All in all, it's not a pretty picture. But version 2.0 of Cisco Systems' Provisioned QoS Policy Manager, or QPM-Pro, offers some new features guaranteed to make network administrators happy campers. From comprehensive support of IOS devices to automatic management and deployment of QoS (Quality of Service) policies to integration with CiscoWorks 2000, QPM-Pro 2.0 is a great tool to keep QoS policies shipshape without a ton of finger-breaking work.
Comprising the Policy Manager and Distribution Manager, QPM-Pro provides distributed policy management and a centralized distribution. The product comes through with enhanced support for IOS devices and eases the implementation of both low-latency queuing and congestion-management queuing. Security has been improved, and QPM-Pro now includes access control among its admission-control features. In addition, automatic upload of device configuration assists in migrating QoS policy-management data from spreadsheets.
Setting Up
QPM-Pro installs effortlessly. The Policy Manager runs on Microsoft Windows 9x, Windows NT 4.0 and Windows 2000, but the Distribution Manager is available only on Windows NT 4.0 and Windows 2000. During the installation, managers are given the option to perform a complete install, which loads both the Distribution Manager and the Policy Manager on the same machine, or a remote install, which loads only the Policy Manager. The remote install calls for minimal configuration, requiring administrators to supply the IP address of the Distribution Manager to deploy QoS policies.
I tested QPM-Pro in our partner lab at Schneider National in Green Bay, Wis., and chose to perform a complete install. During installation of the Distribution Manager, you'll need to answer a few questions regarding user groups. Two user groups are required: one with access to both read and write policies and another that is permitted only to read policies, much like SNMP read and write community strings.
Once the install was complete, I launched QPM-Pro and logged in. Security is provided based on Windows NT credentials, and domain accounts may be used. The user interface is fresh--a tree-based view of all configured devices is provided for easy navigation. Of course, devices must first be added to the system.
Happily, adding devices is a painless process. QPM-Pro uses SNMP queries to retrieve information, requiring only the device's IP address and proper authentication to retrieve the current configuration. Shops running CiscoWorks 2000 should take advantage of the import feature, while managers who must add devices manually will want to retrieve any existing QoS policies. One of the new features in QPM-Pro is the ability to upload existing policies with the click of a mouse.
During the course of adding devices to QPM-Pro, I tried this feature and found that it works likes a charm. However, administrators will need to know the exact firmware version running on each device. Because determining the versions of the devices on a corporate-class network can be a painful process, it would be beneficial if the product could gather that information on its own. Even so, the ability to read existing policies once the necessary information is entered is still a plus.
Stop 'Bandwidth Sucking'
My test setup emulated a corporate campus with a single 128-Kbps WAN connection via a Catalyst 6000 to a remote campus. One of the first new features I tested in QPM-Pro was its ability to define access control lists. A single machine residing in the remote campus was accessing a Web site located in the corporate campus. The Web page was set up to continually reload itself. While the machine was performing this action, I selected the serial interface on the WAN router and added a simple "deny traffic to this IP address" policy.
I saved the QoS policy in the database and launched the Distribution Manager via a menu option in the Policy Manager. From there, a single click applied the QoS policy by distributing it to all devices being managed. Once the display indicated that the policy had been distributed, I checked the remote machine and found that it had stopped loading the Web page midway through the process. I hit "reload" and noted that I could no longer access the site.
I was delighted with how easy distributing policies was--a single click is all it takes. And, in case a policy is distributed in error, a click of a button rolls back the changes. But beware--this undo feature is a bit quirky. After more than one policy has been deployed, it's difficult to determine from the user interface what state, exactly, a network will be rolled back to. More than once I found it necessary to verify changes directly on the device via the command-line interface.
QoS by Application
In addition to the new congestion management implementations and 1P2Q2T (one priority queue and two weighted queues with two thresholds), QPM-Pro offers the ability to provision service levels via NBAR (Network-Based Application Recognition) coloring and rate limiting.
For those who need even greater granularity in coloring traffic, DiffServ (Differentiated Services) QPM-Pro 2.0 supports code-point values. Another cool new feature is the product's ability to manage and deploy QoS policies by VLAN (virtual LAN).
One of the most arduous tasks during deployment of QoS policies is entering commands over and over for each interface on a group of devices. Using the device group feature, I created a group for our WAN connection and let QPM-Pro handle the rest. Any policy set on the group was automatically propagated over all the devices and interfaces in the group.
Send your comments on this article to Lori MacVittie at lmacvittie@nwc.com.
RSS
