Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 5.1.x
Configuring Modular QoS Congestion Management
Downloads: This chapterpdf (PDF - 2.45MB) The complete bookPDF (PDF - 6.58MB) | Feedback

Configuring Modular QoS Congestion Management

Contents

Configuring Modular QoS Congestion Management

Congestion management controls congestion after it has occurred on a network. Congestion is managed on Cisco IOS XR software by using packet queuing methods and by shaping the packet flow through use of traffic regulation mechanisms.

The types of traffic regulation mechanisms supported are:

  • Traffic shaping:
    • Modified Deficit Round Robin (MDRR)
    • Low-latency queuing (LLQ) with strict priority queuing (PQ)
  • Traffic policing:
    • Color blind
    • Color-aware (ingress direction)

Line Card, SIP, and SPA Support

This table lists the features that are supported on the ASR 9000 Ethernet Line Cards and SIP 700 for the ASR 9000.

Feature

ASR 9000 Ethernet Line Cards

SIP 700 for the ASR 9000

Congestion Management Using DEI

no

yes

Guaranteed and Remaining Bandwidth

yes

yes

Low-Latency Queueing with Strict Priority Queueing

yes

yes

Traffic Policing

yes

yes

Traffic Shaping

yes

yes

Feature History for Configuring Modular QoS Congestion Management on Cisco ASR 9000 Series Router

Release

Modification

Release 3.7.2

The Congestion Avoidance feature was introduced on ASR 9000 Ethernet Line Cards..

The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict Priority Queueing, Traffic Policing, and Traffic Shaping features were introduced on ASR 9000 Ethernet Line Cards.

Release 3.9.0

The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict Priority Queueing, Traffic Policing, and Traffic Shaping features were supported on the SIP 700 for the ASR 9000.

Release 4.0.0

The Congestion Management Using DEI feature was introduced on ASR 9000 Ethernet Line Cards.

Release 4.0.1

The police rate command was updated to include packet-based specifications of policing rates and burst sizes.

Release 4.1.0

The 2-rate 3-color policer feature was added, including the conform-color and exceed-color commands. This feature is applicable to the SIP 700 line cards, ingress side.

Release 4.2.1 The Configured Accounting and QoS for IPv6ACLs features were added.

Release 5.1.1

The Flow Aware QoS feature variants Call Admission Control and User Based Rate Limiting were added.

Prerequisites for Configuring QoS Congestion Management

These prerequisites are required for configuring QoS congestion management on your network:

  • You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
  • You must be familiar with Cisco IOS XR QoS configuration tasks and concepts.

Information About Configuring Congestion Management

Congestion Management Overview

Congestion management features allow you to control congestion by determining the order in which a traffic flow (or packets) is sent out an interface based on priorities assigned to packets. Congestion management entails the creation of queues, assignment of packets to those queues based on the classification of the packet, and scheduling of the packets in a queue for transmission. The congestion management features in Cisco IOS XR software allow you to specify creation of a different number of queues, affording greater or lesser degree of differentiation of traffic, and to specify the order in which that traffic is sent.

During periods with light traffic flow, that is, when no congestion exists, packets are sent out the interface as soon as they arrive. During periods of transmit congestion at the outgoing interface, packets arrive faster than the interface can send them. If you use congestion management features, packets accumulating at an interface are queued until the interface is free to send them; they are then scheduled for transmission according to their assigned priority and the queuing method configured for the interface. The router determines the order of packet transmission by controlling which packets are placed in which queue and how queues are serviced with respect to each other.

In addition to queuing methods, QoS congestion management mechanisms, such as policers and shapers, are needed to ensure that a packet adheres to a contract and service. Both policing and shaping mechanisms use the traffic descriptor for a packet.

Policers and shapers usually identify traffic descriptor violations in an identical manner through the token bucket mechanism, but they differ in the way they respond to violations. A policer typically drops traffic flow; whereas, a shaper delays excess traffic flow using a buffer, or queuing mechanism, to hold the traffic for transmission at a later time.

Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make it easy for nodes inside the network to detect abnormal flows.

Modified Deficit Round Robin

MDRR is a class-based composite scheduling mechanism that allows for queueing of up to eight traffic classes. It operates in the same manner as class-based weighted fair queueing (CBWFQ) and allows definition of traffic classes based on customer match criteria (such as access lists); however, MDRR does not use the weighted fair queuing algorithm.

When MDRR is configured in the queuing strategy, nonempty queues are served one after the other. Each time a queue is served, a fixed amount of data is dequeued. The algorithm then services the next queue. When a queue is served, MDDR keeps track of the number of bytes of data that were dequeued in excess of the configured value. In the next pass, when the queue is served again, less data is dequeued to compensate for the excess data that was served previously. As a result, the average amount of data dequeued per queue is close to the configured value. In addition, MDRR allows for a strict priority queue for delay-sensitive traffic.

Each queue within MDRR is defined by two variables:

  • Quantum value—Average number of bytes served in each round.
  • Deficit counter—Number of bytes a queue has sent in each round. The counter is initialized to the quantum value.

Packets in a queue are served as long as the deficit counter is greater than zero. Each packet served decreases the deficit counter by a value equal to its length in bytes. A queue can no longer be served after the deficit counter becomes zero or negative. In each new round, the deficit counter for each nonempty queue is incremented by its quantum value.

Low-Latency Queueing with Strict Priority Queueing

The LLQ feature brings strict priority queuing (PQ) to the MDRR scheduling mechanism. PQ in strict priority mode ensures that one type of traffic is sent, possibly at the expense of all others. For PQ, a low-priority queue can be detrimentally affected, and, in the worst case, never allowed to send its packets if a limited amount of bandwidth is available or the transmission rate of critical traffic is high.

Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are dequeued.

LLQ enables the use of a single, strict priority queue within MDRR at the class level, allowing you to direct traffic belonging to a class. To rank class traffic to the strict priority queue, you specify the named class within a policy map and then configure the priority command for the class. (Classes to which the priority command is applied are considered priority classes.) Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is enqueued to the same, single, strict priority queue.

Through use of the priority command, you can assign a strict PQ to any of the valid match criteria used to specify traffic. These methods of specifying traffic for a class include matching on access lists, protocols, IP precedence, and IP differentiated service code point (DSCP) values. Moreover, within an access list you can specify that traffic matches are allowed based on the DSCP value that is set using the first six bits of the IP type of service (ToS) byte in the IP header.

Configured Accounting

Configured Accounting controls the overhead (packet length) for policing and shaping. The account option can be specified with a service-policy when applying a policy to an interface. For bundle interfaces, the configured accounting option is applied to all member interfaces.

The configured accounting option is available on ingress and egress policing, queuing and statistics for CRS-MSC-140G. In CRS-MSC-40G, the configured accounting option is not available for queuing.

Prerequisites and Restrictions

  • Allows packet size accounting tuning to match the QoS treatment provided at the connected interface.
  • Supported on ASR 9000 Ethernet Linecards and Enhanced Ethernet Linecards.
  • Supported accounting values are, from -48 to +48.
  • Ingress shaping accounting is not supported (Ingress and egress policing accounting and egress shaping accounting are supported).
  • Dynamic changing of accounting overhead after application on policy is not supported

QoS for IPv6 ACLs

The Modular Weapon-X line cards support classification of IPv6 properties based on Source IP, Destination IP, Source Port, Destination Port, Protocol, TOS, Hop Limit, and ACL-based classification.

The supported interfaces are indicated below.

Supported Interface Ethernet Linecard Enhanced Ethernet Linecard
L3 main interface yes yes
L3 sub-interface yes yes
L3 bundle-interface/ sub-interface yes yes
L2 main interface no yes
L2 sub-interface no yes
L2 bundle-interface/ sub-interface no yes

Traffic Shaping

Traffic shaping allows you to control the traffic flow exiting an interface to match its transmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it. Traffic adhering to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.

To match the rate of transmission of data from the source to the target interface, you can limit the transfer of data to one of the following:

  • A specific configured rate
  • A derived rate based on the level of congestion

The rate of transfer depends on these three components that constitute the token bucket: burst size, mean rate, and time (measurement) interval. The mean rate is equal to the burst size divided by the interval.

When traffic shaping is enabled, the bit rate of the interface does not exceed the mean rate over any integral multiple of the interval. In other words, during every interval, a maximum of burst size can be sent. Within the interval, however, the bit rate may be faster than the mean rate at any given time.

When the peak burst size equals 0, the interface sends no more than the burst size every interval, achieving an average rate no higher than the mean rate. However, when the peak burst size is greater than 0, the interface can send as many as the burst size plus peak burst bits in a burst, if in a previous time period the maximum amount was not sent. Whenever less than the burst size is sent during an interval, the remaining number of bits, up to the peak burst size, can be used to send more than the burst size in a later interval.

Regulation of Traffic with the Shaping Mechanism

When incoming packets arrive at an interface, the packets are classified using a classification technique, such as an access control list (ACL) or the setting of the IP Precedence bits through the Modular QoS CLI (MQC). If the packet matches the specified classification, the traffic-shaping mechanism continues. Otherwise, no further action is taken.

Regulation of Traffic with the Shaping Mechanism illustrates how a traffic shaping mechanism regulates traffic flow.

Figure 1. How a Traffic Shaping Mechanism Regulates Traffic

Packets matching the specified criteria are placed in the token bucket. The maximum size of the token bucket is the confirm burst (Bc) size plus the Be size. The token bucket is filled at a constant rate of Bc worth of tokens at every Tc. This is the configured traffic shaping rate.

If the traffic shaping mechanism is active (that is, packets exceeding the configured traffic shaping rate already exist in a transmission queue) at every Tc, the traffic shaper checks to see if the transmission queue contains enough packets to send (that is, up to either Bc [or Bc plus Be] worth of traffic).

If the traffic shaper is not active (that is, there are no packets exceeding the configured traffic shaping rate in the transmission queue), the traffic shaper checks the number of tokens in the token bucket. One of the following occurs:

  • If there are enough tokens in the token bucket, the packet is sent (transmitted).
  • If there are not enough tokens in the token bucket, the packet is placed in a shaping queue for transmission at a later time.

Traffic Policing

In general, traffic policing allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS).

Traffic policing manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm uses user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface (depending on where the traffic policy with traffic policing is configured) and is useful in managing network bandwidth in cases where several large packets are sent in the same traffic stream.

Traffic policing is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common traffic policing configurations, traffic that conforms to the CIR is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these configuration options to suit their network needs. Traffic policing also provides a certain amount of bandwidth management by allowing you to set the burst size (Bc) for the committed information rate (CIR). When the peak information rate (PIR) is supported, a second token bucket is enforced and then the traffic policer is called a two-rate policer.

Regulation of Traffic with the Policing Mechanism

This section describes the single-rate and two-rate policing mechanisms.

Single-Rate Policer

A single-rate, two-action policer provides one token bucket with two actions for each packet: a conform action and an exceed action.

This figure illustrates how a single-rate token bucket policer marks packets as either conforming or exceeding a CIR, and assigns an action.

Figure 2. Marking Packets and Assigning Actions—Single-Rate Policer



The time interval between token updates (Tc) to the token bucket is updated at the CIR value each time a packet arrives at the traffic policer. The Tc token bucket can contain up to the Bc value, which can be a certain number of bytes or a period of time. If a packet of size B is greater than the Tc token bucket, then the packet exceeds the CIR value and a configured action is performed. If a packet of size B is less than the Tc token bucket, then the packet conforms and a different configured action is performed.

Two-Rate Policer

The two-rate policer manages the maximum rate of traffic by using two token buckets: the committed token bucket and the peak token bucket. The dual-token bucket algorithm uses user-configured values to determine the maximum rate of traffic allowed on a queue at a given moment. In this way, the two-rate policer can meter traffic at two independent rates: the committed information rate (CIR) and the peak information rate (PIR).

The committed token bucket can hold bytes up to the size of the committed burst (bc) before overflowing. This token bucket holds the tokens that determine whether a packet conforms to or exceeds the CIR as the following describes:

  • A traffic stream is conforming when the average number of bytes over time does not cause the committed token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic stream green.
  • A traffic stream is exceeding when it causes the committed token bucket to overflow into the peak token bucket. When this occurs, the token bucket algorithm marks the traffic stream yellow. The peak token bucket is filled as long as the traffic exceeds the police rate.

The peak token bucket can hold bytes up to the size of the peak burst (be) before overflowing. This token bucket holds the tokens that determine whether a packet violates the PIR. A traffic stream is violating when it causes the peak token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic stream red.

The dual-token bucket algorithm provides users with three actions for each packet—a conform action, an exceed action, and an optional violate action. Traffic entering a queue with the two-rate policer configured is placed into one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent; packets that exceed can be configured to be sent with a decreased priority; and packets that violate can be configured to be dropped.

Two-Rate Policer shows how the two-rate policer marks a packet and assigns a corresponding action to the packet.

Figure 3. Marking Packets and Assigning Actions—2-Rate Policer

For example, if a data stream with a rate of 250 kbps arrives at the two-rate policer, and the CIR is 100 kbps and the PIR is 200 kbps, the policer marks the packet in the following way:

  • 100 kbps conforms to the rate
  • 100 kbps exceeds the rate
  • 50 kbps violates the rate

The router updates the tokens for both the committed and peak token buckets in the following way:

  • The router updates the committed token bucket at the CIR value each time a packet arrives at the interface. The committed token bucket can contain up to the committed burst (bc) value.
  • The router updates the peak token bucket at the PIR value each time a packet arrives at the interface. The peak token bucket can contain up to the peak burst (be) value.
  • When an arriving packet conforms to the CIR, the router takes the conform action on the packet and decrements both the committed and peak token buckets by the number of bytes of the packet.
  • When an arriving packet exceeds the CIR, the router takes the exceed action on the packet, decrements the committed token bucket by the number of bytes of the packet, and decrements the peak token bucket by the number of overflow bytes of the packet.
  • When an arriving packet exceeds the PIR, the router takes the violate action on the packet, but does not decrement the peak token bucket.

Committed Bursts and Excess Bursts

Unlike a traffic shaper, a traffic policer does not buffer excess packets and transmit them later. Instead, the policer executes a “send or do not send” policy without buffering. During periods of congestion, proper configuration of the excess burst parameter enables the policer to drop packets less aggressively. Therefore, it is important to understand how policing uses the committed (normal) and excess burst values to ensure the router reaches the configured committed information rate (CIR).

Burst parameters are based on a generic buffering rule for routers, which recommends that you configure buffering to be equal to the round-trip time bit-rate to accommodate the outstanding TCP windows of all connections in times of congestion.

The following sections describe committed bursts and excess bursts, and the recommended formula for calculating each of them:

Committed Bursts

The committed burst (bc) parameter of the police command implements the first, conforming (green) token bucket that the router uses to meter traffic. The bc parameter sets the size of this token bucket. Initially, the token bucket is full and the token count is equal to the committed burst size (CBS). Thereafter, the meter updates the token counts the number of times per second indicated by the committed information rate (CIR).

The following describes how the meter uses the conforming token bucket to send packets:

  • If sufficient tokens are in the conforming token bucket when a packet arrives, the meter marks the packet green and decrements the conforming token count by the number of bytes of the packet.
  • If there are insufficient tokens available in the conforming token bucket, the meter allows the traffic flow to borrow the tokens needed to send the packet. The meter checks the exceeding token bucket for the number of bytes of the packet. If the exceeding token bucket has a sufficient number of tokens available, the meter marks the packet: Green and decrements the conforming token count down to the minimum value of 0. Yellow, borrows the remaining tokens needed from the exceeding token bucket, and decrements the exceeding token count by the number of tokens borrowed down to the minimum value of 0.
  • If an insufficient number of tokens is available, the meter marks the packet red and does not decrement either of the conforming or exceeding token counts.

    Note


    When the meter marks a packet with a specific color, there must be a sufficient number of tokens of that color to accommodate the entire packet. Therefore, the volume of green packets is never smaller than the committed information rate (CIR) and committed burst size (CBS). Tokens of a given color are always used on packets of that color.


The default committed burst size is the greater of 2 milliseconds of bytes at the police rate or the network maximum transmission unit (MTU).

Committed Burst Calculation

To calculate committed burst, use the following formula:

bc = CIR bps * (1 byte) / (8 bits) * 1.5 seconds


Note


1.5 seconds is the typical round-trip time.


For example, if the committed information rate is 512000 bps, then using the committed burst formula, the committed burst is 96000 bytes.

bc = 512000 * 1/8 * 1.5

bc = 64000 * 1.5 = 96000


Note


When the be value equals 0, we recommend that you set the egress bc value to be greater than or equal to the ingress bc value plus 1. Otherwise, packet loss can occur. For example: 
be = 0
egress bc >= ingress bc + 1


Excess Bursts

The excess burst (be) parameter of the police command implements the second, exceeding (yellow) token bucket that the router uses to meter traffic. The exceeding token bucket is initially full and the token count is equal to the excess burst size (EBS). Thereafter, the meter updates the token counts the number of times per second indicated by the committed information rate (CIR).

The following describes how the meter uses the exceeding token bucket to send packets:

  • When the first token bucket (the conforming bucket) meets the committed burst size (CBS), the meter allows the traffic flow to borrow the tokens needed from the exceeding token bucket. The meter marks the packet yellow and then decrements the exceeding token bucket by the number of bytes of the packet.
  • If the exceeding token bucket does not have the required tokens to borrow, the meter marks the packet red and does not decrement the conforming or the exceeding token bucket. Instead, the meter performs the exceed-action configured in the police command (for example, the policer drops the packets).
Excess Burst Calculation

To calculate excess burst, use the following formula:

be = 2 * committed burst

For example, if you configure a committed burst of 4000 bytes, then using the excess burst formula, the excess burst is 8000 bytes.

be = 2 * 4000 = 8000

The default excess burst size is 0.

Deciding if Packets Conform or Exceed the Committed Rate

Policing uses normal or committed burst (bc) and excess burst (be) values to ensure that the configured committed information rate (CIR) is reached. Policing decides if a packet conforms or exceeds the CIR based on the burst values you configure. Several factors can influence the policer’s decision, such as the following:

  • Low burst values—If you configure burst values too low, the achieved rate might be much lower than the configured rate.
  • Temporary bursts—These bursts can have a strong adverse impact on throughput of Transmission Control Protocol (TCP) traffic.

It is important that you set the burst values high enough to ensure good throughput. If your router drops packets and reports an exceeded rate even though the conformed rate is less than the configured CIR, use the show interface command to monitor the current burst, determine whether the displayed value is consistently close to the committed burst (bc) and excess burst (be) values, and if the actual rates (the committed rate and exceeded rate) are close to the configured committed rate. If not, the burst values might be too low. Try reconfiguring the burst rates using the suggested calculations in the “Committed Burst Calculation” section on page 25 and the “Excess Burst Calculation” section on page 25.

Two-Rate Three-Color (2R3C) Policer

For the SIP 700 card, a two-rate, three-color (2R3C) policer is supported on policy maps for ingress Layer 2 interfaces. The policer reads a preexisting marking—the frame-relay discard-eligibility (FRDE) bit in the packet header—that was set by a policer on a previous network node. By default the FRDE bit is set to 0. At the receiving node, the system uses this bit to determine the appropriate color-aware policing action for the packet:

  • To classify the FRDE bit value 0 as conform color, create a conform-color class-map for frde=0 packets. This causes packets to be classified as color green, and the system applies the conform action.
  • To classify the FRDE bit value 1 as exceed color, create an exceed-color class-map for frde=1 packets. This causes packets to be classified as color yellow, and the system applies the exceed action.

    Note


    Color-aware policing is not supported for hierarchical QoS.


The 2R3C policing process is shown in Two-Rate Three-Color (2R3C) Policer.

Figure 4. 2R3C Policing Process Flowchart

Hierarchical Policing

The Hierarchical Policing feature is an MQC-based solution that supports hierarchical policing on both the ingress and egress interfaces on Cisco ASR 9000 Series Router.

This feature allows enforcement of service level agreements (SLA) while applying the classification submodel for different QoS classes on the inbound interface.

Hiearchical policing provides support at two levels:

  • Parent level
  • Child level

Multiple Action Set

Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental Value Setting

In addition to rate-limiting, traffic policing allows you to independently mark (or classify) the packet according to whether the packet conforms or violates a specified rate. Packet marking also allows you to partition your network into multiple priority levels or CoS. Packet marking as a policer action is conditional marking.

Use the traffic policer to set the IP precedence value, IP DSCP value, or Multiprotocol Label Switching (MPLS) experimental value for packets that enter the network. Then networking devices within your network can use this setting to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence value to determine the probability that a packet is dropped.

If you want to mark traffic but do not want to use traffic policing, see the “Class-based, Unconditional Packet Marking Examples” section to learn how to perform packet classification.


Note


Marking IP fields on an MPLS-enabled interface results in non-operation on that particular interface.


Explicit Congestion Notification

In mobile networks, a Base Station Controller (BSC) does not have the knowledge if a particular cell site is being overwhelmed by traffic on a particular link, as it sits behind the ASR9000 series router and it will continue to send traffic even if there is acute congestion on the link. So, once the cell site marks the traffic with the (Explicit Congestion Notification) ECN bits and sends it to the BSC, the BSC will mark the affected session from the congested site with the ECN bit flagged towards the ASR9000 series router.

ECN is an extension to WRED (Weighted Random Early Detection). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When configured, ECN helps routers and end hosts to understand that the network is congested and slow down sending packets. However If the number of packets in the queue is above the maximum threshold, packets are dropped based on the drop probability. This is the identical treatment a packet receives when WRED is enabled without ECN configured on the router.

Limitations

  • ECN is supported only on ASR 9000 SIP-700 linecards.

For more information on the ECN feature, please refer the Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide

Implementing ECN

Implementing ECN requires an ECN-specific field that has two bits—the ECN-capable Transport (ECT) bit and the CE (Congestion Experienced) bit—in the IP header. The ECT bit and the CE bit can be used to make four ECN field combinations of 00 to 11. The first number is the ECT bit and the second number is the CE bit.

ECN Bit Setting
ECT Bit CE Bit Combination Indicates
0 0 Not-ECN-capable.
0 1 Endpoints of the transport protocol are ECN-capable.
1 0 Endpoints of the transport protocol are ECN-capable.
1 1 Congestion experienced.

The ECN field combination 00 indicates that a packet is not using ECN. The ECN field combinations 01 and 10—called ECT(1) and ECT(0), respectively—are set by the data sender to indicate that the endpoints of the transport protocol are ECN-capable. Routers treat these two field combinations identically. Data senders can use either one or both of these two combinations. The ECN field combination 11 indicates congestion to the endpoints. Packets arriving a full queue of a router will be dropped.

Packet Handling when ECN is enabled

When the number of packets in the queue is below the minimum threshold, packets are transmitted. This happens whether or not ECN is enabled, and this treatment is identical to the treatment a packet receives when WRED only is being used on the network. If the number of packets in the queue is above the maximum threshold, packets are dropped based on the drop probability. This is the identical treatment a packet receives when WRED is enabled without ECN configured on the router. Three different scenarios arise if the number of packets in the queue is between the minimum threshold and the maximum threshold:

  • If the ECN field on the packet indicates that the endpoints are ECN-capable (that is, the ECT bit is set to 1 and the CE bit is set to 0, or the ECT bit is set to 0 and the CE bit is set to 1)—and the WRED algorithm determines that the packet should have been dropped based on the drop probability—the ECT and CE bits for the packet are changed to 1, and the packet is transmitted. This happens because ECN is enabled and the packet gets marked instead of dropped.
  • If the ECN field on the packet indicates that neither endpoint is ECN-capable (that is, the ECT bit is set to 0 and the CE bit is set to 0), the packet may be dropped based on the WRED drop probability. This is the identical treatment that a packet receives when WRED is enabled without ECN configured on the router.
  • If the ECN field on the packet indicates that the network is experiencing congestion (that is, both the ECT bit and the CE bit are set to 1), the packet is transmitted. No further marking is required.

QoS for Bridge-Group Virtual Interfaces

Integrated Routing and Bridging (IRB) provides the ability to route between a bridge group and a routed domain with the help of Bridge-Group Virtual Interface (BVI).

The BVI is a virtual interface within the router that acts like a normal routed interface that does not support bridging, but represents the comparable bridge group to routed interfaces within the router. The interface number of the BVI is the number of the bridge group that the virtual interface represents. The number is the link between the BVI and the bridge group.

For more information on IRB/ BVI, please refer the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide

QoS on BVI

QoS support on BVI will allow the application of the policy map directly on the virtual interface. This will enable aggregate policing and marking on the virtual interface. The policy can be applied on either the ingress or egress side of the BVI to mark and police traffic going to and from the bridge domain.

Restrictions

QoS on BVI does not support the following:

  • Ethernet and SIP 700 linecards (supports only ASR9000 Enhanced Ethernet linecards).
  • Bidirectional Forwarding Detection (BFD), Shared Policy Instance, L1 Overhead Accounting.
  • VLAN tag, DEI classification and marking.
  • Any queue QoS including shape/bandwidth.
  • Percentage policer at lower level without reference policer rate at upper level.
  • QoS policy propagation using Border Gateway Protocol (BGP)

Note


Queuing can be performed by marking the qos-group and then adding a interface policy that matches the qos-group.


Limitations

  • Scale Limitation: 2000 BVI ( 8 classes per policy)
  • Policer Limitation: 8000 policers (per Network Processor)

Classification and Marking for BVI

The following table indicates the QoS fields that are supported on BVI for classification and marking.

