Guest

QoS Policing

Configuring Packet Marking on Frame Relay PVCs

Cisco - Configuring Packet Marking on Frame Relay PVCs

Document ID: 18662

Updated: Aug 18, 2005

   Print

Introduction

This document reviews the supported commands to configure packet marking over Frame Relay interfaces.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software or hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Class-Based Packet Marking

Class-based packet marking uses set commands and other commands of the Modular Quality of Service (QoS) Command Line Interface (CLI) to change the value of a field in a packet header.

Current Cisco IOS® software releases allow you to do these actions:

  • Set the IP Precedence bits or the IP differentiated services code point (DSCP) in the IP type of service (ToS) byte.

  • Set the Layer 2 class of service (CoS) value.

  • Associate a local QoS group value with a packet.

  • Change the Cell Loss Priority (CLP) bit setting in the ATM header of a packet from 0 to 1.

Both input and output policies are supported. When you are configuring class-based marking, note these restrictions:

  • Output policies require Frame Relay traffic shaping (FRTS).

  • Only Cisco Express Forwarding-switched packets are supported.

  • A policy map that contains the set atm-clp command can be attached as an output policy only.

This is an example of how the DSCP value is set:

Configuration Example - Class-Based Marking
class-map user1
  match access-group 101
!
class-map user2
  match access-group 102
!
policy-map dscp
  class user1
    set ip dscp AF11
  class user2
    set ip dscp AF12
!
map-class frame set-dscp
  service-policy input dscp
!
int s0/0/0:0
 no ip address
 encapsulation frame-relay
 frame-relay traffic-shaping
!
int s0/0/0:0.125
 frame-relay interface-dlci 125
  class set-dscp

Setting the Discard Eligible Bit

The modular QoS CLI supports two commands to change the value of the discard eligible (DE) bit in a Frame Relay frame. Those commands are set fr-de with class-based shaping, and set-frde-transmit with class-based policing.

Note: The set-frde-transmit command does not apply to Frame Relay traffic transported via Any Transport over MPLS (AToM).

Frame Relay supports a two-level packet prioritization scheme using the DE bit. Originally, only network devices, such as Frame Relay switches, set the DE bit to indicate the relative importance of a frame. In recent Cisco IOS software releases, routers now can set the DE bit.

The next diagram illustrates the format of a Frame Relay frame. The DE bit is one of three bits that control the Frame Relay congestion-notification mechanisms.

config_fr_pvc.gif

Issue these commands to monitor class-based marking:

  • show policy-map interface interface-name —Displays the configuration and statistics of all classes configured for all service policies on the specified interface.

  • show frame-relay pvc [dlci-number] —Displays statistics for all permanent virtual circuit (PVC) components. This includes these statistics:

    • FRTS and service policy information

    • fragmentation

    • the number of packets in and out

    • the number of frames with the Backward Explicit Congestion Notification (BECN), Forward Explicit Congestion Notification (FECN), and DE bits set

Configuration Example - Matching on the DE Bit
class-map match-fr-de
  match fr-de

!--- Define a class-map named “match-fr-de” to match packets with the FR DE bit set.

!
policy-map set-de
  class match-fr-de
   set ip precedence 1

!--- All packets that match the class have IP precedence set to 1.

!
map-class frame-relay pvc150
   service-policy input set-DE

!--- Apply the policy map to the map class.

!
interface Serial0.1 point-to-point
   frame-relay class pvc150
   frame-relay interface-dlci 150

!--- Associate a map class to the Frame Relay data-link connection identifier (DLCI).

Router# show policy-map interface s0.1

Serial0.1

 Service-policy input: set-prec

   Class-map: match-fr-de (match-all)
     358 packets, 103820 bytes
     30 second offered rate 18000 bps, drop rate 0 BPS  Match: fr-de
     QoS Set
       ip precedence  1
         Packets marked 359

   Class-map: class-default (match-any)
     643 packets, 186470 bytes
     30 second offered rate 32000 BPS, drop rate 0 BPS
     Match: any  (1201)

Cisco IOS Software Release 12.2(2)T introduced support to set the DE bit with the set-frde-transmit option as part of the police command. (For more information, refer to Traffic Policing.) It can also be useful to set the DE bit when used with rate-limiting mechanisms, like class-based policing. The objective of such a QoS policy is to transmit non-conforming packets with the Frame Relay and DE bit set, so that downstream switches can potentially drop all non-conforming traffic during congestion conditions.

Note: Although class-based policing supports packet marking, it is recommended that you use this feature only if you need to mark packets to avoid running them through the policer’s token bucket mechanism.

The next configuration example uses the police command to limit the aggregate traffic to 800 Kbps. All traffic that conforms is transmitted with an IP precedence of 7, and all non-conforming traffic has the DE bit set.

Configuration Example - Setting the DE Bit
policy-map set-DE
  class class-default
   police 800000 1000 1000 conform-action
   set-prec-transmit 7 exceed-action set-frde-transmit
   violate-action set-frde-transmit
!
map-class frame-relay pvc100
  frame-relay traffic-rate 1000000
  frame-relay mincir 1000000
  service-policy input set-DE
!
interface S0/0
 no ip address
 encapsulation frame-relay
 frame-relay traffic-shaping
!
interface Serial0/0.1 point-to-point
  ip address 10.1.1.1 255.255.255.252
  no ip directed-broadcast
  frame-relay class pvc100
  frame-relay interface-dlci 100

router# show policy-map set-DE

 Policy Map set-DE
    Class class-default
      police 800000 1000 1000 conform-action
      set-prec-transmit 7 exceed-action
      set-frde-transmit violate-action
      set-frde-transmit

router# show frame-relay PVC 100

PVC Statistics for interface Serial0 (Frame Relay DTE)

DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0/0.1

input pkts 0       output pkts 13000    in bytes 0
out bytes 3770000  dropped pkts 0       in FECN pkts 0
in BECN pkts 0     out FECN pkts 0      out BECN pkts 0
in DE pkts 0       out DE pkts 4447
out bcast pkts 0   out bcast bytes 0
PVC create time 00:51:50, last time PVC status changed 00:51:50

service policy set-DE

  Service-policy output: set-DE (1069)

   Class-map: class-default (match-any) (1071/2)
     11519 packets, 3340510 bytes
     30 second offered rate 1140000 BPS, drop rate 0bps
      Match: ip precedence 1  (1075)
      police:
        800000 BPS, 1000 limit, 1000 extended limit
        conformed 4448 packets, 1289920 bytes; action:
        set-prec-transmit 7
        exceeded 11 packets, 3190 bytes; action:
        set-frde-transmit
        violated 8475 packets, 2457750 bytes; action:
        set-frde-transmit
        conformed 394000 BPS, exceed 1000 BPS violate
        749000 BPS
   Output queue size 20/max total 600/drops 1451

When you are testing your configuration, note this information:

  • Class-based marking requires Cisco Express Forwarding. Issue the ip cef command in global configuration mode, to enable Cisco Express Forwarding, if it is not already enabled.

  • Originally, class-based marking applied only to packets that were Cisco Express Forwarding-switched. Thus, you would not see incrementing matched packet counters if you were using ping to generate traffic on the same router, because such packets are process-switched.

  • Support for class-based marking of router-generated packets is introduced in Cisco IOS Software Release 12.2(6.8)T.

Choosing Where to Apply a Service Policy

On the Cisco 7200 Series, Cisco 2600/3600 Series, and other non-Route/Switch Processor (RSP) platforms, a service policy must be applied within a map-class; it can not be applied directly to the Frame Relay PVC. Output policies require FRTS, which you enable with the frame-relay traffic-shaping command. This command configures PVC queues. Thus, a service policy generally should be configured in DLCI configuration mode or in the PVC.

In current Cisco IOS software releases, Frame Relay interfaces support the application of a policy map (with the service-policy command) to interfaces, subinterfaces, and VCs. This table lists the supported combinations of policies:

Input Policy Output Policy
Supported on one logical interface. Supported on multiple logical interfaces that must be peers, such as multiple PVCs.

Note: A main interface and a subinterface are not peer interfaces and can not support a service policy at the same time.

Supported on one or two logical interfaces simultaneously. Valid combinations:
  • PVC and main interface
  • Subinterface and main interface
Invalid combinations:
  • PVC and subinterface
  • PVC, subinterface, and main interface

Originally, the configuration of a service policy with the set command directly on a main interface did not mark subinterface traffic. This illustrates symptoms of this problem:

Interface Serial5/1:1
no ip address
 encapsulation frame-relay
 no keepalive
 service-policy output set

!--- Avoid the placement of a service policy on a main interface.

 no fair-queue
 frame-relay class data-map
 frame-relay traffic-shaping
!
interface Serial5/1:1.1 point-to-point
 ip address 23.0.0.2 255.0.0.0
 frame-relay interface-dlci 300

giulia# show policy-map interface

 Serial5/1:1

  Service-policy output: set

    Class-map: prec-0 (match-all)
      100 packets, 10400 bytes

!--- Packets are classified correctly.

      5 minute offered rate 0 BPS, drop rate 0 BPS
      Match: ip precedence 0
      QoS Set
        ip precedence 1
          Packets marked 0

!--- No packets are marked.


    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 BPS, drop rate 0 BPS
      Match: any

As a workaround, apply the service policy to the subinterface.

Legacy Syntax - DE Lists

In Cisco IOS software releases that do not support the new Cisco Modular QoS CLI syntax, you can use the Cisco legacy DE marking syntax to set the DE bit. The legacy syntax uses DE lists that identify the characteristics of packets to be eligible for discard, and you can also specify DE groups to identify the DLCI that is affected.

Router(config)# frame-relay de-list list-number 
              {protocol protocol | interface typenumber} characteristic


!--- Issue this command on one line.

You can create DE lists based on the protocol or on the interface, and based on various characteristics such as fragmentation of the packet, a specific Transmission Control Protocol (TPC) or User Datagram Protocol (UDP) port, an access list number, or a packet size. Refer to the frame-relay de-list command in the Cisco IOS Wide-Area Networking Command Reference for further information.

To define a DE group that specifies the DE list and the DLCI affected, issue the frame-relay de-group group-number dlci command in interface configuration mode.

Related Information

Updated: Aug 18, 2005
Document ID: 18662