Cisco IOS XR Modular Quality of Service Configuration Guide for the Cisco CRS-1 Router
Configuring Modular Quality of Service Congestion Management
Downloads: This chapterpdf (PDF - 661.0KB) The complete bookPDF (PDF - 3.31MB) | Feedback

Configuring Modular Quality of Service Congestion Management on Cisco IOS XR Software

Table Of Contents

Configuring Modular Quality of Service Congestion Management on Cisco IOS XR Software

Contents

Prerequisites for Configuring QoS Congestion Management on Cisco IOS XR Software

Information About Configuring QoS Congestion Management on Cisco IOS XR Software

Congestion Management Overview

Modified Deficit Round Robin

Low-Latency Queueing with Strict Priority Queueing

Qos-Group-Based Queuing

Traffic Shaping

Traffic Shaping for ATM on Layer 2 VPN

Traffic-Shaping Mechanism Regulates Traffic

Traffic Policing

Multiple Action Set

Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental Value Setting

Traffic Policing on Layer 2 ATM Interfaces

Regulation of Traffic with the Policing Mechanism

Traffic Shaping Versus Traffic Policing

How to Configure QoS Congestion Management on Cisco IOS XR Software

Configuring Guaranteed and Remaining Bandwidths

Restrictions

Configuring Low-Latency Queueing with Strict Priority Queueing

Restrictions

Configuring Traffic Shaping

Restrictions

Configuring Traffic Policing

Restrictions

Configuration Examples for Configuring QoS Congestion Management on Cisco IOS XR Software

Traffic Shaping for an Input Interface: Example

Traffic Policing for a Bundled Interface: Example

Traffic Policing for an IPSec Interface: Example

ATM QoS on Layer 2 VPN: Examples

Attaching a Service Policy to the Attachment Circuits (AC):

Configuring Policing Based on Service Type

Configuring Dual Queue Limit

Multiple Action Set: Example

Conditional Policer Markings in the Ingress Direction: Example

Unconditional Quality-of-Service Markings in the Ingress Direction: Examples

Conditional Policer Markings in the Egress Direction: Example

Unconditional Quality-of-Service Markings in the Egress Direction: Example

Where to Go Next

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance


Configuring Modular Quality of Service Congestion Management on Cisco IOS XR Software


Congestion management controls congestion after it has occurred on a network. Congestion can be managed on Cisco IOS XR software by using packet queueing methods, and by shaping the packet flow through use of traffic regulation mechanisms.

Packet queueing methods define packet scheduling or the order in which packets are dequeued to the interface for transmission on the physical wire. Furthermore, queueing methods support minimum bandwidth guarantees and low latencies based on the order and number of times that a queue is serviced.

The following types of queueing methods and traffic regulation mechanisms are supported on the Cisco IOS XR software:

Modified Deficit Round Robin (MDRR)

Low-latency queueing (LLQ) with strict priority queueing (PQ)

Traffic shaping

Traffic policing

This module provides the conceptual and configuration information for Quality of Service (QoS) packet queueing methods and traffic regulation mechanisms on Cisco IOS XR software.


Note For additional conceptual information about QoS in general and complete descriptions of the QoS commands listed in this module, see the "Related Documents" section of this module. To locate documentation for other commands that might appear in the course of executing a configuration task, search online in the Cisco IOS XR software master command index.


Feature History for Configuring Modular QoS Congestion Management on Cisco IOS XR Software

Release
Modification

Release 2.0

This feature was introduced on the Cisco CRS-1.

Release 3.0

No modification.

Release 3.2

No modification.

Release 3.3.0

The police command was changed to the police rate command and the syntax changed.

Release 3.4.0

The police rate command enters policy map police configuration mode to configure the conform, exceed and violate actions.

The following new commands were added: conform-action, exceed-action and violate-action.

The cos, qos-group, and transmit actions were added to the policer.

Release 3.5.0

No modification.

Release 3.6.0

Increased Class scale from 32 to 512 classes.

Unallocated remaining bandwidth is equally distributed among all the queueing classes that do not have remaining bandwidth configured explicitly.

For shape and police percentage parameters in child policy, reference is relative to the maximum rate of the parent.

For bandwidth percentage parameters in child policy, reference is relative to the minimum bandwidth of the parent class. If bandwidth is not configured in parent class, guaranteed service rate of parent class is used as reference.

Release 3.7.0

No modification.

Release 3.8.0

The multi-action set/policer was supported.

The set qos-group ingress policer marking was supported.

Release 3.9.0

No modification.


Contents

Prerequisites for Configuring QoS Congestion Management on Cisco IOS XR Software

Information About Configuring QoS Congestion Management on Cisco IOS XR Software

How to Configure QoS Congestion Management on Cisco IOS XR Software

Configuration Examples for Configuring QoS Congestion Management on Cisco IOS XR Software

Where to Go Next

Additional References

Prerequisites for Configuring QoS Congestion Management on Cisco IOS XR Software

The following prerequisites are required for configuring QoS congestion management on your network:

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

You must be familiar with Cisco IOS XR QoS configuration tasks and concepts.

Information About Configuring QoS Congestion Management on Cisco IOS XR Software

To implement QoS congestion management features in this document, you must understand the following concepts:

Congestion Management Overview

Modified Deficit Round Robin

Low-Latency Queueing with Strict Priority Queueing

Qos-Group-Based Queuing

Traffic Shaping

Traffic-Shaping Mechanism Regulates Traffic

Traffic Policing

Regulation of Traffic with the Policing Mechanism

Traffic Shaping Versus Traffic Policing

Congestion Management Overview

Congestion management features allow you to control congestion by determining the order in which a traffic flow (or packets) is sent out an interface based on priorities assigned to packets. Congestion management entails the creation of queues, assignment of packets to those queues based on the classification of the packet, and scheduling of the packets in a queue for transmission. The congestion management features in Cisco IOS XR software allow you to specify creation of a different number of queues, affording greater or lesser degree of differentiation of traffic, and to specify the order in which that traffic is sent.

During periods with light traffic flow, that is, when no congestion exists, packets are sent out the interface as soon as they arrive. During periods of transmit congestion at the outgoing interface, packets arrive faster than the interface can send them. If you use congestion management features, packets accumulating at an interface are queued until the interface is free to send them; they are then scheduled for transmission according to their assigned priority and the queueing method configured for the interface. The router determines the order of packet transmission by controlling which packets are placed in which queue and how queues are serviced with respect to each other.

In addition to queueing methods, QoS congestion management mechanisms, such as policers and shapers, are needed to ensure that a packet adheres to a contract and service. Both policing and shaping mechanisms use the traffic descriptor for a packet. See the Configuring Modular Quality of Service Congestion Management on Cisco IOS XR Software module for information about the traffic descriptor.

Policers and shapers usually identify traffic descriptor violations in an identical manner through the token bucket mechanism, but they differ in the way they respond to violations. A policer typically drops traffic flow; whereas, a shaper delays excess traffic flow using a buffer, or queueing mechanism, to hold the traffic for transmission at a later time.

Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make it easy for nodes inside the network to detect abnormal flows.

Modified Deficit Round Robin

MDRR is a class-based composite scheduling mechanism that allows for queueing of up to eight traffic classes. It operates in the same manner as class-based weighted fair queueing (CBWFQ) and allows definition of traffic classes based on customer match criteria (such as access lists); however, MDRR does not use the weighted fair queueing algorithm.

With MDRR configured in the queueing strategy, nonempty queues are served one after the other. Each time a queue is served, a fixed amount of data is dequeued. The algorithm then services the next queue. When a queue is served, MDDR keeps track of the number of bytes of data that were dequeued in excess of the configured value. In the next pass, when the queue is served again, less data is dequeued to compensate for the excess data that was served previously. As a result, the average amount of data dequeued per queue is close to the configured value. In addition, MDRR allows for a strict priority queue for delay-sensitive traffic.

Each queue within MDRR is defined by two variables:

Quantum value—Average number of bytes served in each round.

Deficit counter—Number of bytes a queue has sent in each round. The counter is initialized to the quantum value.

Packets in a queue are served as long as the deficit counter is greater than zero. Each packet served decreases the deficit counter by a value equal to its length in bytes. A queue can no longer be served after the deficit counter becomes zero or negative. In each new round, the deficit counter for each nonempty queue is incremented by its quantum value.


Note In general, the quantum size for a queue should not be smaller than the maximum transmission unit (MTU) of the interface to ensure that the scheduler always serves at least one packet from each nonempty queue.


The Cisco CRS-1 implements a slight variation of the MDRR scheduling mechanism called packet-by-packet MDRR (P2MDRR). Using P2MDRR, queues are scheduled after every packet is sent compared to MDRR in which queues are scheduled after a queue is emptied. All non-high-priority queues with minimum bandwidth guarantees use P2MDRR.

Low-Latency Queueing with Strict Priority Queueing

The LLQ feature brings strict priority queueing (PQ) to the MDRR scheduling mechanism. PQ in strict priority mode ensures that one type of traffic is sent, possibly at the expense of all others. For PQ, a low-priority queue can be detrimentally affected, and, in the worst case, never allowed to send its packets if a limited amount of bandwidth is available or the transmission rate of critical traffic is high.

Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are dequeued.

LLQ enables the use of a single, strict priority queue within MDRR at the class level, allowing you to direct traffic belonging to a class. To rank class traffic to the strict priority queue, you specify the named class within a policy map and then configure the priority command for the class. (Classes to which the priority command is applied are considered priority classes.) Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is enqueued to the same, single, strict priority queue.

Through use of the priority command, you can assign a strict PQ to any of the valid match criteria used to specify traffic. These methods of specifying traffic for a class include matching on access lists, protocols, IP precedence, and IP differentiated service code point (DSCP) values. Moreover, within an access list you can specify that traffic matches are allowed based on the DSCP value that is set using the first six bits of the IP type of service (ToS) byte in the IP header.

Qos-Group-Based Queuing

QoS-group based queuing is supported in the ingress and egress directions.

The local output queue selection for packets sent to the fabric on the ingress card is based on a fabric modular QoS CLI (MQC) policy. The match criteria for the policy is the MPLS Exp bits of the topmost label. For information fabric QoS, see the Configuring Fabric Quality of Service Policies and Classes on Cisco IOS XR Software module.

In the egress direction, the MQC policy attached to the Layer 2 ATM sub-interface is used to select and configure the segmentation and reassembly (SAR) queue. All the traffic, from different ATM virtual circuits (VCs), is directed to the default output queue in the buffer management ASIC (BMA). To differentiate between different classes of service, an MQC policy is attached to the main interface to select the output queues (including the low latency queuing (LLQ)) on the Layer 2 interfaces.

The QoS Group setting in the ingress direction is preserved across the fabric and can be used to choose the output queue in the egress direction. This functionality helps in achieving egress shaping based on the MPLS Exp values in the disposition router. Additionally, the discard class setting preserved across the fabric can be used to perform WRED on the output queues.

The MQC policy on the main interface co-exists with an MQC policy on the sub-interface, however, the two policies are independent of one another, which means the match criteria of one policy cannot be dependent on the set actions of another. This is applicable only to the virtual circuit (VC) and virtual path (VP) modes, since, the main interface is used for Layer 2 in the port mode.

The following MQC actions are supported on the egress MQC policy used to select the output queue:

MDRR using the bandwidth and bandwidth percent command

the shaping and shaping percent command

the priority command for LLQ selection

the random-detect command based on the discard class

the queue-limit command

policing (engine-based)

Traffic Shaping

Traffic shaping allows you to control the traffic flow exiting an interface to match its transmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it. Traffic adhering to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.

To match the rate of transmission of data from the source to the target interface, you can limit the transfer of data to one of the following:

A specific configured rate

A derived rate based on the level of congestion

The rate of transfer depends on these three components that constitute the token bucket: burst size, mean rate, and time (measurement) interval. The mean rate is equal to the burst size divided by the interval.

When traffic shaping is enabled, the bit rate of the interface does not exceed the mean rate over any integral multiple of the interval. In other words, during every interval, a maximum of burst size can be sent. Within the interval, however, the bit rate may be faster than the mean rate at any given time.

When the exceed burst size (Be) equals 0, the interface sends no more than the burst size every interval, achieving an average rate no higher than the mean rate. However, when the Be size is greater than 0, the interface can send as many as the conform burst size (Bc) plus Be bits in a burst, if in a previous time period the maximum amount was not sent. Whenever less than the burst size is sent during an interval, the remaining number of bits, up to the Be size, can be used to send more than the burst size in a later interval.

Traffic Shaping for ATM on Layer 2 VPN

The shape command under the PVC submode is applicable to the attachment circuits (AC) in the virtual circuit (VC) mode and the virtual path (VP) mode.


Note The default shape is UBR at line rate.


