Mailing List Archive

asr1001-x : dynamic qos on virtual-template
Hello
I'm using cisco ASR1001-X (Cisco IOS XE Software, Version 16.09.05) as LNS.

I'm trying to set-up a QoS class to priorize outgoing trafic (from LNS to
the CPE establishing the PPP session)

Each time I try to attach the policy-map to the virtual-template I get this
error when a PPP session is brought up :

%QOS-6-POLICY_INST_FAILED: Service policy installation failed on SSS
session identifier 20 -. service-policy not applicable for interface
features. policy:parent, dir:OUT, ptype:, ctype:DEFAULT

Here's my config :

class-map match-any QOS-class-voip
match dscp cs3
match dscp ef
class-map match-any generic_data
match ip dscp default
!
policy-map child
class QOS-class-voip
police cir 10000000
conform-action transmit
exceed-action transmit
priority
class generic_data
bandwidth remaining percent 80
policy-map parent
class class-default
shape average percent 100
service-policy child

interface Virtual-Template1
service-policy output parent
[...]

What am I doing wrong ? Is there a way to do dynamic QoS on
virtual-templates ? ( = always priorise a class-map) ?

Regards,
Cédric
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hi,

On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET C?dric wrote:
> policy-map parent
> class class-default
> shape average percent 100
> service-policy child

"average percent 100" of... what?

gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany gert@greenie.muc.de
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
100% of the bandwidth of the virtual-access interface linked to the
virtual-template on which I attach the policy-map

Le lun. 15 févr. 2021 à 14:07, Gert Doering <gert@greenie.muc.de> a écrit :

> Hi,
>
> On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET Cédric wrote:
> > policy-map parent
> > class class-default
> > shape average percent 100
> > service-policy child
>
> "average percent 100" of... what?
>
> gert
> --
> "If was one thing all people took for granted, was conviction that if you
> feed honest figures into a computer, honest figures come out. Never
> doubted
> it myself till I met a computer with a sense of humor."
> Robert A. Heinlein, The Moon is a Harsh
> Mistress
>
> Gert Doering - Munich, Germany
> gert@greenie.muc.de
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
note that I have the same error message with :

policy-map parent
class class-default
shape average 100000000
service-policy child

Le lun. 15 févr. 2021 à 14:38, BASSAGET Cédric <cedric.bassaget.ml@gmail.com>
a écrit :

> 100% of the bandwidth of the virtual-access interface linked to the
> virtual-template on which I attach the policy-map
>
> Le lun. 15 févr. 2021 à 14:07, Gert Doering <gert@greenie.muc.de> a
> écrit :
>
>> Hi,
>>
>> On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET Cédric wrote:
>> > policy-map parent
>> > class class-default
>> > shape average percent 100
>> > service-policy child
>>
>> "average percent 100" of... what?
>>
>> gert
>> --
>> "If was one thing all people took for granted, was conviction that if you
>> feed honest figures into a computer, honest figures come out. Never
>> doubted
>> it myself till I met a computer with a sense of humor."
>> Robert A. Heinlein, The Moon is a Harsh
>> Mistress
>>
>> Gert Doering - Munich, Germany
>> gert@greenie.muc.de
>>
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
policy-map child
class QOS-class-voip
police cir 10000000
conform-action transmit
exceed-action drop
class generic_data
bandwidth remaining percent 90
policy-map parent
class class-default
shape average 100000000
service-policy child



results in the same error :
Feb 15 14:00:20.145: %QOS-6-POLICY_INST_FAILED: Service policy installation
failed on SSS session identifier 34 -. service-policy not applicable for
interface features. policy:parent, dir:OUT, ptype:, ctype:DEFAULT
Regards


Le lun. 15 févr. 2021 à 14:52, Karsten Thomann via cisco-nsp <
cisco-nsp@puck.nether.net> a écrit :

