Cisco 10000 Series Router Quality of Service Configuration Guide
Configuring Dynamic Subscriber Services
Downloads: This chapterpdf (PDF - 932.0KB) The complete bookPDF (PDF - 21.32MB) | Feedback

Configuring Dynamic Subscriber Services

Table Of Contents

Configuring Dynamic Subscriber Services

Applying Traffic Shaping Parameters Using RADIUS Profiles

Feature History for Dynamic Bandwidth Selection

Configuration Commands for DBS

dbs enable Command

default dbs enable Command

PCR and SCR Parameters for Multiple Sessions on a VC

Dynamic Bandwidth Selection Configuration and PPP Sessions

Network Access Server QoS Management

Default QoS Parameters and QoS Configuration Precedence

Accounting Updates

Service Category Transitions

Dynamic Bandwidth Selection and Oversubscription

Prerequisites for Dynamic Bandwidth Selection

Restrictions and Limitations for Dynamic Bandwidth Selection

Configuring Dynamic Bandwidth Selection

Configuring the Router for Dynamic Bandwidth Selection

Configuring RADIUS Profiles for Dynamic Bandwidth Selection

Configuration Examples for Dynamic Bandwidth Selection

Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class and a PVC

Configuration Example for Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth Selection

Configuration Example for Enabling a RADIUS User Profile for Dynamic Bandwidth Selection

Verifying and Monitoring Dynamic Bandwidth Selection

Dynamically Changing VC Weight and Watermark Values

Feature History for Dynamic VC Weight and Watermarks

Configuration Commands for Dynamic VC Weight and Watermarks

Default High and Low Watermark Values

High and Low Watermark Threshold Behavior

Restrictions and Limitations for VC Weight and Watermarks

Configuring Dynamic VC Weights and Watermarks

Configuring the Router for Dynamic VC Weights and Watermarks

Setting Up RADIUS for Dynamic VC Weights and Watermarks

Verifying Dynamic VC Weights and Watermarks

Verification Example for Dynamic VC Weights and Watermarks

Applying QoS Parameters Dynamically to Sessions

Feature History for Define Interface Policy-Map AV Pairs AAA

Pulled Policy Maps

Prerequisites for Define Interface Policy-Map AV Pairs AAA

Restrictions and Limitations for Define Interface Policy-Map AV Pairs AAA

Configuring Dynamic QoS Policies at the Session Level

Prerequisites

Configuring the Router for Dynamic QoS Policies at the Session Level

Setting Up RADIUS for Dynamic QoS Policies at the Session Level

Setting Up the AAA Server

Configuration Examples for Dynamic QoS Policies at the Session Level

Configuration Examples for Existing Service Policies and Pulled Policies

Configuration Examples for Pulled Policies and a Router Without Existing Policies

Verifying Dynamic QoS Policies at the Session Level

Verification Examples for Dynamic QoS Policies at the Session Level

Shaping PPPoE Over VLAN Sessions Using RADIUS

Feature History for Per Session Queuing and Shaping for PPPoE Over VLANs

Per Session Shaping Inheritance

Interfaces Supporting Per Session Queuing and Shaping for PPPoE Over VLANs

Restrictions and Limitations for Per Session Queuing and Shaping for PPPoE Over VLANs

Configuring Per Session Queuing and Shaping for PPPoE Over VLANs Using RADIUS

Configuring a Per Session Queuing and Shaping Policy on the Router

Setting Up RADIUS for Per Session Queuing and Shaping

Verifying Per Session Queuing and Shaping Policies

Shaping and Queuing Per-Session Traffic on LNS

Feature History for Per Session Shaping and Queuing on LNS

Prerequisites for Per Session Shaping and Queuing on LNS

Restrictions and Limitations for Per Session Shaping and Queuing on LNS

Configuring Per Session Shaping and Queuing on LNS

Configuring a Per Session Shaping and Queuing on LNS Policy

Queuing PPP Sessions on ATM VCs

Feature History for PPP Session Queuing on ATM VCs

Dynamically Applying QoS Policies to PPP Sessions on ATM VCs

PPP Session Queuing Inheritance

Interfaces Supporting PPP Session Queuing

Mixed Configurations and Queuing

Bandwidth Sharing and ATM Port Oversubscription

Oversubscription at the Session Level

Prerequisites for PPP Session Queuing on ATM VCs

Restrictions and Limitations for PPP Session Queuing on ATM VCs

Configuring PPP Session Queuing on ATM VCs

Configuring PPP Session Queuing Using a Virtual Template

Configuring PPP Session Queuing Using RADIUS

Configuration Examples for PPP Session Queuing on ATM VCs

Example of Configuring PPP Session Queuing on ATM VCs

Example of Configuring and Applying an Hierarchical Policy Map

Example of Setting Up RADIUS for PPP Session Queuing on ATM VCs

Verifying PPP Session Queuing on ATM VCs

Examples of Verifying PPP Session Queuing on ATM VCs

Related Documentation


Configuring Dynamic Subscriber Services


In previous provisioning models, during the subscription process a subscriber chooses a service level based on bandwidth options. If the subscriber later decides more bandwidth is needed, the subscriber calls the provisioning center to change services. For example, a subscriber might choose a basic service with low bandwidth and later change to a premium service with high bandwidth. The Cisco 10000 series router, however, offers a dynamic QoS model that allows you to download QoS parameters from the RADIUS server to an ATM VC.

Dynamic Bandwidth Selection (DBS) allows wholesale service providers to sell different levels of service to retail service providers, based on the bandwidth of the ATM VC connection. The retail service provider can then offer subscribers the ability to choose services with varying levels of bandwidth allocation. If a subscriber changes services, the service provider can dynamically change the ATM shaping on the VC based on the RADIUS profile of the subscriber. RADIUS accounting mechanisms control billing for the different services.

An extension to DBS provides the ability to modify an existing VC weight and watermark values using a RADIUS Pull model in which the subscriber triggers the parameter changes. The DBS Extensions—VC Weight and Watermark feature enables the modification of existing VC weight and watermark values without tearing down and recreating the VC.

The Define Interface Policy-Map AV Pairs AAA feature allows the router to apply QoS parameters dynamically to sessions, using two RADIUS vendor-specific attributes (VSAs).

Per session queuing and shaping for PPPoE over VLANs using RADIUS enables you to dynamically apply queuing and shaping policies to PPPoE over VLAN sessions.

This chapter describes the features that support dynamic subscriber services. It includes the following topics:

Applying Traffic Shaping Parameters Using RADIUS Profiles

Dynamically Changing VC Weight and Watermark Values

Applying QoS Parameters Dynamically to Sessions

Shaping PPPoE Over VLAN Sessions Using RADIUS

Shaping and Queuing Per-Session Traffic on LNS

Queuing PPP Sessions on ATM VCs

Related Documentation

Applying Traffic Shaping Parameters Using RADIUS Profiles

Dynamic bandwidth selection (DBS) dynamically changes ATM traffic shaping parameters based on a subscriber's RADIUS profile. This profile contains such QoS traffic shaping parameters as:

Peak cell rate (PCR)

Sustained cell rate (SCR)

VC traffic management class (VBR or UBR)

The Cisco 10000 series router supports DBS for the unspecified bit rate (UBR) and variable bit rate-nonreal time (VBR-nrt) categories of the ATM traffic management class:

UBR service class—The router applies only the PCR parameter to a UBR configured VC, depending on the port configuration.

VBR-nrt service class—The router applies the PCR and SCR parameters to the VBR-nrt VC.

As shown in Figure 17-1, when a subscriber initiates a Point-to-Point Protocol (PPP) over ATM (PPPoA) or PPP over Ethernet (PPPoE) session to the Cisco 10000 series router, DBS retrieves the RADIUS user profile and sets the QoS parameters to the shaping parameters specified in the user profile. The profile might contain PCR and SCR values for DBS configuration. If the profile specifies both values, DBS configures the ATM VC service class as VBR-nrt. Otherwise, DBS configures the service class as UBR.

Figure 17-1 Dynamic Bandwidth Selection Flow

Feature History for Dynamic Bandwidth Selection

Cisco IOS Release
Description
Required PRE

Release 12.2(16)BX

The Dynamic Bandwidth Selection feature was introduced on the PRE2. This feature is also known as Per User QoS Using AAA Policy Name.

PRE2

Release 12.2(28)SB

This feature was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.

PRE2


Configuration Commands for DBS

This section describes the following commands used to configure dynamic bandwidth selection (DBS):

dbs enable Command

default dbs enable Command

dbs enable Command

To enable dynamic bandwidth selection QoS and apply the traffic shaping parameters retrieved from RADIUS to the ATM virtual circuit (VC) class, ATM VC, ATM PVC range, or ATM PVC within a PVC range, use the dbs enable command in the appropriate configuration mode. To disable dynamic bandwidth selection, use the no form of the command. By default, DBS is disabled.

dbs enable
 
   
no dbs enable

dbs enable Command History

Cisco IOS Release
Description

Release 12.2(16)BX

The dbs enable command was introduced on the PRE2.

Release 12.2(28)SB

This command was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.


Configuration Modes

You can configure the dbs enable command in the following configuration modes:

ATM VC class

ATM VC

ATM PVC range

ATM PVC-in-range

Usage Guidelines for the dbs enable Command

When changing ATM QoS values dynamically on a VC, the connection might be disrupted for a short duration (typically milliseconds).

The no dbs enable command configured in any configuration mode (for example, PVC) overrides the dbs enable command configured in any configuration mode (for example, VC class). For more information, see the "Usage Guidelines for the default dbs enable Command" section.

Both the dbs enable and no dbs enable commands are nvgenned, that is, they are saved in the running configuration and appear, when configured, in the output of the show running-config command. If you use the default setting of DBS (no dbs enable) without explicitly configuring it, the no dbs enable command does not appear in the show running-config output.

When you enter the dbs enable or no dbs enable commands, existing sessions are not disconnected. If you have a session that has been configured for DBS and you configure the no dbs enable command on a VC, additional sessions that are configured display DBS-configured QoS values until the first new session is up. After the first session is brought up, the VC has default and locally configured values. If you configure the dbs enable command after multiple sessions are already up on the VC, all sessions on that VC have DBS QoS parameters.

RADIUS QoS attributes are applied to PVCs when a new PPPoE session has PCR and SCR values that are higher than existing PPPoE sessions. If a new PPPoE session with lower PCR and SCR values is added to a PVC, the RADIUS QoS attributes are not applied to the new session. If the user with the PPPoE session with the higher PCR and SCR values logs out, the QoS attributes are set to those of the lower bandwidth user.

RADIUS QoS attributes override attributes on a PVC configured in ATM PVC-in-range or ATM PVC range configuration mode. If the RADIUS QoS attributes cannot be applied to a PVC, PPPoE and PPPoA sessions cannot be established.

When DBS is configured, normal ATM precedences apply. PVC configurations take precedence over VC class configurations. Thus, if DBS QoS parameters are applied on a VC class and disabled on one PVC in that VC class, DBS QoS parameters are not applied on the PVC. ATM PVC-in-range configurations take precedence over PVC range configurations.

When you configure DBS on a PVC, existing sessions on that PVC remain connected.

default dbs enable Command

To remove the dbs enable or no dbs enable command from an existing configuration, use the default dbs enable command in the appropriate configuration mode.

default dbs enable
 
   
no default dbs enable

default dbs enable Command History

Cisco IOS Release
Description

Release 12.2(16)BX

The default dbs enable command was introduced on the PRE2.

Release 12.2(28)SB

This command was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.


Configuration Modes

You can configure the default dbs enable command in the following configuration modes:

ATM VC class

ATM VC

ATM PVC range

ATM PVC-in-range

Usage Guidelines for the default dbs enable Command

The default dbs enable command is not nvgenned and does not appear in the output of the show running-config command when configured.

Use the default dbs enable command to remove the dbs enable command or the no dbs enable command from a configuration. For example, in the following configuration we enable DBS on PVC 1/55:

Router(config)# interface atm 6/0/0.600 point-to-point
Router(config-if)# pvc 1/55
Router(config-if-atm-vc)# dbs enable
Router(config-if-atm-vc)# encapsulation aal5mux ppp Virtual-Template1
Router(config-if-atm-vc)# end
 
   

We later decide to change the PVC configuration so that a VC class is applied to the PVC. The configuration of the VC class, named vc-test, includes the dbs enable command. Therefore, we must remove the dbs enable command from the PVC configuration by using the default dbs enable command.

The default dbs enable command removes the dbs enable command from the PVC configuration, as shown in the following configuration, but it does not remove the ability to do DBS under the VC class. Notice that the default dbs enable command also does not appear in the PVC configuration.

vc-class atm vc-test
vbr-nrt 505 505
dbs enable
encapsulation aal5mux ppp Virtual-Template1
!
interface ATM6/0/0.600 point-to-point
pvc 1/55
class-vc vc-test

PCR and SCR Parameters for Multiple Sessions on a VC

DBS selects the PCR and SCR parameters for a VC on which multiple PPPoE sessions are allowed and applies the parameters to the VC. The RADIUS profile values for the first user on a VC override the default values of the VC. At any time, DBS selects the PCR and SCR values that are the highest of all the sessions. Adding and removing sessions from the VC can result in changes in the PCR and SCR parameters.

If users already exist on the VC, each new value overrides the existing configuration only if the value is higher than the existing value. If the selected PCR value is higher than available bandwidth, DBS applies the highest value supported on the VC. If the PCR is less than the minimum PCR supported on a VC, DBS applies the minimum supported value.

Dynamic Bandwidth Selection Configuration and PPP Sessions

Dynamic bandwidth selection (DBS) is disabled by default on the Cisco 10000 series router. Enabling or disabling DBS affects new and existing sessions on the VC in the following ways:

If multiple sessions are already up on a VC and you then enable DBS on the VC, when the next session comes up (the first session after enabling DBS on the VC), that session and all other sessions on the VC have DBS configured QoS values.

If you enable or disable DBS on a VC, none of the already established sessions on the VC disconnect.

If a session comes up on a VC that has DBS enabled and then you disable DBS on the VC, that session and all other sessions that came up before you disabled DBS display the default or configured VC values. The first session that comes up after you disabled DBS on the VC displays the default and locally configured QoS values on the VC.

Changing QoS traffic parameters affects sessions on a VC in the following ways:

Changing VC QoS traffic parameters as a result of new simultaneous sessions on the same VC does not cause already established sessions to disconnect.

Changing RADIUS domain service profile QoS parameters does not cause the QoS traffic parameters to change automatically for VCs with existing sessions to the domain.

