Cisco 7600-ES20 Ethernet Line Card Configuration Guide
Configuring QoS on the Cisco 7600 Series Ethernet Services 20G Line Card
Downloads: This chapterpdf (PDF - 696.0KB) The complete bookPDF (PDF - 4.4MB) | Feedback

Table Of Contents

Configuring QoS on the Cisco 7600 Series Ethernet Services 20G Line Card

QoS Functions in the Cisco 7600 Series Ethernet Services 20G Line Card

Ingress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card

Ingress Trust

Ingress Queue Scheduling

Ingress Classification

Ingress Policing

Ingress Marking

Ingress Shaping

Egress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card

Egress Classification

Egress Policing

Egress Marking

Egress Shaping

Egress Queue Scheduling

Restrictions

Configuring QoS Features Using MQC

EVCS QoS Support

Mapping Between Bay and Ports

Restrictions and Usage Guidelines

Restrictions and User Guidelines for EVC Port Channel

Configuring Qos Over an EVC Group

Restrictions and Usage Guidelines

Dual Rate Three Color (2R3C) Ingress Policer on Service Instances

Restrictions and Usage Guidelines

Ingress Policing on EVC Port Channel

Restrictions and Usage Guidelines

Configuring Ingress Policing on EVC Port Channel

Configuring Classification

Restrictions and Usage Guidelines

Configuring Policing

Restrictions and Usage Guidelines

Configuration Tasks

Attaching a QoS Traffic Policy to an Interface

Attaching a QoS Traffic Policy for an Input Interface

Attaching a QoS Traffic Policy to an Output Interface

Configuring Marking

Restrictions and Usage Guidelines

Configuring Shaping

Restrictions and Usage Guidelines

Configuring Shaping on the ES20 Main Interface

About Traffic Shaping

Restrictions and Usage Guidelines

Non example

Configuring the Child Policy

Configuring QoS Queue Scheduling

Restrictions and Usage Guidelines

Configuring CBWFQ

Configuring LLQ

Examples

Configuring PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card

PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card Configuration Guidelines

Configuring Hierarchical QoS

Hybrid Policy Support

Configuring Hierarchical QoS with Tiered Policy-Maps

Configuration Guidelines

Configuring Hierarchical QoS for EoMPLS VCs

Hierarchical QoS with Service Instances

Configuration Guidelines

EVC Configuration Examples

Configuring Bandwidth Remaining Ratio (BRR) - Utilizing Unused Bandwidth Support

Hierarchical Policy-Maps

HQoS Policies with Bandwidth and Shape in Child Classes

Restrictions and Usage Guidelines

HQoS Polices with Shape in Child Classes

Restrictions and Usage Guideline

HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes

Restrictions and Usage Guideline

Flat Policy- Maps

BRR Propagation

Restrictions and Usage Guidelines

Example of a Hybrid Policy

Hardware Restrictions

Troubleshooting QoS Features in a ES20 Line Card


Configuring QoS on the Cisco 7600 Series Ethernet Services 20G Line Card


This chapter provides information about configuring Quality of Service (QoS) on the Cisco 7600 Series Ethernet Services 20G (ES20) line card on the Cisco 7600 series router.

Before referring to any other QoS documentation for the platform or in the Cisco IOS software, use this chapter to determine ES20 line card-specific QoS feature support and configuration guidelines.

For additional details about QoS concepts and features in Cisco IOS Release 12.2, you can refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html

This chapter includes the following sections:

QoS Functions in the Cisco 7600 Series Ethernet Services 20G Line Card

Configuring QoS Features Using MQC

Dual Rate Three Color (2R3C) Ingress Policer on Service Instances

EVCS QoS Support

Configuring Qos Over an EVC Group

Configuring Policing

Configuring Marking

Configuring Shaping

Configuring Shaping on the ES20 Main Interface

Configuring PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card

Configuring Hierarchical QoS

Configuring Bandwidth Remaining Ratio (BRR) - Utilizing Unused Bandwidth Support

EVC Configuration Examples

Troubleshooting QoS Features in a ES20 Line Card

QoS Functions in the Cisco 7600 Series Ethernet Services 20G Line Card


Note Main interface refers to the maininterface and switchport unless specified otherwise.
If the supported feature is not mentioned, then the feature is not supported in the particular interface.


The following sections describe ingress and egress QoS functions.

Ingress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card

The following paragraphs describe ingress QoS support on the ES20 line card.

Ingress Trust

Trust is a port assignment instructing the port to trust (leave) existing priorities as they are on incoming frames or to rewrite the priorities back to zero.

A packet can arrive at an interface with a priority value already present in the packets header. The router needs to determine if the priority setting was set by a valid application or network device according to pre defined rules or if it was set by a user hoping to get better service.

The router has to decide whether to honor the priority value or change it to another value. How the router makes this determination is by using the port "trust" setting.

The ES20 line card always trusts Differentiated Services Code Point (DSCP) by default. Maininterfaces and subinterfaces use the ingress trust functionality.

Ingress Queue Scheduling

The ES20 line card does not support ingress queue scheduling.

Ingress Classification

After a frame is queued, the frame is passed on for classification. Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.

Traffic is classified to determine whether it should be:

Marked for further processing.

Policed to rate limit specific traffic types.

The ES20 line card supports ingress classification. For information on configuring classification, see "Configuring Classification" section.

Ingress Policing

Policing provides a means to limit the amount of bandwidth that traffic traveling through a given port, or a collection of ports in a VLAN, can use. Policing works by defining an amount of data that the router is willing to send or receive in kilobytes per second.

When policing is configured, it limits the flow of data through the router by dropping or marking down the QoS value traffic that is out-of-profiles. Policing allows the router to limit the rate of specific types to a level lower than what they might get otherwise based only the interface bandwidth.

The ES20 line card supports ingress policing. For information on configuring policing, see "Configuring Policing" section.

Ingress Marking

After it has been classified, traffic can be marked. Marking is a way to selectively modify the classification bits in a packet to identify traffic within the network. Other interfaces can then match traffic based on the markings.

The ES20 line card supports ingress marking. For information on configuring marking, see "Configuring Marking" section.

Ingress Shaping

The ES20 line card does not support ingress shaping.

Egress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card

The following sections describe QoS functions on the ES20 line card egress ports.

Egress Classification

Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.

Traffic is classified to determine whether it should be:

Marked for further processing.

Queued to rate limit specific traffic types.

The ES20 line card supports egress classification. For information on configuring classification, see "Configuring Classification" section.

Egress Policing

The ES20 line card supports egress port policing only when paired with the priority command.

Egress Marking

After traffic has been classified, the router can mark it. You use marking to selectively modify the classification bits in the packet to differentiate packets based on the designated markings.

The ES20 line card supports egress port marking on service instances, maininterfaces, and subinterfaces. For information on configuring marking, see "Configuring Marking" section.

Egress Shaping

Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface and to ensure that the traffic conforms to policies contracted for it. You can use shaping to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.

The ES20 line card supports shaping on egress port, maininterfaces, subinterfaces, and service instances. For information on configuring shaping, see "Configuring Shaping" section.

Egress Queue Scheduling

The egress line card uses congestion avoidance to help prevent congestion and keep its buffers from overflowing.

The ES20 line card supports Class-based Weighted Fair Queuing (CBWFQ), Low Latency Queueing (LLQ), and Weighted Random Early Detection (WRED).

Restrictions

Follow these restrctions and guidelines when you configure QoS in a ES20 line card:

A policy-map output on a route processor is linecard specific because all the policy-map statistics are exported from the linecard to the route processor. In a ES20 linecard egress scenario, an active Ternary Content Addressable Memory (TCAM) entry requires a queueing ASIC to relay the packet out of an egress interface. This is because the queue id is mapped to an egress port number programmed in a queuing ASIC through which packets are relayed out. However, a packet is dropped if a valid queue id is not allocated, and the TCAM entry is active. Hence classification happens only for classes with a valid queuing action in an egress direction.

You can configure a minimum bandwidth of 128kbps when using the bandwidth command.

Configuring QoS Features Using MQC

The Modular QoS CLI (MQC) is a CLI structure that allows users to create traffic policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to select traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.

To configure QoS features using the Modular QoS CLI on the ES20 line card, complete the following basic steps:


Step 1 Define a traffic class using the class-map command.

Step 2 Create a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command).

Step 3 Attach the traffic policy to the interface using the service-policy command.


For a complete discussion about MQC, refer to the "Modular Quality of Service Command-Line Interface" section of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 publication at:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html

EVCS QoS Support

Ethernet Virtual Connection Services (EVCS) uses the concepts of service instances and EVCs (Ethernet virtual circuits). A service instance is the instantiation of an EVC on a given port on a given router. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered.

Mapping Between Bay and Ports

The following table maps the bay and port information in a ES20 line card:

Table 3-1 Mapping Between Bay and Ports

Specifications
Port/Bay Information

ESM20 1 GIG Variant with 2 Xchip ASICs where lower number of ports are assigned to Bay 0 and higher number ports are mapped to Bay 1.

Ports 0 to 9 mapped to Bay 0

Ports 10 to 19 mapped to Bay 1

ESM20 10 GIG Variant

10 G Port 0 mapped to Bay 0

10 G Port 1 mapped to Bay 1


Restrictions and Usage Guidelines

When configuring QoS with EVCs on the ES20 line card, follow these restrictions and usage guidelines:

Service instances use MQC.

QoS supports 16 000 service instances per line card and 8000 per bay.

HQoS supports 990 policy-maps per bay.

Configuring EVcs or subinterfaces is not permissible with QoS on the main interface.

Ingress shaping is not supported.

For egress QoS, both hierarchical and flat policy-maps are supported.

Before creating a service instance or a sub interface, remove any policy-maps on the maininterface.

Only classes defined with match vlan and vlan-inner and class-default can exist in a parent policy.

As service instance configurations change, you must remove and reapply the policy because the policy-map configuration may no longer be valid. However, changes on the main interface related to QoS are not cascaded to EVC QoS.

Because the policy-map does not work to its optimum capacity due to 1% of the port bandwidth being reserved for control packets, ensure that the policy-map is configured to use only 99% of the port bandwidth.

EVCs with default encapsulation support policy-maps similar to other supported EVCs.

Layer 3 classification, Ingress and Egress Marking combinations are supported for the ES20 line card on the Cisco 7600 series router. For more information on the supported combinations, see "Layer 3 Ingress Marking Scenarios On a Service Instance".

EVC QoS support is as follows:

For EVC QoS, classification is based on the following filters, which can be combined:

Inner VLAN tag

Outer VLAN tag

CoS

CoS Inner

Precedence

Dscp

Mpls exp (for egress classification only)

For EVC QoS, marking is based on:

Copy or rewrite inner CoS

Copy or rewrite outer CoS

Copy inner to outer CoS or vice versa

Copy or rewrite on EXP

Rewrite precedence

Rewrite dscp

For EVC QoS, actions supported include:

Marking, bandwidth, WRED aggregate, shape average, queue-limit, priority with police

For EVC QoS configuration examples, see "EVC Configuration Examples" section.

Restrictions and User Guidelines for EVC Port Channel

When configuring QoS on a EVC port channel, follow these restrictions and user guidelines:

In a EVC port channel, the maximum number of restricted queues is 8000 per bay. Ensure that you do not exceed the 8000 limitation.

Maximum number of member links that can be configured on a line card is 8.

On a port channel, each EVC is replicated by the number of member links. Ensure that the total number of EVCs after replication per bay does not exceed 8000.

EVC port channels do not support percentage values of bandwidth and policing.

Egress IP Precedence and DSCP marking are supported for EVCs or for EVCs with port channels.

Configuring Qos Over an EVC Group

A Service group is a logical interface that helps you to group EVCs, and apply features on the aggregate logical entity. An EVC group helps you to configure a single QoS policy-map on different EVCs. You can globally configure service groups, and associate the group IDs with each members to add new members. For example, you can configure the group ID within each EVC to associate EVCs with a particular service group.

Each EVC belongs to only one service group at a time and the group must exist before any members (EVCs) can join the group. In addition to the policy on the service group of which it is a member, you can also apply a policy on each EVC. A policy map is rejected if you simultaneously apply the policy-map on a group and an EVC in the same direction.

In 12.2(33)SRE release, QoS is supported on the service groups, and you can add EVCs or EVCs over PC as members of a service-group. You can use this feature to apply a QoS policy (both in ingress and egress) within service groups having EVCs or EVCs over PortChannel as its members.

Restrictions and Usage Guidelines

When configuring Qos over a EVC group, follow these restrictions and usage guidelines:

This feature is supported only on service instances.

Each service instance can belong to only one service group.

In EVCs, all members of a service group must reside within the same interface.

In EVCs within a port-channel, all members of a service group must reside within the port-channel.

You cannot individually assign a member of a service group to a load-balance link of a port-channel. You should assign the whole group to the link.

An EVC group cannot have members that are assigned to multiple load-balance links of a port-channel.

Ensure that you have configured a EVC group before adding a service instance to it.

Service Group membership is extended only to EVCs (service instances).

You can apply a Qos Policy on groups or individual EVCs that are part of groups.

Ingress 1R2C policing is not supported on EVC groups.

You cannot simultaneously apply QoS on a EVC and its group in the same direction.

Service group supports hierarchical Qos and flat ( class-default ) policy-maps.

All QoS parameters ( Shape, Set, Bandwidth, BRR, Police (2r3c ) , Set, Wred) within a class, applicable to an EVC, are also supported on a group.

2r3c policer is supported in a ingress policy-map on a group.

Table 3-2 lists the scalability values of EVC groups:

Table 3-2 Scalability Values for ES20 line cards

Scalability
Values

Service Groups per bay

2000

Service Groups per line card

4000

Number of EVCs per service group

4000


SUMMARY STEPS

1. enable

2. configure terminal

3. service-group ID number

4. service-policy [input| output]

5. sh service-group ID number

6. interface GigabitEthernet slot/bay/port

7. service instance name

8. group ID number

9. sh service-group ID number

10. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode and enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

service-group ID number

Example:

Router(config)# service-group 1000

Assigns a service group ID number. The acceptable range is 1-32768.

Step 4 

service-policy [input| output]

Example:

Router(config-service-group)# service-policy output

Creates a service policy within the service group and attaches it to the ingress or egress of a service group.

Step 5 

sh service-group ID number

Example:

Router# sh service-group 1000

Displays the service group for which an ID has been assigned or the members belonging to a service group.

Step 6 

interface GigabitEthernet slot/bay/port

Example:

Router(config)# int gi 2/0/0

Identifies the interface to which the service group should be attached.

Step 7 

service instance name

Example:

Router(config-if)# service instance 1 eth

Creates a service instance within the interface.

Step 8 

group ID number

Example:

Router(config-if-srv)# group 1000

Adds the created group to the service instance.

Step 9 

sh service-group ID number

Example:

Router# sh service-group 1000

Displays the service group for which an ID has been assigned or the service instances belonging to a service group.

Step 10 

end

Example:

Router(config-if-srv)# end

Ends the command operations.

Example

The following example shows the creation of a service group and attaching the policy map to the egress:

Router(config)# service-g
Router(config)# service-group ?
  <1-32768>  Service Group ID Number
Router(config)# service-group 1000
Router(config-service-group)#ser
Router(config-service-group)# service-policy ?
input   Attach a policy-map to ingress of a service group
output  Attach a policy-map to egress of a service group
Router(config-service-group)# service-policy output <policy-map name>

The following example shows the creation of a service instance and adding a service group to the service instance:

Router(config)# int gi 2/0/0
Router(config-if)# ser
Router(config-if)# service in
Router(config-if)# service instance 1 eth
Router(config-if-srv)# en
Router(config-if-srv)# encapsulation d
Router(config-if-srv)# encapsulation do 
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)#?
Ethernet EFP configuration commands:
  bridge-domain   Bridge-domain
  default         Set a command to its defaults
  description     Service instance specific description
  encapsulation   Configure ethernet frame match criteria
  errdisable      Configure error disable
  ethernet        Configure ether lmi parameters
  exit            Exit from ETHER EFP configuration mode
  group           Join a service group
  ip              ip
  l2protocol      Configure l2 control protocol processing
  mac             Commands for MAC Address-based features
  no              Negate a command or set its defaults
  rewrite         Configure ethernet rewrite criteria
  service-policy  Attach a policy-map to an EFP 
  shutdown        Take the Service Instance out of Service
  snmp            Modify SNMP service instance parameters
  xconnect        Xconnect commands
Router(config-if-srv)# gr
Router(config-if-srv)# group 1000
Router(config-if-srv)#
Router#

Execute the sh run service-group 1 command to display the input and output policymaps applied on a service group:

Router#
Router#
Router#sh ser
Router# sh service
*Apr 24 01:17:21.904: %SYS-5-CONFIG_I: Configured from console by console
Router#sh service-g
Router#sh service-group 1000
Service Group 1000:
  Number of members:                      1
  State:                                  Up
  Interface:                              GigabitEthernet2/0/0

Number of members: 1

Dual Rate Three Color (2R3C) Ingress Policer on Service Instances

Dual Rate Three Color Policing (2R3C), elaborated in RFC 2698, lists the following characteristics of the data packets:

Metered and colored as green, yellow or red.

Marked for transmission drop or QoS marking.

Replenished in token buffer mode.

Based on the new feature implementation in ES20 line cards, the policy meter operates in a color blind mode in flat policy-maps. You can configure dual rates policing using the conform, exceed, and violate actions in the ingress service instances on an ES20 line card. For more information on Dual rate Three Color policers, refer to the section "QoS: Color-Aware Policer" at the following URL:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_cap.html

You can configure the policer in any classes supported for marking. You can use the match vlan, match vlan inner, match QoS, or match CoS inner filters to configure these classes. For more information on Policing in ES20 line cards, refer the section "Configuring Policing" section.

Restrictions and Usage Guidelines

When configuring 2R3C ingress service policy on a ES 20 line card, follow these restrictions and usage guidelines:

You cannot configure 2R3C policer with the following characteristics:

A single rate two color (1R2C) policer in the same policy-map.

Packets marked for transmission drop.

Simultaneous execution of the set command operations in the same class.

Maximum of 3000 policers are supported on an ES20 line card (for a total of 6000 per line card).

If a 1R2C policer is configured, and actions other than conform, transmit, exceed, or drop are configured, or 1R2C is not as class-default, the microprocessor performs policing.

If you do not configure the values for cir and pir, the CLI commands are rejected.

2R3C policer works with user-class and class-default values.

2R3C policer does not support set- cos command within the policer. set- cos command are part of policer action such as set-cos transmit.

To set the DBUS COS, you can use set-cos action command instead of the set mpls exp .

You cannot configure 2R3C and 1R2C policer within the same policy-map.

You can configure a minimum policer value of 128 Kbps.

A hierarchical qos policymap in ingress should comprise of police at parent policy and marking cos in child policy. Configuration of police in both parent and child policy maps is not supported.

You must not change the child-policy dynamically when the parent policy is still attached to the interface.

Flat 2R3C policer is supported.

conform, exceed, and violate commands are used to mark all the policing actions.

The following policing actions are supported in an ES20 line card:

drop.

set-cos-inner-transmit (sets the outer tag Cos).

set-cos-transmit (sets dbus cos no tag Cos).

transmit

set-prec-transmit

set dscp-transmit

set mpls-exp-imposition-transmit

The following default policer actions are supported in an ES20 line card:

transmit for conform.

drop for exceed and violate.

You can classify cos-inner, vlan, and vlan-inner policers.

Ingress classification and policing is performed before an EVC rewrite.


Note Effective from 12.2(33)SRD release onwards, the service-policy configuration supports policy conform burst (bc) size setting on an ES20 interface. Releases earlier than 12.2(33)SRD, do not support setting policy bc size.


SUMMARY STEPS

1. enable

2. configure terminal

3. class-map match-any class name

4. match cos name

5. match [ip] precedence precedence-value

6. policy-map policer

7. class class name

8. police cir bc pir be

9. conform-action [ set-cos-inner-transmit | set-cos-transmit]

10. exceed-action [ set-cos-inner-transmit | set-cos-transmit ]

11. violate-action [ transmit | drop ]

12. interface GigabitEthernet slot/bay/port

13. service instance ethernet interface

14. service policy input policy-map-name

15. end

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

class-map match-any class name

Example:

Router# configure class-map match any test

Configures the match criteria for a class-map to be successful match criteria for all packets.

Step 4 

match cos name

Example:

Router# (config-cmap)# match cos2

Matches a packet based on a Layer 2 class of service (CoS) name.

Step 5 

Router (config-cmap)# match [ip] precendence precedence-value

Example:

Router#(config-cpmap)# match ip precedence 3

Identifies IP precedence values as match criteria.

Step 6 

Router (config-cmap)# policy-map policer

Example:

Router (config-cmap)# policy-map 2r3c

Specifies the traffic policy name and also allows you to enter policy-map configuration mode (a prerequisite for enabling QoS features such as traffic policing or traffic shaping).

Step 7 

Router (config-pmap)# class class name

Example:

Router (config-pmap)# class test

Associates the traffic class with the traffic policy.

For the class-name argument, you can specify the name of the class you created when you used the class-map command to create the traffic class.

Step 8 

Router (config-pmap-c)# Police cir bc pir be

Example:

Router (config-pmap-c)# police cir 1000000 bc 5000 pir 100000000 be 10000000

Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where:

cir—Specifies the CIR (Committed Information Rate) at which the first token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000.

bc-conform burst—Specifies the conform burst (bc) size in bytes used by the first token bucket for policing. The value is a number from 1000 to 31,250,000.

pir rate—Specifies the PIR (Peak Information Rate) at which the second token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000.

be—Specifies the exceed burst value used by the second token bucket.

Step 9 

Router (config-pmap-c-police)# conform-action [set-cos-inner-transmit | set-cos-transmit ]

Example:

Router (config-pmap-c-police)# conform-action set-cos-inner-transmit 4

Configures the traffic policing based on the options specified:

Inner-transmit.

Transmit.

Step 10 

Router (config-pmap-c-police)# exceed-action [ set-cos-inner-transmit | set-cos-transmit ]

Example:

Router(config-pmap-c-police)# exceed action set-cos-transmit 3

Configures the traffic policing according to the options specified:

Inner-transmit.

Transmit.

Step 11 

Router (config-pmap-c-police)# violate-action [ transmit | drop ]

Example:

Router (config-pmap-c-police)# violate action set-cos-transmit 3

Configures the traffic policing according to the options specified:

Transmit.

Drop.

Step 12 

Router (config)# interface GigabitEthernet slot/bay/port

Example:

Router (config)# interface gig2/0/0

Identifies the interface to which the service policy should be attached.

Step 13 

Router (config-if)# service instance ethernet interface

Example:

Router(config-if)# service instance 1 eth

Identifies the service instance of the interface to which the service policy is attached.

Step 14 

Router (config-if-srv)# service policy input policy-map-name

Example:

Router(config-if-srv)# service policy input test

Attaches the configured policy-map to the ethernet service instance.

Step 15 

end

Example:

Router(config-if-srv)# end

Ends the command operations.

Example

The following example shows the 2R3C configuration in a class and policy-map:

policy-map test
class cos2
police 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action 
set-cos-transmit 1 violate-action drop

The service policy should be attached to the service instance of the interface as follows:

interface gig2/0/0
service instance 1 eth
---- EVC configurations ---
service-policy input test

Ingress Policing on EVC Port Channel

The EVC port channel supports 1R0C and 2R3C policers. The classifications and police actions supported on regular EVCs are supported on an EVC port channel.

Restrictions and Usage Guidelines

When configuring ingress policing on EVC port channel, follow these restrictions and guidelines:

1R0C is supported only in class-default (classification), and not for service groups.

1R0C supports these policing actions on packets:

transmit for conformed packets

drop for exceed packets

1R0C does not support set action for conformed and exceeded packets.

1R0C supports flat and HQOS policy maps. HQOS policy maps support policing actions only for the parent class class-default and marking action in child classes.

2R3C is supported in these user class and class-default classification:

match precedence

match dscp

match vlan-outer

match vlan-inner

match cos-outer

match cos-inner

2R3C supports the following policing actions:

Conformed packets: transmit, set-cos-transmit, set-cos-inner-transmit, set-prec-transmit, set-dscp-transmit, set-exp-transmit

Exceed packets: transmit, drop, set-cos-transmit, set-cos-inner-transmit, set-prec-transmit, set-dscp-transmit, set-exp-transmit

Violate packets: transmit, drop, set-prec-transmit, set-dscp-transmit, set-exp-transmit

2R3C is supported for service groups.

2R3C supports only flat policy-maps.

Each NPU complex supports a maximum of 3000 2R3C policers.

The maximum value for cir is limited to 990 Mbps for a 1 Gb port and 9.9 Gbps for a 10 Gb port. For 2R3C policer, the same restriction applies to pir.

Configuring Ingress Policing on EVC Port Channel

Configuring policing on EVC port channel is same as that for configuring policing on a regular EVC. For configuration, refer the section "Configuring Policing" section.

Configuring Classification

Use the QoS classification features to select your network traffic and categorize it into classes for further QoS processing based on matching certain criteria. The default class, named "class-default," is the class to which traffic is directed for any traffic that does not match any of the selection criteria in the configured class-maps.

Restrictions and Usage Guidelines

When configuring traffic classes on an ES20 line card, follow these restrictions and usage guidelines:

You can define up to 256 unique classes in a policy-map including class-default .

A single class-map can contain up to 8 different match command statements.

The ES20 line card does not support combining matches on QoS group, CoS, or input VLAN with other types of matching criteria (for example, access control lists [ACLs]) in the same class or policy-map. You cannot configure a class c1 with match CoS and class c2 with match ip prec in the same policy-map at same level.

When configuring hierarchical QoS on the ES20 line card, if you configure matching on an input VLAN in a parent policy, then only matching on a QoS group is supported in the child policy.

For ingress marking on EVCs, service instances support the match vlan command, match vlan-inner command, match cos command, match precedence, match dscp and match cos-inner commands.

For egress marking on EVCs, service instances support the match vlan command, match vlan-inner command, match cos command, match precedence, match dscp, match mpls experimental and the match cos-inner commands.

QoS classification on Egress ACL is not supported with the following TCP/UDP port parameters:

Port range

Port gt (greater than)

Port lt (lesser than)

Established (matching on established connections)

Table 3-3 provides information about which QoS classification features are supported for the ES20 line card on the Cisco 7600 series router. For more information about most of the commands documented in this table, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at:

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html

Table 3-3 QoS Classification Feature Support  

Feature (match command)
Ingress
Egress
Comments

Match on access list (ACL) number

(match access-group command)

Maininterface

Subinterface

Switchport

Maininterface

Subinterface

Supports the following ACLs:

IPv4 and IPv6.

Protocols—ARP, RARP, ICMP, IGMP, UDP, MAC, MPLS, and TCP.

Source and destination ports.

TCP flags.

ToS.

Match on ACL name (match access-group name command)

Maininterface

Subinterface

Switchport

Maininterface

Subinterface

 

Match on any packet

(match any command)

Maininterface

Subinterface

Switchport

EVC

Maininterface

Subinterface

Switchport

EVC

 

Match on ATM cell loss priority (CLP) (match atm clp command)

Not supported.

Match on class-map

(match class-map command)

Not supported.

Match on Class of Service (CoS) (match cos command)

EVC

EVC

Switchport

Subinterfaces

Supported for switchport queueing and EVC interface.

Note CoS classification is available through PFC QoS using MAC address ACLs.

Match on inner CoS (match inner-cos command)

EVC

EVC

 

Match on Frame Relay discard eligibility (DE) bit (match fr-de command)

Not supported.

Match on Frame Relay data-link connection identifier (DLCI) (match fr-dlci command)

Not supported.

Match on input VLAN

(match input vlan command—Matches the VLAN from an input interface.)

Maininterface

Supported for output interface only for software-based EoMPLS.

Note The service policy is applied on the output interface to match the VLAN from the input interface. If you configure matching on input VLAN in a parent policy with hierarchical QoS, then only matching on QoS group is supported in the child policy.

Match on IP DSCP (match ip dscp command)

Maininterface

Subinterface

Switchport

EVCs

Maininterface

Subinterface

EVCs

 

Match on IP precedence (match ip precedence command)

Maininterface

Subinterface

Switchport

EVCs

Maininterface

Subinterface

EVCs

 

Match on IP Real-Time Protocol (RTP)
(match ip rtp command)

Not supported.

Match on MAC address for an ACL name
(match mac address command)

Not supported.

Match on destination MAC address

(match destination-address mac command)

Not supported.

Match on source MAC address

(match source-address mac command)

Not supported.

Match on MPLS experimental (EXP) bit (match mpls experimental command)

Maininterface

Subinterface

Maininterface

Subinterface

EVCs

Supported.

Match on Layer 3 packet length in IP header (match packet length command)

Not supported.

Match on QoS group (match QoS-group command)

Maininterface only for software-based EoMPLS configurations

Supported in software-based EoMPLS configurations only using hierarchical QoS, where the parent policy configures matching on input VLAN and the child policy configures matching on QoS group.

Match on protocol

(match protocol command

Maininterface

Subinterface

Switchport

Maininterface

Subinterface

Supports matching on IP and IPv6.

Match on VLAN

(match vlan command—Matches the outer VLAN of a Layer 2 802.1Q frame)

EVC

Switchport

EVC

Supported.

Outer VLAN ID matching for 802.1Q tagged frames on EVC.

Match on VLAN Inner

(match vlan inner command—Matches the innermost VLAN of the 802.1Q tag in the Layer 2 frame)

EVC

EVC

Supported.

No match on specified criteria

(match not command)

Not supported.


Configuration Tasks

To create a user-defined QoS traffic class, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# class-map [match-all | match-any] class-name

Creates a traffic class, where:

match-all—(Optional) Specifies that all match criteria in the class-map must be matched, using a logical AND of all matching statements defined within the class. This is the default.

match-any—(Optional) Specifies that one or more match criteria must match, using a logical OR of all matching statements defined within the class.

class-name—Specifies the user-defined name of the class.

Note You can define up to 255 unique class-maps within a policy map as 1 class is always class-default.

Step 2 

Router(config-cmap)# match type

Specifies the matching criterion to be applied to the traffic, where type represents one of the forms of the match command supported by the ES20 line card as shown in Table 3-3.

Note A single class-map can contain up to 8 different match command statements.

Examples

This example shows how to configure a class-map named ipp5, and enter a match statement for IP precedence 5:

Router(config)# class-map ipp5
Router(config-cmap)# match ip precedence 5
Router(config-cmap)# 
 
 

This is an example of configuring class matching on multiple match statements.

 
 
Router(config)# class-map match-any many (id 1047)
Router(config-cmap)# match ip  precedence 3 
Router(config-cmap)# match access-group  100 
Router(config-cmap)# match mpls experimental 5 
 
 

This is an example of configuring class matching on named ACLS.

 
 
Router(config)# class-map match-all acl9 (id 1049)
Router(config-cmap)# match access-group name rock
 
 

This example shows a logical AND operation in a child policy with match vlan and class-default in a parent.

 
 
Router(config)# class-map match-all childAND
Router(config-cmap)# match cos 2-3
Router(config-cmap)# match cos inner 5 6
Router(config)# policy-map testchildAND
Router(config-pmap)# class childAND
Router(config-pmap-c)# shape average 100000000
Router(config)# policy-map parentAND
Router(config-pmap)# class vlan12
Router(config-pmap-c)# shape average 500000000

Router(config-pmap-c)# service-policy testchild

This example shows how to display class-map information for a specific class-map using the show class-map command:

Router# show class-map ipp5
Class Map match-all ipp5 (id 1)

Match ip precedence 5

 
 

This example shows how to display class-map information matching on extended ACLs using the show class-map command.

 
 
head# show class-map acl5
 Class Map match-all acl5 (id 1042)
   Match access-group  102 
 
 

This example shows how to verify classification on a VLAN in the parent class of a HQoS policy.

head# show policy-map match
policy-map match4
  class child AND
   shape average 3000000
 
 
policy-map match2
  class child AND
    shape average 200000
 
 

Configuring Policing

This section describes information for configuring QoS traffic policing policies.

Restrictions and Usage Guidelines

The Cisco 7600 series routers support different forms of policing using the police command. See Table 3-4 to determine which policing features are supported by ES20 line card type.

When configuring ingress policing on main, subinterface, and VLAN, follow these restrictions and usage guidelines:

The ES20 line card supports conform-action policing on input interfaces only.

Egress policing command is executed when the priority is defined, and the policy-map is not rejected because we can add policing and priority. While you configure the LLQ values on a dynamically applied policy-map, ensure that you define police values followed by priority values.

Egress policing command is executed when the priority is defined. The stand alone policing is not rejected because you can add priority values. When you configure the LLQ values on a dynamically applied policy-map, ensure that you define police values followed by bc and be priority values. You can configure these values and also define the queue limit.

Use policing with priority queueing to limit the traffic rate in egress.When configuring policing paired with priority, the conform action is fixed to transmit while violate or exceed is fixed to drop. These action are not user configurable.

When configuring one rate 2 color per EVC micro-flow policer:

Up to 16,000 policers per line card are supported; only one per service instance configured within the class class-default.

The conform-action or the exceed-action are statically defined and can not be altered.

One form of policy configuration is support with optional marking in the child policy and policing in the parent policy.

Table 3-4 provides information about which policing features are supported for the ES20 line card on the Cisco 7600 series routers.

Table 3-4 QoS Policing Feature Support

Policing Feature (police command)
Supported Interfaces
ES20 Line Card

Policing by aggregate policer

(police aggregate command)

Maininterface

Subinterface

Supported in ingress only.

Policing by bandwidth using token bucket algorithm

(police command)

Maininterface

Subinterface

EVC (egress only)

For egress, must be paired with priority command.

Policing with 2-color marker (committed information rate [CIR] and peak information rate [PIR])

(police (two rates) command—police cir pir form)

Maininterface

Subinterface

Supported in ingress only.

Policing by flow mask

(police flow mask command)

Maininterface

Subinterface

Supported in ingress only.

Policing by microflow

(police flow command)

Maininterface

Subinterface

Supported in ingress only.

One rate 2 color per EVC micro-flow policer

(committed information rate [CIR])

(police command—police cir form)

EVC

Supported in ingress only beneath class class-default.


Table 3-5 provides information about the interfaces and their supported actions on an ES20 line card.

Table 3-5 One-Rate Two Color Ingress Support

Supported Interfaces
Conform Actions
Exceed Actions

Maininterface

transmit

set dscp transmit

set precedence transmit

set mpls imposition exp

drop

policed dscp transmit

Subinterface

transmit

set dscp transmit

set precedence transmit

set mpls imposition exp

drop

policed dscp transmit

EVC

transmit

drop


Note EVC is supported only in class-default.


Switchport

transmit

set dscp transmit

set precedence transmit

set mpls imposition exp

drop

policed dscp transmit

set precdence

set dscp

set mpls imposition exp


Table 3-6 QoS Policing Action Support

Policing Action (set command)
 
ES20 Line Card

Drop the packet.

(drop command)

Maininterface

Subinterface

EVC

Supported—Ingress and egress.

Set the IP precedence and transmit.

(set-prec-transmit command)

Maininterface

Subinterface

Supported —Input interface only.

Set the IP DSCP and transmit.

(set-dscp-transmit command)

Maininterface

Subinterface

Supported—Input interface only.

Set the MPLS EXP bit (0-7) on imposition and transmit.

(set-mpls-experimental-imposition-transmit command)

Maininterface

Subinterface

Supported—Input interface only.

Set the MPLS EXP bit in the topmost label and transmit.

(set-mpls-experimental-topmost-transmit command)

Maininterface

Subinterface

Supported—Input interface only.

Transmit all packets without alteration.

(transmit command)

Maininterface

Subinterface

EVC

Supported—Ingress and egress.


Configuration Tasks

To create QoS traffic policies with policing, use the following commands beginning in global configuration mode:


Note Effective from 12.2(33)SRD release onwards, the service-policy configuration supports policy conform burst (bc) size setting on an ES20 interface. Releases earlier than 12.2(33)SRD, do not support setting policy bc size.



Note When creating QoS traffic policies as shown below, you can perform only one of the commands shown in Step 3 through Step 7 for each policy. You can perform Step 4 or Step 5 or Step 6 or Step 7; do not attempt to perform Step 3 through Step 7 in the same policy.


 
Command
Purpose

Step 1 

Router(config)# mls QoS

Enables the QoS functionality on an interface.

Step 2 

Router(config)# policy-map policy-map-name

Creates or modifies a traffic policy and enters policy-map configuration mode, where:

policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.

Step 3 

Router (config-pmap)# class {class-name | class-default}

Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where:

class-name—Specifies that the policy applies to a user-defined class name previously configured.

class-default—Specifies that the policy applies to the default traffic class.

Step 4 

Router(config-pmap-c)# police bps [burst-normal] [burst-max] conform-action action exceed-action action violate-action action

Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where:

bps—Specifies the average rate in bits per second. Valid values are 128000 to 1 Gigabyte or 10 Gigabyte.

burst-normal—(Optional) Specifies the normal burst size in bytes. Valid values are 1000 to 51200000. The default normal burst size is 1500 bytes.

burst-max—(Optional) Specifies the excess burst size in bytes. Valid values are 1000 to 51200000.

action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic.

Or

 

Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

Configures traffic policing using two rates, the committed information rate (CIR) and the peak information rate (PIR), where:

cir cir—Specifies the CIR at which the first token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000.

bc conform-burst—(Optional) Specifies the conform burst (bc) size in bytes used by the first token bucket for policing. The value is a number from 1000 to 31,250,000.

pir pir—Specifies the PIR at which the second token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000.

be peak-burst—(Optional) Specifies the peak burst (be) size in bytes used by the second token bucket for policing. The size varies according to the interface and platform in use.

action—(Optional) Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic.

Or

 

Router(config-pmap-c)# police flow {bits-per-second [normal-burst-bytes] [maximum-burst-bytes] [pir peak-rate-bps]} | [conform-action action] [exceed-action action] [violate-action action]

Configures a microflow policer, where:

bits-per-second—Specifies the CIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second.

normal-burst-bytes—(Optional) Specifies the CIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes.

maximum-burst-bytes—(Optional) Specifies the PIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes.

pir peak-rate-bps—(Optional) Specifies the PIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second.

action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic.

Or

 

Router(config-pmap-c)# police flow mask {dest-only | full-flow | src-only} {bits-per-second [normal-burst-bytes] [maximum-burst-bytes]} [conform-action action] [exceed-action action]

Configures a flow mask to be used for policing, where:

dest-only—Specifies the destination-only flow mask.

full-flow—Specifies the full-flow mask.

src-only—Specifies the source-only flow mask.

bits-per-second—Specifies the CIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second.

normal-burst-bytes—(Optional) Specifies the CIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes.

maximum-burst-bytes—(Optional) Specifies the PIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes.

action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming or exceeding traffic.

Or

 

Router(config-pmap-c)# police aggregate name

Specifies a previously defined aggregate policer name and configures the policy-map class to use the specified name of the aggregate policer.

Examples

This example shows a traffic policing configuration with the average rate at 128kbps, the normal burst size at 128,000 bytes, and the excess burst size at 4000 bytes:

Router(config)# class-map acgroup2
Router(config-cmap)# match access-group 2
Router(config-cmap)# exit
Router(config)# policy-map police
Router(config-pmap)# class acgroup2
police cir 128000 pir 10000000 conform-action transmit exceed-action drop 4 violate-action 
drop set-cos-transmit 4 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface gigethernet 1/0/0
Router(config-if)# service-policy input police
 
 

This example shows a policy that contains a one rate 2 color per EVC micro-flow policer with marking operations.

Router(config)# policy-map child
Router(config-pmap)# class cos1
Router(config-pmap-c)# set cos 5
Router(config-pmap)# class class-default
Router(config-pmap-c)# set cos 6
 
 
Router(config)# mls QoS
Router(config)# policy-map efppolicy
Router(config-pmap)# class class-default
Router(config-pmap-c)# police cir 200000000 bc 6250000 conform-action transmit 
exceed-action drop
Router(config-if)# service-policy child
 
 
This example shows a policy that contains a one- rate zero color (1R0C) policer:
 
 
Router(config)#policy-map 1r0c
Router(config-pmap)#class class-default
Router(config-pmap-c)#police cir 1000000 
Router(config-pmap-c-police)#end
 
 
This example shows a policy that contains a two- rate three color (2R3C) policer:
 
 
Router(config)#policy-map 2r3c
Router(config-pmap)#class cos1
Router(config-pmap-c)#police cir 1000000 pir 2000000 conform-action set-prec-transmit 3 
exceed-action set-prec-transmit 4 violate-action drop  
Router(config-pmap-c-police)#end
 
 
This example shows how to apply a policy-map on the EVC port channel:
 
 
Router(config)#int port-channel 100
Router(config-if)#service instance 1 ethernet 
Router(config-if-srv)#encapsulation dot1q 100 
Router(config-if-srv)#service-policy in 1r0c
 
 
 
 
 
 

Verification

Use the following commands to verify policing:

 
Command
Purpose
 

Router# show policy-map

Displays all configured policy-maps.

 

Router# show policy-map policy-map-name

Displays the user-specified policy-map.

 

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.

This example shows how to display policing statistics using the show policy-map interface command in the EXEC mode.

sh policy-map int gig 4/0/5
GigabitEthernet4/0/5 
Service-policy output: example
Counters last updated 00:00:00 ago
queue stats for all priority classes:
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/121416/0
(pkts output/bytes output) 428079/640406145
 
 
Class-map: prec1 (match-all)
497836 packets, 744762656 bytes
5 minute offered rate 18806000 bps, drop rate 828000 bps
Match: ip precedence 1 
police:
cir 3000000 bps, bc 93750 bytes
conformed 324764 packets, 485846905 bytes; actions: transmit
exceeded 121416 packets, 181636879 bytes; actions: drop
conformed 12256000 bps, exceed 842000 bps
Priority: Strict, b/w exceed drops: 121416
 
 
Class-map: class-default (match-any)
1761338 packets, 1138941205 bytes
5 minute offered rate 27792000 bps, drop rate 26713000 bps
Match: any 
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 70/824757/0
(pkts output/bytes output) 300574/420798000
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000

This is another example of displaying policing statistics using the show policy-map interface command; in this case the statistics are for a one rate 2 color per EVC micro-flow policer.

TenGigabitEthernet4/0/0: EFP 1 
Service-policy input: policesmall 
Counters last updated 00:00:00 ago 
Class-map: class-default (match-any) 
12353351 packets, 3627868092 bytes 
5 minute offered rate 671206 bps, drop rate 543206 bps 
Match: any 
police: 
cir 128000 bps, bc 4000 bytes 
conformed 2096904 packets, 130008048 bytes; actions: transmit 
exceeded 10256447 packets, 134308720 bytes; actions: drop 
conformed 127000 bps, exceed 543206 bps

Attaching a QoS Traffic Policy to an Interface

Before a traffic policy can be enabled for a class of traffic, it must be configured on an interface. A traffic policy also can be attached to Ethernet subinterfaces, maininterfaces, and service instances.

Traffic policies can be applied for traffic coming into an interface (input), and for traffic leaving that interface (output).

Attaching a QoS Traffic Policy for an Input Interface

When you attach a traffic policy to an input interface, the policy is applied to traffic coming into that interface. To attach a traffic policy for an input interface, use the following command beginning in interface configuration mode:

Command
Purpose

Router(config-if)# service-policy input policy-map-name

Attaches a traffic policy to the input direction of an interface, where:

policy-map-name—Specifies the name of the traffic policy to configure.


Attaching a QoS Traffic Policy to an Output Interface

When you attach a traffic policy to an output interface, the policy is applied to traffic leaving that interface. To attach a traffic policy to an output interface, use the following command beginning in interface configuration mode:

Command
Purpose

Router(config-if)# service-policy output policy-map-name

Attaches a traffic policy to the output direction of an interface, where:

policy-map-name—Specifies the name of the traffic policy to configure.


Configuring Marking

After you have created your traffic classes, you can configure traffic policies to configure marking features to apply certain actions to the selected traffic in those classes.

In most cases, the purpose of a packet mark is identification. After a packet is marked, downstream devices identify traffic based on the marking and categorize the traffic according to network needs. This categorization occurs when the match commands in the traffic class are configured to identify the packets by the mark (for example, match ip precedence, match ip dscp, match cos, and so on). The traffic policy using this traffic class can then set the appropriate QoS features for the marked traffic.

In some cases, the markings can be used for purposes besides identification. Distributed WRED, for instance, can use the IP precedence, CoS, IP DSCP, or MPLS EXP values to detect and drop packets.

Restrictions and Usage Guidelines

When configuring class-based marking on an ES20 line card, follow these restrictions and usage guidelines:

Ingress packet marking is supported on maininterfaces, subinterfaces, and service instances. You can configure packet marking and queueing actions in the same traffic policy.

If an ingress service policy configures both class-based marking and marking as part of a policing action, then the marking using policing takes precedence over any class-based marking.

The Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature supports mapping of the incoming VLAN dot1q p-bits to the outgoing MPLS EXP bits. Only outer tag dot1q pbits mapping is supported.

The Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature supports mapping of the incoming MPLS EXP bits to the outgoing VLAN dot1q p-bits.

MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE supports set cos and set cos inner commands in ingress marking. However, from 12.2(33) SRE onwards, ingress marking also supports set dscp and set precedence commands.

Set operations are not allowed at the parent level.

Up to two marking combinations can occur with the exception that Layer 2 marking is not combined with Layer 3 marking operations.

You should configure no mls qos trust value for ingress marking on the main and subinterfaces.

Table 3-7 and Table 3-8 provides information about the various Ingress and Egress Marking combinations supported for a ES20 line card on the Cisco 7600 series router.

For example, in Table 3-7, ¸ marked against DSCP and Cos (row 4 col 1) indicates that you can mark DSCP and Cos within a single class. Similarly, a x marked against MPLS Experimental and Precedence (row 5 col 3) indicates that you cannot use both within a single class.

Table 3-7 Layer 3 Egress Marking Scenarios For EVCs

 
Cos
Cos Inner
Precedence
DSCP
EXP
Cos and Cos Inner

Cos

¸

¸

¸

¸

Cos_Inner

¸

x

x

¸

Precedence

¸

x

x

x

¸

DSCP

¸

x

x

x

¸

MPLS Experimental

¸

¸

x

x

¸

Cos and Cos Inner

¸

¸

¸


Table 3-8 Layer 3 Ingress Marking Scenarios On a Service Instance

 
Cos
Cos Inner
Precedence
DSCP
EXP
Cos and Cos Inner

Cos

¸

¸

¸

x

Cos_Inner

¸

x

x

¸

x

Precedence

¸

x

¸

¸

DSCP

¸

x

¸

¸

MPLS Experimental

x

¸

¸

¸

¸

Cos and Cos Inner

¸

¸


The following example shows the sample ingress policy map for layer 3 marking support.

policymap policy1-in
class prec5
set cos 6
class cos_tos_all
set ip prec 4
class class-default
police cir 1000000

The following example shows Egress marking - port in set trust cos mode.

policymap policy1-eg-mark-BD 
class prec5
set cos 5
set ip dscp af31
shape average 1000000
class cos_in
set cos cos-inner
shape average 2000000
class cos_exp_all
set cos 6
shape average 3000000
policymap policy-hqos-eg-mark-BD 
class cosin_cos_dscp_all
set ip dscp af31
shape average 1000000
class class-default
shape average 2000000
service-policy policy1-eg-mark-BD 
 
 

The following example shows the sample output of the sh command.

pacv-7609S#sh policy-map interface ten4/0/1 service instance 1
TenGigabitEthernet4/0/1: EFP 1
Service-policy output: policy-hqos-eg-mark-BD
Counters last updated 00:00:04 ago
Class-map: cosin_cos_dscp_all (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: cos  1 
Match:  dscp 3 
Match: cos inner  3 
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
QoS Set
dscp af31
Packets marked 0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any 
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
Service-policy : policy1-eg-mark-BD
Counters last updated 00:00:04 ago
Class-map: prec5 (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: ip precedence 5 
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
QoS Set
cos 5
Packets marked 0
dscp af31
Packets marked 0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
Class-map: cos_in (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: cos inner  4 
Queueing
Queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
QoS Set
cos cos-inner
Packets marked 0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
Class-map: cos_exp_all (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: mpls experimental topmost 3 
Match: cos  1 
Queueing
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
QoS Set
cos 6
Packets marked 0
shape (average) cir 3000000, bc 12000, be 12000
target shape rate 3000000
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any 
queue limit 66 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
 
 

Table 3-9 Qos Class Based Marking Feature Support On A Main-Interface, Sub-Interface, and Serivce Instance

Marking Feature (set command)
Ingress
Egress
ES20 Line Card

Set ATM CLP bit

(set atm-clp command—Mark the ATM cell loss priority bit with value of 1)

Not supported.

Set discard class

(set discard-class command—Marks the packet with a discard class value for per-hop behavior)

Not supported.

Set Frame Relay DE bit

(set fr-de command—Mark the Frame Relay discard eligibility bit with value of 1)

Not supported.

Set IP DSCP

(set ip dscp command—Marks the IP differentiated services code point (DSCP) in the type of service (ToS) byte with a value from 0 to 63.)

Subinterface

Maininterface

Switchport

EVC interface

Subinterface

Maininterface

Switchport

EVC interface

Supported on ingress and egress.

Set IP precedence

(set ip precedence command—Marks the precedence value in the IP header with a value from 0 to 7.)

Subinterface

Maininterface

Switchport

EVC

Subinterface

Maininterface

Switchport

EVC

Supported on ingress and egress.

Set Layer 2 802.1Q CoS

(set cos command—Marks the CoS value from 0 to 7 in an 802.1Q tagged frame.)

EVC interface

Subinterface

EVC interface

Switchport

Subinterfaces supported on egress.

EVCs supported in ingress and egress.

Set Layer 2 802.1Q CoS

(set cos-inner command—Marks the inner CoS field from 0 to 7 in a bridged frame.)

EVC

Subinterface

EVC interface

Subinterfaces supported on output.

EVCs supported in ingress and egress.

Set Layer 2 802.1Q CoS

(set cos-inner cos command—Copies out CoS to inner CoS.

EVC

Subinterface

EVC interface

Subinterfaces supported on egress.

EVCs supported in ingress and egress.

Set Layer 2 802.1Q CoS

(set cos cos-inner command)

EVC

Subinterface

EVC interface

Subinterfaces supported on output.

EVCs supported in input and output direction.

Set MPLS experimental (EXP) bit on label imposition

(set mpls experimental imposition command)

Maininterface

Subinterface

EVC interface

Switchport

Not supported

Supported on ingress for a service instance.

Note Marking of EXP in case of MPB results in marking of DBUS CoS. Marking of EXP in case of xconnect and connect results in the marking of DBUS Cos as well as the MPLS Tags added as part of xconnect/connect processing.

Set MPLS EXP topmost

(set mpls experimental topmost command)

EVC interface

Supported for EVC in egress.

Set QoS group

(set QoS-group command—Marks the packet with a QoS group association.)

Not supported.


Configuration Tasks

To configure a QoS traffic policy with class-based marking, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies a traffic policy and enters policy-map configuration mode, where:

policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.

Step 2 

Router (config-pmap)# class {class-name | class-default}

Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where:

class-name—Specifies that the policy applies to a user-defined class name previously configured.

class-default—Specifies that the policy applies to the default traffic class.

Step 3 

Router(config-pmap-c)# set type

Specifies the marking action to be applied to the traffic, where type represents one of the forms of the set command supported by the ES20 line card as shown in Table 3-8.

Examples

This example shows the creation of a service policy called policy1. This service policy is associated to a previously defined classification policy through the use of the class command. This example assumes that a classification policy called class1 was previously configured.

Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# set ip precedence 1 
 
 

Verification

Use the following commands to verify marking:

 
Command
Purpose
 

Router# show policy-map

Displays all configured policy-maps.

 

Router# show policy-map policy-map-name

Displays the user-specified policy-map.

 

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.

For more detailed information about configuring class-based marking features, refer to the Class-Based Marking document located at the following URL:

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html

Configuring Shaping

This section describes information for configuring QoS traffic policies for shaping traffic.

Restrictions and Usage Guidelines

When configuring queueing features on an ES20 line card, follow these restrictions and usage guidelines:

The Cisco 7600 series routers support different forms of queueing features. See Table 3-10 to determine which traffic shaping features are supported by the ES20 line card type.

Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ. First, configure a parent policy to shape to the total bandwidth required. Then, define a child policy using CBWFQ for the minimum bandwidth percentages.

Traffic shaping is a queue with some CIR and excess information rate (EIR) value, such that CIR plus EIR is the shaped rate. Traffic shaping on an average cuts the flow of traffic from the queue at the configured shape rate over a mean period of time

For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.

Table 3-10 provides information about which QoS traffic shaping features are supported for the ES20 line card on the Cisco 7600 series router.

Table 3-10 QoS Traffic Shaping Feature Support

Traffic Shaping Feature (command)
ES20 Line Card

Adaptive shaping for Frame Relay

(shape adaptive command)

Not supported.

Class-based shaping

(shape average, shape peak commands)

Supports shape average only in egress.

Policy-map class shaping with adaptation to backward explicit congestion notification (BECN)

(shape adaptive command)

Not supported.

Policy-map class shaping with reflection of forward explicit congestion notification (FECN) as BECN

(shape fecn-adapt command)

Not supported.

Policy-map class shaping of peak rate of traffic by percentage of bandwidth

(shape peak percent command)

Not supported.


Configuration Tasks

Use MQC to configure traffic shaping. Create a class-map using the class-map command and a policy-map using the policy-map command. Attach the class to the policy using the class command and then use the shape command to configure shaping for that class.

 
Command
Purpose

Step 1 

Router(config)# class-map [match-all | match-any] class-name

Creates a class-map to be used for matching packets to a class.

Step 2 

Router(config-cmap)# match [ip dscp ip-dscp-value | ip precedence ip-precedence-value | mpls experimental mpls-exp-value]

Specifies a specific IP DSCP, IP precedence, or MPLS EXP value as a match criterion.

Step 3 

Router(config)# policy-map policy-name

Specifies the name of the policy-map to configure.

Step 4 

Router(config-pmap)# class class-name

Specifies the name of a predefined class included in the service policy.

Step 5 

Router(config-pmap-c)# shape [average] mean-rate [[burst-size] [excess-burst-size]]

Specifies new values for traffic shaping. Maximum values are 128000 to 990 Mbps or 9.9Gb.

Examples

This example shows traffic shaping on a main interface; traffic leaving interface Gig1/0/0 is shaped at the rate of 10 Mbps:

Router(config)# class-map class-interface-all
Router(config-cmap)# match ip precedence 1
Router(config-cmap)# exit
Router(config)# policy-map dts-interface-all-action
Router(config-pmap)# class class-interface-all
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# exit
Router(config)# interface gig 1/0/0

Router(config-if)# service-policy output dts-interface-all-action

This is an example of an output shaping policy on a switchport interface that matches on a CoS value queuing defined in the classes.

 
 
Router(config)# policy-map switchport-cos-policy
Router(config-pmap)# class cos1
Router(config-pmap-c)# shape ave 100000000
 
 

Now the policy is applied in the egress direction on the main switchport.

