Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.1E
Configuring PFC QoS
Downloads: This chapterpdf (PDF - 895.0KB) The complete bookPDF (PDF - 7.08MB) | Feedback

Configuring PFC QoS

Table Of Contents

Configuring PFC QoS

Understanding How PFC QoS Works

Hardware Supported by PFC QoS

QoS Terminology

PFC QoS Feature Flowcharts

PFC QoS Feature Summary

Ingress LAN Port Features

Ingress OSM Port Features

PFC QoS Features

Egress LAN Port Features

Egress OSM Port Features

MSFC Features

Ingress LAN Port Features

Ingress LAN Port Trust States

Marking at Untrusted Ingress LAN Ports

Marking at Trusted Ingress LAN Ports

Ingress LAN Port Scheduling and Congestion Avoidance

PFC Marking and Policing

Internal DSCP Values

Policy Maps

Policers

Attaching Policy Maps

Egress CoS and ToS Values

LAN Egress Port Features

Transmit Queues

Scheduling and Congestion Avoidance

Marking

PFC QoS Statistics Data Export

PFC QoS Default Configuration

PFC QoS Configuration Guidelines and Restrictions

Guidelines:

Restrictions

Configuring PFC QoS

Enabling PFC QoS Globally

Enabling Queueing-Only Mode

Creating Named Aggregate Policers

Configuring a PFC QoS Policy

PFC QoS Policy Configuration Overview

Configuring MAC-Layer Named Access Lists (Optional)

Configuring a Class Map (Optional)

Verifying Class Map Configuration

Configuring a Policy Map

Verifying Policy Map Configuration

Attaching a Policy Map to an Interface

Enabling or Disabling Microflow Policing

Enabling Microflow Policing of Bridged Traffic

Enabling or Disabling PFC Features on an Interface

Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports

Configuring the Trust State of Ethernet LAN and OSM Ingress Ports

Configuring the Ingress LAN Port CoS Value

Configuring Standard-Queue Drop Threshold Percentages

Configuring a Tail-Drop Receive Queue

Configuring a WRED-Drop Transmit Queue

Configuring a WRED-Drop and Tail-Drop Transmit Queue

Configuring 1q4t/2q2t Tail-Drop Threshold Percentages

Mapping CoS Values to Drop Thresholds

Mapping CoS Values to Standard Receive-Queue Thresholds

Mapping CoS Values to Standard Transmit-Queue Thresholds

Mapping CoS Values to Strict-Priority Queues

Mapping CoS Values to Tail-Drop Thresholds on 1q4t/2q2t LAN Ports

Allocating Bandwidth Between LAN-Port Transmit Queues

Setting the Receive-Queue Size Ratio on a 1p1q0t or 1p1q8t Ingress LAN Ports

Setting the LAN-Port Transmit-Queue Size Ratio

Configuring DSCP Value Maps

Mapping Received CoS Values to Internal DSCP Values

Mapping Received IP Precedence Values to Internal DSCP Values

Mapping Internal DSCP Values to Egress CoS Values

Configuring DSCP Markdown Values

Configuring PFC QoS Statistics Data Export

Enabling PFC QoS Statistics Data Export Globally

Enabling PFC QoS Statistics Data Export for a Port

Enabling PFC QoS Statistics Data Export for a Named Aggregate Policer

Enabling PFC QoS Statistics Data Export for a Class Map

Setting the PFC QoS Statistics Data Export Time Interval

Configuring PFC QoS Statistics Data Export Destination Host and UDP Port

Setting the PFC QoS Statistics Data Export Field Delimiter


Configuring PFC QoS


This chapter describes how to configure quality of service (QoS) as implemented on the policy feature card (PFC) on the Catalyst 6500 series switches.


Note For complete syntax and usage information for the commands used in this publication, refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference publication.


This chapter contains these sections:

Understanding How PFC QoS Works

PFC QoS Default Configuration

PFC QoS Configuration Guidelines and Restrictions

Configuring PFC QoS


NoteWith Release 12.1(13)E and later releases and with an MSFC2, you can configure Network-Based Application Recognition (NBAR) on Layer 3 interfaces instead of using PFC QoS.

All ingress and egress traffic on an interface that is configured with NBAR is processed in software on the MSFC2.

The PFC2 provides hardware support for input ACLs on ports where you configure NBAR.

When PFC QoS is enabled, the traffic through ports where you configure NBAR passes through the ingress and egress queues and drop thresholds. When PFC QoS is enabled, the MSFC2 sets egress CoS equal to egress IP precedence.

After passing through an ingress queue, all traffic is processed in software on the MSFC2 on interfaces where you configure NBAR.

To configure NBAR, refer to this publication:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm


Understanding How PFC QoS Works

Typically, networks operate on a best-effort delivery basis, which means that all traffic has equal priority and an equal chance of being delivered in a timely manner. When congestion occurs, all traffic has an equal chance of being dropped.

QoS selects network traffic (both unicast and multicast), prioritizes it according to its relative importance, and uses congestion avoidance to provide priority-indexed treatment; QoS can also limit the bandwidth used by network traffic. QoS makes network performance more predictable and bandwidth utilization more effective.


Note On the Catalyst 6500 series switches, queue architecture and QoS queueing features such as Weighted-Round Robin (WRR) and Weighted Random Early Detection (WRED) are implemented with a fixed configuration in Application Specific Integrated Circuits (ASICs). The queueing architecture cannot be reconfigured. For more information, see the "Receive Queues" section and the "Transmit Queues" section.


These sections describe PFC QoS:

Hardware Supported by PFC QoS

QoS Terminology

PFC QoS Feature Flowcharts

PFC QoS Feature Summary

Ingress LAN Port Features

PFC Marking and Policing

LAN Egress Port Features

PFC QoS Statistics Data Export

Hardware Supported by PFC QoS

With Release 12.1(11a)E and later, PFC QoS supports both LAN ports and optical services module (OSM) ports:

LAN ports are Ethernet ports on Ethernet switching modules, except for the 4-port Gigabit Ethernet WAN (GBIC) module (OSM-4GE-WAN). Except for the OSM-4GE-WAN module, OSMs have four Ethernet LAN ports in addition to WAN ports. With earlier releases, PFC QoS supports only LAN ports.

OSM ports are the WAN ports on OSMs. The PFC provides ingress QoS for traffic from OSM ports. For more information, see the following sections:

"Ingress OSM Port Features" section

"Egress OSM Port Features" section

"PFC Marking and Policing" section

"Attaching Policy Maps" section

"Configuring the Trust State of Ethernet LAN and OSM Ingress Ports" section

Refer to the following publication for information about additional OSM QoS features:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/index.htm

The PFC does not provide QoS for FlexWAN module ports. Refer to the following publications for information about FlexWAN module QoS features:

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.1:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_c/index.htm

Cisco IOS Quality of Service Solutions Command Reference, Release 12.1:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/qos_r/index.htm

Class-Based Marking:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/cbpmark2.htm

Traffic Policing:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtpoli.htm

Distributed Class-Based Weighted Fair Queueing and Distributed Weighted Random Early Detection:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtcbwred.htm

Distributed Low Latency Queueing:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtllqvip.htm

Configuring Burst Size in Low Latency Queueing:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t3/dtcfgbst.htm

Distributed Traffic Shaping:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtdts.htm

MPLS QoS:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/mpls.htm

QoS Terminology

This section defines some QoS terminology:

Packets carry traffic at Layer 3.

Frames carry traffic at Layer 2. Layer 2 frames carry Layer 3 packets.

Labels are prioritization values carried in Layer 3 packets and Layer 2 frames:

Layer 2 class of service (CoS) values, which range between zero for low priority and seven for high priority:

Layer 2 Inter-Switch Link (ISL) frame headers have a 1-byte User field that carries an IEEE 802.1p CoS value in the three least significant bits.

Layer 2 802.1Q frame headers have a 2-byte Tag Control Information field that carries the CoS value in the three most significant bits, which are called the User Priority bits.

Other frame types cannot carry Layer 2 CoS values.


Note On LAN ports configured as Layer 2 ISL trunks, all traffic is in ISL frames. On LAN ports configured as Layer 2 802.1Q trunks, all traffic is in 802.1Q frames except for traffic in the native VLAN.


Layer 3 IP precedence values—The IP version 4 specification defines the three most significant bits of the 1-byte Type of Service (ToS) field as IP precedence. IP precedence values range between zero for low priority and seven for high priority.

Layer 3 differentiated services code point (DSCP) values—The Internet Engineering Task Force (IETF) has defined the six most significant bits of the 1-byte IP ToS field as the DSCP. The per-hop behavior represented by a particular DSCP value is configurable. DSCP values range between 0 and 63 (see the "Configuring DSCP Value Maps" section).


Note Layer 3 IP packets can carry either an IP precedence value or a DSCP value. PFC QoS supports the use of either value, since DSCP values are backwards compatible with IP precedence values (see Table 31-1).


Table 31-1 IP Precedence and DSCP Values

3-bit IP
Precedence
6 MSb 1 of ToS
6-bit
DSCP
 
3-bit IP
Precedence
6 MSb 1 of ToS
6-bit
DSCP
8
7
6
 
5
4
3
8
7
6
 
5
4
3

0

0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

 0
 1
 2
 3
 4
 5
 6
 7

 

4

1
1
1
1
1
1
1
1

0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

32
33
34
35
36
37
38
39

1

0
0
0
0
0
0
0
0

0
0
0
0
0
0
0
0

1
1
1
1
1
1
1
1

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

 8
 9
10
11
12
13
14
15

5

1
1
1
1
1
1
1
1

0
0
0
0
0
0
0
0

1
1
1
1
1
1
1
1

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

40
41
42
43
44
45
46
47

2

0
0
0
0
0
0
0
0

1
1
1
1
1
1
1
1

0
0
0
0
0
0
0
0

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

16
17
18
19
20
21
22
23

6

1
1
1
1
1
1
1
1

1
1
1
1
1
1
1
1

0
0
0
0
0
0
0
0

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

48
49
50
51
52
53
54
55

3

0
0
0
0
0
0
0
0

1
1
1
1
1
1
1
1

1
1
1
1
1
1
1
1

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

24
25
26
27
28
29
30
31

7

1
1
1
1
1
1
1
1

1
1
1
1
1
1
1
1

1
1
1
1
1
1
1
1

 

0
0
0
0
1
1
1
1

0
0
1
1
0
0
1
1

0
1
0
1
0
1
0
1

56
57
58
59
60
61
62
63

1 MSb = most significant bit


Classification is the selection of traffic to be marked.

Marking, according to RFC 2475, is the process of setting a Layer 3 DSCP value in a packet; in this publication, the definition of marking is extended to include setting Layer 2 CoS values.

Scheduling is the assignment of Layer 2 frames to a queue. PFC QoS assigns frames to a queue based on Layer 2 CoS values.

Congestion avoidance is the process by which PFC QoS reserves ingress and egress LAN port capacity for Layer 2 frames with high-priority Layer 2 CoS values. PFC QoS implements congestion avoidance with Layer 2 CoS value-based drop thresholds. A drop threshold is the percentage of queue buffer utilization above which frames with a specified Layer 2 CoS value is dropped, leaving the buffer available for frames with higher-priority Layer 2 CoS values.

Policing is limiting bandwidth used by a flow of traffic. Policing is done on the Policy Feature Card (PFC) or on the Policy Feature Card 2 (PFC2) and distributed forwarding cards (DFCs). Policing can mark or drop traffic.

PFC QoS Feature Flowcharts

Figure 31-1 show how traffic flows through the components that support PFC QoS features.

Figure 31-1 Traffic Flow Through PFC QoS Features with PFC2


Note PFC QoS supports traffic from OSMs with Release 12.1(11a)E and later.


Figure 31-2 Traffic Flow Through PFC QoS Features with PFC


NoteThe PFC can provide Layer 3 switching for FlexWAN traffic but does not provide PFC QoS for FlexWAN traffic.

PFC QoS does not change the ToS byte in FlexWAN ingress traffic.

Traffic that is Layer 3-switched does not go through the MSFC and retains the Layer 2 CoS value assigned by the PFC.


Figure 31-3 through Figure 31-8 show how the PFC QoS features are implemented on the switch components.

Figure 31-3 Ingress LAN Port Layer 2 PFC QoS Features

Figure 31-4 PFC Classification, Marking, and Policing

Figure 31-5 Marking with PFC2 and Multilayer Switch Feature Card 2

Figure 31-6 Marking with PFC1 and Multilayer Switch Feature Card 1 or 2

Figure 31-7 Egress WAN Port Marking

Figure 31-8 Egress LAN Port Scheduling, Congestion Avoidance, and Marking

PFC QoS Feature Summary

These sections summarize the PFC QoS features:

Ingress LAN Port Features

Ingress OSM Port Features

PFC QoS Features

Egress LAN Port Features

Egress OSM Port Features

MSFC Features

Ingress LAN Port Features

PFC QoS supports classification, marking, scheduling, and congestion avoidance using Layer 2 CoS values at ingress LAN ports. Classification, marking, scheduling, and congestion avoidance at ingress LAN ports do not use or set Layer 3 IP precedence or DSCP values. You can configure ingress LAN port trust states that can be used by the PFC to set Layer 3 IP precedence or DSCP values and the Layer 2 CoS value. See Figure 31-3 and the "Ingress LAN Port Features" section.

Ingress OSM Port Features

PFC QoS associates CoS zero with all traffic received through ingress OSM ports. You can configure ingress OSM port trust states that can be used by the PFC to set Layer 3 IP precedence or DSCP values and the Layer 2 CoS value. You can configure the trust state of each ingress OSM port as follows:

Untrusted (default)

Trust IP precedence

Trust DSCP

Trust CoS (CoS is always zero because the default port CoS is not configurable on OSM ports.)

PFC QoS Features

On the PFC, PFC QoS supports ingress classification, marking, and policing using policy maps. You can attach one policy map to an ingress port. Each policy map can contain multiple policy-map classes. You can configure a separate policy-map class for each type of traffic received through the ingress port. See the "PFC Marking and Policing" section.


NoteYou can globally disable marking and policing with the mls qos queueing-only command (see the Enabling Queueing-Only Mode).

You can disable marking and policing on a per-interface basis with the no mls qos interface command (see the "Enabling or Disabling PFC Features on an Interface" section.


Egress LAN Port Features

PFC QoS supports egress LAN port scheduling and congestion avoidance using Layer 2 CoS values. Egress LAN port marking sets Layer 2 CoS values and Layer 3 DSCP values. See the "LAN Egress Port Features" section.

Egress OSM Port Features

Ingress PFC QoS sets Layer 3 DSCP values that can be used by the OSM egress QoS features.

MSFC Features

PFC QoS marks IP traffic transmitted to the MSFC with rewritten Layer 3 DSCP values. With PFC2, CoS is equal to IP precedence in all traffic sent from the MSFC2 to egress ports; with PFC1, CoS is zero.


Note Traffic that is Layer 3 switched does not go through the MFSC and retains the CoS value assigned by the PFC.


Ingress LAN Port Features

These sections describe ingress LAN port PFC QoS features:

Ingress LAN Port Trust States

Marking at Untrusted Ingress LAN Ports

Marking at Trusted Ingress LAN Ports

Ingress LAN Port Scheduling and Congestion Avoidance

Ingress LAN Port Trust States

The trust state of an ingress LAN port determines how the port marks, schedules, and classifies received Layer 2 frames, and whether or not congestion avoidance is implemented. You can configure the trust state of each ingress LAN port as follows:

Untrusted (default)

Trust IP precedence (not supported on 1q4t LAN ports except Gigabit Ethernet)

Trust DSCP (not supported on 1q4t LAN ports except Gigabit Ethernet)

Trust CoS (not supported on 1q4t LAN ports except Gigabit Ethernet)

See the "Configuring the Trust State of Ethernet LAN and OSM Ingress Ports" section. PFC QoS implements ingress LAN port congestion avoidance only on LAN ports configured to trust CoS.


Note Ingress LAN port marking, scheduling, and congestion avoidance use Layer 2 CoS values and does not use or set Layer 3 IP precedence or DSCP values.


Marking at Untrusted Ingress LAN Ports

PFC QoS marks all frames received through untrusted ingress LAN ports with the ingress port CoS value (the default is zero). PFC QoS does not implement ingress port congestion avoidance on untrusted ingress LAN ports.


NoteTo use the ingress port CoS value applied to untrusted traffic as the basis of egress DSCP, configure a trust-CoS policy map that matches the ingress traffic.

The ingress port CoS value is configurable for each ingress LAN port (see the "Configuring the Ingress LAN Port CoS Value" section).


Marking at Trusted Ingress LAN Ports

When an ISL frame enters the Catalyst 6500 series switch through a trusted ingress LAN port, PFC QoS accepts the three least significant bits in the User field as a CoS value. When an 802.1Q frame enters the switch through a trusted ingress LAN port, PFC QoS accepts the User Priority bits as a CoS value. PFC QoS marks all traffic received in untagged frames with the ingress port CoS value.


NotePFC QoS uses the received CoS value in trusted tagged traffic as the basis of egress DSCP, unless there is a policy map that changes the trust state of the traffic.

PFC QoS uses the ingress port CoS value applied to trusted untagged traffic as the basis of egress DSCP, unless there is a policy map that changes the trust state of the traffic.

The ingress port CoS value is configurable for each ingress LAN port (see the "Configuring the Ingress LAN Port CoS Value" section).


Ingress LAN Port Scheduling and Congestion Avoidance

On ingress LAN ports configured to trust CoS, PFC QoS uses Layer 2 CoS-value based receive-queue drop thresholds to avoid congestion (see the "Configuring the Trust State of Ethernet LAN and OSM Ingress Ports" section).

Receive Queues

Enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of a LAN port.

1q2t indicates one standard queue with one configurable tail-drop threshold and one nonconfigurable tail-drop threshold.

1q4t indicates one standard queue with four configurable tail-drop thresholds (usable only on Gigabit Ethernet ports).

1p1q4t indicates one strict-priority queue and one standard queue with four configurable tail-drop thresholds.

1p1q0t indicates one strict-priority queue and one standard queue with no configurable threshold (effectively a tail-drop threshold at 100 percent).

1p1q8t indicates one strict-priority queue and one standard queue with eight thresholds, each configurable as either WRED-drop or tail-drop, and one non-configurable (100 percent) tail-drop threshold.

Strict-priority queues are queues that are serviced in preference to other queues. PFC QoS services traffic in a strict-priority queue before servicing the standard queue. When PFC QoS services the standard queue, after receiving a packet, it checks for traffic in the strict-priority queue. If PFC QoS detects traffic in the strict-priority queue, it suspends its service of the standard queue and completes service of all traffic in the strict-priority queue before returning to the standard queue.

Scheduling

PFC QoS schedules traffic through the receive queues based on Layer 2 CoS values. In the 1p1q4t, 1p1q0t and 1p1q8t default configurations, PFC QoS assigns all traffic with CoS 5 to the strict-priority queue; PFC QoS assigns all other traffic to the standard queue. In the 1q4t default configuration, PFC QoS assigns all traffic to the standard queue.

Congestion Avoidance

If an ingress LAN port is configured to trust CoS, PFC QoS implements Layer 2 CoS-value-based receive-queue drop thresholds to avoid congestion in received traffic.

1q2t ingress LAN ports have this default drop-threshold configuration:

Frames with CoS 0, 1, 2, 3, or 4 go to tail-drop threshold 1, where the switch drops incoming frames when the standard receive-queue buffer is 80 percent full.

Frames with CoS 5, 6, or 7 go to tail-drop threshold 2, where the switch drops incoming frames when the standard receive-queue buffer is 100 percent full.

1q4t ingress LAN ports have this default drop-threshold configuration:

Using receive-queue tail-drop threshold 1, the switch drops incoming frames with CoS 0 or 1 when the receive-queue buffer is 50 percent or more full.

Using receive-queue tail-drop threshold 2, the switch drops incoming frames with CoS 2 or 3 when the receive-queue buffer is 60 percent or more full.

Using receive-queue tail-drop threshold 3, the switch drops incoming frames with CoS 4 or 5 when the receive-queue buffer is 80 percent or more full.

Using receive-queue tail-drop threshold 4, the switch drops incoming frames with CoS 6 or 7 when the receive-queue buffer is 100 percent full.

1p1q4t ingress LAN ports have this default drop-threshold configuration:

Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the switch drops incoming frames only when the strict-priority receive-queue buffer is 100 percent full.

Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue.

Using standard receive-queue tail-drop threshold 1, the switch drops incoming frames with CoS 0 or 1 when the receive-queue buffer is 50 percent or more full.

Using standard receive-queue tail-drop threshold 2, the switch drops incoming frames with CoS 2 or 3 when the receive-queue buffer is 60 percent or more full.

Using standard receive-queue tail-drop threshold 3, the switch drops incoming frames with CoS 4 when the receive-queue buffer is 80 percent or more full.

Using standard receive-queue tail-drop threshold 4, the switch drops incoming frames with CoS 6 or 7 when the receive-queue buffer is 100 percent full.

1p1q0t ingress LAN ports have this default drop-threshold configuration:

Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the switch drops incoming frames only when the strict-priority receive-queue buffer is 100 percent full.

Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue. The switch drops incoming frames when the receive-queue buffer is 100 percent full.

1p1q8t ports have this default drop-threshold configuration:

Frames with CoS 5 go to the strict-priority receive queue (queue 2), where the switch drops incoming frames only when the strict-priority receive-queue buffer is 100 percent full.

Frames with CoS 0, 1, 2, 3, 4, 6, or 7 go to the standard receive queue, which uses WRED-drop thresholds:

Using standard receive-queue WRED-drop threshold 1 for incoming frames with CoS 0, the switch starts to drop frames when the receive-queue buffer is 40 percent full and drops all frames with CoS 0 when the receive-queue buffer is 70 percent or more full.

Using standard receive-queue WRED-drop threshold 2 for incoming frames with CoS 1, the switch starts to drop frames when the receive-queue buffer is 40 percent full and drops all frames with CoS 1 when the receive-queue buffer is 70 percent or more full.

Using standard receive-queue WRED-drop threshold 3 for incoming frames with CoS 2, the switch starts to drop frames when the receive-queue buffer is 50 percent full and drops all frames with CoS 2 when the receive-queue buffer is 80 percent or more full.

Using standard receive-queue WRED-drop threshold 4 for incoming frames with CoS 3, the switch starts to drop frames when the receive-queue buffer is 50 percent full and drops all frames with CoS 3 when the receive-queue buffer is 80 percent or more full.

Using standard receive-queue WRED-drop threshold 5 for incoming frames with CoS 4, the switch starts to drop frames when the receive-queue buffer is 60 percent full and drops all frames with CoS 4 when the receive-queue buffer is 90 percent or more full.

Using standard receive-queue WRED-drop threshold 6 for incoming frames with CoS 6, the switch starts to drop frames when the receive-queue buffer is 60 percent full and drops all frames with CoS 6 when the receive-queue buffer is 90 percent or more full.

Using standard receive-queue WRED-drop threshold 7 for incoming frames with CoS 7, the switch starts to drop frames when the receive-queue buffer is 70 percent full and drops all frames with CoS 7 when the receive-queue buffer is 100 percent or more full.


Note You can configure the standard receive queue to use both a tail-drop and a WRED-drop threshold by mapping a CoS value to the queue or to the queue and a threshold. The switch uses the tail-drop threshold for traffic carrying CoS values mapped only to the queue. The switch uses WRED-drop thresholds for traffic carrying CoS values mapped to the queue and a threshold. See the "Configuring Standard-Queue Drop Threshold Percentages" section.



Note The explanations in this section use default values. You can configure many of the parameters (see the "Configuring PFC QoS" section). All LAN ports of the same type use the same drop-threshold configuration.


Figure 31-9 illustrates the drop thresholds for a 1q4t ingress LAN port. Drop thresholds in other configurations function similarly.

Figure 31-9 Receive Queue Drop Thresholds

PFC Marking and Policing


NoteTo mark untrusted traffic without policing in Release 12.1(12c)E1 and later releases, use the set ip dscp or set ip precedence policy map class commands (see the "Configuring Policy Map Class Actions" section).

To mark untrusted traffic without policing in earlier releases, create a policer that only marks and does not police.


These sections describe PFC marking and policing:

Internal DSCP Values

Policy Maps

Policers

Attaching Policy Maps

Egress CoS and ToS Values


Note Filtering for PFC QoS can use Layer 2, 3, and 4 values. Marking uses Layer 2 CoS values and Layer 3 IP precedence or DSCP values.


Internal DSCP Values

These sections describe the internal DSCP values:

Internal DSCP Sources

Egress DSCP and CoS Sources

Internal DSCP Sources

During processing, PFC QoS represents the priority of all traffic (including non-IP traffic) with an internal DSCP value. PFC QoS derives the internal DSCP value from the following:

For trust-cos traffic, from received or ingress port Layer 2 CoS values


Note Traffic from an untrusted ingress LAN port has the ingress port CoS value and if traffic from an untrusted ingress Ethernet port matches a trust-cos policer, PFC QoS derives the internal DSCP value from the ingress port CoS value.


For trust-ipprec traffic, from received IP precedence values

For trust-dscp traffic, from received DSCP values

For untrusted traffic, from ingress port CoS or configured DSCP values

The trust state of traffic is the trust state of the ingress LAN port unless set otherwise by a matching ACE.


Note A trust-cos policer cannot restore received CoS in traffic from untrusted ingress LAN ports. Traffic from untrusted ingress LAN ports always has the ingress port CoS value.


PFC QoS uses configurable mapping tables to derive the internal 6-bit DSCP value from CoS or IP precedence, which are 3-bit values (see the"Mapping Received CoS Values to Internal DSCP Values" section or the "Mapping Received IP Precedence Values to Internal DSCP Values" section).

Egress DSCP and CoS Sources

For egress IP traffic, PFC QoS creates a ToS byte from the internal DSCP value and sends it to the egress port to be written into IP packets. For trust-dscp and untrusted IP traffic, the ToS byte includes the original 2 least-significant bits from the received ToS byte.


Note The internal DSCP value can mimic an IP precedence value (see Table 31-1).


For all egress traffic, PFC QoS uses a configurable mapping table to derive a CoS value from the internal DSCP value associated with traffic (see the "Mapping Internal DSCP Values to Egress CoS Values" section). PFC QoS sends the CoS value to the egress LAN ports for use in scheduling and to be written into ISL and 802.1Q frames.

Policy Maps


NoteYou can globally disable marking and policing with the mls qos queueing-only command (see the Enabling Queueing-Only Mode).

You can disable marking and policing on a per-interface basis with the no mls qos interface command (see the "Enabling or Disabling PFC Features on an Interface" section.


The PFC supports filtering, marking, and policing using policy maps (see the "Configuring a Policy Map" section). Each policy map can contain multiple policy-map classes. You can configure a separate policy-map class for each type of received traffic.

Policy-map classes specify filtering with the following:

Cisco IOS access control lists (optional for IP, required for IPX and MAC-Layer filtering)

Class-map match commands for Layer 3 IP precedence and DSCP values

Policy-map classes specify actions with the following:

(Optional) Policy-map class trust commands. If specified, PFC QoS applies the policy-map class trust state to matched traffic. Policy-map class trust states supersede ingress LAN port trust states.


Note If traffic matches a policy-map class that does not contain a trust command, the trust state remains as set on the ingress LAN port.


(Optional) Aggregate and microflow policers, which can use bandwidth limits to either mark or drop both conforming and nonconforming traffic. See the "PFC Marking and Policing" section.

The PFC uses the trust state (set by the ingress LAN port configuration or by a trust policy-map class command) to select the Layer 2 and Layer 3 PFC QoS labels that the egress port writes into the packets and frames before it is transmitted:

Trust IP precedence—Sets the internal DSCP value to a mapped value based on received IP precedence (see the "Mapping Received IP Precedence Values to Internal DSCP Values" section).

Trust DSCP—Sets the internal DSCP value to the received DSCP value.

Trust CoS—Sets the internal DSCP value to a mapped value based on received or port CoS. With trust CoS, note the following:

Received CoS is overwritten with port CoS in traffic received through ports not configured to trust CoS.

Received CoS is preserved only in traffic received through ports configured to trust CoS.

Port CoS is applied to all traffic received in untagged frames, regardless of the port trust state.

For information about mapping, see the "Mapping Received CoS Values to Internal DSCP Values" section.

Untrusted—Sets the internal DSCP value to a configured DSCP value.


Note With the default values, PFC QoS applies DSCP zero to traffic from ingress LAN ports configured as untrusted.


Policers


Note Policing with the conform-action transmit keywords supersedes the ingress LAN port trust state of matched traffic with trust DSCP or with the trust state defined by a trust policy-map class command (see the "Configuring the Policy Map Class Trust State" section).


You can create policers that do the following:

Mark traffic

Limit bandwidth utilization and mark traffic

For more information, see the "Creating Named Aggregate Policers" section and the "Configuring Policy Map Class Actions" section.

Policing rates are based on the Layer 3 packet size. You specify the bandwidth utilization limit as a committed information rate (CIR). With a PFC2, you can also specify a higher peak information rate (PIR). Packets that exceed a rate are "out of profile" or "nonconforming."

In each policer, you specify if out-of-profile packets are to be dropped or to have a new DSCP value applied to them (applying a new DSCP value is called "markdown"). Because out-of-profile packets do not retain their original priority, they are not counted as part of the bandwidth consumed by in-profile packets.

With a PFC2, if you configure a PIR, the PIR out-of-profile action cannot be less severe than the CIR out-of-profile action. For example, if the CIR out-of-profile action is to mark down the traffic, then the PIR out-of-profile action cannot be to transmit the traffic.

For all policers, PFC QoS uses a configurable global table that maps the internal DSCP value to a marked-down DSCP value (see the "Configuring DSCP Markdown Values" section). When markdown occurs, PFC QoS gets the marked-down DSCP value from the table. You cannot specify marked-down DSCP values in individual policers.


Note By default, the markdown table is configured so that no markdown occurs: the marked-down DSCP values are equal to the original DSCP values. To enable markdown, configure the table appropriately for your network.


You can create two kinds of policers: aggregate and microflow:

PFC QoS applies the bandwidth limits specified in an aggregate policer cumulatively to all flows in matched traffic. You can create up to 1023 aggregate policers. You can create two types of aggregate policer: named and per port. Both types can be attached to more than one port:

You define per-interface aggregate policers in a policy map class with the police command. If you attach a per-interface aggregate policer to multiple ingress ports, it polices the matched traffic on each ingress port separately.

You create named aggregate policers with the mls qos aggregate-policer command. If you attach a named aggregate policer to multiple ingress ports, it polices the matched traffic from all the ingress ports to which it is attached.


Note Aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module and for the PFC2 and any non-DFC-equipped switching modules supported by the PFC2.


PFC QoS applies the bandwidth limit specified in a microflow policer separately to each flow in matched traffic as follows:

You can create microflow policers with up to 63 different rate and burst parameter combinations.

You create microflow policers in a policy map class with the police flow command.

For IPX microflow policing, PFC QoS considers IPX traffic with the same source network, destination network, and destination node to be part of the same flow, including traffic with different source nodes or source sockets.

For MAC-Layer microflow policing, PFC QoS considers MAC-Layer traffic with the same protocol and the same source and destination MAC-Layer addresses to be part of the same flow, including traffic with different ethertypes.

By default, microflow policers only affect traffic routed by the MSFC. To enable microflow policing of other traffic, including traffic in bridge groups, enter the mls qos bridged command (see the "Enabling Microflow Policing of Bridged Traffic" section).

You can include both an aggregate policer and a microflow policer in each policy map class to police a flow based on both its own bandwidth utilization and on its bandwidth utilization combined with that of other flows.


Note If traffic is both aggregate and microflow policed, then the aggregate and microflow policers must both be in the same policy-map class and each must use the same conform-action keyword option: drop, set-dscp-transmit, set-prec-transmit, or transmit.


For example, you could create a microflow policer with a bandwidth limit suitable for individuals in a group and you could create a named aggregate policer with bandwidth limits suitable for the group as a whole. You could include both policers in policy map classes that match the group's traffic. The combination would affect individual flows separately and the group aggregately.

For policy map classes that include both an aggregate and a microflow policer, PFC QoS responds to an out-of-profile status from either policer and, as specified by the policer, applies a new DSCP value or drops the packet. If both policers return an out-of-profile status, then if either policer specifies that the packet is to be dropped, it is dropped; otherwise PFC QoS applies a marked-down DSCP value.


Note To avoid inconsistent results, ensure that all traffic policed by the same aggregate policer has the same trust state.


Attaching Policy Maps

You can configure each ingress LAN port for either physical port-based PFC QoS (default) or VLAN-based PFC QoS (see the "Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports" section) and attach a policy map to the selected port (see the "Attaching a Policy Map to an Interface" section).

On ports configured for port-based PFC QoS, you can attach a policy map to the ingress LAN port as follows:

On a nontrunk ingress LAN port configured for port-based PFC QoS, all traffic received through the port is classified, marked, and policed according to the policy map attached to the port.

On a trunking ingress LAN port configured for port-based PFC QoS, traffic in all VLANs received through the port is classified, marked, and policed according to the policy map attached to the port.

On a nontrunk ingress LAN port configured for VLAN-based PFC QoS, traffic received through the port is classified, marked, and policed according to the policy map attached to the port's VLAN.

On a trunking ingress LAN port configured for VLAN-based PFC QoS, traffic received through the port is classified, marked, and policed according to the policy map attached to the traffic's VLAN.

You can attach policy maps to OSM ports.

Egress CoS and ToS Values

PFC QoS associates CoS and ToS values with traffic as specified by the trust state and policers in the policy map (see the "Internal DSCP Values" section). The associated CoS and ToS are used at the egress port (see the "LAN Egress Port Features" section).

LAN Egress Port Features

These sections describe how PFC QoS schedules traffic through the transmit queues based on CoS values and uses CoS-value-based transmit-queue drop thresholds to avoid congestion in traffic transmitted from egress LAN ports:

Transmit Queues

Scheduling and Congestion Avoidance

Marking


Note Egress LAN port scheduling and congestion avoidance uses Layer 2 CoS values. Egress LAN port marking writes Layer 2 CoS values into trunk traffic and the Layer 3 ToS byte into all IP traffic.


Transmit Queues

Enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of an egress LAN port.

The command displays one of the following:

2q2t indicates two standard queues, each with two configurable tail-drop thresholds

1p2q2t indicates one strict-priority queue and two standard queues, each with two configurable WRED-drop thresholds.

1p3q1t indicates one strict-priority queue and three standard queues, each with one threshold configurable as either WRED-drop or tail-drop, and one nonconfigurable tail-drop threshold.

1p2q1t indicates one strict-priority queue and two standard queues, each with one configurable WRED-drop threshold and one nonconfigurable tail-drop threshold.

All port types have a low-priority and a high-priority standard transmit queue. 1p3q1t ports have a medium-priority standard transmit queue. 1p2q2t, 1p3q1t and 1p2q1t ports have a strict-priority transmit queue in addition to the standard queues.

On 2q2t ports, the default PFC QoS configuration allocates a minimum of 80 percent of the total transmit queue size to the low-priority standard queue and a minimum of 20 percent to the high-priority standard queue.

On 1p2q2t, 1p3q1t, and 1p2q1t ports, the switch services traffic in the strict-priority queue before servicing the standard queues. When the switch is servicing a standard queue, after transmitting a packet, it checks for traffic in the strict-priority queue. If the switch detects traffic in the strict-priority queue, it suspends its service of the standard queue and completes service of all traffic in the strict-priority queue before returning to the standard queue.

On 1p2q2t ports, the default PFC QoS configuration allocates a minimum of 70 percent of the total transmit queue size to the low-priority standard queue, a minimum of 15 percent to the high-priority standard queue, and a minimum of 15 percent to the strict-priority queue.

On 1p3q1t ports, the transmit queue size is not configurable and is allocated equally among all queues.

On 1p2q1t ports, the default PFC QoS configuration allocates a minimum of 50 percent of the total transmit queue size to the low-priority standard queue, a minimum of 30 percent to the high-priority standard queue, and a minimum of 20 percent to the strict-priority queue.


Note Transmit-queue size is limited to the configured value (see the "Setting the Receive-Queue Size Ratio on a 1p1q0t or 1p1q8t Ingress LAN Ports" section), but any queue can use all available bandwidth (bandwidth is only available when there is no traffic in the other queues).


Scheduling and Congestion Avoidance

These sections describe scheduling and congestion avoidance:

2q2t Ports

1p2q2t Ports

1p3q1t Ports

1p2q1t Ports


Note The explanations in these sections use default values. You can configure many of the parameters (for more information, see the "Configuring PFC QoS" section). All ports of the same type use the same drop-threshold configuration.


2q2t Ports

For 2q2t ports, each transmit queue has two tail-drop thresholds that function as follows:

Frames with CoS 0, 1, 2, or 3 go to the low-priority transmit queue (queue 1):

Using transmit queue 1, tail-drop threshold 1, the switch drops frames with CoS 0 or 1 when the low-priority transmit-queue buffer is 80 percent full.

Using transmit queue 1, tail-drop threshold 2, the switch drops frames with CoS 2 or 3 when the low-priority transmit-queue buffer is 100 percent full.

Frames with CoS 4, 5, 6, or 7 go to the high-priority transmit queue (queue 2):

Using transmit queue 2, tail-drop threshold 1, the switch drops frames with CoS 4 or 5 when the high-priority transmit-queue buffer is 80 percent full.

Using transmit queue 2, tail-drop threshold 2, the switch drops frames with CoS 6 or 7 when the high-priority transmit-queue buffer is 100 percent full.

1p2q2t Ports

1p2q2t ports have a strict-priority queue and two standard transmit queues. The two standard transmit queues each have two WRED-drop thresholds.

Frames with CoS 5 go to the strict-priority transmit queue (queue 3), where the switch drops frames only when the buffer is 100 percent full.

Frames with CoS 0, 1, 2, or 3 go to the low-priority standard transmit queue (queue 1):

Using standard transmit queue 1, WRED-drop threshold 1, the switch drops frames with CoS 0 or 1 when the low-priority transmit-queue buffer is 80 percent full.

Using standard transmit queue 1, WRED-drop threshold 2, the switch drops frames with CoS 2 or 3 when the low-priority transmit-queue buffer is 100 percent full.

Frames with CoS 4, 6, or 7 go to the high-priority standard transmit queue (queue 2):

Using standard transmit queue 2, WRED-drop threshold 1, the switch drops frames with CoS 4 when the high-priority transmit-queue buffer is 80 percent full.

Using standard transmit queue 2, WRED-drop threshold 2, the switch drops frames with CoS 6 or 7 when the high-priority transmit-queue buffer is 100 percent full.

1p3q1t Ports

1p3q1t ports have a strict-priority queue and three standard transmit queues. The standard transmit queues each have one WRED-drop threshold and one nonconfigurable tail-drop threshold.

Frames with CoS 5 go to the strict-priority transmit queue (queue 4), where the switch drops frames only when the buffer is 100 percent full.

Frames with CoS 0 and 1 go to the low-priority standard transmit queue (queue 1).

Frames with CoS 2, 3, or 4 go to the medium-priority standard transmit queue (queue 2).

Frames with CoS 6 or 7 go to the high-priority standard transmit queue (queue 3).


Note You can configure each standard transmit queue to use both a non-configurable 100 percent tail-drop threshold and a configurable WRED-drop threshold (see the "Configuring Standard-Queue Drop Threshold Percentages" section).


1p2q1t Ports

1p2q1t ports have a strict-priority queue and two standard transmit queues. The standard transmit queues each have one WRED-drop threshold and one nonconfigurable tail-drop threshold.

Frames with CoS 5 go to the strict-priority transmit queue (queue 3), where the switch drops frames only when the buffer is 100 percent full.

The standard transmit queues have WRED-drop thresholds:

Frames with CoS 0, 1, 2, or 3 go to the low-priority transmit queue (queue 1), where the switch starts to drop frames when the low-priority transmit-queue buffer is 70 percent full and drops all frames with CoS 0, 1, 2, or 3 when the buffer is 100 percent full.

Frames with CoS 4, 6, or 7 go to the high-priority transmit queue (queue 2), where the switch starts to drop frames when the high-priority transmit-queue buffer is 70 percent full and drops all frames with CoS 4, 6, or 7 when the buffer is 100 percent full.


Note You can configure each standard transmit queue to use both the tail-drop and the WRED-drop threshold. See the "Configuring Standard-Queue Drop Threshold Percentages" section.


Marking

When traffic is transmitted from the switch, PFC QoS writes the ToS byte into IP packets. On LAN ports, PFC QoS also writes the CoS value that was used for scheduling and congestion avoidance into ISL and 802.1Q frames (see the "Egress CoS and ToS Values" section).

PFC QoS Statistics Data Export


Note Release 12.1(11b)E or later supports PFC QoS statistics data export.


The PFC QoS statistics data export feature generates per-LAN-port and per-aggregate policer utilization information and forwards this information in UDP packets to traffic monitoring, planning, or accounting applications. You can enable PFC QoS statistics data export on a per-LAN-port or on a per-aggregate policer basis. The statistics data generated per port consists of counts of the input and output packets and bytes. The aggregate policer statistics consist of counts of allowed packets and counts of packets exceeding the policed rate.

The PFC QoS statistics data collection occurs periodically at a fixed interval, but you can configure the interval at which the data is exported. PFC QoS statistics collection is enabled by default, and the data export feature is disabled by default for all ports and all aggregate policers configured on the Catalyst 6500 series switch.


Note The PFC QoS statistics data export feature is completely separate from NetFlow Data Export and does not interact with it.


PFC QoS Default Configuration

Table 31-2 shows the PFC QoS default configuration.

Table 31-2 PFC QoS Default Configuration 

Feature
Default Value

PFC QoS global enable state

Disabled

Note With PFC QoS enabled and all other PFC QoS parameters at default values, PFC QoS sets Layer 3 DSCP to zero and Layer 2 CoS to zero in all traffic transmitted from the switch.

PFC QoS port enable state

Enabled when PFC QoS is globally enabled

Port CoS value

0

Microflow policing

Enabled

IntraVLAN microflow policing

Disabled

Port-based or VLAN-based PFC QoS

Port-based

CoS to DSCP map
(DSCP set from CoS values)

CoS 0 = DSCP  0
CoS 1 = DSCP  8
CoS 2 = DSCP 16
CoS 3 = DSCP 24
CoS 4 = DSCP 32
CoS 5 = DSCP 40
CoS 6 = DSCP 48
CoS 7 = DSCP 56

IP precedence to DSCP map
(DSCP set from IP precedence values)

IP precedence 0 = DSCP  0
IP precedence 1 = DSCP  8
IP precedence 2 = DSCP 16
IP precedence 3 = DSCP 24
IP precedence 4 = DSCP 32
IP precedence 5 = DSCP 40
IP precedence 6 = DSCP 48
IP precedence 7 = DSCP 56

DSCP to CoS map
(CoS set from DSCP values)

DSCP  0-7  = CoS 0
DSCP  8-15 = CoS 1
DSCP 16-23 = CoS 2
DSCP 24-31 = CoS 3
DSCP 32-39 = CoS 4
DSCP 40-47 = CoS 5
DSCP 48-55 = CoS 6
DSCP 56-63 = CoS 7

Marked-down DSCP from DSCP map

Marked-down DSCP value equals original DSCP value (no markdown)

Policers

None

Policy maps

None

With PFC QoS enabled
 

Ingress LAN port trust state

Untrusted

2q2t transmit-queue size percentages

Low priority: 80%

High priority: 20%

1p2q2t transmit-queue size percentages

Low priority: 70%

High priority: 15%

Strict priority 15%

1p2q1t transmit-queue size percentages

Low priority: 70%

High priority: 15%

Strict priority 15%

1p2q1t standard transmit-queue low:high priority bandwidth allocation ratio

100:255

2q2t, 1p2q2t, and 1p2q1t standard transmit-queue low:high priority bandwidth allocation ratio

5:255

1p3q1t standard transmit-queue low:medium:high-priority bandwidth allocation ratio

100:150:255

1q4t/2q2t receive and transmit-queue CoS value and drop-threshold mapping

Receive queue 1/drop threshold 1 (50%) and
transmit queue 1/drop threshold 1 (80%)—CoS 0 and 1

Receive queue 1/drop threshold 2 (60%) and
transmit queue 1/drop threshold 2 (100%)—CoS 2 and 3

Receive queue 1/drop threshold 3 (80%) and
transmit queue 2/drop threshold 1 (80%)—CoS 4 and 5

Receive queue 1/drop threshold 4 (100%) and
transmit queue 2/drop threshold 2 (100%)—CoS 6 and 7

1q2t port receive-queue CoS value/drop-threshold mapping and threshold percentages

Receive queue 1:

Threshold 1:

CoS 0, 1, 2, 3, and 4

Tail-drop threshold: 80%

Threshold 2:

CoS 5, 6, and 7

Tail-drop threshold: 100% (not configurable)

1p1q4t port receive-queue CoS value and drop-threshold mapping and threshold percentages

Standard receive queue:

Threshold 1:

CoS 0 and 1

Tail-drop: 50%

Threshold 2:

CoS 2 and 3

Tail-drop: 60%

Threshold 3:

CoS 4

Tail-drop: 80%

Threshold 4:

CoS 6 and 7

Tail-drop: 100%

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

1p1q0t port receive-queue CoS value and drop-threshold mapping and threshold percentages

Standard receive queue 1:

CoS 0, 1, 2, 3, 4, 6, and 7

Tail-drop: 100% (nonconfigurable)

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

1p1q8t receive-queue port CoS value and drop-threshold mapping

Standard receive queue:

Threshold 1:

CoS 0

Tail-drop: 70%

WRED-drop: 40% low, 70% high

Threshold 2:

CoS 1

Tail-drop: 70%

WRED-drop: 40% low, 70% high

Threshold 3:

CoS 2

Tail-drop: 80%

WRED-drop: 50% low, 80% high

Threshold 4:

CoS 3

Tail-drop: 80%

WRED-drop: 50% low, 80% high

Threshold 5:

CoS 4

Tail-drop: 90%

WRED-drop: 60% low, 90% high

Threshold 6:

CoS 6

Tail-drop: 90%

WRED-drop: 60% low, 90% high

Threshold 6:

CoS 7

Tail-drop: 100%

WRED-drop (enabled): 70% low, 100% high

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

1p2q2t port transmit-queue CoS value and drop-threshold mapping and threshold percentages

Standard transmit queue 1 (low priority):

Threshold 1:

CoS 0 and 1

WRED-drop: 40% low, 70% high

Threshold 2:

CoS 2 and 3

WRED-drop: 70% low, 100% high

Standard transmit queue 2 (high priority):

Threshold 1:

CoS 4

WRED-drop: 40% low, 70% high

Threshold 2:

CoS 6 and 7

WRED-drop: 70% low, 100% high

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

1p7q8t transmit-queue CoS value and drop-threshold mapping

1p3q1t transmit-queue CoS value and drop-threshold mapping

Standard transmit queue 1 (low priority):

Threshold 1:

CoS 0 and 1

Tail drop (disabled): 100%

WRED-drop (enabled): 70% low, 100% high

Standard transmit queue 2 (medium priority) tail-drop threshold:

Threshold 1:

CoS 2, 3, and 4

Tail drop (disabled): 100%

WRED-drop (enabled): 70% low, 100% high

Standard transmit queue 3 (high priority) tail-drop threshold:

Threshold 1:

CoS 6 and 7

Tail drop (disabled): 100%

WRED-drop (enabled): 70% low, 100% high

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

1p2q1t transmit-queue port CoS value and drop-threshold mapping

Standard transmit queue 1 (low priority):

Threshold 1:

CoS 0, 1, 2, and 3

WRED-drop: 70% low, 100% high

Standard transmit queue 2 (high priority) WRED-drop threshold:

Threshold 1:

CoS CoS 4, 6, and 7

WRED-drop: 70% low, 100% high

Strict-priority receive queue:

CoS 5

Tail-drop: 100% (nonconfigurable)

With PFC QoS disabled

Ingress LAN port trust state

trust-dscp

Receive-queue drop-threshold percentages

All thresholds set to 100%

Transmit-queue drop-threshold percentages

All thresholds set to 100%

Transmit-queue bandwidth allocation ratio

255:1

Transmit-queue size ratio

Low priority: 100% (other queues not used)

CoS value and drop threshold mapping

All CoS values mapped to the low-priority queue.


PFC QoS Configuration Guidelines and Restrictions

Follow these guidelines and restrictions when configuring PFC QoS:

Guidelines:

With an MSFC2, Release 12.1(13)E and later releases support the match protocol class map command, which configures NBAR and sends all traffic on the Layer 3 interface, both ingress and egress, to be processed in software on the MSFC2. To configure NBAR, refer to this publication:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm

Earlier releases provide PFC QoS and Layer 3 switching in hardware, which prevents support of the match protocol class map command except for traffic being processed in software on the MSFC.

With Release 12.1(12c)E1 and later releases, PFC QoS supports the set ip dscp and set ip precedence policy map class commands (see the "Configuring Policy Map Class Actions" section). With Release 12.1(12c)E1 and later releases, PFC QoS does not support the set mpls experimental or set qos-group policy map class commands. With earlier releases, PFC QoS does not support any set policy map class commands.

With Release 12.1(11b)E1 and later releases, OSM QoS supports the set mpls experimental policy map class command. Refer to the following publication for information about OSM QoS:

http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/osm_inst/index.htm

PFC QoS has the following hardware granularity for CIR and PIR rate values:

CIR and PIR Rate Value Range
Granularity

32768 to 2097152                    (2 Mbps)

32768         (32 Kb)

2097153 to 4194304                (4 Mbps)

65536         (64 Kb)

4194305 to 8388608                (8 Mbps)

131072        (128 Kb)

8388609 to 16777216             (16 Mbps)

262144        (256 Kb)

16777217 to 33554432           (32 Mbps)

524288        (512 Kb)

33554433 to 67108864           (64 Mbps)

1048576   (1 Mb)

67108865 to 134217728      (128 Mbps)

2097152   (2 Mb)

34217729 to 268435456      (256 Mbps)

4194304   (4 Mb)

268435457 to 536870912    (512 Mbps)

8388608   (8 Mb)

536870913 to 1073741824          (1 Gps)

16777216  (16 Mb)

1073741825 to 2147483648       (2 Gps)

33554432  (32 Mb)

2147483649 to 4294967296      (4 Gps)

67108864  (64 Mb)


Within each range, PFC QoS programs the PFC hardware with rate values that are multiples of the granularity values.

PFC QoS has the following hardware granularity for CIR and PIR token bucket (burst) sizes:

CIR and PIR Token Bucket Size Range
Granularity

1 to 32768                            (32 KB)

1024           (1 KB)

32769 to 65536                    (64 KB)

2048           (2 KB)

65537 to 131072                 (128 KB)

4096          (4 KB)

131073 to 262144               (256 KB)

8196          (8 KB)

262145 to 524288               (512 KB)

16392        (16 KB)

524289 to 1048576               (1 MB)

32768        (32 KB)

1048577 to 2097152             (2 MB)

65536        (64 KB)

2097153 to 4194304             (4 MB)

131072     (128 KB)

4194305 to 8388608             (8 MB)

262144     (256 KB)

8388609 to 16777216          (16 MB)

524288     (512 KB)

16777217 to 33554432        (32 MB)

1048576       (1 MB)


Within each range, PFC QoS programs the PFC hardware with token bucket sizes that are multiples of the granularity values.

For these commands, PFC QoS applies identical configuration to all LAN ports controlled by the same application-specific integrated circuit (ASIC) or group of ASICs (see the port group information for each module in the Release Notes):

rcv-queue queue-limit

wrr-queue queue-limit

wrr-queue bandwidth (except Gigabit Ethernet LAN ports)

priority-queue cos-map

rcv-queue cos-map

wrr-queue cos-map

wrr-queue threshold

rcv-queue threshold

wrr-queue random-detect

wrr-queue random-detect min-threshold

wrr-queue random-detect max-threshold

Restrictions

PFC QoS filters only by access lists, dscp values, or IP precedence values.

PFC QoS does not support the following commands and configurations:

match cos, match any, match classmap, match destination-address, match input-interface, match mpls, match qos-group, or match source-address class map commands

class maps that contain multiple match commands

output service-policy keyword

class class_name destination-address, class class_name input-interface, class class_name protocol, class class_name qos-group, or class class_name source-address policy map commands

bandwidth, priority, queue-limit, or random-detect policy map class commands

Configuring PFC QoS

These sections describe how to configure PFC QoS on the Catalyst 6500 series switches:

Enabling PFC QoS Globally

Enabling Queueing-Only Mode

Creating Named Aggregate Policers

Configuring a PFC QoS Policy

Enabling or Disabling Microflow Policing

Enabling Microflow Policing of Bridged Traffic

Enabling or Disabling PFC Features on an Interface

Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports

Configuring the Trust State of Ethernet LAN and OSM Ingress Ports

Configuring the Ingress LAN Port CoS Value

Configuring Standard-Queue Drop Threshold Percentages

Mapping CoS Values to Drop Thresholds

Allocating Bandwidth Between LAN-Port Transmit Queues

Setting the Receive-Queue Size Ratio on a 1p1q0t or 1p1q8t Ingress LAN Ports

Setting the LAN-Port Transmit-Queue Size Ratio

Configuring DSCP Value Maps

Configuring PFC QoS Statistics Data Export


NotePFC QoS processes both unicast and multicast traffic.

With Release 12.1(11b)E and later releases, when you are in configuration mode you can enter EXEC mode-level commands by entering the do keyword before the EXEC mode-level command.


Enabling PFC QoS Globally

To enable PFC QoS globally, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos

Enables PFC QoS globally on the switch.

Router(config)# no mls qos

Disables PFC QoS globally on the switch.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos

Verifies the configuration.

This example shows how to enable PFC QoS globally:

Router# configure terminal 
Router(config)# mls qos 
Router(config)# end 
Router#

This example shows how to verify the configuration:

Router# show mls qos 
  QoS is enabled globally
  Microflow QoS is enabled globally

QoS global counters:
    Total packets: 544393
    IP shortcut packets: 1410
    Packets dropped by policing: 0
    IP packets with TOS changed by policing: 467
    IP packets with COS changed by policing: 59998
    Non-IP packets with COS changed by policing: 0

Enabling Queueing-Only Mode

To enable queueing-only mode on the switch, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos queueing-only

Enables queueing-only mode on the switch.

Router(config)# no mls qos queueing-only

Disables PFC QoS globally on the switch.

Note You cannot disable queueing-only mode separately.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos

Verifies the configuration.

When you enable queueing-only mode, the switch does the following:

Disables marking and policing globally

Configures all ports to trust Layer 2 CoS


Note The switch applies the port CoS value to untagged ingress traffic and to traffic that is received through ports that cannot be configured to trust CoS.


This example shows how to enable queueing-only mode:

Router# configure terminal 
Router(config)# mls qos queueing-only 
Router(config)# end 
Router#

Creating Named Aggregate Policers

To create a named aggregate policer (see the "Policers" section), perform this task:

Command
Purpose

Router(config)# mls qos aggregate-policer policer_name bits_per_second normal_burst_bytes [maximum_burst_bytes] [pir1 peak_rate_bps] [[[conform-action {drop | set-dscp-transmit2 dscp_value | set-prec-transmit2 ip_precedence_value | transmit}] exceed-action {drop | policed-dscp | transmit}] violate-action1 {drop | policed-dscp | transmit}]

Creates a named aggregate policer.

Router(config)# no mls qos aggregate-policer policer_name

Deletes a named aggregate policer.

1 Supported only with PFC2.

2 With PFC2, the set-dscp-transmit and set-prec-transmit keywords are only supported for IP traffic.



Note With PFC2, aggregate policers can be applied to ingress interfaces on multiple modules, but aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module and for the PFC2 and any non-DFC-equipped switching modules supported by the PFC2.


When creating a named aggregate policer, note the following:

Policing uses the Layer 3 packet size.

See the "PFC QoS Configuration Guidelines and Restrictions" section for information about rate and burst size granularity.

The valid range of values for the CIR bits_per_second parameter is as follows:

Minimum—32 kilobits per second, entered as 32000

Maximum—4 gigabits per second, entered as 4000000000

The normal_burst_bytes parameter sets the CIR token bucket size.

The maximum_burst_bytes parameter sets the PIR token bucket size.

When configuring the size of a token bucket, note the following:

The minimum token bucket size is 1 kilobyte, entered as 1000 (the maximum_burst_bytes parameter must be set larger than the normal_burst_bytes parameter)

The maximum token bucket size is approximately 32 megabytes, entered as 31250000

To sustain a specific rate, set the token bucket size to be at least the rate value divided by 4000, because tokens are removed from the bucket every 1/4000th of a second (0.25 ms).

Because the token bucket must be large enough to hold at least one frame, set the parameter larger than the maximum Layer 3 packet size of the traffic being policed.

For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum Layer 3 packet size of the traffic being policed.

The maximum_burst_bytes parameter is supported with PFC2. The maximum_burst_bytes parameter is not supported with PFC, but can be entered with a value equal to the normal_burst_bytes parameter.

The valid range of values for the pir bits_per_second parameter is as follows:

Minimum—32 kilobits per second, entered as 32000 (the value cannot be smaller than the CIR bits_per_second parameters)

Maximum—4 gigabits per second, entered as 4000000000

The pir bits_per_second parameter is supported with the PFC2. The pir bits_per_second parameter is not supported with the PFC1 but can be entered with the PFC1 if the value is equal to the CIR bits_per_second parameter.

(Optional) You can specify a conform action for matched in-profile traffic as follows:

The default conform action is transmit, which sets the policy map class trust state to trust DSCP unless the policy map class contains a trust command (see the "Policy Maps" section and the "Configuring Policy Map Class Actions" section).

To set PFC QoS labels in untrusted traffic, enter the set-dscp-transmit keyword to mark matched untrusted traffic with a new DSCP value or enter the set-prec-transmit keyword to mark matched untrusted traffic with a new IP precedence value (with the PFC2, the set-dscp-transmit and set-prec-transmit keywords are only supported for IP traffic). PFC QoS sets egress ToS and CoS from the configured value.

Enter the drop keyword to drop all matched traffic.


Note When you configure drop as the conform action, PFC QoS configures drop as the exceed action and the violate action.


(Optional) For traffic that exceeds the CIR, you can specify an exceed action as follows:

The default exceed action is drop, except with a maximum_burst_bytes parameter (drop is not supported with a maximum_burst_bytes parameter).


Note When the exceed action is drop, PFC QoS ignores any configured violate action.


Enter the policed-dscp-transmit keyword to cause all matched out-of-profile traffic to be marked down as specified in the markdown map (see the "Configuring DSCP Markdown Values" section).


Note When you create a policer that does not use the pir keyword and the maximum_burst_bytes parameter is equal to the normal_burst_bytes parameter (which is the case if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map.


(Optional) For traffic that exceeds the PIR, you can specify a violate action as follows:

To mark traffic without policing, enter the transmit keyword to transmit all matched out-of-profile traffic.

The default violate action is equal to the exceed action.

Enter the policed-dscp-transmit keyword to cause all matched out-of-profile traffic to be marked down as specified in the markdown map (see the "Configuring DSCP Markdown Values" section).

For marking without policing, enter the transmit keyword to transmit all matched out-of-profile traffic.

The violate-action keyword is not supported with the PFC1, but the keyword can be entered with a PFC1 if the parameters match the exceed-action parameters.

This example shows how to create a named aggregate policer with a 1-Mbps rate limit and a 10-MB burst size that transmits conforming traffic and marks down out-of-profile traffic:

Router(config)# mls qos aggregate-policer aggr-1 1000000 10000000 conform-action transmit 
exceed-action policed-dscp-transmit 
Router(config)# end 
Router#

This example shows how to verify the configuration:

Router# show mls qos aggregate-policer aggr-1 
ag1 1000000 1000000 conform-action transmit exceed-action policed-dscp-transmit AgId=0 
[pol4]
Router#

The output displays the following:

The AgId parameter displays the hardware policer ID.

The policy maps that use the policer are listed in the square brackets ([]).

Configuring a PFC QoS Policy

These sections describe PFC QoS policy configuration:

PFC QoS Policy Configuration Overview

Configuring MAC-Layer Named Access Lists (Optional)

Configuring a Class Map (Optional)

Verifying Class Map Configuration

Configuring a Policy Map

Verifying Policy Map Configuration

Attaching a Policy Map to an Interface


Note PFC QoS policies process both unicast and multicast traffic.


PFC QoS Policy Configuration Overview


Note To mark traffic without limiting bandwidth utilization, create a policer that uses the transmit keywords for both conforming and nonconforming traffic.


These commands configure traffic classes and the policies to be applied to those traffic classes and attach the policies to ports:

access-list (Optional for IP traffic. You can filter IP traffic with class-map commands.):

PFC QoS supports these access list types:

Protocol
Numbered Access Lists?
Extended Access Lists?
Named Access Lists?

IP

Yes:
1 to   99
1300 to 1999

Yes:
100 to  199
2000 to 2699

Yes

IPX1

Yes: 800 to 899

Yes: 900 to 999

Yes

MAC Layer1

No

No

Yes2

1 Supported with Release 12.1(1)E and later.

2 Supported with Release 12.1(1)E and later; see the "Configuring MAC-Layer Named Access Lists (Optional)" section.


In Release 12.1(19)E and later releases, PFC QoS supports time-based Cisco IOS ACLs.

In Release 12.1(1)E and later releases, PFC QoS supports IPX access lists that contain a source-network parameter and the optional destination-network and destination-node parameters. PFC QoS does not support IPX access control lists that contain other parameters (for example, source-node, protocol, source-socket, destination-socket, or service-type).

Except for MAC-Layer named access lists (see the "Configuring MAC-Layer Named Access Lists (Optional)" section), refer to the Cisco IOS Security Configuration Guide, Release 12.1, "Traffic Filtering and Firewalls," "Access Control Lists: Overview and Guidelines," at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt3/index.htm

See Chapter 23, "Configuring Network Security," for additional information about ACLs on the Catalyst 6500 series switches.

class-map (optional)—Enter the class-map command to define one or more traffic classes by specifying the criteria by which traffic is classified (see the "Configuring a Class Map (Optional)" section).


Note You can also create class-maps during policy map creation with the policy-map class command (see the "Creating a Policy Map Class and Configuring Filtering" section).


policy-map—Enter the policy-map command to define the following:

New class maps

Policy map class trust mode

Aggregate policing and marking

Microflow policing and marking

service-policy—Enter the service-policy command to attach a policy map to an interface.

Configuring MAC-Layer Named Access Lists (Optional)

In Release 12.1(1)E and later releases, you can configure named access lists that filter DECnet, AppleTalk, VINES, or XNS traffic based on Layer 2 addresses.

To configure a MAC-Layer named access list, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mac access-list extended list_name

Configures a MAC-Layer named access list.

Router(config)# no mac access-list extended list_name

Deletes a MAC-Layer named access list.

Step 2 

Router(config-ext-macl)# {permit | deny} {src_mac_mask | any} {dest_mac_mask | any} [aarp | amber | appletalk | diagnostic | decnet-iv | dec-spanning | dsm | etype-6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-ip | vines-echo | xns]

Configures an access control entry (ACE) in a MAC-Layer named access list.

Router(config-ext-macl)# no {permit | deny} {src_mac_mask | any} {dest_mac_mask | any} [aarp | amber | appletalk | diagnostic | decnet-iv | dec-spanning | dsm | etype-6000 | etype-8042 | lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-ip | vines-echo | xns]

Deletes an ACE from a MAC-Layer named access list.

When configuring an entry in a MAC-Layer access list, note the following:

You can enter MAC addresses as three 4-byte values in dotted hexadecimal format. For example, 0030.9629.9f84.

You can enter MAC address masks as three 4-byte values in dotted hexadecimal format. Use 1 bits as wildcards. For example, to match an address exactly, use 0000.0000.0000 (can be entered as 0.0.0).

Entries without a protocol parameter match any protocol.

Access lists entries are scanned in the order you enter them. The first matching entry is used. To improve performance, place the most commonly used entries near the beginning of the access list.

An implicit deny any any entry exists at the end of an access list unless you include an explicit permit any any entry at the end of the list.

All new entries to an existing list are placed at the end of the list. You cannot add entries to the middle of a list.

This list shows the ethertype values matched by the protocol keywords:

0x0600—xns-idp—Xerox XNS IDP

0x0BAD—vines-ip—Banyan VINES IP

0x0baf—vines-echo—Banyan VINES Echo

0x6000—etype-6000—DEC unassigned, experimental

0x6001—mop-dump—DEC Maintenance Operation Protocol (MOP) Dump/Load Assistance

0x6002—mop-console—DEC MOP Remote Console

0x6003—decnet-iv—DEC DECnet Phase IV Route

0x6004—lat—DEC Local Area Transport (LAT)

0x6005—diagnostic—DEC DECnet Diagnostics

0x6007—lavc-sca—DEC Local-Area VAX Cluster (LAVC), SCA

0x6008—amber—DEC AMBER

0x6009—mumps—DEC MUMPS

0x8038—dec-spanning—DEC LANBridge Management

0x8039—dsm—DEC DSM/DDP

0x8040—netbios—DEC PATHWORKS DECnet NETBIOS Emulation

0x8041—msdos—DEC Local Area System Transport

0x8042—etype-8042—DEC unassigned

0x809B—appletalk—Kinetics EtherTalk (AppleTalk over Ethernet)

0x80F3—aarp—Kinetics AppleTalk Address Resolution Protocol (AARP)

This example shows how to create a MAC-Layer access list named mac_layer that denies dec-phase-iv traffic with source address 0000.4700.0001 and destination address 0000.4700.0009, but permits all other traffic:

Router(config)# mac access-list extended mac_layer 
Router(config-ext-macl)# deny 0000.4700.0001 0.0.0 0000.4700.0009 0.0.0 dec-phase-iv 
Router(config-ext-macl)# permit any any 

Configuring a Class Map (Optional)

These sections describe class map configuration:

Creating a Class Map

Configuring Filtering in a Class Map


Note You can also create class maps during policy map creation with the policy-map class command (see the "Creating a Policy Map Class and Configuring Filtering" section).


Creating a Class Map

To create a class map, perform this task:

Command
Purpose

Router(config)# class-map class_name

Creates a class map.

Router(config)# no class-map class_name

Deletes a class map.

Configuring Filtering in a Class Map


Note Except for MAC-Layer ACLs (see the "Configuring MAC-Layer Named Access Lists (Optional)" section), access lists are not documented in this publication. See the reference under access-list in the "Configuring a PFC QoS Policy" section.


To configure filtering in a class map, perform one of these tasks:

Command
Purpose

Router(config-cmap)# match access-group name acl_index_or_name

(Optional) Configures the class map to filter using an ACL.

Router(config-cmap)# no match access-group name acl_index_or_name

Clears the ACL configuration from the class map.

Router (config-cmap)# match ip precedence ipp_value1 [ipp_value2 [ipp_valueN]]

(Optional—for IP traffic only) Configures the class map to filter on up to eight IP precedence values.

Router (config-cmap)# no match ip precedence ipp_value1 [ipp_value2 [ipp_valueN]]

Clears configured IP precedence values from the class map.

Router (config-cmap)# match ip dscp dscp_value1 [dscp_value2 [dscp_valueN]]

(Optional—for IP traffic only) Configures the class map to filter on up to eight DSCP values.

Router (config-cmap)# no match ip dscp dscp_value1 [dscp_value2 [dscp_valueN]]

Clears configured DSCP values from the class map.


NoteWith an MSFC2, Release 12.1(13)E and later releases support the match protocol class map command, which configures NBAR and sends all traffic on the Layer 3 interface, both ingress and egress, to be processed in software on the MSFC2. To configure NBAR, refer to this publication:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm

Earlier releases provide PFC QoS and Layer 3 switching in hardware, which prevents support of the match protocol class map command except for traffic being processed in software on the MSFC.

PFC QoS supports class maps that contain a single match command.

PFC QoS does not support the match cos, match any, match classmap, match destination-address, match input-interface, match mpls, match qos-group, and match source-address class map commands.

Catalyst 6500 series switches do not detect the use of unsupported commands until you attach a policy map to an interface (see the "Attaching a Policy Map to an Interface" section).


Verifying Class Map Configuration

To verify class map configuration, perform this task:

 
Command
Purpose

Step 1 

Router (config-cmap)# end

Exits configuration mode.

Step 2 

Router# show class-map class_name

Verifies the configuration.

This example shows how to create a class map named ipp5 and how to configure filtering to match traffic with IP precedence 5:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# class-map ipp5 
Router(config-cmap)# match ip precedence 5 
Router(config-cmap)# end 
Router#

This example shows how to verify the configuration:

Router# show class-map ipp5 
 Class Map match-all ipp5 (id 1)
   Match ip precedence 5

Router#

Configuring a Policy Map

You can attach only one policy map to an interface. Policy maps can contain one or more policy map classes, each with different policy map commands.

Configure a separate policy map class in the policy map for each type of traffic that an interface receives. Put all commands for each type of traffic in the same policy map class. PFC QoS does not attempt to apply commands from more than one policy map class to matched traffic.

These sections describe policy map configuration:

Creating a Policy Map

Creating a Policy Map Class and Configuring Filtering

Configuring Policy Map Class Actions

Creating a Policy Map

To create a policy map, perform this task:

Command
Purpose

Router(config)# policy-map policy_name

Creates a policy map.

Router(config)# no policy-map policy_name

Deletes the policy map.

Creating a Policy Map Class and Configuring Filtering


NoteWith an MSFC2, Release 12.1(13)E and later releases support the class class_name protocol policy map command, which configures NBAR and sends all traffic on the Layer 3 interface, both ingress and egress, to be processed in software on the MSFC2. To configure NBAR, refer to this publication:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm

Earlier releases provide PFC QoS and Layer 3 switching in hardware, which prevents support of the class class_name protocol policy map command except for traffic being processed in software on the MSFC.

PFC QoS does not support the class class_name destination-address, class class_name input-interface, class class_name qos-group, and class class_name source-address policy map commands.

PFC QoS does not detect the use of unsupported commands until you attach a policy map to an interface (see the "Attaching a Policy Map to an Interface" section).


Policy maps can contain one or more policy map classes. Enter one of these class commands to create a policy map class and configure filtering in it.

To create a policy map class and configure it to filter with an already defined class map, perform this task:

Command
Purpose

Router(config-pmap)# class class_name

Creates a policy map class and configures it to filter with a class map (see the "Creating a Class Map" section).

Note PFC QoS supports class maps that contain a single match command.

Router(config-pmap)# no class class_name

Clears use of the class map.

To create a policy map class and a class map simultaneously, perform this task:

Command
Purpose

Router(config-pmap)# class class_name {access-group acl_index_or_name | dscp dscp_1 [dscp_2 [dscp_N]] | precedence ipp_1 [ipp_2 [ipp_N]]}

Creates a policy map class and creates a class map and configures the policy map class to filter with the class map.

Note This command creates a class map that can be used in other policy maps.

Router(config-pmap)# no class class_name

Clears use of the class map (does not delete the class map).


NotePut all trust-state and policing commands for each type of traffic in the same policy map class.

PFC QoS does not attempt to apply commands from more than one policy map class to traffic.


Configuring Policy Map Class Actions

When configuring policy map class actions, note the following:

For hardware-switched traffic, PFC QoS does not support the bandwidth, priority, queue-limit, or random-detect policy map class commands. You can configure these commands because they can be used for software-switched traffic.

With Release 12.1(12c)E1 and later releases, PFC QoS does not support the set mpls or set qos-group policy map class commands. With earlier releases, PFC QoS does not support any set policy map class commands.

With Release 12.1(12c)E1 and later releases, PFC QoS supports the set ip dscp and set ip precedence policy map class commands (see the "Configuring Policy Map Class Marking" section).

With Release 12.1(12c)E1 and later releases, you cannot do all three of the following in a policy map class:

Mark traffic with the set ip dscp or set ip precedence commands

Configure the trust state

Configure policing

In a policy map class, you can either mark untrusted traffic with the set ip dscp or set ip precedence commands or do one or both of the following:

Configure the trust state

Configure policing


Note When configure policing, you can mark traffic with policing keywords (see the "Configuring Policy Map Class Policing" section).


These sections describe policy map class action configuration:

Configuring Policy Map Class Marking

Configuring the Policy Map Class Trust State

Configuring Policy Map Class Policing

Configuring Policy Map Class Marking

With Release 12.1(12c)E1 and later releases, PFC QoS supports policy map class marking for untrusted traffic with the set ip dscp and set ip precedence policy map class commands.

To configure policy map class marking for untrusted traffic, perform this task:

Command
Purpose

Router(config-pmap-c)# set ip {dscp dscp_value | precedence ip_precedence_value}

Configures the policy map class to mark matched untrusted traffic with the configured DSCP or IP precedence value.

Router(config-pmap-c)# no set ip {dscp dscp_value | precedence ip_precedence_value}

Clears the marking configuration.

Configuring the Policy Map Class Trust State

To configure the policy map class trust state, perform this task:

Command
Purpose

Router(config-pmap-c)# trust {cos | dscp | ip-precedence}

Configures the policy map class trust state, which selects the value that PFC QoS uses as the source of the internal DSCP value (see the "Internal DSCP Values" section).

Router(config-pmap-c)# no trust

Reverts to the default policy-map class trust state (untrusted).

When configuring the policy map class trust state, note the following:

Enter the no trust command to use the trust state configured on the ingress port (this is the default).

With the cos keyword, PFC QoS sets the internal DSCP value from received or ingress port CoS (see the "Mapping Received CoS Values to Internal DSCP Values" section).

With the dscp keyword, PFC QoS uses received DSCP.

With the ip-precedence keyword, PFC QoS sets DSCP from received IP precedence (see the "Mapping Received IP Precedence Values to Internal DSCP Values" section).

Configuring Policy Map Class Policing

When you configure policy map class policing, note the following:

PFC QoS does not support the set-qos-transmit policer keyword.

PFC QoS does not support the set-dscp-transmit or set-prec-transmit keywords as arguments to the exceed-action keyword.

PFC QoS does not detect the use of unsupported keywords until you attach a policy map to an interface (see the "Attaching a Policy Map to an Interface" section).

These sections describe configuration of policy map class policing:

Using a Named Aggregate Policer

Configuring a Per-Interface Policer


Note Policing with the conform-action transmit keywords sets the port trust state of matched traffic to trust DSCP or to the trust state configured by a trust command in the policy map class.


Using a Named Aggregate Policer

To use a named aggregate policer (see the "Creating Named Aggregate Policers" section), perform this task:

Command
Purpose

Router(config-pmap-c)# police aggregate aggregate_name

Configures the policy map class to use a previously defined named aggregate policer.

Router(config-pmap-c)# no police aggregate aggregate_name

Clears use of the named aggregate policer.

Configuring a Per-Interface Policer

To configure a per-interface policer (see the "Policers" section), perform this task:

Command
Purpose

Router(config-pmap-c)# police [flow] bits_per_second normal_burst_bytes [maximum_burst_bytes] [pir1 peak_rate_bps] [[[conform-action {drop | set-dscp-transmit2 dscp_value | set-prec-transmit2 ip_precedence_value | transmit}] exceed-action {drop | policed-dscp | transmit}] violate-action1 {drop | policed-dscp | transmit}]

Creates a per-interface policer and configures the policy map class to use it.

Router(config-pmap-c)# no police [flow] bits_per_second normal_burst_bytes [maximum_burst_bytes] [pir peak_rate_bps] [[[conform-action {drop | set-dscp-transmit dscp_value | set-prec-transmit ip_precedence_value | transmit}] exceed-action {drop | policed-dscp | transmit}] violate-action {drop | policed-dscp | transmit}]

Deletes the per-interface policer from the policy map class.

1 Supported only with PFC2. Not supported in microflow policers (the flow keyword configures a microflow policer).

2 With PFC2, the set-dscp-transmit and set-prec-transmit keywords are only supported for IP traffic.

When configuring a per-interface policer, note the following:

Policing uses the Layer 3 packet size.

See the "PFC QoS Configuration Guidelines and Restrictions" section for information about rate and burst size granularity.

You can enter the flow keyword to define a microflow policer. During microflow policing, the following occurs:

PFC QoS considers IPX traffic with same source network, destination network, and destination node to be part of the same flow, including traffic with different source nodes or sockets.

PFC QoS considers MAC-Layer traffic with the same protocol and the same source and destination MAC-Layer addresses to be part of the same flow, including traffic with different ethertypes.

Microflow policers do not support the maximum_burst_bytes parameter, the pir bits_per_second keyword and parameter, or the violate-action keyword.

The valid range of values for the CIR bits_per_second parameter is as follows:

Minimum—32 kilobits per second, entered as 32000

Maximum—4 gigabits per second, entered as 4000000000

The normal_burst_bytes parameter sets the CIR token bucket size.

The maximum_burst_bytes parameter sets the PIR token bucket size (not supported with the flow keyword)

When configuring the size of a token bucket, note the following:

The minimum token bucket size is 1 kilobyte, entered as 1000 (the maximum_burst_bytes parameter must be set larger than the normal_burst_bytes parameter)

The maximum token bucket size is approximately 32 megabytes, entered as 31250000

To sustain a specific rate, set the token bucket size to be at least the rate value divided by 4000, because tokens are removed from the bucket every 1/4000th of a second (0.25 ms).

Because the token bucket must be large enough to hold at least one frame, set the parameter larger than the maximum Layer 3 packet size of the traffic being policed.

For TCP traffic, configure the token bucket size as a multiple of the TCP window size, with a minimum value at least twice as large as the maximum Layer 3 packet size of the traffic being policed.

The maximum_burst_bytes parameter is supported with the PFC2. The maximum_burst_bytes parameter is not supported with the PFC1, but the keyword can be entered with a value equal to the normal_burst_bytes parameter.

(Not supported with the flow keyword.) The valid range of values for the pir bits_per_second parameter is as follows:

Minimum—32 kilobits per second, entered as 32000 (the value cannot be smaller than the CIR bits_per_second parameters)

Maximum—4 gigabits per second, entered as 4000000000

The pir bits_per_second parameter is supported with the PFC2. The pir bits_per_second parameter is not supported with the PFC1, but can be entered with the PFC1 if the value is equal to the CIR bits_per_second parameter.

(Optional) You can specify a conform action for matched in-profile traffic as follows:

The default conform action is transmit, which sets the policy map class trust state to trust DSCP unless the policy map class contains a trust command (see the "Policy Maps" section and the "Configuring Policy Map Class Actions" section).

To set PFC QoS labels in untrusted traffic, you can enter the set-dscp-transmit keyword to mark matched untrusted traffic with a new DSCP value or enter the set-prec-transmit keyword to mark matched untrusted traffic with a new IP precedence value (with the PFC2, the set-dscp-transmit and set-prec-transmit keywords are only supported for IP traffic). PFC QoS sets egress ToS and CoS from the configured value.

You can enter the drop keyword to drop all matched traffic.

Ensure that aggregate and microflow policers that are applied to the same traffic each specify the same conform-action behavior.

(Optional) For traffic that exceeds the CIR, you can specify an exceed action as follows:

For marking without policing, you can enter the transmit keyword to transmit all matched out-of-profile traffic.

The default exceed action is drop, except with a maximum_burst_bytes parameter (drop is not supported with a maximum_burst_bytes parameter).


Note When the exceed action is drop, PFC QoS ignores any configured violate action.


You can enter the policed-dscp-transmit keyword to cause all matched out-of-profile traffic to be marked down as specified in the markdown map (see the "Configuring DSCP Markdown Values" section).


Note When you create a policer that does not use the pir keyword and the maximum_burst_bytes parameter is equal to the normal_burst_bytes parameter (which is the case if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map.


(Optional—Not supported with the flow keyword) For traffic that exceeds the PIR, you can specify a violate action as follows:

For marking without policing, you can enter the transmit keyword to transmit all matched out-of-profile traffic.

The default violate action is equal to the exceed action.

You can enter the policed-dscp-transmit keyword to cause all matched out-of-profile traffic to be marked down as specified in the markdown map (see the "Configuring DSCP Markdown Values" section).

The violate-action keyword is not supported with the PFC1, but the keyword can be entered with the PFC1 if the parameters match the exceed-action parameters.


Note Aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module and for the PFC2 and any non-DFC-equipped switching modules supported by the PFC2.


This example shows how to create a policy map named max-pol-ipp5 that uses the class-map named ipp5, which is configured to trust received IP precedence values and is configured with a maximum-capacity aggregate policer and with a microflow policer:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# policy-map max-pol-ipp5 
Router(config-pmap)# class ipp5 
Router(config-pmap-c)# trust ip-precedence 
Router(config-pmap-c)# police 2000000000 2000000 conform-action set-prec-transmit 6 
exceed-action policed-dscp-transmit 
Router(config-pmap-c)# police flow 10000000 10000 conform-action set-prec-transmit 6 
exceed-action policed-dscp-transmit 
Router(config-pmap-c)# end 

Verifying Policy Map Configuration

To verify policy map configuration, perform this task:

 
Command
Purpose

Step 1 

Router(config-pmap-c)# end

Exits policy map class configuration mode.

Note Enter additional class commands to create additional classes in the policy map.

Step 2 

Router# show policy-map policy_name

Verifies the configuration.

This example shows how to verify the configuration:

Router# show policy-map max-pol-ipp5 
 Policy Map max-pol-ipp5
  class  ipp5

  class ipp5
    police flow 10000000 10000 conform-action set-prec-transmit 6 exceed-action  
policed-dscp-transmit
    trust precedence
    police 2000000000 2000000 2000000 conform-action set-prec-transmit 6 exceed-action 
policed-dscp-transmit

Router#

Attaching a Policy Map to an Interface


Note PFC QoS does not support the output service-policy keyword.


To attach a policy map to an interface, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{vlan vlan_ID} | {type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 2 

Router(config-if)# service-policy input policy_map_name

Attaches a policy map to the input direction of the interface.

Router(config-if)# no service-policy input policy_map_name

Removes the policy map from the interface.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show policy-map interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, ge-wan, pos, or atm


Note Aggregate policing works independently on each DFC-equipped switching module and independently on the PFC2, which supports any non-DFC-equipped switching modules. Aggregate policing does not combine flow statistics from different DFC-equipped switching modules. You can display aggregate policing statistics for each DFC-equipped switching module and for the PFC2 and any non-DFC-equipped switching modules supported by the PFC2.


This example shows how to attach the policy map named pmap1 to Fast Ethernet port 5/36:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 5/36 
Router(config-if)# service-policy input pmap1
Router(config-if)# end

This example shows how to verify the configuration:

Router# show policy-map interface fastethernet 5/36 
 FastEthernet5/36 
  service-policy input: pmap1
    class-map: cmap1 (match-all)
      0 packets, 0 bytes
      5 minute rate 0 bps
      match: ip precedence 5
  class cmap1
    police 8000 8000 conform-action transmit exceed-action drop
    class-map: cmap2 (match-any)
      0 packets, 0 bytes
      5 minute rate 0 bps
      match: ip precedence 2
        0 packets, 0 bytes
        5 minute rate 0 bps
  class cmap2
    police 8000 10000 conform-action transmit exceed-action drop
Router#

Enabling or Disabling Microflow Policing

To enable or disable microflow policing (see the "Policers" section), perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos flow-policing

Enables microflow policing.

Router(config)# no mls qos flow-policing

Disables microflow policing.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos

Verifies the configuration.

This example shows how to disable microflow policing:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# no mls qos flow-policing 
Router(config)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos | include Microflow 
  Microflow QoS is disabled globally
Router#

Enabling Microflow Policing of Bridged Traffic


Note To apply microflow policing to multicast traffic, you must enter the mls qos bridged command on the Layer 3 multicast ingress interfaces.


By default, microflow policers affect only routed traffic. To enable microflow policing of bridged traffic on specified VLANs, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{vlan vlan_ID} | {type1  slot/port}}

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos bridged

Enables microflow policing of bridged traffic, including bridge groups, on the VLAN.

Router(config-if)# no mls qos bridged

Disables microflow policing of bridged traffic.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show mls qos

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to enable microflow policing of bridged traffic on VLANs 3 through 5:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface range vlan 3 - 5 
Router(config-if)# mls qos bridged 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos | begin Bridged QoS 
Bridged QoS is enabled on the following interfaces:
    Vl3 Vl4 Vl5 
<...output truncated...>
Router#

Enabling or Disabling PFC Features on an Interface

You can enable or disable the PFC QoS features implemented on the PFC for traffic from an interface (see the "PFC Marking and Policing" section). Disabling the PFC QoS features on an interface leaves the configuration intact. The mls qos interface command reenables any previously configured PFC QoS features. The mls qos interface command does not affect the port queueing configuration.

To enable or disable PFC features for traffic from an interface, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos

Enables PFC QoS on the interface.

Router(config-if)# no mls qos

Disables PFC QoS on the interface.

Step 3 

Router(config-if)# end

Exits configuration interface.

Step 4 

Router# show mls qos

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, ge-wan, pos, or atm

This example shows how to disable PFC QoS on the VLAN 5 interface:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface vlan 5 
Router(config-if)# no mls qos 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos | begin QoS is disabled 
  QoS is disabled on the following interfaces:
    Vl5 
<...Output Truncated...>
Router#

Enabling VLAN-Based PFC QoS on Layer 2 LAN Ports


Note With DFCs installed, Supervisor Engine 2 does not support VLAN-based PFC QoS.


By default, PFC QoS uses policy maps attached to LAN ports. For ports configured as Layer 2 LAN ports with the switchport keyword, you can configure PFC QoS to use policy maps attached to a VLAN (see the "Attaching Policy Maps" section). Ports not configured with the switchport keyword are not associated with a VLAN.

To enable VLAN-based PFC QoS on a Layer 2 LAN port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos vlan-based

Enables VLAN-based PFC QoS on a Layer 2 LAN port.

Router(config-if)# no mls qos vlan-based

Disables VLAN-based PFC QoS.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show mls qos

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to enable VLAN-based PFC QoS on Fast Ethernet port 5/42:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 5/42 
Router(config-if)# mls qos vlan-based 
Router(config-if)# end 

This example shows how to verify the configuration:

Router# show mls qos | begin QoS is vlan-based 
  QoS is vlan-based on the following interfaces:
    Fa5/42
<...Output Truncated...>

Note Configuring a Layer 2 LAN port for VLAN-based PFC QoS preserves the policy map port configuration. The no mls qos vlan-based port command reenables any previously configured port commands.


Configuring the Trust State of Ethernet LAN and OSM Ingress Ports

By default, all ingress ports are untrusted. You can configure the ingress port trust state on all Ethernet LAN ports except non-Gigabit Ethernet 1q4t/2q2t ports (see the "Ingress LAN Port Features" section). You can configure the ingress port trust state on OSM ports (see the "Ingress OSM Port Features" section).

To configure the trust state of an ingress port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos trust [dscp | ip-precedence | cos2 ]

Configures the trust state of the port.

Router(config-if)# no mls qos trust

Reverts to the default trust state (untrusted).

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show mls qos

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, tengigabitethernet, ge-wan, pos, or atm.

2 Not supported for pos or atm interface types.

When configuring the trust state of an ingress port, note the following:

With no other keywords, the mls qos trust command is equivalent to mls qos trust dscp.

The mls qos trust cos command enables receive-queue drop thresholds. To avoid dropping traffic because of inconsistent CoS values, configure ports with the mls qos trust cos command only when the received traffic is ISL or 802.1Q frames carrying CoS values that you know to be consistent with network policy.

Use the no mls qos trust command to set the port state to untrusted.

This example shows how to configure Gigabit Ethernet port 1/1 with the trust cos keywords:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# mls qos trust cos 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/1 | include trust 
  Trust state: trust COS
Router# 

Configuring the Ingress LAN Port CoS Value


Note Whether or not PFC QoS uses the CoS value applied with the mls qos cos command depends on the trust state of the port and the trust state of the traffic received through the port. The mls qos cos command does not configure the trust state of the port or the trust state of the traffic received through the port.

To use the CoS value applied with the mls qos cos command as the basis of internal DSCP (see the "Internal DSCP Values" section):

On a port that receives only untagged ingress traffic, configure the ingress port as trusted or configure a trust-CoS policy map that matches the ingress traffic.

On a port that receives tagged ingress traffic, configure a trust-CoS policy map that matches the ingress traffic.


You can configure the CoS value that PFC QoS assigns to untagged frames from ingress LAN ports configured as trusted and to all frames from ingress LAN ports configured as untrusted.

To configure the CoS value for an ingress LAN port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {{type1  slot/port} | {port-channel number}}

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos cos default_cos

Configures the ingress LAN port CoS value.

Router(config-if)# no mls qos cos default_cos

Reverts to the default port CoS value.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {ethernet | fastethernet | gigabitethernet} slot/port

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to configure the CoS 5 as the default on Fast Ethernet port 5/24 and verify the configuration:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 5/24 
Router(config-if)# mls qos cos 5 
Router(config-if)# end 
Router# show queueing interface fastethernet 5/24 | include Default COS 
  Default COS is 5
Router# 

Configuring Standard-Queue Drop Threshold Percentages

These sections describe configuring standard-queue drop threshold percentages:

Configuring a Tail-Drop Receive Queue

Configuring a WRED-Drop Transmit Queue

Configuring a WRED-Drop and Tail-Drop Transmit Queue

Configuring 1q4t/2q2t Tail-Drop Threshold Percentages


NoteEnter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of a port (see the "Receive Queues" section and the "Transmit Queues" section).

1p1q0t ports have no configurable thresholds.

1p3q1t (transmit), 1p2q1t (transmit), and 1p1q8t (receive) ports also have nonconfigurable tail-drop thresholds (see the "Mapping CoS Values to Standard Transmit-Queue Thresholds" section).


When configuring thresholds, note the following:

Queue number 1 is the lowest-priority standard queue.

Higher-numbered queues are higher priority standard queues.

When you configure multiple-threshold standard queues, note the following:

The first percentage that you enter sets the lowest-priority threshold.

The second percentage that you enter sets the next highest-priority threshold.

The last percentage that you enter sets the highest-priority threshold.

The percentages range from 1 to 100. A value of 10 indicates a threshold when the buffer is 10-percent full.

Always set highest-numbered threshold to 100 percent.

When configuring the WRED-drop thresholds, note the following:

Each WRED-drop threshold has a low-WRED and a high-WRED value.

Low-WRED and high-WRED values are a percentage of the queue capacity (the range is from 1 to 100).

The low-WRED value is the traffic level under which no traffic is dropped. The low-WRED value must be lower than the high-WRED value.

The high-WRED value is the traffic level above which all traffic is dropped.

Traffic in the queue between the low- and high-WRED values has an increasing chance of being dropped as the queue fills.

Configuring a Tail-Drop Receive Queue

These port types have only tail-drop thresholds in their receive-queues:

1p1q4t

1q2t

To configure the drop thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {fastethernet | gigabitethernet} slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# rcv-queue threshold queue_id thr1% thr2% thr3% thr4% {thr5% thr6% thr7% thr8%}

Configures the receive-queue tail-drop threshold percentages.

Router(config-if)# no rcv-queue threshold [queue_id]

Reverts to the default receive-queue tail-drop threshold percentages.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {fastethernet | gigabitethernet} slot/port

Verifies the configuration.

This example shows how to configure the receive-queue drop thresholds for Gigabit Ethernet port 1/1:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# rcv-queue threshold 1 60 75 85 100 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/1 | begin Receive queues 
Receive queues [type = 1p1q4t]:
    Queue Id    Scheduling  Num of thresholds
    -----------------------------------------
       1         Standard            4
       2         Priority            1

  Trust state: trust COS

    queue tail-drop-thresholds
    --------------------------
    1     60[1] 75[2] 85[3] 100[4] 
<...Output Truncated...>
Router# 

Configuring a WRED-Drop Transmit Queue

These port types have only WRED-drop thresholds in their transmit queues:

1p2q2t

1p2q1t

To configure the drop thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue random-detect min-threshold queue_id thr1% [thr2%]

Configures the low WRED-drop thresholds.

Router(config-if)# no wrr-queue random-detect min-threshold [queue_id]

Reverts to the default low WRED-drop thresholds.

Step 3 

Router(config-if)# wrr-queue random-detect max-threshold queue_id thr1% [thr2%]

Configures the high WRED-drop thresholds.

Router(config-if)# no wrr-queue random-detect max-threshold [queue_id]

Reverts to the default high WRED-drop thresholds.

Step 4 

Router(config-if)# end

Exits configuration mode.

Step 5 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = fastethernet, gigabitethernet, or tengigabitethernet

Configuring a WRED-Drop and Tail-Drop Transmit Queue

1p3q1t ports have both WRED-drop and tail-drop thresholds in their transmit queues.

To configure the drop thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue threshold queue_id thr1% [thr2% thr3% thr4% thr5% thr6% thr7% thr8%]

Configures the tail-drop thresholds.

Router(config-if)# no wrr-queue threshold [queue_id]

Reverts to the default tail-drop thresholds.

Step 3 

Router(config-if)# wrr-queue random-detect min-threshold queue_id thr1% [thr2% thr3% thr4% thr5% thr6% thr7% thr8%]

Configures the low WRED-drop thresholds.

Router(config-if)# no wrr-queue random-detect min-threshold [queue_id]

Reverts to the default low WRED-drop thresholds.

Step 4 

Router(config-if)# wrr-queue random-detect max-threshold queue_id thr1% [thr2% thr3% thr4% thr5% thr6% thr7% thr8%]

Configures the high WRED-drop thresholds.

Router(config-if)# no wrr-queue random-detect max-threshold [queue_id]

Reverts to the default high WRED-drop thresholds.

Step 5 

Router(config-if)# wrr-queue random-detect queue_id

Enables WRED-drop thresholds .

Router(config-if)# no wrr-queue random-detect [queue_id]

Enables tail-drop thresholds.

Step 6 

Router(config-if)# end

Exits configuration mode.

Step 7 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to configure the low-priority transmit queue high-WRED-drop thresholds for Gigabit Ethernet port 1/1:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# wrr-queue random-detect max-threshold 1 70 70 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/1 | begin Transmit queues 
  Transmit queues [type = 1p2q2t]:
    Queue Id    Scheduling  Num of thresholds
    -----------------------------------------
       1         WRR low             2
       2         WRR high            2
       3         Priority            1

    queue random-detect-max-thresholds
    ----------------------------------
      1    40[1] 70[2] 
      2    40[1] 70[2] 
<...Output Truncated...>
Router# 

Configuring 1q4t/2q2t Tail-Drop Threshold Percentages

On 1q4t/2q2t ports, the receive- and transmit-queue drop thresholds have this relationship:

Receive queue 1 (standard) threshold 1 = transmit queue 1 (standard low priority) threshold 1

Receive queue 1 (standard) threshold 2 = transmit queue 1 (standard low priority) threshold 2

Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1

Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2

To configure tail-drop threshold percentages for the standard receive and transmit queues on 1q4t/2q2t LAN ports, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {ethernet | fastethernet | gigabitethernet} slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue threshold queue_id thr1% thr2%

Configures the receive- and transmit-queue tail-drop thresholds.

Router(config-if)# no wrr-queue threshold [queue_id]

Reverts to the default receive- and transmit-queue tail-drop thresholds.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {ethernet | fastethernet | gigabitethernet} slot/port

Verifies the configuration.

When configuring the receive- and transmit-queue tail-drop thresholds, note the following:

You must use the transmit queue and threshold numbers.

The queue_id is 1 for the standard low-priority queue and 2 for the standard high-priority queue.

The percentages range from 1 to 100. A value of 10 indicates a threshold when the buffer is 10-percent full.

Always set threshold 2 to 100 percent.

Ethernet and Fast Ethernet 1q4t ports do not support receive-queue tail-drop thresholds.

This example shows how to configure receive queue 1/threshold 1 and transmit queue 1/threshold 1 for Gigabit Ethernet port 2/1:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 2/1 
Router(config-if)# wrr-queue threshold 1 60 100 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 2/1 
  Transmit queues [type = 2q2t]:

<...Output Truncated...>

queue tail-drop-thresholds
    --------------------------
    1     60[1] 100[2] 
    2     40[1] 100[2] 

<...Output Truncated...>

Receive queues [type = 1q4t]:

<...Output Truncated...>

queue tail-drop-thresholds
    --------------------------
    1     60[1] 100[2] 40[3] 100[4] 
<...Output Truncated...>
Router# 

Mapping CoS Values to Drop Thresholds

These sections describe mapping CoS values to drop thresholds:


Note Enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of a port.


These sections describe how to map CoS values:

Mapping CoS Values to Standard Receive-Queue Thresholds

Mapping CoS Values to Standard Transmit-Queue Thresholds

Mapping CoS Values to Strict-Priority Queues

Mapping CoS Values to Tail-Drop Thresholds on 1q4t/2q2t LAN Ports

When CoS values to thresholds, note the following:

Queue number 1 is the lowest-priority standard queue.

Higher-numbered queues are higher priority standard queues.

You can map up to 8 CoS values to a threshold.

Threshold 0 is a nonconfigurable 100-percent tail-drop threshold on these port types:

1p1q0t (receive)

1p1q8t (receive)

1p3q1t (transmit)

1p2q1t (transmit)

The standard queue thresholds can be configured as either tail-drop or WRED-drop thresholds on these port types:

1p1q8t (receive)

1p3q1t (transmit)

See the "Configuring Standard-Queue Drop Threshold Percentages" section for more information about configuring thresholds as either tail-drop or WRED-drop.

Mapping CoS Values to Standard Receive-Queue Thresholds

To map CoS values to the standard receive-queue thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {fastethernet | gigabitethernet} slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# rcv-queue cos-map queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]

Maps CoS values to the standard receive queue thresholds.

Router(config-if)# no rcv-queue cos-map

Reverts to the default mapping.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {fastethernet | gigabitethernet} slot/port

Verifies the configuration.

This example shows how to map the CoS values 0 and 1 to threshold 1 in the standard receive queue for Gigabit Ethernet port 1/1:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# rcv-queue cos-map 1 1 0 1 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/1 
<...Output Truncated...>
    queue thresh cos-map
    ---------------------------------------
    1     1      0 1 
    1     2      2 3 
    1     3      4 5 
    1     4      6 7
<...Output Truncated...>
Router# 

Mapping CoS Values to Standard Transmit-Queue Thresholds

To map CoS values to standard transmit-queue thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {fastethernet | gigabitethernet} slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue cos-map transmit_queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]

Maps CoS values to a standard transmit-queue threshold.

Router(config-if)# no wrr-queue cos-map

Reverts to the default mapping.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {fastethernet | gigabitethernet} slot/port

Verifies the configuration.

This example shows how to map the CoS values 0 and 1 to standard transmit queue 1/threshold 1 for Fast Ethernet port 5/36:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 5/36 
Router(config-if)# wrr-queue cos-map 1 1 0 1 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map 
    queue thresh cos-map
    ---------------------------------------
    1     1      0 1 
    1     2      2 3 
    2     1      4 5 
    2     2      6 7
<...Output Truncated...>
Router# 

Mapping CoS Values to Strict-Priority Queues

To map CoS values to the receive and transmit strict-priority queues, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# priority-queue cos-map queue_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]

Maps CoS values to the receive and transmit strict-priority queues.

Router(config-if)# no priority-queue cos-map

Reverts to the default mapping.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = fastethernet, gigabitethernet, or tengigabitethernet

When mapping CoS values to the strict-priority queues, note the following:

The queue number is always 1.

You can enter up to 8 CoS values to map to the queue.

This example shows how to map CoS value 7 to the strict-priority queues on Gigabit Ethernet port  1/1:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/1 
Router(config-if)# priority-queue cos-map 1 7 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/1 
<...Output Truncated...>
Transmit queues [type = 1p2q2t]:
<...Output Truncated...>
    queue thresh cos-map
    ---------------------------------------
    1     1      0 1 
    1     2      2 3 
    2     1      4 
    2     2      6 
    3     1      5 7 

  Receive queues [type = 1p1q4t]:
<...Output Truncated...>
    queue thresh cos-map
    ---------------------------------------
    1     1      0 1 
    1     2      2 3 
    1     3      4 
    1     4      6 
    2     1      5 7 
<...Output Truncated...>
Router# 

Mapping CoS Values to Tail-Drop Thresholds on 1q4t/2q2t LAN Ports


Note Enter the show queueing interface {ethernet | fastethernet | gigabitethernet | tengigabitethernet} slot/port | include type command to see the queue structure of a port.


On 1q4t/2q2t LAN ports, the receive- and transmit-queue tail-drop thresholds have this relationship:

Receive queue 1 (standard) threshold 1 = transmit queue 1 (standard low priority) threshold 1

Receive queue 1 (standard) threshold 2 = transmit queue 1 (standard low priority) threshold 2

Receive queue 1 (standard) threshold 3 = transmit queue 2 (standard high priority) threshold 1

Receive queue 1 (standard) threshold 4 = transmit queue 2 (standard high priority) threshold 2

To map CoS values to tail-drop thresholds, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue cos-map transmit_queue_# threshold_# cos1 [cos2 [cos3 [cos4 [cos5 [cos6 [cos7 [cos8]]]]]]]

Maps CoS values to a tail-drop threshold.

Step 3 

Router(config-if)# no wrr-queue cos-map

Reverts to the default mapping.

Step 4 

Router(config-if)# end

Exits configuration mode.

Step 5 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

When mapping CoS values to a tail-drop threshold, note the following:

Use the transmit queue and threshold numbers.

Queue 1 is the low-priority standard transmit queue.

Queue 2 is the high-priority standard transmit queue.

There are two thresholds in each queue.

Enter up to 8 CoS values to map to the threshold.

This example shows how to map the CoS values 0 and 1 to standard transmit queue 1/threshold 1 for Fast Ethernet port 5/36:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 5/36 
Router(config-if)# wrr-queue cos-map 1 1 0 1 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface fastethernet 5/36 | begin queue thresh cos-map 
    queue thresh cos-map
    ---------------------------------------
    1     1      0 1 
    1     2      2 3 
    2     1      4 5 
    2     2      6 7
<...Output Truncated...>
Router# 

Allocating Bandwidth Between LAN-Port Transmit Queues

The switch transmits frames from one standard queue at a time using a WRR algorithm. WRR uses the ratio between queue weight values to decide how much to transmit from one queue before switching to the other. The more the ratio favors a queue, the more transmit bandwidth is allocated to it.

To allocate bandwidth for an egress LAN port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue bandwidth low_priority_queue_weight [medium_priority_queue_weight] high_priority_queue_weight

Allocates bandwidth between standard transmit queues. The valid values for weight range from 1 to 255.

Router(config-if)# no wrr-queue bandwidth

Reverts to the default bandwidth allocation.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to allocate a 3-to-1 bandwidth ratio for Gigabit Ethernet port 1/2:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/2 
Router(config-if)# wrr-queue bandwidth 3 1 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/2 | include bandwidth 
WRR bandwidth ratios:    3[queue 1]   1[queue 2] 
Router# 

Setting the Receive-Queue Size Ratio on a 1p1q0t or 1p1q8t Ingress LAN Ports

To set the size ratio between the strict-priority and standard receive queues on a 1p1q0t or 1p1q8t ingress LAN ports, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface {fastethernet | tengigabitethernet} slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# rcv-queue queue-limit standard_queue_weight strict_priority_queue_weight

Sets the size ratio between the strict-priority and standard receive queues.

Router(config-if)# no rcv-queue queue-limit

Reverts to the default the size ratio.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface {fastethernet | tengigabitethernet} slot/port

Verifies the configuration.

When setting the receive-queue size ratio, note the following:

The rcv-queue queue-limit command configures ports on a per-ASIC basis.

Estimate the mix of strict priority-to-standard traffic on your network (for example, 80 percent standard traffic and 20 percent strict-priority traffic).

Use the estimated percentages as queue weights.

Valid values are from 1 to 100 percent, except on 1p1q8t ingress LAN ports, where valid values for the strict priority queue are from 3 to 100 percent.

This example shows how to set the receive-queue size ratio for Fast Ethernet port 2/2:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface fastethernet 2/2 
Router(config-if)# rcv-queue queue-limit 75 15 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface fastethernet 2/2 | include queue-limit 
    queue-limit ratios:     75[queue 1]  15[queue 2] 
Router# 

Setting the LAN-Port Transmit-Queue Size Ratio

To set the transmit-queue size ratio on an egress LAN port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1 slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# wrr-queue queue-limit low_priority_queue_weight [medium_priority_queue_weight] high_priority_queue_weight

Sets the transmit-queue size ratio between transmit queues.

Router(config-if)# no wrr-queue queue-limit

Reverts to the default transmit-queue size ratio.

Step 3 

Router(config-if)# end

Exits configuration mode.

Step 4 

Router# show queueing interface type1 slot/port

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

When setting the transmit-queue size ratio between transmit queues, note the following:

Estimate the mix of low priority-to-high priority traffic on your network (for example, 80 percent low-priority traffic and 20 percent high-priority traffic).

On LAN ports that have an egress strict priority queue, PFC QoS sets the egress strict-priority queue size equal to the high-priority queue size.

Use the estimated percentages as queue weights.

Valid values are from 1 to 100 percent, except on 1p2q1t egress LAN ports, where valid values for the high priority queue are from 5 to 100 percent.

This example shows how to set the transmit-queue size ratio for Gigabit Ethernet port 1/2:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# interface gigabitethernet 1/2 
Router(config-if)# wrr-queue queue-limit 75 15 
Router(config-if)# end 
Router# 

This example shows how to verify the configuration:

Router# show queueing interface gigabitethernet 1/2 | include queue-limit 
    queue-limit ratios:     75[queue 1]  25[queue 2] 
Router# 

Configuring DSCP Value Maps

These sections describe how DSCP values are mapped to other values:

Mapping Received CoS Values to Internal DSCP Values

Mapping Received IP Precedence Values to Internal DSCP Values

Mapping Internal DSCP Values to Egress CoS Values

Configuring DSCP Markdown Values

Mapping Received CoS Values to Internal DSCP Values

To configure the mapping of received CoS values to the DSCP value that PFC QoS uses internally on the PFC (see the "Internal DSCP Values" section), perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos map cos-dscp dscp1 dscp2 dscp3 dscp4 dscp5 dscp6 dscp7 dscp8

Configures the received CoS to internal DSCP map. You must enter 8 DSCP values to which PFC QoS maps CoS values 0 through 7.

Router(config)# no mls qos map cos-dscp

Reverts to the default map.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos maps

Verifies the configuration.

This example shows how to configure the received CoS to internal DSCP map:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# mls qos map cos-dscp 0 1 2 3 4 5 6 7 
Router(config)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos maps | begin Cos-dscp map 
   Cos-dscp map:
        cos:   0  1  2  3  4  5  6  7 
     ----------------------------------
       dscp:   0  1  2  3  4  5  6  7
<...Output Truncated...>
Router#

Mapping Received IP Precedence Values to Internal DSCP Values

To configure the mapping of received IP precedence values to the DSCP value that PFC QoS uses internally on the PFC (see the "Internal DSCP Values" section), perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos map ip-prec-dscp dscp1 dscp2 dscp3 dscp4 dscp5 dscp6 dscp7 dscp8

Configures the received IP precedence to internal DSCP map. You must enter 8 internal DSCP values to which PFC QoS maps received IP precedence values 0 through 7.

Router(config)# no mls qos map ip-prec-dscp

Reverts to the default map.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos maps

Verifies the configuration.

This example shows how to configure the received IP precedence to internal DSCP map:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# mls qos map ip-prec-dscp 0 1 2 3 4 5 6 7 
Router(config)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos maps | begin IpPrecedence-dscp map 
   IpPrecedence-dscp map:
     ipprec:   0  1  2  3  4  5  6  7 
     ----------------------------------
       dscp:   0  1  2  3  4  5  6  7
<...Output Truncated...>
Router#

Mapping Internal DSCP Values to Egress CoS Values

To configure the mapping of the DSCP value that PFC QoS uses internally on the PFC to the CoS value used for egress LAN port scheduling and congestion avoidance (see the "Internal DSCP Values" section and the "LAN Egress Port Features" section), perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos map dscp-cos dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6 [dscp7 [dscp8]]]]]]] to cos_value

Configures the internal DSCP to egress CoS map.

Router(config)# no mls qos map dscp-cos

Reverts to the default map.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos maps

Verifies the configuration.

When configuring the internal DSCP to egress CoS map, note the following:

You can enter up to 8 DSCP values that PFC QoS maps to a CoS value.

You can enter multiple commands to map additional DSCP values to a CoS value.

You can enter a separate command for each CoS value.

This example shows how to configure internal DSCP values 0, 8, 16, 24, 32, 40, 48, and 54 to be mapped to egress CoS value 0:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# mls qos map dscp-cos 0 8 16 24 32 40 48 54 to 0 
Router(config)# end 
Router# 

This example shows how to verify the configuration:

Router# show mls qos map | begin Dscp-cos map 
   Dscp-cos map:                                  (dscp= d1d2)
     d1 :  d2 0  1  2  3  4  5  6  7  8  9 
     -------------------------------------
      0 :    00 00 00 00 00 00 00 00 00 01 
      1 :    01 01 01 01 01 01 00 02 02 02 
      2 :    02 02 02 02 00 03 03 03 03 03 
      3 :    03 03 00 04 04 04 04 04 04 04 
      4 :    00 05 05 05 05 05 05 05 00 06 
      5 :    06 06 06 06 00 06 07 07 07 07 
      6 :    07 07 07 07
<...Output Truncated...>
Router#

Note In the Dscp-cos display, the CoS values are shown in the body of the matrix; the first digit of the DSCP value is in the column labeled d1 and the second digit is in the top row. In the example shown, DSCP values 41 through 47 all map to CoS 05.


Configuring DSCP Markdown Values

To configure the mapping of DSCP markdown values used by policers (see the "Policers" section), perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos map policed-dscp {normal-burst | max-burst} dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6 [dscp7 [dscp8]]]]]]] to markdown_dscp

Configures a DSCP markdown map.

Router(config)# no mls qos map policed-dscp {normal-burst | max-burst}

Reverts to the default map.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos maps

Verifies the configuration.

When configuring a DSCP markdown map, note the following:

You can enter the normal-burst keyword to configure the markdown map used by the exceed-action policed-dscp-transmit keywords.

You can enter the max-burst keyword to configure the markdown map used by the violate-action policed-dscp-transmit keywords.


Note When you create a policer that does not use the pir keyword, and the maximum_burst_bytes parameter is equal to the normal_burst_bytes parameter (which occurs if you do not enter the maximum_burst_bytes parameter), the exceed-action policed-dscp-transmit keywords cause PFC QoS to mark traffic down as defined by the policed-dscp max-burst markdown map.


To avoid out-of-sequence packets, configure the markdown maps so that conforming and nonconforming traffic uses the same queue.

You can enter up to 8 DSCP values that map to a marked-down DSCP value.

You can enter multiple commands to map additional DSCP values to a marked-down DSCP value.

You can enter a separate command for each marked-down DSCP value.


Note Configure marked-down DSCP values that map to CoS values consistent with the markdown penalty (see the "Mapping Internal DSCP Values to Egress CoS Values" section).


This example shows how to map DSCP 1 to marked-down DSCP value 0:

Router# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# mls qos map policed-dscp normal-burst 1 to 0 
Router(config)# end 

This example shows how to verify the configuration:

Router# show mls qos map 
   Normal Burst Policed-dscp map:                                  (dscp= d1d2)
     d1 :  d2 0  1  2  3  4  5  6  7  8  9 
     -------------------------------------
      0 :    00 01 02 03 04 05 06 07 08 09 
      1 :    10 11 12 13 14 15 16 17 18 19 
      2 :    20 21 22 23 24 25 26 27 28 29 
      3 :    30 31 32 33 34 35 36 37 38 39 
      4 :    40 41 42 43 44 45 46 47 48 49 
      5 :    50 51 52 53 54 55 56 57 58 59 
      6 :    60 61 62 63 

   Maximum Burst Policed-dscp map:                                  (dscp= d1d2)
     d1 :  d2 0  1  2  3  4  5  6  7  8  9 
     -------------------------------------
      0 :    00 01 02 03 04 05 06 07 08 09 
      1 :    10 11 12 13 14 15 16 17 18 19 
      2 :    20 21 22 23 24 25 26 27 28 29 
      3 :    30 31 32 33 34 35 36 37 38 39 
      4 :    40 41 42 43 44 45 46 47 48 49 
      5 :    50 51 52 53 54 55 56 57 58 59 
      6 :    60 61 62 63 
<...Output Truncated...>
Router#

Note In the Policed-dscp displays, the marked-down DSCP values are shown in the body of the matrix; the first digit of the original DSCP value is in the column labeled d1 and the second digit is in the top row. In the example shown, DSCP 41 maps to DSCP 41.


Configuring PFC QoS Statistics Data Export


Note Release 12.1(11b)E and later releases support PFC QoS statistics data export.


These sections describe how to configure PFC QoS statistics data export:

Enabling PFC QoS Statistics Data Export Globally

Enabling PFC QoS Statistics Data Export for a Port

Enabling PFC QoS Statistics Data Export for a Named Aggregate Policer

Enabling PFC QoS Statistics Data Export for a Class Map

Setting the PFC QoS Statistics Data Export Time Interval

Configuring PFC QoS Statistics Data Export Destination Host and UDP Port

Setting the PFC QoS Statistics Data Export Field Delimiter

Enabling PFC QoS Statistics Data Export Globally

To enable PFC QoS statistics data export globally, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export

Enables PFC QoS statistics data export globally.

Router(config)# no mls qos statistics-export

Disables PFC QoS statistics data export globally.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.

This example shows how to enable PFC QoS statistics data export globally and verify the configuration:

Router# configure terminal 
Router(config)# mls qos statistics-export 
Router(config)# end 
% Warning: Export destination not set.
% Use 'mls qos statistics-export destination' command to configure the export destination
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 300 seconds
Export Delimiter : |
Export Destination : Not configured
Router#

Note You must enable PFC QoS statistics data export globally for other PFC QoS statistics data export configuration to take effect.


Enabling PFC QoS Statistics Data Export for a Port

To enable PFC QoS statistics data export for a port, perform this task:

 
Command
Purpose

Step 1 

Router(config)# interface type1  slot/port

Selects the interface to configure.

Step 2 

Router(config-if)# mls qos statistics-export

Enables PFC QoS statistics data export for the port.

Router(config-if)# no mls qos statistics-export

Disables PFC QoS statistics data export for the port.

Step 3 

Router(config)# end

Exits configuration mode.

Step 4 

Router# show mls qos statistics-export info

Verifies the configuration.

1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet

This example shows how to enable PFC QoS statistics data export on FastEthernet port 5/24 and verify the configuration:

Router# configure terminal 
Router(config)# interface fastethernet 5/24 
Router(config-if)# mls qos statistics-export 
Router(config-if)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 300 seconds
Export Delimiter : |
Export Destination : Not configured

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24
Router#

When enabled on a port, PFC QoS statistics data export contains the following fields, separated by the delimiter character:

Export type ("1" for a port)

Slot/port

Number of ingress packets

Number of ingress bytes

Number of egress packets

Number of egress bytes

Time stamp

Enabling PFC QoS Statistics Data Export for a Named Aggregate Policer

To enable PFC QoS statistics data export for a named aggregate policer, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export aggregate-policer aggregate_policer_name

Enables PFC QoS statistics data export for a named aggregate policer.

Router(config)# no mls qos statistics-export aggregate-policer aggregate_policer_name

Disables PFC QoS statistics data export for a named aggregate policer.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.

This example shows how to enable PFC QoS statistics data export for an aggregate policer named aggr1M and verify the configuration:

Router# configure terminal 
Router(config)# mls qos statistics-export aggregate-policer aggr1M 
Router(config)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 300 seconds
Export Delimiter : |
Export Destination : Not configured

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24

QoS Statistics Data export is enabled on following shared aggregate policers:
-----------------------------------------------------------------------------
aggr1M
Router#

When enabled for a named aggregate policer, PFC QoS statistics data export contains the following fields, separated by the delimiter character:

Export type ("3" for an aggregate policer)

Aggregate policer name

Direction ("in")

PFC or DFC slot number

Number of in-profile packets

Number of packets that exceed the CIR

Number of packets that exceed the PIR

Time stamp

Enabling PFC QoS Statistics Data Export for a Class Map

To enable PFC QoS statistics data export for a class map, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export class-map classmap_name

Enables PFC QoS statistics data export for a class map.

Router(config)# no mls qos statistics-export class-map classmap_name

Disables PFC QoS statistics data export for a class map.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.

This example shows how to enable PFC QoS statistics data export for a class map named class3 and verify the configuration:

Router# configure terminal 
Router(config)# mls qos statistics-export class-map class3 
Router(config)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 300 seconds
Export Delimiter : |
Export Destination : Not configured

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24

QoS Statistics Data export is enabled on following shared aggregate policers:
-----------------------------------------------------------------------------
aggr1M

QoS Statistics Data Export is enabled on following class-maps:
---------------------------------------------------------------
class3
Router#

When enabled for a class map, PFC QoS statistics data export contains the following fields, separated by the delimiter character:

For data from a physical port:

Export type ("4" for a classmap and port)

Class map name

Direction ("in")

Slot/port

Number of in-profile packets

Number of packets that exceed the CIR

Number of packets that exceed the PIR

Time stamp

For data from a VLAN interface:

Export type ("5" for a class map and VLAN)

Class map name

Direction ("in")

PFC or DFC slot number

VLAN ID

Number of in-profile packets

Number of packets that exceed the CIR

Number of packets that exceed the PIR

Time stamp

For data from a port channel interface:

Export type ("6" for a class map and port channel)

Class map name

Direction ("in")

PFC or DFC slot number

Port channel ID

Number of in-profile packets

Number of packets that exceed the CIR

Number of packets that exceed the PIR

Time stamp

Setting the PFC QoS Statistics Data Export Time Interval

To set the time interval for the PFC QoS statistics data export, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export interval interval_in_seconds

Sets the time interval for the PFC QoS statistics data export.

Note The interval needs to be short enough to avoid counter wraparound with the activity in your configuration, but because exporting PFC QoS statistic creates a significant load on the switch, be careful when decreasing the interval.

Router(config)# no mls qos statistics-export interval interval_in_seconds

Reverts to the default time interval for the PFC QoS statistics data export.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.

This example shows how to set the PFC QoS statistics data export interval and verify the configuration:

Router(config)# mls qos statistics-export interval 250 
Router(config)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 250 seconds
Export Delimiter : |
Export Destination : Not configured

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24

QoS Statistics Data export is enabled on following shared aggregate policers:
-----------------------------------------------------------------------------
aggr1M

QoS Statistics Data Export is enabled on following class-maps:
---------------------------------------------------------------
class3
Router#

Configuring PFC QoS Statistics Data Export Destination Host and UDP Port

To configure the PFC QoS statistics data export destination host and UDP port number, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export destination {host_name | host_ip_address} {port port_number | syslog [facility facility_name] [severity severity_value]}

Configures the PFC QoS statistics data export destination host and UDP port number.

Router(config)# no mls qos statistics-export destination

Clears configured values.

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.


Note When the PFC QoS data export destination is a syslog server, the exported data is prefaced with a syslog header.


Table 31-3 lists the supported PFC QoS data export facility and severity parameter values.

Table 31-3 Supported PFC QoS Data Export Facility Parameter Values 

Name
Definition
Name
Definition

kern

kernel messages

cron

cron/at subsystem

user

random user-level messages

local0

reserved for local use

mail

mail system

local1

reserved for local use

daemon

system daemons

local2

reserved for local use

auth

security/authentication messages

local3

reserved for local use

syslog

internal syslogd messages

local4

reserved for local use

lpr

line printer subsytem

local5

reserved for local use

news

netnews subsytem

local6

reserved for local use

uucp

uucp subsystem

local7

reserved for local use


Table 31-4 lists the supported PFC QoS data export severity parameter values.

Table 31-4 Supported PFC QoS Data Export Severity Parameter Values 

Severity Parameter
Name
Number
Definition

emerg

0

system is unusable

alert

1

action must be taken immediately

crit

2

critical conditions

err

3

error conditions

warning

4

warning conditions

notice

5

normal but significant condition

info

6

informational

debug

7

debug-level messages


This example shows how to configure 172.20.52.3 as the destination host and syslog as the UDP port number and verify the configuration:

Router# configure terminal 
Router(config)# mls qos statistics-export destination 172.20.52.3 syslog 
Router(config)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 250 seconds
Export Delimiter : |
Export Destination : 172.20.52.3, UDP port 514 Facility local6, Severity debug

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24

QoS Statistics Data export is enabled on following shared aggregate policers:
-----------------------------------------------------------------------------
aggr1M

QoS Statistics Data Export is enabled on following class-maps:
---------------------------------------------------------------
class3

Setting the PFC QoS Statistics Data Export Field Delimiter

To set the PFC QoS statistics data export field delimiter, perform this task:

 
Command
Purpose

Step 1 

Router(config)# mls qos statistics-export delimiter delimiter_character

Sets the PFC QoS statistics data export field delimiter.

Router(config)# no mls qos statistics-export delimiter

Reverts to the default PFC QoS statistics data export field delimiter

Step 2 

Router(config)# end

Exits configuration mode.

Step 3 

Router# show mls qos statistics-export info

Verifies the configuration.

This example shows how to set the PFC QoS statistics data export field delimiter and verify the configuration:

Router# configure terminal 
Router(config)# mls qos statistics-export delimiter , 
Router(config)# end 
Router# show mls qos statistics-export info 
QoS Statistics Data Export Status and Configuration information
---------------------------------------------------------------
Export Status : enabled
Export Interval : 250 seconds
Export Delimiter : ,
Export Destination : 172.20.52.3, UDP port 514 Facility local6, Severity debug

QoS Statistics Data Export is enabled on following ports:
---------------------------------------------------------
FastEthernet5/24

QoS Statistics Data export is enabled on following shared aggregate policers:
-----------------------------------------------------------------------------
aggr1M

QoS Statistics Data Export is enabled on following class-maps:
---------------------------------------------------------------
class3