Cisco ASR 903 Router Chassis Software Configuration Guide
Configuring Quality of Service
Downloads: This chapterpdf (PDF - 113.0KB) The complete bookPDF (PDF - 1.51MB) | Feedback

Table of Contents

Configuring Quality of Service

Understanding Quality of Service

Configuring Quality of Service

Global QoS Limitations

Restrictions for Hierarchical Policies

Classification

Classification Overview

Ingress Classification Limitations

Egress Classification Limitations

Classifying Traffic using an Access Control List

Marking

Marking Limitations

Ingress Marking Limitations

Egress Marking Limitations

Policing

Policing Overview

Ingress Policing Limitations

Egress Policing Limitations

Queuing

Queuing Overview

Ingress Queuing Limitations

Egress Queuing Limitations

Scheduling

Scheduling Overview

Ingress Scheduling Limitations

Egress Scheduling Limitations

Configuring Quality of Service

The following sections describe support for Quality of Service features on the Cisco ASR 903 Series Router.

Understanding Quality of Service

QoS refers to the ability of a network to provide improved service to selected network traffic over various underlying technologies including Frame Relay, ATM, Ethernet and 802.1 networks, SONET, and IP-routed networks. In particular, QoS features provide improved and more predictable network service by implementing the following services:

  • Supporting guaranteed bandwidth
  • Improving loss characteristics
  • Avoiding and managing network congestion
  • Shaping network traffic
  • Setting traffic priorities across the network

For more information about Quality of Service, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S .

Configuring Quality of Service

This document provides details on the platform-dependent implementation of QoS on the Cisco ASR 903 Series Router. For information about how to understand and configure QoS features, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S.

The following sections describe how to configure QoS on the Cisco ASR 903 Series Router:

Global QoS Limitations

The following limitations apply to multiple QoS features for the Cisco ASR 903 Series Router:

  • QoS policies are not supported on LAG bundle interfaces or port channel interfaces.
  • QoS policies are not supported on port-channel member links with Ethernet Flow Points (EFPs).
  • QoS policies are not supported on physical interfaces configured with an Ethernet Flow Point (EFP) except for Trunk EFP interfaces, which do support QoS policies.
  • The Cisco ASR 903 Series Router supports up to 64 unique QoS classification service instances in a given bridge domain. QoS service instances refer to ports, VLAN classes, EFPs associated with a QoS classification policy.
  • Modification of policy-map and class-map definitions while applied to an interface or Ethernet Flow Point is not supported.
  • The ASR 903 router does not support a shared child QoS policy applied to a VLAN. As a workaround, you can create an individual child policy for each VLAN class.
  • Policy validation—Some QoS policy configurations are not validated until you apply the policy-map to an interface or Ethernet Flow Point. If a QoS configuration is invalid, the router rejects the configuration when you apply it to an interface. In some cases, a QoS configuration may be rejected due to hardware resource exhaustion or limitations. If you receive such an error message, detach the policy and adjust your QoS configuration.
  • The match-all keyword is supported only for QinQ classification.
  • QoS is not supported on TDM interfaces.
  • The class-based QoS MIB is not supported.

Restrictions for Hierarchical Policies

The Cisco ASR-903 Router supports hierarchical QoS policies with up to three levels, allowing for a high degree of granularity in traffic management. There are limitations on the supported classification criteria at each level in the policy-map hierarchy. The following limitations apply when configuring hierarchical policy-map classification:

  • The topmost policy-map in a three-level hierarchy only supports classification using class-default.
  • Inner or outer VLAN classification must have a child policy that classifies based on cos (inner or outer), IP TOS byte, MPLS EXP, discard-class or qos-group.

Sample Hierarchical Policy Designs

The following are examples of supported policy-map configurations:

  • Three-Level Policy

Topmost policy: class-default

Middle policy: match vlan

Lowest policy: match ip precedence

  • Two-Level Policy

Topmost policy: match vlan

Lowest policy: match qos-group

  • Two-Level Policy

Topmost policy: class-default

Lowest policy: match vlan

  • Two-Level Policy

Topmost policy: class-default

Lowest policy: match mpls experimental topmost

  • Flat policy: match ip dscp
  • Flat policy: match vlan inner
  • Flat policy: class-default

Classification

The following sections describe classification features on the Cisco ASR 903 Series Router:

Classification Overview

Classifying network traffic allows you to organize packets into traffic classes or categories on the basis of whether the traffic matches specific criteria. Classifying network traffic (used in conjunction with marking network traffic) is the foundation for enabling many quality of service (QoS) features on your network.

The Cisco ASR 903 Series Router supports the following parameters with the match command in a QoS class-map.

match cos (match up to 4 values)

match cos inner

match discard-class

match ip dscp

match ip precedence

match mpls experimental topmost

match qos-group

match vlan

match vlan inner

Ingress Classification Limitations

The following limitations apply to QoS classification on the Cisco ASR 903 Series Router:

  • If you configure egress classification for a class of traffic affected by an input policy-map, you must use the same QoS criteria on the ingress and egress policy-maps.

Egress Classification Limitations

  • When applying a QoS policy to a link aggregation group (LAG) bundle, you must assign the policy to a physical link within the bundle; you cannot apply the policy to the LAG bundle or the port channel interface associated with the bundle.
  • MPLS Pipe Mode Limitations—When you configure pipe mode for Time to Live (TTL), the router enables pipe mode for QoS as well. When pipe mode is enabled, you cannot enable egress classification based on the header on an egress interface. For example, you cannot classify based on egress DSCP value for MPLS IP packets when the router is in pipe mode.
  • If you configure egress classification for a class of traffic affected by an input policy-map, you must use the same QoS criteria on the ingress and egress policy-maps.

Classifying Traffic using an Access Control List

You can classify inbound packet based on an IP standard or IP extended access control list (ACL). Complete these steps to classify traffic based on an ACL:

1. Create an access list using the access-list or ip access-list commands

2. Reference the ACL within a QoS class map using the match access-group configuration command

3. Attach the class map to a policy map

Limitations and Usage Guidelines

The following limitations and usage guidelines apply when classifying traffic using an ACL:

  • QoS ACLs are supported only for IPv4 traffic
  • QoS ACLs are supported only for ingress traffic
  • You can use QoS ACLs to classify traffic based on the following criteria:

Source and destination host

Source and destination subnet

TCP source and destination

UDP source and destination

  • Named and numbered ACLs are supported.
  • You can apply QoS ACLs only to the third level class (bottom-most).
  • The following rage of numbered access lists are supported:

1-99—IP standard access list

100-199—IP extended access list

1300-1999—IP standard access list (expanded range)

2000-2699—IP extended access list (expanded range)

  • You must create an ACL before referencing it within a QoS policy.
  • Deny statements within an ACL are ignored for the purposes of classification.
  • Classifying traffic based on TCP flags using an ACL is not supported.
  • Classifying traffic using multiple mutually exclusive ACLs within a match-all class-map is not supported.
  • Classifying traffic on a logical/physical level using an ACL is not supported.
  • Applying QoS ACLs to MAC addresses is not supported.
  • The neq keyword is not supported with the access-list permit and ip access-list extended commands.
  • This release does not support matching on multiple port numbers in a single ACE, as in the following command: permit tcp any eq 23 45 80 any
  • You can only configure 8 port matching operations on a given interface. A given command can consume multiple matching operations if you specify a source and destination port, as shown in the following examples:

permit tcp any lt 1000 any —Uses one port matching operation

permit tcp any lt 1000 any gt 2000 —Uses two port matching operations

permit tcp any range 1000 2000 any 400 500 —Uses two port matching operations

  • By default, the Cisco ASR 903 Series Router uses port matching resources for security ACLs; the default settings do not provide the memory required for port matching through QoS ACLs. To make resources available for QoS ACLs, set the ROMMON_QOS_ACL_PORTRANGE_OVERRIDE to 2; this setting configures the router to use the Ternary content-addressable memory (TCAM) expansion method memory for security ACL operations. Setting the ROMMON_QOS_ACL_PORTRANGE_OVERRIDE value to 1 allows security ACLs to use the same memory resources as QoS ACLs, which can disable or limit QoS ACL operations.

You can use the following commands to verify your configuration:

show platform hardware pp { active | standby } acl label labelindex— Displays information about security ACL labels; the number of available input VMRs reflects the number of available port range operations.

show romvar - Displays current rommon variable settings, including ROMMON_QOS_ACL_PORTRANGE_OVERRIDE.

For more information about configuring QoS, see the Quality of Service Solutions Configuration Guide Library, Cisco IOS XE Release 3S . For more information about configuring access control lists, see the Security Configuration Guide: Access Control Lists, Cisco IOS XE Release 3S.

Marking

The following sections describe marking features on the Cisco ASR 903 Series Router:

Marking Limitations

The only supports the following parameters with the set command:

  • set cos
  • set cos inner (ingress marking)
  • set discard-class
  • set ip dscp
  • set ip precedence
  • set mpls experimental topmost
  • set mpls experimental imposition (ingress marking)
  • set qos-group

CoS Marking Limitations

The following limitations apply when configuring CoS marking:

  • set cos—This set action has no effect unless there is a egress push action to add an additional header at egress. The COS value set by this action will be used in the newly added header as a result of the push rewrite. If there are no push rewrite on the packet, the new COS value will have no effect.
  • set cos inner—This command modifies the outermost 802.1q header of a packet. This set action will modify the outermost 802.1q header of the packet after any ingress rewrite operations. This action modifies the packet even if there is no push action on egress. Any push operation on egress will use the value applied by "set cos" or by default the COS value of the outermost 802.1q header when the packet arrived at the ingress interface.

Ingress Marking Limitations

The following limitations apply to QoS marking on the Cisco ASR 903 Series Router:

  • The Cisco ASR 903 Series Router does not support hierarchical marking.
  • You can configure marking and policing for any number of classes on any one of the three levels of the policy-map hierarchy. If you configure marking on one level, you can configure policing without marking (transmit, drop) on another level. Marking and policing are not supported on the same level of a policy-map.?

Egress Marking Limitations

IOS XE Release 3.5.2 introduces support for egress marking. The following limitations apply when configuring marking on egress interfaces:

  • The set cos inner command is not supported.
  • The set mpls experimental imposition command is not supported.
  • The set mpls eperimental topmost command is supported for marking MPLS Exp bits; other commands for marking MPLS Exp bits are not supported.

Policing

The following sections describe policing features on the Cisco ASR 903 Series Router:

Policing Overview

The Cisco ASR 903 Series Router supports the following policing types:

  • single-rate policer with two color marker (1R2C) (color-blind mode)
  • two-rate policer with three color marker (2R3C) (color-blind mode)

Supported Commands

The Cisco ASR 903 Series Router supports the following policing commands on ingress interfaces:

  • police (percent)— police cir percent percentage [ burst-in-msec ] [ bc conform-burst-in-msec ms ] [ be peak-burst-in-msec ms ] [ pir percent percentage ] [ conform-action action [ exceed-action action [ violate-action action ]]]
  • police (policy map)— police cir bps [[ bc ] normal-burst-bytes [ maximum-burst-bytes | [ be ] [ burst-bytes ]]] [ pir bps [ be burst-bytes ]] [ conform-action action [ exceed-action action [ violate-action action ]]]
  • police (two rates)— police cir cir [ bc conform-burst ] [ pir pir ] [ be peak-burst ] [ conform-action action [ exceed-action action [ violate-action action ]]]

Supported Actions

The Cisco ASR 903 Series Router supports the following policing actions on ingress interfaces:

transmit

drop

set-qos-transmit

set-cos-transmit

set-dscp-transmit

set-prec-transmit

set-discard-class-transmit

set-mpls-experimental-topmost-transmit

set-mpls-experimental-imposition-transmit

Hierarchical Policing

Hierarchical Policing is not supported.

Ingress Policing Limitations

The following limitations apply to QoS policing on the Cisco ASR 903 Series Router:

  • If you configure a policer rate or burst-size that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.
  • You can configure marking and policing for any number of classes on any one of the three levels of the policy-map hierarchy. If you configure marking on one level, you can configure policing without marking (transmit, drop) on another level.
  • If you configure marking using the set command, you can only configure policing on that level using the transmit and drop command.
  • If you configure a policer using a set command, you cannot use the set command at other levels of the hierarchical policy-map.

Egress Policing Limitations

The Cisco ASR 903 Series Router does not support policing on egress interfaces.

Queuing

The following sections describe queuing features on the Cisco ASR 903 Series Router:

Queuing Overview

The Cisco ASR 903 Series Router supports tail drop queuing for congestion management, which allows you to control congestion by determining the order in which packets are sent based on assigned priority.

Ingress Queuing Limitations

The Cisco ASR 903 Series Router does not support queuing on ingress interfaces.

Egress Queuing Limitations

The Cisco ASR 903 Series Router supports tail drop queuing on egress interfaces using the queue-limit command. The following limitations apply to egress queuing:

  • If you configure a queue size that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.

Scheduling

The following sections describe scheduling features on the Cisco ASR 903 Series Router:

Scheduling Overview

The Cisco ASR 903 Series Router supports scheduling on egress interfaces. Scheduling is not supported on ingress interfaces.

Ingress Scheduling Limitations

The Cisco ASR 903 Series Router does not support scheduling on ingress interfaces.

Egress Scheduling Limitations

  • If you configure a CIR, PIR, or EIR rate that the router cannot achieve within 1% accuracy, the configuration is rejected. The command output presents recommendations for the closest possible lower and higher configuration value.
  • You can only configure one priority value on each parent class applied to a QoS class or logical interface.
  • You can only configure priority on one class in a QoS policy.
  • You can not configure priority value and a policer in the same class.

The following limitations apply when configuring a 3-level scheduling policy on an egress interface configured as an EFP:

  • Only two of the three levels can contain scheduling actions such as bandwidth, shape, or priority.
  • One of the levels containing scheduling actions must be the class (bottom) level.