Router(config)# interface TenGigabitEthernet9/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-cos-policy
 
 

In this example, the flat policy-map is applied in the egress direction to a subinterface.

Router(config)# policy-map x
Router(config-pmap)# class prec5
Router(config-pmap-c)# police 100000000
Router(config-pmap-c)# priority
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 100000000
 
 

In this example, the following policy-map is applied in the egress direction to a subinterface.

Router(config)# policy-map child2
Router(config-pmap)# class prec5
Router(config-pmap-c)# shape average 100000000
Router(config)# policy-map pcd
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 300000000
Router(config-if)# service-policy child2
 
 

Verification

Use the following commands to verify traffic shaping:

 
Command
Purpose
 

Router# show policy policy-name

Displays the configuration of all classes composing the specified traffic policy.

 

Router# show policy policy-name class class-name

Displays the configuration of the specified class of the specified traffic policy.

Configuring Shaping on the ES20 Main Interface

A traffic policy can be nested within a QoS policy when the service-policy command is used in a policy-map class configuration mode. A traffic policy that contains a nested traffic policy is called a hierarchical traffic policy.

A hierarchical traffic policy contains a child and a parent policy. The service-policy command associates the previously defined child policy with the new traffic policy and the parent policy uses the preexisting traffic policy.

Hierarchical traffic policies are supported on subinterfaces, EVCs, and EVC port channels. When hierarchical traffic policies are used, you c an use a single traffic policy (with a child and a parent policy) to shape and prioritize traffic.

You can use this feature to configure a HQoS on an ES20 main interface where the child policy-map is attached to the class-default of a parent policy-map. For more information on hierarchical shaping, refer to the section "Configuring Hierarchical QoS with Tiered Policy-Maps" section

About Traffic Shaping

Traffic shaping:

Controls the outbound traffic of an interface to match its flow to the speed of the remote target interface.

Manages the access to the available bandwidth.

Regulates the traffic flow to avoid congestion.

Ensures that the traffic conforms to policies contracted for it.

Shapes the traffic to eliminate the bottlenecks in topologies with data-rate mismatches.

Cisco IOS QoS uses policing and shaping to regulate data traffic. The rate-limiting features of the Committed Access Rate (CAR) and the Traffic Policing feature provides the functionality to police the traffic and the features of Generic Traffic Shaping (GTS), Class-Based Shaping, and Distributed Traffic Shaping (DTS) provides the functionality to shape traffic.
For more information on Shaping, refer to the "HQoS Polices with Shape in Child Classes"section in the Cisco IOS Quality of Serivce Configuration Guide.

Cisco IOS QoS software uses two types of traffic shaping: GTS and Class-Based.

Their have:

Similar traffic shaping methods using different CLIs.

Different types of queues to contain and shape deferred traffic.

Weighted fair queue to hold the delayed traffic for the deferred packets.

Restrictions and Usage Guidelines

Follow these restrictions and usage guidelines when you configure shaping on an ES20 main interface:

When a child policy is added to the class-default, no other classes should exist on the parent level.

When you apply a service policy on a main interface, ensure that the EVC or subinterface is not configured within the main interface.

A minimum of 128 Kbps shape value and a maximum of 99% of interface bandwidth is supported.

Non example

In the following non example, the policy-map parent has a user-defined class prec1 and a class class-default with a attached child policy.

Based on the following example, this feature does not support policies with:

user-defined classes at the parent level.

Class defaults with attached child policies.

Policy-map parent
Class prec1
Shape average 10000000
Class class-default
Shape average 100000000
Service-policy child
 
 
Policy-map child
Class prec0
Shape average 50000000
Class class-default
Shape average 50000000

Though this feature does not support the following scenario, you can apply the policies in the following example.

Policy-map parent
Class vlan12 (matches on Vlan 12)
Shape average 10000000
Class class-default
Shape average 20000000
Service-policy child
 
 
policy-map child
class cos0
shape average 5000000
class cos1
shape average 5000000
class class-default
shape average 20000000

Configuring the Child Policy

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy name

4. class class-default

5. class class name

6. shape [average] mean-rate

7. class class-default

8. shape [average] mean-rate

9. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

policy-map policy name

Example:

P19_C7609-S(config)# policy-map child

Enters the policy name.

Step 4 

class class default

Example:

P19_C7609-S(config)#(config-pmap-c)
class class default

Applies a class default value to the policy-map.

Step 5 

class class name

Example:

P19_C7609-S(config-pmap)# class test

Attaches a class map to the child policy-map.

Step 6 

shape [average] mean-rate

Example:

P19_C7609-S(config-pmap-c)# shape average 50000000

Sets the average shaping rate in bits per second for the child policy-map.

Step 7 

class class-default

Example:

P19_C7609-S(config-pmap-c)# class class-default

Specifies the name of the class, whose policy you want to create or change, and the default class (commonly known as the class-default class) before you configure its policy.

Step 8 

shape [average] mean-rate

Example:

P19_C7609-S(config-pmap-c)# shape average 50000000

Sets the average shaping rate in bits per second for the child policy-map.

Step 9 

exit

Example:

Router (config-if)#

Exits to global configuration mode.

Configuring the Parent Policy

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy name

4. class class-default

5. shape [average] mean-rate

6. service-policy policy-map name

7. interface type value

8. service-policy [output class-default]

9. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

policy-map policy-map

Example:

P19_C7609-S(config-pmap-c)# policy-map parent

Creates a parent policy-map with a specified name.

Step 4 

class class-default

Example:

P19_C7609-S(config-pmap)# class class-default

Specifies the name of the class whose policy you want to create or change, and the default class (commonly known as the class-default class), before you configure its policy.

Step 5 

shape [average] mean-rate

Example:

P19_C7609-S(config-pmap-c)# shape average 100000000

Sets the average shaping value in bits per second to ensure a specific bandwidth.

Step 6 

service- policy policy-map name

Example:

P19_C7609-S(config-pmap-c)# service-policy child

Configures the hierarchical child policy.

Step 7 

interface type value

Example:

Router (config)# interface gig2/0/0

Identifies the interface to which the service policy should be attached. The format of value is slot/subslot/port and ensure that you do not include a space between the type and value when you execute the command.

Step 8 

service-policy [output class-default]

Example:

Router(config-if)# service-policy output parent

Attaches the configured parent policy-map to the Ethernet interface.

Step 9 

exit

Example:

Router (config-if)#

Exits to global configuration mode.

Verification

You can execute the show run command to view the policy-map attached to the interface.In the following example, the child policy classifies and prioritizes the traffic, and the parent policy shapes the traffic.

USA# show policy-map int gig 1/0/0
GigabitEthernet1/0/0 
Service-policy output: parent
Counters last updated 00:00:00 ago
Class-map: class-default (match-any)
2 packets, 164 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any 
Queueing
queue limit 3315 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/164
shape (average) cir 100000000, bc 400000, be 400000
target shape rate 100000000
Service-policy : child
Counters last updated 00:00:00 ago
Class-map: prec0 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: ip precedence 0 
Queueing
queue limit 1655 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 50000000, bc 200000, be 200000
target shape rate 50000000
Class-map: class-default (match-any)
2 packets, 164 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any 
Queueing
queue limit 1655 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/164
shape (average) cir 50000000, bc 200000, be 200000
target shape rate 50000000
end

Configuring QoS Queue Scheduling

This section describes ES20 line card-specific information for configuring QoS queue scheduling.

Restrictions and Usage Guidelines

When configuring queueing features on an ES20 line card, follow these restrictions and usage guidelines:

The Cisco 7600 series routers support different forms of queueing features. See Table 3-11 to determine which queueing features are supported by ES20 line card type.

You must use policing with priority queueing to limit the traffic rate.

ES20 line card supports up to two LLQ queues per policy-maps with equal priority.

If you receive any exceed errors on the line card, we recommend you to remove all the policy-maps from the erroneous port.

Ensure that you configure the policy-maps to use 99% of the port bandwidth. Policy-map functions erroneously when it is configured to use the 100% bandwidth of the port because 1% of the port bandwidth is reserved for control packets.

A maximum of 8000 queues are supported per bay.

The maximum acceptable limit of the Excess Information Rate (EIR) limitation per port is 549 Gigabyte.

Priority or low latency queue with bit rates (priority <kbps> command) is not supported.

Priority or low latency queue with percent (priority percent command) is not supported.

For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.

Table 3-11 provides information about which QoS queueing features are supported for the ES20 line card on the Cisco 7600 series routers.

Table 3-11 QoS Congestion Management and Avoidance Feature Support

Congestion Management and Avoidance Feature (command)
ES20 Line Card

Aggregate Weighted Random Early Detection (WRED)

(random-detect aggregate, random-detect dscp (aggregate), and random-detect precedence (aggregate) commands)

Egress supported.

Note WRED DSCP based aggregate is supported only on the main and subinterfaces of Layer 3. It is not supported on EVC interfaces.

Weighted RED (WRED)

Not supported.

Class-based Weighted Fair Queueing (CBWFQ)

(bandwidth, queue-limit commands)

Egress supported.

Flow-based Queueing (fair queueing/WFQ)

(fair-queue command)

Not supported.

Low Latency Queueing (LLQ)/Priority Queueing

(priority command paired with police command)

Egress supported.

Random Early Detection (RED)

(random-detect commands)

Not supported.


Configuring WRED


Note You can use a maximum of 4 random detect statements with a single class-map and total of 128 WRED statements per bay.


To configure a QoS WRED policy, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-name

Specifies the name of the policy-map to configure.

Step 2 

Router(config-pmap)# class class-name

Specifies the name of a predefined class included in the service policy.

Step 3 

Router(config-pmap-c)# shape average

Shapes traffic to the indicated bit rate for the specified class.

Step 4 

Router(config-pmap-c)# random-detect aggregate

Enables WRED.

Step 5 

Router(config)# interface interface-name

Specifies the interface to which the policy-map will be applied.

Step 6 

Router(config-if)# service-policy [output policy-name]

Attaches the specified policy-map to the interface.

Examples

This is an example of a WRED configuration.

Router(config)# policy-map wredtest
Router(config-pmap)# class cos5
Router(config-pmap-c)# shape average 200000000
Router(config-pmap-c)# random-detect precedence-based aggregate
Router(config-pmap-c)# random-detect precedence values 0 min 100 max 200 mark-prob 1
Router(config-pmap-c)# random-detect precedence values 1 min 300 max 500 mark-prob 1
Router(config-pmap-c)# random-detect precedence values 2 min 600 max 900 mark-prob 1
 

The default line can also be configured as follows:

Router(config-pmap-c)# random-detect precedence-based aggregate min 200 max 300 mark-prob 
1

Min and max threshold values listed in the previous command signifies the number of 256 byte packet buffers.


Note Packets or datagrams or frames larger than 256 bytes consumes more packet buffers.



Note In a EVC, if WRED config with precedence is used, the CoS value is mapped to the Prec value.


Configuring CBWFQ

To configure a QoS CBWFQ policy, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates or modifies a traffic policy and enters policy-map configuration mode, where:

policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.

Step 2 

Router (config-pmap)# class {class-name | class-default}

Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where:

class-name—Specifies that the policy applies to a user-defined class name previously configured.

class-default—Specifies that the policy applies to the default traffic class.

Step 3 

Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}

Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth, to be assigned to the class. The minimum value to set is 128kbps.The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.

Step 4 

Router(config-pmap-c)# queue-limit number-of-packets

Specifies the maximum number of 256 byte packets that can be queued for the class.

Note Packets or datagrams or frames larger than the 256 bytes consumes more packet buffers. For example a packet of size 500 bytes occupies 2 packet buffers.

Note You cannot have more than 128 queue- limit commands per bay.

Note You can use the queue-limit command with shape and priority queues.

Note Cisco recommends that you use the default queue-limit tuned to the bandwidth rate configured in the queueing action. Use this step if the default is not satisfactory.

Examples

This example shows a service policy called policy1 that specifies the amount of bandwidth to allocate for traffic classes 1 and 2:

Router(config)# class-map class1 
Router(config-cmap)# match ip dscp 30
Router(config-cmap)# exit
 
 
Router(config)# class-map class2 
Router(config-cmap)# match ip dscp 10

Router(config-cmap)# exit

Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 30000 
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# class class2
Router(config-pmap-c)# bandwidth 20000 
Router(config-pmap-c)# exit
Router(config-pmap)# exit

Router(config)#

Router(config)# interface gig 1/0/0 
Router(config-if)# service-policy output policy1 
Router(config-if)# exit

Use the following commands to verify CBWFQ:

Command
Purpose

Router# show policy-map policy-map

Displays the configuration of all classes that make up the specified policy-map.

Router# show policy-map policy-map class class-name

Displays the configuration of the specified class of the specified policy-map.

Router# show policy-map interface interface-name

Displays the configuration of all classes configured for all policy-maps on the specified interface.


Configuring LLQ

To configure LLQ, use the Modular QoS command-line interface. Define the class of traffic with the class-map command, create a policy-map that contains the priority command, and apply the policy to the appropriate interface with the service-policy command.

You can configure a maximum of 2 priority queue with policing on two different classes.

To configure a policy with LLQ and to assign the policy to an interface, perform the following tasks in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-name

Specifies the name of the policy-map to configure.

Step 2 

Router(config-pmap)# class class-map-name

Specifies the name of a predefined class included in the service policy.

Step 3 

Router(config-pmap-c)# police bps [burst-normal] [burst-max] conform-action action exceed-action action violate-action action

Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where:

bps—Specifies the average rate in bits per second. Valid values are 128,000 to 200000000.

burst-normal—(Optional) Specifies the normal burst size in bytes. Valid values are 1000 to 31,250,000. The default normal burst size is 1500 bytes.

burst-max—(Optional) Specifies the excess burst size in bytes. Valid values are 1000 to 31,250,000.

action—Specifies the policing command (as shown in Table 3-5) for the corresponding conforming, exceeding, or violating traffic actions. Ensure that confirm action is always set to transmit and exceed and violate action is set to drop.