Network Access Server QoS Management

When a network access server (NAS) sends a domain authorization request to a RADIUS server, the server returns an affirmative response that might include a QoS-management string in attribute 26 (VSA) for QoS management in the NAS. The QoS-management values, configured as part of the RADIUS domain service profile attributes, contain PCR and SCR values for a specific VC or permanent VC. The QoS parameters of the VC on which the PPP session arrived change to UBR or VBR-nrt, and change to the PCR and SCR values specified for that particular user. If DBS cannot apply the QoS values specified for a particular user to the VC on which the session arrived, the router ignores the QoS values and usually establishes the session. For example, if the PVC is unshaped UBR, the router ignores the QoS values for PCR and SCR and establishes the session.

Default QoS Parameters and QoS Configuration Precedence

You can use the Cisco IOS command line interface (CLI) to configure QoS traffic shaping parameters in ATM VC configuration mode, VC class mode, PVC range mode, or PVC-in-range mode. The traffic parameters that you configure in VC class interface or subinterface mode become the default QoS parameters for the VCs on which the VC class is applied. The QoS parameters in the RADIUS domain service profile (for the domain the subscriber is logged in to) override the default parameters. If you do not configure a VC class on a VC, the default is the unspecified bit rate (UBR).

Regardless of the mode in which you configure the parameters, locally configured QoS parameters have lower precedence than RADIUS QoS parameters. The traffic shaping parameters specified in the RADIUS domain service profile with higher precedence override the locally configured QoS shaping parameters.

Accounting Updates

When dynamic bandwidth selection applies QoS values for a user, it sends an accounting record to the RADIUS server. The accounting records contain accounting attributes such as the following:

Cisco-Avpair = "peak-cell-rate=155000" [flags = 0x00014000]
Cisco-Avpair = "sustainable-cell-rate=145000" [flags = 0x00014000]

Service Category Transitions

Table 17-1 lists the service category transitions supported on the Cisco 10000 series router for dynamic bandwidth selection (DBS).

Table 17-1 Supported Service Category Transitions 

From Service Category
To Service Category
Transition

Any

UBR-unshaped

Reject

UBR-unshaped

Any

Reject

UBR-PCR (shaped)

VBR-nrt

Reject

VBR-nrt

UBR-PCR

Reject

UBR-PCR

UBR-PCR

Accept

VBR-nrt

VBR-nrt

Accept


In DBS, the router does not allow you to change a VC traffic class, regardless of the atm pxf queuing mode of the router. For example, if you have a shaped UBR and DBS downloads peak cell rate (PCR) and sustained cell rate (SCR) values from RADIUS, the router does not convert the VC to VBR-nrt. Instead, the VC remains shaped UBR with the PCR configured. The router accepts or rejects the session on the VC as described below:

If the downloaded PCR and SCR parameters are defined as mandatory attributes in RADIUS, the router rejects the session.

If the downloaded PCR and SCR parameters are defined as non-mandatory attributes in RADIUS, the router accepts the session on the VC without changing the VC's traffic class or parameters.

Dynamic Bandwidth Selection and Oversubscription

In releases prior to Cisco IOS Release 12.3(7)XI2, if you simultaneously configure dynamic bandwidth selection (DBS) and VC oversubscription, RADIUS-provided QoS parameters are not set for some ATM VCs.

In Cisco IOS Release 12.3(7)XI2 and later releases, the router supports VC oversubscription on VCs that are modified using DBS. You can simultaneously configure DBS and VC oversubscription without any adverse affect on the VC's rate modification.

Prerequisites for Dynamic Bandwidth Selection

To download a service policy to a VC dynamically (through RADIUS), you must first enable dynamic bandwidth selection on the VC by using the dbs enable command. Otherwise, the input and output policy map that is pulled from RADIUS is not applied on the VC.

For example, when using the atm:vc-qos-policy-out and atm:vc-qos-policy-in RADIUS attributes, first enable dynamic bandwidth selection as shown in the following sample configuration:

vc-class atm 416k
vbr-nrt 416 416
dbs enable
create on-demand
idle-timeout 86400
 
   
interface ATM 5/0/0.1 multipoint
atm pppatm passive
range pvc 1/101 1/180
class-range 416k
encapsulation aal5mux ppp Virtual-Template1
queue-depth 24 20
 
   

The input and output policy map is then applied to the PVC 1/101 as shown in the following sample debug output:

Nov 25 09:49:23.244: Service policy input Ingress policy output Egress applied on 1/101
Nov 25 09:49:23.244: %c10k_atm_modify_vc_policy(ATM5/0/0): 1/101, vcd 1
Nov 25 09:49:23:244: %c10k_atm_modify_vc_policy(ATM5/0/0): Service policy output Egress 
applied on 1/101, vcd 1
Nov 25 09:49:23:252: %c10k_atm_modify_vc_policy(ATM5/0/0): Service policy input Ingress 
applied on 1/101, vcd 1

Restrictions and Limitations for Dynamic Bandwidth Selection

Dynamic bandwidth selection (DBS) applies the dynamically updated bandwidth to the ATM VC or permanent VC (PVC). DBS does not support applying the bandwidth to individual sessions.

The Cisco 10000 series router supports DBS for only ATM interface protocols, such as PPPoA and PPPoEoA. The router does not support DBS for PPPoE natively over Ethernet or over VLAN.

DBS does not support switched virtual circuits (SVCs).

DBS does not allow all QoS class of service category changes due to segmentation and reassembly (SAR) firmware limitations. For example, if you have VBR-nrt VCs configured, you can modify the VCs' shaping parameters (PCR and SCR) using DBS, but you cannot change VBR VCs to shaped UBR VCs by downloading only the PCR from RADIUS. This behavior also applies to shaped UBR VCs. Currently, you can change the ATM VC traffic class only by using the modular QoS command line interface (CLI). For more information, see the "Service Category Transitions" section.

DBS does not allow unspecified bit rate (UBR) unshaped transitions. The Cisco 10000 series router does not allow all transitions to and from UBR unshaped PVCs. An unshaped UBR PVC is a PVC that does not have a rate specified or the rate specified is greater than or equal to the actual bandwidth. In pxf queuing mode, the router treats all UBRs as unshaped. UBR unshaped is not a unique service category, but rather a pseudo service category based on the local or RADIUS user configuration.

DBS does not support constant bit rate (CBR) PVCs. The Cisco 10000 series router supports only UBR and variable bit rate (VBR) PVCs for DBS.

DBS is supported only on VBR-nrt VCs under virtual path (VP) tunnels in pxf queuing mode.

Configuring Dynamic Bandwidth Selection

Dynamic bandwidth selection enables you to dynamically change ATM QoS traffic shaping parameters based on RADIUS user or domain profiles (see the "Applying Traffic Shaping Parameters Using RADIUS Profiles" section).

To configure dynamic bandwidth selection, perform the following required configuration tasks:

Configuring the Router for Dynamic Bandwidth Selection

Configuring RADIUS Profiles for Dynamic Bandwidth Selection

Configuring the Router for Dynamic Bandwidth Selection

To configure the router for dynamic bandwidth selection, perform any of the following configuration tasks:

Enabling Dynamic Bandwidth Selection on a VC Class

Enabling Dynamic Bandwidth Selection on ATM PVCs

Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs

Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range

Enabling Dynamic Bandwidth Selection on a VC Class

To enable dynamic bandwidth selection on a VC class, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# vc-class atm name

Configures a VC class for an ATM VC or interface. Enters VC class configuration mode.

name is the name of the VC class.

Step 2 

Router(config-vc-class)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the VC class.

Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class

Example 17-1 shows how to enable dynamic bandwidth selection on a VC class. In the example, dynamic bandwidth selection is enabled on a VC class named cisco.

Example 17-1 Enabling Dynamic Bandwidth Selection on a VC Class

Router(config)# vc-class atm cisco
Router(config-vc-class)# dbs enable

Enabling Dynamic Bandwidth Selection on ATM PVCs

To enable dynamic bandwidth selection on an ATM PVC, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface atm slot/module/port.subinterface point-to-point

Specifies the ATM interface or subinterface. Enters interface or subinterface configuration mode.

Step 2 

Router(config-if)# pvc [name] vpi/vci

Specifies an ATM PVC and enters ATM VC configuration mode.

(Optional) name is the name of the PVC. The name can have up to 16 characters.

vpi/ is the ATM network virtual path identifier (VPI) for the PVC. Valid values are from 0 to 255. If you do not specify a vpi value, the vpi value defaults to 0. If the vci value is 0, you cannot set the vpi value to 0. The slash character is required.

vci is the ATM network virtual channel identifier (VCI) for the PVC. Valid values are from 1 to 65535. Typically, the lower values 0 to 31 are reserved for specific traffic and you should not use these. If the vpi value is 0, you cannot set the vci value to 0.

Note The VCI is a 16-bit field in the header of the ATM cell and because the value has local significance only, it is unique only on a single link, not throughout the ATM network.

Step 3 

Router(config-if-atm-vc)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the PVC.

Step 4 

Router(config-if-atm-vc)# protocol pppoe

(Optional) Specifies Point-to-Point Protocol over Ethernet (PPPoE) as the protocol of the ATM PVC.

Configuration Example for Enabling Dynamic Bandwidth Selection on ATM PVCs

Example 17-2 shows how to enable dynamic bandwidth selection on an ATM PVC. In the example, dynamic bandwidth selection is enabled on the PVC named cisco (PVC 0/100) on the ATM point-to-point subinterface 0/0/0.5.

Example 17-2 Enabling Dynamic Bandwidth Selection on an ATM PVC

Router(config)# interface atm0/0/0.5 point-to-point
Router(config-subif)# ip address 10.16.0.0 255.255.255.0
Router(config-subif)# pvc cisco 0/100
Router(config-if-atm-vc)# dbs enable
Router(config-if-atm-vc)# protocol pppoe

Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs

To enable dynamic bandwidth selection on a range of PVCs, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface atm slot/module/port.subinterface point-to-point | multipoint

Specifies the ATM interface or subinterface. Enters interface or subinterface configuration mode.

Step 2 

Router(config-subif)# range [range-name] pvc start-vpi/start-vci end-vpi/end-vci

Defines a range of ATM PVCs and enters ATM range configuration mode.

range-name is the name of the range. The range-name can have up to 15 characters.

start-vpi/ is the beginning value for a range of virtual path identifiers (VPIs). If you do not specify a vpi value, the vpi value defaults to 0. Valid values are from 0 to 255. The slash is required.

start-vci is the beginning value for a range of virtual channel identifiers (VCIs). Valid values are from 32 to 65535.

end-vpi/ is the end value for a range of VPIs. If you do not specify an end-vpi value, the value defaults to the start-vpi value. Valid values are from 0 to 255. The slash is required.

end-vci is the end value for a range of VCIs. Valid values are from 32 to 65535.

Step 3 

Router(config-if-atm-range)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the PVC range.


Note When downloading a service policy dynamically from RADIUS, the router applies the service policy to a range of PVCs, one PVC at a time. At this point, the PVC range is meaningless. The PVC on which the router is operating could have been created by any means (for example, individually, in PVC range mode, VC class mode, PVC-in-range mode, or automatically created on-demand).


Configuration Example for Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs

Example 17-3 shows how to enable dynamic bandwidth selection on a range of PVCs. In the example, dynamic bandwidth selection is enabled on a range of PVCs named cisco (PVC 0/50 to PVC 0/70) on the ATM multipoint subinterface 0/0/0.1.

Example 17-3 Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs

Router(config)# interface atm0/0/0.1 multipoint
Router(config-subif)# ip address 10.16.0.0 255.255.255.0
Router(config-subif)# range cisco pvc 0/50 0/70
Router(config-subif-atm-range)# dbs enable

Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range

To enable dynamic bandwidth selection on a specific PVC within a range of PVCs, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface atm slot/module/port.subinterface [point-to-point | multipoint]

Specifies the ATM interface or subinterface. Enters interface or subinterface configuration mode.

Step 2 

Router(config-if)# range [range-name] pvc start-vpi/start-vci end-vpi/end-vci

Defines a range of ATM PVCs and enters ATM range configuration mode.

range-name is the name of the range. The range-name can have up to 15 characters.

start-vpi/ is the beginning value for a range of virtual path identifiers (VPIs). If you do not specify a vpi value, the vpi value defaults to 0. Valid values are from 0 to 255. The slash is required.

start-vci is the beginning value for a range of virtual channel identifiers (VCIs). Valid values are from 32 to 65535.

end-vpi/ is the end value for a range of VPIs. If you do not specify an end-vpi value, the value defaults to the start-vpi value. Valid values are from 0 to 255. The slash is required.

end-vci is the end value for a range of VCIs. Valid values are from 32 to 65535.

Step 3 

Router(config-if-atm-range)# pvc-in-range [pvc-name] [vpi/vci]

Defines an individual PVC within a PVC range. Enters PVC-in-range configuration mode.

pvc-name is the name of the PVC. The pvc-name can have up to 15 characters.

vpi/ is the virtual path identifier for the PVC. If you do not specify a vpi value, the vpi value defaults to 0. Valid values are from 0 to 255. The slash is required.

vci is the virtual channel identifier for the PVC. Valid values are from 32 to 2047.

Step 4 

Router(config-if-atm-range-pvc)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the PVC in the range of PVCs.

Configuration Example for Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range

Example 17-4 shows how to enable dynamic bandwidth selection on a PVC within a PVC range. In the example, dynamic bandwidth selection (DBS) is enabled on PVC 60 in the PVC range named cisco (PVC 0/50 to PVC 0/70).

Example 17-4 Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range

Router(config)# interface atm0/0/0.1 multipoint
Router(config-subif)# range cisco pvc 0/50 0/70
Router(config-if-atm-range)# pvc-in-range 60
Router(config-if-atm-range-pvc)# dbs enable

Configuring RADIUS Profiles for Dynamic Bandwidth Selection

To configure RADIUS profiles for dynamic bandwidth selection, configure the dynamic bandwidth selection (DBS) QoS parameters in the domain service profiles or the user profiles on the authentication, authorization, and accounting AAA server (such as RADIUS). If you apply the QoS parameters in a domain service profile, all users that connect to that domain are assigned the same QoS parameters. If you apply the QoS parameters in a user profile, the locally terminated session for that user is assigned the QoS parameters. The Cisco 10000 series router downloads the user or domain profile from the RADIUS server as part of user authentication.

The QoS management string for dynamic bandwidth selection has the following syntax:

Cisco-Avpair = atm:peak-cell-rate=155000
Cisco-Avpair = atm:sustainable-cell-rate=155000
 
   

You must configure the peak cell rate (PCR) parameter and you can optionally configure the sustained cell rate (SCR) parameter. The following configuration rules apply:

If you configure only PCR, the ATM service type is unspecified bit rate (UBR).

If you specify both SCR and PCR, the ATM service type is variable bit rate-nonreal-time (VBR-nrt).

If the PCR value is greater than the maximum rate allowed on the ATM physical interface, the PCR value applied on the VC is the maximum rate allowed on the interface.

If the PCR value is less than the minimum rate allowed on the physical interface, the PCR value applied on the VC is the minimum rate allowed on the interface.

If the SCR value exceeds the maximum for the interface, the session is rejected.

