-
Broadband Access Aggregation and DSL Configuration Guide, Cisco IOS XE Release 3S
-
Preparing for Broadband Access Aggregation
-
Providing Protocol Support for Broadband Access Aggregation of PPPoE Sessions
-
PPP for IPv6
-
DHCP for IPv6 Broadband
-
Providing Protocol Support for Broadband Access Aggregation of PPP over ATM Sessions
-
Providing Connectivity Using ATM Routed Bridge Encapsulation over PVCs
-
PPPoE Circuit-Id Tag Processing
-
Configuring PPP over Ethernet Session Limit Support
-
PPPoE Session Limit Local Override
-
PPPoE QinQ Support
-
PPP-Max-Payload and IWF PPPoE Tag Support
-
PPPoE Session Limiting on Inner QinQ VLAN
-
PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement
-
Enabling PPPoE Relay Discovery and Service Selection Functionality
-
Configuring Cisco Subscriber Service Switch Policies
-
AAA Improvements for Broadband IPv6
-
Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
-
802.1P CoS Bit Set for PPP and PPPoE Control Frames
-
PPP over Ethernet Client
-
PPPoE Smart Server Selection
-
Monitoring PPPoE Sessions with SNMP
-
PPPoE on ATM
-
PPPoE on Ethernet
-
ADSL Support in IPv6
-
Broadband IPv6 Counter Support at LNS
-
PPP IP Unique Address and Prefix Detection
-
PPP IPv4 Address Conservation in Dual Stack Environments
-
Broadband High Availability Stateful Switchover
-
Broadband High Availability In-Service Software Upgrade
-
Controlling Subscriber Bandwidth
-
PPPoE Service Selection
-
Feedback
Contents
- Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- Finding Feature Information
- Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- How Routers Apply QoS Policy to Sessions
- How RADIUS Uses VSA 38 in User Profiles
- Commands Used to Define QoS Actions
- How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature
- Configuring a Per Session Queueing and Shaping Policy on the Router
- Verifying Per Session Queueing
- Configuration Examples for Per Session Queueing and Shaping Policies
- Configuring a Per Session Queueing and Shaping Policy on the Router Example
- Setting Up RADIUS for Per Session Queueing and Shaping Example
- Verifying Per Session Queueing and Shaping Policies Examples
- Additional References
- Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
The Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature enables you to shape PPP over Ethernet over VLAN sessions to a user-specified rate. The router shapes the sum of all of the traffic to the PPPoE session so that the subscriber’s connection to the digital subscriber line access multiplexer (DSLAM) does not become congested. Queueing-related functionality provides different levels of service to the various applications that execute over the PPPoE session.
A nested, two-level hierarchical service policy is used to configure session shaping directly on the router using the modular quality of service command-line interface (MQC). The RADIUS server applies the service policy to a particular PPPoE session by downloading a RADIUS attribute to the router. This attribute specifies the policy map name to apply to the session. RADIUS notifies the router to apply the specified policy to the session. Because the service policy contains queueing-related actions, the router sets up the appropriate class queues and creates a separate versatile traffic management and shaping (VTMS) system link dedicated to the PPPoE session.
- Finding Feature Information
- Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature
- Configuration Examples for Per Session Queueing and Shaping Policies
- Additional References
- Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
- Each PPPoE over VLAN session for which per session queueing and shaping is configured has its own set of queues and its own VTMS link. Therefore, these PPPoE sessions do not inherit policies unless you remove the service policy applied to the session or you do not configure a policy for the session.
- The router supports per session queueing and shaping on PPPoE terminated sessions and on an IEEE 802.1Q VLAN tagged subinterfaces for outbound traffic only.
- The router does not support per session queueing and shaping for PPPoE over VLAN sessions using RADIUS on inbound interfaces.
- The router does not support per session queueing and shaping for layer 2 access concentrator (LAC) sessions.
- The statistics related to quality of service (QoS) that are available using the show policy-map interface command are not available using RADIUS.
- The router does not support using a virtual template interface to apply a service policy to a session.
- You can apply per session queueing and shaping policies only as output service policies. The router supports input service policies on sessions for other existing features, but not for per session queueing and shaping for PPPoE over VLAN using RADIUS.
- The amount of bandwidth that each session receives of the entire port’s capacity is not typically proportionally fair share.
- The contribution of each class queue to the session’s total bandwidth might not degrade proportionally.
- The PRE2 does not support ATM overhead accounting for egress packets with Ethernet encapsulations. Therefore, the router does not consider ATM overhead calculations when determining that the shaping rate conforms to contracted subscriber rates.
- The router does not support the configuration of the policy map using RADIUS. You must use the MQC to configure the policy map on the router.
Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC.
- How Routers Apply QoS Policy to Sessions
- How RADIUS Uses VSA 38 in User Profiles
- Commands Used to Define QoS Actions
How Routers Apply QoS Policy to Sessions
The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:
- User Profile--The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.
- Service Profile--The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.
If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.
NoteAlthough the router also supports the RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
How RADIUS Uses VSA 38 in User Profiles
The RADIUS VSA 38 is used for downstream traffic going toward a subscriber. The service (policy map name) to which the user session belongs resides on the RADIUS server. The router downloads the name of the policy map from RADIUS using VSA 38 in the user profile and then applies the policy to the session.
To set up RADIUS for per session queueing and shaping for PPPoE over VLAN support, enter the following VSA in the user profile on the RADIUS server:
Cisco:Cisco-Policy-Down = <service policy name>The actual configuration of the policy map occurs on the router. The user profile on the RADIUS service contains an entry that identifies the policy map name applicable to the user. This policy map name is the service RADIUS downloads to the router using VSA 38.
NoteAlthough the router also supports RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the attributes described in the How Routers Apply QoS Policy to Sessions for QoS policy definitions.
Commands Used to Define QoS Actions
When you configure queueing and shaping for PPPoE over VLAN sessions, the child policy of a nested hierarchical service policy defines QoS actions using any of the following QoS commands:
- priority command--Assigns priority to a traffic class and gives preferential treatment to the class.
- bandwidth command--Enables class-based fair queueing and creates multiple class queues based on bandwidth.
- queue-limit command--Specifies the maximum number of packets that a particular class queue can hold.
- police command--Regulates traffic based on bits per second (bps), using the committed information rate (CIR) and the peak information rate, or on the basis of a percentage of bandwidth available on an interface.
- random-detect command--Drops packets based on a specified value to control congestion before a queue reaches its queue limit. The drop policy is based on IP precedence, differentiated services code point (DSCP), or the discard-class.
- set ip precedence command--Marks a packet with the IP precedence level you specify.
- set dscp command--Marks a packet with the DSCP you specify.
- set cos command--Sets the IEEE 802.1Q class of service bits in the user priority field.
The parent policy contains only the class-default class with the shape command configured. This command shapes traffic to the specified bit rate, according to a specific algorithm.
The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC. The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:
- User Profile--The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.
- Service Profile--The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.
If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.
NoteAlthough the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature
Configuring a Per Session Queueing and Shaping Policy on the Router
SUMMARY STEPSTo configure a per session queueing and shaping policy on the router for PPPoE over VLAN sessions using RADIUS, you must complete the following steps.
1. policy-map policy-map-name
2. class
3. bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account{{qinq| dot1q} {aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
4. exit
5. policy-map policy-map-name
6. class class-default
7. shape rate account {{{qinq| dot1q}{aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
8. service-policy policy-map-name
DETAILED STEPS
Command or Action Purpose
Step 1 policy-map policy-map-name
Example:Router(config)# policy-map policy-map-nameCreates or modifies the bottom-level child policy.
Step 2 class
Example:Router(config-pmap)# class class-map-nameAssigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
Step 3 bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account{{qinq| dot1q} {aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
Example:Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | user-defined offset [atm]}Enables class-based fair queueing.
- bandwidth-kbps specifies or modifies the minimum bandwidth allocated for a class belonging to a policy map. Valid values are from 8 to 2488320, which represents from 1 to 99 percent of the link bandwidth.
- percent percentage specifies or modifies the minimum percentage of the link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.
- remaining percent percentage specifies or modifies the minimum percentage of unused link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.
- account enables ATM overhead accounting. For more information, see the " ATM Overhead Accounting " section of the "Configuring Dynamic Subscriber Services" chapter of the Cisco 10000 Series Router Quality of Service Configuration Guide.
- qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.
- dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.
- aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.
- aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.
- subscriber-encapsulation specifies the encapsulation type at the subscriber line.
- user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.
- offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.
Note The router configures the offset size if you do not specify the offset option.
Step 4 exit
Example:Router(config-pmap-c)# exitExits policy-map class configuration mode.
Step 5 policy-map policy-map-name
Example:Router(config-pmap)# policy-map policy-map-nameCreates or modifies the parent policy.
Step 6 class class-default
Example:Router(config-pmap)# class class-defaultConfigures or modifies the parent class-default class.
Note You can configure only the class-default class in a parent policy. Do not configure any other traffic class.
Step 7 shape rate account {{{qinq| dot1q}{aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}
Example:Router(config-pmap-c)# shape rate account {qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | {user-defined offset [atm]}Shapes traffic to the indicated bit rate and enables ATM overhead accounting.
- rate is the bit-rate used to shape the traffic, expressed in kilobits per second.
- account enables ATM overhead accounting.
- qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.
- dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.
- aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented VBR services. You must specify either aal5 or aal3.
- aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.
- subscriber-encapsulation specifies the encapsulation type at the subscriber line.
- user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.
- offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.
Note The router configures the offset size if you do not specify the user-defined offset option.
Step 8 service-policy policy-map-name
Example:Router(config-pmap-c)# service-policy policy-map-nameApplies a bottom-level child policy to the top-level parent class-default class.
Verifying Per Session Queueing
To display the configuration of per session queueing and shaping policies for PPPoE over VLAN, enter any of the following commands in privileged EXEC mode:
Configuration Examples for Per Session Queueing and Shaping Policies
- Configuring a Per Session Queueing and Shaping Policy on the Router Example
- Setting Up RADIUS for Per Session Queueing and Shaping Example
- Verifying Per Session Queueing and Shaping Policies Examples
Configuring a Per Session Queueing and Shaping Policy on the Router Example
The following example shows
The example creates two traffic classes: Voice and Video. The router classifies traffic that matches IP precedence 5 as Voice traffic and traffic that matches IP precedence 3 as Video traffic. The Child policy map gives priority to Voice traffic and polices traffic at 2400 kbps. The Video class is allocated 80 percent of the remaining bandwidth and has ATM overhead accounting enabled. The Child policy is applied to the class-default class of the Parent policy map, which receives 20 percent of the remaining bandwidth and shapes traffic to 10,000 bps, and has ATM overhead accounting enabled.
Router(config)# class-map Voice Router(config-cmap)# match ip precedence 5 Router(config-cmap)# class-map Video Router(config-cmap)# match ip precedence 3 ! Router(config)# policy-map Child Router(config-pmap)# class Voice Router(config-pmap-c)# priority Router(config-pmap-c)# police 2400 9216 0 conform-action transmit exceed-action drop violate-action drop Router(config-pmap-c)# class video Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-dot1q-rbe Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# policy-map Parent Router(config-pmap)# class class-default Router(config-pmap-c)# shape 10000 account dot1q snap-dot1q-rbe Router(config-pmap-c)# service-policy ChildSetting Up RADIUS for Per Session Queueing and Shaping Example
The following are example configurations for the Merit RADIUS server and the associated Layer 2 network server (LNS). In the example, the Cisco-Policy-Down attribute indicates the name of the policy map to be downloaded, which in this example is rad-output-policy. The RADIUS dictionary file includes an entry for Cisco VSA 38.
example.com Password = "cisco123" Service-Type = Framed-User, Framed-Protocol = PPP, Cisco:Cisco-Policy-Down = rad-output-policyCisco.attr Cisco-Policy-Up 37 string (*, *)
Cisco.attr Cisco-Policy-Down 38 string (*, *)
Verifying Per Session Queueing and Shaping Policies Examples
This example shows sample output for the show policy-map interface command
Router# show policy-map interface virtual-access 1 ! ! Service-policy output: TEST Class-map: class-default (match-any) 100 packets, 1000 bytes 30 second offered rate 800 bps, drop rate 0 bps Match: any shape (average) cir 154400, bc 7720, be 7720 target shape rate 154400 overhead accounting: enabled bandwidth 30% (463 kbps) overhead accounting: disabled queue limit 64 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 100/1000This example shows sample output from the show policy-map session command and show policy-map session uid command, based on a nested hierarchical policy.
Router# show subscriber session Current Subscriber Information: Total sessions 1 Uniq ID Interface State Service Identifier Up-time 36 Vi2.1 authen Local Term peapen@cisco.com 00:01:36 Router# show policy-map parent Policy Map parent Class class-default Average Rate Traffic Shaping cir 10000000 (bps) service-policy child Router# show policy-map child Policy Map child Class voice priority police 8000 9216 0 conform-action transmit exceed-action drop violate-action drop Class video bandwidth remaining 80 (%) Router# show policy-map session uid 36 SSS session identifier 36 - SSS session identifier 36 - Service-policy output: parent Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 30 second rate 0 bps Queueing queue limit 250 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 shape (average) cir 10000000, bc 40000, be 40000 target shape rate 10000000 Service-policy : child queue stats for all priority classes: Queueing queue limit 16 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 Class-map: voice (match-all) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: ip precedence 5 Priority: Strict, burst bytes 1500, b/w exceed drops: 0 Police: 8000 bps, 9216 limit, 0 extended limit conformed 0 packets, 0 bytes; action: transmit exceeded 0 packets, 0 bytes; action: drop violated 0 packets, 0 bytes; action: drop Class-map: video (match-all) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: ip precedence 3 Queueing queue limit 250 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 bandwidth remaining 80% (7993 kbps) Class-map: class-default (match-any) 0 packets, 0 bytes 30 second offered rate 0 bps, drop rate 0 bps Match: any 0 packets, 0 bytes 30 second rate 0 bps queue limit 250 packets (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 2/136Additional References
The following sections provide references related to the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature.
MIBs
Technical Assistance
Description
Link
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 Feature Information for Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS Feature Name
Releases
Feature Information
Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS
Cisco IOS XE Release 2.1
This feature enables you to shape PPPoE over VLAN sessions to a user-specified rate. The Per Session Queueing and Shaping for PPPoE over VLAN Support Using RADIUS feature was introduced on the PRE2 to enable dynamic queueing and shaping policies on PPPoEoVLAN session.
This feature was integrated into Cisco IOS XE Release 2.1.