>
>
>
> ---------- Forwarded message ----------
> From: Karsten Thomann <karsten_thomann@linfre.de>
> To: cisco-nsp@puck.nether.net
> Cc:
> Bcc:
> Date:
> Subject: Re: [c-nsp] asr1001-x : dynamic qos on virtual-template
> Have you tried setting exceed-action drop instead of transmit for voice?
>
> Am Montag, 15. Februar 2021, 14:42:34 schrieb BASSAGET Cédric:
> > note that I have the same error message with :
> >
> > policy-map parent
> > class class-default
> > shape average 100000000
> > service-policy child
> >
> > Le lun. 15 févr. 2021 à 14:38, BASSAGET Cédric
> > <cedric.bassaget.ml@gmail.com>
> > a écrit :
> > > 100% of the bandwidth of the virtual-access interface linked to the
> > > virtual-template on which I attach the policy-map
> > >
> > > Le lun. 15 févr. 2021 à 14:07, Gert Doering <gert@greenie.muc.de> a
> > >
> > > écrit :
> > >> Hi,
> > >>
> > >> On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET Cédric wrote:
> > >> > policy-map parent
> > >> >
> > >> > class class-default
> > >> >
> > >> > shape average percent 100
> > >> >
> > >> > service-policy child
> > >>
> > >> "average percent 100" of... what?
> > >>
> > >> gert
> > >> --
> > >> "If was one thing all people took for granted, was conviction that if
> you
> > >>
> > >> feed honest figures into a computer, honest figures come out. Never
> > >>
> > >> doubted
> > >>
> > >> it myself till I met a computer with a sense of humor."
> > >>
> > >> Robert A. Heinlein, The Moon is a Harsh
> > >>
> > >> Mistress
> > >>
> > >> Gert Doering - Munich, Germany
> > >> gert@greenie.muc.de
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
>
> ---------- Forwarded message ----------
> From: Karsten Thomann via cisco-nsp <cisco-nsp@puck.nether.net>
> To: cisco-nsp@puck.nether.net
> Cc:
> Bcc:
> Date: Mon, 15 Feb 2021 08:52:32 -0500 (EST)
> Subject: Re: [c-nsp] asr1001-x : dynamic qos on virtual-template
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hello,
well that's not gonna work as the Vi does not really know about the CPEs access bandwidth
and in this case it uses the physical interface bandwidth (eg 1G, 10G,..) as a base.
Good read imho: https://null.53bits.co.uk/index.php?page=adsl-and-lns-shaping-llq
Someone also wrote about dynamic qos for solving the phyiscal speed problem here:
http://www.dnzydn.com/2018/09/19/asr-1000-parameterized-qos/
(haven't yet tested this though I'd be interested in some free-radius magic to read
dsl-sync-speeds from LNS radius reply and reinsert those into the qos-parameters)

We apply qos via radius like this:
cisco-avpair += "ip:sub-qos-policy-out=2MBIT"

This has of course to exist at the lns-config:

policy-map 2MBIT
class class-default
shape average 2000000

you could also add another service-policy here like:
policy-map 20MVOIP
class class-default
shape average 20000000
service-policy VOIP1M

also voip1m has to be in the config eg:
policy-map VOIP1M
description VoIP Prio fuer 1Mbit
class SIGNALING
bandwidth 100
class MEDIA
bandwidth 1000
class class-default
fair-queue

after all by using shape average there is now a specific value available and you can do percents and a whole lot more like this:

policy-map QOS-SPECIAL
description some test
class class-default
shape average 3500000
service-policy QOS-SPECIAL-TREE

policy-map QOS-SPECIAL-TREE
description HiPrio for some rdp ssh and a host
class CM-SPECIAL
set ip dscp ef
priority percent 30
queue-limit 64 packets
class class-default
fair-queue

class-map match-any CM-SPECIAL
description special match high-prio by ACL
match access-group name ACL-SPECIAL

ip access-list extended ACL-SPECIAL
remark SPECIAL-QoS-ACL example
permit tcp any any eq 22 3389
permit tcp any eq 22 3389 any
remark singlehost prio
permit tcp host 192.0.2.1 any

hope this helps and if someone has some freeradius magic to share - please do.

regards,
hk

> -----Ursprüngliche Nachricht-----
> Von: cisco-nsp <cisco-nsp-bounces@puck.nether.net> Im Auftrag von
> BASSAGET Cédric
> Gesendet: Montag, 15. Februar 2021 14:38
> An: Gert Doering <gert@greenie.muc.de>
> Cc: Cisco-nsp <cisco-nsp@puck.nether.net>
> Betreff: Re: [c-nsp] asr1001-x : dynamic qos on virtual-template
>
> 100% of the bandwidth of the virtual-access interface linked to the virtual-
> template on which I attach the policy-map
>
> Le lun. 15 févr. 2021 à 14:07, Gert Doering <gert@greenie.muc.de> a écrit :
>
> > Hi,
> >
> > On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET Cédric wrote:
> > > policy-map parent
> > > class class-default
> > > shape average percent 100
> > > service-policy child
> >
> > "average percent 100" of... what?
> >
> > gert
> > --
> > "If was one thing all people took for granted, was conviction that if
> > you feed honest figures into a computer, honest figures come out.
> > Never doubted it myself till I met a computer with a sense of humor."
> > Robert A. Heinlein, The Moon is a Harsh
> > Mistress
> >
> > Gert Doering - Munich, Germany
> > gert@greenie.muc.de
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hi Harald !
http://www.dnzydn.com/2018/09/19/asr-1000-parameterized-qos/ seems
interesting, I'll take a look at it.