  Classification   Marking  
  Ingress Egress Ingress Egress
Qos-group yes yes yes yes
Discard class yes yes yes yes
Prec (dscp) yes yes yes yes
vlan no no NA NA
cos no no no no
dei no no no no
src/ DST MAC yes no NA NA
ipv4 L3 fields yes yes NA NA
ipv6 L3 fields yes yes NA NA
cos mark via QG mark/ classify yes inL2/L3 egress yes in L2/L3 egress yes in L2/L3 agress yes in L2/L3 egress

Policer Granularity and Shaper Granularity

Policer granularity can be configured in the ingress and egress directions. The policer granularity is specified as a permissible percentage variation between the user-configured policer rate, and the hardware programmed policer rate.

Congestion Management Using DEI

You can manage congestion based on the Drop Eligible Indicator (DEI) bit that is present in 802.1ad frames and 802.1ah frames. Random early detection based on the DEI value is supported on 802.1ad packets for:

  • Layer 2 subinterfaces
  • Layer 2 main interfaces
  • Layer 3 main interfaces
  • Ingress and egress

    Note


    If there are any marking actions in the policy, the marked values are used for doing WRED.


Flow Aware QoS

In Cisco ASR 9000 Series Routers, the granular control of traffic flow is achieved by applying static match criteria and associated QoS action on traffic flow. With real-time on-demand VoIP and video traffic applications, and tailor-made user services, there is an increasing need for the QoS actions to be more flow, application and session aware as opposed to being static, configuration based and stateless. Flow aware QoS feature provides this functionality to QoS and creates a framework to define flow aware QoS solutions such as call admission control or per-user traffic rate limiting.

The Flow aware QoS feature enables QoS actions to be applied at a flow level. The flows are detected or learnt dynamically on a per-class, per-interface, per-direction level and the QoS action or decisions are applied on a per-flow basis guided by a QoS policy applied on the interface. The framework also provides an option to enforce admission control on the incoming traffic to preemptively prevent congestion.

The Flow aware QoS feature suite provides:
  • User-defined flow definition—You can define a flow from a flexible choice of flow tuples (srcip, dstip, L4 protocol, sport, dport)
  • Configurable flow bandwidth to decide how many video flows to allow—You can configure the flow bandwidth to decide how many video calls/flows to allow pass through a system without causing congestion.
  • Redirection of non-admitted flows to default queue—You can redirect all the best-effort delivery traffic flows that exceed a predetermined admissible bandwidth to a default queue thereby providing guaranteed service on a per-flow basis.
  • Configurable flow entry idle-timeout to tune as per use case or traffic profile— There are configurable flow age timeouts based on the traffic profile. You can set a timeout and ensure service fairness.

Flow Aware QoS Key Terms

This section lists the key terms of the Flow Aware QoS feature:

  • Flow—A specific traffic pattern of the packet identified by unique source IP address (src-ip) or destination IP address (dst-ip) or 5-tuple parameters.
  • Flow Tuple—The individual fields that define a flow is known as flow tuple.
  • Flow Mask—A list of flow tuples defining a unique flow on a per-class basis is called as a flow mask. The flow tuples that define a flow can be configured at a per-class level.
  • Flow Table—A table of flow records that are recorded as per the flow mask is a flow table. It is also referred to the flow table cache.
  • Flow Age—The expiry time set in the flow cache to purge out stale flow records so that the new flows are learnt into the cache before the maximum limit is hit is called the flow age. Flow Age is also called as Idle Timeout.
  • Flow Action—The QoS action that requires per-flow resource allocation is known as flow action.
  • Micro-Flow policer—A QoS policer acting on a single traffic flow is known as micro-flow policer.
  • Video CAC—The call admission control (CAC) functionality customized for video streams with capabilities to admit or reject individual traffic flows at a per-user or per-application level is known as Video CAC. Video CAC is also known as Video Q or flow aware CAC.
  • CAC Reject—A CAC action variant in which packets from all unadmitted flows are dropped.
  • CAC Redirect—A CAC action variant in which packets from all unadmitted flows are directed to a different child class. The QoS action for the redirected packets depends on the configuration of the "redirect" class.
  • Aggregate action—Aggregate action could either be a regular QoS action such as mark or set, which is enforced on each flow, but is common to all flows or an aggregate parent policer / queuing action enforced on all flows.
  • Catch-all Policer—The police action configured in a micro-flow policer class is to be applied on each of the flows. When the flows are being learnt or when the flow table is exhausted, all the packets are subjected to an aggregate policer called the "catch-all policer". The value of the catch-all policer is 100 Gbps and is not configurable.
  • CAC Rate—The user configurable total bandwidth for CAC admitted flows. It should be equal to or less than class service rate.

Variants of Flow Aware QoS

Two major feature variants of Flow Aware QoS supported in Cisco IOS XR Release 5.1.1 on Cisco ASR 9000 Series Routers are:

  • Call Admission Control (CAC) This variant is also known as Video Q or Flow aware CAC.
  • User-based Rate Limiting (UBRL) This variant is also known as Micro flow policer or Flow aware policer.

Difference between Regular QoS and Flow Aware CAC

Figure 1 depicts the difference in the packet path between a regular QoS process and Flow Aware CAC.

Figure 5. Regular QoS vs Flow Aware CAC



Let us assume there are 4 sources—Source 1, 2, 3, 4—with a QoS child Shape action at 10 mbps applied on all flows. If each source sends out a flow at 3 mbps, then, in the regular QoS processing, the source 4 causes congestion leading to random drop in the flow quality. However, in the Flow Aware CAC processing, where the Shape action is configured as 10 mbps, only three sources are admitted and source 4 is either dropped or redirected to a default queue. Thus, the QoS Shape action is applied only to the 3 flows that were admitted, and as a result, there is no congestion.

Difference between Regular QoS and Flow Aware Policer or UBRL

Figure 2 depicts the difference in the packet path between a regular QoS process and Flow Aware policer or UBRL.

Figure 6. Regular QoS vs Flow Aware Policer or UBRL



Let us assume there are two sources—Source 1 and Source 2—with a QoS child action policer at 30 mbps. In the regular QoS processing, both the flows are policed at 30 mbps total. In the Flow Aware QoS processing, after the QoS classification, the flow is classified into two different flows based on the source IP. Thus, each flow is policed at 30 mbps.

Flow Aware CAC

When voice and video applications are connected over an interface, which has limited bandwidth, there is a drop in the flow quality. This is because the interface can fit N number of flows without quality degradation. The new N+1 flow affects the quality. There are no well-defined controls to restrict flows over an interface. Therefore, when a new flow is admitted, there is degradation in the flow quality of the flows already admitted.

To limit new flows, in order to protect existing flows, QoS provides Call Admission Control (CAC) feature. CAC dynamically learns traffic flows and admits until a predetermined configured bandwidth is available, thereafter flows are either dropped or redirected. CAC limits the flows in to an interface and ensures that already admitted flows are protected from congestion and random tail drops.

CAC Action Variations

CAC (Call Admission Control) feature controls the number of flows admitted per class. This is based on a count derived using the CAC rate and flow rate programmed in the policy under the "admit cac local" sub-mode. The action performed when the CAC feature is triggered is called the CAC action. There are two types of CAC actions:

CAC Reject

The number of flows that are admitted per class is derived based on the rate or flow-rate configuration. Only the specified number of flows is admitted and the remaining flows are dropped. Thus, in the CAC reject action, the packets from all the unadmitted flows are either dropped.

CAC Redirect

In the CAC redirect action, once the specified number of flows are admitted, the remaining flows are redirected to a different child class. The flows get redirected based on the configuration of the "redirect" or "unadmit" class.


Note


The flow is always admitted in the admit class, and then, gets redirected to the other class at the child level.
Scale Information for CAC

The Flow Aware CAC feature is only supported on ASR 9000 Enhanced Ethernet line cards (LCs). Following are the scale information for CAC:

  • Up to 64000 unique flow entries are supported for SE (Service Optimized) and 4000 for TR (Transport Optimized) version of the LCs for Cisco ASR 9000 Series Routers.
  • Cisco ASR 9001 also supports the same scale as supported by Cisco ASR 9000 Series Routers.
  • Each class supports a maximum of 16000 unique flows and up to 4000 such unique class-maps per NP.
  • The scale is configurable per LC.

Note


Full scale is not achieved for a configured scale size due to hardware resource recycling restrictions. The final scale may vary between M (maximum size) and M - 64, depending on internal hardware resource recycle rate and incoming flow fluctuations.
Restrictions

  • CAC does not support 5-tuple flows with IPv6 traffic due to address length constraints.
  • CAC is not supported on L2 forwarding interfaces.
  • CAC is not supported for Pseudowire Headend (PWHE), Bridge Virtual Interface (BVI), Broadband Network Gateway (BNG) subscriber interfaces, cluster inter rack link (IRL) and satellite interfaces.
  • CAC does not support user-specified tuple. It uses a 5-tuple flow mask by default.
  • CAC Redirect always requires 2-level policies with only 2 classes at the child-level.
  • The policer action is not supported on the leaf CAC class. Note: A leaf class is class that has no sub-classes or child classes.
  • CAC actions are supported only at the leaf level.
  • The CAC submode for a redirect action can only be at a parent level.
  • For CAC Redirect action, the child classes support only CAC admit or unadmit match criteria.
  • CAC does not support flow idle-timeout none.
  • Dynamic enforcement of CAC bandwidth based on incoming flow rate sampling is not supported. Only static values derived from configured CAC bandwidth and per-flow rate will be used to derived an admissible flow count
  • CAC supports only IPv4 unicast traffic topology. IPv6 transport and IP multicast traffic is not supported.
  • CAC supports only L3 (routed) interfaces. CAC does not support L2 and MPLS interfaces or transport types.
  • For bundle interfaces (port channel), flows are learnt and CAC actions are applied per-member and not on aggregate traffic across all the members.
  • CAC does not provide information on admitted and rejected flows.
  • Removal of more than 64000 policy instances for SE (Service Optimized) and 4000 for TR (Transport Optimized) line cards simultaneously can lock the console for long durations and cause unintentional timeouts in various operations.
  • CAC and policy based forwarding (PBF) features do not work together on the same interface or direction.
  • CAC with redirect action and ACL based forwarding (ABF) do not work together on the same interface or direction.
  • CAC allows first few packets from unadmitted flows even after hitting the max flow count due to the time taken for the programming of QoS in hardware.
  • No new Management Information Base (MIB) support for CAC statistics and drop counters.
  • CAC supports only plain IPv4 unicast traffic type. However, if unsupported traffic types match the CAC admit class, even though they are never learnt as admitted flows, would still get QoS processed and hit the CAC admit queue.
  • Flow idle-timeout has a 10s granularity. Hence, the actual purge of a specific flow entry could be off by another 10s.
  • For 5-tuple key with unknown (non TCP and UDP) protocol, CAC degrades 5-tuple key to a 3 tuple key usage (src-ip + dst-ip + protocol number).
  • Flows are learnt and per-flow resources allocated by the feature even when the packets in the flow are dropped by features that get applied after QoS or by fabric and egress card.
  • For 5 tuple flow mask and IPv4 fragment traffic flows, the first fragment would be learnt with the correct L4 details. For the subsequent fragments the flow entry will not have the L4 port details and gets degraded to 3 tuple. This can cause oversubscription due to two policers allocated (one per flow) or congestion for fragmented flows when many fragmented streams between the same IP peers match the same second flow record.
  • Ingress marking does not work on the packets that the router can’t forward such as time to live (TTL) packets. QoS policy is matched and show policy-map counters increment correctly. But the packets post punt and inject on transmission don't have the remarked precedence to differentiated services code point (DSCP).

User Based Rate-Limiting (UBRL)

A microflow policer applies a rate-limiting policy on a per-flow basis. User-Based Rate-Limiting (UBRL) is a microflow policer that dynamically learns traffic flows and rate-limit each unique traffic flow to an individual rate on per-flow basis. Unlike a normal microflow policer, UBRL allows a policer to be applied to all traffic to or from a specific user. The UBRL feature is a microflow policer with a source-mask or a destination mask that defines or classifies a user distinctly.

UBRL ensures that a single flow does not lack bandwidth and every customer gets a rate limited guarantee of flows. UBRL also provides enhanced granularity to provide SLA solutions by grouping different customer flows in different class-based user groups. UBRL helps manage traffic based on the offered SLA for customers in a high density aggregation environment.

UBRL Scenarios

This section describes the various UBRL scenarios.

UBRL for Multiple Sources

In this scenario, there is traffic from many customers on the interface. This is a common scenario in internet service provider (ISP) handoffs, where an ISP has customer traffics from multiple sources and a host provider receives traffic from these multiple sources.

Let us assume that each customer has been assigned a unique IP address and has the network credentials and requirements as shown in this table, and the flow-key is configured based on the source IP (src-ip).