Step 4 

Router(config-pmap-c)# priority 

Gives strict priority to a class of traffic belonging to the policy-map.

Step 5 

Router(config)# interface interface-name

Specifies the interface to which the policy-map will be applied.

Step 6 

Router(config-if)# service-policy output policy-name

Attaches the specified policy-map to the interface.

Examples

The following example configures an output LLQ policy on a switchport interface that matches on a CoS value queuing defined in the classes.

 
 
Router(config)# policy-map switchport-llq-policy
Router(config-pmap)# class cos0
Router(config-pmap-c)# police 500000000 
Router(config-pmap-c)# priority
 
 

Now the policy is applied to the interface.

Router(config)# interface TenGigabitEthernet9/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-llq-policy

Configuring PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card

The ES20 line card supports most of the same QoS features as those supported by the Policy Feature Card (PFC) on the Cisco 7600 series routers.

This section describes those QoS features that have ES20 line card-specific configuration guidelines. After you review the ES20 line card-specific guidelines described in this document, then refer to the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR located at the following URL:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/swcg.html

PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card Configuration Guidelines

Output policing is not supported.

PFC egress marking is not supported.

Ingress marking and policing is performed with PFC Qos.

Configuring Hierarchical QoS

Table 3-12 provides information about where the hierarchical QoS features are supported.

Table 3-12 Hierarchical QoS Feature Support

Feature
Supported Interfaces
ES20 Line Card

Hierarchical QoS for EoMPLS VCs (parent policy)

 

Supported at egress only using match iput vlan command in parent policy.

Hierarchical QoS—Tiered policy-maps with parent policy using class-default only on the subinterface.

Subinterface

Maininterface

Parent supports class-default only in egress direction.

Hierarchical QoS—Tiered policy-maps with parent policy in user-defined match vlan on the maininterface.

Main switchport interface

Parent supports match vlan only in egress direction. Hierarchical class-default is not supported.

Hierarchical QoS with Ethernet MPB (service instance)

EVC

Parent supports class-default, match vlan, and match vlan inner commands in egress direction.


Hybrid Policy Support

The following hybrid policy is not supported on an ES20 line card.

LLB#sh policy-map unsupp
Policy Map unsupp
Class voip
Average Rate Traffic Shaping 
cir 3000000 (bps)
service-policy child1
Class video
Average Rate Traffic Shaping
cir 2000000 (bps)
service-policy child2
Class class-default
Average Rate Traffic Shaping
cir 5000000 (bps)
service-policy child3
 
 
LLB#sh policy-map child1
Policy Map child1
Class prec3
Average Rate Traffic Shaping
cir 1500000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1000000 (bps)
LLB#sh policy-map child2
Policy Map child2
Class prec3
Average Rate Traffic Shaping
cir 1000000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1500000 (bps)
LLB#sh policy-map child3
Policy Map child3
Class prec3
Average Rate Traffic Shaping
cir 1500000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1000000 (bps)
LLB# sh policy-map unsupp
Policy Map unsupp
Class voip
Average Rate Traffic Shaping
cir 3000000 (bps)
Class video
Average Rate Traffic Shaping
cir 2000000 (bps)
Class class-default
Average Rate Traffic Shaping
cir 5000000 (bps)
service-policy child3
 
 
LLB#sh policy-map child3
Policy Map child3
Class prec3
Average Rate Traffic Shaping
cir 1500000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1000000 (bps) 

The following configuration is supported on the maininterfaces, switchport, and EVCs:

LLB#sh policy-map supp
Policy Map supp
Class voip
Average Rate Traffic Shaping
cir 3000000 (bps)
service-policy child1
Class video
Average Rate Traffic Shaping
cir 2000000 (bps)
service-policy child2
Class class-default
Average Rate Traffic Shaping
cir 5000000 (bps)
 
 
LLB#sh policy-map child1
Policy Map child1
Class prec3
Average Rate Traffic Shaping
cir 1500000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1000000 (bps)
 
 
LLB#sh policy-map child2
Policy Map child2
Class prec3
Average Rate Traffic Shaping
cir 1000000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1500000 (bps)
 
 
LLB#sh policy-map child3 
Policy Map child3
Class prec3
Average Rate Traffic Shaping
cir 1500000 (bps)
Class prec4
Average Rate Traffic Shaping
cir 1000000 (bps)

Configuring Hierarchical QoS with Tiered Policy-Maps

Hierarchical QoS with tiered policy-maps is a configuration where the actions associated with a class contain a queuing action (such as shaping) and a nested service policy, which in itself is a policy-map with classes and actions. This hierarchy of the QoS policy-map is then translated into a corresponding hierarchy of queues.

Configuration Guidelines

When configuring hierarchical QoS with tiered policy-maps on an ES20 line card, follow these restrictions and usage guidelines:

You can configure up to two levels of hierarchy within the policy-maps.

The parent policy-map has the following restrictions on a main switchport interface:

Supports match vlan command in parent class and match cos command in the child class. You can configure shape or bandwidth queueing actions in any class (user-defined and class-default).

When configuring hierarchical QoS for software-based EoMPLS, if you configure match input vlan in the parent policy, then you can only configure match QoS-group in the child policy.

ES20 line card does not support a flat match QoS-group policy.

In hierarchical QoS, the set command is not supported in the parent policy.

In egress direction, the set command works if at least one queueing action is configured in the policy. This queueing action can also exist in the parent policy while child policies contain only marking.

The child policy-map supports shape, bandwidth, priority, set operations, and WRED QoS features.

With hierarchical QoS on a subinterface, the parent policy-map supports hierarchical QoS using only the shape average command as a queueing action in the default class (class-default) only.

If you configure shaping at both the parent policy and the child policy, the traffic is shaped first according to the parameters defined in the parent policy, followed by the parameters of the child policy.

Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ with a map class. First, configure a parent policy to shape to the total bandwidth required. Then, define a child policy using CBWFQ for the minimum bandwidth percentages.

ES20 supports class-default hQoS policy-maps. A user-defined class-map in the parent policy is not supported on subinterfaces. The following example shows an unsupported policy-map on a sub-interface:

pavement#sh policy-map unsup
Policy Map unsup
Class prec4 *** not supported
Average Rate Traffic Shaping
cir 300000000 (bps)
Class class-default
Average Rate Traffic Shaping
cir 200000000 (bps)
service-policy unsup2
pavement#sh policy-map unsup2
Policy Map unsup2
Class prec2
Average Rate Traffic Shaping
cir 50000000 (bps)
Class prec3
Average Rate Traffic Shaping
cir 100000000 (bps)
 
 

You can configure hierarchical QoS up to the following limits, according to the current Cisco IOS software limits:

Up to 1024 class-maps

Up to 1024 policy-maps

Up to 256 unique classes in a policy-map including class-default

The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues. The first-level policy (the parent policy) configures the aggregated data rate to be shaped to 1 Mbps for the class-default class. The second-level policy (the child policy) configures the traffic in User-A class for 40 percent of the bandwidth and traffic in User-B class for 20 percent of the bandwidth.

! Configure the class-maps with your matching criteria
!
Router(config)# class-map match-any User-A
Router(config-cmap)# match access-group A
Router(config-cmap)# exit
Router(config)# class-map match-any User-B
Router(config-cmap)# match access-group B
Router(config-cmap)# exit
!

Configure the parent policy for class-default to shape all traffic in that class and apply a second-level policy.

Router(config)# policy-map child
Router(config-pmap)# class User-A
Router(config-pmap-c)# bandwidth percent 40
Router(config-pmap-c)# exit
Router(config-pmap)# class User-B
Router(config-pmap-c)# bandwidth percent 20
Router(config-pmap-c)# exit
Router(config-pmap)# exit
!
Router(config)# policy-map parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 1000000
Router(config-pmap-c)# service-policy child
Router(config-pmap-c)# exit
Router(config-pmap)# exit
!

Configure the child policy to allocate different percentages of bandwidth by class.

 
 
!Apply the parent service policy to an output subinterface.
!
Router(config)# interface TenGigabitEthernet 2/0/0.1
Router(config-if)# encapsulation dot1q 11
Router(config-if)# service-policy output parent
 
 

The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues, where the parent policy configures average traffic shaping rates on both user-defined classes as well as the class-default class, which is supported beginning in Cisco IOS Release 12.2(33)SRA. This configuration does not show the corresponding class-map configuration, which also is required to support these policy-maps.

Configure the parent policy for user-defined and class-default classes to shape traffic in those classes and apply a second-level policy.

Configure the child policy to allocate different percentages of bandwidth by class.

!
Router(config)# policy-map child-pm
Router(config-pmap)# class cos0
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# class cos1
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# exit
!
Router(config)# policy-map parent
Router(config-pmap)# class vlan100
Router(config-pmap-c)# shape average 1000000
Router(config-pmap-c)# service-policy child-pm
Router(config-pmap-c)# exit
Router(config-pmap)# class vlan200
Router(config-pmap-c)# shape average 1000000
Router(config-pmap-c)# service-policy child-pm
Router(config-pmap-c)# exit
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 2000000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
!
! Apply the parent service policy to an output interface.
!
Router(config)# interface TenGigabitEthernet 2/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-cos-policy
Router(config-if)# service-policy output parent-pm
 
 

This example shows how to display information a class-default HQoS policy with child policy matching on various supported criteria.

 
 
Router# show policy-map parent2
  Policy Map parent2
    Class class-default
Router(config-pmap-c)# shape average 3000000000 12000000 12000000
      service-policy child
head# show policy-map child  
  Policy Map child
    Class dscp3
shape average 100000000 400000 400000
Class prec5
     police cir 200000000 bc 6250000 be 6250000 conform-action transmit exceed-action drop
      priority
    Class acl2
shape average 50000000 200000 200000
    Class class-default
      bandwidth 10 (%)

Configuring Hierarchical QoS for EoMPLS VCs

The Hierarchical Quality of Service (HQoS) for EoMPLS VCs feature extends support for hierarchical, parent and child relationships in QoS policy-maps. This feature also provides EoMPLS per-VC QoS for point-to-point VCs.

The new feature adds the ability to match the virtual LAN (VLAN) IDs that were present on a packet when the packet was originally received by the router. It also supports the ability to match on a QoS group that is set to the same value of the IP precedence or 802.1P class of service (CoS) bits that are received on the incoming interface. This allows service providers to classify traffic easily for all or part of a particular EoMPLS network, as well as to preserve the customer's original differentiated services (DiffServ) QoS values.

In EoMPLS applications, the parent policy-map typically specifies the maximum or the minimum bandwidth for a group of specific VCs in an EoMPLS network. Then child policy-maps in the policy can implement a different bandwidth or perform other QoS operations (such as traffic shaping) on a subset of the selected VCs.

This feature enables service providers to provide more granular QoS services to their customers. It also gives service providers the ability to preserve customer IP precedence or CoS values in the network.

Hierarchical QoS with Service Instances

The Hierarchical Quality of Service (HQoS) with Service Instances extends support for hierarchical, parent and child relationships in QoS policy-maps. Both flat and hierarchical policies can be applied to service instances configured as Ethernet MPB, EoMPLS, local connect, or selective QinQ.

Configuration Guidelines

When configuring hierarchical QoS with Ethernet Service Instances on an ES20 line card, follow these restrictions and usage guidelines:

You can classify on the inner VLAN tag, the outer VLAN tag, or a combination of both. You can classify on the inner VLAN tag and CoS or the outer VLAN tag and CoS. You can classify on CoS, or CoS inner or any combination of these filters.

The following MQC actions are permitted:

Shaping

Bandwidth

Two priority queues per policy

Set cos, set cos-inner, set cos cos-inner, set cos-inner cos, and set mpls exp commands

set mpls exp is supported in ingress (for Eompls only).

WRED aggregate

Queue-limit

For marking, you can copy or rewrite the inner cos, the outer cos, or both inner and outer cos, or your can copy the inner cos to outer cos or vice versa.

EVC Configuration Examples

This example shows ingress QoS on scalable EoMPLS.

Router(config)# interface gig 1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if)# xconnect 2.2.2.2 100 pw-class vlan-xconnect
Router(config-pmap-c)# service-policy input mark-it-in
Router(config)# policy-map mark-it-in
Router(config-pmap)# class cos0
Router(config-pmap-c)# set mpls exp 5

In this example of a single tag VLAN configuration, because the encapsulation dot1q 10 is already classified, only the inner VLAN and CoS values are configured.

Router(config)# interface gig 1/0/0
Router(config-if)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge domain 200
Router(config-pmap-c)# service-policy input mark-it-in
Router(config)# policy-map mark-it-in
Router(config-pmap)# class innervlan20
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
 
 

This is an example of a single tag VLAN connect ingress policy.

Router(config)# interface interface GigabitEthernet1/0/1 
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-pmap-c)# service-policy in mark-it-in
Router(config)# interface interface GigabitEthernet1/0/2 
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-pmap-c)# service-policy in mark-it-in
Router(config-if-srv)# connect EVC1 GigabitEthernet1/0/1 100 GigabitEthernet1/0/2 101
Router(config)# policy-map mark-it-in
Router(config-pmap)# class vlaninner20cosinner5
Router(config-pmap-c)# set cos 0
 
 
This is an example of an egress double tag VLAN connect hierarchical configuration.
 
 
Router(config)# interface interface GigabitEthernet1/0/1   
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2  symmetric
Router(config-pmap-c)# service-policy out parent-out-100
Router(config)# interface interface GigabitEthernet1/0/2 
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-pmap-c)# service-policy out parent-out-101
Router(config-if-srv)# connect EVC1 GigabitEthernet/0/1 100 GigabitEthernet 1/0/2 101
Router(config)# policy-map child-out-100
Router(config-pmap)# class cos5
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config)# policy-map parent-out-100
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out-100
Router(config)# policy-map child-out-101
Router(config-pmap)# class cos0
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 5
Router(config-pmap-c)# set cos-inner 5
Router(config)# policy-map parent-out-101
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out-101
 
 
This is an example of an egress double tag VLAN connect flat configuration.
 
