Table of Contents

Getting Started with QPM-PRO

This tutorial helps you learn how to use Provisioned QoS Policy Manager (QPM-PRO) to create and distribute QoS policies and configurations. It is comprised of a series of lessons, each of which steps you through procedures for creating different types of policies and deploying them to the network.

The tutorial contains the following topics and lessons:

• Using Policy Manager
  
  
• Using Distribution Manager
  
  
• Understanding the Tutorial Example Network
  
  
• Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router
  
  
• Lesson 2Coloring Enterprise Resource Planning (ERP) Traffic on a Group of Devices
  
  
• Lesson 3Limiting the Bandwidth Available to FTP Traffic on a Switch
  
  
• Lesson 4Updating the Database after Software Upgrades
  
  
• Lesson 5Using NBAR and Creating Multiple Action Policies
  
  
• Lesson 6Providing QoS for Voice Over IP
  
  
• Lesson 7Configuring Frame Relay Traffic Shaping
  
  

Using Policy Manager

Policy Manager enables you to create and edit QoS policies and configurations. The following topics provide you with the basics for using Policy Manager:

• Starting Policy Manager and Logging Into QPM-PRO
  
  
• Understanding the Main Policy Manager Window
  
  
• Cutting, Copying, and Pasting Policies
  
  
• Changing the Policy Manager Display
  
  
• Saving Your Work
  
  
• Exiting Policy Manager
  
  

---

Note   When working with QPM-PRO Policy Manager, you can click the Help button in any of the windows to access context-sensitive online help.

---

Starting Policy Manager and Logging Into QPM-PRO

Start Policy Manager to create, change, delete, and view your QoS configuration and policies.

Procedure

Step 1   Select Start>Programs>QoS Policy Manager Pro>Policy Manager.

If you are not already logged in, QPM-PRO opens the Logon Information window.

Step 2   Log into QPM-PRO. You must enter a QPM-PRO user name and password according to these requirements:

• Read-write access—If you want to be able to save your changes to the QoS database, you must use a user account defined in the QPM-PRO user group. Unless you changed the group during installation, the group is QPM_Users and is defined on the machine running the QoS Manager service. QPM-PRO creates a default user in this group: QPM_User with no password.
• Read-only access—If you only want to view the QoS database, you can use a user account defined in the QPM-PRO guest group. Unless you changed the group during installation, the group is QPM_Guests and is defined on the machine running the QoS Manager service.

If you enter a correct name and password, Policy Manager starts and automatically opens the last QoS database that was open.

Tips

• The domain for the QPM_User account is the name of the machine running the QoS Manager service.
  
  
• You cannot log into QPM-PRO unless you select a domain name. If the domain list is empty, you must first log into the Windows NT network before starting QPM-PRO.
  
  
• You can also start Policy Manager from Distribution Manager by selecting Tools>Policy Manager.
  
  

Understanding the Main Policy Manager Window

The main Policy Manager window (Figure 3-1) is divided into three panes.

• Tree View—The left pane. This pane displays a hierarchical view of the devices and device groups being managed, and their associated interfaces.
  
  
• List View—The upper right pane. This pane displays the policies defined for the interface, device, or device group selected in the tree view pane, if any.
  
  
• Properties Preview—The lower right pane. This pane displays the properties of a device, interface, or policy selected in the tree or list view panes. You can choose not to display this pane by selecting View>Properties Preview.
  
  

Tree View

The tree view pane (Figure 3-2) shows the devices and device groups being managed in QPM-PRO. The Devices directory contains a separate folder for each device. Most device folders contain a list of interfaces on which you define QoS policies. For some devices, you define policies directly on the device folder.

The Device Groups directory contains the device groups you have defined. Device groups are groups of interfaces that you intend to manage using identical policies. You must treat all interfaces in a device group identically.

The tree view pane is where you start when creating a policy. If the device is not yet defined in the QoS database, you must first define it and add its interfaces. If the device is already defined in the QoS database, you must select the folder (usually an interface) on which you want to define a policy before you can create (or change) the policy.

List View

The list view pane (Figure 3-3) shows the policies that are defined on the interface, device, or device group selected in the tree view.

If you select an interface that belongs to a device group, the list of policies includes those defined on the device group, as well as those defined directly on the interface. You cannot edit or change the order of group policies when viewing them from a member interface. Group policies are always given lower priority than individual interface policies.

The top bar of the list view includes the following items:

• Buttons for moving a policy up or down in the list. Policy placement can be important. When a packet enters the interface, the device software looks for the first policy match, and once it matches a packet to a policy, it does not consider any of the remaining policies (unless the matched policy explicitly indicates that other policies should be analyzed).
  
  
• The name of the folder that is selected in the tree view, that is, the item with which the displayed list of policies is associated.
  
  
• A filter for specifying which policies are displayed in the list. This enables you to choose to display only policies of a certain type, for example, only enabled policies. Filtering out policies does not remove these policies from the database. It only eliminates them from the list, making it easier for you to locate a policy statement if you have defined a large number of policies for an interface.
  
  

Each policy in the list is preceded by an icon that indicates the direction of the policy (inbound or outbound) and its status (enabled or disabled). Table 3-2 describes these icons.

Properties Preview

The properties preview pane displays the properties of the device, device group, interface, or policy selected in the tree or list panes. This can help you determine if you have defined the properties and filter conditions correctly. You can choose not to display the properties preview pane by selecting View>Properties Preview. Repeat this action to redisplay the pane.

Cutting, Copying, and Pasting Policies

You can use the standard Windows cut, copy, and paste functions to manipulate policies in the QPM-PRO list pane.

Procedure

Step 1   Select the policy you want to cut or copy, or the folder in the tree view in which you want to paste the policy.

Step 2   Use these commands from the Edit menu or from the right mouse button popup menu to cut, copy, or paste.

• Cut—Copies the selected policy to the Windows clipboard and removes it from the current folder.
• Copy—Copies the selected policy to the Windows clipboard without removing it from the current folder.
• Paste—Pastes the policy to the selected interface, device, or device group folder. If the selected folder does not support the policy, you will not be able to paste it.

Changing the Policy Manager Display

You can change the main Policy Manager window to display information according to your preferences. Table 3-3 lists the available commands for changing the main Policy Manager window.

Saving Your Work

You must periodically save your changes to the QoS database. However, saving your changes to the database does not apply those changes to the network. You must use Distribution Manager to deploy your new or changed policies to the network.

Procedure

Step 1  
Click the Save button, or select File>Save.

• If the database already has a name, the database is saved.
• If the database does not have a name, QPM-PRO opens the Save Database window. Enter a relevant name and description for the database and click OK.

If the QoS Manager service is not available when you try to save the database, the database is saved to your local disk. Check the machine that is running QoS Manager to ensure it is running properly and try saving the database again.

Tips

• You can change the name of the database by selecting File>Save As.
  
  

Exiting Policy Manager

From the Policy Manager interface, you can close Policy Manager only, or close both Policy Manager and Distribution Manager.

Procedure

Step 1   To close Policy Manager without closing Distribution Manager, select File>Close.

To close both Policy Manager and Distribution Manager, select File>Exit.

Using Distribution Manager

Distribution Manager enables you to deploy policies to network devices. The following topics provide you with the basics for using Distribution Manager:

• Starting Distribution Manager
  
  
• Understanding the Main Distribution Manager Window
  
  
• Changing the Distribution Manager Display
  
  
• Starting Policy Manager from Distribution Manager
  
  
• Exiting Distribution Manager
  
  

---

Note   When working with QPM-PRO Distribution Manager, you can click the Help button in any of the windows to access context-sensitive online help.

---

Starting Distribution Manager

Start Distribution Manager to distribute policies and QoS settings to network devices.

Procedure

Step 1  
Click the Distribution Manager button on the Policy Manager tool bar or select Tools>Distribution Manager in Policy Manager.

Distribution Manager starts.

Tips

• You can also start Distribution Manager by selecting Start>Programs>QoS Policy Manager Pro>Distribution Manager. If you have not already logged into Policy Manager, you must log into Distribution Manager using a name defined in the Windows NT QPM-PRO user group (for viewing and deployment of jobs) or guest group (for viewing only).
  
  

Understanding the Main Distribution Manager Window

The main Distribution Manager window (Figure 3-4) is divided into three panes.

• All Jobs Tree View—The upper left pane displays all jobs that you have created from QoS databases.
  
  
• List View—The upper right pane shows the contents of the job selected in the tree view. If no job is selected, it shows the details of the jobs listed in the tree.
  
  
• Log—The lower pane shows logs for system, job, and device status.
  
  

All Jobs Tree View

The All Jobs Tree View pane (Figure 3-5) shows all the jobs that you have created from QoS databases. Each job is assigned a number, which is the name of the job.

The root of the tree shows the name of the machine that is running the QoS Manager service to which Distribution Manager is connected: localhost means that QoS Manager resides on the same machine as Distribution Manager.

When you select a job in the list, the contents of the job are displayed in the right-hand list view pane. When no job is selected, or when you select the root of the tree, the right-hand list view shows the details for all the jobs listed in the tree.

Related Topics

• Changing the Distribution Manager Display
  
  
• Options Dialog Box
  
  

List View

The list view pane shows the contents of the job selected in the All Jobs Tree View (Figure 3-6). If no job is selected in the tree, the list shows the details for all jobs listed in the tree (Figure 3-7).

Job summaries have the following details:

• Job Name—The name of the job, which is a serial number created by the system.
  
  
• Database Name—The name of the database from which this job was created.
  
  
• Total Devices—The number of devices contained in the job.
  
  
• Written Devices—The number of devices whose configurations were changed when the job was applied to the network.
  
  
• Date/Time—The date and time the job was created.
  
  
• Status—The status of the job. Possible job statuses are described in Table 8-1.
  
  

Job contents have the following details:

• Device—The IP address of a device defined in the job.
  
  
• Date/Time—The date and time the job was created.
  
  
• Status—The status of the device (see Table 8-1).
  
  

Log

The log pane (Figure 3-8) displays logs of event messages.