Configuration Examples for Configuring RADIUS Profiles for Dynamic Bandwidth Selection

Example 17-5 shows how to configure RADIUS attributes in a domain service profile for dynamic bandwidth selection.

Example 17-5 Configuring a RADIUS Domain Service Profile for Dynamic Bandwidth Selection

cisco.com	Password = "cisco",	Service-Type = Outbound
Service-Type	= Outbound,
Cisco-Avpair	= "vpdn:tunnel-id=shiva",
Cisco-Avpair	= "vpdn:tunnel-type=12tp",
Cisco-Avpair	= "vpdn:12tp-tunnel-password=password2",
Cisco-Avpair	= "vpdn:ip-addresses=172.16.0.0",
Cisco-Avpair	= "atm:peak-cell-rate=155000",
Cisco-Avpair	= "atm:sustainable-cell-rate=155000"

Example 17-6 shows how to configure RADIUS attributes in a user profile for dynamic bandwidth selection.

Example 17-6 Configuring a RADIUS User Profile for Dynamic Bandwidth Selection

user1@cisco.com	Password = "userpassword1",	Service-Type = Outbound
Service-Type	= Outbound,
Cisco-Avpair	= "vpdn:tunnel-id=shiva",
Cisco-Avpair	= "vpdn:tunnel-type=12tp",
Cisco-Avpair	= "vpdn:12tp-tunnel-password=password2",
Cisco-Avpair	= "vpdn:ip-addresses=172.16.0.0",
Cisco-Avpair	= "atm:peak-cell-rate=155000",
Cisco-Avpair	= "atm:sustainable-cell-rate=155000"

Configuration Examples for Dynamic Bandwidth Selection

This section provides additional configuration examples and includes the following:

Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class and a PVC

Configuration Example for Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth Selection

Configuration Example for Enabling a RADIUS User Profile for Dynamic Bandwidth Selection

Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class and a PVC

Example 17-7 shows how to enable dynamic bandwidth selection on a VC class and a PVC.

Example 17-7 Enabling Dynamic Bandwidth Selection on a VC Class and a PVC

!
aaa new-model
!
!aaa authentication ppp default group radius
aaa authorization network default local 
aaa session-id common
ip subnet-zero
ip ftp source-interface FastEthernet0/0/0
ip ftp username siv
ip ftp password dev1sit
ip host hardhead 10.10.0.4
ip host balloon 10.10.0.3
ip host seabass 10.10.0.2
!
vpdn enable
vpdn authen-before-forward
!
vpdn-group 2
 request-dialin
  protocol l2tp
  domain cisco.com
 initiate-to ip 192.168.1.2 
 local name c10k-lac
 l2tp tunnel password 7 13061E010803
!
mpls ldp log-neighbor-changes
!
!
controller SONET 2/0/0
 no framing
 shutdown
!
!
vc-class atm pppoa
  vbr-nrt 60 60
  dbs enable	/* Enables dynamic bandwidth selection on VC class.*/
  encapsulation aal5mux ppp Virtual-Template1
!
vc-class atm pppoaRange
  vbr-nrt 50 50
  dbs enable	/* Enables dynamic bandwidth selection on VC class.*/
  encapsulation aal5mux ppp Virtual-Template1
!
interface FastEthernet0/0/0
 ip address 10.14.0.25 255.255.0.0
 no ip proxy-arp
 full-duplex
!
interface POS1/0/0
 no ip address
 crc 32
!
interface ATM3/0/0
 no ip address
 atm flag s1s0 0
 atm sonet stm-4
 no atm ilmi-keepalive
 pvc 0/16 ilmi
!
!
interface Serial4/0/0
 no ip address
!
interface GigabitEthernet5/0/0
 ip address 192.168.1.1 255.255.255.0
 negotiation auto
!
interface POS6/0/0
 no ip address
 crc 32
!
interface ATM8/0/0
	atm pppatm passive
	no ip address
 no atm pxf queuing
 atm sonet stm-4
 no atm ilmi-keepalive
!
interface ATM8/0/0.1 point-to-point
	atm pppatm passive
	pvc 10/100 
  vbr-nrt 40 40
  dbs enable	/* Enables dynamic bandwidth selection on PVC.*/
  encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM8/0/0.2 point-to-point
	atm pppatm passive
	pvc 22/222 
  class-vc pppoa
!
!
interface ATM8/0/0.3 point-to-point
	atm pppatm passive
	range pvc 33/333 33/344
  class-range pppoaRange
!
!
interface Virtual-Template1
 ip address negotiated
 peer default ip address pool pppoa-pool
 ppp authentication pap callin
 ppp direction callin
!
ip default-gateway 24.1.0.4
ip classless
ip route 10.10.0.0 255.255.0.0 10.14.0.200
no ip http server
ip pim bidir-enable
!
!
radius-server host 10.14.0.210 auth-port 1645 acct-port 1646
radius-server key cisco
radius-server authorization permit missing Service-Type
!

Configuration Example for Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth Selection

Example 17-8 shows how to enable a RADIUS domain service profile for dynamic bandwidth selection.

Example 17-8 Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth Selection

cisco.com   Password = "cisco", Service-Type = Outbound   							
	        cisco-avpair = "vpdn:tunnel-id=shiva",											
	        cisco-avpair = "vpdn:tunnel-type=l2tp",											
	        cisco-avpair = "vpdn:l2tp-tunnel-password=password2",											
                     cisco-avpair = "vpdn:ip-addresses=172.16.1.1",												
                     cisco-avpair = "atm:peak-cell-rate=155000",												
                     cisco-avpair = "atm:sustainable-cell-rate=155000"      

Configuration Example for Enabling a RADIUS User Profile for Dynamic Bandwidth Selection

Example 17-9 shows how to enable a RADIUS user profile for dynamic bandwidth selection.

Example 17-9 Enabling a RADIUS User Profile for Dynamic Bandwidth Selection

L2TP

user1@cisco.com   Password = "cisco", Service-Type = Outbound   												
		cisco-avpair = "vpdn:tunnel-id=shiva",											
		cisco-avpair = "vpdn:tunnel-type=l2tp",											
		cisco-avpair = "vpdn:l2tp-tunnel-password=password2",										
		cisco-avpair = "vpdn:ip-addresses=172.16.1.1",											
		cisco-avpair = "atm:peak-cell-rate=155000",											
		cisco-avpair = "atm:sustainable-cell-rate=155000" 

PPPoA or PPPoE

johndoe   		Password = "cisco"			
		Service-Type = Frame-User, 											
		Framed-Protocol = PPP,											
		cisco-avpair = "atm:peak-cell-rate=155000",											
		cisco-avpair = "atm:sustainable-cell-rate=155000"      

Verifying and Monitoring Dynamic Bandwidth Selection

To verify and monitor dynamic bandwidth selection, enter any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show atm pvc

Displays all ATM PVCs and traffic information.

Router# show atm pvc vpi/vci

Displays details about the ATM VCs or PVCs.

Router# show atm pvc dbs

Displays information about ATM PVCs that have dynamic bandwidth selection QoS parameters applied.

Router# show atm vc detailed

Displays detailed information about ATM PVCs.

Router# show interfaces virtual-access

Displays status, traffic data, and configuration information about virtual access interfaces (VAIs).

Router# show running-config

Displays the state of the dynamic bandwidth selection QoS parameters that have been applied.

Note If you use the dbs enable or no dbs enable command, the dynamic bandwidth selection QoS parameters appear in the output of the show running-config command. If you use the default dbs enable command, the parameters do not appear.

Router# debug atm events

Displays the normal set of ATM events when a session comes up or goes down.

Router# debug atm errors

Displays protocol errors and error statistics associated with VCs.

Router# debug atm status

Displays changes in the status of a VC when a session comes up or goes down, or when the VC configuration is changed.

Router# debug ppp authentication

Displays authentication protocol messages, including Challenge Authentication Protocol (CHAP) packet exchanges and Password Authentication Protocol (PAP) exchanges.

Router# debug ppp error

Displays protocol errors and error statistics associated with PPP connection negotiation and operation.

Router# debug ppp negotiation

Enables debugging of the PPP negotiation process.

Router# debug radius

Displays detailed debugging information associated with RADIUS.

Router# debug vpdn event

Displays L2TP errors and events that are a part of normal tunnel establishment or shutdown for VPDNs.

Router# debug vpdn 12x-errors

Displays L2TP protocol errors that prevent tunnel establishment or normal operation.

Router# debug vpdn 12x-events

Displays L2TP events that are part of tunnel establishment or shutdown.

Router# debug vpdn pppoe-errors

Displays PPPoE protocol errors that prevent a session from being established or errors that cause an established session to be closed.

Router# debug vpdn pppoe-events

Displays PPPoE protocol messages about events that are part of normal session establishment or shutdown.


Dynamically Changing VC Weight and Watermark Values

The DBS Extensions—VC Weight and Watermarks feature extends the capability of the Dynamic Bandwidth Selection (DBS) feature to enable you to dynamically change the existing VC weight and watermark values applied to a session without tearing down the VC and then recreating it. This eliminates the need to statically configure each subscriber's VC using the modular QoS command line interface (MQC). As a result, you can save configuration time, reduce the size and complexity of the router's configuration file, and reduce the time required for router initialization after planned or unplanned outages.

The VC weight value indicates the number of cells that a VC can send to the virtual path (VP) tunnel before the line card segmentation and reassembly (SAR) mechanism processes the next VC. A high weight value has a higher VC priority in the VP scheduler than a VC with a low weight value.

The high and low watermark values define the depth of the PVC interface queue on the line card. The SAR mechanism on ATM line cards creates a queue for every configured PVC. Each PVC queue has a high and low watermark that defines the number of cells a queue can hold.

DBS operates with authentication, authorization, and accounting (AAA) servers (such as RADIUS) to provide ATM VC parameters to the router. To dynamically retrieve VC weight and watermark parameters from RADIUS, the following Cisco attribute value (AV) pairs are defined on the RADIUS server:

cisco-avpair = "atm:vc-weight=<weight value>" 
 
   
cisco-avpair = "atm:vc-watermark-min=<minimum watermark value>"
 
   
cisco-avpair = "atm:vc-watermark-max=<maximum watermark value>"

Note Valid VC weight values are from 1 to 255. However, we recommend that you do not configure the value below 5.


For more information abut VC weight and watermarks, see Chapter 15 "Oversubscribing Physical and Virtual Links." The "How the Router Determines VC Weights" section and the "High Watermark and Low Watermark Default Values" section describe VC weights and watermarks.

To pull (download) dynamic VC weights and watermarks from a RADIUS server, you must enable dynamic bandwidth selection (DBS) on the VC using the dbs enable command. To remove dynamically modified VC parameters, enter the no dbs enable command. For more information, see the "Configuring Dynamic Bandwidth Selection" section.

After the router pulls VC weight and watermark parameters from the RADIUS server and successfully installs or updates the parameters on the VC, any changes to these VC parameters that you configure using the modular QoS command line interface (MQC) affect only the nvgen values and not the RADIUS-pulled values.

The VC weight and watermark parameters pulled from the RADIUS server have precedence over the VC parameters that you configure on the PVC using the MQC. As a result, the show atm vc detail command displays the dynamically modified VC weight and watermark values pulled from RADIUS; it does not display the nvgen values configured using CLI commands.

Feature History for Dynamic VC Weight and Watermarks

Cisco IOS Release
Description
Required PRE

Release 12.3(7)XI7

The DBS Extensions—VC Weight and Watermarks feature was introduced on the PRE2.

PRE2

Release 12.2(28)SB

This feature was integrated in Cisco IOS Release 12.2(28)SB.

PRE2


Configuration Commands for Dynamic VC Weight and Watermarks

The dbs enable command is used to configure dynamic VC weight and watermarks. For more information, see the "dbs enable Command" section.

The following RADIUS VSAs are used to configure dynamic VC weight and watermarks on the RADIUS server:

cisco-avpair = "atm:vc-weight=<weight value>" 
 
   
cisco-avpair = "atm:vc-watermark-min=<minimum watermark value>"
 
   
cisco-avpair = "atm:vc-watermark-max=<maximum watermark value>"

Note Valid VC weight values are from 1 to 255. However, we recommend that you do not configure the value below 5.


For more information, see the "Setting Up RADIUS for Dynamic VC Weights and Watermarks" section.

Default High and Low Watermark Values

The high and low watermark settings define the depth of the PVC interface queue on the line card. Table 15-3 lists the default high and low watermark values for ATM variable bit rate (VBR) VCs, based on the ATM VC rate.

Table 15-4 lists the default high and low watermark values for ATM unspecified bit rate (UBR) VCs, based on the ATM VC rate.

For more information about high and low watermarks, see the "Guidelines for Changing Watermark Values" section and the "Modifying the VC Weight and the VP Shaping Parameters" section.

High and Low Watermark Threshold Behavior

The behavior of the high and low watermark thresholds depends on the queuing mode configured, either atm pxf queuing or no atm pxf queuing mode. Chapter 15 "Oversubscribing Physical and Virtual Links" describes threshold behavior for each of these queuing modes. For more information, see the "High Watermark and Low Watermark Default Values" section.

Restrictions and Limitations for VC Weight and Watermarks

You must configure the AV pairs for both the high and low watermarks. Configuring only one of the AV pairs results in the watermark not being configured.

The router does not support RADIUS Pull for automatically provisioned VCs and virtual path (VP) tunnels.

Configuring Dynamic VC Weights and Watermarks

To configure dynamic VC weights and watermarks on a PVC, perform the following required configuration tasks:

Configuring the Router for Dynamic VC Weights and Watermarks

Setting Up RADIUS for Dynamic VC Weights and Watermarks

Configuring the Router for Dynamic VC Weights and Watermarks

To configure the router for dynamic VC weights and watermarks, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface atm slot/module/port.subinterface point-to-point

Specifies the ATM subinterface and enters subinterface configuration mode.

slot/module/port.subinterface is the number of the subinterface (for example, 1/0/0.1)

point-to-point indicates the subinterface is a point-to-point subinterface.

Step 2 

Router(config-subif)# pvc [name] vpi/vci

Specifies an ATM PVC and enters ATM VC configuration mode.

(Optional) name is the name of the PVC. The name can have up to 16 characters.

vpi/ is the ATM network virtual path identifier (VPI) for the PVC. Valid values are from 0 to 255. If you do not specify a vpi value, the vpi value defaults to 0. If the vci value is 0, you cannot set the vpi value to 0. The slash character is required.

vci is the ATM network virtual channel identifier (VCI) for the PVC. Valid values are from 1 to 65,535. Typically, the lower values 0 to 31 are reserved for specific traffic and you should not use these. If the vpi value is 0, you cannot set the vci value to 0.

Note The VCI is a 16-bit field in the header of the ATM cell and because the value has local significance only, it is unique only on a single link, not throughout the ATM network.

Step 3 

Router(config-if-atm-vc)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the PVC.

