Hey, if my data gets where its going by carrier pigeon, smoke-signal, super-duper-ninja-lasers, phone, speech, net, whatever, Im happy

lol, doesnt say a lot for people like me who write network based software

*mutter*

Still its a learning curve and maybe one day Ill save someone from the perils of Cisco by saying "No, dont be a tool...get a DG834" lol

Unfortunately its one of the problems that the logging on the Ciscos (unless you know the intricacies of the hidden debugs) arent as help ful as they could be. Still, better than a DG834 (but then you do need to use them more)

Right, Im off to re-engineer my datacentre for 4Gb internet load balancing...wish me luck.

Ciscos debugging is fun in general.

* Take 1 Cisco Router
* Make it talk BGP to somewhere else (e.g. tier 1 ISP)
* Stuff a reasonable amount of traffic through it
* Turn on debug

Now your task is to turn off debug in 30seconds or less

Good luck !

Cornet

tell me about it

I had trouble switching off debug on the WAN interface when it was just dealing with a pretty low amount of standard web traffic

The last command you type in before running any debug is undebug all

That way as soon as you hit enter on your debug you hit ctrl-P then hit enter.

And roberts your fathers brother

That is a quality tip

Quote from: Porch MonkeyThe last command you type in before running any debug is undebug all

That way as soon as you hit enter on your debug you hit ctrl-P then hit enter.

And roberts your fathers brother

Or use buffered logging and disable terminal/console monitor?

un a is usually sufficient if in a pickle  

Anyone up for some advice on setting up QoS policing ?

I cannot determine whether I need to use NBAR or whether a plan ACL will do to identify the traffic. My other problem is that I am not at all sure how to mark the traffic once it is identified so that I can treat it properly.

What I am trying to do (OTT no doubt) is prioritise both in and out (as much as possible with in) so that I get something similar to this:

Xbox Live   [Highest - upto 2mbit if needed]

Skype      [All just below Live!, again upto 1mbit if needed]
PPTP / GRE

Everything else   [Standard, as it happens]

NNTP      [Lowest, takes what it can when it can]


Any pointers ? I think my main problem is that I cannot figure out how to uniquiely identify the traffic that falls into the different classes.

Ok, Ive come up with this and so far I think its ok. Is there anything painfully obvious that I could be doing better ?

...updated below...

Ok; Ive updated to this but I am getting an error that I dont fully understand:


! Skype Port(s) Maybe ?
ip nbar port-map custom-01 tcp 39183
ip nbar port-map custom-01 udp 39183
! Windows RDP
ip nbar port-map custom-02 tcp 3389
ip nbar port-map custom-02 udp 3389
! Customised PCAnywhere - Remove 5634 from Gnutella range
ip nbar port-map gnutella tcp 6346 6347 6348 6349 6455
ip nbar port-map pcanywhere tcp 5631 5632 5633 5634 5635 5636 65301
ip nbar port-map pcanywhere udp 22 5631 5632 5633 5634 5635 5636 65301
!
!
ip access-list extended VPNout
permit ip any host 81.149.1.165
permit gre any host 81.149.1.165
!
!
ip access-list extended IMSkype
permit tcp any eq 1863 any
permit udp any eq 1863 any
!
!
ip access-list extended gaming
remark Counter-Strike
permit tcp any any range 27030 27039
permit tcp any any range 27015 27020
permit udp any any range 27000 27015
permit udp any any eq 1200
remark Xbox Live
permit tcp any any eq 3074
permit udp any any eq 3074
permit tcp any any eq 88
!
!
class-map match-any vpnconx
match access-group name VPNout
!
!
class-map match-any VIPIM
match access-group name IMSkype
match protocol custom-01
!
!
class-map match-any RDProtocols
match protocol pcanywhere
match protocol custom-02
!
!
class-map match-any onlinegames
match access-group name gaming
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol imap
!
!
no policy-map 7sixQoS
policy-map 7sixQoS
class VIPIM
bandwidth percent 16
set dscp ef
!
class vpnconx
bandwidth percent 32
!
class RDProtocols
bandwidth remaining percent 50
!
class onlinegames
bandwidth remaining percent 70
set dscp ef
!
class WebEmail
bandwidth remaining percent 75
!
class class-default
fair-queue
random-detect
!
!
interface Ethernet0/0
bandwidth 400
ip nbar protocol-discovery
service-policy output 7sixQoS
!
!


Is giving me the error(s):

QuoteAll classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units

I did want to specify actual kbits values for VIPIM and vpnconx but from that error msg I guessed that everything has to be in % or nothing ??

 class VIPIM
 bandwidth percent 16
 set dscp ef
 !
 class vpnconx
 bandwidth percent 32
 !
 class RDProtocols
 bandwidth remaining percent 50
 !
 class onlinegames
 bandwidth remaining percent 70
 set dscp ef
 !
 class WebEmail
 bandwidth remaining percent 75
 !
 class class-default
 fair-queue
 random-detect


You are mixing types - explicit percentage with remaining - you cant do that !

Quote from: NimrodOk; Ive updated to this but I am getting an error that I dont fully understand:

Code Select Expand


! Skype Port(s) Maybe ?
ip nbar port-map custom-01 tcp 39183
ip nbar port-map custom-01 udp 39183
! Windows RDP
ip nbar port-map custom-02 tcp 3389
ip nbar port-map custom-02 udp 3389
! Customised PCAnywhere - Remove 5634 from Gnutella range
ip nbar port-map gnutella tcp 6346 6347 6348 6349 6455
ip nbar port-map pcanywhere tcp 5631 5632 5633 5634 5635 5636 65301
ip nbar port-map pcanywhere udp 22 5631 5632 5633 5634 5635 5636 65301
!
!
ip access-list extended VPNout
permit ip any host 81.149.1.165
permit gre any host 81.149.1.165
!
!
ip access-list extended IMSkype
permit tcp any eq 1863 any
permit udp any eq 1863 any
!
!
ip access-list extended gaming
remark Counter-Strike
permit tcp any any range 27030 27039
permit tcp any any range 27015 27020
permit udp any any range 27000 27015
permit udp any any eq 1200
remark Xbox Live
permit tcp any any eq 3074
permit udp any any eq 3074
permit tcp any any eq 88
!
!
class-map match-any vpnconx
match access-group name VPNout
!
!
class-map match-any VIPIM
match access-group name IMSkype
match protocol custom-01
!
!
class-map match-any RDProtocols
match protocol pcanywhere
match protocol custom-02
!
!
class-map match-any onlinegames
match access-group name gaming
!
!
class-map match-any WebEmail
match protocol http
match protocol secure-http
match protocol smtp
match protocol pop3
match protocol imap
!
!
no policy-map 7sixQoS
policy-map 7sixQoS
class VIPIM
bandwidth percent 16
set dscp ef
!
class vpnconx
bandwidth percent 32
!
class RDProtocols
bandwidth remaining percent 50
!
class onlinegames
bandwidth remaining percent 70
set dscp ef
!
class WebEmail
bandwidth remaining percent 75
!
class class-default
fair-queue
random-detect
!
!
interface Ethernet0/0
bandwidth 400
ip nbar protocol-discovery
service-policy output 7sixQoS
!
!


Is giving me the error(s):

QuoteAll classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units
All classes with bandwidth should have consistent units

I did want to specify actual kbits values for VIPIM and vpnconx but from that error msg I guessed that everything has to be in % or nothing ??

youve two different percents...

your using remaining percent, and percent.

At least thats my guess.

Cheers Mark and spot on Meta

I am an ass-hat

lol didnt even notice mark posting lol