The pane has two tabs to display three types of logs:

• System Log tab—Shows the system log, which contains messages about general QPM-PRO system events.
  
  
• Job or Device Log tab—Shows the job or device log, depending on what is selected in the tree or list pane.
  
  
• • Job logs contain messages about the events for the selected job, and are only created if you apply the job to the network.
    
    
  • Device logs contain messages about the events for the selected device, and are only created when QPM-PRO starts configuring the device.
    
    

Changing the Distribution Manager Display

You can change the main Distribution Manager window to display information according to your preferences. Table 3-5 lists the available commands for changing the main Distribution Manager window.

Starting Policy Manager from Distribution Manager

If Policy Manager is not running, you can start it from Distribution Manager.

Procedure

Step 1  
Click the Policy Manager button, or select Tools>Policy Manager.

The Policy Manager application starts.

Exiting Distribution Manager

From the Distribution Manager interface, you can close Distribution Manager only, or close both Distribution Manager and Policy Manager.

Before You Begin

Check the Status column to make sure that all distribution activities are complete or have been stopped.

Procedure

Step 1   To close Distribution Manager without closing Policy Manager, select File>Close.

To close both Distribution Manager and Policy Manager, select File>Exit.

Understanding the Tutorial Example Network

This tutorial is based on an example enterprise network that consists of a campus site and several remote sites. Each tutorial lesson applies QPM-PRO techniques and principles to specific segments of this network. In each lesson, a diagram clearly illustrates the relevant network segments, the data path, and the QoS features or policies applied.

Campus Site

The campus site contains the following components:

• FTP/mail, web and application servers, which are the major servers used in the network.
  
  
• A Catalyst 6509 switch (referred to as switch S1), running CatOS version 5.5.
  
  
• Two Cisco 7200 routers (referred to as routers R1 and R4), running IOS version 12.0. Packets from the major servers pass through switch S1 to these routers, and then on to the WAN.
  
  
• A PBX telephone system.
  
  
• A Cisco 3600 router (referred to as router R5), running IOS version 12.1(2)T. This router acts as a gateway, converting voice data from the PBX into IP packets for transmission over the WAN.
  
  

Remote Site (Finance and HR Users)

This remote site contains a Cisco 2500 router (referred to as router R2), running IOS version 12.0. In the scenario for this tutorial, this router connects the organization's Finance and HR users to the WAN. These users primarily require data from the application server and the FTP/Web server on the campus site. The primary path of data from these servers is from router R1 on the campus site to the remote router R2.

Remote Site (Sales Users)

This remote site contains a Cisco2500 router (referred to as router R3), running IOS version 12.0. This router connects the organization's Sales users to the WAN. These users primarily communicate with the application and web servers on the campus site. The primary path of data from these servers to the Sales users is through router R4 on the campus site to the remote router R3.

Remote Site (Voice over IP)

This remote site contains the following components:

• IP phones connected by a LAN.
  
  
• A Catalyst 6000 switch (referred to as switch S2), running CatOS version 6.1.
  
  
• A Cisco 3600 router (referred to as router R6), running IOS version 12.1(2)T. IP packets from the IP phones pass through switch S2 to router R6 and then out to the network.
  
  

Table 3-6 lists the other technical details of the network that you need to know to follow the lessons. Not all interfaces on the devices are listed.

Other interface and device addresses might be used in the lessons.

Lesson 1—Creating and Distributing a Simple Policy for Managing Web Traffic on One Router

In this lesson, you will learn how to add a router to the QoS database and create and deploy a simple policy. The policy in this example sets the IP precedence for web traffic that goes through router R4. See Understanding the Tutorial Example Network, for a description of the example network used in this tutorial. The purpose of this policy is to color the web traffic for the Sales group, because the web server behind R4 hosts a significant application used by Sales, and Sales requires good response from this server.

In order to make a meaningful policy, you must not only color the traffic on the inbound interface to the router (interface Ethernet2/0, which connects the web server to R4), but you must choose a QoS property for the outbound interface Serial3/0 (Figure 3-10). You will implement weighted fair queuing (WFQ). This ensures that the colored traffic receives the appropriate percentage of overall bandwidth.

In this lesson you will learn the following:

• Adding a Device and Interfaces to the Database
  
  
• Creating a New Policy to Color Inbound Traffic
  
  
• Distributing Policies to the Network
  
  

Adding a Device and Interfaces to the Database

This topic describes how to add a router to the database. If you are adding a router on your network, you can automatically detect the interfaces and view their properties. You can also manually add interfaces. You will then configure the QoS property on the interfaces to determine which queueing method will be used.

Before You Begin

If you want to create a policy and deploy it on a router that exists in your network, obtain the IP address of an appropriate router. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

The lesson assumes that you are starting with an empty database.

Procedure

Step 1   Add router R4 to the QoS database.

Step 2   Add the device's interfaces:

Click OK in the New Interface window.

• Repeat this procedure for the Serial3/0 interface.
  
  
• Click OK in the New Device window to return to the tree view.
  
  

Figure 3-13 shows the tree view that now includes router R4.