Configuration Example for Configuring the Router for Dynamic VC Weights and Watermarks

Example 17-14 shows how to configure the router for dynamic VC weights and watermarks. In the example, dynamic bandwidth selection is enabled on PVC 1/101 on the ATM subinterface 4/0/0.1.

Example 17-10 Configuring the Router for Dynamic VC Weights and Watermarks

Router(config)# interface atm 4/0/0.1
Router(config-subif)# pvc 1/101
Router(config-if-atm-vc)# dbs enable
Router(config-if-atm-vc)# encapsulation aal5mux ppp Virtual-Template 1

Setting Up RADIUS for Dynamic VC Weights and Watermarks

To set up RADIUS for dynamic VC weights and watermarks, enter the following Cisco AV pairs in the user profile on the RADIUS server:

cisco-avpair = "atm:vc-weight=<weight value>" 
 
   
cisco-avpair = "atm:vc-watermark-min=<minimum watermark value>"
 
   
cisco-avpair = "atm:vc-watermark-max=<maximum watermark value>"

Note You can configure the VC weight value from 1 to 255. However, we recommend that you do not configure the value below 5.


Example 17-11 shows how to configure the RADIUS server for dynamic VC weights and watermarks. In the example, the VC weight is set to 100.

Example 17-11 Setting Up RADIUS for Dynamic VC Weights and Watermarks

cisco-avpair = "vpdn:tunnel-id = slow",
cisco-avpair = "vpdn-tunnel-type = l2tp",
cisco-avpair = "vpdn:ip-addresses = 10.1.1.22",
cisco-avpair = "vpdn:nas-password = Tortoise",
cisco-avpair = "vpdn:gw-password = Hare",
cisco-avpair = "atm:sustainable-cell-rate = 512",
cisco-avpair = "atm:maximum-burst-rate = 0",
cisco-avpair = "atm:vc-weight = 100",
cisco-avpair = "atm:vc-watermark-min = n",
cisco-avpair = "atm:vc-watermark-max = n",
 
   

When the router requests the policy name, the information in the user file is "pulled." A RADIUS users file contains an entry for each user that the RADIUS server authenticates. Each entry, which is also referred to as a user profile, establishes an attribute the user can access.

When looking at a user file, the data to the left of the equal (=) character is an attribute defined in the dictionary file and the data to the right of the equal character is the configuration data.

Verifying Dynamic VC Weights and Watermarks

To verify dynamic VC weights and watermarks, enter any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show running-config

Displays the current configuration on the router. The output shows the VC weights and watermarks that you configure using the CLI commands. The dynamically modified VC weights and watermarks do not display.

Router# show atm vc detail

Displays weight and watermark information for all of the VCs configured.

Router# show atm vc [vcd | interface interface-number]

Displays traffic information about all ATM permanent virtual circuits (PVCs).

(Optional) vcd is a specific virtual circuit. When you specify a VC, information displays about only that VC.

(Optional) interface interface-number is an interface or subinterface number. When you specify an interface, information displays about all of the PVCs configured on the specified interface or subinterface.

Router# show atm pvc dbs

Displays all of the PVCs with dynamic bandwidth selection (DBS) enabled and that have QoS parameters applied using RADIUS.

Router# show atm pvc vpi/vci

Displays detailed information about an individual PVC.

vpi/ is the virtual path identifier. The slash is required.

vci is the virtual channel identifier.


Verification Example for Dynamic VC Weights and Watermarks

Example 17-12 shows sample output for the show atm vc command, which enables you to display information about a particular VC. As indicated in the example, the high watermark for VCD 2 is set to 240 and the low watermark is set to 224. The weight is set to 12.

Example 17-12 Sample Output for the show atm vc Command

Router# show atm vc 2 
ATM7/0/0: VCD: 2, VPI: 1, VCI: 100 
UBR, PeakRate: 599040 (1412831 cps) 
CDVT: 178.5 Usecs, High Watermark: 240, Low Watermark: 224 
AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0, Encapsize: 12 
Channel Weight: 12 
OAM frequency: 0 second(s) 
InARP frequency: 15 minutes(s) 
High Watermark: 240, Low Watermark: 224 
InPkts: 25, OutPkts: 26, InBytes: 626, OutBytes: 563 
InPRoc: 26, OutPRoc: 26, Broadcasts: 0 
InFast: 0, OutFast: 0 
InPktDrops: 0, OutPktDrops: 0 
Out CLP=1 Pkts: 0 
OAM cells received: 0 
OAM cells sent: 0 
Status: UP 
DBS enabled. 
PPPoA Current State = LCP_NEGOTIATION 
PPPoA Latest Event = PPP Msg 
PPPoA Latest Error = None 
PPPoA Session ID = 4 
PPPoA Handle = 0xA8000003, SSS Handle = 0x00000000 
Switch Handle = 0xF5000003, PPP Handle = 0x18000005 
AAA Unique ID = 0x00000005, AIE Handle = 0xBE000003
 
   

Example 17-13 shows sample output for the show atm pvc command, which enables you to display information about a particular PVC. As indicated in the example, the high watermark for PVC 1/100 is set to 56 and the low watermark is set to 48. The weight is set to 12.

Example 17-13 Sample Output for the show atm pvc Command

Router# show atm pvc 1/100 
ATM7/0/0: VCD: 2, VPI: 1, VCI: 100 
UBR, PeakRate: 599040 (1412831 cps) 
CDVT: 178.5 Usecs, High Watermark: 56, Low Watermark: 48 
AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0, Encapsize: 12 
Channel Weight: 12 
OAM frequency: 0 second(s), OAM retry frequency: 1 second(s) 
OAM up retry count: 3, OAM down retry count: 5 
OAM Loopback status: OAM Disabled 
OAM VC Status: Not Managed 
ILMI VC status: Not Managed 
InARP frequency: 15 minutes(s) 
High Watermark: 56, Low Watermark: 48 
InPkts: 355, OutPkts: 353, InBytes: 7001, OutBytes: 6648 
InPRoc: 93, OutPRoc: 357, Broadcasts: 0 
InFast: 268, OutFast: 0 
InPktDrops: 0, OutPktDrops: 0 
Out CLP=1 Pkts: 0 
OAM cells received: 0 
F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0 
F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0 
OAM cells sent: 0 
F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0 
F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0 
OAM cell drops: 0 
Status: UP 
DBS enabled. 
PPPoA Current State = LCP_NEGOTIATION 
PPPoA Latest Event = PPP Msg 
PPPoA Latest Error = None 
PPPoA Session ID = 14 
PPPoA Handle = 0x9300000D, SSS Handle = 0x00000000 
Switch Handle = 0x5400000D, PPP Handle = 0x4B00000F 
AAA Unique ID = 0x0000000F, AIE Handle = 0x3700000D 

Applying QoS Parameters Dynamically to Sessions

The Define Interface Policy-Map AV Pairs AAA feature provides two Cisco vendor-specific attributes (VSAs) that allow you to dynamically apply a policy map and modify a policy map applied to a session, without session reauthentication, at the ATM VC level using RADIUS.

The two new Cisco VSAs are set up in the user file on the RADIUS server. These two AV pairs are vc-qos-policy-in and vc-qos-policy-out, and are formatted as follows:

cisco-avpair = "atm:vc-qos-policy-in=<in policy name>"
 
   
cisco-avpair = "atm:vc-qos-policy-out=<out policy name>"
 
   

The Define Interface Policy-Map AV Pairs AAA feature allows the two new Cisco VSAs to be installed on an ATM VC after a PPPoA or PPPoEoA session establishment. Using RADIUS, this feature allows a policy map to be applied ("pulled") and then modified by specific events ("pushed" by the Policy Server) while that session remains active.

The push functionality of the feature allows you to modify an existing QoS profile (a policy map) applied to a session while that session remains active, thus allowing QoS policies to be applied as required without session re-authentication disruption. Specific events including time-of-day, byte count, and user request, can signal the policy server to push a policy map onto a specific VC.

In addition, two existing Cisco Generic RADIUS VSAs replace and deprecate two VSAs that do not correctly follow the Cisco VSA naming guidelines. Table 17-2 lists the replaced VSAs and the VSAs that replace them. The router supports the old attributes, but you should avoid using them and use the new VSAs instead.

Table 17-2 Replaced and Deprecated Cisco AV-Pairs

Replaced and Deprecated (Old) Cisco AV-Pairs
Replacement (New) Cisco AV-Pairs

cisco-avpair = "ip:sub-policy-In=<in policy name>"

cisco-avpair = "ip:sub-qos-policy-in=<in policy name>"

cisco-avpair = "ip:sub-policy-Out=<out policy name>"

cisco-avpair = "ip:sub-qos-policy-out=<out policy name>"


The Cisco VSA (attribute 26) communicates vendor-specific information between the network access server (NAS) and the RADIUS server. Attribute 26 encapsulates vendor specific attributes that allow vendors such as Cisco to support their own extended attributes.

In releases prior to Cisco IOS Release 12.3(7)XI2, you can configure a policy map only on a VC or ATM point-to-point subinterface by using the service-policy command. The service policy is applied to the sessions on these VCs using RADIUS or manually using a virtual template interface.

In Cisco IOS Release 12.3(7)XI2 and later releases, you can apply a service policy on the VC using RADIUS for a PPPoA or PPPoEoA session. However, configuring a service policy on the ATM subinterface still requires that you configure the service-policy command.

When you configure a service policy on the VC (or ATM point-to-point subinterface), the router applies the service policy to all sessions that use that VC. This allows the router to apply class-based weighted fair queuing (CBWFQ) to sessions. You can configure a service policy either on a VC or on a session, but not on both at the same time.


Note A policy map defines QoS actions and rules for the traffic classes that you define in class maps. In a policy map, you can define QoS actions for such things as policing and class-based weighted fair queuing (CBWFQ). When you attach a policy map to an interface, you must specify whether the policy is to be applied to inbound or outbound traffic. For more information, see Chapter 2 "Classifying Traffic," Chapter 3 "Configuring QoS Policy Actions and Rules," or Chapter 4 "Attaching Service Policies."


The Define Interface Policy-Map AV Pairs AAA feature supports all Cisco 10000 series line cards. For more information, see the Define Interface Policy-Map AV Pairs AAA feature module for Cisco IOS Release 12.2(28)SB.

Feature History for Define Interface Policy-Map AV Pairs AAA

Cisco IOS Release
Description
Required PRE

Release 12.3(7)XI2

The Define Interface Policy-Map AV Pairs AAA feature was introduced on the PRE2 and the "pull" functionality was implemented. This feature provides two RADIUS vendor-specific attributes (VSAs) that allow you to apply a policy map on an ATM VC during PPP over ATM (PPPoA) or PPP over Ethernet over ATM (PPPoEoA) session establishment.

PRE2

Release 12.2(28)SB

This feature was integrated in Cisco IOS Release 12.2(28)SB and the "push" functionality was implemented.

PRE2


Pulled Policy Maps

Pulled policy maps are QoS parameters that the router downloads from the RADIUS server to the ATM VC. If a policy map is already configured on the ATM VC, the policy map pulled from the RADIUS server has higher precedence. If you enter the show policy-map command, the output displays the policy map pulled from the RADIUS server.

For example, the following sample output from the show policy-map interface command shows that two service-policies (voice and outname) are attached to PVC 4/103.

Router# show policy-map interface atm 4/0/0.3
 ATM4/0/0.3: PVC 4/103 -
 
   
  Service-policy input: voice
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   
  Service-policy output: outname
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   

When the router establishes a PPP over Ethernet over ATM (PPPoEoA) session, the router downloads or pulls the policy maps set up on the RADIUS server to the VC. The following sample output from the show policy-map interface command shows that the RADIUS policy maps (test_vc and dyn_out) are now attached to PVC 4/103.

Router# show policy-map interface atm 4/0/0.3
 ATM4/0/0.3: PVC 4/103 -
 
   
  Service-policy input: test_vc
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   
  Service-policy output: dyn_out
 
   
    Class-map: class-default (match-any)
      5 packets, 370 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        5 packets, 370 bytes
        5 minute rate 0 bps
 
   

After a policy map is successfully pulled on the VC, any configuration changes you make using the [noservice-policy input/output <name> command do not affect the policy map used by the VC. Entering the show policy-map command displays the pulled policy map. Entering the show running-config command displays the current user configuration on the router.

To remove the dynamic policy that is pulled from the RADIUS server, use the no dbs enable command or clear the PPPoA or PPPoEoA session associated with the VC.

Prerequisites for Define Interface Policy-Map AV Pairs AAA

Authentication, authorization, and accounting (AAA) must be enabled and already set up to use RADIUS.

When dynamically configuring a service policy on the ATM subinterface, dynamic bandwidth selection (DBS) must be enabled on the VC using the dbs enable command. For more information about DBS, see the "Applying Traffic Shaping Parameters Using RADIUS Profiles" section.

Restrictions and Limitations for Define Interface Policy-Map AV Pairs AAA

You cannot simultaneously configure a service policy on a VC and on a session.

Configuring Dynamic QoS Policies at the Session Level

To configure dynamic QoS policies at the session level, perform the following configuration tasks:

Configuring the Router for Dynamic QoS Policies at the Session Level

Setting Up RADIUS for Dynamic QoS Policies at the Session Level

Prerequisites

Authentication, Authorization, and Accounting (AAA) must be enabled and already set up to use RADIUS.

PPP over Ethernet over ATM (PPPoEoA) or PPP over ATM (PPPoA) session is established.

Change of authorization functionality is enabled (required for the push functionality)

dbs enable command is configured on the VC.

Policy map is configured on the router.

Configuring the Router for Dynamic QoS Policies at the Session Level

To configure the router for dynamic QoS policies at the session level, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface atm slot/module/port.subinterface point-to-point

Specifies the ATM subinterface. Enters subinterface configuration mode.

Step 2 

Router(config-subif)# pvc [name] vpi/vci

Specifies an ATM PVC and enters ATM VC configuration mode.

(Optional) name is the name of the PVC. The name can have up to 16 characters.

vpi/ is the ATM network virtual path identifier (VPI) for the PVC. Valid values are from 0 to 255. If you do not specify a vpi value, the vpi value defaults to 0. If the vci value is 0, you cannot set the vpi value to 0. The slash character is required.

vci is the ATM network virtual channel identifier (VCI) for the PVC. Valid values are from 1 to 65535. Typically, the lower values 0 to 31 are reserved for specific traffic and you should not use these. If the vpi value is 0, you cannot set the vci value to 0.

Note The VCI is a 16-bit field in the header of the ATM cell and because the value has local significance only, it is unique only on a single link, not throughout the ATM network.

Step 3 

Router(config-if-atm-vc)# dbs enable

Enables dynamic bandwidth selection and allows the traffic shaping parameters retrieved from RADIUS to be applied to the PVC.

Step 4 

Router(config-if-atm-vc)# exit

Exits ATM VC configuration mode.