Customer Name Source IP Address Requested Bandwidth

Company A

180.1.127.1

20 Mb

Company B

120.12.111.2

7 Mb

Company C

140.3.202.3

2 Mb

This scenario behaves differently depending on the policing requirement. If a same policing is applied, then the maximum rate of traffic sent from each customer is controlled to the same rate. In this case, the flows from each source are rate-limited based on the source-IP flow mask, which limits flows from a given customer to the same rate.

If a different policing is applied, then the maximum rate of traffic sent from each customer is controlled to a different rate. In this case, the flows from each source are rate-limited based on the source only flow mask ensuring that all traffic originating from each customer is treated as a single flow.

Bidirectional UBRL

Bidirectional UBRL applies the QoS policy in the input as well as in the output direction of the interface. Bidirectional UBRL allows different policies to applied in the input as well as output direction and these are not dependent on each other.

Bidirectional UBRL ensures that the traffic going out of a site is limited on a per user basis and the traffic coming in is also limited on a per user basis. Thus, bidirectional UBRL limits traffic flowing out of a customer site and traffic coming into the customer site, both on a per user basis or per flow basis, which is based on the configured flow-key.

Let us assume an example of Hotel that wants to restrict unwanted or lesser priority traffic coming in from Internet on a per user basis.

Figure 7. Bidirectional UBRL scenario



In this example, two flow masks are combined to limit traffic to and from users in the hotel. Let us assume that each user is limited to upload or download no more than 5Mb of data. To limit traffic to and from the users, two separate policers are configured, one on the inbound and the other on the outbound direction. Each policer uses a different flow mask to match traffic on the inward or outward direction. For outbound traffic, the policer uses a source-only flow mask to match on originating traffic. Every unique user is limited to 5Mb of upstream bandwidth. The return traffic matching on the inbound policer uses the destination only IP flow mask. This matching is applied on the users address, thus, limiting the download bandwidth to also 5Mb.

Egress UBRL

In cases where the traffic sent out of the egress direction of an interface needs to be rate limited on a per user basis, the UBRL feature is deployed at the CPE. This is known as egress UBRL where the customer regulates traffic being sent to the provider. In this scenario, the UBRL is applied at the outward direction of the interface. Egress UBRL is required for aggregate traffic where many input interfaces converge at the service or WAN edge and get routed out of an interface connecting to the provider.

UBRL for Multiple Destination

In this scenario, there is traffic from interface to many customers. The scenario is common for web service providers where traffic from various internet sources access web content in the service providers hosting servers. In this case, the UBRL applied at the ingress direction is called ingress UBRL. The web service provider could use an ingress UBRL to rate limit individual access to the servers and avoid denial of service (DoS) attacks.

Scale Information for UBRL

The UBRL feature is only supported on ASR 9000 Enhanced Ethernet line cards (LCs). Following are the scale information for UBRL:

  • Up to 256000 unique flow entries are supported for SE (Service Optimized) and 4000 for TR (Transport Optimized) version of the LCs for Cisco ASR 9000 Series Routers.
  • Cisco ASR 9001 also supports the same scale as supported by Cisco ASR 9000 Series Routers.
  • The scale is configurable per LC.

Note


Full scale is not achieved for a configured scale size due to hardware resource recycling restrictions. The final scale may vary between M (maximum size) and M - 64, depending on internal hardware resource recycle rate and incoming flow fluctuations.
Flow Masks for UBRL

A flow mask defines what fields constitute or differentiate a flow. The Flow Aware QoS feature supports these flow masks listed in the flow table:

Table 1 Flow Masks for UBRL

Flow Mask

Description

5 tuple (srcip, dstip, proto, sport, dport)

Session or Application Policer. The flow mask includes IPv4 source or destination address, L4 protocol number, and source or destination L4 port numbers.

srcip

Specifies the IPv4 or IPv6 source address only flow mask.

dstip

Specifies the IPv4 or IPv6 destination address only flow mask.

Restrictions

  • UBRL does not support 5-tuple flows with IPv6 traffic due to address length constraints.
  • UBRL supports only L3 (routed) interface. UBRL is not supported on L2 and MPLS interfaces.
  • UBRL is not supported for Pseudowire Headend (PWHE), Bridge Virtual Interface (BVI), Broadband Network Gateway (BNG) subscriber interfaces, cluster Inter Rack Link (IRL) and satellite interfaces.
  • UBRL actions are not supported in the same class.
  • UBRL actions are supported only at the leaf level.
  • UBRL does not support percentage policer rates or conform-aware and color-aware policer actions.
  • UBRL does not support combination of flow masks such as srcip+dstip.
  • UBRL does not support flow idle-timeout none and max flow count per-class.
  • UBRL supports IPv4 and IPv6 unicast traffic topologies. Multicast traffic is not supported.
  • UBRL support for IPv6 is restricted to src-ip or dst-ip flow masks.
  • UBRL does not support combination feature such as UBRL + shared policy instance (SPI) or UBRL + shared policer feature.
  • UBRL and policy based forwarding (PBF) feature will not work together on the same interface or direction.
  • Flow idle-timeout has a 10s granularity. Hence, the actual purge of a specific flow entry could be off by another 10s.
  • For 5-tuple key with unknown (non TCP and UDP) protocol, UBRL degrades 5-tuple key to a 3 tuple key usage (src-ip + dst-ip + protocol number).
  • Flows are learnt and per-flow resources allocated by the feature even when the packets in the flow are dropped by features that get applied after QoS or by fabric and egress card.
  • There could be traffic drops during scaled flow learning at Internet mix or lower traffic rates matching UBRL classes. The flow push back drops and flow discard rate increases as load on NP increases.
  • Ingress marking does not work on the packets that the router can’t forward such as expired time to live (TTL) packets. QoS policy is matched and show policy-map counters increment correctly. But the packets post punt and inject on transmission do not have the remarked precedence to differentiated services code point (DSCP).
  • For 5 tuple flow mask and IPv4 fragment traffic flows, the first fragment would be learnt with the correct L4 details. For the subsequent fragments the flow entry will not have the L4 port details and gets degraded to 3 tuple. This can cause oversubscription due to two policers allocated (one per flow) or congestion for fragmented flows when many fragmented streams between the same IP peers match the same second flow record.

How to Configure QoS Congestion Management

Configuring Guaranteed and Remaining Bandwidths

The bandwidth command allows you to specify the minimum guaranteed bandwidth to be allocated for a specific class of traffic. MDRR is implemented as the scheduling algorithm.

The bandwidth remaining command specifies a weight for the class to the MDRR. The MDRR algorithm derives the weight for each class from the bandwidth remaining value allocated to the class. If you do not configure the bandwidth remaining command for any class, the leftover bandwidth is allocated equally to all classes for which bandwidth remaining is not explicitly specified.

Guaranteed Service rate of a queue is defined as the bandwidth the queue receives when all the queues are congested. It is defined as:

Guaranteed Service Rate = minimum bandwidth + excess share of the queue

Restrictions

The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.

The bandwidth command is supported only on policies configured on outgoing interfaces.

SUMMARY STEPS

    1.    configure

    2.    policy-map policy-name

    3.    class class-name

    4.    bandwidth {rate [units]| percent value}

    5.    bandwidth remaining percent value

    6.    exit

    7.    class class-name

    8.    bandwidth {rate [units] | percent value}

    9.    bandwidth remaining percent value

    10.    exit

    11.    exit

    12.    interface type interface-path-id

    13.    service-policy {input | output} policy-map

    14.    Use the commit or end command.

    15.    show policy-map interface type interface-path-id [input | output]


DETAILED STEPS
     Command or ActionPurpose
    Step 1 configure


    Example:
    RP/0/RSP0/CPU0:router# configure
     

    Enters global configuration mode.

     
    Step 2policy-map policy-name


    Example:
    
    RP/0/RSP0/CPU0:router(config)# policy-map policy1
    
     

    Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

     
    Step 3class class-name


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap)# class class1
    
     

    Specifies the name of the class whose policy you want to create or change.

     
    Step 4bandwidth {rate [units]| percent value}


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 50
    
     

    Specifies the bandwidth allocated for a class belonging to a policy map and enters the policy map class configuration mode. In this example, class class1 is guaranteed 50 percent of the interface bandwidth.

     
    Step 5bandwidth remaining percent value


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20
    
     

    Specifies how to allocate leftover bandwidth to various classes.

    Note    The remaining bandwidth of 40 percent is shared by class class1 and class2 (see Steps 8 and 9) in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent.
     
    Step 6exit


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# exit
    
     

    Returns the router to policy map configuration mode.

     
    Step 7class class-name


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap)# class class2
    
     

    Specifies the name of a different class whose policy you want to create or change.

     
    Step 8bandwidth {rate [units] | percent value}


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 10
    
     

    Specifies the bandwidth allocated for a class belonging to a policy map. In this example, class class2 is guaranteed 10 percent of the interface bandwidth.

     
    Step 9bandwidth remaining percent value


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 80
    
     

    Specifies how to allocate leftover bandwidth to various classes.

    Note    The remaining bandwidth of 40 percent is shared by class class1 and class2 (see Steps 8 and 9) in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent.
     
    Step 10exit


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap-c)# exit
    
     

    Returns the router to policy map configuration mode.

     
    Step 11exit


    Example:
    
    RP/0/RSP0/CPU0:router(config-pmap)# exit
    
     

    Returns the router to global configuration mode.

     
    Step 12interface type interface-path-id


    Example:
    
    RP/0/RSP0/CPU0:router(config)# interface POS 0/2/0/0
    
     

    Enters interface configuration mode and configures an interface.

     
    Step 13service-policy {input | output} policy-map


    Example:
    
    RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
    
     

    Attaches a policy map to an input or output interface to be used as the service policy for that interface. In this example, the traffic policy evaluates all traffic leaving that interface.

     
    Step 14 Use the commit or end command.  

    commit—Saves the configuration changes, and remains within the configuration session.

    end—Prompts user to take one of these actions:
    • Yes— Saves configuration changes and exits the configuration session.
    • No—Exits the configuration session without committing the configuration changes.
    • Cancel—Remains in the configuration mode, without committing the configuration changes.
     
    Step 15show policy-map interface type interface-path-id [input | output]


    Example:
    
    RP/0/RSP0/CPU0:router# show policy-map interface POS 0/2/0/0
    
     

    (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

     

    Configuring Guaranteed Bandwidth

    SUMMARY STEPS

      1.    configure

      2.    policy-map policy-name

      3.    class class-name

      4.    bandwidth {rate [units]| percent percentage-value}

      5.    exit

      6.    class class-name

      7.    bandwidth {rate [units]| percent percentage-value}

      8.    exit

      9.    class class-name

      10.    bandwidth {rate [units]| percent percentage-value}

      11.    exit

      12.    exit

      13.    interface type interface-path-id

      14.    service-policy {input | output} policy-map

      15.    end or commit

      16.    show policy-map interface type interface-path-id [input | output]


    DETAILED STEPS
       Command or ActionPurpose
      Step 1configure


      Example:
      
      RP/0/RSP0/CPU0:router# configure
      
       

      Enters global configuration mode.

       
      Step 2policy-map policy-name


      Example:
      
      RP/0/RSP0/CPU0:router(config)# policy-map policy1
      
       

      Enters policy map configuration mode.

      • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
       
      Step 3class class-name


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap)# class class1
      
       

      Specifies the name of the class whose policy you want to create or change.

       
      Step 4bandwidth {rate [units]| percent percentage-value}


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 40
      
       

      Enters policy map class configuration mode.

      • Specifies the bandwidth allocated for a class belonging to a policy map.
      • In this example, class class1 is guaranteed 40 percent of the interface bandwidth.
       
      Step 5exit


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# exit
      
       

      Returns the router to policy map configuration mode.

       
      Step 6class class-name


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap)# class class2
      
       

      Specifies the name of the class whose policy you want to create or change.

       
      Step 7bandwidth {rate [units]| percent percentage-value}


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 40
      
       

      Enters policy map class configuration mode.

      • Specifies the bandwidth allocated for a class belonging to a policy map.
      • In this example, class class2 is guaranteed 40 percent of the interface bandwidth.
       
      Step 8exit


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# exit
      
       

      Returns the router to policy map configuration mode.

       
      Step 9class class-name


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap)# class class-default
      
       

      Specifies the name of the class whose policy you want to create or change.

       
      Step 10bandwidth {rate [units]| percent percentage-value}


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth percent 20
      
       

      Enters policy map class configuration mode.

      • Specifies the bandwidth allocated for a class belonging to a policy map.
      • In this example, class class-default is guaranteed 20 percent of the interface bandwidth.
       
      Step 11exit


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap-c)# exit
      
       

      Returns the router to policy map configuration mode.

       
      Step 12exit


      Example:
      
      RP/0/RSP0/CPU0:router(config-pmap)# exit
      
       

      Returns the router to global configuration mode.

       
      Step 13interface type interface-path-id


      Example:
      
      RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0
      
       

      Enters interface configuration mode and configures an interface.