Traffic-Shaping Mechanism Regulates Traffic

When incoming packets arrive at an interface, the packets are classified using a classification technique, such as an access control list (ACL) or the setting of the IP Precedence bits through the Modular QoS CLI (MQC). If the packet matches the specified classification, the traffic-shaping mechanism continues. Otherwise, no further action is taken.

Figure 1 illustrates how a traffic shaping mechanism regulates traffic flow.

Figure 1 How a Traffic Shaping Mechanism Regulates Traffic

Packets matching the specified criteria are placed in the token bucket. The maximum size of the token bucket is the confirm burst (Bc) size plus the Be size. The token bucket is filled at a constant rate of Bc worth of tokens at every Tc. This is the configured traffic shaping rate.

If the traffic shaping mechanism is active (that is, packets exceeding the configured traffic shaping rate already exist in a transmission queue) at every Tc, the traffic shaper checks to see if the transmission queue contains enough packets to send (that is, up to either Bc [or Bc plus Be] worth of traffic).

If the traffic shaper is not active (that is, there are no packets exceeding the configured traffic shaping rate in the transmission queue), the traffic shaper checks the number of tokens in the token bucket. One of the following occurs:

If there are enough tokens in the token bucket, the packet is sent (transmitted).

If there are not enough tokens in the token bucket, the packet is placed in a shaping queue for transmission at a later time.

Traffic Policing

In general, traffic policing allows you to control the maximum rate of traffic sent or received on an interface, and to partition a network into multiple priority levels or class of service (CoS).

Traffic policing manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm can use the user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving (depending on where the traffic policy with traffic policing is configured) and is useful in managing network bandwidth in cases in which several large packets are sent in the same traffic stream.

Traffic entering the interface with traffic policing configured is placed into one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent, packets that exceed can be configured to be sent with a decreased priority, and packets that violate can be configured to be dropped.

Traffic policing is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common traffic policing configurations, traffic that conforms is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these configuration options to suit their network needs.


Note Configured values take into account the Layer 2 encapsulation applied to traffic. This applies to both ingress and egress policing. For POS/SDH transmission, the encapsulation is considered to be 4 bytes. For Ethernet, the encapsulation is 14 bytes; whereas for 802.1Q, the encapsulation is 18 bytes.


Traffic policing also provides a certain amount of bandwidth management by allowing you to set the burst size (Bc) for the committed information rate (CIR). When the peak information rate (PIR) is supported, a second token bucket is enforced and the traffic policer is then called a two-rate policer.


Note The two-rate policer and two-token bucket algorithm is supported in Cisco IOS XR software.


For Cisco IOS XR software, a single-rate, two-color policer is supported that provides one token bucket with two actions for each packet: a conform action and an exceed action.

Multiple Action Set

The Multiple Action Set feature allows you to mark packets with multiple action sets (conditional and unconditional) through a class map.

At least two set actions for each policer action can be configured by using the conform-action command, the exceed-action command, or the violate-action command within a class map for IP, MPLS, or Layer 2 data paths.


Note If partial multiple set actions are used, hierarchical policing is not supported.


Table 1 lists the conditional policer ingress markings for IP, MPLS, or Layer 2 data paths that are applicable.

Table 1 Conditional Policer Ingress Markings 

Layer 3 IP Packets
Layer 3 MPLS Packets
Layer 2 Packets

DSCP or precedence1

MPLS experimental imposition

MPLS experimental imposition

tunnel DSCP or tunnel precedence2

MPLS experimental topmost

discard-class

MPLS experimental imposition

discard-class

qos-group

discard-class

qos-group

qos-group

1 Both DSCP and precedence packets are mutually exclusive.

2 Both tunnel DSCP and tunnel packets markings are mutually exclusive.


Table 2 lists the conditional egress policer markings for IP, MPLS, or Layer 2 data paths that are applicable.

Table 2 Conditional Egress Policer Markings 

Layer 3 IP Packets
Layer 3 MPLS Packets
Layer 2 Packets

DSCP or precedence1

MPLS experimental topmost

cos or srp-priority2

cos or srp-priority2

cos or srp-priority2

discard-class

discard-class

discard-class

1 Both DSCP and precedence packets are mutually exclusive.

2 Both cos and srp-priority packets are mutually exclusive.

2
For an example of how to configure multiple action sets, see Multiple Action Set: Example.


Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental Value Setting

In addition to rate-limiting, traffic policing allows you to independently mark (or classify) the packet according to whether the packet conforms or violates a specified rate. Packet marking also allows you to partition your network into multiple priority levels or CoS. Packet marking as a policer action is conditional marking.

Use the traffic policer to set the IP precedence value, IP DSCP value, or Multiprotocol Label Switching (MPLS) experimental value for packets that enter the network. Then networking devices within your network can use this setting to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence value to determine the probability that a packet is dropped.

If you want to mark traffic but do not want to use traffic policing, see the "Class-based, Unconditional Packet Marking Examples" section to learn how to perform packet classification.


Note Marking IP fields on an MPLS-enabled interface results in non-operation on that particular interface.


Table 3 shows the supported conditional policer marking operations.

Table 3 CRS-1 Class-based Conditional Policer Marking Operations

marking operation
Layer 2 Ingress
Layer 2 Egress
Layer 3 Ingress
Layer 3 Egress
 
PAC
CAC
p-C 1
PAC
CAC
p-C
Phy 2
SIf 3
P-SIf 4
Phy
SIf
P-SIf

prec

N

N

N

N

N

N

Y

Y

Y

Y

Y

Y

prec tunnel

N

N

N

N

N

N

Y

Y

Y

N

N

N

DSCP

N

N

N

N

N

N

Y

Y

Y

Y

Y

Y

DSCP tunnel

N

N

N

N

N

N

Y

Y

Y

N

N

N

CoS

N

N

N

Y

Y

Y

N

N

N

Y

Y

Y

discard-class

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

Y

EXP, imposition

Y

Y

Y

N

N

N

Y

Y

Y

N

N

N

EXP, topmost

N

N

N

N

N

N

Y

Y

Y

Y

Y

Y

srp-priority

N

N

N

Y

Y

Y

N

N

N

Y

Y

Y

qos-group

Y

Y

Y

N

N

N

Y

Y

Y

N

N

N

1 Physical interface with underlying CACs.

2 Physical interface.

3 Subinterface.

4 Physical interface with underlying subinterfaces.



Note For a list of supported unconditional marking operations, see the Configuring Modular Quality of Service Packet Classification on Cisco IOS XR Software module.