Step 5 

Router(config-subif)# exit

Exits subinterface configuration mode.

Step 6 

Router(config)# policy-map policy-map-name

Configures or modifies a policy map. Enters policy-map configuration mode.

policy-map-name is the name of the policy map.

Configuration Example for Configuring the Router for Dynamic QoS Policies at the Session Level

Example 17-14 shows how to configure the router for dynamic QoS policies at the session level. In the example, dynamic bandwidth selection is enabled on PVC 1/101 on the ATM subinterface 4/0/0.1.

Example 17-14 Configuring the Router for Dynamic QoS Policies at the Session Level

Router(config)# interface atm 4/0/0.1
Router(config-subif)# pvc 1/101
Router(config-if-atm-vc)# dbs enable
Router(config-if-atm-vc)# encapsulation aal5mux ppp Virtual-Template 1

Setting Up RADIUS for Dynamic QoS Policies at the Session Level

To set up RADIUS for dynamic QoS policies at the session level, enter the following Cisco AV pairs in the user profile on the RADIUS server:

atm:vc-qos-policy-in=<in policy name>
 
   
atm:vc-qos-policy-out=<out policy name>
 
   

Example 17-15 shows how to configure the Cisco AV pairs in the RADIUS user profile. In the example, the policy map named dyn_out is configured for outbound traffic and the policy map named test_vc is configured for inbound traffic.

Example 17-15 Setting Up RADIUS for Dynamic QoS Policies at the Session Level

Service-Type = Framed,
Framed-Protocol = PPP,
cisco-avpair = "atm:vc-qos-policy-out=dyn_out",
cisco-avpair = "atm:vc-qos-policy-in=test_vc"
 
   

When the router requests the policy name, the information in the user file is "pulled." A RADIUS users file contains an entry for each user that the RADIUS server authenticates. Each entry, which is also referred to as a user profile, establishes an attribute the user can access.

When looking at a user file, the data to the left of the equal (=) character is an attribute defined in the dictionary file, and the data to the right of the equal character is the configuration data.

Setting Up the AAA Server

To set up the local AAA server for dynamic authorization service, which must be enabled to support change of authorization (CoA) functionality that can push the policy map in an input and output direction, configure the aaa server radius dynamic-author command with the client and server-key subcommands.

aaa server radius dynamic-author
client {ip_addr | name} [vrf {vrfname}]
	[server-key {string}]
server-key [0 | 7] {string}
port {port-num}
auth-type {any | all | session-key}
ignore session-key
ignore server-key
 
   

Configure the server-key by using the client server-key string subcommand to configure at the "client" level, or use the server-key string subcommand to configure at the "global" level. Configuring at the client level overrides the global level.

For security purposes, we recommend configuring each client and using different server-keys for each client.

The port, auth-type, ignore session-key, and ignore server-key commands are optional.

The following example sets up the local AAA server:

aaa server radius dynamic-author
	client 192.168.0.5 vrf coa server-key cisco1
	client 192.168.1.5 vrf coa server-key cisco2

Configuration Examples for Dynamic QoS Policies at the Session Level

This section provides the following configuration examples:

Configuration Examples for Existing Service Policies and Pulled Policies

Configuration Examples for Pulled Policies and a Router Without Existing Policies

Configuration Examples for Existing Service Policies and Pulled Policies

In Example 17-16 the policy maps named voice and outname are already configured on the router. The sample output from the show policy-map command shows that the voice and outname policies are attached to PVC 4/103 on ATM subinterface 4/0/0.3. The show policy-map interface command displays statistical information about the policy maps.

Example 17-16 Displaying Existing Service Policies o the Router

Router# show policy-map
!
interface ATM4/0/0.3 multipoint
 no atm enable-ilmi-trap
 pvc 4/103
  service-policy input voice
  service-policy output outname
!
!
Router# show policy-map interface atm 4/0/0.3
 ATM4/0/0.3: PVC 4/103 -
 
   
  Service-policy input: voice
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   
  Service-policy output: outname
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   

Example 17-17 shows a sample configuration that includes the dbs enable command to enable dynamic QoS updates using RADIUS. When the router establishes a PPPoEoA session, the router downloads or pulls the service policy names test_vc and dyn_out from the RADIUS server to the VC. The policy maps downloaded from the RADIUS server have higher precedence than the policy maps (voice and outname) configured directly on the PVC. The sample output from the show policy-map interface command indicates that the RADIUS policies have been downloaded.

Example 17-17 Pulling QoS Parameters from RADIUS to Existing Policies

Router# show policy-map
!
interface ATM4/0/0.3 multipoint
 no atm enable-ilmi-trap
 pvc 4/103
  dbs enable
  encapsulation aal5autoppp Virtual-Template1
  service-policy input voice
  service-policy output outname
 !
end
 
   
Router# show policy-map interface atm 4/0/0.3
 ATM4/0/0.3: PVC 4/103 -
 
   
  Service-policy input: test_vc
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
 
   
  Service-policy output: dyn_out
 
   
    Class-map: class-default (match-any)
      5 packets, 370 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        5 packets, 370 bytes
        5 minute rate 0 bps
 
   
Router# show pppoe session 
 
   
PPPoE Session Information
Unique ID  PPPoE  RemMAC          Port 	VT  VA         State
           SID  LocMAC 	VA-st
      2      2  0010.1436.bc70  ATM4/0.3	1  Vi3.1      PTA
                0010.1436.b070  VC:4/103                  UP

Configuration Examples for Pulled Policies and a Router Without Existing Policies

Example 17-18 shows sample output from the show policy-map interface command after a service policy has been downloaded from RADIUS. In this example, the service policy named voice is configured on the RADIUS server. The voice policy map is not configured on the router. The router, however, is configured for Point-to-Point Protocol over ATM (PPPoA) and authentication, authorization, and accounting (AAA). When a PPPoA session is established, the router pulls the service policy name (voice) from the RADIUS server. However, as shown in the sample output from the show running-config interface command, the currently running configuration displays, but information about the pulled service policy does not display.

Example 17-18 Pulling QoS Parameters from RADIUS to a Router Without Existing Policies

Router# show policy-map interface atm 4/0.1
ATM4/0: VC 1/101 -
 
   
 Service-policy input: voice
 
   
   Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
!
Router# show running-config interface atm 4/0.1
!
Building configuration...
 
   
Current configuration : 107 bytes
!
interface ATM 4/0.1
    pvc 1/101
         dbs enable
         encapsulation aal5mux ppp Virtual-Template 1
!

Verifying Dynamic QoS Policies at the Session Level

To verify dynamic QoS policies at the session level, enter any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show policy-map [interface interface]

Displays information about the policy map attached to the interface you specify. If you do not specify an interface, it displays information about all of the policy maps configured on the router.

interface interface is the interface type and number (for example, atm 4/0/0).

Router# show running-config

Displays the running configuration on the router. The output shows the AAA setup and the configuration of the policy map, ATM VC, PPPoA, dynamic bandwidth selection, virtual template, and RADIUS server.


Verification Examples for Dynamic QoS Policies at the Session Level

Example 17-19 shows sample output for the show policy-map interface command on the router. In the example, the policy map named voice is attached to PVC 1/101 on the ATM interface 4/0/0.

Example 17-19 Verifying Dynamic Policies Using the show policy-map interface Command

Router# show policy-map interface atm 4/0/0
ATM4/0/0: PVC 1/101 -
 
   
 Service-policy input: voice
 
   
   Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
 
   

Example 17-20 shows sample output for the show running-config command on the router. This command displays the router's running-configuration file and displays the following types of information:

AAA set up

Policy map

ATM VC

PPPoA

DBS enabled

Virtual template

RADIUS server

Example 17-20 Verifying Dynamic Policies on the Router Using the show running-config Command

Router# show running-config
aaa new-model
!
aaa user profile TEST
!
aaa authentication ppp default group radius
aaa authorization network default group radius 
!
aaa session-id common
ip subnet-zero
!
policy-map voice
class Class-Default
fair-queue
!
interface ATM4/0.1 point-to-point
 pvc 1/101 
  dbs enable
  encapsulation aal5mux ppp Virtual-Template1
!
interface Virtual-Template1
 ip address negotiated
 peer default ip address pool POOL1
 ppp authentication chap
!
radius-server host 172.16.197.225 auth-port 1890 acct-port 1891
radius-server timeout 15
radius-server key 7 060506324F41
radius-server vsa send accounting
radius-server vsa send authentication
!
 
   

Example 17-21 displays the PPPoA client configuration.

Example 17-21 Displaying the PPPoA Client Configuration Using the show running-config Command

Router# show running-config
!
interface ATM4/0.1 point-to-point
 pvc 1/101 
  encapsulation aal5mux ppp Virtual-Template1
!
interface Virtual-Template1
 ip address negotiated
 peer default ip address pool POOL1
 ppp chap hostname userid
 ppp chap password 7 030752180500
!

Shaping PPPoE Over VLAN Sessions Using RADIUS

Per Session Queuing and Shaping for PPP over Ethernet (PPPoE) over Virtual LANs (VLANs) Using RADIUS enables you to shape PPPoE over VLAN sessions to a user specified rate. The router shapes the sum of all of the traffic to the PPPoE session so that the subscriber's connection to the DSLAM does not become congested. Queuing-related functionality provides different levels of service to the various applications that execute over the PPPoE session.

A nested, two-level hierarchical service policy is used to configure session shaping directly on the router using the modular quality of service command-line interface (MQC). The RADIUS server applies the service policy to a particular PPPoE session by downloading a RADIUS attribute to the router. This attribute specifies the policy map name to apply to the session. RADIUS notifies the router to apply the specified policy to the session. Because the service policy contains queuing-related actions, the router sets up the appropriate class queues and creates a separate versatile management system (VTMS) link dedicated to the PPPoE session.

When configuring queuing and shaping for PPPoE over VLAN sessions, the child policy of a nested hierarchical service policy defines QoS actions using any of the following QoS commands:

priority command—Assigns priority to a traffic class and gives preferential treatment to the class. (See Chapter 8 "Prioritizing Services.")

bandwidth command—Enables class-based fair queuing and creates multiple class queues based on bandwidth. (See Chapter 5 "Distributing Bandwidth Between Queues.")

queue-limit command—Specifies the maximum number of packets that a particular class queue can hold. (See Chapter 11 "Managing Packet Queue Congestion.")

police command—Regulates traffic based on bits per second (bps), using the committed information rate (CIR) and the peak information rate, or on the basis of a percentage of bandwidth available on an interface. (See Chapter 6 "Policing Traffic.")

random-detect command—Drops packets based on a specified value to control congestion before a queue reaches its queue limit. The drop policy is based on IP precedence, differentiated services code point (DSCP), or discard-class. (See Chapter 11 "Managing Packet Queue Congestion.")

set ip precedence command—Marks a packet with the IP precedence level you specify. (See Chapter 7 "Marking Traffic.")

set dscp command—Marks a packet with the differentiated services code point (DSCP) you specify. (See Chapter 7 "Marking Traffic.")

set cos command—Sets the IEEE 802.1Q class of service bits in the user priority field. (See Chapter 7 "Marking Traffic.")

The parent policy contains only the class-default class with the shape command configured. This command shapes traffic to the specified bit rate, according to a specific algorithm. (See Chapter 9 "Shaping Traffic.") For more information about nested hierarchical policies, see the "Nested Hierarchical Policies" section.

The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the modular QoS CLI (MQC). The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:

User Profile—The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.

Service Profile—The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.

The following AV-pairs define the QoS policy to be applied dynamically to the session:

"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
 
   
"ip:sub-qos-policy-out=<name of egress policy>"
 
   

After receiving a service-logon request from the policy server, RADIUS sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.


Note Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.


Feature History for Per Session Queuing and Shaping for PPPoE Over VLANs

Cisco IOS Release
Description
Required PRE

Release 12.3(7)XI7

The Per Session Queuing and Shaping for PPPoE over VLAN (PPPoEoVLAN) Support Using RADIUS feature was introduced on the PRE2 to enable dynamic queuing and shaping policies on PPPoEoVLAN sessions.

PRE2

Release 12.2(31)SB5

This feature was implemented on the PRE2.

PRE2


Per Session Shaping Inheritance

Each PPPoE over VLAN session for which per session queuing and shaping is configured has its own set of queues and its own VTMS link. Therefore, these PPPoE sessions do not inherit policies unless you remove the service policy applied to the session or you do not configure a policy for the session.

Interfaces Supporting Per Session Queuing and Shaping for PPPoE Over VLANs

The router supports per session queuing and shaping on PPPoE terminated sessions and on an IEEE 802.1Q VLAN tagged subinterfaces for outbound traffic only.

The router does not support per session queuing and shaping for PPPoE over VLAN sessions using RADIUS on inbound interfaces.

Restrictions and Limitations for Per Session Queuing and Shaping for PPPoE Over VLANs

The router does not support per session queuing and shaping for Layer 2 Access Concentrator (LAC) sessions.

The QoS-related statistics available using the show policy-map interface command are not available using RADIUS.

The router does not support using a virtual template interface to apply a service policy to a session.

You can only apply per session queuing and shaping policies as output service policies. The router supports input service policies on sessions for other existing features, but not for per session queuing and shaping for PPPoE over VLAN using RADIUS. For more information, see Chapter 18 "Regulating and Shaping Subscriber Traffic."

During periods of congestion, the router does not provide specific scheduling between the various PPPoE sessions. If the entire port becomes congested, the scheduling that results has the following effects:

The amount of bandwidth that each session receives of the entire port's capacity is not typically proportionally fair share.

The contribution of each class queue to the session's total bandwidth might not degrade proportionally.

The PRE2 does not support ATM overhead accounting for egress packets with Ethernet encapsulations. Therefore, the router does not consider ATM overhead calculations when determining that the shaping rate conforms to contracted subscriber rates.

The router does not support the configuration of the policy map using RADIUS. You must use the modular QoS command line interface (MQC) to configure the policy map on the router.

Configuring Per Session Queuing and Shaping for PPPoE Over VLANs Using RADIUS

To configure per session queuing and shaping, perform the following required configuration tasks:

Configuring a Per Session Queuing and Shaping Policy on the Router

Setting Up RADIUS for Per Session Queuing and Shaping

Configuring a Per Session Queuing and Shaping Policy on the Router

To configure a per session queuing and shaping policy on the router for PPPoE over VLAN sessions using RADIUS, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies the bottom-level child policy.

policy-map-name is the name of the child policy map. The name can be a maximum of 40 alphanumeric characters.

Step 2 

Router(config-pmap)# class class-map-name

Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.

class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.

Note Repeat Steps 2 and 3 for each traffic class you want to include in the policy map.

