I would gladly get an ASR9k or MX but my hands are tied. Seems the 3800 has 352Mb of buffers while the 3600 has only 44Mb. A significant difference. Are there any calculations out there for me to figure out exactly what 44Mb of buffers would give me? – mellowd Jun 20 '13 at 21:07
  • I dunno about hardware scaling but ME series can definitely do this kind of thing on a per VLAN basis. You'd have to do your homework though re: say how many nested policy maps it supports for example, maybe you have 1000 VLANs for example and I doubt you can create 1000 sub policies. UNfortunately My biggest ME is the humble 3400X and I am just aggregating two 100M circuits and multi-tenanting maybe 6-7 VLANs (and most of them are actually physically separated so I have no scaling issues) You could also look at an actual appliance like Exinda to shape per VC. BTW Glad to see you here mellow – wintermute000 Jun 22 '13 at 11:47
  • Currently the maximum amount of VC circuits on a single interface is around 30. It really depends on the speed. i.e. we can't put more than 10X100Mb on a single gig interface unless we wanted to oversubscribe (which we dont) We are getting a ME3600X in to test, but I'm worried about buffer sizes – mellowd Jun 22 '13 at 12:04
  • Have you thought about a dedicated appliance? We use Exindas to great effect here in prod, old midrange unit (4 years old) handles around 250M concurrently with a dizzyingly complex variety of queues (VCs) each set to allow different amounts at different times. They scale all the way up to 10G so theoretically as long as one physical bridge can accomodate the number of VCs you need this could be a great way to go. Also I guess you need ot check whether they can classify a VC via VLAN tag as we use IP ranges. Bonus: they fail to wire, unlike a ME. You also get traffic reporting too as a bonus. – wintermute000 Jun 22 '13 at 13:59
  • Do you have the Exinda product number any chance? – mellowd Jun 22 '13 at 14:10
  • It's bit hard to answer your scaling question accurately. But lets try some rough questimate, let's assume your QoS policy is 1 flat shaper under which you have 4 classes. This would use 5 queues. on 3600X that would mean 800 customers on 3800X that would mean 6400 customers. Each queue would have about 11ms of buffering which seems sufficient. Minimum premium you'd need to charge, if we assume you get 100% full (which you probably wont). Is 3600X_price/800 or 3800X_price/6400. I'd recommend doing calculations to check if ASR9k or MX104 costs more or less. – ytti Jun 24 '13 at 08:53
  • We use the 8762 (just went in Saturday). Hardly breaking a sweat at right now its only doing maybe 300Mb concurrently and is specced for up to 5Gb! We overspecced because the mid range model beneath it could only handle 3 bridges or something like that, and we need to leave room for more physical bridges in case we bring in more carriers etc. They also do great pricing for 'fastboxes' which is basically a failover unit connected inline (fail to wire remember) with no license attached http://www.exinda.com/products/network-control-suite#data-center-8762-15 – wintermute000 Jun 24 '13 at 11:13
  • wintermute000 - I'd like to chat about this a bit more in depth, I don't see a way on here to PM/DM though :( – mellowd Jun 24 '13 at 11:46
  • Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could post and accept your own answer. – Ron Maupin Jan 03 '21 at 20:03

1 Answers1

2

While I don't think it's as "robust" as H-QoS/giving percentages based on DSCP values and would probably require more configuration overhead, you could rate-limit outbound against L2 ACL's that reference a VLAN. Example:

policy-map 10Mbps
  cir 9992688 cbs 32768 eir 0 ebs 1250 excess-priority 0

!numbered access lists in the range of 400-599 are for L2 MAC access lists
access-list 400 permit any any 2000 etype any
!2000 will represent the VLAN ID

interface ethernet 1/1
  qos pcp encode-policy off     ! preserve outer VLAN CoS if applicable
  rate-limit strict-acl         ! drop traffic that's denied by a rate-limiting ACL
  rate-limit output access-group 400 policy-map 10Mbps

According to the docs, you can bind multiple rate limiting policies to a single port, however once a matching ACL clause is found for a packet, the device doesn't evaluate subsequent clauses in the rate limiting ACL and subsequent rate limiting ACLs.

As to setting EF, instead of doing that you may be able to commit to 25% of the 10Mbps and the rest can go to an EIR/EBS value.

John Jensen
  • 8,997
  • 4
  • 29
  • 47
  • If broundry accepts cos/DSCP for that access-list, you could potentially do non-burstable QoS (each class has fixed share). But it would be exceedingly hard to sell QoS where each class is non-burstable (imagine your BE ever only getting say 30% even when no other class has any demand to the link) – ytti Jun 20 '13 at 07:31