-
Cisco 10000 Series Router Quality of Service Configuration Guide
-
Cisco 10000 Series Router Quality of Service Configuration Guide
-
About This Guide
-
Quality of Service Overview
-
Classifying Traffic
-
Configuring QoS Policy Actions and Rules
-
Attaching Service Policies
-
Distributing Bandwidth Between Queues
-
Policing Traffic
-
Marking Traffic
-
Prioritizing Services
-
Shaping Traffic
-
Overhead Accounting
-
Managing Packet Queue Congestion
-
Sharing Bandwidth Fairly During Congestion
-
Simultaneous Policy Maps
-
Defining QoS for Multiple Policy Levels
-
Oversubscribing Physical and Virtual Links
-
Fragmenting and Interleaving Real-Time and Nonreal-Time Packets
-
Configuring Dynamic Subscriber Services
-
Regulating Subscriber Traffic
-
Configuring Quality of Service for PVC Bundles
-
Configuring Quality of Service for MPLS Traffic
-
VLAN Tag-Based Quality of Service
-
Hierarchical Scheduling and Queuing
-
Configuring Frame Relay QoS Using Frame Relay Legacy Commands
-
QoS Policy Propagation Through the Border Gateway Protocol
-
Glossary
-
Table Of Contents
Defining QoS for Multiple Policy Levels
Feature History for Hierarchical Policies
Benefits of Hierarchical Policies
Components Common to All Types of Hierarchical Policies
Types of Hierarchical Policies
Restrictions and Limitations for Nested Hierarchical Policies
Three-Level Hierarchical Policies
Restrictions and Limitations for Three-Level Hierarchical Policies
Hierarchical Input Policing Policies
Restrictions and Limitations for Hierarchical Input Policing Policies
Hierarchical Policies and Oversubscription
Applying Child Policies Under Priority Classes
Interfaces Supporting Hierarchical Policies
Guidelines for Configuring QoS for Multiple Queues
Configuring QoS for Multiple Queues
Creating Fair Queues at Two Levels of Hierarchy
Creating Fair Queues at Three Levels of Hierarchy
Configuring a Bottom-Level Child Policy of a Three-Level Hierarchy
Configuring a Middle-Level Child Policy of a Three-Level Hierarchy
Configuring the Top-Level Parent Policy of a Three-Level Hierarchy
Policing Inbound Traffic at Two Levels of Hierarchy
Attaching Hierarchical Policies to Physical and Virtual Links
Configuration Examples for Nested Hierarchical Policies
Configuration Examples for Three-Level Hierarchical Policies
Configuration Example for Hierarchical Input Policing
Configuring Bandwidth-Remaining Ratios on ATM Subinterfaces: Example
Configuring Bandwidth-Remaining Ratios on Class Queues: Example
Verifying the Configuration of Hierarchical Policies
Verification Examples for Hierarchical Policies
Defining QoS for Multiple Policy Levels
In releases prior to Cisco IOS Release 12.0(22)S, you can specify QoS behavior at only one level. For example, to shape two outbound queues of an interface, you must configure each queue separately, defining only class-specific actions. You can define a minimum bandwidth for two traffic classes, but you cannot define a combined maximum bandwidth for the two classes. As a result, you cannot configure fair queues on virtual circuits where the total throughput of the fair queues must be within the virtual circuit's committed rate.
To implement fair queues on virtual circuits and virtual LANs (VLANs), the Cisco 10000 series router supports QoS with hierarchical queuing. Within the hierarchical QoS framework, you can enable the router to prioritize and manage packets at three policy levels (physical, logical, and class levels), thereby providing a high degree of granularity in traffic management. Congestion control mechanisms such as weighted random early detection (WRED) and tail drop regulate network traffic and control congestion.
This chapter describes the various types of hierarchical policies and includes the following topics:
•
Components Common to All Types of Hierarchical Policies
•
•
•
•
•
•
•
Hierarchical Policies
A hierarchical policy is a QoS model that enables you to specify QoS behavior at multiple levels of hierarchy. The router supports three types of hierarchical policies: nested, three-level, and input policing policies. Depending on the type of hierarchical policy you configure, you can use hierarchical policies to:
•
•
•
•
Note
All hierarchical policy types consist of a top-level parent policy and one or more child policies. The service-policy command is used to apply a policy to another policy, and a policy to an interface, subinterface, virtual circuit (VC), or virtual LAN (VLAN). For example, in a three-level hierarchical policy, you use the service-policy command to apply a:
•
•
•
Note
When you use hierarchical policies, the router allocates the physical pipe into smaller pipes. Instead of creating a single versatile time management scheduler (VTMS) link for the physical interface, each parent policy map has a VTMS link. The router uses this QoS link to service the associated traffic independently of other traffic.
For releases prior to Cisco IOS Release 12.0(25)SX, the router uses 128 discrete values between 64 kbps and 1 Gbps as multiqueue shape rates. Therefore, the sum of the nested policy shape rates you specify for an interface must be 64 kbps less than the total bandwidth of the interface. For example, on a DS1 Frame Relay interface with a total bandwidth of 1536 kbps, the combined shape rate of the hierarchical policy must be 1472 kbps or less:
1536 kbps - 64 kbps = 1472 kbps
If you specify a non-supported rate, the router uses the next lower supported rate instead.
For Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, and later releases, the router allows interface oversubscription. For more information, see Chapter 15, "Oversubscribing Physical and Virtual Links."
Feature History for Hierarchical Policies
Benefits of Hierarchical Policies
Depending on the type of hierarchical QoS policy you configure, you can:
•
•
•
•
•
•
Components Common to All Types of Hierarchical Policies
All types of hierarchical policies use the following components to provide multiple levels of QoS behavior:
Child Policy
A child policy is a policy map in a hierarchical QoS policy that defines QoS behavior for individual streams of traffic. A child policy defines one or more classes of traffic and the actions you want the router to take on the traffic, just as non-hierarchical policy maps do. However, in a hierarchical policy, a child policy map is applied to a parent policy map and can be applied to another child policy, depending on the type of hierarchical policy it is (see the "Types of Hierarchical Policies" section).
The following describes the ways in which you can apply child policies for the various types of hierarchical policies:
•
•
•
When applying child policies to other child policies or to a parent policy, use the service-policy command and specify the name of the child policy you are applying as the policy-map-name. Do not specify the input or output keyword.
If you specify the bandwidth percent command or the police percent command in a child policy, the percentage you indicate is the percentage of the total shape rate and not the percentage of the interface bandwidth. The router uses the bandwidth of the nearest parent policy (configured using the shape or police command) command to calculate the bandwidth percentage for the child policy. The router always looks to the nearest parent for the bandwidth reference point.
The router executes the child policy and then the parent policy. However, if the child policy contains policing with a specified drop policy, the router polices and drops the appropriate traffic at the child level, but does not execute the parent policy on the dropped packets.
The router executes the child policy and then the parent policy. As the packets pass through the router's forwarding engine, the router applies the QoS actions specified in the child policy. After child processing completes, the packets are fed back through the forwarding engine and the router applies the parent policy actions to the aggregate traffic. The router executes the parent policy only on the packets that are fed back. If the router dropped some packets during child processing (the child policy contained a drop policy), the router does not execute the parent policy on those dropped packets.
Parent Policy
A parent policy contains only the class-default class; it can contain no other classes. The parent policy defines the shape rate (nested and three-level hierarchical policies) or the policing rate (hierarchical input policing policies) for the aggregate traffic on an interface with a service policy applied.
The parent policy class-default class can contain only the following commands. Do not configure any other commands in the class-default class. Configure the service-policy command last.
•
or
police command—(Hierarchical Input Policing Policies) Configures traffic policing for the aggregate traffic of all of the classes defined in the child policies. You must configure the police command when creating hierarchical input policing policies; do not configure the shape command.
•
Note
Table 13-1 summarizes the commands configured in the parent class-default class for the different types of hierarchical policies.
The router reserves the bandwidth you specify in the parent policy shape or police command for the exclusive use of the PVC or VLANs to which the policy is applicable. The router does not share unused bandwidth with other PVCs or VLANs. However, the actual shape rate the router applies to the child traffic classes might differ from the rate you specify in the parent policy. For example, the router might map a specified shape rate of 10.5 Mbps to 11 Mbps. Use the show policy-map interface command to determine the actual shape rate applied.
service-policy Command
For hierarchical policies, the service-policy command is used to attach:
•
•
•
When attaching child policies to child or parent policies, do not specify the output or input keyword when you enter the service-policy command. For example, enter the following command:
Router(config-if)# service-policy policy-map-nameWhen attaching parent policies to interfaces, subinterfaces, or virtual circuits, enter the service-policy command and specify the output or input keyword as described below:
•
•
Note
Types of Hierarchical Policies
The Cisco 10000 series router supports the following types of hierarchical policies:
Defines up to two levels of hierarchy. A nested policy can define a minimum bandwidth for each type of traffic on a virtual circuit and a maximum bandwidth for the virtual circuit's total traffic. However, a nested policy cannot actively police a subclass of each guaranteed class while placing a maximum transmission limit on the aggregate traffic.
•
Defines up to three levels of hierarchy. A three-level policy can define a minimum bandwidth for each traffic type on a virtual circuit, define a maximum bandwidth for the virtual circuit's total traffic, police a subclass of each guaranteed class, and place a maximum transmission limit on the aggregate traffic.
•
Defines up to two levels of hierarchy for inbound traffic only. A hierarchical input policing policy can define two levels of policing, one in the parent policy and one in the child policy. The top-level parent policy is typically used to police an interface, subinterface, ATM VC, Frame Relay DLCI, or 802.1Q VLAN, and is applied to all traffic.
Nested Hierarchical Policies
A nested hierarchical policy is a queuing model that defines a minimum bandwidth for multiple classes and specifies a combined maximum bandwidth for the classes. Using a nested hierarchical policy, you can shape two or more queues together into one logical QoS policy. In this way, you can associate multiple logical links with a physical interface and enable the router to service any group of queues independently of other queues. The router provides distinct dequeuing rates to the subsets of the queues on a physical link.
Figure 13-1 shows a sample queuing configuration on a T1 network interface that is running Frame Relay. The network interface has two PVCs (PVC1 and PVC2), each with a multiqueue shape rate of 768 kbps. Each PVC has two fair queues whose aggregate output is shaped at 768 kbps.
Figure 13-1 Nested Hierarchical Policy on Frame Relay
Nested policy maps specify QoS policies at the following two levels of hierarchy:
•
•
For releases prior to Cisco IOS Release 12.0(25)SX, the sum of the nested policy shape rates you specify can be no more than 64 kbps less than the physical interface bandwidth. For example, the sum of the nested policy shape rates for a DS1 Frame Relay interface must be no more than 1472 kbps, calculated as follows:
1536 kbps - 64 kbps = 1472 kbps
If you specify a non-supported rate, the router uses the next lower supported rate instead.
Note
For releases prior to Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, the router does not limit the number of nested policies you can configure on a physical network interface as long as the sum of the nested policy shape rates is 64 kbps less than the total bandwidth of the interface. In Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, and later releases, the router allows oversubscription. For more information, see Chapter 15, "Oversubscribing Physical and Virtual Links."
The router reserves the shape rate you specify in the parent policy for the child traffic classes. The router does not allocate unused (or excess) bandwidth to other traffic. For example, consider a nested policy with a shape rate of 64 kbps. If the nested policy traffic rate is 32 kbps, the router does not allocate the remaining 32 kbps to the other traffic on the network interface.
In some cases, the nested policy shape rate that the system uses might be lower than the shape rate you specify. Use the show policy-map interface command to verify the actual shape rate.
For Frame Relay PVCs, instead of using a nested policy map to specify the multiqueue shape rate, you can use the frame-relay traffic-shape command to specify a fair queue policy map.
Restrictions and Limitations for Nested Hierarchical Policies
Note
•
•
•
•
•
•
Three-Level Hierarchical Policies
A three-level hierarchical policy extends the functionality of a nested hierarchical policy from two to three levels of hierarchy. Using three-level hierarchical policies, you can:
•
•
•
•
For example, you can use a three-level hierarchical policy to define a minimum bandwidth and a combined maximum bandwidth for two classes. Similarly, you can also define a minimum bandwidth for each type of traffic on a virtual circuit and a maximum bandwidth for the virtual circuit's total traffic.
A three-level policy specifies the following three levels of hierarchy:
•
•
•
Note
Restrictions and Limitations for Three-Level Hierarchical Policies
Note
•
•
•
•
•
Note
Example 13-1 shows a configuration that violates the requirement that the bottom-level class map match only those packets that also match its parent class map. In the example, the class map named Child matches any packet that is not IP precedence 1 (for example, IP precedence 5). The class map named Parent matches only IP precedence 1, 2, and 3. As a result, no packets from the Child and Parent classes intersect.
Example 13-1 Improperly Defining Bottom-Level Child and Top-Level Parent Class Maps
Router(config)# class-map ParentRouter(config-cmap)# math ip precedence 1 2 3!Router(config)# class-map ChildRouter(config-cmap)# match not ip precedence 1Example 13-2 modifies the configuration in Example 13-1 to ensure the union of Child and Parent packets, which in Example 13-2 is IP precedence 2 and 3.
Example 13-2 Properly Defining Bottom-Level Child and Top-Level Parent Class Maps
Router(config)# class-map ParentRouter(config-cmap)# math ip precedence 1 2 3!Router(config)# class-map ChildRouter(config-cmap)# match ip precedence 2 3Hierarchical Input Policing Policies
A hierarchical input policing policy extends the functionality of traffic policing to two levels of hierarchy for inbound interfaces. The hierarchical input policer limits the rate of the traffic that the router accepts on the interface with the service policy applied. In this way, the service provider network is protected on the aggregate traffic level to ensure that the service provider can honor service level agreements. A two-rate three-color policer limits the rate of individual traffic streams (see the "Two-Rate Three-Color Marker for Traffic Policing" section on page 6-8).
Using hierarchical input policing, you can:
•
•
•
A hierarchical input policing policy specifies the following two levels of hierarchy:
•
•
During hierarchical input policing, the bottom-level policer acts on all of the traffic arriving at the interface, subinterface, VC, or VLAN on which the hierarchical policer is applied. As the traffic passes through the forwarding engine of the router for the first time, the bottom-level policer limits the rate of the individual streams of IP traffic before passing the traffic back through the forwarding engine again. During this feedback operation, the top-level traffic policer limits the rate of all of the traffic passed to it. The top-level policer acts only on the packets sent by the bottom-level policer. If the outbound interface has policing configured, a second feedback occurs during which the outbound policer limits the rate of the traffic.
Note
Figure 13-2 shows how packets flow between policy maps in a hierarchical input policing policy. In the figure, 500 packets arrive at the interface with the policy_map_level1 policy attached. Because of the way in which the policer is configured in policy_map_level1, the policer drops 100 packets and passes 400 packets. The traffic policer in the policy_map_level2 policy then evaluates the 400 packets it receives, drops 200, and transmits the remaining 200 packets.
Figure 13-2 Packet Flow Between Hierarchical Input Policing Policies
Restrictions and Limitations for Hierarchical Input Policing Policies
•
•
Hierarchical Policies and Oversubscription
For releases prior to Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, the router does not allow oversubscription of interfaces. If you oversubscribe hierarchical policies, instead of reducing the shape rate of all policies, the router preserves as many policies as possible and reduces the policy shape rates of a minimum number of policies to bring the sum of the hierarchical policy shape rates to less than the physical interface bandwidth.
For Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI and later releases, the router allows you to oversubscribe interfaces. Oversubscription is always enabled.
For more information about oversubscription, see Chapter 15, "Oversubscribing Physical and Virtual Links."
Applying Child Policies Under Priority Classes
The Cisco 10000 series router allows you to apply a child policy with non-queuing features under a priority class in Cisco IOS Release 12.2(31)SB2 and later releases. In a three-level hierarchical policy, the priority class to which you attach the child policy must be in the middle-level policy. In a two-level hierarchical policy (nested policy), the priority class to which you attach the child policy is in the parent policy.
For more information, see the Child Service Policy Allowed Under Priority Class feature module for Cisco IOS Release 12.2(31)SB2.
Interfaces Supporting Hierarchical Policies
The following describes interface support for hierarchical policies using the service-policy command:
Interfaces Supporting Hierarchical Policies (Outbound Only)
•
•
•
•
•
•
•
Note
Interfaces Supporting Hierarchical Policies (Inbound only)
•
•
•
•
•
•
Note
Interfaces Not Supporting Hierarchical Policies
•
•
•
•
Guidelines for Configuring QoS for Multiple Queues
When configuring QoS for multiple queues, consider the following guidelines:
•
•
•
Configuring QoS for Multiple Queues
To configure QoS for multiple queues using a hierarchical policy, perform the following configuration tasks:
•
•
•
•
Creating Fair Queues at Two Levels of Hierarchy
To create fair queues at two levels of hierarchy, enter the following commands beginning in global configuration mode:
Note
Example 13-3 shows how to create a nested hierarchical policy that creates two fair queues: one queue for the Bronze traffic and one queue for all other traffic. The top-level policy named Top-Parent shapes the total output rate of both queues to 1 Mbps. The bottom-level policy named Bottom-Child shapes Bronze traffic to 50 percent of the total output rate, or 500 kbps. The router allocates the remaining 500 kbps to all other traffic.
Example 13-3 Creating Fair Queues at Two Levels of Hierarchy
Router(config)# policy-map Bottom-ChildRouter(config-pmap)# class BronzeRouter(config-pmap-c)# bandwidth percent 50Router(config-pmap-c)# exitRouter(config-pmap)# policy-map Top-ParentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape 1000Router(config-pmap-c)# service-policy Bottom-ChildCreating Fair Queues at Three Levels of Hierarchy
To create fair queues at three levels of hierarchy, perform the following required configuration tasks:
•
•
•
Configuring a Bottom-Level Child Policy of a Three-Level Hierarchy
To configure the bottom-level child policy, enter the following commands beginning in global configuration mode:
Note
Step 1
Router(config)# policy-map policy-map-name
Creates or modifies the bottom-level child policy.
policy-map-name is the name of the policy map. The name can be a maximum of 40 alphanumeric characters.
Step 2
Router(config-pmap)# class class-map-name
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# police [cir] bps [burst-normal] [burst-excess] conform-action {action} exceed-action {action} [violate-action {action}]
(Optional) Configures kilobits per second-based traffic policing.
For more information, see Chapter 6, "Policing Traffic."
Step 4
Router(config-pmap-c)# police [cir] percent percent bc normal-burst-in-msec [pir pir] be excess-burst-in-msec conform-action {action} exceed-action {action} [violate-action {action}]
(Optional) Configures percent-based traffic policing.
For more information, see Chapter 6, "Policing Traffic."
For information about traffic policing actions, see Table 6-1 on page 6-3.
Step 5
Router(config-pmap-c)# set action
(Optional) Configures traffic marking.
For a description of the traffic marking actions you can configure, see Table 13-2.
Table 13-2 describes the traffic marking actions you can configure using the set command.
Example 13-4 shows how to configure the bottom-level child policy of a three-level hierarchy. Remember, the bottom-level policy typically defines marking and metering actions. In this example, the policy map named Gold-Meter defines the policing rate and actions for Business class traffic; the policy map named Default-Meter defines the default policing rate and actions.
Example 13-4 Configuring a Bottom-Level Child Policy of a Three-Level Hierarchy
Router(config)# policy-map Gold-MeterRouter(config-pmap)# class BusinessRouter(config-pmap-c)# police 15000 10000 6000 conform-action transmit exceed-action set-prec-transmit 1Router(config-pmap-c)# exitRouter(config-pmap)# policy-map Default-MeterRouter(config-pmap)# class BusinessRouter(config-pmap-c)# police percent 10 1500 0 conform-action transmit exceed-action set-prec-transmit 4Router(config-pmap-c)# exitRouter(config-pmap)#Configuring a Middle-Level Child Policy of a Three-Level Hierarchy
To configure a middle-level child policy, enter the following commands beginning in global configuration mode:
Note
Step 1
Router(config-pmap)# policy-map policy-map-name
Creates or modifies a middle-level child policy map.
policy-map-name is the name of the policy map. The name can be a maximum of 40 alphanumeric characters.
Step 2
Router(config-pmap)# class class-map-name
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# priority
(Optional) Assigns strict priority to the traffic class.
Note
Step 4
Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage}
(Optional) Specifies the bandwidth allocated for a traffic class.
Note
Step 5
Router(config-pmap-c)# random-detect dscp-based
(Optional) Enables DSCP-based WRED.
Step 6
Router(config-pmap-c)# random-detect dscp dscpvalue min-threshold max-threshold [mark-probability-denominator]
(Optional) Specifies a packet drop policy based on the DSCP value you specify.
For more information, see Chapter 11, "Managing Packet Queue Congestion."
Step 7
Router(config-pmap-c)# service-policy policy-map-name
Applies the bottom-level child policy map to the traffic class. Do not specify an input or output keyword.
policy-map-name is the name of a previously configured bottom-level child policy map.
Example 13-5 shows how to configure a middle-level child policy using the bottom-level child policy configured in Example 13-4. In this middle-level policy, the policy map named Southwest defines three traffic classes: Premium, Gold, and class-default. The configuration of these classes provides the following QoS behavior:
Premium Traffic
•
•
Gold Traffic
•
–
–
•
Default Traffic
•
–
–
•
Example 13-5 Configuring a Middle-Level Child Policy of a Three-Level Hierarchy
Router(config-pmap)# policy-map SouthwestRouter(config-pmap)# class PremiumRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police percent 50Router(config-pmap-c)# class GoldRouter(config-pmap-c)# random-detect prec-basedRouter(config-pmap-c)# random-detect precedence 2 3Router(config-pmap-c)# service-policy Gold-MeterRouter(config-pmap-c)# class class-defaultRouter(config-pmap-c)# random-detect prec-basedRouter(config-pmap-c)# random-detect precedence 1Router(config-pmap-c)# service-policy Default-MeterRouter(config-pmap-c)# exitRouter(config-pmap)#Configuring the Top-Level Parent Policy of a Three-Level Hierarchy
To configure a top-level parent policy, enter the following commands beginning in global configuration mode:
Note
Example 13-6 shows how to configure a top-level parent policy using the middle-level child policy configured in Example 13-5. In this top-level policy, the shape command indicates a total transmission capacity of 64,000 kbps for the combined queues. The service-policy command applies the middle-level policy named Southwest to the parent class-default class.
Example 13-6 Configuring a Top-Level Parent Policy of a Three-Level Hierarchy
Router(config-pmap)# policy-map Region1Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape 64000Router(config-pmap-c)# service-policy SouthwestRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)#Policing Inbound Traffic at Two Levels of Hierarchy
To police the traffic the router accepts on an inbound interface with a service policy applied, enter the following commands beginning in global configuration mode:
Note