Step 3 

Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

Enables class-based fair queuing.

bandwidth-kbps specifies or modifies the minimum bandwidth allocated for a class belonging to a policy map. Valid values are from 8 to 2,488,320, which represents from 1 to 99 percent of the link bandwidth.

percent percentage specifies or modifies the minimum percentage of the link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

remaining percent percentage specifies or modifies the minimum percentage of unused link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

account enables ATM overhead accounting. For more information, see Chapter 10 "Overhead Accounting."

qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.

Step 3 
(cont.)

Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

subscriber-encapsulation specifies the encapsulation type at the subscriber line.

user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

Note The router configures the offset size if you do not specify the offset option.

atm applies ATM cell tax in the ATM overhead calculation.

Note Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax.

Step 4 

Router(config-pmap-c)# exit

Exits policy-map class configuration mode.

Step 5 

Router(config-pmap)# policy-map policy-map-name

Creates or modifies the parent policy.

policy-map-name is the name of the parent policy map. The name can be a maximum of 40 alphanumeric characters.

Step 6 

Router(config-pmap)# class class-default

Configures or modifies the parent class-default class.

Note You can configure only the class-default class in a parent policy. Do not configure any other traffic class.

Step 7 

Router(config-pmap-c)# shape rate account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

Shapes traffic to the indicated bit rate and enables ATM overhead accounting.

rate is the bit-rate used to shape the traffic, expressed in kilobits per second.

account enables ATM overhead accounting. For more information, see Chapter 10 "Overhead Accounting."

qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.

aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

subscriber-encapsulation specifies the encapsulation type at the subscriber line.

user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

Note The router configures the offset size if you do not specify the user-defined offset option.

atm applies ATM cell tax in the ATM overhead calculation.

Note Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax.

Step 8 

Router(config-pmap-c)# service-policy policy-map-name

Applies a bottom-level child policy to the top-level parent class-default class.

policy-map-name is the name of the previously configured child policy map.

Configuration Example for Configuring a Per Session Queuing and Shaping Policy on the Router

Example 17-22 shows how to configure a per session queuing and shaping policy on the router for PPPoE over VLAN sessions using RADIUS. The example creates two traffic classes: Voice and Video. The router classifies traffic that matches IP precedence 5 as Voice traffic and traffic that matches IP precedence 3 as Video traffic. The Child policy map gives priority to Voice traffic and polices traffic at 2400 kbps. The Video class is allocated 80 percent of the remaining bandwidth and has ATM overhead accounting enabled. The Child policy is applied to the class-default class of the Parent policy map, which receives 20 percent of the remaining bandwidth and shapes traffic to 10000 bps, and enables ATM overhead accounting.

Example 17-22 Configuring a Per Session Queuing and Shaping Policy on the Router

Router(config)# class-map Voice
Router(config-cmap)# match ip precedence 5
Router(config-cmap)# class-map Video
Router(config-cmap)# match ip precedence 3
!
Router(config)# policy-map Child
Router(config-pmap)# class Voice
Router(config-pmap-c)# priority
Router(config-pmap-c)# police 2400 9216 0 conform-action transmit exceed-action drop 
violate-action drop
Router(config-pmap-c)# class video
Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-dot1q-rbe
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 10000 account dot1q snap-dot1q-rbe
Router(config-pmap-c)# service-policy Child

Setting Up RADIUS for Per Session Queuing and Shaping

The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the modular QoS CLI (MQC). The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:

User Profile—The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.

Service Profile—The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.

The following AV-pairs define the QoS policy to be applied dynamically to the session:

"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
 
   
"ip:sub-qos-policy-out=<name of egress policy>"
 
   

After receiving a service-logon request from the policy server, RADIUS sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.


Note Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.


Setting Up RADIUS Using VSA 38

The RADIUS vendor specific attribute (VSA) 38 is used for downstream traffic going toward a subscriber. The service (policy map name) to which the user session belongs resides on the RADIUS server. The router downloads the name of the policy map from RADIUS using VSA 38 in the user profile and then applies the policy to the session.

To set up RADIUS for per session queuing and shaping for PPPoE over VLAN support, enter the following vendor specific attribute (VSA) in the user profile on the RADIUS server:

Cisco:Cisco-Policy-Down = <service policy name>
 
   

The actual configuration of the policy map occurs on the router. The user profile on the RADIUS service contains an entry that identifies the policy map name applicable to the user. This policy map name is the service RADIUS downloads to the router using VSA 38.


Note Although the router also supports RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the attributes described in the "Setting Up RADIUS for Per Session Queuing and Shaping" section for QoS policy definitions.


Configuration Example for Setting Up RADIUS for Per Session Queuing and Shaping

Example 17-23 and Example 17-24 are example configurations for the Merit RADIUS server and the associated Layer 2 network server (LNS). In the example, the Cisco-Policy-Down attribute indicates the name of the policy map to be downloaded, which in this example is rad_output_policy. The RADIUS dictionary file includes an entry for Cisco VSA 38.

Example 17-23 VSA 38 for Per Session Queuing and Shaping

abc@hello1.com Password = "cisco123"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Cisco:Cisco-Policy-Down = rad_output_policy

Example 17-24 Merit RADIUS Dictionary File

Cisco.attr Cisco-Policy-Up 37 string (*, *)

Cisco.attr Cisco-Policy-Down 38 string (*, *)

Verifying Per Session Queuing and Shaping Policies

To display the configuration of per session queuing and shaping policies for PPPoE over VLAN, enter any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show policy-map interface interface

Displays information about the policy map attached to the interface you specify. If you do not specify an interface, it displays information about all of the policy maps configured on the router.

interface specifies the virtual-access interface and number the router created for the session (for example, virtual-access 1).

Router# show policy-map session uid uid-number

Displays the session QoS counters for the subscriber session you specify.

uid uid-number defines a unique session ID. Valid values for uid-number are from 1 to 65535.

Router# show running-config

Displays the running configuration on the router. The output shows the AAA setup and the configuration of the policy map, ATM VC, PPPoA, dynamic bandwidth selection, virtual template, and RADIUS server.


Verification Examples for Per Session Queuing and Shaping Policies

Example 17-25 shows sample output for the show policy-map interface command. In the example, overhead accounting is enabled for both shaping and bandwidth.

Example 17-25 Sample Output for the show policy-map interface Command

Router# show policy-map interface virtual-access 1
!
!
Service-policy output: TEST
 
   
Class-map: class-default (match-any)
100 packets, 1000 bytes
30 second offered rate 800 bps, drop rate 0 bps
Match: any
shape (average) cir 154400, bc 7720, be 7720
target shape rate 154400
overhead accounting: enabled
bandwidth 30% (463 kbps)
overhead accounting: disabled
 
   
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 100/1000 

Example 17-26 shows sample output for the show policy-map session command and show policy-map session uid command, based on a nested hierarchical policy.

Example 17-26 Sample Output of a Hierarchical Policy

Router# show subscriber session
Current Subscriber Information: Total sessions 1
 
   
Uniq ID Interface  State         Service      Identifier           Up-time
 
   
36      Vi2.1      authen        Local Term   peapen@cisco.com     00:01:36
 
   
Router# show policy-map parent
 
   
  Policy Map parent
    Class class-default
      Average Rate Traffic Shaping
      cir 10000000 (bps)
      service-policy child
Router# show policy-map child 
 
   
  Policy Map child
    Class voice
      priority
      police 8000 9216 0 
       conform-action transmit
       exceed-action drop
       violate-action drop
    Class video
      bandwidth remaining 80 (%)
Router# show policy-map session uid 36
 SSS session identifier 36 -
 SSS session identifier 36 -
 
   
  Service-policy output: parent
 
   
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any 
        0 packets, 0 bytes
        30 second rate 0 bps
      Queueing
      queue limit 250 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 0/0
      shape (average) cir 10000000, bc 40000, be 40000
      target shape rate 10000000
 
   
      Service-policy : child
 
   
        queue stats for all priority classes:
          Queueing
          queue limit 16 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
 
   
        Class-map: voice (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: ip precedence 5 
          Priority: Strict, burst bytes 1500, b/w exceed drops: 0
          
          Police:
            8000 bps, 9216 limit, 0 extended limit
            conformed 0 packets, 0 bytes; action: 
            transmit
            exceeded 0 packets, 0 bytes; action: 
            drop
            violated 0 packets, 0 bytes; action: 
            drop
 
   
        Class-map: video (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: ip precedence 3 
          Queueing
          queue limit 250 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          bandwidth remaining 80% (7993 kbps)
 
   
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any 
            0 packets, 0 bytes
            30 second rate 0 bps
 
   
          queue limit 250 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 2/136

Shaping and Queuing Per-Session Traffic on LNS

The Per Session Shaping and Queuing on LNS feature provides the ability to shape (for example, transmit or drop) or queue (for transmission later) the traffic from an Internet service provider (ISP) to an ISP subscriber over a Layer 2 Tunneling Protocol (L2TP) Network Server (LNS). The outgoing traffic is shaped or queued on a per-session basis.

Shaping and queueing traffic on a per-session basis:

Helps to avoid traffic congestion and allows the ISP to adhere to the Service Level Agreement (SLA) established for managing traffic.

Provides a high degree of granularity for managing traffic on the network. Figure 17-2 is a sample topology for per-session shaping and queuing on an LNS.

Figure 17-2 Per-Session Shaping and Queuing Topology—PPP Sessions Forwarded

In this simplified topology example:

1. Downstream traffic is forwarded from the ISP (the source) to an ISP subscriber (the destination) during a PPP session.

2. From an LNS at the ISP, the traffic is transmitted over an L2TP tunnel to an L2TP Access Concentrator (LAC) and then to the subscriber.

3. A user-defined offset size shapes and queues the per session traffic on an LNS. This offset applies overhead bytes to outgoing traffic and the router uses the offset when calculating ATM overhead.

4. To specify the overhead offset in child and parent policies, use the bandwidth and shape commands. The offset values and encapsulation types must match in the child and parent policies.

Feature History for Per Session Shaping and Queuing on LNS

Cisco IOS Release
Description
Required PRE

Release 12.2(31)SB6

The Per Session Shaping and Queuing on LNS feature was introduced on the Cisco 10000 series router.

PRE3


Prerequisites for Per Session Shaping and Queuing on LNS

Verify that the PPPoE (or PPPoA) sessions are enabled.

Verify that L2TP resequencing is disabled.

This feature uses policy maps in which queuing mechanisms (such as class-based weighted fair queuing [CBWFQ]) are configured.

Restrictions and Limitations for Per Session Shaping and Queuing on LNS

Cisco IOS Release 12.2(31)SB8 does not support load balancing when per session shaping and queuing is configured. However, this release does support load balancing if no output QoS is applied to the session. Cisco IOS Release 12.2(31)SB6 does not support load balancing at all on the LNS.

Cisco IOS Release 12.2(31)SB10 supports load balancing for all QoS configurations, except those containing a queuing action that is applied to a session. For example, the router does not support load balancing for a session if the policy map applied to the session contains the shape, bandwidth, or priority command.

This feature does not support L2TP sequencing.

This feature only applies when the LAC and LNS are connected by Ethernet.

Configuring Per Session Shaping and Queuing on LNS

To configure per session shaping and queuing over a L2TP LNS, perform the following configuration task:

Configuring a Per Session Shaping and Queuing on LNS Policy

Configuring a Per Session Shaping and Queuing on LNS Policy

To configure a per session shaping and queuing on LNS policy, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies the bottom-level child policy.

policy-map-name is the name of the child policy map. The name can be a maximum of 40 alphanumeric characters.

Step 2 

Router(config-pmap)# class class-map-name

Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.

class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.

Step 3 

Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

Enables class-based fair queuing.

bandwidth-kbps specifies or modifies the minimum bandwidth allocated for a class belonging to a policy map. Valid values are from 8 to 2,488,320, which represents from 1 to 99 percent of the link bandwidth.

percent percentage specifies or modifies the minimum percentage of the link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

remaining percent percentage specifies or modifies the minimum percentage of unused link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

account enables ATM overhead accounting. For more information, see Chapter 10 "Overhead Accounting."

qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.

aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

subscriber-encapsulation specifies the encapsulation type at the subscriber line.

user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

Note The router configures the offset size if you do not specify the offset option.

atm applies ATM cell tax in the ATM overhead calculation.

Note Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax.

Step 4 

Router(config-pmap-c)# exit

Exits policy-map class configuration mode.

Step 5 

Router(config-pmap)# policy-map policy-map-name

Creates or modifies the parent policy.

policy-map-name is the name of the parent policy map. The name can be a maximum of 40 alphanumeric characters.

Step 6 

Router(config-pmap)# class class-default

Configures or modifies the parent class-default class.

Note You can configure only the class-default class in a parent policy. Do not configure any other traffic class.

Step 7 

Router(config-pmap-c)# shape rate account {{{qinq | dot1q} {aal5 | aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

Shapes traffic to the indicated bit rate and enables ATM overhead accounting.

rate is the bit-rate used to shape the traffic, expressed in kilobits per second.

account enables ATM overhead accounting. For more information, see Chapter 10 "Overhead Accounting."

qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.

aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

subscriber-encapsulation specifies the encapsulation type at the subscriber line.

user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

Note The router configures the offset size if you do not specify the user-defined offset option.

atm applies ATM cell tax in the ATM overhead calculation.

Note Configuring both the offset and atm options adjusts the packet size to the offset size and then adds ATM cell tax.

Step 8 

Router(config-pmap-c)# service-policy policy-map-name

Applies a bottom-level child policy to the top-level parent class-default class.

policy-map-name is the name of the previously configured child policy map.

Step 9 

Router(config-pmap-c)# exit

Exits policy-map class configuration mode.

Step 10 

Router(config)# interface virtual-template number

(Optional) Creates a virtual template interface and enters interface configuration mode.

number identifies the virtual template.

Step 11 

Router(config-if)# service-policy policy-map-name

(Optional) Attaches the parent policy to the virtual template interface.

policy-map-name is the name of the previously configured parent policy map.

Configuration Example for Configuring a Per Session Shaping and Queuing on LNS Policy

Example 17-27 shows how to configure a per session shaping and queuing on LNS policy. In this example, the router uses 20 overhead bytes and ATM cell tax in calculating ATM overhead. The child and parent policies contain the required matching offset values. The parent policy is attached to virtual template 1.

Example 17-27 Configuring Per Session Shaping and Queuing on LNS Policy on the Router

policy-map child
class class1
bandwidth 500 account user-defined 20 atm
class class2 
shape average 30000 account user-defined 20 atm
policy-map parent
    class class-default
        shape average 30000 account user-defined 20 atm
        service-policy child
interface virtual-template 1
        service-policy output parent

Verifying Per Session Shaping and Queuing on LNS Policies

To display the configuration of per session shaping and queuing on LNS policies, enter the following commands in privileged EXEC mode:

Command
Purpose

Router# show policy-map [policy-map]

Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps.

policy-map specifies the name of the policy map.

Router# show running-config

Displays the running configuration on the router. The output shows the configuration of the policy maps.