       
      Step 14service-policy {input | output} policy-map


      Example:
      
      RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
      
       

      Attaches a policy map to an input or output interface to be used as the service policy for that interface.

      • In this example, the traffic policy evaluates all traffic leaving that interface.
       
      Step 15end or commit

      Example:
      
      RP/0/RSP0/CPU0:router(config-if)# end
      

      or

      
      RP/0/RSP0/CPU0:router(config-if)# commit
      
       

      Saves configuration changes.

      • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
      • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
       
      Step 16show policy-map interface type interface-path-id [input | output]


      Example:
      
      RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0
      
       

      (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

       

      Configuring Bandwidth Remaining

      SUMMARY STEPS

        1.    configure

        2.    policy-map policy-name

        3.    class class-name

        4.    bandwidth remaining percent percentage-value

        5.    exit

        6.    class class-name

        7.    bandwidth remaining percent percentage-value

        8.    exit

        9.    class class-name

        10.    bandwidth remaining percent percentage-value

        11.    exit

        12.    exit

        13.    interface type interface-path-id

        14.    service-policy {input | output} policy-map

        15.    end or commit

        16.    show policy-map interface type interface-path-id [input | output]


      DETAILED STEPS
         Command or ActionPurpose
        Step 1configure


        Example:
        
        RP/0/RSP0/CPU0:router# configure
        
         

        Enters global configuration mode.

         
        Step 2policy-map policy-name


        Example:
        
        RP/0/RSP0/CPU0:router(config)# policy-map policy1
        
         

        Enters policy map configuration mode.

        • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
         
        Step 3class class-name


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap)# class class1
        
         

        Specifies the name of the class whose policy you want to create or change.

         
        Step 4bandwidth remaining percent percentage-value


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 40
        
         

        Specifies how to allocate leftover bandwidth for class class1.

         
        Step 5exit


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# exit
        
         

        Returns the router to policy map configuration mode.

         
        Step 6class class-name


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap)# class class2
        
         

        Specifies the name of the class whose policy you want to create or change.

         
        Step 7bandwidth remaining percent percentage-value


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 40
        
         

        Specifies how to allocate leftover bandwidth for class class2.

         
        Step 8exit


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# exit
        
         

        Returns the router to policy map configuration mode.

         
        Step 9class class-name


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap)# class class-default
        
         

        Specifies the name of the class whose policy you want to create or change.

         
        Step 10bandwidth remaining percent percentage-value


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20
        
         

        Specifies how to allocate leftover bandwidth for class class-default.

         
        Step 11exit


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap-c)# exit
        
         

        Returns the router to policy map configuration mode.

         
        Step 12exit


        Example:
        
        RP/0/RSP0/CPU0:router(config-pmap)# exit
        
         

        Returns the router to global configuration mode.

         
        Step 13interface type interface-path-id


        Example:
        
        RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/2/0/0
        
         

        Enters interface configuration mode and configures an interface.

         
        Step 14service-policy {input | output} policy-map


        Example:
        
        RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
        
         

        Attaches a policy map to an input or output interface to be used as the service policy for that interface.

        • In this example, the traffic policy evaluates all traffic leaving that interface.
         
        Step 15end or commit

        Example:
        
        RP/0/RSP0/CPU0:router(config-if)# end
        

        or

        
        RP/0/RSP0/CPU0:router(config-if)# commit
        
         

        Saves configuration changes.

        • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
        • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
         
        Step 16show policy-map interface type interface-path-id [input | output]


        Example:
        
        RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0
        
         

        (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

         

        Configuring Low-Latency Queueing with Strict Priority Queueing

        The priority command configures LLQ with strict priority queuing (PQ) that allows delay-sensitive data such as voice to be dequeued and sent before packets in other queues are dequeued. When a class is marked as high priority using the priority command, you must configure a policer to limit the priority traffic. This configuration ensures that the priority traffic does not constrain all the other traffic on the line card, which protects low priority traffic from limitations. Use the police command to explicitly configure the policer.


        Note


        Three levels of priority are supported: priority level 1, priority level 2, and priority level 3. If no priority level is configured, the default is priority level 1.


        Restrictions

        • Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is queued to the same single priority queue.
        SUMMARY STEPS

          1.    configure

          2.    policy-map policy-name

          3.    class class-name

          4.    police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

          5.    exceed-action action

          6.    exit

          7.    priority[levelpriority_level] [level priority-level]

          8.    exit

          9.    exit

          10.    interface type interface-path-id

          11.    service-policy {input | output} policy-map

          12.    Use the commit or end command.

          13.    show policy-map interface type interface-path-id [input | output]


        DETAILED STEPS
           Command or ActionPurpose
          Step 1 configure


          Example:
          RP/0/RSP0/CPU0:router# configure
           

          Enters global configuration mode.

           
          Step 2policy-map policy-name


          Example:
          
          RP/0/RSP0/CPU0:router(config)# policy-map voice
          
           

          Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

           
          Step 3class class-name


          Example:
          
          RP/0/RSP0/CPU0:router(config-pmap)# class voice
          
           

          Specifies the name of the class whose policy you want to create or change and enters the policy map class configuration mode.

           
          Step 4police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

          Example:
          
          RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250
          
           

          Configures traffic policing and enters policy map police configuration mode. In this example, the low-latency queue is restricted to 250 kbps to protect low-priority traffic from starvation and to release bandwidth.

           
          Step 5exceed-action action


          Example:
          
          RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action drop
          
           

          Configures the action to take on packets that exceed the rate limit.

           
          Step 6exit


          Example:
          RP/0/RSP0/CPU0:router(config-pmap)# exit
          
           

          Returns the router to policy map class configuration mode.

           
          Step 7priority[levelpriority_level] [level priority-level]


          Example:
          RP/0/RSP0/CPU0:router(config-pmap-c)# priority level 1 level 2
           

          Specifies priority to a class of traffic belonging to a policy map.

          Specifies priority to a class of traffic belonging to a policy map. If no priority level is configured, the default is priority 1.

           
          Step 8exit


          Example:
          
          RP/0/RSP0/CPU0:router(config-pmap-c)# exit
          
           

          Returns the router to policy map configuration mode.

           
          Step 9exit


          Example:
          
          RP/0/RSP0/CPU0:router(config-pmap)# exit
          
           

          Returns the router to global configuration mode.

           
          Step 10interface type interface-path-id


          Example:
          
          RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 
          
           

          Enters interface configuration mode, and configures an interface.

           
          Step 11service-policy {input | output} policy-map


          Example:
          
          RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
          
           

          Attaches a policy map to an input or output interface to be used as the service policy for that interface. In this example, the traffic policy evaluates all traffic leaving that interface.

           
          Step 12 Use the commit or end command.  

          commit—Saves the configuration changes, and remains within the configuration session.

          end—Prompts user to take one of these actions:
          • Yes— Saves configuration changes and exits the configuration session.
          • No—Exits the configuration session without committing the configuration changes.
          • Cancel—Remains in the configuration mode, without committing the configuration changes.
           
          Step 13show policy-map interface type interface-path-id [input | output]


          Example:
          
          RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 
          
           

          (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

           

          Configuring Traffic Shaping

          Traffic shaping allows you to control the traffic exiting an interface to match its transmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it.

          Shaping performed on incoming and outgoing interfaces is done at the Layer 2 level and includes the Layer 2 header in the rate calculation.

          Restrictions

          • The bandwidth, priority and shape average commands should not be configured together in the same class.
          • A flat port-level shaper requires a child policy with 100% bandwidth explicitly allocated to the class-default.
          SUMMARY STEPS

            1.    configure

            2.    policy-map policy-name

            3.    class class-name

            4.    shape average {percent value | rate [units]}

            5.    exit

            6.    exit

            7.    Specifies the name of the class whose policy you want to create or change.interface type interface-path-id

            8.    service-policy {input | output} policy-map

            9.    Use the commit or end command.

            10.    show policy-map interface type interface-path-id [input | output]


          DETAILED STEPS
             Command or ActionPurpose
            Step 1 configure


            Example:
            RP/0/RSP0/CPU0:router# configure
             

            Enters global configuration mode.

             
            Step 2policy-map policy-name


            Example:
            
            RP/0/RSP0/CPU0:router(config)# policy-map policy1
            
             

            Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

             
            Step 3class class-name


            Example:
            
            RP/0/RSP0/CPU0:router(config-pmap)# class class1
            
             

            Specifies the name of the class whose policy you want to create or change and enters the policy map class configuration mode.

             
            Step 4shape average {percent value | rate [units]}


            Example:
            
            RP/0/RSP0/CPU0:router(config-pmap-c)# shape average percent 50
            
             

            Shapes traffic to the indicated bit rate according to average rate shaping in the specified units or as a percentage of the bandwidth.

             
            Step 5exit


            Example:
            
            RP/0/RSP0/CPU0:router(config-pmap-c)# exit
            
             

            Returns the router to policy map configuration mode.

             
            Step 6exit


            Example:
            
            RP/0/RSP0/CPU0:router(config-pmap)# exit
            
             

            Returns the router to global configuration mode.

             
            Step 7Specifies the name of the class whose policy you want to create or change.interface type interface-path-id

            Example:
            
            RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 
            
             

            Enters interface configuration mode and configures an interface.

             
            Step 8service-policy {input | output} policy-map


            Example:
            
            RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
            
             

            Attaches a policy map to an input or output interface to be used as the service policy for that interface. In this example, the traffic policy evaluates all traffic leaving that interface.

             
            Step 9 Use the commit or end command.  

            commit—Saves the configuration changes, and remains within the configuration session.

            end—Prompts user to take one of these actions:
            • Yes— Saves configuration changes and exits the configuration session.
            • No—Exits the configuration session without committing the configuration changes.
            • Cancel—Remains in the configuration mode, without committing the configuration changes.
             
            Step 10show policy-map interface type interface-path-id [input | output]


            Example:
            
            RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 
            
             

            (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

             

            Configuring Traffic Policing (Two-Rate Color-Blind)

            Traffic policing allows you to control the maximum rate of traffic sent or received on an interface. This section provides the procedure for configuring two-rate color-blind traffic policing.

            SUMMARY STEPS

              1.    configure

              2.    policy-map policy-name

              3.    class class-name

              4.    police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

              5.    conform-action action

              6.    exceed-action action

              7.    exit

              8.    exit

              9.    exit

              10.    interface type interface-path-id

              11.    service-policy {input | output} policy-map

              12.    Use the commit or end command.

              13.    show policy-map interface type interface-path-id [input | output]


            DETAILED STEPS
               Command or ActionPurpose
              Step 1 configure


              Example:
              RP/0/RSP0/CPU0:router# configure
               

              Enters global configuration mode.

               
              Step 2policy-map policy-name


              Example:
              
              RP/0/RSP0/CPU0:router(config)# policy-map policy1
              
               

              Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

               
              Step 3class class-name


              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap)# class class1
              
               

              Specifies the name of the class whose policy you want to create or change and enters the policy map class configuration mode.

               
              Step 4police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250000
              
               

              Configures traffic policing and enters policy map police configuration mode. The traffic policing feature works with a token bucket algorithm.

               
              Step 5conform-action action


              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap-c-police)# conform-action set mpls experimental topmost 3
              
               

              Configures the action to take on packets that conform to the rate limit. The action argument is specified by one of these keywords:

              • drop—Drops the packet.
              • set—Has these keywords and arguments: discard-class value—Sets the discard class value. Range is 0 to 7. dscp —Sets the differentiated services code point (DSCP) value and sends the packet. mpls experimental {topmost | imposition} value—Sets the experimental (EXP) value of the Multiprotocol Label Switching (MPLS) packet topmost label or imposed label. Range is 0 to 7. precedence —Sets the IP precedence and sends the packet. qos-group—Sets the QoS group value. Range is 0 to 63.
              • transmit—Transmits the packets.
               
              Step 6exceed-action action


              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action set mpls experimental topmost 4
              
               

              Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5 .

               
              Step 7exit


              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
              
               

              Returns the router to policy map class configuration mode.

               
              Step 8exit


              Example:
              RP/0/RSP0/CPU0:router(config-pmap-c)# exit
              
               

              Returns the router to policy map configuration mode.

               
              Step 9exit


              Example:
              
              RP/0/RSP0/CPU0:router(config-pmap)# exit
              
               

              Returns the router to global configuration mode.

               
              Step 10interface type interface-path-id


              Example:
              
              RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 
              
               

              Enters configuration mode and configures an interface.

               
              Step 11service-policy {input | output} policy-map


              Example:
              
              RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
              
               

              Attaches a policy map to an input or output interface to be used as the service policy for that interface. In this example, the traffic policy evaluates all traffic leaving that interface.

               
              Step 12 Use the commit or end command.  

              commit—Saves the configuration changes, and remains within the configuration session.

              end—Prompts user to take one of these actions:
              • Yes— Saves configuration changes and exits the configuration session.
              • No—Exits the configuration session without committing the configuration changes.
              • Cancel—Remains in the configuration mode, without committing the configuration changes.
               
              Step 13show policy-map interface type interface-path-id [input | output]


              Example:
              
              RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 
              
               

              (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

               

              Configuring Traffic Policing (2R3C)

              This section provides the procedure for configuring two-rate three-color traffic policing. It is applicable to SIP 700 line cards on the ingress side only.

              SUMMARY STEPS

                1.    configure

                2.    class-map [match-all][match-any] class-map-name

                3.    match [not] fr-defr-de-bit-value

                4.    policy-map policy-name

                5.    class class-name

                6.    police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

                7.    conform-color class-map-name

                8.    exceed-color class-map-name

                9.    conform-action action

                10.    exceed-action action

                11.    exit

                12.    exit

                13.    exit

                14.    interface type interface-path-id

                15.    service-policy policy-map

                16.    Use the commit or end command.

                17.    show policy-map interface type interface-path-id


              DETAILED STEPS
                 Command or ActionPurpose
                Step 1 configure


                Example:
                RP/0/RSP0/CPU0:router# configure
                 

                Enters global configuration mode.

                 
                Step 2class-map [match-all][match-any] class-map-name


                Example:
                
                RP/0/RSP0/CPU0:router(config)# class-map match-all match-not-frde
                
                 

                (Use with SIP 700 line card, ingress only)

                Creates or modifies a class map that can be attached to one or more interfaces to specify a matching policy and enters the class map configuration mode.

                 
                Step 3match [not] fr-defr-de-bit-value


                Example:
                
                RP/0/RSP0/CPU0:router(config)# match not  fr-de 1
                
                 

                (Use with SIP 700 line card, ingress only)

                Specifies the matching condition:
                • Match not fr-de 1 is typically used to specify a conform-color packet.
                • Match fr-de 1 is typically used to specify an exceed-color packet.
                 
                Step 4policy-map policy-name


                Example:
                
                RP/0/RSP0/CPU0:router(config)# policy-map policy1
                
                 

                Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

                 
                Step 5class class-name


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap)# class class1
                
                 

                Specifies the name of the class whose policy you want to create or change and enters the policy map class configuration mode.

                 
                Step 6police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 768000 burst 288000 peak-rate 1536000 peak-burst 576000
                
                 

                Configures traffic policing and enters policy map police configuration mode. The traffic policing feature works with a token bucket algorithm.

                 
                Step 7conform-color class-map-name


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c-police)# conform-color match-not-frde
                
                 

                (Use with SIP 700 line card, ingress only)

                Configures the class-map name to assign to conform-color packets.

                 
                Step 8exceed-color class-map-name


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-color match-frde
                
                 

                (Use with SIP 700 line card, ingress only)

                Configures the class-map name to assign to exceed-color packets.

                 
                Step 9conform-action action


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c-police)# conform-action set mpls experimental topmost 3
                
                 

                Configures the action to take on packets that conform to the rate limit. The action argument is specified by one of these keywords:

                • drop—Drops the packet.
                • set—Has these keywords and arguments: discard-class value—Sets the discard class value. Range is 0 to 7. dscp value—Sets the differentiated services code point (DSCP) value and sends the packet. mpls experimental {topmost | imposition} value—Sets the experimental (EXP) value of the Multiprotocol Label Switching (MPLS) packet topmost label or imposed label. Range is 0 to 7. precedence precedence—Sets the IP precedence and sends the packet. qos-group—Sets the QoS group value. Range is 0 to 63.
                • transmit—Transmits the packets.
                 
                Step 10exceed-action action


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action set mpls experimental topmost 4
                
                 

                Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5.

                 
                Step 11exit


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                
                 

                Returns the router to policy map class configuration mode.

                 
                Step 12exit


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                
                 

                Returns the router to policy map configuration mode.

                 
                Step 13exit


                Example:
                
                RP/0/RSP0/CPU0:router(config-pmap)# exit
                
                 

                Returns the router to global configuration mode.

                 
                Step 14interface type interface-path-id


                Example:
                
                RP/0/RSP0/CPU0:router(config)# interface pos 0/5/0/0
                
                 

                Enters configuration mode and configures an interface.

                 
                Step 15service-policy policy-map


                Example:
                
                RP/0/RSP0/CPU0:router(config-if)# service-policy policy1
                
                 

                Attaches a policy map to an input interface to be used as the service policy for that interface.

                 
                Step 16 Use the commit or end command.  

                commit—Saves the configuration changes, and remains within the configuration session.

                end—Prompts user to take one of these actions:
                • Yes— Saves configuration changes and exits the configuration session.
                • No—Exits the configuration session without committing the configuration changes.
                • Cancel—Remains in the configuration mode, without committing the configuration changes.
                 
                Step 17show policy-map interface type interface-path-id


                Example:
                
                RP/0/RSP0/CPU0:router# show policy-map interface POS 0/2/0/0
                
                 

                (Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

                 

                Configuring Hierarchical Policing

                Hierarchical policing provides support at two levels:

                • Parent level
                • Child level
                SUMMARY STEPS

                  1.    configure

                  2.    policy-map policy-name

                  3.    class class-name

                  4.    service-policy policy-map-name

                  5.    police rate percent percentage

                  6.    conform-action action

                  7.    exceed-action action

                  8.    end or commit


                DETAILED STEPS
                   Command or ActionPurpose
                  Step 1configure


                  Example:
                  
                  RP/0/RSP0/CPU0:router# configure
                  
                   

                  Enters global configuration mode.

                   
                  Step 2policy-map policy-name


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config)# policy-map policy1
                  
                   

                  Enters policy map configuration mode.

                  • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
                   
                  Step 3class class-name


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-pmap)# class class1
                  
                   

                  Enters policy map class configuration mode.

                  • Specifies the name of the class whose policy you want to create or change.
                   
                  Step 4service-policy policy-map-name


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-pmap-c)# service-policy child
                  
                   

                  Attaches a policy map to an input or output interface to be used as the service policy for that interface.

                   
                  Step 5police rate percent percentage


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-pmap-c)# police rate percent 50
                  
                   

                  Configures traffic policing and enters policy map police configuration mode.

                   
                  Step 6conform-action action


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-pmap-c-police)# conform-action transmit
                  
                   

                  Configures the action to take on packets that conform to the rate limit. The allowed action is:

                  transmit—Transmits the packets.

                   
                  Step 7exceed-action action


                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action drop
                  
                   

                  Configures the action to take on packets that exceed the rate limit. The allowed action is:

                  drop—Drops the packet.

                   
                  Step 8end or commit

                  Example:
                  
                  RP/0/RSP0/CPU0:router(config-if)# end
                  

                  or

                  
                  RP/0/RSP0/CPU0:router(config-if)# commit
                  
                   

                  Saves configuration changes.

                  • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
                  • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
                   

                  Traffic Policing for BVI

                  The traffic policy configuration defines the information rate, percentage of link bandwidth and the action taken on the packets (conform/ violate/ exceed) for the BVI. The configured policer rate on the BVI is effective NP-wise. If two interfaces are in one NP, BVI traffic from these two interfaces is under one policer. Traffic from the other interfaces and/ or on another NP is not affected by the policer. You can use the command, show controller np ports to check for interfaces on a particular NP.

                  Note


                  To avoid the problem of system idle in the configuration mode while performing IRB QoS in-place modification, you can remove the QoS policy from the BVI before modifying related class-maps or policy-maps.


                  SUMMARY STEPS

                    1.    configure

                    2.    policy-map policy-name

                    3.    class class-name

                    4.    police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

                    5.    conform-action action

                    6.    exceed-action action

                    7.    violate-action action

                    8.    exit

                    9.    exit

                    10.    exit

                    11.    interface type interface-path-id

                    12.    service-policy {input | output} policy-map

                    13.    end or commit

                    14.    show policy-map interface type interface-path-id [input | output]interface-path-id


                  DETAILED STEPS
                     Command or ActionPurpose
                    Step 1configure


                    Example:
                    
                    RP/0/RSP0/CPU0:router# configure
                    
                     

                    Enters global configuration mode.

                     
                    Step 2policy-map policy-name


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config)# policy-map policy1
                    
                     

                    Enters policy map configuration mode.

                    • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
                     
                    Step 3class class-name


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-pmap)# class class1
                    
                     

                    Enters policy map class configuration mode.

                    • Specifies the name of the class whose policy you want to create or change.
                     
                    Step 4police rate {[units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]]

                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250000
                    
                     

                    Configures traffic policing and enters policy map police configuration mode. The traffic policing feature works with a token bucket algorithm.

                    Note   

                    police rate is more suitable for regular, flat policy maps. You may use the police percent command for parent/child policy maps.

                     
                    Step 5conform-action action


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-pmap-c-police)# conform-action set prec 1
                    
                     

                    Configures the action to take on packets that conform to the rate limit. The action argument is specified by one of these keywords:

                    • drop—Drops the packet.
                    • set—Has these keywords and arguments: discard-class value—Sets the discard class value. Range is 0 to 7. dscp —Sets the differentiated services code point (DSCP) value and sends the packet. precedence —Sets the IP precedence and sends the packet. qos-group—Sets the QoS group value. Range is 0 to 63.
                    • transmit—Transmits the packets.
                     
                    Step 6exceed-action action


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-pmap-c-police)# exceed-action drop
                    
                     

                    Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5.

                     
                    Step 7violate-action action


                    Example:
                    RP/0/RSP0/CPU0:router(config-pmap-c-police)# violate-action drop
                    
                     

                    Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5.

                     
                    Step 8exit


                    Example:

                    RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit

                     

                    Returns the router to policy map class configuration mode.

                     
                    Step 9exit


                    Example:

                    RP/0/RSP0/CPU0:router(config-pmap-c)# exit

                     

                    Returns the router to policy map configuration mode.

                     
                    Step 10exit


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-pmap)# exit
                    
                     

                    Returns the router to global configuration mode.

                     
                    Step 11interface type interface-path-id


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config)# interface BVI 10
                    
                     

                    Specifies the BVI to which the Qos policy will get attached to .

                     
                    Step 12service-policy {input | output} policy-map


                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-if)# service-policy output policy1
                    
                     
                    Attaches a policy map to an input or output BVI to be used as the service policy for that interface.
                    Note   

                    Policer for BVI is aggregated per Network processor. 500M policer for two interfaces of the same NP results in the total policed rate per NP as 500M.

                    • In this example, the traffic policy evaluates all traffic leaving that interface.
                     
                    Step 13end or commit

                    Example:
                    
                    RP/0/RSP0/CPU0:router(config-if)# end
                    

                    or

                    
                    RP/0/RSP0/CPU0:router(config-if)# commit
                    
                     

                    Saves configuration changes.

                    • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
                    • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
                     
                    Step 14show policy-map interface type interface-path-id [input | output]interface-path-id


                    Example:
                    
                    RP/0/RSP0/CPU0:router# sh policy-map int BVI 1 input member gig 0/1/0/29
                    
                     

                    (Optional) Displays policy configuration information for all classes configured for all service policies on a NP which the specified interface (gig 0/1/0/29) belongs to.

                     

                    Configuring ECN

                    ECN helps routers and end hosts to understand that the network is congested and slow down the rate at which packets are transmitted.

                    SUMMARY STEPS

                      1.    configure

                      2.    policy-map policy-name

                      3.    class class-name

                      4.    bandwidth [percent |value]

                      5.    random-detect { default | discard-class | dscp | precedence }

                      6.    random-detect ecn

                      7.    exit

                      8.    exit

                      9.    end or commit

                      10.    show policy-map interface type interface-path-id [input | output]


                    DETAILED STEPS
                       Command or ActionPurpose
                      Step 1configure


                      Example:
                      
                      RP/0/RSP0/CPU0:router# configure
                      
                       

                      Enters global configuration mode.

                       
                      Step 2policy-map policy-name


                      Example:
                      
                      RP/0/RSP0/CPU0:router(config)# policy-map policy1
                      
                       

                      Enters policy map configuration mode.

                      • Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.
                       
                      Step 3class class-name


                      Example:
                      
                      RP/0/RSP0/CPU0:router(config-pmap)# class class1
                      
                       

                      Enters policy map class configuration mode.

                      • Specifies the name of the class whose policy you want to create or change.
                       
                      Step 4 bandwidth [percent |value]


                      Example:
                      
                      RP/0/RSP0/CPU0:router(config-pmap-c)# bandwidth 100
                      
                       

                      Specifies or modifies the bandwidth allocated for a class in a specific policy-map.

                      Note   

                      ECN can be configured with any queuing action, such as , bandwidth, shaping, etc.

                       
                      Step 5random-detect { default | discard-class | dscp | precedence }


                      Example:
                      RP/0/RSP0/CPU0:router(config-pmap-c)# random-detect dscp 1 1000 packets 2000 packets
                      
                       
                      Configures the WRED profile. WRED profile entry is required to apply ECN for a particular class. 
                      Step 6random-detect ecn


                      Example:
                      RP/0/RSP0/CPU0:router(config-pmap-c)# random-detect ecn
                      
                       

                      Enables ECN.

                       
                      Step 7exit


                      Example:
                      
                      RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                      
                       

                      Returns the router to policy map configuration mode.

                       
                      Step 8exit


                      Example:
                      
                      RP/0/RSP0/CPU0:router(config-pmap)# exit
                      
                       

                      Returns the router to global configuration mode.

                       
                      Step 9end or commit

                      Example:
                      
                      RP/0/RSP0/CPU0:router(config-if)# end
                      

                      or

                      
                      RP/0/RSP0/CPU0:router(config-if)# commit
                      
                       

                      Saves configuration changes.

                      • When you issue the end command, the system prompts you to commit changes: Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]: Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode. Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes. Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.
                      • Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.
                       
                      Step 10show policy-map interface type interface-path-id [input | output]


                      Example:
                      
                      RP/0/RSP0/CPU0:router# show policy-map interface gigabitethernet 0/2/0/0
                      
                       

                      (Optional) Displays statistics for all classes configured for all service policies on the specified interface. If ECN is enabled, displays ECN marking information for the specified interface.

                       

                      Configuring Flow Aware CAC Reject Action

                      Perform these tasks to configure flow aware call admission control (CAC) for the CAC reject action.

                      Before You Begin
                      • Enable flow aware CAC feature on LCs (line cards). Use the hw-module flow-qos location node-id max-flow-count value command in Admin configuration mode.
                      • Reload LCs for the changes to take effect.
                      • To verify status, use the show qos flow-aware summary location command in EXEC mode.
                      SUMMARY STEPS

                        1.    configure

                        2.    class-map [type qos] [match-any] [match-all] class-map-name

                        3.    match precedenceprecedence-value [precedence-value1 ... precedence-value6]

                        4.    exit

                        5.    class-map [type qos] [match-any] [match-all] class-map-name

                        6.    match access-group [ipv4 | ipv6] access-group-name

                        7.    exit

                        8.    policy-map [ type qos ] policy-name

                        9.    class class-name

                        10.    police rate rate

                        11.    exit

                        12.    exit

                        13.    class class-name

                        14.    set dscptunnel-value

                        15.    admit cac local

                        16.    flow idle-timeout value

                        17.    flow rate value

                        18.    rate rate

                        19.    exit

                        20.    exit

                        21.    class class-name

                        22.    police rate rate

                        23.    Use the commit or end command.

                        24.    show running-config class-map

                        25.    show running-config policy-map


                      DETAILED STEPS
                         Command or ActionPurpose
                        Step 1 configure


                        Example:
                        RP/0/RSP0/CPU0:router# configure
                         

                        Enters global configuration mode.

                         
                        Step 2class-map [type qos] [match-any] [match-all] class-map-name


                        Example:
                        
                        RP/0/RSP0/CPU0:router(config)# class-map match-all prec5
                        
                         

                        Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                        If you specify match-any, one of the match criteria must be met for traffic entering the traffic class to be classified as part of the traffic class. This is the default. If you specify match-all, the traffic must match all the match criteria.

                         
                        Step 3match precedenceprecedence-value [precedence-value1 ... precedence-value6]


                        Example:
                        
                        RP/0/RSP0/CPU0:router(config-cmap)# match precedence 5
                        
                         

                        Identifies IP precedence values as match criteria.

                        • Value range is from 0 to 7.
                        • Reserved keywords can be specified instead of numeric values.
                         
                        Step 4exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap)# exit
                        
                         

                        Returns the router to global configuration mode.

                         
                        Step 5class-map [type qos] [match-any] [match-all] class-map-name


                        Example:
                        RP/0/RSP0/CPU0:router(config)# class-map match-any video
                        
                         

                        Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                        If you specify match-any, one of the match criteria must be met for traffic entering the traffic class to be classified as part of the traffic class. This is the default. If you specify match-all, the traffic must match all the match criteria.

                         
                        Step 6match access-group [ipv4 | ipv6] access-group-name


                        Example:
                        
                        RP/0/RSP0/CPU0:router(config-cmap)# match access-group ipv4 102
                        
                         

                        (Optional) Configures the match criteria for a class map based on the specified access control list (ACL) name.

                         
                        Step 7exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap)# exit
                        
                         

                        Returns the router to global configuration mode.

                         
                        Step 8policy-map [ type qos ] policy-name


                        Example:
                        RP/0/RSP0/CPU0:router(config)# policy-map premium-services
                        
                         

                        Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

                         
                        Step 9class class-name


                        Example:
                        
                        RP/0/RSP0/CPU0:router(config-pmap)# class prec5
                        
                         

                        Specifies the name of the class whose policy you want to create or change.

                         
                        Step 10police rate rate


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 100 mbps
                        
                         

                        Configures the traffic policing rate and enters policy map police configuration mode.

                         
                        Step 11exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                        
                         

                        Returns the router to policy map class configuration mode.

                         
                        Step 12exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                        
                         

                        Returns the router to policy map configuration mode.

                         
                        Step 13class class-name


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap)# class video
                        
                         

                        Specifies the name of the class whose policy you want to create or change.

                         
                        Step 14set dscptunnel-value


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# set dscp af41
                        
                         

                        Sets the IP differentiated services code point (DSCP) in the type of service (ToS) byte to AF41.

                         
                        Step 15admit cac local


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# set dscp af41
                        
                         

                        Configures the call admission control (CAC) local flow type and enters the policy map class cac configuration sub-mode.

                         
                        Step 16flow idle-timeout value


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c-cac)# flow idle-timeout 20
                        
                         

                        Configures the maximum time of inactivity for the flow as 20 seconds.

                         
                        Step 17flow rate value


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c-cac)# flow rate 128
                        
                         

                        Configures the per flow rate for the flow as 128 kbps.

                         
                        Step 18rate rate


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c-cac)# rate 896 kbps 
                        
                         

                        Configures the per flow rate for the flow as 896 kbps.

                         
                        Step 19exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                        
                         

                        Returns the router to policy map class configuration mode.

                         
                        Step 20exit


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                        
                         

                        Returns the router to policy map configuration mode.

                         
                        Step 21class class-name


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap)# class class-default
                        
                         

                        Specifies the name of the class whose policy you want to create or change.

                         
                        Step 22police rate rate


                        Example:
                        RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 30 mbps
                        
                         

                        Configures the traffic policing rate and enters policy map police configuration mode.

                         
                        Step 23 Use the commit or end command.  

                        commit—Saves the configuration changes, and remains within the configuration session.

                        end—Prompts user to take one of these actions:
                        • Yes— Saves configuration changes and exits the configuration session.
                        • No—Exits the configuration session without committing the configuration changes.
                        • Cancel—Remains in the configuration mode, without committing the configuration changes.
                         
                        Step 24show running-config class-map


                        Example:
                        RP/0/RSP0/CPU0:router# show running-config class-map
                        
                         

                        Displays the configuration of all class maps configured on the router.

                         
                        Step 25show running-config policy-map


                        Example:
                        RP/0/RSP0/CPU0:router# show running-config policy-map
                        
                         

                        Displays the configuration of all policy maps configured on the router.

                         

                        Configuring Flow Aware CAC Redirect Action

                        Before You Begin
                        • Enable flow aware CAC feature on LCs (line cards). Use the hw-module flow-qos location node-id max-flow-count value command in Admin configuration mode.
                        • Reload LCs for the changes to take effect.
                        • To verify status, use the show qos flow-aware summary location command in EXEC mode.
                        SUMMARY STEPS

                          1.    configure

                          2.    class-map [type qos] [match-any] [match-all] class-map-name

                          3.    match dscpvalue

                          4.    exit

                          5.    class-map [type qos] match-all class-map-name

                          6.    match cac admitted local

                          7.    exit

                          8.    class-map [type qos] [match-any] [match-all] class-map-name

                          9.    match dscp value

                          10.    end-class-map

                          11.    policy-map [ type qos ] policy-name

                          12.    class class-name

                          13.    set discard-classvalue

                          14.    exit

                          15.    class class-name

                          16.    set dscp value

                          17.    exit

                          18.    exit

                          19.    policy-map [ type qos ] policy-name

                          20.    class class-name

                          21.    police rate rate

                          22.    exit

                          23.    exit

                          24.    class class-name

                          25.    service-policy policy-map

                          26.    admit cac local

                          27.    flow idle-timeout value

                          28.    flow rate value

                          29.    rate rate

                          30.    exit

                          31.    exit

                          32.    class class-name

                          33.    police rate rate

                          34.    Use the commit or end command.

                          35.    show running-config class-map

                          36.    show running-config policy-map


                        DETAILED STEPS
                           Command or ActionPurpose
                          Step 1 configure


                          Example:
                          RP/0/RSP0/CPU0:router# configure
                           

                          Enters global configuration mode.

                           
                          Step 2class-map [type qos] [match-any] [match-all] class-map-name


                          Example:
                          
                          RP/0/RSP0/CPU0:router(config)# class-map match-any dscp_cs5
                          
                           

                          Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                          If you specify match-any, one of the match criteria must be met for traffic entering the traffic class to be classified as part of the traffic class. This is the default. If you specify match-all, the traffic must match all the match criteria.

                           
                          Step 3match dscpvalue


                          Example:
                          
                          RP/0/RSP0/CPU0:router(config-cmap)# match dscp cs5
                          
                           

                          Identifies DSCP values as match criteria in a class map.

                           
                          Step 4exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# exit
                          
                           

                          Returns the router to global configuration mode.

                           
                          Step 5class-map [type qos] match-all class-map-name


                          Example:
                          RP/0/RSP0/CPU0:router(config)# class-map match-all video_admitted
                          
                           

                          Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                           
                          Step 6match cac admitted local


                          Example:
                          
                          RP/0/RSP0/CPU0:router(config-cmap)# match cac admitted local
                          
                           

                          Specifies the packets admitted by CAC action as the match criteria in a class map.

                           
                          Step 7exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# exit
                          
                           

                          Returns the router to global configuration mode.

                           
                          Step 8class-map [type qos] [match-any] [match-all] class-map-name


                          Example:
                          RP/0/RSP0/CPU0:router(config)# class-map match-all dscp_cs6
                          
                           

                          Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                          If you specify match-any, one of the match criteria must be met for traffic entering the traffic class to be classified as part of the traffic class. This is the default. If you specify match-all, the traffic must match all the match criteria.

                           
                          Step 9match dscp value


                          Example:
                          RP/0/RSP0/CPU0:router(config-cmap)# match dscp cs6  
                          
                           

                          Identifies DSCP values as match criteria in a class map.

                           
                          Step 10end-class-map


                          Example:
                          RP/0/RSP0/CPU0:router(config-cmap)# end-class-map
                          
                           

                          Ends the class map configuration.

                           
                          Step 11policy-map [ type qos ] policy-name


                          Example:
                          RP/0/RSP0/CPU0:router(config)# policy-map video_flows
                          
                           

                          Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

                           
                          Step 12class class-name


                          Example:
                          
                          RP/0/RSP0/CPU0:router(config-pmap)# class video_admitted	
                          
                           

                          Specifies the name of the class whose policy you want to create or change.

                           
                          Step 13set discard-classvalue


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# set discard-class 1
                          
                           

                          Sets the discard class on IP Version 4 (IPv4) or Multiprotocol Label Switching (MPLS) packets.

                           
                          Step 14exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                          
                           

                          Returns the router to policy map configuration mode.

                           
                          Step 15class class-name


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# class class-default
                          
                           

                          Specifies the name of the class whose policy you want to create or change.

                           
                          Step 16set dscp value


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# set dscp cs4
                          
                           

                          Marks the packet by setting the DSCP in the ToS byte to cs4.

                           
                          Step 17exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                          
                           

                          Returns the router to policy map configuration mode.

                           
                          Step 18exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# exit
                          
                           

                          Returns the router to global configuration mode.

                           
                          Step 19policy-map [ type qos ] policy-name


                          Example:
                          RP/0/RSP0/CPU0:router(config)# policy-map premium_services
                          
                           

                          Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

                           
                          Step 20class class-name


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# class dscp_cs5
                          
                           

                          Specifies the name of the class whose policy you want to create or change.

                           
                          Step 21police rate rate


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 100 mbps
                          
                           

                          Configures the traffic policing rate and enters policy map police configuration mode.

                           
                          Step 22exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                          
                           

                          Returns the router to policy map class configuration mode.

                           
                          Step 23exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                          
                           

                          Returns the router to policy map configuration mode.

                           
                          Step 24class class-name


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# class dscp_cs6
                          
                           

                          Specifies the name of the class whose policy you want to create or change.

                           
                          Step 25service-policy policy-map


                          Example:
                          
                          RP/0/RSP0/CPU0:router(config-pmap-c)# service-policy video_flows
                          
                           

                          Attaches a policy map to an output interface to be used as the service policy for that interface.

                           
                          Step 26admit cac local


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# set dscp af41
                          
                           

                          Configures the call admission control (CAC) local flow type and enters the policy map class cac configuration sub-mode.

                           
                          Step 27flow idle-timeout value


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c-cac)# flow idle-timeout 20
                          
                           

                          Configures the maximum time of inactivity for the flow as 20 seconds.

                           
                          Step 28flow rate value


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c-cac)# flow rate 128
                          
                           

                          Configures the per flow rate for the flow as 128 kbps.

                           
                          Step 29rate rate


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c-cac)# rate 896 kbps 
                          
                           

                          Configures the per flow rate for the flow as 896 kbps.

                           
                          Step 30exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                          
                           

                          Returns the router to policy map class configuration mode.

                           
                          Step 31exit


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                          
                           

                          Returns the router to policy map configuration mode.

                           
                          Step 32class class-name


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap)# class class-default
                          
                           

                          Specifies the name of the class whose policy you want to create or change.

                           
                          Step 33police rate rate


                          Example:
                          RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 30 mbps
                          
                           

                          Configures the traffic policing rate and enters policy map police configuration mode.

                           
                          Step 34 Use the commit or end command.  

                          commit—Saves the configuration changes, and remains within the configuration session.

                          end—Prompts user to take one of these actions:
                          • Yes— Saves configuration changes and exits the configuration session.
                          • No—Exits the configuration session without committing the configuration changes.
                          • Cancel—Remains in the configuration mode, without committing the configuration changes.
                           
                          Step 35show running-config class-map


                          Example:
                          RP/0/RSP0/CPU0:router# show running-config class-map
                          
                           

                          Displays the configuration of all class maps configured on the router.

                           
                          Step 36show running-config policy-map


                          Example:
                          RP/0/RSP0/CPU0:router# show running-config policy-map
                          
                           

                          Displays the configuration of all policy maps configured on the router.

                           

                          Configuring User Based Rate Limiting (UBRL)

                          Before You Begin
                          • Enable UBRL feature on LCs (line cards). Use the hw-module flow-qos location node-id max-flow-count value command in Admin configuration mode.
                          • Reload LCs for the changes to take effect.
                          • To verify status, use the show qos flow-aware summary location command in EXEC mode.
                          SUMMARY STEPS

                            1.    configure

                            2.    class-map [type qos] [match-all] class-map-name

                            3.    match precedenceprecedence-value

                            4.    match flow-key [5-tuple | dst-ip | flow-cache | src-ip]

                            5.    exit

                            6.    policy-map [ type qos ] policy-name

                            7.    class class-name

                            8.    police rate rate

                            9.    exit

                            10.    exit

                            11.    exit

                            12.    interface type interface-path-id

                            13.    service-policy {input | output} policy-map

                            14.    Use the commit or end command.


                          DETAILED STEPS
                             Command or ActionPurpose
                            Step 1 configure


                            Example:
                            RP/0/RSP0/CPU0:router# configure
                             

                            Enters global configuration mode.

                             
                            Step 2class-map [type qos] [match-all] class-map-name


                            Example:
                            
                            RP/0/RSP0/CPU0:router(config)# class-map match-all ubrl-src-class
                            
                             

                            Creates a class map to be used for matching packets to the class specified and enters the class map configuration mode.

                            If you specify match-all, the traffic must match all the match criteria.

                             
                            Step 3match precedenceprecedence-value


                            Example:
                            
                            RP/0/RSP0/CPU0:router(config-cmap)# match precedence 0 1 2 3 
                            
                             

                            Identifies IP precedence values as match criteria.

                            • Value range is from 0 to 7.
                            • Reserved keywords can be specified instead of numeric values.
                             
                            Step 4match flow-key [5-tuple | dst-ip | flow-cache | src-ip]


                            Example:
                            RP/0/RSP0/CPU0:router(config-cmap)# match flow-key src-ip 
                            
                             

                            Identifies the specified flow key as the match criteria.

                            • Use 5-tuple flow key to configure multiple sessions.
                            • Use dst-ip flow key to configure outbound traffic.
                            • Use flow-cache flow key to configure flow cache parameters.
                            • Use src-ip flow key to configure inbound traffic.
                             
                            Step 5exit


                            Example:
                            RP/0/RSP0/CPU0:router(config-cmap)# exit
                            
                             

                            Returns the router to global configuration mode.

                             
                            Step 6policy-map [ type qos ] policy-name


                            Example:
                            RP/0/RSP0/CPU0:router(config)# policy-map ubrl-src
                            
                             

                            Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy and enters the policy map configuration mode.

                             
                            Step 7class class-name


                            Example:
                            
                            RP/0/RSP0/CPU0:router(config-pmap)# class ubrl-src-class
                            
                             

                            Specifies the name of the class whose policy you want to create or change.

                             
                            Step 8police rate rate


                            Example:
                            RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 200 kbps
                            
                             

                            Configures the traffic policing rate and enters policy map police configuration mode.

                             
                            Step 9exit


                            Example:
                            RP/0/RSP0/CPU0:router(config-pmap-c-police)# exit
                            
                             

                            Returns the router to policy map class configuration mode.

                             
                            Step 10exit


                            Example:
                            RP/0/RSP0/CPU0:router(config-pmap-c)# exit
                            
                             

                            Returns the router to policy map configuration mode.

                             
                            Step 11exit


                            Example:
                            RP/0/RSP0/CPU0:router(config-pmap)# exit
                            
                             

                            Returns the router to global configuration mode.

                             
                            Step 12interface type interface-path-id


                            Example:
                            
                            RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/1/0/9
                            
                             

                            Configures an interface and enters the interface configuration mode.

                             
                            Step 13service-policy {input | output} policy-map


                            Example:
                            
                            RP/0/RSP0/CPU0:router(config-if)# service-policy input ubrl-src
                            
                             

                            Attaches a policy map to an input or output interface to be used as the service policy for that interface. In this example, the traffic policy evaluates all traffic leaving that interface.

                             
                            Step 14 Use the commit or end command.  

                            commit—Saves the configuration changes, and remains within the configuration session.

                            end—Prompts user to take one of these actions:
                            • Yes— Saves configuration changes and exits the configuration session.
                            • No—Exits the configuration session without committing the configuration changes.
                            • Cancel—Remains in the configuration mode, without committing the configuration changes.
                             

                            Configuration Examples for Configuring Congestion Management

                            Service Fragment Configurations: Example

                            This example shows the service-fragment premium being created.
                            policy-map tsqos-port-policy
                                class class-default
                                    shape 500 mbps
                                class dscp1
                                    shape 1 Gbps
                                    service-fragment premium
                                    end-policy
                            	     exit
                            
                            This example shows the service-fragment premium being referred (at the sub-interface):
                            policy-map tsqos-subif-policy-premium
                                class class-default
                                    fragment premium
                                    shape 20 mbps
                                    bandwidth remaining ratio 20
                                    service-policy subif-child
                                    end-policy
                                   exit
                            

                            Traffic Policing for BVI: Example

                            The following example shows how to configure traffic policing for a BVI:

                            policy-map p1
                            	class c1
                            			police rate 10
                            				conform-action set prec 1
                            				exceed-action drop
                            			exit
                            		exit
                            exit
                            interface BVI 10
                            	service-policy output p1
                            

                            Configuration example for L2VPN (sub-interface):

                            interface TE0/2/1/2.1 l2transport
                            		encapsulation dot1q50
                            		rewrite ingress tag pop1 symmetric (for dot1q sub)
                            l2vpn
                             bridge group BVI
                              bridge-domain BVI
                               interface TE0/2/1/2.1
                               !
                               routed interface BVI1
                              !
                             !
                            

                            ECN: Example

                            The following example shows how to run the random-detect ecn command to configure ECN:

                            config
                            policy-map p1
                            class c1
                            bandwidth 100
                            random-detect dscp 1 1000 packets 2000 packets
                            random-detect ecn
                            exit
                            exit
                            commit

                            Hierarchical Policing: Example

                            Configuring Flow Aware CAC Reject Action: Example

                            In this example, two class-maps are created and their match criteria are defined for access-list 102 and match class "video". This flow rate is configured in the admit cac local configuration sub-mode. If any new flow is learnt apart from the already admitted flows, then the new flow is rejected and packets of the flow are dropped. All other packets are classified under class-default and are policed at 30 mbps.

                            
                            class-map match-all prec5
                                     match precedence 5
                            		 !
                            
                            class-map match-any video
                                     match access-group ipv4 102
                            		 !
                                           		 
                            policy-map premium-services
                              class prec5
                                  police rate 100 mbps
                              class video
                                  set dscp af41
                                   admit cac local         		
                                   flow idle-timeout 20
                                   flow rate 128 kbps       		
                                   rate 896 kbps 
                            	!
                            !	
                            class class-default
                                   police rate 30 mbps
                            end
                            

                            Configuring Flow Aware CAC Redirect Action: Example

                            In this example, three class-maps are created and their match criteria are defined for match class "dscp_cs5", match class cac, match class "dscp_cs6". This flow rate is configured in the admit cac local configuration sub-mode. If any new flow is learnt apart from the already admitted flows, then the new flow is redirected and the packets for that flow are handled by the redirect class "class-default" in policy "video_flows". All other packets are classified under class-default and are policed at 30 mbps.

                            
                            class-map match-any dscp_cs5
                                     match dscp cs5
                            !
                            class-map match-all video_admitted
                                    match cac admitted local
                            !
                            class-map match-all dscp_cs6
                                     match dscp cs6  
                            !
                            policy-map video_flows
                               class video_admitted				
                                 set discard-class 1
                               class class-default				
                                 set dscp cs4
                            !
                            !
                             policy-map premium_services
                               class dscp_cs5
                                  police rate 100 mbps
                               class dscp_cs6
                                  service-policy video_flows
                                  admit cac local
                                    flow idle-timeout 20
                                    flow-rate 128 kbps
                                    rate 896 kbps
                             !
                            !
                            class-default          
                            police rate 30 mbps
                            end
                            

                            Configuring UBRL for Multiple Sources: Example

                            In this example, a class-map is created and the match criteria is defined for match precedence and match flow-key based on the source IP (src-ip).

                            
                            class-map match-all ubrl-src
                                match precedence 0 1 2 3
                                match flow-key src-ip 
                            !
                            policy-map ubrl-mult-src
                                class ubrl-src
                                    police rate 200 kbps
                                !
                            !
                            interface gigabitethernet 0/0/0/4
                                service-policy input ubrl-mult-src
                            !
                            end
                            

                            Configuring Bidirectional UBRL: Example

                            In this example, two class-maps are created, one for inbound and another for outbound traffic, and match criteria are defined. The policy-maps are applied on the input and output direction of the interface.

                            
                            class-map match-all ubrl-src
                                match precedence 0 1 2 3
                                match flow-key src-ip 
                            !
                            class-map match-all ubrl-dst
                                match precedence 0 1 2 3
                                match flow-key dst-ip 
                            !
                            
                            policy-map ubrl-mult-src
                                class ubrl-src
                                    police rate 200 kbps
                                !
                            !
                            policy-map ubrl-mult-dst
                                class ubrl-dst
                                    police rate 200 kbps
                                !
                            !
                            interface gigabitethernet 0/0/0/4
                                service-policy input ubrl-mult-src
                                service-policy output ubrl-mult-dst
                            !
                            end
                            

                            Configuring UBRL for Multiple Sessions: Example

                            In this example, a class-map is created and the match criteria is defined for match precedence and match flow-key based on 5-tuple.

                            
                            class-map match-all ubrl-sess
                                match precedence 0 1 2 3
                                match flow-key 5-tuple 
                            !
                            
                            policy-map ubrl-mult-sess
                                class ubrl-sess
                                    police rate 200 kbps
                                !
                            !
                            interface gigabitethernet 0/0/0/4
                                service-policy input ubrl-mult-sess
                            !
                            end
                            

                            Additional References

                            These sections provide references related to implementing QoS congestion management.

                            Related Documents

                            Related Topic

                            Document Title

                            Initial system bootup and configuration

                            Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide

                            Master command reference

                            Cisco ASR 9000 Series Aggregation Services Router Master Command Listing

                            QoS commands

                            Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference

                            User groups and task IDs

                            “Configuring AAA Services on Cisco ASR 9000 Series Router” module of Cisco Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide

                            Standards

                            Standards

                            Title

                            No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

                            MIBs

                            MIBs

                            MIBs Link

                            To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http:/​/​cisco.com/​public/​sw-center/​netmgmt/​cmtk/​mibs.shtml

                            RFCs

                            RFCs

                            Title

                            No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

                            Technical Assistance

                            Description

                            Link

                            The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

                            http:/​/​www.cisco.com/​cisco/​web/​support/​index.html