 
Router(config)# policy-map flat-100 
Router(config-pmap)# class cos5 
Router(config-pmap-c)# shape average 10000000 
Router(config-pmap-c)# set cos 0 
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default  <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queuing action
Router(config-pmap-c)# set cos 6 
Router(config)# policy-map flat-101 
Router(config-pmap)# class cos0 
Router(config-pmap-c)# shape average 10000000 
Router(config-pmap-c)# set cos 5
Router(config-pmap-c)# set cos-inner 5 
Router(config-pmap)# class class-default  <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queuing action
Router(config-pmap-c)# set cos 4
 
 

The next examples show a selective QinQ MPB configuration and the service policy that can be applied to it. With this configuration, a range of VLANs exists in the outer tag of the encapsulation command. When VLAN ranges are configured, rewrite commands are not allowed so the packets pass through the bridge-domain without change. An inner tag cannot exist in this configuration. The first example is a hierarchical policy and the second example is a flat policy.

 
 
Router(config)# interface GigabitEthernet 1/0/2
Router(config-if)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 200
Router(config-pmap-c)# service-policy output parent-out
Router(config)# policy-map child-out
Router(config-pmap)# class cos5
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 0
Router(config)# policy-map parent-out
Router(config-pmap)# class outervlan10
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out
 
 
Router(config)# interface GigabitEthernet 1/0/2 
Router(config-if)# service instance 1 
Router(config-if-srv)# encapsulation dot1q 10 
Router(config-if-srv)# bridge-domain 200 
Router(config-pmap-c)# service-policy out flat 
Router(config)# policy-map flat 
Router(config-pmap)# class vlanouter10cos5 
Router(config-pmap-c)# shape average 10000000 
Router(config-pmap-c)# set cos 0 
Router(config-pmap-c)# set cos-inner 0 
Router(config-pmap)# class class-default:   <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queueing action
Router(config-pmap-c)# set cos3 
Router(config-pmap-c)# set cos-inner 3
 
 

The next two examples apply to MPBE configurations except Selective QinQ. The first is a hierarchical policy and the second is a flat policy.

 
 
!Sample Hier Config 1
Router(config)# interface interface GigabitEthernet 1/0/2
Router(config-if-srv)# service instance 1
Router(config-if-srv)# encapsulation dot1qencap dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config)# policy-map child-out
Router(config-pmap)# class vlaninner10
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default:  <-- not required
Router(config)# policy-map parent-out
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out
 
 
!Sample Flat Config
Router(config)# interface interface GigabitEthernet 1/0/2
Router(config-if-srv)# service instance 1 
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any 
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config)# policy-map flat 
Router(config-pmap)# class vlaninner10 
Router(config-pmap-c)# shape average 10000000 
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default <-- required class
Router(config-pmap-c)# shape average 10000000 <--  required queueing action
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0 
 
 

Configuring Bandwidth Remaining Ratio (BRR) - Utilizing Unused Bandwidth Support

BRR feature provides the functionality to utilize the unused bandwidth allocated to logical interfaces. BRR enables sharing of unused bandwidth among logical interfaces such as EVCs and L3 subinterfaces through oversubscription.

BRR is implemented on logical interfaces using the following maps:

Hierarchical Policy-Maps

Flat Policy- Maps

You can configure Bandwidth Remaining Ratio action in the policy-map of a parent or a child class. BRR can be configured to a minimum ratio of 1 and maximum of 1000 on a logical interface.

For more information on BRR, refer to: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/ipsuboe.html#wp1129803

QoS supports BRR CLI in the parent and child classes over a logical interface. You can use the shape command to oversubscribe the bandwidth in parent and child classes.

You cannot use the CLI to toggle the priority rate propagation to ON in ES20 line cards. For more information, refer to: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/ipsuboe.html#wp1131793

In the following BRR sample configuration:

The bandwidth is configured in the shape command oversubscribed in the parent and child classes.

The priority status of LLQ packets is propagated to the parent queue.

The class and class-default within a parent policy-map is allocated an excess bandwidth of 250 Mb/s (25% or 1/4 of 1 Gb/s) assuming the maximum link capacity is 1 Gb/s. The excess bandwidth 150 Mb/s (250Mb/s less 100 Mb/s from LLQ class) is allocated to the child policies. The class and childclass2, receives 5/6 or 125 Mb/s as minimum bandwidth, and the class, class-default, receives default BRR of 1 or 1/6 or 25 Mb/s as minimum bandwidth.

The parent2 policy-map is allocated an excess bandwidth of 750 Mb/s (75% or 3/4 of 1 Gb/s). The excess bandwidth of 650 Mb/s (750Mb/s less 100Mb/s from LLQ class) is allocated to the child policy. The class, childclass2, receives 5/6 or 541,666,666 Mb/s as minimum bandwidth and the class, class-default, receives default BRR of 1 or 1/6 or 108,333,333 Mb/s as minimum bandwidth.

NonBRR policy on a maininterface: The complete 100% link bandwidth is used to calculate the cir value in all the classes. The 1% reserved bandwidth is used from the class default. Ensure that the cir value of a class-default policy receives more than 1% of the port bandwidth. If not, an "exceed guarantee rate" error message is displayed.

BRR policy on a maininterface: In classes, cir values are calculated from 99% link bandwidth for all the classes with a BRR ratio. The 1% reservation value is not relayed from the class default and cir value is not adjusted for the class-default queue.


Note Reserved link bandwidth is the maximum bandwidth available for distribution that is 1% less than the maximum link capacity.


Policy-map child
   Class voip
      priority
      police 100000000
  class childclass2
    shape ave 1000000000
 bandwidth remaining ratio 5 
  class class-default  # unspecified classes default to BRR of 1
    shape ave 1000000000
 
 
policy-map parent
  class class-default
    shape ave 1000000000
    bandwidth remaining ratio 1
    service-policy child
policy-map parent2
  class class-default
    shape ave 1000000000
    bandwidth remaining ratio 3
    service-policy child
int gig 4/0/0
  service inst 1 et
    encap dot1q 10-20
    bridge-domain 200
    service-policy output parent
  service inst 1 et
    encap dot1q 30-40
    bridge-domain 200
    service-policy output parent2

Hierarchical Policy-Maps

Hierarchical policy-maps implement parent-child relationships between various policy-maps applied on an interface. You can create a child policy-map from another policy-map to inherit its functionality. If BRR is implemented in a hierarchical policy-map for a class, all the other classes in the policy-map are automatically set to BRR with ratio one. Similarly, if BRR is implemented in a hierarchical policy-map over a logical interface, all the other hierarchical policy-maps applied to other interfaces on the same port automatically implement BRR with ratio 1.


Note BRR does not propagate to the child level. For implicit propagation of BRR to the child classes, you should configure BRR in one of the child classes.


In the following example, two policy-maps, parentbr and parentbw, are applied to two different logical interfaces on the same port. BRR is implemented only in parentbr policy-map. In the configuration below, the policy-map, parentbw, results in a default BRR of 1. Applying the policy-map, parentbw, results in an error message if the sum of the child bandwidth CIR exceeds the excess ratio allocated for parentbw. If the calculated excess minimum CIR is greater then the guaranteed rates in the child, then classes cos5 and class-default are configured with guaranteed rate plus an evenly distributed fair share of excess bandwidth. The following sample displays the BRR implementation for parentbr and parentbw policy-maps:

policy-map testbw
    class VOICE
      police 128000
      priority
    class cos5
      bandwidth 100000 
    class class-default
      bandwidth 100000 
policy-map parentbw
    class class-default
      shape ave 300000000 
      service-policy testbw
 
 
policy-map testbrr
    class VOICE
      police 128000
      priority
    class cos5
      bandwidth remaining ratio 2 
    class class-default
      bandwidth remaining ratio 2
policy-map parentbrr
    class class-default
      bandwidth remaining ratio 4 
      shape ave 200000000 
      service-policy testbrr
 
 

You can configure BRR on the following policy-maps:

HQoS Policies with Bandwidth and Shape in Child Classes.

HQoS Polices with Shape in Child Classes.

HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes.


Note You can individually or jointly configure BRR on child classes or parent classes.


HQoS Policies with Bandwidth and Shape in Child Classes

In the following sample configuration, the class-default, defined in the parent policy-map is allocated Committed Information Rate (CIR) share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth minus the reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s minus the reserved bandwidth of 10 Mb/s per port, 990/3 = 330 Mb/s). As BRR is enabled on the parent, the platform calculates the CIR share for the parents.

In the following example, the minimum bandwidth that the parent requires is 200 Mb/s to accept requests from its child classes. The parent class overrides the shape value configured in the child class and uses the CIR as shape value for the child. Though the child class can receive excess bandwidth of 330 Mb/s, as the parent class is shaped with a CIR value of 300 Mb/s, the excess bandwidth of 30Mb/s is unused. The child class, cos5, is allocated a CIR value of 100 Mb/s and the maximum acceptable CIR value is 300 Mb/s (parent shaper). The class, class-default, is allocated a CIR value of 100 Mb/s.

The class, class-default, defined in parent2 policy-map is allocated 2/3 share of 990 Mb/s that is 660 Mb/s. Class cos5 is allocated 100 Mb/s and class-default is allocated the remaining share of 550 Mb/s (660-100 Mb/s).

EIR values of the user-defined classes are proportional to the CIR values. If the EIR value is high, so is the CIR value.

Policy-map child
Class cos5
Bandwidth 100000 kbps
class class-default
shape average 100000000
 
 
policy-map parent
class class-default
Shape average 300000000
service-policy child
Bandwidth remaining ratio 1
 
 
Policy-map parent2
class class-default
Shape average 800000000
Service-policy child
Bandwidth remaining ratio 2
 
 
int gig 4/0/0
  service inst 1 et
    encap dot1q 10-20
    bridge-domain 200
    service-policy output parent
  service inst 2 et
    encap dot1q 30-40
    bridge-domain 200
    service-policy output parent2

The following policy configurations exhibit similar behavior to the HQoS Policies with bandwidth and shape in the child classes:

HQoS Polices with Shape in Child Classes

HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes.

Restrictions and Usage Guidelines

When configuring HQoS Policies with Bandwidth and Shape in the child classes, follow these restrictions and usage guidelines:

CIR allocated to parent class should be greater than sum of child CIR. CIR is calculated using the following formula:

((Link rate - reserved bandwidth) * BRR) / (total BRR parts of all parent classes within the link)

To avoid configuration failure when CIR share for a parent is reduced due to increase in parent classes, you should also configure BRR in child classes.

You can configure BRR without shape within a class.

HQoS Polices with Shape in Child Classes

In the following sample configuration, the class, class-default, defined in the parent policy-map is allocated CIR share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth- reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s- reserved bandwidth of 10 Mb/s per port = 990/3 = 330 Mb/s). With BRR enabled on the parent, the platform calculates the CIR share.

In the following example, the excess bandwidth is divided between the child class, cos5 and class-default, in bandwidth ratio of 2:1. The class, class-default, is configured to BRR of one. Hence, the class, cos5, is allocated 220 Mb/s and the class, class-default, is allocated 110 Mb/s of bandwidth.

The class, class-default, in parent2 policy-map is allocated excess bandwidth of 660 Mb/s, which is further divided between the child classes in the parent2 policy-map. The class, cos5, is allocated 440Mb/s (2/3) and the class, class-default, is allocated 220Mb/s (1/3). The following example configuration shows the HQoS polices with only shape in child classes:

policy-map child
class cos5
shape average 100000000
Bandwidth Remaining Ratio 2
class class-default
shape avergae 100000000
 
 
policy-map parent
class class-default
shape average 300000000
service-policy child
bandwidth remaining ratio 1
 
 
policy-map parent2
class class-default
shape average 300000000
service-policy child
bandwidth remaining ratio 2
 
 
int gig 4/0/0
  service inst 1 et
    encap dot1q 10-20
    bridge-domain 200
    service-policy output parent
  service inst 2 et
    encap dot1q 30-40
    bridge-domain 200
    service-policy output parent2

Restrictions and Usage Guideline

When configuring HQoS polices with only shape in child classes, follow this restriction and usage guideline:

You can configure BRR in both the child and parent classes.

HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes

In the following sample configuration, the class, class-default, in the parent policy-map is allocated CIR share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth- reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s- reserved bandwidth of 10 Mb/s per port = 990/3 = 330 Mb/s). With BRR enabled on the parent, the platform calculates the CIR share.

The excess bandwidth is allocated to the child classes. The priority class, cos3, is allocated CIR equal to 100Mb/s. The remaining excess bandwidth of 230 Mb/s (330 Mb/s-100 Mb/s) is allocated to the classes, cos5 and class-default. The class cos5 is allocated 153 Mb/s and class-default is allocated 76 Mb/s.

Similarly, Parent2 policy-map is configured to CIR of 660 Mb/s (2/3 of total available bandwidth of 1 Gb/s). The LLQ class is allocated 100 Mb/s. The remaining bandwidth of 550 Mb/s is divided between the two classes, cos5 and class-default, in the ratio of 2:1. The class, cos5, is allocated 373 Mb/s and the class, class-default, is allocated 186 Mb/s. Because the class, class-default, is configured to shape limit of 100 Mb/s, the excess bandwidth is not utilized. The sample configuration shows HQoS Policies with Police+Priority(LLQ) and Shape in the child classes:

Policy-map child
Class cos3
Police cir 100000000
Priority
Class cos5
Bandwidth remaining ratio 2
class class-default
Bandwidth remaining ratio 1
shape average 100000000
 
 
policy-map parent
Shape average 300000000
service-policy child
Bandwidth remaining ratio 1
 
 
Policy-map parent2
Shape average 300000000
Service-policy child
Bandwidth remaining ratio 2
 
 
int gig 4/0/0
service inst 1 et
encap dot1q 10-20
bridge-domain 200
service-policy output parent
service inst 2 et
encap dot1q 30-40
bridge-domain 200
service-policy output parent2

Restrictions and Usage Guideline

When configuring HQoS hierarchical policies with Police+Priority(LLQ) and Shape in the child classes, follow this restriction and usage guideline:

You can configure BRR in both the child and parent classes.

Flat Policy- Maps

If you implement BRR in one Flat policy-map over a logical interface, all the other Flat policy-maps applied on the other logical interface in the same port are not affected, and are allocated guaranteed bandwidth. The excess bandwidth is not available to other Flat policy-maps on the same interface.

In the following example, two policy-maps, testbrr and testbw, are applied on two different logical interfaces on the same port. BRR is implemented only in testbrr policy-map.

policy-map testbw
    class cos5
      shape ave 100000000 
    class class-default
      shape ave 100000000
policy-map testbrr
    class cos5
      bandwidth remaining ratio 2 
    class class-default
      bandwidth remaining ratio

Note You cannot simultaneously configure bandwidth and BRR in the child classes.


BRR Propagation

When you apply BRR on a:

Hierarchical Policy—All other policies on the same logical interface are configured to BRR value of 1.

Flat policy—

All other policies on the same logical interface are not configured to default BRR settings (refers to an implicit BRR value of 1).

When BRR is configured in one or more classes within the flat policy-map, classes within the same flat policy-map has a default BRR value of 1.

Flat policy coexisting with HQoS policies —BRR on flat policy-maps does not propagate the default BRR settings to HQoS policy-maps and vice versa.

Restrictions and Usage Guidelines

When you configure BRR on a logical interface, follow these restrictions and usage guidelines:

You can implement BRR on a logical and maininterface.

Bandwidth CIR is blocked in the parent policies that are applied to logical interfaces.

You cannot combine BRR and bandwidth CIR in a policy-map, class-map, or LLQ action.

The line card automatically configures the queue limit when BRR is configured. No explicit queue- limit statements are supported.

You can propagate BRR only if the same policy-map is applied across multiple interfaces within a single port.

The sum of the parent shape rates cannot exceed the link bandwidth if BRR is not configured. The shape sum can exceed the link bandwidth on an interface only if the BRR is available in the parent policy.

PRP state is set to `OFF'.

Hybrid policies are not supported with BRR. For more information on hybrid policies, refer section "Example of a Hybrid Policy" section.


Note If the calculated excess cir is greater then the shape rate, the shape rate is used instead of the calculated BRR minimum rate. If the shape rate is modified, the guaranteed rate and shape rate for the specific queue is updated.


Example of a Hybrid Policy

The following example displays a sample configuration of a BRR on a hybrid policy:

Policy Map hybrid
    Class vlan-range
      Average Rate Traffic Shaping
      cir 100000000 (bps)
      service-policy child
    Class class-default
      Average Rate Traffic Shaping
      cir 200000000 (bps)
 
 
  Policy Map child
    Class cos5
      Average Rate Traffic Shaping
      cir 1000000 (bps)
    Class cos6
      Average Rate Traffic Shaping
      cir 10000000 (bps)
          Class class-default
      Average Rate Traffic Shaping
cir 1000000 (bps)

Hardware Restrictions

When you configure BRR on a logical interface, follow these restrictions and usage guidelines:

If the sum of LLQ and non LLQ bandwidth per class is:

More than the CIR share calculated through BRR, the line card rejects the policy-map.

Is less than the allocated BRR, excess bandwidth is not split among the remaining subscribers based on the configured ratio.

Excess unused bandwidth is distributed to active oversubscribed queues but not in the configured BRR ratio.

Troubleshooting QoS Features in a ES20 Line Card

Table 3-13 lists some of the QoS troubleshooting scenarios in a ES20 line card.

Table 3-13 QoS troubleshooting scenarios

Problem
Solution

Ingress Policer issues

One rate two color (1R2C ) Policer issues:

Ensure that:

You configure mls QoS for the EARL policing to work.

You did not configure 1R2C on user defined classes.

You did not configure policer in a child class on the EVC.

You did not configure the police actions.

If the issue persists, contact TAC.

Two rate threee color (2R3C) Policer issues:

Ensure that:

You created a single 1r0c/2r3c policer per EVC/SG per bay irrespective of the number of member links on that bay and at least one member link is part of EVC PC.

If the issue persists, contact TAC.

Queue limit and WRED issues

Ensure that:

You configure only four WRED statements in a class-map including the default WRED statement, i.e. random-detect aggregate.

You did not exceed the acceptable limit of 120 different queue-limits.

You did not exceed the acceptable limit of 120 WRED classes when each class uses different WRED statements. If two classes have the same WRED configurations, then they would share the same WRED group.

If the issue persists, contact TAC.

Traffic drops resulting in buffer space issues while using the BRR feature.

Ensure that you correctly configured the queue-limit <x> value for each child class queue.

To check buffer exhaustion issues, execute the show policy-map int command and confirm the value of the queue depth parameter in the output. If the queue does not receive the guaranteed bandwidth, and the queue depth is close to zero or much less than its queue limit, traffic drops and buffer space issues occur.

If the issue persists, contact TAC.

EXCEEDGUARANTEE rate error message (BRR feature) is displayed

Check if the class-default of the policy map has received less than one percent of of port bandwidth as its CIR value.

If the issue persists, contact TAC.

Rate counters are not accurate

Rate counters are updated in fixed intervals. Use the load-interval seconds command to increase the load interval for accurate rate counter values.

Traffic classified incorrectly

Use the show run class-map command to check the class-map definition.

Use the show policy-map interface interface command to check the classification statistics.

Use the show tcam interface interface qos type1/type2 ip detail (type1 is for input policy, type2 for output policy) command to verify that the classification hardware parameters are configured correctly and packets are relayed to the right class as shown in the example:

Router#sh tcam interface gig10/1 qos type1 
ip detail 
* Global Defaults shared
DPort - Destination Port   SPort - Source 
Port        TCP-F - U -URG             Pro   
- Protocol         
I     - Inverted LOU       TOS   - TOS 
Value                - A -ACK             
rtr   - Router           
MRFM  - M -MPLS Packet     TN    - T -Tcp 
Control           - P -PSH             COD   
- C -Bank Care Flag
      - R -Recirc. Flag          - N 
-Non-cachable          - R -RST                   
- I -OrdIndep. Flag
      - F -Fragment Flag   CAP   - Capture 
Flag             - S -SYN                   
- D -Dynamic Flag  
      - M -More Fragments  F-P   - 
FlowMask-Prior.          - F -FIN             
T     - V(Value)/M(Mask)/R(Result)
X     - XTAG               (*)   - Bank 
Priority      
Interface: 1018   label: 513   lookup_type: 
1
protocol: IP   packet-type: 0
|T|Index|  Dest Ip Addr | Source Ip Addr|     
DPort     |     SPort     | TCP-F 
|Pro|MRFM|X|TOS|TN|COD|F-P|
V 36828         0.0.0.0         0.0.0.0       
P=0             P=0        ------   0 ---- 
0   0 -- --- 0-0  <-
 M 36836         0.0.0.0         0.0.0.0         
0               0        ------   0 X--- 0   
0             <-
 R rslt: 142811A8           <-
 
 V 36829         0.0.0.0         0.0.0.0       
P=0             P=0        ------   0 M--- 
0   0 -- --- 0-0   
 M 36836         0.0.0.0         0.0.0.0         
0               0        ------   0 X--- 0   
0              
 
      
 

R rslt: 142811A8


Note <- indicates the class where the packets are classified.


Excessive drops in packets

Use the show policy map interface command to check if the offered rate exceeds the configured policer shape rate.

Queuing on ES20/SIP-600 is performed on the L1 frame with an overhead of 24 bytes. The ES20 supports user-defined overhead accounting for shape/wfq classes.

Drops also occur due to low queue-limit configured. Increase the queue-limits value if unaccounted drops are seen.

In case of excessive drops, check if WRED can be used as, illustrated in this example.

Router#sh run policy-map queuing
Building configuration...
 
Current configuration : 276 bytes
!
policy-map queuing
 class prec1
  bandwidth 200000
 class prec2
  shape average 100000000
  random-detect
  random-detect precedence 1 100 1000
  random-detect precedence 2 150 1500
  random-detect precedence 3 200 800
 class class-default
  shape average 100000000
!
end
 
      
 
      
 
Router#
Router#sh pol
Router#sh policy-map int gig10/6
 GigabitEthernet10/6 
  Service-policy output: queuing
Counters last updated 00:00:27 ago
 
    Class-map: prec1 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop 
rate 0000 bps
      Match: ip precedence 1 
      Queueing
      queue limit 65536 packets
      (queue depth/total drops/no-buffer 
drops) 0/0/0    <<< drops due to bandwidth 
over subscription
      (pkts output/bytes output) 0/0
      bandwidth 200000 kbps        <<<< 
bandwidth configured in the policy-map 
 
    Class-map: prec2 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop 
rate 0000 bps
      Match: ip precedence 2 
      Match:  precedence 2 
      Queueing
      queue limit 32768 packets
      (queue depth/total drops/no-buffer 
drops) 0/0/0        <<< drops due to shaper
      (pkts output/bytes output) 0/0
      shape (average) cir 100000000, bc 
400000, be 400000
      target shape rate 100000000          
<<<  shaper configured in the policy-map by 
the user
 
Exp-weight-constant: 9 (1/512)
        Mean queue depth: 0 packets
        class      Random drop      Tail 
drop          Minimum        Maximum     
Mark
                 pkts/bytes      pkts/bytes          
thresh         thresh     prob
        
        0            3457/5687000              
0/0               8192         16384  1/10     
<<< wred packet/bytes counts and threshold 
values
        1            0/0              0/0                
100          1000  1/10
        2            0/0              0/0                
150          1500  1/10
        3            1408/4508780              
0/0                200           800  1/10
        4            0/0              0/0              
12288         16384  1/10
        5            0/0              0/0              
13312         16384  1/10
        6            0/0              0/0              
14336         16384  1/10
        7            0/0              0/0              
15360         16384  1/10
 
    Class-map: class-default (match-any)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop 
rate 0000 bps
      Match: any 
      Queueing
      queue limit 32768 packets
      (queue depth/total drops/no-buffer 
drops) 0/0/0
      (pkts output/bytes output) 0/0
      shape (average) cir 100000000, bc 
400000, be 400000
      target shape rate 100000000 <<<  
shaper configured in the policy-map  by the 
user

Bandwidth not met

Check if the queue limits are configured right.

Based on this example, check if the bandwidth and priority class has been configured correctly.

Router#sh run policy-map queuing
Building configuration...
 
Current configuration : 276 bytes
!
policy-map queuing
 class prec1
  bandwidth 200000
 class prec2
  shape average 100000000
  random-detect
  random-detect precedence 1 100 1000
  random-detect precedence 2 150 1500
  random-detect precedence 3 200 800
 class class-default
  shape average 100000000
!
end
 
Router#
 
Router#sh pol
Router#sh policy-map int gig10/6
 GigabitEthernet10/6 
 
  Service-policy output: queuing
 
  Counters last updated 00:00:27 ago
 
    Class-map: prec1 (match-all)  
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop 
rate 0000 bps
      Match: ip precedence 1 
      Queueing
      queue limit 65536 packets
      (queue depth/total drops/no-buffer 
drops) 0/0/0    <<< drops due to bandwidth 
over subscription
      (pkts output/bytes output) 0/0
      bandwidth 200000 kbps        <<<< 
bandwidth configured in the policy-map 

Debug QoS policing traffic issues in EARL

Check the policer configured on the hardware. For aggregate policer and microflow policer, check the aggregate Id value using the sh mls qos [ip|mpls|ipv6|arp] command. If the value is 0 or n/a, it indicates a failure.

Use the show tcam interface command to check whether or not the TCAM is programmed correctly for the interface. The result from the output can be used to find different fields in the QoS hardware on that interface.


Warning Use the show tcam interface command with the module option to view the tcam programming on the DFCs.

Check the rate and burst configured on the policer.

Use embedded logic analyzer (ELAM) tool to gather (captures the packets routed internally, checks dbus and rbus. dbus contains the packet details which is going from the line card to router and rbus has the packet details from router to line card) packet informations. Share the output information with TAC for further troubleshooting.

Policer not receiving the packets

Use the sh mls qos [ip|mpls|ipv6|arp] and sh policy-map interface commands to confirm if the policer receives the packets. If not, share the output information with TAC to troubleshoot line card issues.

Incorrect QoS ACLs in TCAM

Use the sh qm int xxx and sh tcam int xx qos [type1|type2] [ip|mpls|ipv6|other|arp] det commands to verify if the correct QoS ACLs are displayed in the TCAM. If not, Share the output information with TAC for further troubleshooting.

Microflow policing issues

Use the sh fm int xxx and sh mls netflow ip detail commands to view the output. Share the information with TAC for troubleshooting.

Validation of microflow policing: Use the show mls netflow ip qos module module command to validate the microflow policing. In this output, Pkts/Bytes indicates total forwarded packets/bytes, and the police count column indicates the drop count.

Router#sh mls netflow ip qos module 10 
Displaying Netflow entries in module 10
DstIP           SrcIP           
Prot:SrcPort:DstPort Src i/f         
:AdjPtr    
-------------------------------------------
-------------------------------------
Pkts         Bytes         LastSeen   QoS    
PoliceCount  Threshold   Leak      
-------------------------------------------
-------------------------------------
Drop  Bucket   
---------------
20.1.1.2        10.1.1.2        255 :0      
:0       --               0x0       
12857116     591427336     17:35:40   0x80   
5117484352   0           0         
NO    3145792 

Expected CIR/PIR rate not reached

1. TCP traffic displays rates below the CIR due to the slow-start algorithms and retransmissions.

2. To increase the CIR/PIR rates, use a traffic generator or UDP traffic .

3. Use large burst values to police TCP traffic.

Egress packet drop issues

Check the traffic type.

Raise the bandwidth. Eg: old 10M users - gig link in a 10 gig backbone network.

Modify the queue limit or introduce WRED.