Verification Examples for Per Session Shaping and Queuing on LNS Policies

Example 17-28 shows sample output for the show policy-map command. In the example, the router uses 20 overhead bytes in calculating ATM overhead.

Example 17-28 Sample Output—show policy-map Command

Router# show policy-map child 
 
   
Policy Map child 
Class Class1
Average Rate Traffic Shaping
cir 20% account user-defined 20
 
   

Example 17-29 shows sample output for the show running-config command. In the example, the output modifier starts the display at the Parent policy map line.

Example 17-29 Sample Output—show running-config Command

Router# show running-config | begin Parent 
 
   
Policy Map Parent
class class1 
shape average percent 20 account user-defined 20 atm 
policy-map child 
class class2 
shape average percent 20 account user-defined 20 atm
!

Queuing PPP Sessions on ATM VCs

PPP Session Queuing on ATM Virtual Circuits (VCs) enables you to shape and queue PPP over ATM (PPPoA) and PPP over Ethernet over ATM (PPPoEoA) sessions to a user specified rate. Multiple sessions can exist on any ATM VC and have QoS policies applied, or some of the sessions might have QoS policies while others do not. The router shapes the sum of all PPPoA or PPPoEoA traffic on a VC so that the subscriber's connection to the DSLAM does not become congested. Queuing-related functionality provides different levels of service to the various applications that execute over the PPPoA or PPPoEoA session.

A nested, 2-level hierarchical service policy is used to configure session shaping directly on the router using the modular quality of service command-line interface (MQC):

Child policy [of the hierarchical service policy]—Defines QoS actions using QoS commands such as the priority, bandwidth, and police commands.

Parent policy—Contains only the class-default class with the shape or bandwidth remaining ratio command configured, or with both commands configured:

shape command—Shapes the session traffic to the specified bit rate, according to a specific algorithm.

bandwidth remaining ratio command—Specifies a ratio value that the router uses to determine how much unused bandwidth to allocate to the session during congestion.

For more information about nested hierarchical policies, see the "Nested Hierarchical Policies" section.


Note The PPP Session Queuing on ATM VCs feature applies to both PPP terminated aggregation (PTA) and L2TP access concentrator (LAC) configurations.


Figure 17-3 illustrates PPP session queuing on ATM VCs.

Figure 17-3 PPP Session Queuing on ATM VCs

Feature History for PPP Session Queuing on ATM VCs

Cisco IOS Release
Description
Required PRE

Release 12.2(31)SB6

The PPP Session Queuing on ATM VCs feature was introduced on the Cisco 10000 series router and implemented on the PRE3.

PRE3


Dynamically Applying QoS Policies to PPP Sessions on ATM VCs

The router allows you to dynamically apply QoS policy maps to PPPoA and PPPoEoA sessions using RADIUS. Although the actual configuration of the QoS policies occurs on the router, you can configure the following attribute-value (AV) pairs on RADIUS to specify the name of the policy map to dynamically apply to the session:

"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
 
   
"ip:sub-qos-policy-out=<name of egress policy>"
 
   

You define the AV-pairs in one of the following RADIUS profiles:

User Profile—The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.

Service Profile—The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.

After receiving a service-logon request from the policy server, RADIUS sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the ip:sub-qos-policy-in[out]= AV-pair and applies the QoS policy to the PPPoA or PPPoEoA session. Because the service policy contains queuing-related actions, the router sets up the appropriate class queues.


Note Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the ip:sub-qos-policy-in[out]= AV-pairs for QoS policy definitions.


PPP Session Queuing Inheritance

Sessions either inherit queues from their parent interface or they have their own queues. Each PPPoA or PPPoEoA session for which session queuing is configured has its own set of queues.

Table 17-3 describes the queues to which the router directs session traffic.

Table 17-3 Queue Inheritance

Queuing Policy
Queue Used for Session Traffic

No policy

VC default queue

Applied to the VC

VC queues

Applied to the session

Session queues


Interfaces Supporting PPP Session Queuing

The router supports PPP session queuing on shaped ATM virtual circuits (VCs) for outbound traffic only.

The router does not support PPP session queuing on inbound ATM interfaces.

Mixed Configurations and Queuing

A mixed configuration is one in which all sessions do not have QoS applied to them. On some VCs, the queuing policy is applied at the VC level, while on other VCs the queuing policies are applied on the sessions. Some sessions have no policy applied at all. As a result, the router uses the hierarchical queuing framework (HQF) to direct traffic in the following ways:

If no queuing policy is applied at the VC or session level, the router sends all traffic on the VC to the default queue, including traffic from sessions on the VC that have a policing-only policy applied or no policy applied.

If a queuing policy is applied at the VC level, but not at the session level, the router sends traffic to the queues associated with the queuing policy on the VC.

If queuing policies are applied to some sessions on a VC but not to other sessions, the router sends the traffic with a policing-only policy or with no policy applied to the VC's default queue. The router sends traffic with queuing policies to the queues associated with the queuing policy applied to the session.

Bandwidth Sharing and ATM Port Oversubscription

An ATM port can operate in reserved bandwidth mode or shared bandwidth mode.

When a port is not oversubscribed (the sum of the bandwidths of all VCs on the port is less than the port bandwidth), the port operates in reserved bandwidth mode—a specific amount of bandwidth is reserved for each VC on the port. If a VC does not use all of its allocated bandwidth, the unused bandwidth is not shared among the VCs on the port.

When the ATM port is oversubscribed (the sum of the bandwidths of all VCs on the port is greater than the port bandwidth), the port operates in shared bandwidth mode. In this mode, any unused bandwidth is available for re-use by the other VCs on the port, up to the VC's respective shape rate—traffic on a VC cannot exceed the shape rate of that VC.

Oversubscription at the Session Level

Oversubscription at the session level occurs after session traffic shaping and when the aggregate session traffic exceeds the subinterface shape rate. After all priority traffic is accounted, the router distributes the remaining bandwidth on the VC to the sessions according to the value specified in the bandwidth remaining ratio command configured in the parent policy of the policy applied to the sessions. If the bandwidth remaining ratio command is not specified in the parent policy, the router uses a default ratio of 1.

Prerequisites for PPP Session Queuing on ATM VCs

PPPoA or PPPoEoA sessions must be enabled.

Create traffic classes using the class-map command and specify the match criteria used to classify traffic.

For dynamic PPPoA or PPPoEoA session queuing using RADIUS, you must:

Enable authentication, authorization, and accounting (AAA) on the router

Configure the RADIUS server for dynamic QoS

Create the subscriber's user profile on the RADIUS server

Restrictions and Limitations for PPP Session Queuing on ATM VCs

You cannot configure PPP session queuing on unshaped VCs—VCs without a specified peak cell rate (PCR) or sustained cell rate (SCR).

Although you can configure oversubscription at the VC level, the router does not guarantee priority queuing (PQ) and fair treatment among VCs during congestion.

VCs with session queuing polices cannot be part of a shaped virtual path (VP).

PPP session queuing does not allow you to simultaneously configure queuing policies on a VC and on a session of that VC, although the router permits the configuration.

The maximum number of VCs with PPP session queuing policies cannot exceed 16,000 VCs system wide.

If the same ATM category (for example, shaped unspecified bit rate (UBR)) contains both high and low bandwidth VCs, the SAR mechanism can cause low throughput for high bandwidth VCs. The workaround for this issue is to use different ATM classes for low and high bandwidth VCs. For example, configure low bandwidth VCs as shaped UBR and high bandwidth VCs as variable bit rate-nonreal-time (VBR-nrt) or constant bit rate (CBR).

When you apply queuing policies to sessions, do not apply a policy at the VC level on the same VC.

The CLASS-BASED QOS MIB does not include statistics for service policies applied to sessions.

RADIUS accounting does not include queuing statistics.

The router ignores the VC weight when it is configured on a VC with PPP session queuing configured.

Configuring PPP Session Queuing on ATM VCs

You can apply hierarchical shaping policies to sessions using a virtual template or RADIUS. When you apply shaping policies to sessions, do not apply a policy at the VC level on the same VC.

To configure PPP session queuing on ATM VCs, perform one of the following configuration tasks:

Configuring PPP Session Queuing Using a Virtual Template

Configuring PPP Session Queuing Using RADIUS

Configuring PPP Session Queuing Using a Virtual Template

To configure PPPoA or PPPoEoA session queuing using a virtual template, perform the following configuration tasks:

Configuring an Hierarchical QoS Policy

Associating the Hierarchical Policy Map with a Virtual Template

Applying the Virtual Template to an ATM Subinterface

Configuring an Hierarchical QoS Policy

To configure a hierarchical QoS policy, enter the following commands, beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies the child policy. Enters policy-map configuration mode.

policy-map-name is the name of the child policy map. The name can be a maximum of 40 alphanumeric characters.

Step 2 

Router(config-pmap)# class class-map-name

Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.

class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.

Note Repeat Steps 2 through 6 for each traffic class you want to include in the child policy map. For information about other QoS actions you can specify for the traffic classes, see the "Input and Output Policy Actions" section in the "Configuring QoS Policy Actions and Rules" chapter of the Cisco 10000 Series Router Quality of Service Configuration Guide.

Step 3 

Router(config-pmap-c)# priority level level

(Optional) Defines multiple levels of a strict priority service model. When you enable a traffic class with a specific level of priority service, the implication is a single priority queue associated with all traffic enabled with the specified level of priority service.

level is a number that indicates a specific priority level. Valid values are from 1 (high priority) to 4 (low priority). Default: 1

Step 4 

Router(config-pmap-c)# police bps [burst-normal] [burst-max] [conform-action action] [exceed-action action] [violate-action  action]

(Optional) Configures traffic policing.

bps is the average rate in bits per second. Valid values are 8000 to 200000000.

(Optional) burst-normal is the normal burst size in bytes. Valid values are 1000 to 51200000. The default normal burst size is 1500 bytes.

(Optional) burst-max is the excess burst size in bytes. Valid values are 1000 to 51200000.

(Optional) conform-action action indicates the action to take on packets that conform to the rate limit.

(Optional) exceed-action action indicates the action to take on packets that exceed the rate limit.

(Optional) violate-action action indicates the action to take on packets that violate the normal and maximum burst sizes.

Step 5 

Router(config-pmap-c)# set cos value

(Optional) Sets the Layer 2 class of service (CoS) value of an outgoing packet.

value is a specific IEEE 802.1Q CoS value from 0 to 7.

Step 6 

Router(config-pmap-c)# bandwidth remaining ratio

(Optional) Specifies a bandwidth-remaining ratio for class-level or subinterface-level queues to be used during congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to non-priority queues.

ratio specifies the relative weight of this subinterface or queue with respect to other subinterfaces or queues. Valid values are from 1 to 1000.

Step 7 

Router(config-pmap-c)# exit

Exits policy-map class configuration mode.

Step 8 

Router(config-pmap)# policy-map policy-map-name

Creates or modifies the parent policy.

policy-map-name is the name of the parent policy map. The name can be a maximum of 40 alphanumeric characters.

Step 9 

Router(config-pmap)# class class-default

Configures or modifies the parent class-default class.

Note You can configure only the class-default class in a parent policy. Do not configure any other traffic class.

Step 10 

Router(config-pmap-c)# bandwidth remaining ratio

(Optional) Specifies a bandwidth-remaining ratio for class-level or subinterface-level queues to be used during congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to non-priority queues.

ratio specifies the relative weight of this subinterface or queue with respect to other subinterfaces or queues. Valid values are from 1 to 1000.

Step 11 

Router(config-pmap-c)# shape [average] mean-rate [burst-size] [excess-burst-size] [account {qinq | dot1q} aal5 subscriber-encap]

Shapes traffic to the indicated bit rate and enables ATM overhead accounting.

(Optional) average is the committed burst (Bc) that specifies the maximum number of bits sent out in each interval. This option is only supported on the PRE3.

mean-rate is also called committed information rate (CIR). Indicates the bit rate used to shape the traffic, in bits per second. When this command is used with backward explicit congestion notification (BECN) approximation, the bit rate is the upper bound of the range of bit rates that are permitted.

(Optional) burst-size is the number of bits in a measurement interval (Bc).

(Optional) excess-burst-size is the acceptable number of bits permitted to go over the Be.

account enables ATM overhead accounting.

qinq specifies queue-in-queue encapsulation as the BRAS-DSLAM encapsulation type.

dot1q specifies IEEE 802.1Q VLAN encapsulation as the BRAS-DSLAM encapsulation type.

aal5 is the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services.

subscriber-encaps specifies the encapsulation type at the subscriber line. For more information, see the "Subscriber Line Encapsulation Types" section.

Step 12 

Router(config-pmap-c)# service-policy policy-map-name

Applies the child policy to the parent class-default class.

policy-map-name is the name of the child policy map configured in step 1.

The following example shows how to configure a hierarchical QoS policy. In the example, the child-policy configures QoS features for two traffic classes: Premium and Silver. Premium traffic has priority and is policed at 40 percent. The router sets the IP precedence of Premium traffic to precedence level 3. Silver traffic is policed at 80000 bps and IP precedence level 3 is set. The child-policy is applied to the Parent policy class-default class, which shapes traffic to 200,000 Kbps.

Router(config)# policy-map child-policy
Router(config-pmap)# class Premium
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 40
Router(config-pmap-c)# set ip precedence 3
Router(config-pmap-c)# class Silver
Router(config-pmap-c)# police 80000 10000 conform-action transmit exceed-action drop
Router(config-pmap-c)# set ip precedence 5
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 200000
Router(config-pmap-c)# service-policy output child-policy
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#

Associating the Hierarchical Policy Map with a Virtual Template

A virtual template is a logical interface whose configuration can specify generic configuration information for a specific purpose, user-specific configuration information, and router-dependent information. You configure a virtual template on an interface and apply QoS policy maps to the virtual template. The virtual template inherits the QoS features specified in the policy map. When the router establishes sessions on an interface, the router applies the QoS features specified in the virtual template configuration to the virtual access interfaces (VAIs) created for the sessions, including the QoS features specified in the policy map attached to the virtual template.

To associate the hierarchical policy map with a virtual template, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# interface virtual-template template-number

Creates a virtual template and enters interface configuration mode.

template-number is the number you assign to the virtual template interface to identify it. Valid values are from 1 to 200.

Note You can configure up to 200 virtual template interfaces on the router.

Step 2 

Router(config-if)# service-policy {input | output} policy-map-name

Attaches the policy map you specify to the virtual template interface in the inbound or outbound direction that you specify.

input specifies to apply the policy map to inbound traffic.

output specifies to apply the policy map to outbound traffic.

policy-map-name is the name of a previously configured policy map.

Step 3 

Router(config-if)# exit

Exits interface configuration mode.

The following example shows how to associate a policy map with a virtual template. In this example, the policy map named Parent is associated with the virtual template named VirtualTemplate1.

