QoS - Policing Support for GRE Tunnels

Available Languages

Download Options

  • PDF     (180.9 KB)
    View with Adobe Reader on a variety of devices
Updated:December 4, 2006

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Qos - Policing SUPPORT for GRE Tunnels

Table Of Contents

Qos - Policing SUPPORT for GRE Tunnels

Contents

Restrictions for Qos - Policing Support for GRE Tunnels

Information About Qos - Policing Support for GRE Tunnels

How to Configure Qos - Policing Support for GRE Tunnels

Additional References

Related Documents

Standards

MIBs

Technical Assistance


Qos - Policing SUPPORT for GRE Tunnels

The Qos - Policing Support for GRE Tunnels feature allows you to set the Differentiated Services Code Point (DSCP) and IP precedence values on Generic Routing Encapsulation (GRE) tunnel packets.

This feature is essential for MPLS carriers to offer QoS on Multicast VPN services. MVPN uses GRE tunnels between PE devices, and multicast packets are placed in GRE tunnels for transmission across the MPLS core network. The Qos - policing SUPPORT for GRE Tunnels feature allows users to configure QoS for the GRE tunnel packets. Once the GRE packets accurately reflect the QoS markings of the underlying multicast packets, they may be queued accordingly as they travel across the core nodes.

History for the Qos - Policing Support for GRE Tunnels Feature

Release
Modification

Release 12.2(31)SB

This feature was introduced and implemented on the Cisco 10000 series router.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Restrictions for Qos - Policing Support for GRE Tunnels

Information About Qos - Policing Support for GRE Tunnels

How to Configure Qos - Policing Support for GRE Tunnels

Additional References

Additional References

Restrictions for Qos - Policing Support for GRE Tunnels

Service policies with GRE tunnel header marking actions can only be attached to the ingress interfaces.

There is no direct means of marking the inner IP header that arrives in a tunnel (aka tunnel decapsulation or tunnel receive).

The Cisco 10000 Series router supports only one police action.

Information About Qos - Policing Support for GRE Tunnels

Table 1 shows how the various tunnel-specific marking functions interact with one another.

Table 1 Priority of Tunnel-Marking Commands

Command
Action Seen In Outer IP header

1) Policing commands:

set dcsp tunnel transmit

or

set precedence tunnel transmit

The police values supersede all other marking values.

Changes the 6-bit dscp value in the outer IP header's ToS byte.

Changes the 3-bit precedence value in the outer IP header's ToS byte.

2) Input QoS set actions:

set ip dcsp tunnel value

or

set ip precedence tunnel value


Changes the 6-bit dscp value in the outer IP header's ToS byte.

Changes the 3-bit precedence value in the outer IP header's ToS byte

3) tunnel tos value

Changes the entire ToS byte in outer IP header.

4) Default action is: ToS reflection

Copy the entire ToS byte from the inner IP header into the outer IP header.


The policing commands are logically applied last and thus have the highest priority. This means that the value associated with the set ip [dscp | precedence] tunnel transmit command, when applied, will always show up in the outer IP header's ToS byte.

The set ip [dscp | precedence] tunnel transmit command value that is specified will supersede the tunnel tos value and any default tunnel action.

The tunnel tos value command overrides any default tunnel marking action.

If the input QoS action uses a dcsp value and the police action specifies a precedence value, only the police action bits will be changed. The bits associated with the input QoS actions' dscp value will be ignored.

How to Configure Qos - Policing Support for GRE Tunnels

To configure Qos - Policing Support for GRE Tunnels, perform the following configuration tasks:

SUMMARY STEPS

1. enable

2. configure terminal

3. class-map class-map-name

4. match fr-de

5. exit

6. policy-map name

7. class map-class

8. police bps conform-action action

9. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

class-map class-map-name

Example:

Router (config)# class-map MATCH_FRDE

Creates a class map to be used for matching packets to a specified class.

Step 4 

match fr-de

Example:

Router (config-cmap)# match fr-de

Matches packets with the Frame Relay discard eligibility (DE) bit set.

Step 5 

exit

Example:

Router (config-cmap)# exit

Exits class-map configuration mode.

Step 6 

policy-map name

Example:

Router (config)# policy-map TUNNEL_MARKING

Configures a policy, i.e., an association of a traffic class with one or more security-related actions.

Step 7 

class map-class

Example:

Router (config-pmap)# class MATCH_FRDE

Associates the map class with the protocol.

Step 8 

police bps conform-action action

Example:

Router (config-pmap-c)# police 8000 conform-action set-dscp-tunnel-transmit

Configures traffic policing.

Step 9 

end

Example:

Router (config-pmap-c)# end

Exit policy map configuration mode.

Additional References

The following sections provide references related to Policing Support for GRE Tunnels.

Related Documents

Related Topic
Document Title

Quality of Service on GRE Tunnel Interfaces

Tech Note: Quality of Service Options on GRE Tunnel Interfaces at http://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


Technical Assistance

Description
Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products