QoS I'm trying to deploy is not for DLS links, it's for FTTH. I have no
information about CPE throughput capabilities in access-request or
accounting messages.

I'll take a look at parameterized qos ans I'll also read
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-16/qos-plcshp-xe-16-book.html
Regards


Le lun. 15 févr. 2021 à 15:12, Harald Kapper <hk@kapper.net> a écrit :

> Hello,
> well that's not gonna work as the Vi does not really know about the CPEs
> access bandwidth
> and in this case it uses the physical interface bandwidth (eg 1G, 10G,..)
> as a base.
> Good read imho:
> https://null.53bits.co.uk/index.php?page=adsl-and-lns-shaping-llq
> Someone also wrote about dynamic qos for solving the phyiscal speed
> problem here:
> http://www.dnzydn.com/2018/09/19/asr-1000-parameterized-qos/
> (haven't yet tested this though I'd be interested in some free-radius
> magic to read
> dsl-sync-speeds from LNS radius reply and reinsert those into the
> qos-parameters)
>
> We apply qos via radius like this:
> cisco-avpair += "ip:sub-qos-policy-out=2MBIT"
>
> This has of course to exist at the lns-config:
>
> policy-map 2MBIT
> class class-default
> shape average 2000000
>
> you could also add another service-policy here like:
> policy-map 20MVOIP
> class class-default
> shape average 20000000
> service-policy VOIP1M
>
> also voip1m has to be in the config eg:
> policy-map VOIP1M
> description VoIP Prio fuer 1Mbit
> class SIGNALING
> bandwidth 100
> class MEDIA
> bandwidth 1000
> class class-default
> fair-queue
>
> after all by using shape average there is now a specific value available
> and you can do percents and a whole lot more like this:
>
> policy-map QOS-SPECIAL
> description some test
> class class-default
> shape average 3500000
> service-policy QOS-SPECIAL-TREE
>
> policy-map QOS-SPECIAL-TREE
> description HiPrio for some rdp ssh and a host
> class CM-SPECIAL
> set ip dscp ef
> priority percent 30
> queue-limit 64 packets
> class class-default
> fair-queue
>
> class-map match-any CM-SPECIAL
> description special match high-prio by ACL
> match access-group name ACL-SPECIAL
>
> ip access-list extended ACL-SPECIAL
> remark SPECIAL-QoS-ACL example
> permit tcp any any eq 22 3389
> permit tcp any eq 22 3389 any
> remark singlehost prio
> permit tcp host 192.0.2.1 any
>
> hope this helps and if someone has some freeradius magic to share - please
> do.
>
> regards,
> hk
>
> > -----Ursprüngliche Nachricht-----
> > Von: cisco-nsp <cisco-nsp-bounces@puck.nether.net> Im Auftrag von
> > BASSAGET Cédric
> > Gesendet: Montag, 15. Februar 2021 14:38
> > An: Gert Doering <gert@greenie.muc.de>
> > Cc: Cisco-nsp <cisco-nsp@puck.nether.net>
> > Betreff: Re: [c-nsp] asr1001-x : dynamic qos on virtual-template
> >
> > 100% of the bandwidth of the virtual-access interface linked to the
> virtual-
> > template on which I attach the policy-map
> >
> > Le lun. 15 févr. 2021 à 14:07, Gert Doering <gert@greenie.muc.de> a
> écrit :
> >
> > > Hi,
> > >
> > > On Mon, Feb 15, 2021 at 01:51:33PM +0100, BASSAGET Cédric wrote:
> > > > policy-map parent
> > > > class class-default
> > > > shape average percent 100
> > > > service-policy child
> > >
> > > "average percent 100" of... what?
> > >
> > > gert
> > > --
> > > "If was one thing all people took for granted, was conviction that if
> > > you feed honest figures into a computer, honest figures come out.
> > > Never doubted it myself till I met a computer with a sense of humor."
> > > Robert A. Heinlein, The Moon is a Harsh
> > > Mistress
> > >
> > > Gert Doering - Munich, Germany
> > > gert@greenie.muc.de
> > >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hi Cédric,

On Monday, 15 February, 2021 14:29, "BASSAGET Cédric" <cedric.bassaget.ml@gmail.com> said:

> QoS I'm trying to deploy is not for DLS links, it's for FTTH. I have no
> information about CPE throughput capabilities in access-request or
> accounting messages.