Traffic Policing on Layer 2 ATM Interfaces

Traffic policing is supported on the Layer 2 ATM interfaces in the ingress imposition path. The OAM cells are policed along with the user cells unless the QoS policy is explicitly configured to exclude the OAM cells from being policed.


Note Policing is supported for the virtual circuit (VC), and the virtual path (VP) modes. However, policing is not supported for the port mode on the Layer 2 ATM interfaces.


Different match criteria can be used in the policy map with class-default matching all the traffic including the OAM cells.

Policing is performed on the ATM Adaptation Layer type 0 (AAL0) cells but translates to ATM Adaptation Layer type 5 (AAL5) packets as described below:

AAL5 packet conforms, if all the cells in the packet conform to peak cell rate (PCR) and sustainable cell rate (SCR) buckets.

AAL5 packet exceeds, if at least one cell does not conform to the SCR bucket.

AAL5 packet violates, if at least one cell does not conform to the PCR bucket.

The following policer options are supported:

Rate in cells per second, and percent

Peak rate in cells per second, and percent

Delay tolerance in microseconds

Maximum burst size in cells

The following policer actions are supported on the Layer 2 ATM interfaces in the ingress direction:

transmit

drop

set mpls exp imposition <exp> (AToM only)

set qos-group <qos-group> (AToM and local switching)

set discard-class <discard-class> (AToM and local switching)

set atm-clp (Exceed action only, AToM and local switching)

drop (Violate action)

Multiple policing action is supported on the Layer 2 ATM interfaces using the following combination:

set mpls exp imposition and set atm-clp.

Regulation of Traffic with the Policing Mechanism

Figure 2 illustrates how a single-rate token bucket policer marks packets as either conforming or exceeding a CIR.

Figure 2 How a Traffic Policing Mechanism Regulates Traffic

The time interval between token updates (Tc) to the token bucket is updated at the CIR value each time a packet arrives at the traffic policer. The Tc token bucket can contain up to the Bc value. If a packet of size B is greater than the Tc token bucket, then the packet exceeds the CIR value and a configured action is performed. If a packet of size B is less than the Tc token bucket, then the packet conforms and a different configured action is performed.

Traffic Shaping Versus Traffic Policing

Although traffic shaping and traffic policing can be implemented together on the same network, there are distinct differences between them, as shown in Table 4.

Table 4 Differences Between Traffic Shaping and Traffic Policing

 
Traffic Shaping
Traffic Policing

Triggering Event

Occurs automatically at regular intervals (Tc).

or

Occurs whenever a packet arrives at an interface.

Occurs whenever a packet arrives at an interface.

What it Does

Classifies packets.

If a packet does not meet match criteria, no further action is taken.

Packets meeting match criteria are sent (if there are enough tokens in the token bucket)

or

Packets are placed in a queue for transmission later.

If the number of packets in the queue exceed the queue limit, the packets are dropped.

Classifies packets.

If packet does not meet match criteria, no further action is taken.

Packets meeting match criteria and conforming to or exceeding a specified rate, receive the configured policing action (for example, drop, send, mark, then send).

Packets are not placed in a queue for transmission later.


How to Configure QoS Congestion Management on Cisco IOS XR Software

This section contains instructions for the following tasks:

Configuring Guaranteed and Remaining Bandwidths (required)

Configuring Low-Latency Queueing with Strict Priority Queueing (required)

Configuring Traffic Shaping (required)

Configuring Traffic Policing (required)

Configuring Guaranteed and Remaining Bandwidths

The bandwidth command allows you to specify the minimum guaranteed bandwidth to be allocated for a specific class of traffic. MDRR is implemented as the scheduling algorithm.

The bandwidth remaining command specifies a weight for the class to the MDRR. The MDRR algorithm derives the weight for each class from the bandwidth remaining value allocated to the class. If you do not configure the bandwidth remaining command for any class, the leftover bandwidth is allocated equally to all classes for which bandwidth remaining is not explicitly specified.

Guaranteed Service rate of a queue is defined as the bandwidth the queue receives when all the queues are congested. It is defined as:

Guaranteed Service Rate = minimum bandwidth + excess share of the queue

Restrictions

The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.

A policy map can have all class bandwidths specified in kilobits per second or percentages but not a mixture of both in the same class.

The bandwidth command is supported only on policies configured on outgoing interfaces.


Note In the ingress direction, bandwidth calculations do not include Layer 2 overhead because Layer 2 headers are stripped off when a packet is received. In other instances, the bandwidth calculations include the Layer 2 encapsulation. In the case of PoS/SDH, the encapsulation is 4 bytes; for Ethernet, the encapsulation is 14 bytes; and for Dot1Q, the encapsulation is 18 bytes.


SUMMARY STEPS

1. configure

2. policy-map policy-name

3. class class-name

4. bandwidth {rate [units] | percent value}

5. bandwidth remaining percent value

6. exit

7. class class-name

8. bandwidth {rate [units] | percent percent-value}

9. bandwidth remaining percent value

10. exit

11. exit

12. interface type interface-path-id

13. service-policy {input | output} policy-map

14. end
or
commit

15. show policy-map interface type interface-path-id [input | output]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

policy-map policy-name

Example:

RP/0/RP0/CPU0:router(config)# policy-map policy1

Enters policy map configuration mode.

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

Step 3 

class class-name

Example:

RP/0/RP0/CPU0:router(config-pmap)# class class1

Specifies the name of the class whose policy you want to create or change.

Step 4 

bandwidth {rate [units]| percent value}

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# bandwidth percent 50

Enters policy map class configuration mode.

Specifies the bandwidth allocated for a class belonging to a policy map.

In this example, class class1 is guaranteed 50 percent of the interface bandwidth.

Step 5 

bandwidth remaining percent value

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 20

Specifies how to allocate leftover bandwidth to various classes.

The remaining bandwidth of 40 percent is shared by class class1 and class2 (see Steps 8 and 9) in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent.

Step 6 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# exit

Returns the router to policy map configuration mode.

Step 7 

class class-name

Example:

RP/0/RP0/CPU0:router(config-pmap)# class class2

Specifies the name of a different class whose policy you want to create or change.

Step 8 

bandwidth {rate [units] | percent value}

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# bandwidth percent 10

Specifies the bandwidth allocated for a class belonging to a policy map.

In this example, class class2 is guaranteed 10 percent of the interface bandwidth.

