Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
First Published: June 2003
Last Updated: May 4, 2009
The Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature enables you to shape PPP over Ethernet over VLAN sessions to a user-specified rate. The router shapes the sum of all of the traffic to the PPPoE session so that the subscriber's connection to the digital subscriber line access multiplexer (DSLAM) does not become congested. Queueing-related functionality provides different levels of service to the various applications that execute over the PPPoE session.
A nested, two-level hierarchical service policy is used to configure session shaping directly on the router using the modular quality of service command-line interface (MQC). The RADIUS server applies the service policy to a particular PPPoE session by downloading a RADIUS attribute to the router. This attribute specifies the policy map name to apply to the session. RADIUS notifies the router to apply the specified policy to the session. Because the service policy contains queueing-related actions, the router sets up the appropriate class queues and creates a separate versatile traffic management and shaping (VTMS) system link dedicated to the PPPoE session.
Finding Feature Information in This Module
For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
•Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
•How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature
•Configuration Examples for Per Session Queueing and Shaping Policies
•Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
•Each PPPoE over VLAN session for which per session queueing and shaping is configured has its own set of queues and its own VTMS link. Therefore, these PPPoE sessions do not inherit policies unless you remove the service policy applied to the session or you do not configure a policy for the session.
•The router supports per session queueing and shaping on PPPoE terminated sessions and on an IEEE 802.1Q VLAN tagged subinterfaces for outbound traffic only.
•The router does not support per session queueing and shaping for PPPoE over VLAN sessions using RADIUS on inbound interfaces.
•The router does not support per session queueing and shaping for layer 2 access concentrator (LAC) sessions.
•The statistics related to quality of service (QoS) that are available using the show policy-map interface command are not available using RADIUS.
•The router does not support using a virtual template interface to apply a service policy to a session.
•You can apply per session queueing and shaping policies only as output service policies. The router supports input service policies on sessions for other existing features, but not for per session queueing and shaping for PPPoE over VLAN using RADIUS.
•During periods of congestion, the router does not provide specific scheduling between the various PPPoE sessions. If the entire port becomes congested, the scheduling that results has the following effects:
–The amount of bandwidth that each session receives of the entire port's capacity is not typically proportionally fair share.
–The contribution of each class queue to the session's total bandwidth might not degrade proportionally.
•The PRE2 does not support ATM overhead accounting for egress packets with Ethernet encapsulations. Therefore, the router does not consider ATM overhead calculations when determining that the shaping rate conforms to contracted subscriber rates.
•The router does not support the configuration of the policy map using RADIUS. You must use the MQC to configure the policy map on the router.
Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC.
•How Routers Apply QoS Policy to Sessions
•How RADIUS Uses VSA 38 in User Profiles
•Commands Used to Define QoS Actions
How Routers Apply QoS Policy to Sessions
The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:
•User Profile—The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.
•Service Profile—The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.
If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.
Note Although the router also supports the RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
How RADIUS Uses VSA 38 in User Profiles
The RADIUS VSA 38 is used for downstream traffic going toward a subscriber. The service (policy map name) to which the user session belongs resides on the RADIUS server. The router downloads the name of the policy map from RADIUS using VSA 38 in the user profile and then applies the policy to the session.
To set up RADIUS for per session queueing and shaping for PPPoE over VLAN support, enter the following VSA in the user profile on the RADIUS server:
Cisco:Cisco-Policy-Down = <service policy name>
The actual configuration of the policy map occurs on the router. The user profile on the RADIUS service contains an entry that identifies the policy map name applicable to the user. This policy map name is the service RADIUS downloads to the router using VSA 38.
Note Although the router also supports RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the attributes described in the "How Routers Apply QoS Policy to Sessions" section for QoS policy definitions.
Commands Used to Define QoS Actions
When you configure queueing and shaping for PPPoE over VLAN sessions, the child policy of a nested hierarchical service policy defines QoS actions using any of the following QoS commands:
•priority command—Assigns priority to a traffic class and gives preferential treatment to the class.
•bandwidth command—Enables class-based fair queueing and creates multiple class queues based on bandwidth.
•queue-limit command—Specifies the maximum number of packets that a particular class queue can hold.
•police command—Regulates traffic based on bits per second (bps), using the committed information rate (CIR) and the peak information rate, or on the basis of a percentage of bandwidth available on an interface.
•random-detect command—Drops packets based on a specified value to control congestion before a queue reaches its queue limit. The drop policy is based on IP precedence, differentiated services code point (DSCP), or the discard-class.
•set ip precedence command—Marks a packet with the IP precedence level you specify.
•set dscp command—Marks a packet with the DSCP you specify.
•set cos command—Sets the IEEE 802.1Q class of service bits in the user priority field.
The parent policy contains only the class-default class with the shape command configured. This command shapes traffic to the specified bit rate, according to a specific algorithm.
The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC. The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:
•User Profile—The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.
•Service Profile—The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.
If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.
Note Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature
The following sections contain procedures for configuring per session queueing and shaping:
•Configuring a Per Session Queueing and Shaping Policy on the Router (Required)
•Verifying Per Session Queueing (Required)
Configuring a Per Session Queueing and Shaping Policy on the Router
To configure a per session queueing and shaping policy on the router for PPPoE over VLAN sessions using RADIUS, you must complete the following steps.
SUMMARY STEPS
1. policy-map policy-map-name
2. class
3. bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | {user-defined offset [atm]}
4. exit
5. policy-map policy-map-name
6. class class-default
7. shape rate account {{qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | user-defined offset [atm]}
8. service-policy policy-map-name
DETAILED STEPS
|
|
|
Step 1 |
policy-map policy-map-name
Router(config)# policy-map policy-map-name |
Creates or modifies the bottom-level child policy. •policy-map-name is the name of the child policy map. The name can be a maximum of 40 alphanumeric characters. |
Step 2 |
class
Router(config-pmap)# class class-map-name |
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode. •class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions. •Repeat Steps 2 and 3 for each traffic class you want to include in the policy map. |
Step 3 |
bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | user-defined offset [atm]} |
Enables class-based fair queueing. •bandwidth-kbps specifies or modifies the minimum bandwidth allocated for a class belonging to a policy map. Valid values are from 8 to 2488320, which represents from 1 to 99 percent of the link bandwidth. •percent percentage specifies or modifies the minimum percentage of the link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99. •remaining percent percentage specifies or modifies the minimum percentage of unused link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99. •account enables ATM overhead accounting. For more information, see the "ATM Overhead Accounting" section of the Cisco 10000 Series Router Quality of Service Configuration Guide, Chapter 15, "Configuring Dynamic Subscriber Services," http://www.cisco.com/en/US/docs/routers/10000/10008/configuration/guides/qos/10qrad.html#wp1067156. •qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type. •dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type. •aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3. •aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5. •subscriber-encapsulation specifies the encapsulation type at the subscriber line. •user-defined indicates that the router is to use the offset you specify when calculating ATM overhead. •offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes. Note The router configures the offset size if you do not specify the offset option. •atm applies ATM cell tax in the ATM overhead calculation. Note Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax. |
Step 4 |
exit
Router(config-pmap-c)# exit |
Exits policy-map class configuration mode. |
Step 5 |
policy-map policy-map-name
Router(config-pmap)# policy-map policy-map-name |
Creates or modifies the parent policy. •policy-map-name is the name of the parent policy map. The name can be a maximum of 40 alphanumeric characters. |
Step 6 |
class class-default
Router(config-pmap)# class class-default |
Configures or modifies the parent class-default class. Note You can configure only the class-default class in a parent policy. Do not configure any other traffic class. |
Step 7 |
shape rate account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
Router(config-pmap-c)# shape rate account {qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | {user-defined offset [atm]} |
Shapes traffic to the indicated bit rate and enables ATM overhead accounting. •rate is the bit-rate used to shape the traffic, expressed in kilobits per second. •account enables ATM overhead accounting. •qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type. •dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type. •aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented VBR services. You must specify either aal5 or aal3. •aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5. •subscriber-encapsulation specifies the encapsulation type at the subscriber line. •user-defined indicates that the router is to use the offset you specify when calculating ATM overhead. •offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes. Note The router configures the offset size if you do not specify the user-defined offset option. •atm applies ATM cell tax in the ATM overhead calculation. Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax. |
Step 8 |
service-policy policy-map-name
Router(config-pmap-c)# service-policy policy-map-name |
Applies a bottom-level child policy to the top-level parent class-default class. •policy-map-name is the name of the previously configured child policy map. |
Verifying Per Session Queueing
To display the configuration of per session queueing and shaping policies for PPPoE over VLAN, enter any of the following commands in privileged EXEC mode:
|
|
Router# show policy-map interface interface |
Displays information about the policy map attached to the interface you specify. If you do not specify an interface, it displays information about all of the policy maps configured on the router. •interface specifies the virtual-access interface and number the router created for the session (for example, virtual-access 1). |
Router# show policy-map session uid uid-number |
Displays the session QoS counters for the subscriber session you specify. •uid uid-number defines a unique session ID. Valid values for uid-number are from 1 to 65535. |
Router# show running-config |
Displays the running configuration on the router. The output shows the AAA setup and the configuration of the policy map, ATM VC, PPPoA, dynamic bandwidth selection, virtual template, and RADIUS server. |
Configuration Examples for Per Session Queueing and Shaping Policies
This section provides the following configuration examples:
•Configuring a Per Session Queueing and Shaping Policy on the Router: Example
•Setting Up RADIUS for Per Session Queueing and Shaping: Example
•Verifying Per Session Queueing and Shaping Policies: Examples
Configuring a Per Session Queueing and Shaping Policy on the Router: Example
The following example shows
The example creates two traffic classes: Voice and Video. The router classifies traffic that matches IP precedence 5 as Voice traffic and traffic that matches IP precedence 3 as Video traffic. The Child policy map gives priority to Voice traffic and polices traffic at 2400 kbps. The Video class is allocated 80 percent of the remaining bandwidth and has ATM overhead accounting enabled. The Child policy is applied to the class-default class of the Parent policy map, which receives 20 percent of the remaining bandwidth and shapes traffic to 10,000 bps, and enables ATM overhead accounting.
Router(config)# class-map Voice
Router(config-cmap)# match ip precedence 5
Router(config-cmap)# class-map Video
Router(config-cmap)# match ip precedence 3
Router(config)# policy-map Child
Router(config-pmap)# class Voice
Router(config-pmap-c)# priority
Router(config-pmap-c)# police 2400 9216 0 conform-action transmit exceed-action drop
violate-action drop
Router(config-pmap-c)# class video
Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-dot1q-rbe
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 10000 account dot1q snap-dot1q-rbe
Router(config-pmap-c)# service-policy Child
Setting Up RADIUS for Per Session Queueing and Shaping: Example
The following are example configurations for the Merit RADIUS server and the associated Layer 2 network server (LNS). In the example, the Cisco-Policy-Down attribute indicates the name of the policy map to be downloaded, which in this example is rad-output-policy. The RADIUS dictionary file includes an entry for Cisco VSA 38.
example.com Password = "cisco123"
Service-Type = Framed-User,
Cisco:Cisco-Policy-Down = rad-output-policy
Cisco.attr Cisco-Policy-Up 37 string (*, *)
Cisco.attr Cisco-Policy-Down 38 string (*, *)
Verifying Per Session Queueing and Shaping Policies: Examples
This example shows sample output for the show policy-map interface command. In the example, overhead accounting is enabled for both shaping and bandwidth.
Router# show policy-map interface virtual-access 1
Service-policy output: TEST
Class-map: class-default (match-any)
30 second offered rate 800 bps, drop rate 0 bps
shape (average) cir 154400, bc 7720, be 7720
overhead accounting: enabled
overhead accounting: disabled
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 100/1000
This example shows sample output from the show policy-map session command and show policy-map session uid command, based on a nested hierarchical policy.
Router# show subscriber session
Current Subscriber Information: Total sessions 1
Uniq ID Interface State Service Identifier Up-time
36 Vi2.1 authen Local Term peapen@cisco.com 00:01:36
Router# show policy-map parent
Average Rate Traffic Shaping
Router# show policy-map child
bandwidth remaining 80 (%)
Router# show policy-map session uid 36
SSS session identifier 36 -
SSS session identifier 36 -
Service-policy output: parent
Class-map: class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 10000000, bc 40000, be 40000
target shape rate 10000000
queue stats for all priority classes:
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
Class-map: voice (match-all)
30 second offered rate 0 bps, drop rate 0 bps
Priority: Strict, burst bytes 1500, b/w exceed drops: 0
8000 bps, 9216 limit, 0 extended limit
conformed 0 packets, 0 bytes; action:
exceeded 0 packets, 0 bytes; action:
violated 0 packets, 0 bytes; action:
Class-map: video (match-all)
30 second offered rate 0 bps, drop rate 0 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth remaining 80% (7993 kbps)
Class-map: class-default (match-any)
30 second offered rate 0 bps, drop rate 0 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/136
Additional References
The following sections provide references related to the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature.
Standards
|
|
No new or modified standards are supported, and support for existing standards has not been modified. |
— |
MIBs
|
|
No new or modified MIBs are supported, and support for existing MIBs has not been modified. |
To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
RFCs
|
|
No new or modified RFCs are supported, and support for existing RFCs has not been modified. |
— |
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/techsupport |
Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
Table 1 lists the features in this module and provides links to specific configuration information.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.
Table 1 Feature Information for Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS
|
|
|
Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS |
Cisco IOS XE Release 2.1 |
This feature enables you to shape PPPoE over VLAN sessions to a user-specified rate. The Per Session Queueing and Shaping for PPPoE over VLAN Support Using RADIUS feature was introduced on the PRE2 to enable dynamic queueing and shaping policies on PPPoEoVLAN session. This feature was integrated into Cisco IOS XE Release 2.1. |
CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2003-2009 Cisco Systems, Inc. All rights reserved.