Router(config)# interface virtual-template1
Router(config-if)# service-policy output Parent
Router(config-if)# exit
Router(config)#

Applying the Virtual Template to an ATM Subinterface

A broadband aggregation group (bba-group) configured on an ATM interface points to the virtual template the router uses to apply QoS policies to sessions. When a session arrives on an ATM interface, the router creates a virtual access interface (VAI) for the session and applies the policies associated with the virtual template to the sessions.

To apply the virtual template with its associated hierarchical policy to an ATM subinterface, enter the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# bba-group pppoe group-name

Creates a PPP over Ethernet (PPPoE) profile. Enters BBA group configuration mode.

group-name is the name of the PPPoE profile.

Step 2 

Router(config-bba-grp)# virtual-template template-number

Associates a BBA group to the virtual template to be used for cloning virtual access interfaces.

template-number is the identifying number of the virtual template.

Step 3 

Router(config-bba-grp)# exit

Exits BBA group configuration mode.

Step 4 

Router(config)# interface atm number.subinterface [point-to-point]

Creates or modifies a subinterface. Enters subinterface configuration mode.

atm is the interface type.

number is the slot, module, and port number of the interface (for example 1/0/0).

.subinterface is the number of the subinterface (for example, 1/0/0.1).

(Optional) point-to-point indicates that the subinterface connects directly with another subinterface.

Step 5 

Router(config-subif) pvc [name] vpi/vci

Creates or modifies an ATM permanent virtual circuit (PVC). Enters ATM virtual circuit configuration mode.

(Optional) name identifies the PVC and can contain up to 15 characters.

vpi/ specifies the ATM network virtual path identifier (VPI) for this PVC. You must specify the slash. Valid values are from 0 to 255. The router treats a value that is outside the range of valid values as the connection ID. The default value is 0.

Note The arguments vpi and vci cannot both be set to 0; if one is 0, the other cannot be 0.

vci specifies the ATM network virtual channel identifier (VCI) for this PVC. Valid values are from 0 to 1 less than the maximum value set for this interface by the atm vc-per-vp command. A value that is out of range causes an "unrecognized command" error message.

Note The VCI value has local significance only and, therefore, is unique only on a single link, not throughout the ATM network. Typically, lower values from 0 to 31 are reserved for specific traffic (for example, F4 OAM, SVC signaling, ILMI, and so on) and should not be used.

Step 6 

Router(config-atm-vc)# protocol pppoe group group-name

Enables PPP over Ethernet (PPPoE) sessions to be established on permanent virtual circuits (PVCs).

group specifies a PPPoE profile (bba-group) to be used by PPPoE sessions on the interface.

group-name is the name of the PPPoE profile (bba-group) to be used by PPPoE sessions on the interface.

Note The group group-name points to the bba-group to be used for applying a virtual template interface with QoS policies to sessions.

Step 7 

Router(config-atm-vc)# exit

Exits ATM virtual circuit configuration mode.

Step 8 

Router(config-subif)# exit

Exits subinterface configuration mode.

The following example shows how to associate a virtual template interface with an ATM interface and apply the policies in the virtual template to the sessions on the interface. In the example, the service policy named Parent is applied to the Virtual-Template 8, which is associated with the bba-group named pppoeoa-group. The bba-group is applied to PVC 101/210 on ATM subinterface 4/0/1.10.

bba-group pppoe pppoeoa-group
Virtual-Template 8
 
   
interface ATM4/0/1.10 point-to-point
pvc 101/210
vbr-nrt 4000 2000 50
no dbs enable
encapsulation aal5snap
protocol pppoe group pppoeoa-group
!
interface Virtual-Template8
ip unnumbered Loopback5555
no logging event link-status
peer default ip address pool pool-1
ppp authentication chap
service-policy output Parent

Configuring PPP Session Queuing Using RADIUS

To configure PPPoA or PPPoEoA session queuing using RADIUS, perform the following configuration tasks:

Configuring the Policy Map

Adding the Cisco QoS AV Pairs to the RADIUS Profile

Configuring the Policy Map

The router allows you to use RADIUS to apply QoS policy maps to PPPoA or PPPoEoA sessions. The actual configuration of the policy map, however, occurs on the router using the modular QoS CLI (MQC).

To configure QoS policy maps and apply them to virtual template interfaces, see the "Configuring an Hierarchical QoS Policy" section and the "Associating the Hierarchical Policy Map with a Virtual Template" section.

Adding the Cisco QoS AV Pairs to the RADIUS Profile

Cisco attribute-value (AV) pairs are vendor-specific attributes (VSAs) that allow vendors such as Cisco to support their own extended attributes. RADIUS attribute 26 is a Cisco VSA used to communicate vendor-specific information between the router and the RADIUS server.

The RADIUS user profile contains an entry for each user that the RADIUS server authenticates. Each entry establishes an attribute the user can access. When configuring PPPoA or PPPoEoA session queuing using RADIUS, enter the following Cisco AV-pair in the appropriate user profile:

Cisco-AVPair = "ip:sub-qos-policy-out=<name of egress policy>"
 
   

The Cisco AV-pair identifies the policy map the router is to use when applying QoS features to a PPPoA or PPPoEoA session. After receiving a service-logon request from the policy server, RADIUS sends a change of authorization (CoA) request to the router to activate the service for the user, who is already logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the Cisco AV-pair and applies the QoS policy to the session.


Note Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attribute for QoS policy definitions. For more information about attribute 38, see the "Setting Up RADIUS Using VSA 38" section.


Configuration Examples for PPP Session Queuing on ATM VCs

This section provides the following configuration examples:

Example of Configuring PPP Session Queuing on ATM VCs

Example of Configuring and Applying an Hierarchical Policy Map

Example of Setting Up RADIUS for PPP Session Queuing on ATM VCs

Example of Configuring PPP Session Queuing on ATM VCs

The following example shows how to configure PPPoA or PPPoEoA session queuing. In the example, a hierarchical QoS policy named pm_hier2_0_2 is associated with Virtual-Template555, which is applied to the broadband aggregation group named pppoeoa-group.

Example 17-30 Configuring PPP Session Queuing on ATM VCs

bba-group pppoe pppoeoa-group
Virtual-Template 555
!
policy-map pm_hier2_child_0_2
class cm_0
priority level 1
police percent 5 2 ms 0 ms conform-action transmit exceed-action drop 
violate-action drop
queue-limit 77 packets
class cm_1
shape average percent 80
bandwidth remaining ratio 80
class class-default
shape average percent 50
bandwidth remaining ratio 20
 
   
policy-map pm_hier2_0_2
class class-default
shape average percent 100
bandwidth remaining ratio 100
service-policy pm_hier_child_0_2
 
   
interface ATM2/0/7.5555 point-to-point
pvc 1/5555
vbr-nrt 4000 2000 50
no dbs enable
encapsulation aal5snap
protocol pppoe group pppoeoa-group
!
!
interface Virtual-Template555
ip unnumbered Loopback5555
no logging event link-status
peer default ip address pool pool-1
ppp authentication chap
service-policy output pm_hier2_0_2

Example of Configuring and Applying an Hierarchical Policy Map

Example 17-31 shows how to configure a hierarchical policy and apply it to a virtual template. The example contains a child policy map named child1 with QoS features defined for the gold and bronze traffic classes. The child1 policy is applied to the parent policy map, which is shaped to 512000 bps. The hierarchical policy is applied to the virtual template named virtual-template 1.

Example 17-31 Configuring an Hierarchical Policy Map

Router(config)# policy-map child1
Router(config-pmap)# class gold
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 40
Router(config-pmap-c)# class bronze
Router(config-pmap-c)# police 8000
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 512000
Router(config-pmap-c)# service-policy child1
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface virtual-template 1
Router(config-if)# service-policy output parent

Example of Setting Up RADIUS for PPP Session Queuing on ATM VCs

Example 17-32 shows how to define the Cisco AV-pairs used to download the policy map name to the router. The first three lines of a subscriber's sample user profile contain the user password, service type, and protocol type. This information is entered into the subscriber's user profile when the user profile is first created. The last line is an example of the Cisco QoS AV-pair added to the user profile. The policy map name downloaded to the router is p23.

Example 17-32 Setting Up RADIUS for PPP Session Queuing on ATM VCs

userid	Password = "cisco"
Service-Type = Framed,
Framed-Protocol = PPP,
cisco-avpair = "sub-qos-policy-out=p23"

Verifying PPP Session Queuing on ATM VCs

To verify PPPoA or PPPoEoA session queuing, use any of the following commands in privileged EXEC mode:

Command
Purpose

Router# show policy-map [interface interface]

Displays information about the policy map attached to the interface you specify. If you do not specify an interface, it displays information about all of the policy maps configured on the router.

interface interface is the interface type and number (for example, atm 4/0/0).

Router# show policy-map session [uid uid-number] [input | output [class class-name]]

Displays the QoS policy map in effect for subscriber sessions.

(Optional) uid defines a unique session ID.

(Optional) uid-number is a unique session ID. Valid values are from 1 to 65535.

(Optional) input displays the upstream traffic of the unique session.

(Optional) output displays the downstream traffic of the unique session.

(Optional) class identifies the class that is part of the QoS policy-map definition.

(Optional) class-name provides a class name that is part of the QoS policy-map definition.

Router# show pxf cpu queue [interface | QID | summary]

Displays parallel express forwarding (PXF) queuing statistics.

(Optional) interface is the interface for which you want to display PXF queuing statistics. This displays PXF queuing statistics for the main interface and all subinterfaces and permanent virtual circuits (PVCs). It also displays packets intentionally dropped due to queue lengths.

(Optional) QID is the queue identifier.

(Optional) summary displays queue scaling information such as:

Number of queues and recycled queues.

Number of available queue IDs (QIDs).

Number of packet buffers, recycled packet buffers, and free packet buffers.

Router# show pxf cpu queue session [sid sid-value]

Displays PXF queuing statistics for sessions.

(Optional) sid displays queuing statistics for a specific session identifier.

sid-value is a number that represents a specific session ID. Valid values are from 1 to 65,535.

Router# show running-config

Displays the running configuration on the router. The output shows the AAA setup and the configuration of the policy map, ATM VC, PPPoA or PPPoEoA, dynamic bandwidth selection, virtual template, and RADIUS server.


Examples of Verifying PPP Session Queuing on ATM VCs

Example 17-33 shows the type of information displayed when you enter the show pxf cpu queue session command. In the example, the show pppoe session command is used to display the sessions established on the router. In this case, one session is active with a session ID (SID) of 6. The example then displays configuration and statistical information for that specific session using the show pxf cpu queue session command.

Example 17-33 Displaying PPP Session Information—show pxf cpu queue session Command

Router# show pppoe session 
1 session in LOCALLY_TERMINATED (PTA) State 
1 session total 
 
Uniq ID	PPPoE	RemMAC	Port	VT	VA	State
	SID	LocMAC	VA-st	Type
	14	6	0009.b68d.bb37	ATM2/0/7.5555	555	Vi3.1	PTA
	0009.b68d.bc37	VC: 1/5555 			UP
 
   
Router#
Router#
Router# show pxf cpu queue session sid 6
 
   
ATM2/0/7.5555: PVC 1/5555 
	VCCI/ClassID	ClassName	QID	Length/Avg	Max	Dequeues	Drops(Tail/Random)
	2623/0	class-default	1858	0/0	77	0	0/0
$1	2623/1	cm_0	1856	0/0	77	0	0/0
	2623/2	cm_1	1859	0/0	40	0	0/0
	2623/31	net-control	591	0/1	1105	335137	0/0
 
   
 
   
Legend: 
$x: Priority Queue level x 
b: PQ Activation and Dequeue Blocked 
~: RED Queue 
P: MLP Pkt Queue 
F: MFR Pkt Queue 
M1:MLP , M5:MLPFR , MA:MLPOA , M6:FRF12 , M7:MLFR, M8:FRF12_16
 
   

Example 17-34 uses the show policy-map session command to display QoS policy map statistics for traffic in the downstream direction. The example also shows the policy map configurations.

Example 17-34 Displaying PPP Session Information—show policy-map session Command

Router# show pppoe session
 
1 session in LOCALLY_TERMINATED (PTA) State
1 session total
 
   
Uniq ID	PPPoE	RemMAC	Port	VT	VA	State	
	SID	LocMAC	VA-st	Type
	14	6	0009.b68d.bb37	ATM2/0/7.5555	555	 Vi3.1 	PTA 
	0009.b68d.bc37 VC: 1/5555	UP 
Router#
Router#
Router# show policy-map session uid 14
 
   
SSS session identifier 14 -
 
   
	Service-policy output: pm_hier2_0_2
 
   
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any 
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 50 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
bandwidth remaining ratio 100
 
   
	Service-policy : pm_hier2_child_0_2
 
   
queue stats for all priority classes:
Queueing
priority level 1
queue limit 77 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
 
   
Class-map: cm_0 (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 0 
0 packets, 0 bytes
30 second rate 0 bps
Priority: 0% (0 kbps), burst bytes 4470, b/w exceed drops: 0
Priority Level: 1 
Police:
104000 bps, 1536 limit, 0 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
violated 0 packets, 0 bytes; action: drop
 
   
Class-map: cm_1 (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 1 
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 237 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1600000, bc 6400, be 6400
target shape rate 1600000
bandwidth remaining ratio 80 
 
   
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any 
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 77 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
bandwidth remaining ratio 20 
 
   
Router# show policy-map pm_hier2_0_2
 
   
Policy Map pm_hier2_0_2
Class class-default
Average Rate Traffic Shaping
cir 100%
bandwidth remaining ratio 100 
service-policy pm_hier2_child_0_2
 
   
Router# show policy-map pm_hier2_child_0_2
 
   
Policy Map pm_hier2_child_0_2
 
   
Class cm_0
priority level 1
police percent 5 2 ms 0 ms conform-action transmit exceed-action drop 
violate-action drop
queue-limit 77 packets
 
   
Class cm_1
Average Rate Traffic Shaping
cir 80%
bandwidth remaining ratio 80 
 
   
Class class-default
Average Rate Traffic Shaping
cir 50%
bandwidth remaining ratio 20 

Related Documentation

This section provides hyperlinks to additional Cisco documentation for the features discussed in this chapter. To display the documentation, click the document title or a section of the document highlighted in blue. When appropriate, paths to applicable sections are listed below the documentation title.

Feature
Related Documentation

Pull and push functionality

Define Interface Policy-Map AV Pairs AAA feature module, Release 12.2(28)SB

Dynamic bandwidth selection

Cisco IOS Wide-Area Networking Configuration Guide, Release 12.3

Part 2: Broadband Access > Configuring Broadband Access: PPP and Routed Bridge Encapsulation > Dynamic Subscriber Bandwidth Selection

Dynamic Bandwidth Selection, Release 12.2(13)T and 12.2SB feature module

RADIUS

Cisco IOS Security Configuration Guide, Release 12.3

Part 2: Security Server Protocols > Configuring RADIUS