Problem Summary

A branch office reported high packet loss and poor application performance over the WAN. The issue impacted VoIP calls, Citrix sessions, and file transfers, despite the link being stable.

• WAN provider showed no circuit-level issues
• Ping loss between LAN-WAN routers varied between 5% and 30%
• Latency-sensitive traffic (voice, RDP) dropped more than web browsing
• Network QoS was recently deployed during a WAN upgrade

---

Symptoms Observed

• VoIP calls breaking or one-way audio during business hours
• Users complained of slow Citrix/RDP responsiveness
• ICMP pings show intermittent loss (especially during peak traffic)
• WAN link utilization < 50% but still experiencing drops
• Application-specific loss (voice, SSH) while HTTP works
• Routers showed output drops in specific queues
• show policy-map interface showed non-zero drops in priority queue

Example CLI Output:

GigabitEthernet0/1
  Service-policy output: WAN-QOS

    Class-map: VOICE (match-all)
      Priority: 1000 kbps
      Output drops: 4023 packets

---

Root Cause Analysis

On investigation, engineers found:

• QoS was applied at the WAN edge, but the bandwidth allocations were incorrect
• The voice class was configured with a low priority bandwidth (1000 kbps) while actual usage exceeded that during calls
• The WAN interface had a mismatched bandwidth statement (bandwidth 100000 instead of 10000)
• QoS policies were based on incorrect interface bandwidth assumptions, causing class drops even when the physical link had capacity
• The router was policing traffic because the Priority Queue (LLQ) was overwhelmed by actual voice traffic exceeding limits

Root Cause: Misconfigured QoS bandwidth allocations and incorrect interface bandwidth setting led to priority queue drops, resulting in high packet loss for voice and latency-sensitive applications.

---

The Fix

Step-by-Step Resolution:

1. Correct the Interface Bandwidth

QoS calculations use the interface’s bandwidth value:

interface GigabitEthernet0/1
  bandwidth 10000  ! Set to actual WAN speed in kbps

2. Adjust QoS Bandwidth Allocation

Update your policy-map to give appropriate priority and bandwidth:

class-map match-any VOICE
  match ip dscp ef

policy-map WAN-QOS
  class VOICE
    priority percent 20
  class CRITICAL-APPS
    bandwidth percent 30
  class class-default
    fair-queue

interface GigabitEthernet0/1
  service-policy output WAN-QOS

3. Monitor with Policy-Map Stats

show policy-map interface GigabitEthernet0/1

Look for drops and tune bandwidth as needed.

4. Test with Real Application Traffic

Use VoIP soft clients or iperf with DSCP settings.

---

EVE-NG Lab Topology

• Apply QoS at R1 WAN interface
• Simulate VoIP traffic with iperf using DSCP EF
• Generate mixed traffic to trigger QoS policies
• Observe output drops and fix them

---

Verification

Key CLI Commands:

show policy-map interface
show interface <wan> stats
show qos interface

What to Check:

• Priority queue drops: Should be 0 or minimal
• Bandwidth: Correctly allocated across classes
• WAN Interface Bandwidth: Matches actual circuit
• DSCP/CoS marking: Must be honored end-to-end

Use packet capture:

• Confirm DSCP EF is retained in transit
• Analyze dropped vs transmitted packets

---

Key Takeaways

• QoS misconfiguration does not break the link, but silently destroys performance
• Interface bandwidth setting is critical for correct QoS operation
• Priority queues are policed — exceeding them causes drops
• Voice, video, and interactive apps suffer most without proper QoS
• QoS testing must include real traffic, not just pings or HTTP

---

Best Practices / Design Tips

1. Always set the correct bandwidth on WAN interfaces
2. Use DSCP-based class-maps to differentiate traffic types
3. Allocate minimum 20–30% priority for voice/video
4. Avoid using exact kbps values, prefer % for scalability
5. Regularly audit policy-map statistics
6. Validate DSCP/Cos tagging end-to-end
7. Use iperf with DSCP set for real QoS testing
8. Document and baseline QoS settings per site
9. Use auto QoS features as a starting point
10. Limit number of classes to 4–6 max (voice, critical apps, default)
11. Monitor WAN links with NetFlow/SNMP traps
12. Validate QoS configs after ISP circuit upgrades
13. Prefer modular QoS CLI (MQC) for flexibility
14. Simulate QoS behavior using EVE-NG labs regularly
15. Design QoS from application SLA backward, not just interface speed

---

FAQs

1. Why is packet loss happening even when bandwidth is available?

Answer: Because the QoS policy restricts how much bandwidth is allocated to each class. If a class (like voice) exceeds its allocation, packets get dropped — even if total link usage is low.

---

2. What is the priority queue in QoS?

Answer: It’s a Low Latency Queue (LLQ) used for delay-sensitive traffic (like voice). It is policed, not shaped — excess traffic is dropped.

---

3. How does interface bandwidth affect QoS?

Answer: QoS policies calculate class bandwidths based on the configured bandwidth value. If it’s set incorrectly (e.g., 100 Mbps instead of 10 Mbps), QoS will under or over allocate class bandwidth.

---

4. What does show policy-map interface tell you?

Answer: It shows real-time statistics of packet matches, drops, queue depths, and bandwidth usage per class.

---

5. What happens if you allocate too little bandwidth to voice?

Answer: During congestion, voice packets are dropped, leading to choppy audio, call disconnects, and one-way voice.

---

6. Should I use kbps or percent for QoS?

Answer: Percent is preferred because it scales automatically with interface bandwidth. Use kbps only for fixed links with no change.

---

7. How to simulate this issue in a lab?

Answer: In EVE-NG, generate DSCP-marked traffic using iperf or ping -Q, apply a policy-map with low bandwidth to VOICE class, and observe packet drops.

---

8. Can I trust ISP to honor my DSCP markings?

Answer: Not always. Many ISPs remark or strip DSCP. Always test DSCP retention with packet captures or loopback tests.

---

9. Why does web browsing work but VoIP fails?

Answer: VoIP is delay-sensitive and uses small, frequent packets. Even a small number of drops can ruin quality. Web is more tolerant to drops and retransmissions.

---

10. Is fair-queue enough for voice traffic?

Answer: No. Voice needs dedicated priority bandwidth. Use priority class for voice, not fair-queue.

---

11. What is DSCP EF?

Answer: Differentiated Services Code Point Expedited Forwarding (EF) is used for VoIP traffic and maps to value 46.

---

12. How much bandwidth should I allocate to voice?

Answer: Generally, allocate 20–30% of WAN bandwidth. Each VoIP call typically uses ~80–100 kbps with overhead.

---

13. Does shaping help in this case?

Answer: Shaping can help on the outbound interface to match the link speed. But priority queues (LLQ) are policed, not shaped.

---

14. Can I use auto-QoS?

Answer: Yes. Cisco’s AutoQoS VoIP or NBAR-based QoS are good starting templates. Customize them to suit your application SLAs.

---

15. What tools help in verifying QoS?

Answer: Use:

• show policy-map interface
• Wireshark to verify DSCP markings
• iperf3 with --tos for traffic generation
• NetFlow to visualize bandwidth per class

---

YouTube Link

Watch the Complete CCNP Enterprise: High Packet Loss on WAN Link – Diagnosing QoS Misconfigurations Lab Demo & Explanation on our channel:

---

Final Note

Understanding how to differentiate and implement High Packet Loss on WAN Link – Diagnosing QoS Misconfigurations is critical for anyone pursuing CCNP Enterprise (ENCOR) certification or working in enterprise network roles. Use this guide in your practice labs, real-world projects, and interviews to show a solid grasp of architectural planning and CLI-level configuration skills.

If you found this article helpful and want to take your skills to the next level, I invite you to join my Instructor-Led Weekend Batch for:

CCNP Enterprise to CCIE Enterprise – Covering ENCOR, ENARSI, SD-WAN, and more!

Get hands-on labs, real-world projects, and industry-grade training that strengthens your Routing & Switching foundations while preparing you for advanced certifications and job roles.

Email: info@networkjourney.com
WhatsApp / Call: +91 97395 21088

Upskill now and future-proof your networking career!

---