Step 3   Configure the QoS property on the Serial3/0 interface so that it uses weighted fair queuing (WFQ). You do not need to change the QoS property of the Ethernet2/0 interface because you are only creating a policy for inbound traffic on Ethernet2/0.

Creating a New Policy to Color Inbound Traffic

This topic describes how to create a policy to color traffic on an inbound interface. The purpose of this policy is to give high priority to web traffic passing through router R4's Ethernet2/0 inbound interface.

Procedure

Step 1   Create the policy.

Step 2   Define the policy's filter.

Step 3   Define the policy's coloring action.

Step 4  
Save your definitions and policies to the database.

Distributing Policies to the Network

After you have saved your policies in the QoS database, they must be distributed to the network before they will be implemented.

Note   If you are working with the examples provided in the tutorial and the device is not in your network, you will not be able to deploy your policies.

Procedure

Step 1  
In the Policy Manager, click the Distribution Manager button, or select Tools>Distribution Manager, to start Distribution Manager.

Step 2   In Distribution Manager, select Devices>Create Job to create a distribution job from the Tutorial database.

QPM-PRO opens the Create Job window.

Step 3   Select the Tutorial database and click OK.

QPM-PRO creates a distribution job based on the policy definitions in the selected database. The job consists of the commands required to reconfigure the devices to implement your policies. Only the changes made since you last distributed the database are included in the job.

Step 4   Select the job you just created in the tree view.

When you select the job, QPM-PRO displays the contents of the job in the list view. The list view shows the devices whose configurations will be changed by the job. If you double-click the device name in the list view, QPM-PRO displays the commands that will be sent to the device when you apply the job (the device must be available on the network).

Figure 3-18 shows the job selected in the Distribution Manager window.

Step 5  
Click the Apply Job button, or select Devices>Apply.

QPM-PRO starts applying the changes defined in the job to the network devices. You can view the job results in the logs displayed in the Log pane at the bottom of the window.

Related Topics

• Working with Devices
  
  
• Understanding Policies
  
  
• Understanding Policy Distribution
  
  

Lesson 2—Coloring Enterprise Resource Planning (ERP) Traffic on a Group of Devices

In this lesson, you will learn how to treat a set of device interfaces as a group, and create and deploy a simple coloring policy across the members of that group. The policy in this example will set the IP precedence for Enterprise Resource Planning (ERP) traffic that goes through routers R1 and R4 (see Figure 3-9 for the overall network diagram).

In order to make a meaningful policy, you must not only color the traffic on the incoming interfaces to these routers (the Ethernet2/0 interfaces, which connect the ERP server to R1 and R4), but you must choose a QoS property for the outbound Serial3/0 interfaces (Figure 3-19). You will implement weighted fair queuing (WFQ) on the outbound interfaces. This ensures that the colored traffic receives the appropriate percentage of overall bandwidth.

In this lesson you will learn the following:

• Creating Device Groups
  
  
• Creating a Policy on a Device Group
  
  

Before You Begin

If you want to create a policy and deploy it on a device that exists in your network, obtain the IP address of an appropriate device. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

This lesson assumes that you have completed the steps in Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router.

Creating Device Groups

Device groups allow you to treat selected interfaces or subinterfaces as a single unit, so that you can easily apply common policies or QoS settings to the group.

This topic describes how to add a router (router R1) and create two device groups, one combining the inbound interfaces of routers R1 and R4, and the other combining the outbound interfaces of the routers.

Procedure

Step 1   Add router R1 to the QoS database.

Step 2   Add the device's interfaces.

Step 3   Create a device group for the Serial3/0 interfaces on routers R1 and R4, and set the QoS property for the device group to WFQ.

Step 4   Create a device group for the Ethernet2/0 interfaces on routers R1 and R4.

Figure 3-22 shows the tree view with the completed device group entries.

Creating a Policy on a Device Group

A policy that is created on a device group is applied to all the interfaces belonging to the group. This avoids the need to create individual policies for each interface.

In this lesson, you will create a policy on the EdgeGroupInbound group to color ERP traffic.

Step 1   Create the policy.

Step 2   Define the policy's filter.

Step 3   Define the policy's coloring action.

Step 4  
Click the Save button, or select File>Save, to save the policy in the database. Because you used a host name for the ERP server, QPM-PRO asks if you would like the host name resolved to its IP address. Policies can be distributed to the device only if the host names are converted to IP addresses. Click Yes to have QPM-PRO resolve the host name. (Click No if you are following along in this lesson without using actual host names that exist in your network.)

Step 5   Distribute the policy to the network, following the procedure described in Distributing Policies to the Network.

Related Topics

• Working with Device Groups
  
  

Lesson 3—Limiting the Bandwidth Available to FTP Traffic on a Switch

In this lesson, you will learn how to limit the bandwidth that is available to a specific application. The policy in this example will limit FTP traffic passing through switch S1 to a specified bandwidth (see Figure 3-9 for the overall network diagram). FTP traffic that exceeds this bandwidth will be discarded. The purpose of this policy is to prevent FTP traffic from flooding the network and thus reducing the performance of the more important applications on the network.

You will define an application service alias for FTP traffic from the central site, and use the alias to set the limit for FTP traffic to 1024 Kbps (Figure 3-23).

In this lesson you will learn the following:

• Adding a Switch and Its Interfaces to the Database
  
  
• Creating an Application Service Alias
  
  
• Creating a Limiting Policy on the Switch
  
  
• Verifying Device Configuration and Distributing to the Network
  
  

Before You Begin

In order to create and deploy the policy in this lesson, you must have a switch configured with a VLAN in your network. If you have one, use its IP address for the example.

Otherwise, you can use the example IP addresses and values provided in this lesson, so that you can follow the steps without affecting your network.

This lesson assumes that you have completed the steps in the previous lessons.

Adding a Switch and Its Interfaces to the Database

Since you will be defining a limiting policy on the S1 switch, you first need to add the switch and its interfaces to the database. Switch S1 is a Cat6000 switch running CatOS version 5.5.

In this example, a VLAN has been configured on switch S1. The VLAN includes several of the switch's interfaces. The limiting policy will be defined on this VLAN, therefore, you do not have to define the policy on each interface individually. However, in order to ensure that the policy is applied to all the interfaces that belong to the VLAN, you must add each interface to the database and define the QoS style as VLAN-based (as opposed to port-based).

Procedure

Step 1   Add the switch S1 and its interfaces to the QoS database.

Step 2   Add the device's interfaces.

Creating an Application Service Alias

An application service alias can be defined when you want to identify a particular type of network traffic source from a host or subnet. You can use application service aliases to simplify the writing of your policies, because you can write a policy for the application service instead of one for each host.

In this example, you will create an application service alias for FTP traffic. The filter in your limiting policy will be based on this application alias.

Procedure

Step 1   Create an application service alias for FTP traffic.

Creating a Limiting Policy on the Switch

This topic shows how to create a policy on VLAN20 on switch S1 to limit the bandwidth available to FTP traffic.

Procedure

Step 1   Create the policy.

Step 2   Define the policy's filter. The aim is to identify all FTP traffic coming from the Central Services FTP Server.

Step 3   Define the policy's limiting action, which limits the bandwidth available to the specified application.

Step 4  
Click the Save button, or select File>Save, to save the policy in the database.

Verifying Device Configuration and Distributing to the Network

QPM-PRO enables you to verify whether the configuration of the devices in your network is different to what was defined for the devices in your QPM-PRO database. You can use this feature to check if any changes have been made to any of your network devices.

After this validation process, you can distribute policies to the network as usual.

Procedure

Step 1   Create a job in Distribution Manager.

Step 2   Check the device configuration.

Step 3   Apply the job.

Related Topics

• Working with Device Interfaces and VLANS
  
  
• Uploading Device QoS Configurations
  
  
• Working with Application Services Aliases
  
  
• Understanding Policies
  
  

Lesson 4—Updating the Database after Software Upgrades

In this lesson, you will learn how to update the QoS database to recognize that you have upgraded the software on a device.

QPM-PRO uses the device IOS version number to load device capabilities to the database. All sub-versions of a certain version are mapped to the major version, unless QPM-PRO explicitly supports the minor version. New minor versions are mapped to the last supported minor version. For example, version 12.1(5)T would be mapped to version 12.1(2)T. QPM-PRO provides you with the option of manually changing the mapped version number if you require the QoS features of a different version.

In most cases, your QoS configuration and policies remain unchanged after a software upgrade. However, in certain cases, QPM-PRO changes the implementation of policies to take advantage of the features of a new software release (without changing the meaning of your policies). Table 3-7 explains the changes that are made for some software upgrades.

Upgrading the device software does not affect any device groups to which the device's interfaces belong. You must recreate the device groups if you want them to be restricted to the updated software version.

In this lesson, you will learn the following:

• Updating the QoS Database with New Software Version Information.
  
  
• Recreating Device Groups for the New Software Version.
  
  

Before You Begin

This lesson assumes that you have completed the steps in the previous lessons.

Updating the QoS Database with New Software Version Information

For the purpose of this lesson, assume that you have upgraded the IOS software version on routers R1 and R4 from version 12.0 to version 12.1(2)E.

Procedure

Step 1   Start QPM-PRO and open the Tutorial database.

Step 2   Change the device properties for router R1:

QPM-PRO queries the router and updates the software version number and device model, and makes policy conversions if required.

(If you are not using a real device, instead of clicking Verify Device Info, select 12.1(2)E in the Mapped Software Version field.)

---

Note   The detected software version is displayed in the Software Version field. If this version is not supported, QPM-PRO maps to the most recent, most similar supported version, which is displayed in the Mapped Software Version field. You can manually select a different software version in this field if you require its specific capabilities.

---

Step 3   Use the same procedure to change the software version for router R4 (10.4.4.4) to 12.1(2)E.

Recreating Device Groups for the New Software Version

At this point, you have updated the software versions on the devices. However, this change has not affected the definitions of the EdgeGroupInbound and EdgeGroupOutbound device groups, even though these device groups contain only members from the R1 and R4 routers. To take advantage of IOS software version 12.1(2)E QoS features, you must recreate these device groups as IOS software version 12.1(2)E device groups.

To avoid having to recreate the existing policies in the device groups, you can copy them over to a new device group, then delete the old device group, and then rename the new device group.

Procedure

Step 1   Create a new device group with software version 12.1(2)E:

Step 2   Copy the ERPTraffic policy from the EdgeGroupInbound device group to the new device group:

Step 3   Remove the devices from the EdgeGroupInbound device group and delete the device group.

Step 4   Add devices to the new egi device group and rename the device group.

Step 5   Change the EdgeGroupOutbound device group to an IOS software version 12.1(2)E device group. Since there are no policies defined on this device group, you only need to remove the members from the device group, change the software version and then add the members back into the device group.

Step 6  
Click the Save button, or select File>Save, to save your changes.

Step 7   Distribute your policy to the network, following the procedure described in Distributing Policies to the Network.

Related Topics

• Working with Device Groups
  
  
• How Device Software Upgrades Affect Device Groups
  
  

Lesson 5—Using NBAR and Creating Multiple Action Policies

In this lesson you will learn how to create a multiple-action policy to police and color specific traffic generated from a network-based application, using Network Based Application Recognition (NBAR) to identify the application. Refer to Using Network Based Application Recognition (NBAR) with CBWFQ.

The policy will apply the following actions to MIME type web traffic, specifically JPEG files, passing from a specific host through router R4 and out to the WAN (see Figure 3-9 for the overall network diagram):

• Queuing—Ensures that the specified traffic receives a minimum percentage of the total bandwidth during times of congestion.
  
  
• Limiting—Discards traffic that exceeds a specific rate, ensuring that the traffic does not use more than its defined minimum bandwidth.
  
  
• Coloring—Gives high IP precedence to the specified web traffic.
  
  

QPM-PRO uses modular CLI to implement this policy. Modular CLI separates traffic into classes and defines properties for each class.

Note   The policy in this lesson can be created only if your IOS software version supports modular CLI and NBAR.

In order to enable the options that will allow you to define the example policy, you will choose Class Based QoS in the QoS Property field for the outbound (Serial3/0) interface on router R4.

In this lesson you will learn the following:

• Changing the QoS Property on an Interface
  
  
• Creating a Multiple-Action Policy with NBAR Filtering
  
  

Before You Begin

This lesson assumes that you have completed the steps in the previous lessons.

If you are using actual devices in your network, make sure that the IOS version is 12.1(2)E or above.

If you want to create a policy and deploy it on a device that exists in your network, obtain the IP address of an appropriate device. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

Changing the QoS Property on an Interface

The first step in this lesson is to define the QoS property on Serial3/0 on router R4 as Class Based QoS. This will enable you to use NBAR properties as a filter during policy definition.

Before you can do this, you need to remove the outbound interface (Serial3/0 on router R4 from the device group to which it belongs (EdgeGroupOutbound), so that you can change its QoS property.

Procedure

Step 1   Remove R4's S3/0 interface from the EdgeGroupOutbound device group.

Step 2   Change the QoS property on the outbound interface (Serial3/0 on router R4) to Class Based QoS.

Creating a Multiple-Action Policy with NBAR Filtering

QPM-PRO provides the capability to create multiple-action policies, if the IOS software version running on your device supports modular CLI. For this example, you will create a policy on the outbound interface (Serial3/0 on router R4) that performs three actions on the traffic that matches the filter (web traffic of MIME type from www.cisco.com):

• Queuing—creates a queue for the specified class of traffic, which is ensured a minimum percentage of the total bandwidth.
  
  
• Limiting—defines an upper limit for the bandwidth allocated to the traffic and lowers the precedence of traffic that exceeds this limit.
  
  
• Coloring—assigns high IP precedence to the specified traffic.
  
  

Procedure

Step 1   Create the policy.

Step 2   Define the policy's filter.

Step 3   Define the policy's queuing action, which ensures that the specified traffic receives a minimum percentage of the total bandwidth during times of congestion.

Step 4   Define the policy's coloring action, which provides the specified traffic with high IP precedence.

Step 5   Define the policy's limiting action, which lowers the priority of the traffic if it exceeds a specific rate. This ensures that the specified traffic does not use more than its defined minimum bandwidth.

Step 6  
Click the Save button, or select File>Save, to save the policy in the database.

Step 7   Distribute your policy to the network, as described in Distributing Policies to the Network.

Lesson 6—Providing QoS for Voice Over IP

In this lesson, you will learn how to enable QoS features on router interfaces and create policies that will provide the highest priority for delay and jitter sensitive, real-time Voice over IP (VoIP) traffic.

To achieve this, you will define the following QoS features on the router interfaces:

• Frame Relay Traffic Shaping (FRTS)—Minimizes packet loss by throttling back packets as they are forwarded into the Frame Relay cloud, based on congestion indicators.
  
  
• Compressed RTP (CRTP)—Reduces unnecessary bandwidth consumption by compressing header size from 40 bytes to 5 bytes. The benefits of using cRTP for voice are apparent when considering that the payload for a VoIP packet is only 20 bytes.
  
  
• Frame Relay Fragmentation (FRF.12)—Ensures that voice packets are not blocked behind large data packets (such as file transfers) by fragmenting these large packets and interleaving voice packets between the fragments.
  
  

In addition, you will create a policy that specifies that VoIP traffic be placed in a priority queue for priority treatment with a minimum bandwidth allocation. The following queuing mechanism is used:

• Low Latency Queuing (LLQ)—Allows delay-sensitive data such as voice to be de-queued and sent first (before packets in other queues are de-queued), giving delay-sensitive data preferential treatment over other traffic. The relatively small size of voice packets makes it possible to use a strict priority queue for voice without degrading network quality for the remaining traffic.
  
  

Understanding the Example Network Scenario for VoIP

The VoIP scenario includes the following components (Figure 3-36):

• The campus site includes a PBX that sends voice data to a Cisco 3600 router running IOS version 12.1(2)T. The router converts the analog or digital data into IP packets for transmission over a Frame Relay network to the remote site, thus acting as a voice gateway.
  
  

Router R5's inbound interface (FXO VIC 1/0/0) is a voice dedicated interface. Its outbound interface (S1/0) is a serial interface with Frame Relay encapsulation. All QoS features and policies are defined on this outbound interface.

• The remote site includes several IP phones on a LAN, connected via a Cat6K switch (Switch S2) to router R6, which is also a Cisco 3600 router. IP packets from the IP phones enter the switch via a VLAN that has been configured on the switch. In this lesson, you will define 1P2Q2T queuing on Switch S2's VLAN, thus creating an IP precedence sensitive priority queue for VoIP traffic coming from the IP phones. You will then define a policy on the VLAN to color VoIP traffic with IP precedence 5, so that it will automatically be placed in the priority queue.
  
  

In addition, you will provide VoIP traffic passing through router R5 on the campus site and router R6 on the remote site, with quality of service and highest priority. You will do this by defining QoS features on the outbound interfaces of both routers, as well as creating a policy to define a priority queue with a minimum bandwidth allocation for the VoIP traffic. You will include the outbound interfaces in a device group so that you can apply the QoS features and the policy to both interfaces at the same time.

In this lesson you will learn the following:

• Adding Devices and Interfaces to the Database
  
  
• Defining QoS Features on a Device Group
  
  
• Creating a Policy to Define a Priority Queue for VoIP traffic
  
  
• Creating a Priority Queue Reserved for IP Precedence 5 Traffic on the Switch
  
  
• Creating a Policy on the Switch to Color VoIP Traffic
  
  

Before You Begin

If you want to create a policy and deploy it on a device that exists in your network, obtain the IP address of an appropriate device. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

This lesson assumes that you have completed the steps in the previous lessons.

Adding Devices and Interfaces to the Database

The first step in this lesson is to add routers R5 and R6 and their interfaces, and switch S2 and its interfaces, to the database.

Procedure

Step 1   Add router R5 to the database.

Step 2   Add the device's interfaces.

Figure 3-38 shows the tree view that now includes router R5.

Add router R6 and its E2/0 and S1/0 interfaces to the database, following the procedures in Steps 1 and 2 above.

Step 3   Add switch S2 to the database. If you are working offline, the example switch S2 has an IP address of 10.8.8.8, the community string is public, and both passwords are test.

Step 4   Add switch S2's interfaces to the database. See Adding a Switch and Its Interfaces to the Database, for procedures.

• If you are working with an online device, add an Ethernet interface, a VLAN, and the VLAN ports for which you want to configure QoS, to the database.
• If you are working offline, add switch S2's interfaces manually. Define an interface called VLAN20, as well as some fictitious ports belonging to VLAN 20. See Table 3-6 for details about VLAN20.

---

Note   QPM-PRO supports both port-based and VLAN-based QoS. When working with VLANs, you must make sure that the physical interfaces on the VLAN to which you want your QoS definitions to apply, have VLAN-based QoS style defined. You can do this by accessing the properties of each interface and specifying VLAN Based in the QoS Style field.

---

Defining QoS Features on a Device Group

Since VoIP signals from both the campus site and the remote site require high priority and QoS, you will create a device group that includes the outbound interfaces of the edge router on both sides (routers R5 and R6). You will then define QoS features and policies on the device group. This precludes having to repeat the same procedure on each router individually.

You will define the QoS property, Class Based QoS, on the device group. This QoS property includes CBWFQ and enables you to define other QoS features on the device group for managing voice (and any other real-time traffic), including FRTS, cRTP and bandwidth for voice configuration.

Procedure

Step 1   Create the Device Group.

Step 2   Define Frame Relay Traffic Shaping (FRTS) parameters (Figure 3-40).

Step 3   Enable IP RTP header compression to help reduce delay for VoIP traffic.

Step 4   Configure the bandwidth and fragmentation for Voice over Frame Relay (Figure 3-41).

Creating a Policy to Define a Priority Queue for VoIP traffic

This topic describes how to create a policy that specifies a range of RTP ports whose traffic is guaranteed strict priority service over any other queues or classes using the same outbound interface. You will create the policy on the VoiceGroup device group you just created, so that it will be applied to the outbound interfaces of both R5 and R6.

Procedure

Step 1   Create the policy.

Step 2   Define the policy's filter. Since VoIP traffic uses RTP ports, you will specify a range of ports as your filter.

Step 3   Define the policy's queuing action, which creates a priority queue for the VoIP traffic, ensuring that it will be transmitted before any other queued traffic and that it will be given a minimum bandwidth allocation.

Step 4   Define the policy's coloring action, which gives high IP precedence to the VoIP traffic.

Step 5  
Click the Save button, or select File>Save, to save the policy in the database.

Step 6   Distribute your policy to the network, following the procedure described in Distributing Policies to the Network.

Creating a Priority Queue Reserved for IP Precedence 5 Traffic on the Switch

This topic describes how to specify that the strict priority queue provided by 1P2Q2T queuing on switch S2's VLAN, is reserved for traffic with IP Precedence 5. The next step will be to color VoIP traffic with IP Precedence 5 so that it will be placed in this priority queue.

Procedure

Step 1   Right-click on Switch S2 (10.8.8.8) in the tree view pane and select Device Properties.

QPM-PRO opens the Device Properties window.

Step 2   Click QoS Property.

QPM-PRO opens the Properties of CatOS Queuing window, with the 1P2Q2T tab displayed. The window contains a table in which you can map a specific IP precedence to a queue.

Step 3   In the table, select Critical (5) for Queue 3, which is the priority queue (Figure 3-43).

Step 4   Click OK.

Step 5   Click OK in the Device Properties window.

Creating a Policy on the Switch to Color VoIP Traffic

This topic describes how to create a policy on Switch S2's inbound VLAN20 to color VoIP traffic from the IP phones with high IP precedence.

Procedure

Step 1   Create the policy.

Step 2   Define the policy's filter.

Step 3   Define the policy's coloring action.

Step 4  
Save your definitions and policies to the database.

Related Topics

• Using Network Based Application Recognition (NBAR) with CBWFQ
  
  
• CBWFQ with Modular CLI
  
  
• Understanding Policies
  
  

Lesson 7—Configuring Frame Relay Traffic Shaping

In this lesson, you will learn how to configure Frame Relay traffic shaping (FRTS) on Cisco routers. FRTS is frequently used to throttle traffic to the rate agreed upon with your WAN service provider, particularly if the destination link is running at a lower bandwidth than the source link.

For example, you might have a T1 line running at 1544 Kbps, but your service provider is committing to provide only 512 Kbps, and the destination of your traffic is a link running lower bandwidth than 1544 Kbps. By throttling the traffic rate at the source, you ensure that the traffic does not overwhelm the WAN link, resulting in dropped packets and increased delay. With FRTS, you can control the rate and smooth the traffic flow.

This example uses a different network setup than used in previous lessons. Figure 3-45 shows three routers connected over a Frame Relay cloud. All links are T1 Frame Relay lines. The Main router uses subinterfaces to enable routing between the two remote offices, Remote1 and Remote2. Most WAN traffic originates from the main office, so you will implement FRTS on the subinterfaces on the Main router. The service provider has committed to 512 Kbps for the Main-Remote1 link, and 256 Kbps for the Main-Remote2 link. There is no rate commitment for the interfaces on the remote links.

In this lesson, you will learn the following:

• Implementing FRTS on Frame Relay interfaces and subinterfaces
  
  

Before You Begin

If you want to create a policy and deploy it on a device that exists in your network, obtain the IP address of an appropriate device. Otherwise, you can use the IP addresses in this lesson so that you can follow these steps without affecting your network.

This lesson assumes that you have completed the steps in Lesson 6Providing QoS for Voice Over IP. Although you will not use the same network setup, you should already be familiar with adding devices and interfaces to the QoS database.

Procedure

Step 1   Add the Main router to the database, using 10.10.10.11 for the device name. See Lesson 1Creating and Distributing a Simple Policy for Managing Web Traffic on One Router, for the steps for adding devices to the databases, if you are not familiar with the procedure.

Table 3-8 lists the device details for this example. Because Remote1 and Remote2 links do not have a committed information rate, you are not enabling FRTS or other QoS capabilities on these routers in this example. Therefore, you only need to add Main, its Serial3/0 interface, and its subinterfaces to the database.

Step 2   Enable FRTS on the Main router's Serial3/0 interface. You must enable FRTS on an interface in order to configure FRTS on the interface's subinterfaces:

Step 3   Enable FRTS on the Main router's Serial3/0.1 interface:

Step 4   Use the same procedure to enable FRTS on the Serial3/0.2 interface, making the following interface selections:

• FIFO for QoS Property
• 256 for Rate
• Adaptive Shaping

Step 5  
Click the Save button, or select File>Save, to save your changes.

Step 6   Distribute your settings to the network, as described in Distributing Policies to the Network.

Related Topics

• Frame Relay Traffic Shaping (FRTS)Controlling Traffic on Frame Relay Interfaces and Subinterfaces