If your access circuit is FTTH, you shouldn't have the same problem as DSL or FTTC, where the actual sync speed and hence bandwidth available can be all over the place, and you need to account for it in your policy. Keeping things simple, and following Harald's examples of pushing a fixed-name policy via RADIUS might be a better way to go.

Presumably you only have to deal with whatever service tiers are available on your FTTH service, e.g. you need a 100M, 300M and 900M policy with the corresponding parent shaper, not all the possible bandwidth rates in between. If you've bought 100M FTTH on the access side, you should get 100M, not worry about exactly what "up to 100M" speed you've managed to sync at.

Cheers,
Tim.


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hi Cédric,

On Monday, 15 February, 2021 15:51, "BASSAGET Cédric" <cedric.bassaget.ml@gmail.com> said:

> The problem here is that I don't know the speed on the access side. I know
> it will go up to 1Gb/s down - 250Mb/s up. But it can be lower than that, as
> it's GPON architecture.
> We don't sell a fixed (guaranteed) bandwidth to customers. We sell it as
> "up to 1Gb/s down - 250Mb/s up" as we are not able to guaranty bandwidth.

That's contention in the network, though, not speed to the CPE, unless I'm missing something. Nothing's going to report in a PPP connection how much traffic is making it through the access layer to the LNS. Not the same thing as DSL/FTTC, where you've got a physical negotiation going on between the CPE and the DSLAM to agree the upstream / downstream speeds of a particular copper pair, before you even get to any further contention

So you can treat it as:

- You have 1G from the LNS to the CPE. You can choose which 1G of packets to put into that sessions. Sometimes the access layer will discard some of those packets, you don't have any control over that. Make a 1G shaper, with your voice priority class in it. Voice won't get discarded in favour of data in the parts you control.

- You have some amount of bandwidth from the LNS to the CPE that's (almost) always achievable - what that is will depend on your exact access layer set-up, split ratio, etc. Maybe that's 250M downstream. You build your shaper around that value, with your voice priority class in it. You've got control of exactly which 250M stream leaves your LNS, with a high expectation that all of those packets reach the CPE - BUT the customer will never get more throughput than that, even if all the other links on the GPON node are idle.

It's really down to whether you're after higher-bandwidth with "intelligent discard" QoS, or something closer to a guaranteed but lower bandwidth.

I'm not aware of anything in the FTTH space that would let you detect congestion in the access layer and back off the parent shaper accordingly. Neither end has that info, without you building some kind of active probes of your own.

What's the problem you're trying to solve? Customers with >1G of traffic trying to go downstream, and you need to make sure data packets are discarded rather than voice?

Cheers,
Tim.


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: asr1001-x : dynamic qos on virtual-template [ In reply to ]
Hi Cédric,

On Tuesday, 16 February, 2021 07:46, "BASSAGET Cédric" <cedric.bassaget.ml@gmail.com> said:

> I tried something like this :
> class-map match-any QOS-class-voip
> match dscp cs3
> match dscp ef
> !
> policy-map child
> class QOS-class-voip
> police cir 10m
> conform-action transmit
> exceed-action drop
> class class-default
> policy-map parent
> class class-default
> shape average 1g
> service-policy child
> !
> interface Virtual-Template1
> service-policy output parent
>
> but when the PPPoE session comes up, I still have this error :
> %QOS-6-POLICY_INST_FAILED: Service policy installation failed on SSS
> session identifier 66 -. service-policy not applicable for interface
> features. policy:parent, dir:OUT, ptype:, ctype:DEFAULT

Does Harald's suggested RADIUS-push of:

cisco-avpair += "ip:sub-qos-policy-out=parent"

rather than applying to the virtual-template work instead? You'd need to push it for every user, obviously. That's the way I've had QoS-policies applied to the created virtual-access sub-interfaces in the past.

Cheers,
Tim.


_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/