Step 9 

bandwidth remaining percent value

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# bandwidth remaining percent 80

Specifies how to allocate leftover bandwidth to various classes.

The remaining bandwidth of 40 percent is shared by class class1 (see Steps 4 and 5) and class2 in a 20:80 ratio: class class1 receives 20 percent of the 40 percent, and class class2 receives 80 percent of the 40 percent.

Step 10 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# exit

Returns the router to policy map configuration mode.

Step 11 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap)# exit

Returns the router to global configuration mode.

Step 12 

interface type interface-path-id

Example:

RP/0/RP0/CPU0:router(config)# interface POS 0/2/0/0

Enters interface configuration mode and configures an interface.

Step 13 

service-policy {input | output} policy-map

Example:

RP/0/RP0/CPU0:router(config-if)# service-policy output policy1

Attaches a policy map to an input or output interface to be used as the service policy for that interface.

In this example, the traffic policy evaluates all traffic leaving that interface.

Step 14 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-if)# end

or

RP/0/RP0/CPU0:router(config-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 15 

show policy-map interface type interface-path-id [input | output]

Example:

RP/0/RP0/CPU0:router# show policy-map interface POS 0/2/0/0

(Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

Configuring Low-Latency Queueing with Strict Priority Queueing

The priority command configures low-latency queueing (LLQ), providing strict priority queueing (PQ). Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are dequeued. When a class is marked as high priority using the priority command, we recommend that you configure a policer to limit the priority traffic. This configuration ensures that the priority traffic does not starve all of the other traffic on the line card, which protects low priority traffic from starvation. Use the police command to explicitly configure the policer.

Restrictions

Within a policy map, you can give one or more classes priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is queued to the same single priority queue.

The bandwidth, priority, and shape average commands should not be configured together in the same class.

SUMMARY STEPS

1. configure

2. policy-map policy-name

3. class class-name

4. police rate {rate [units] | percent percentage}} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units] | percent percentage]

5. exceed-action action

6. priority

7. exit

8. exit

9. interface type interface-path-id

10. service-policy {input | output} policy-map

11. end
or
commit

12. show policy-map interface type interface-path-id [input | output]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

policy-map policy-name

Example:

RP/0/RP0/CPU0:router(config)# policy-map voice

Enters policy map configuration mode.

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

Step 3 

class class-name

Example:

RP/0/RP0/CPU0:router(config-pmap)# class voice

Enters policy map class configuration mode.

Specifies the name of the class whose policy you want to create or change.

Step 4 

police rate {rate [units] | percent percentage}} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units]] | percent percentage]

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# police rate 250

Configures traffic policing and enters policy map police configuration mode.

In this example, the low-latency queue is restricted to 250 kbps to protect low-priority traffic from starvation and to release bandwidth.

Step 5 

exceed-action action

Example:

RP/0/RP0/CPU0:router(config-pmap-c-police)# exceed-action drop

Configures the action to take on packets that exceed the rate limit.

Step 6 

priority

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# priority

Specifies priority to a class of traffic belonging to a policy map.

Step 7 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# exit

Returns the router to policy map configuration mode.

Step 8 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap)# exit

Returns the router to global configuration mode.

Step 9 

interface type interface-path-id

Example:

RP/0/RP0/CPU0:router(config)# interface POS 0/2/0/0

Enters interface configuration mode, and configures an interface.

Step 10 

service-policy {input | output} policy-map

Example:

RP/0/RP0/CPU0:router(config-if)# service-policy output policy1

Attaches a policy map to an input or output interface to be used as the service policy for that interface.

In this example, the traffic policy evaluates all traffic leaving that interface.

Step 11 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-if)# end

or

RP/0/RP0/CPU0:router(config-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 12 

show policy-map interface type interface-path-id [input | output]

Example:

RP/0/RP0/CPU0:router# show policy-map interface POS 0/2/0/0

(Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

Configuring Traffic Shaping

Traffic shaping allows you to control the traffic exiting an interface to match its transmission to the speed of the remote target interface and ensure that the traffic conforms to policies contracted for it.

Shaping performed on outgoing interfaces is done at the Layer 2 level and includes the Layer 2 header in the rate calculation.

Shaping performed on incoming interfaces is done at the Layer 3 level and does not include the Layer 2 header in the rate calculation.

Restrictions

The bandwidth, priority, and shape average commands should not be configured together in the same class.

SUMMARY STEPS

1. configure

2. policy-map policy-name

3. class class-name

4. shape average {percent value | rate [units]}

5. exit

6. exit

7. interface type interface-path-id

8. service-policy {input | output} policy-map

9. end
or
commit

10. show policy-map interface type interface-path-id [input | output]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

policy-map policy-name

Example:

RP/0/RP0/CPU0:router(config)# policy-map policy1

Enters policy map configuration mode.

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

Step 3 

class class-name

Example:

RP/0/RP0/CPU0:router(config-pmap)# class class1

Enters policy map class configuration mode.

Specifies the name of the class whose policy you want to create or change.

Step 4 

shape average {percent value | rate [units]} 
Example:

RP/0/RP0/CPU0:router(config-pmap-c)# shape average percent 50

Shapes traffic to the indicated bit rate according to average rate shaping in the specified units or as a percentage of the bandwidth.

Step 5 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# exit

Returns the router to policy map configuration mode.

Step 6 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap)# exit

Returns the router to global configuration mode.

Step 7 

interface type interface-path-id

Example:

RP/0/RP0/CPU0:router(config)# interface POS 0/2/0/0

Enters interface configuration mode and configures an interface.

Step 8 

service-policy {input | output} policy-map

Example:

RP/0/RP0/CPU0:router(config-if)# service-policy output policy1

Attaches a policy map to an input or output interface to be used as the service policy for that interface.

In this example, the traffic policy evaluates all traffic leaving that interface.

Step 9 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-if)# end

or

RP/0/RP0/CPU0:router(config-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 10 

show policy-map interface type interface-path-id [input | output]

Example:

RP/0/RP0/CPU0:router# show policy-map interface POS 0/2/0/0

(Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

Configuring Traffic Policing

Traffic policing allows you to control the maximum rate of traffic sent or received on an interface.

Restrictions

set cos is not allowed as an ingress policer action.

SUMMARY STEPS

1. configure

2. policy-map policy-name

3. class class-name

4. police rate {rate [units] | percent percentage}} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units] | percent percentage]

5. conform-action action

6. exceed-action action

7. exit

8. exit

9. exit

10. interface type interface-path-id

11. service-policy {input | output} policy-map

12. end
or
commit

13. show policy-map interface type interface-path-id [input | output]


Note The multi-action set/policer feature allows you to configure multiple conform and exceed actions. Hence, you can repeat the conform-action and exceed-action commands multiple times in your configuration.


DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

policy-map policy-name

Example:

RP/0/RP0/CPU0:router(config)# policy-map policy1

Enters policy map configuration mode.

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

Step 3 

class class-name

Example:

RP/0/RP0/CPU0:router(config-pmap)# class class1

Enters policy map class configuration mode.

Specifies the name of the class whose policy you want to create or change.

Step 4 

police rate {rate [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst [burst-units]] [peak-rate value [units] | percent percentage]

Example:

RP/0/RP0/CPU0:router(config-pmap-c)# police rate 250000

Configures traffic policing and enters policy map police configuration mode. The traffic policing feature works with a token bucket algorithm.

Step 5 

conform-action action

Example:

RP/0/RP0/CPU0:router(config-pmap-c-police)# conform-action set mpls experimental topmost 3

Configures the action to take on packets that conform to the rate limit. The action argument is specified by one of the following keywords:

drop—Drops the packet.

set—Has the following keywords and arguments:

atm-clp value—Sets the cell loss priority (CLP) bit.

cos value—Sets the class of service value. Range is 0 to 7.

discard-class value—Sets the discard class on IP Version 4 (IPv4) or Multiprotocol Label Switching (MPLS) packets. Range is 0 to 7.

dscp [tunnel] value—Sets the differentiated services code point (DSCP) value and sends the packet.

mpls experimental {topmost | imposition} value—Sets the experimental (EXP) value of the Multiprotocol Label Switching (MPLS) packet topmost label or imposed label. Range is 0 to 7.

precedence [tunnel] precedence—Sets the IP precedence and sends the packet.

transmit—Transmits the packets.

Step 6 

exceed-action action

Example:

RP/0/RP0/CPU0:router(config-pmap-c-police)# exceed-action set mpls experimental topmost 4

Configures the action to take on packets that exceed the rate limit. The action argument is specified by one of the keywords specified in Step 5.

Step 7 

exit

Example:
RP/0/RP0/CPU0:router(config-pmap-c-police)# 
exit

Returns the router to policy map class configuration mode.

Step 8 

exit

Example:
RP/0/RP0/CPU0:router(config-pmap-c)# exit

Returns the router to policy map configuration mode.

Step 9 

exit

Example:

RP/0/RP0/CPU0:router(config-pmap)# exit

Returns the router to global configuration mode.

Step 10 

interface type interface-path-id

Example:

RP/0/RP0/CPU0:router(config)# interface pos 0/5/0/0

Enters configuration mode and configures an interface.

Step 11 

service-policy {input | output} policy-map

Example:

RP/0/RP0/CPU0:router(config-if)# service-policy output policy1

Attaches a policy map to an input or output interface to be used as the service policy for that interface.

In this example, the traffic policy evaluates all traffic leaving that interface.

Step 12 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-if)# end

or

RP/0/RP0/CPU0:router(config-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 13 

show policy-map interface type interface-path-id [input | output]

Example:

RP/0/RP0/CPU0:router# show policy-map interface POS 0/2/0/0

(Optional) Displays policy configuration information for all classes configured for all service policies on the specified interface.

Configuration Examples for Configuring QoS Congestion Management on Cisco IOS XR Software

This section provides the following configuration examples:

Traffic Shaping for an Input Interface: Example

Traffic Policing for a Bundled Interface: Example

Traffic Policing for an IPSec Interface: Example

ATM QoS on Layer 2 VPN: Examples

Multiple Action Set: Example

Traffic Shaping for an Input Interface: Example

The following example shows how to configure a policy map on an input interface:

policy-map p2
 class voip
 shape average percent 20

!
interface bundle-pos 1
 service-policy input p2
 commit
RP/0/RP0/CPU0:Jun 8 16:55:11.819 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : Configuration 
committed by user 'cisco'. Use 'show configuration commit changes 1000006140' to view the 
changes. 

The following example shows the display output for the previous policy map configuration:


RP/0/RP0/CPU0:router# show policy-map interface bundle-pos 1 input 

Bundle-POS1 input: p2
  Class voip
    Classification statistics                      (packets/bytes)      (rate - kbps)
            Matched                              : 0/0      0
            Transmitted                          : 0/0      0
            Total Dropped                        : 0/0      0
    Queueing statistics
            Vital           (packets)            : 0
    Queueing statistics
            Queue ID                             : 38
            High watermark  (packets)            : 0
            Inst-queue-len  (bytes)              : 0
            Avg-queue-len   (bytes)              : 0
            TailDrop Threshold(bytes)            : 47923200
            Taildropped(packets/bytes)           : 0/0
Class default
    Classification statistics                      (packets/bytes)      (rate - kbps)
            Matched                              : 0/0      0
            Transmitted                          : 0/0      0
            Total Dropped                        : 0/0      0
    Queueing statistics
            Vital           (packets)            : 0
    Queueing statistics
            Queue ID                             : 36
            High watermark  (packets)            : 0
            Inst-queue-len  (bytes)              : 0
            Avg-queue-len   (bytes)              : 0
            TailDrop Threshold(bytes)            : 239616000
            Taildropped(packets/bytes)           : 0/0
 
   

Traffic Policing for a Bundled Interface: Example

The following example shows how to configure a policy map for a bundled interface. Note that for bundled interfaces, policing can be configured only in percentage and not a specific rate per second:

policy-map p2
 class voip
 police rate 23425
!
interface bundle-pos 1
 service-policy input p2
 commit
RP/0/RP0/CPU0:Jun  8 16:51:36.623 : qos_ma[286]: %QOS-QOS_RC_QOSMGR-3-RC_BUNDLE_BW_NOPCT : 
Absolute bw specified for bundle interfaces, use percentage values instead 
RP/0/RP0/CPU0:Jun  8 16:51:36.624 : qos_ma[286]: %QOS-QOS-3-MSG_SEND_FAIL : Failed to send 
message to feature rc while adding class. Error code - Invalid argument 

% Failed to commit one or more configuration items during an atomic operation, no changes 
have been made. Please use 'show configuration failed' to view the errors
!

An error occurred after the attempted commit of an invalid configuration.

!
!
policy-map p2
 class voip
 police rate percent 20
 commit
RP/0/RP0/CPU0:Jun  8 16:51:51.679 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : 
Configuration committed by user 'cisco'.   Use 'show configuration commit changes 
1000006135' to view the changes. 
 exit
exit  
interface bundle-pos 1
 service-policy input p2
 commit
RP/0/RP0/CPU0:Jun  8 16:52:02.650 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : 
Configuration committed by user 'cisco'.   Use 'show configuration commit changes 
1000006136' to view the changes. 


The following example shows the display output for the successful policy map configuration in which policing was configured in percentage:


RP/0/RP0/CPU0:router# show policy-map interface bundle-pos 1

Bundle-POS1 input: p2
  Class voip
    Classification statistics                      (packets/bytes)      (rate - kbps)
            Matched                              : 0/0      0
    Policing statistics                            (packets/bytes)      (rate - kbps)
            Policed(conform)                     : 0/0   0
            Policed(exceed)                      : 0/0   0
            Policed(violate)                     : 0/0   0
            Policed and dropped                  : 0/0
  Class default
    Classification statistics                      (packets/bytes)      (rate - kbps)
            Matched                              : 0/0      0
            Transmitted                          : 0/0      0
            Total Dropped                        : 0/0      0
    Queueing statistics
            Vital           (packets)            : 0
    Queueing statistics
            Queue ID                             : 36
            High watermark  (packets)            : 0
            Inst-queue-len  (bytes)              : 0
            Avg-queue-len   (bytes)              : 0
            TailDrop Threshold(bytes)            : 239616000
            Taildropped(packets/bytes)           : 0/0

Traffic Policing for an IPSec Interface: Example

The following example shows how to configure traffic policing on an IPSec interface:

policy-map policy2
  class dscp4
    police rate 64000 conform transmit exceed drop
    priority
  class dscp1
    police rate 128000 conform transmit exceed drop

interface service-ipsec 2
   service-policy input pre-decrypt policy2

Refer to Implementing IPSec Network Security on Cisco IOS XR Software in the Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Routerfor more information on configuring IPSec.

ATM QoS on Layer 2 VPN: Examples

The following examples shows how to configure ATM QoS on Layer 2 VPNs:

Attaching a Service Policy to the Attachment Circuits (AC):

Configuring Policing Based on Service Type

Configuring Dual Queue Limit

Attaching a Service Policy to the Attachment Circuits (AC):

The service-policy command under the PVC sub-mode is applicable to the AC in the virtual circuit (VC) mode. This command is also available for the AC in the virtual path (VP) mode and under the main interface for port mode. For the port mode, the service policy is attached in the l2transport sub-mode consistent with the behavior for the VC and VP modes. In non-port mode, the service policy is attached to the main interface under the interface submode.

VC mode:

Router(config)#interface ATM0/1/0/0.2 l2transport
Router(config-subif)#pvc 10/2
Router(config-atm-vc)#service-policy output atm_policy_o

VP mode:

Router(config)#interface ATM0/1/0/0.3 l2transport
Router(config-subif)#pvp 30
Router(config-atm-vc)#service-policy input atm_policy_i

Port mode:

Router(config)#interface ATM0/1/0/0
Router(config-subif)# l2transport
Router(config-l2-transport)#service-policy input atm_policy_i

Main interface (non-port mode):

Router(config)#interface ATM0/1/0/0
    Router(config-subif)# service-policy output atm_policy_o

Configuring Policing Based on Service Type

The following example shows how to configure policing based on service type:

CBR or UBR:

CBR.1 (real-time traffic) and UBR (best effort, non-real time traffic) require the peak cell rate (PCR) and delay tolerance parameters to be specified for policing. The main difference between the configurations for UBR.1 and UBR.2 traffic is that for UBR.2 traffic, the exceed action includes the set-clp-transmit option to tag the non-conforming cells.

policy-map CBR1
    class class-default
          police rate <pcr> cellsps delay-tolerance <cdvt> us 
               conform-action <> 
               exceed-action <>

The police rate is expressed in percentage.

VBR.1

VBR.1 is real-time and non-real time traffic, and requires the peak cell rate (PCR), sustainable cell rate (SCR) and delay tolerance parameters to be specified for policing. In addition, the atm-mbs parameter can be specified to define the burst allowed on the SCR bucket.

policy-map VBR1
    class class-default
          police rate <scr> cellsps atm-mbs <mbs> cells peak-rate <pcr> cellsps 
delay-tolerance <cdvt> us 
               conform-action <> 
               exceed-action <>

The police rate is expressed in percentage.

VBR.2 or VBR.3

VBR.2 and VBR.3 are real-time and non-real time traffic, and require the peak cell rate (PCR), sustainable cell rate (SCR) and delay tolerance parameters to be specified for policing. In addition, the atm-mbs parameter can be specified to define the burst allowed on the SCR bucket.

The main difference between VBR.1 and VBR.2 or VBR.3 is that the SCR bucket is for CLP0 cells only. A hierarchical policy is defined to support this configuration:

policy-map child
    class atm_clp0
          police rate <scr> cellsps atm-mbs <mbs> cells 
               conform-action <> 
               exceed-action <>
policy-map VBR2
         class class-default
          police rate <pcr> cellsps delay-tolerance <cdvt> us 
               conform-action <> 
               exceed-action <>
             service-policy child

The police rates is expressed in percentage. The child policy can contain other set actions as well.

Exclude OAM cells

OAM cells can be excluded from being policed by configuring the classification criteria.

policy-map child
    class atm-oam
        set <>
    class class-default
          police rate <scr> cellsps atm-mbs <mbs> cells 
               conform-action <> 
               exceed-action <>

policy-map VBR2
    class class-default
          police rate <pcr> cellsps delay-tolerance <cdvt> us 
               conform-action <> 
               exceed-action <>
      service-policy child

Configuring Dual Queue Limit

Dual queue limit configuration is supported on the egress Layer 2 ATM interfaces to differentiate between CLP0 and CLP1 cells.

policy-map q-limit
    class class-default
        queue-limit atm clp <queue-size> {[ms|us|cells]}
        queue-limit <queue-size> {[ms|us|cells]

Multiple Action Set: Example

The following examples show how to configure multiple action sets for both conditional and unconditional markings in both the ingress and egress directions:

Conditional Policer Markings in the Ingress Direction: Example

Unconditional Quality-of-Service Markings in the Ingress Direction: Examples

Conditional Policer Markings in the Egress Direction: Example

Unconditional Quality-of-Service Markings in the Egress Direction: Example

Conditional Policer Markings in the Ingress Direction: Example

The following example shows how to configure conditional policer markings in the ingress direction:

configure
 policy-map p1
  class c1
   police rate percent 30 peak-rate percent 50 
    conform-action set precedence 2  
    conform-action set mpls experimental imposition 3  
    conform-action set mpls experimental topmost 4
    exceed-action set precedence 4  
    exceed-action set mpls experimental imposition 5   
    exceed-action set mpls experimental topmost 6
    violate-action set discard-class 3 
    violate-action set qos-group 4
  !
 !
  class class-default
 !
 end-policy-map
!
end

If policy map p1 is applied as an ingress policy, the following action sets are applied:

By using the conform-action command, IP packets are marked with the precedence value of 2 and the MPLS experimental value for the imposition label is set to 3; whereas, MPLS packets are marked with the MPLS experimental value for the imposition label that is set to 3 and the topmost label is set to 4.

By using the exceed-action command, IP packets are marked with the precedence value of 4 and the MPLS experimental value for the imposition label is set to 5; whereas, MPLS packets are marked with the MPLS experimental value for the imposition label that is set to 5 and the topmost label is set to 6.

By using the violate-action command, IP packets are marked with the discard class value of 3 and the QoS group value of 4; whereas, MPLS packets are marked with the discard class value of 3 and the QoS group value of 4.

Unconditional Quality-of-Service Markings in the Ingress Direction: Examples

These examples show how to configure unconditional QoS markings in the ingress direction.

Example One

configure
 policy-map p4
  class c1
   set discard-class 2
   set qos-group 4
   set precedence 5
   set mpls experimental imposition 3
   set mpls experimental topmost 4
   !
  class class-default
  !
 end-policy-map
!

If policy map p4 is applied as an ingress policy, the following sets are applied:

IP packets are marked with the precedence value of 5 by using the set precedence command. The MPLS experimental value for the imposition label is marked by using the set mpls experimental command.

MPLS packets are marked with MPLS experimental value of the imposition label is set to 3 and topmost label is set to 4 by using the set mpls experimental command.

For both IP and MPLS packets, the discard class value is set by using the set discard-class command. The QoS group is set by using the set qos-group command.

Example Two

configure
 policy-map p5
  class c1
   set discard-class 2
   set qos-group 4
   set precedence 5
   set dscp tunnel 3
   set mpls experimental topmost 4
   !
  class class-default
  !
 end-policy-map
!

If policy map p5 is applied as an ingress policy, the following sets are applied:

IP packets are marked with the precedence value by using the set precedence command. If the packets are sent out of MDT tunnel interface, they are marked with the DSCP value in the tunnel header by using the set dscp command.

MPLS packets are marked with the MPLS experimental value for the topmost label by using the set mpls experimental command.

Example Three

configure
 policy-map hp
  class prec123
   service-policy child
   set discard-class 4
   set qos-group 4
   set precedence 3
   set dscp tunnel 2
   !
  class class-default
  !
 end-policy-map
!

configure
 policy-map child
  class prec1
   set discard-class 3
   set qos-group 3
   set precedence 2
   set dscp tunnel 4
   !
  class class-default
  !
 end-policy-map
!

If policy map hp (hierarchical policy) is applied as an ingress policy, the following sets are applied:

IP packets with the precedence value set to 1 are marked with discard class value set to 3 by using the set discard-class command, qos-group value set to 3 by using the set qos-group command, and the precedence value set to 2 by using the set precedence command. If the packets are sent out of the MDT tunnel interface, they are marked with the DSVP value of 4 in the tunnel header by using the set dscp command.

IP packets with precedence values of 2 and 3 are marked with discard class value set to 4, qos-group value set to 4, precedence value set to 3, and the dscp tunnel set to 2.

Conditional Policer Markings in the Egress Direction: Example

The following example shows how to configure conditional policer markings in the egress direction:

configure
 policy-map p3
  class c1
  police rate percent 30 peak-rate percent 50 
   conform-action set precedence 2 
   conform-action set cos 3 
   conform-action set mpls experimental topmost 3 
   exceed-action set precedence 4 
   exceed-action set cos 4 
   exceed-action set mpls experimental topmost 4
   violate-action set discard-class 3 
   violate-action set cos 5 
   !
  !
 class class-default
 !
 end-policy-map
!

If policy map p3 is applied as an egress policy, the following action sets are applied:

By using the conform-action command, IP packets are marked with the precedence value of 2 and the CoS value of 3; whereas, MPLS packets are marked with the MPLS experimental value of the topmost label that is set to 3 and the CoS value of 3.

By using the exceed-action command, IP packets are marked with the precedence value of 4 and the CoS value of 4; whereas, MPLS packets are marked with the MPLS experimental value of the topmost label that is set to 4 and the CoS value of 4.

By using the violate-action command, IP packets are marked with the discard class value of 3 and the CoS value of 5; whereas, MPLS packets are marked with the discard class value of 3 and the CoS value of 5.

Unconditional Quality-of-Service Markings in the Egress Direction: Example

The following example shows how to configure the unconditional QoS markings in the egress direction:

configure
 policy-map p6
  class c1
   set cos 2
   set precedence 5
   set mpls experimental topmost 4
   !
  class class-default
  !
 end-policy-map
!

If policy map p6 is applied as an egress policy, the following sets are applied:

IP packets are marked with the CoS value of 2 from the set cos command and the precedence value of 5 from the set precedence command.

MPLS packets are marked with CoS and the MPLS experimental value for the topmost label.

Where to Go Next

To configure WRED and tail drop, see the "Configuring Modular QoS Congestion Avoidance on Cisco IOS XR Software" module.

To configure traffic classification techniques, see the "Configuring Modular Quality of Service Packet Classification on Cisco IOS XR Software" module.

To read Cisco IOS XR QoS overview information, see the "Modular Quality of Service Overview on Cisco IOS XR Software" module.

Additional References

The following sections provide references related to implementing QoS congestion management on Cisco IOS XR software.

Related Documents

Related Topic
Document Title

Cisco IOS XR getting started material

Cisco IOS XR Getting Started Guide

Information about user groups and task IDs

Configuring AAA Services on Cisco IOS XR Software module of Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router.

Cisco IOS XR QoS overview information

Modular Quality of Service Overview on Cisco IOS XR Software for the Cisco CRS-1 Router.

IPSec configuration information

IPSec Network Security on Cisco IOS XR Software chapter in Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router.


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport