From: Mohamed T. Kondela (mtaib@sagia.gov.sa)
Date: Sun Feb 25 2007 - 15:50:06 ART
Dear Group,
I do have this little bit confused QOS Question (real case), my access
list reads as follows:
ip access-list extended VOICE
 permit udp any any range 16384 32767
 permit udp any any dscp ef
 permit udp any any precedence critical
ip access-list extended BR1-VOICE
 permit ip any 10.10.1.0 0.0.1.255 
ip access-list extended BR2-VOICE
 permit ip any 10.20.1.0 0.0.1.255 
ip access-list extended VOICE-SIGNAL
 permit tcp any eq 1719 any
 permit tcp any any eq 1719
 permit tcp any eq 1720 any
 permit tcp any any eq 1720
 permit tcp any range 2000 2002 any
 permit tcp any any range 2000 2002
 permit tcp any range 8001 8002 any
 permit tcp any any range 8001 8002
 permit tcp any range 2427 2428 any
 permit tcp any any range 2427 2428
 permit tcp any eq 5060 any
 permit tcp any any eq 5060
 permit udp any eq 5060 any
 permit udp any any eq 5060
ip access-list extended HOST-PRIORITY
 permit ip host 10.8.0.19 any
My out going interface is a serial interface (ppp) connected to
providers IP-VPN network. Remote sites are 512kb each and the local site
is 2mb (for whatever reason). SO there is an issue of over-burst from
local to remote sites. My goals are as follows (I will through the
config, please correct me if there is correction or enhancements
required):
Goal 1:
LLQ 112kb for Voice (RTP) towards both BR1 and BR2, so my class-map
reads as below:
class-map match-any VOICE-BR1
 match access-group name VOICE
 match access-group name BR1-VOICE
class-map match-any VOICE-BR2
 match access-group name VOICE
 match access-group name BR1-VOICE
Yes.. All IP phones are in 10.x.1.0 subnet in remote sites.  (The
complete Policy-map is added in the last portion of this mail)
Goal 2 :
Minimum Guarantee 12kb for voice-Signaling.  Here is the class map:
 class-map match-all VOICE-SIGNAL
 match access-group name VOICE-SIGNAL
Goal 3 :
Police the traffic 392kb to each Branch (so this means 392 x 2, since
there are two branches connected to the same link). Again inside this
each 392kb policing, I need to prioritize 256kb traffic from ACL
"HOST-PRIORITY" .   Then after this 392 x 2 policing + prioritizing of
Intra-police traffic,  the rest of remote sites aggregated speed will be
left for FIFO class-default.
End-0f-the day, out of 2 mb, I am trying to allocated 512 kb to each
remote site (1 mb total) .  From each 512 allocation, I need to QOS as
mentioned above. i.e.  LLQ for VOICE, Bandwidth Reservation for
VOICE-SIGNAL, Policing for rest of the traffic, but within the policing
I need priority for HOST-PRIORITY.  Again all these need to be done on a
single ppp serial interface outbound..   Any work around, FRTS do has a
solution but unfortunately I am connecting to IP-VPN world.
My Goal 3 class-map as follows:
class-map match-all REST_4_POLICE
 match  any
Here is the actual Policy-map :
policy-map QOS-to-BRANCHES
 class VOICE-BR1
   priority 112
 class VOICE-BR2
   priority 112
 class VOICE-SIGNAL
  bandwidth 12
 class REST_4_POLICE
  police cir 784000
    exceed-action drop
*********and  I am stuck over here,  I cannot do nested policy,  since
nested policy allows only shaping to default-class,  what can be other
work-around..?
Regards
Mohamed T. Kondela
Senior Network Engineer
IT Dept.
Fax: 4473037 x 303
mtaib@sagia.gov.sa
Saudi Arabian General Investment Authority 
--------------------------------------------------------
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.
--------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART