Cisco ASR 903 Router Chassis Software Configuration Guide, IOS XE Release 3.7
Configuring Quality of Service
Downloads: This chapterpdf (PDF - 169.0KB) The complete bookPDF (PDF - 1.95MB) | Feedback

Table of Contents

Configuring Quality of Service

Understanding Quality of Service

Configuring Quality of Service

Global QoS Limitations and Guidelines

Restrictions for Hierarchical Policies

Classification

Classification Overview

Ingress Classification Limitations

Egress Classification Limitations

Classifying Traffic using an Access Control List

Classifying IPv6 Traffic

Configuring Multiple match Statements

Marking

Marking Overview

Ingress Marking Limitations

Egress Marking Limitations

Marking IPv6 Traffic

Policing

Policing Overview

Ingress Policing Limitations

Egress Policing Limitations

Shaping

Shaping Overview

Ingress Shaping Limitations

Egress Shaping Limitations

Egress Shaping on EFP Interfaces

Congestion Management

Congestion Management Overview

Ingress Queuing Limitations

Egress Queuing Limitations

Support for Low Latency Queuing on Multiple EFPs

Congestion Avoidance

Congestion Avoidance Overview

Configuring Congestion Avoidance

Ingress Congestion Avoidance Limitations

Egress Congestion Avoidance Limitations

Scheduling

Scheduling Overview

Ingress Scheduling Limitations

Egress Scheduling Limitations

Configuring Quality of Service

The following sections describe support for Quality of Service features on the Cisco ASR 903 Series Router.

Understanding Quality of Service

QoS refers to the ability of a network to provide improved service to selected network traffic over various underlying technologies including Frame Relay, ATM, Ethernet and 802.1 networks, SONET, and IP-routed networks. In particular, QoS features provide improved and more predictable network service by implementing the following services:

  • Supporting guaranteed bandwidth
  • Improving loss characteristics
  • Avoiding and managing network congestion
  • Shaping network traffic
  • Setting traffic priorities across the network

For more information about Quality of Service, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S .

Configuring Quality of Service

This document provides details on the platform-dependent implementation of QoS on the Cisco ASR 903 Series Router. For information about how to understand and configure QoS features, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S.

The following sections describe how to configure QoS on the Cisco ASR 903 Series Router:

Global QoS Limitations and Guidelines

The following limitations apply to multiple QoS features for the Cisco ASR 903 Series Router:

  • QoS policies are not supported on LAG bundle interfaces or port channel interfaces.
  • QoS policies are not supported on port-channel member links with Ethernet Flow Points (EFPs).

Note This limitation only applies to Release 3.6; Release 3.6(1) introduces support for QoS policies on EFPs.


  • QoS policies are not supported on physical interfaces configured with an Ethernet Flow Point (EFP) except for Trunk EFP interfaces, which do support QoS policies. You cannot configure a port with both a class-based QoS policy and a service policy on an EFP configured on the port.

Note This limitation only applies to Release 3.6; Release 3.6(1) introduces support for QoS policies on EFPs.


  • The following limitations apply when configuring QoS policies on both a physical port and an EVC or subinterface associated with the port:

The port policy is limited to the class-default class.

Only the shape feature is supported.

  • The Cisco ASR 903 Series Router supports up to 64 unique QoS classification service instances in a given bridge domain. QoS service instances refer to ports, VLAN classes, EFPs associated with a QoS classification policy.
  • Modification of policy-map and class-map definitions while applied to an interface or Ethernet Flow Point is not supported.
  • The Cisco ASR 903 Series Router router does not support a shared child QoS policy applied to a VLAN. As a workaround, you can create an individual child policy for each VLAN class.
  • Policy validation—Some QoS policy configurations are not validated until you apply the policy-map to an interface or Ethernet Flow Point. If a QoS configuration is invalid, the router rejects the configuration when you apply it to an interface. In some cases, a QoS configuration may be rejected due to hardware resource exhaustion or limitations. If you receive such an error message, detach the policy and adjust your QoS configuration.
  • The match-all keyword is supported only for QinQ classification.
  • QoS is not supported on TDM interfaces.

NoteRelease 3.7(1) introduces support for QoS policies on egress MLPPP interfaces. Release 3.7(1) introduces support for QoS policies on egress MLPPP interfaces.


  • SAToP and CESoPSN pseudowire traffic has a default MPLS Exp priority setting of 5 (high).
  • The Cisco ASR 903 router supports a maximum of 128 internal and reserved labels that represent PHB (cos/dscp/exp/prec) values on a QoS policy. A label exhaustion message is displayed if a policy exceeds the maximum number of labels.

Restrictions for Hierarchical Policies

The Cisco ASR-903 Router supports hierarchical QoS policies with up to three levels, allowing for a high degree of granularity in traffic management. There are limitations on the supported classification criteria at each level in the policy-map hierarchy. The following limitations apply when configuring hierarchical policy-map classification:

  • The topmost policy-map in a three-level hierarchy only supports classification using class-default.
  • Inner or outer VLAN classification must have a child policy that classifies based on cos (inner or outer), IP TOS byte, MPLS EXP, discard-class or qos-group.

Sample Hierarchical Policy Designs

The following are examples of supported policy-map configurations:

  • Three-Level Policy

Topmost policy: class-default

Middle policy: match vlan

Lowest policy: match ip precedence

  • Two-Level Policy

Topmost policy: match vlan

Lowest policy: match qos-group

  • Two-Level Policy

Topmost policy: class-default

Lowest policy: match vlan

  • Two-Level Policy

Topmost policy: class-default

Lowest policy: match mpls experimental topmost

  • Flat policy: match ip dscp
  • Flat policy: match vlan inner
  • Flat policy: class-default

Classification Overview

Classifying network traffic allows you to organize packets into traffic classes or categories on the basis of whether the traffic matches specific criteria. Classifying network traffic (used in conjunction with marking network traffic) is the foundation for enabling many quality of service (QoS) features on your network.

The Cisco ASR 903 Series Router supports the following match commands in a QoS class-map.

match access-group

match cos (match up to 4 values)

match cos inner

match discard-class

match dscp (IPv4 and IPv6)

match ip dscp

match ip precedence (IPv4 and IPv6)

match mpls experimental topmost

match precedence

match qos-group

match vlan

match vlan inner

Ingress Classification Limitations

The following limitations apply to QoS classification on the Cisco ASR 903 Series Router:

  • If you configure egress classification for a class of traffic affected by an input policy-map, you must use the same QoS criteria on the ingress and egress policy-maps.

Egress Classification Limitations

  • When applying a QoS policy to a link aggregation group (LAG) bundle, you must assign the policy to a physical link within the bundle; you cannot apply the policy to the LAG bundle or the port channel interface associated with the bundle.
  • MPLS Pipe Mode Limitations—When you configure pipe mode for Time to Live (TTL), the router enables pipe mode for QoS as well. When pipe mode is enabled, you cannot enable egress classification based on the header on an egress interface. For example, you cannot classify based on egress DSCP value for MPLS IP packets when the router is in pipe mode.
  • If you configure egress classification for a class of traffic affected by an input policy-map, you must use the same QoS criteria on the ingress and egress policy-maps.

Classifying Traffic on MLPPP Interfaces

Release 3.7(1) introduces support for egress QoS on MLPPP interfaces. The Cisco ASR 903 Series Router supports the following match commands in a QoS class-map applied to an egress MLPPP interface.

  • match discard-class
  • match dscp
  • match ip dscp
  • match ip precedence
  • match precedence
  • match qos-group

Classifying Traffic using an Access Control List

You can classify inbound packet based on an IP standard or IP extended access control list (ACL). Complete these steps to classify traffic based on an ACL:

1. Create an access list using the access-list or ip access-list commands

2. Reference the ACL within a QoS class map using the match access-group configuration command

3. Attach the class map to a policy map

Limitations and Usage Guidelines

The following limitations and usage guidelines apply when classifying traffic using an ACL:

  • QoS ACLs are supported only for IPv4 traffic
  • QoS ACLs are supported only for ingress traffic
  • You can use QoS ACLs to classify traffic based on the following criteria:

Source and destination host

Source and destination subnet

TCP source and destination

UDP source and destination

  • Named and numbered ACLs are supported.
  • You can apply QoS ACLs only to the third level class (bottom-most).
  • The following rage of numbered access lists are supported:

1-99—IP standard access list

100-199—IP extended access list

1300-1999—IP standard access list (expanded range)

2000-2699—IP extended access list (expanded range)

  • You must create an ACL before referencing it within a QoS policy.
  • Deny statements within an ACL are ignored for the purposes of classification.
  • Classifying traffic based on TCP flags using an ACL is not supported.
  • Classifying traffic using multiple mutually exclusive ACLs within a match-all class-map is not supported.
  • Classifying traffic on a logical/physical level using an ACL is not supported.
  • Applying QoS ACLs to MAC addresses is not supported.
  • Port matching with the neq keyword is only supported for a single port.
  • Matching on multiple port numbers using the eq keyword is supported for up to 8 ports.
  • You can only configure 8 port matching operations on a given interface. A given command can consume multiple matching operations if you specify a source and destination port, as shown in the following examples:

permit tcp any lt 1000 any —Uses one port matching operation

permit tcp any lt 1000 any gt 2000 —Uses two port matching operations

permit tcp any range 1000 2000 any 400 500 —Uses two port matching operations

  • By default, the Cisco ASR 903 Series Router uses port matching resources for security ACLs; the default settings do not provide the memory required for port matching through QoS ACLs. To make resources available for QoS ACLs, set the ROMMON_QOS_ACL_PORTRANGE_OVERRIDE to 2; this setting configures the router to use the Ternary content-addressable memory (TCAM) expansion method memory for security ACL operations. Setting the ROMMON_QOS_ACL_PORTRANGE_OVERRIDE value to 1 allows security ACLs to use the same memory resources as QoS ACLs, which can disable or limit QoS ACL operations.

You can use the following commands to verify your configuration:

show platform hardware pp { active | standby } acl label labelindex— Displays information about security ACL labels; the number of available input VMRs reflects the number of available port range operations.

show romvar - Displays current rommon variable settings, including ROMMON_QOS_ACL_PORTRANGE_OVERRIDE.

For more information about configuring QoS, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S . For more information about configuring access control lists, see the Security Configuration Guide: Access Control Lists, Cisco IOS XE Release 3S.

Classifying IPv6 Traffic

Classification based on IPv6 DSCP and Precedence values is supported both in ingress as well as egress side for IPv6 bridged and routed traffic. The Cisco ASR 903 supports the following commands for classifying both IPv4 and IPv6 packets:

  • match dscp
  • match precedence

For more information about IPv6 QoS, see:

Configuring Multiple match Statements

In IOS XE Release 3.5, the Cisco ASR 903 Series Router supported a single match or match-any command in a given QoS class-map, as shown in the following example:

IOS XE 3.5 Class Map Example

class-map match-any my-restrict-class_00
match ip prec
 
class-map match-any my-restrict-class_01
match qos-group 2
 
class-map match-any my-restrict-class_03

match cos 3

IOS XE Release 3.6 introduces support for multiple match or match-any commands in a given QoS class-map, as shown in the following example:

IOS XE 3.6 Class Map Example

class-map match-any my-class
match ip prec 1
match qos-group 2
match cos 3
 

The router treats the statements as a logical OR operation and classifies traffic that matches any match statement in the class map.

Marking

The following sections describe marking features on the Cisco ASR 903 Series Router:

Marking Overview

The Cisco ASR 903 Series Router supports the following parameters with the set command:

  • set cos
  • set discard-class
  • set ip dscp
  • set ip precedence
  • set mpls experimental imposition (ingress marking)
  • set mpls experimental topmost
  • set qos-group

CoS Marking Limitations

The following limitations apply when configuring CoS marking:

  • set cos —This set action has no effect unless there is a egress push action to add an additional header at egress. The COS value set by this action will be used in the newly added header as a result of the push rewrite. If there are no push rewrite on the packet, the new COS value will have no effect.
  • The set cos inner command is not supported.

Ingress Marking Limitations

The following limitations apply to QoS marking on the Cisco ASR 903 Series Router:

  • The Cisco ASR 903 Series Router does not support hierarchical marking.
  • You can configure marking and policing for any number of classes on any one of the three levels of the policy-map hierarchy. If you configure marking on one level, you can configure policing without marking (transmit, drop) on another level. Marking and policing are not supported on the same level of a policy-map.?

Egress Marking Limitations

IOS XE Release 3.6 introduces support for egress marking. The following limitations apply when configuring marking on egress interfaces:

  • The set cos inner command is not supported.
  • The set mpls experimental imposition command is not supported.
  • The set mpls experimental topmost command is supported for marking MPLS Exp bits; other commands for marking MPLS Exp bits are not supported.

Marking Traffic on MLPPP Interfaces

Release 3.7(1) introduces support for egress QoS on MLPPP interfaces. The Cisco ASR 903 Series Router supports the following parameters with the set command on egress MLPPP interfaces:

  • set ip dscp
  • set ip precedence

Marking IPv6 Traffic

The Cisco ASR 903 supports the following commands for marking both IPv4 and IPv6 packets:

  • set dscp
  • set precedence

For more information about IPv6 QoS, see:

Policing

The following sections describe policing features on the Cisco ASR 903 Series Router:

Policing Overview

The Cisco ASR 903 Series Router supports the following policing types:

  • single-rate policer with two color marker (1R2C) (color-blind mode)
  • two-rate policer with three color marker (2R3C) (color-blind mode)

Supported Commands

The Cisco ASR 903 Series Router supports the following policing commands on ingress interfaces:

  • police (percent)— police cir percent percentage [ burst-in-msec ] [ bc conform-burst-in-msec ms ] [ be peak-burst-in-msec ms ] [ pir percent percentage ] [ conform-action action [ exceed-action action [ violate-action action ]]]
  • police (policy map)— police cir bps [[ bc ] normal-burst-bytes [ maximum-burst-bytes | [ be ] [ burst-bytes ]]] [ pir bps [ be burst-bytes ]] [ conform-action action [ exceed-action action [ violate-action action ]]]
  • police (two rates)— police cir cir [ bc conform-burst ] [ pir pir ] [ be peak-burst ] [ conform-action action [ exceed-action action [ violate-action action ]]]

The Cisco ASR 903 Series Router supports the following policing commands on egress interfaces:

  • bandwidth (policy-map class)—bandwidth { bandwidth-kbps | remaining percent percentage | percent percentage } [ account { qinq | dot1q } aal5 subscriber-encapsulation ]
  • bandwidth remaining ratio bandwidth remaining ratio ratio [ account { qinq | dot1q } [ aal5 ] { subscriber-encapsulation | user-define d offset }]
  • police (policy map)— police cir bps [[ bc ] normal-burst-bytes [ maximum-burst-bytes | [ be ] [ burst-bytes ]]] [ pir bps [ be burst-bytes ]] [ conform-action action [ exceed-action action [ violate-action action ]]]
  • priority—priority { bandwidth-kbps | percent percentage } [ burst ]

Several restrictions apply when using egress policing; see the Egress Policing Limitations section for more information.

Supported Actions

The Cisco ASR 903 Series Router supports the following policing actions on ingress interfaces:

transmit

drop

set-qos-transmit

set-cos-transmit

set-dscp-transmit

set-prec-transmit

set-discard-class-transmit

set-mpls-experimental-topmost-transmit

set-mpls-experimental-imposition-transmit

Configuring Percentage Policing

The router calculates percentage policing rates based on the maximum port PIR rate. The PIR rate is determined as follows:

  • Default—Port line rate
  • Speed command applied—Operational rate
  • Port shaping applied to port—Shaped rate

Ingress Policing Limitations

The following limitations apply to QoS policing on the Cisco ASR 903 Series Router:

  • If you configure a policer rate or burst-size that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.
  • You can configure marking and policing for any number of classes on any one of the three levels of the policy-map hierarchy. If you configure marking on one level, you can configure policing without marking (transmit, drop) on another level.
  • If you configure marking using the set command, you can only configure policing on that level using the transmit and drop command.
  • If you configure a policer using a set command, you cannot use the set command at other levels of the hierarchical policy-map.

Egress Policing Limitations

IOS XE Release 3.6 introduces support for egress policing. The Cisco ASR 903 Series Router supports the bandwidth and bandwidth-remaining commands on egress interfaces under the following conditions:

  • The bandwidth and bandwidth-remaining commands must be configured on classes of the same level.
  • The bandwidth and bandwidth-remaining commands are not supported on class containing the priority command.
  • The priority and police commands must not be applied to a class containing the priority command.
  • If you want to create a configuration that uses the bandwidth or bandwidth-remaining commands and the priority command, you must include a police statement in the QoS class.
  • The priority and police commands must be applied on a single class.

The following is a sample supported configuration:

Router# show policy-map
Policy Map PHB
Class cos1
police cir 200000 bc 8000
conform-action transmit
exceed-action drop
priority
Class cos2
bandwidth 100
bandwidth remaining percent 40
Class cos3
bandwidth 200

bandwidth remaining percent 50

  • Release 3.7(1) introduces support for QoS features on egress policing on MLPPP interfaces using the police command. Egress MLPPP interfaces support a single-rate policer with two color marker (1R2C) (color-blind mode) at the LLQ level.

Shaping

The following sections describe shaping support on the Cisco ASR 903 Series Router.

Shaping Overview

Traffic shaping allows you to control the speed of traffic that is leaving an interface in order to match the flow of traffic to the speed of the receiving interface. Percentage-based policing allows you to configure traffic shaping based on a percentage of the available bandwidth of an interface.Configuring traffic shaping in this manner enables you to use the same policy map for multiple interfaces with differing amounts of bandwidth.

Ingress Shaping Limitations

Shaping is not supported on ingress interfaces.

Egress Shaping Limitations

Egress shaping is supported only on EFP interfaces.

Egress Shaping on EFP Interfaces

Release 3.6(1) introduces support for egress port shaping on EFP interfaces. Configuring an EFP port shaper allows you to shape all EFPs on a port using a port policy with a class-default shaper configuration, as in the following partial sample configuration:

policy-map port-policy
class class-default
shape average percent 50
policy-map efp-policy
class class-default
shape average percent 25
service-policy child-policy
policy-map child-policy
class phb-class
<class-map actions>
 

The following configuration guidelines apply when configuring an EFP port shaping policy:

  • When the configuration specifies a shaper rate using a percentage, the router calculates the value based on the operational speed of a port. The operational speed of a port can be the line rate of the port or the speed specified by the speed command.
  • The rates for bandwidth percent and police percent commands configured under a port-shaper are based on the absolute rate of the port-shaper policy.
  • You can combine a port shaper policy (a flat shaper policy with no user-defined classes) with an egress EFP QoS shaping policy.
  • Configure the port shaper policy before configuring other egress QoS policies on EFP interfaces; when removing EFP QoS configurations, remove other egress EFP QoS policies before removing the port shaper policy.

Congestion Management

The following sections describe congestion management (queuing) features on the Cisco ASR 903 Series Router:

Congestion Management Overview

The Cisco ASR 903 Series Router supports tail drop queuing for congestion management, which allows you to control congestion by determining the order in which packets are sent based on assigned priority.

Ingress Queuing Limitations

The Cisco ASR 903 Series Router does not support queuing on ingress interfaces.

Egress Queuing Limitations

The Cisco ASR 903 Series Router supports tail drop queuing on egress interfaces using the queue-limit command. The following limitations apply to egress queuing:

  • If you configure a queue size that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.

Support for Queuing Features on MLPPP Interfaces

Release 3.7(1) introduces support for QoS features on egress MLPPP interfaces. The following queuing features are supported on egress MLPPP interfaces:

  • Tail drop queuing using the queue-limit command

MLPPP egress queuing is supported only on the 3rd level classes (bottom-most).

Support for Low Latency Queuing on Multiple EFPs

IOS XE 3.6 Release for the Cisco ASR 903 router introduces support for QoS policies that allow for low-latency queuing (LLQ) across multiple EFPs. For more information about this feature, see http://www.cisco.com/en/US/docs/ios-xml/ios/qos_plcshp/configuration/xe-3s/qos-plcshp-ehqos-pshape.html.

Congestion Avoidance

The Cisco ASR 903 Series Router supports Weighted Random Early Detection (WRED) for congestion avoidance. The following sections describe how to configure WRED:

Congestion Avoidance Overview

Random Early Detection (RED) is a congestion avoidance mechanism that takes advantage of the congestion control mechanism of TCP. By randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its transmission rate. WRED drops packets selectively based on IP precedence. Edge routers assign IP precedences to packets as they enter the network. (WRED is useful on any output interface where you expect to have congestion. However, WRED is usually used in the core routers of a network, rather than at the edge.) WRED uses these precedences to determine how it treats different types of traffic.

For more information about understanding and configuring WRED, see the Congestion Avoidance Configuration Guide, Cisco IOS XE Release 3S .

Configuring Congestion Avoidance

The following sections describe the supported congestion avoidance features on the Cisco ASR 903 Series Router:

Supported Commands

The Cisco ASR 903 Series Router supports the following commands for WRED:

  • random-detect cos-based —Outer CoS
  • random-detect dscp-based — IPv4 DSCP
  • random-detect precedence-based — IPv4 Precedence bit

Supported Interfaces

WRED is supported at the PHB level but not on logical or physical interfaces. You can apply WRED policies on the following interface types:

  • Main Layer 3 interface
  • Port-channel Layer 3 member-links
  • Service instances
  • Trunk EFPs

Verifying the Configuration

You can use the show policy-map interface command to display the number of WRED drops and tail drops.

For more information about configuring congestion avoidance, see the following documents:

Ingress Congestion Avoidance Limitations

WRED is not supported on ingress interfaces.

Egress Congestion Avoidance Limitations

The following limitations apply when configuring congestion avoidance on the Cisco ASR 903 Series Router:

  • WRED is only supported on egress interfaces.
  • You must apply WRED within a policy map.
  • WRED is not supported in priority queues.
  • You can configure a maximum of 2 WRED curves per class.
  • You can configure WRED with either the shape or the fair-queue (CBWFQ) commands.
  • The default value for exponential-weighting-constant is 9.
  • The default value for mark-probability is 10.
  • You can specify the minimum-threshold and maximum-threshold in terms of bytes or microseconds. Setting threshold values in terms of packets is not supported.

Egress Congestion Avoidance on MLPPP Interfaces

Release 3.7(1) introduces support for the following egress congestion features on MLPPP interfaces:

  • RED queuing using the random-detect command
  • WRED queuing using the random-detect command. You can apply WRED to:

DSCP

Precedence

Qos-group

Discard-class

MLPPP egress queuing is supported only on the 3rd level classes (bottom-most).

  • Class-based Weighted Fair Queuing (CBWFQ) using the bandwidth and bandwidth percent commands. CBWFQ is supported on 2nd and 3rd level classes.
  • Class-based Shaping using the shape average and shape average percent commands. Class-based shaping is supported at all levels.
  • Class-based excess bandwidth scheduling using the bandwidth remaining percent and bandwidth remaining ratio commands. Class-based excess bandwidth scheduling is supported on 2nd and 3rd level QoS classes.

Scheduling

The following sections describe scheduling features on the Cisco ASR 903 Series Router:

Scheduling Overview

The Cisco ASR 903 Series Router supports scheduling on egress interfaces. Scheduling is not supported on ingress interfaces.

Ingress Scheduling Limitations

The Cisco ASR 903 Series Router does not support scheduling on ingress interfaces.

Egress Scheduling Limitations

  • If you configure a CIR, PIR, or EIR rate that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.
  • You can only configure one priority value on each parent class applied to a QoS class or logical interface.
  • You can only configure priority on one class in a QoS policy.
  • You can not configure priority value and a policer in the same class.

The following limitations apply when configuring a 3-level scheduling policy on an egress interface configured as an EFP:

  • Only two of the three levels can contain scheduling actions such as bandwidth , shape , or priority .
  • One of the levels containing scheduling actions must be the class (bottom) level.

Egress Scheduling on MLPPP Interfaces

Release 3.7(1) introduces support for QoS features on egress MLPPP interfaces including scheduling. The following scheduling features are supported:

  • Strict priority using the priority command; strict priority is supported on 2nd and 3rd level classes.
  • Multi-level priority using the priority level command. You can configure two priority levels; the feature is supported on 3rd level classes.