QoS Bandwidth Guaranteed Exceeds Interface Capacity
Presenting Symptom
Voice traffic experiences jitter and packet loss during peak hours, and call quality degrades despite QoS policies being configured.
Network Context
A medium-sized enterprise campus network with a Cisco 4321 ISR router at the branch office connected to the HQ via a 10 Mbps WAN link. The router runs IOS XE 16.9. QoS policies are applied on the WAN interface to prioritize voice and video traffic. The branch has 200 users, and the WAN link is often near saturation during business hours.
Diagnostic Steps
Check interface bandwidth and utilization
show interfaces GigabitEthernet0/0/0GigabitEthernet0/0/0 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is aaaa.bbbb.cccc (bia aaaa.bbbb.cccc)
MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
reliability 255/255, txload 1/1, rxload 1/1
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
...
5 minute input rate 9000 kbps, 1200 packets/sec
5 minute output rate 9500 kbps, 1300 packets/secLook at the 'BW' value (bandwidth) and the 5-minute input/output rates. If the output rate is close to or exceeds the BW, the interface is congested. Here, BW is 10000 Kbit/sec and output rate is 9500 kbps, indicating high utilization.
Verify QoS policy applied on the interface
show policy-map interface GigabitEthernet0/0/0GigabitEthernet0/0/0
Service-policy output: QOS-POLICY-OUT
Class-map: VOICE (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef (46)
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 1000 kbps (30%)
Class-map: VIDEO (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp af41 (34)
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 2000 kbps (60%)
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth 1000 kbps (30%)Check the bandwidth allocated to each class. The sum of bandwidths for all classes should not exceed the interface bandwidth. Here, VOICE gets 1000 kbps, VIDEO gets 2000 kbps, and class-default gets 1000 kbps, totaling 4000 kbps. But the interface bandwidth is 10000 kbps, so it seems under-subscribed. However, note that the 'bandwidth' command in a policy-map is a guaranteed minimum, not a maximum. If the sum of guaranteed bandwidths exceeds the interface bandwidth, the policy is invalid and may cause unexpected drops.
Check for QoS policy errors or warnings
show policy-map interface GigabitEthernet0/0/0 | include bandwidth|queue|drop bandwidth 1000 kbps (30%)
bandwidth 2000 kbps (60%)
bandwidth 1000 kbps (30%)The percentages shown are relative to the interface bandwidth. Here, 30% + 60% + 30% = 120%, which exceeds 100%. This indicates the sum of bandwidth guarantees exceeds the interface capacity, causing the router to not enforce the policy correctly and leading to drops during congestion.
Check queue statistics for drops
show queueing interface GigabitEthernet0/0/0Interface GigabitEthernet0/0/0 queueing strategy: Class-based queueing
Queueing statistics:
Class VOICE:
Output queue: enqueue 1000, drops 0
Class VIDEO:
Output queue: enqueue 2000, drops 100
Class class-default:
Output queue: enqueue 5000, drops 500Look for drops in any class. Even if the sum of bandwidths exceeds interface capacity, the router may still attempt to shape but drops can occur in the default class or others. Here, VIDEO and class-default have drops, indicating congestion and possible misconfiguration.
Root Cause
The QoS policy configured on the WAN interface has bandwidth guarantees that sum to more than 100% of the interface bandwidth. The 'bandwidth' command in a policy-map allocates a minimum guaranteed bandwidth, and the sum of all class bandwidths must not exceed the interface bandwidth. When the sum exceeds 100%, the router cannot guarantee the minimums and may drop traffic arbitrarily, especially during congestion.
Resolution
Verification
1. Run 'show policy-map interface GigabitEthernet0/0/0' and verify that the bandwidth percentages sum to 100% or less. 2. Run 'show queueing interface GigabitEthernet0/0/0' and confirm no drops in voice and video classes. 3. Monitor voice quality during peak hours to confirm jitter and packet loss are resolved.
Prevention
1. Always ensure the sum of bandwidth guarantees in a policy-map does not exceed the interface bandwidth. Use percentages to simplify calculations. 2. Use 'bandwidth remaining percent' for class-default to allocate remaining bandwidth dynamically. 3. Regularly audit QoS policies with 'show policy-map interface' to catch over-subscription.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests understanding of QoS bandwidth allocation and the constraint that total guaranteed bandwidth cannot exceed interface capacity. Expect multiple-choice questions asking to identify misconfigurations or troubleshoot QoS issues. Key fact: The 'bandwidth' command in a policy-map allocates a minimum guaranteed rate, and the sum of all class bandwidths must be <= interface bandwidth.
Exam Tips
Remember that the sum of bandwidth percentages in a policy-map must be <= 100%.
Be careful: 'bandwidth' is a minimum guarantee, not a maximum; 'police' sets a maximum.
Know that 'show policy-map interface' displays the bandwidth allocation and any drops.
Commands Used in This Scenario
show interfaces
Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.
show policy-map interface
Displays the current QoS policy applied to an interface, including per-class statistics such as packets matched, bytes, and actions taken, used to verify and troubleshoot QoS configurations.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions