-
Cisco 10000 Series Router Quality of Service Configuration Guide
-
Cisco 10000 Series Router Quality of Service Configuration Guide
-
About This Guide
-
Quality of Service Overview
-
Classifying Traffic
-
Configuring QoS Policy Actions and Rules
-
Attaching Service Policies
-
Distributing Bandwidth Between Queues
-
Policing Traffic
-
Marking Traffic
-
Prioritizing Services
-
Shaping Traffic
-
Overhead Accounting
-
Managing Packet Queue Congestion
-
Sharing Bandwidth Fairly During Congestion
-
Simultaneous Policy Maps
-
Defining QoS for Multiple Policy Levels
-
Oversubscribing Physical and Virtual Links
-
Fragmenting and Interleaving Real-Time and Nonreal-Time Packets
-
Configuring Dynamic Subscriber Services
-
Regulating Subscriber Traffic
-
Configuring Quality of Service for PVC Bundles
-
Configuring Quality of Service for MPLS Traffic
-
VLAN Tag-Based Quality of Service
-
Hierarchical Scheduling and Queuing
-
Configuring Frame Relay QoS Using Frame Relay Legacy Commands
-
QoS Policy Propagation Through the Border Gateway Protocol
-
Glossary
-
Feedback
Table Of Contents
Feature History for QoS Packet Marking
Benefits of QoS Packet Marking
IP Precedence-Based Weighted Random Early Detection
set ip precedence Command History
Usage Guidelines for the set ip precedence Command
IP Differentiated Services Code Point Marking
DSCP-Based Weighted Random Early Detection
Usage Guidelines for the set ip dscp Command
Usage Guidelines for the set cos Command
Usage Guidelines for the set qos-group Command
ATM Cell Loss Priority Marking
Usage Guidelines for the set atm-clp Command
QinQ MPLS Experimental Marking
set mpls experimental imposition Command
set mpls experimental imposition Command History
Usage Guidelines for the set mpls experimental imposition Command
set discard-class Command History
Usage Guidelines for the set discard-class Command
Class-Based Frame Relay DE Bit Marking
History for the Class-Based Frame Relay DE Bit Marking Feature
Feature History for Tunnel Header Marking
Restrictions and Limitations for Marking
Classification and Marking Design Guidelines
Recommended Values for Traffic Marking
Configuring IP Precedence Marking
Configuration Examples for IP Precedence Marking and Classification
Configuration Examples for IP DSCP Marking and Classification
Configuring Class of Service Marking
Configuration Examples for CoS Marking and Classification
Configuration Examples for Configuring QoS Group Marking and Classification
Setting the ATM Cell Loss Priority Bit
Configuration Example for Setting the ATM CLP Bit
Configuring MPLS Experimental Marking
Configuration Examples for Configuring MPLS Experimental Marking and Classification
Configuring Discard-Class Marking
Configuration Examples for Configuring Discard-Class Marking and Classification
Configuring Tunnel Header Marking Using the set Command
Configuration Example for Tunnel Header Marking Using the set Command
Configuring Tunnel Header Marking Using the police Command
Example Configuration for Tunnel Header Marking Using the police Command
Verification Examples for Traffic Marking
Marking Traffic
To service the growing numbers of customers and their needs, service provider networks have become more complex and often include both Layer 2 and Layer 3 network devices. With this continued growth, service providers must quickly identify the packets streaming across the network and apply the appropriate service behavior before sending them to their destinations.
A differentiated service (DiffServ) model enables you to classify packets based on traffic classes. In this model, traffic marking allows you to partition your network into multiple priority levels or classes of service. By marking traffic, other network devices along the forwarding path can quickly determine the proper class of service (CoS) to apply to a traffic flow.
An important aspect of DiffServ is that the markings must be consistently interpreted from end-to-end. All devices in the network path must understand the per-hop behavior to apply to a specific class of traffic. If one of the routers in the path does not act appropriately, the overall service for a particular packet might not be as desired.
This chapter describes the marking capabilities of the Cisco 10000 series router. It includes the following topics:
•
IP Differentiated Services Code Point Marking
•
•
•
•
•
•
•
QoS Packet Marking
QoS packet marking is a QoS tool used to differentiate packets based on designated markings. Using marking, you can partition your network into multiple priority levels or classes of service. Marking simplifies the network Qos design and QoS tools configuration, and reduces the overhead of packet classification by other QoS tools.
You can configure QoS packet marking on a main interface, subinterface, or an individual virtual circuit (VC). Traffic marking involves setting bits inside frame, packet, or cell header fields that are specifically designed for QoS marking. Other devices can examine the marked bits and classify traffic based on the marked values.
Table 7-1 summarizes the mechanisms you can use to mark packets. The internal mechanisms affect only the Cisco 10000 series router's behavior; internal marks are not passed on to other routers.
Feature History for QoS Packet Marking
Benefits of QoS Packet Marking
Network Partitioning and Categorizing
Packet marking allows you to partition your network into multiple priority levels or classes of service.
Layer 2 to Layer 3 Mapping
If a packet that needs to be marked to differentiate user-defined QoS services is leaving the router and entering a switch, the router can set the class of service (CoS) value of the packet because the switch can process the Layer 2 CoS header marking.
Weighted Random Early Detection Configuration
Weighted random early detection (WRED) uses IP precedence values or IP DSCP values to determine the drop probability of a packet. Therefore, you can use the IP precedence and IP DSCP markings with the WRED feature.
Improved Bandwidth Management in ATM Networks
The ability to set the ATM CLP bit allows you to extend your IP QoS policies into an ATM network. As congestion occurs in the ATM network, cells with the CLP bit set are more likely to be dropped, resulting in improved network performance for higher priority traffic and applications.
IP Precedence Marking
You can mark the importance of a packet by using the IP precedence marking mechanism. IP precedence marking helps to do the following:
•
•
•
Layer 2 media often changes as packets traverse from source to destination. A more ubiquitous marking can occur at Layer 3, using the IP type of service (ToS) byte. The ToS byte is the second byte in an IPv4 packet. The first three bits of the ToS byte are the IP precedence bits, which enable you to set eight IP precedence markings (0 through 7).
Table 7-2 lists the 8 different IP precedence markings defined in RFC 791. Notice that IP precedence 6 and 7 are used for network control. Do not use IP precedence 6 or 7 to mark packets, unless you are marking control packets.
You can configure a QoS policy to include IP precedence marking for packets entering the network. Devices within your network can then use the newly marked IP precedence values to determine how to treat the packets. For example, class-based weighted random early detection (WRED) uses IP precedence values to determine the probability that a packet is dropped. You can also mark voice packets with a particular precedence. You can then configure low-latency queuing (LLQ) to place all packets of that precedence into the priority queue.
IP Precedence-Based Weighted Random Early Detection
When you configure IP precedence-based weighted random early detection (WRED) on an output policy map and the outgoing packets are MPLS packets, the router drops the MPLS packets based on the three experimental (EXP) bits in the MPLS label, instead of using the 3-bit IP precedence field in the underlying IP packets.
set ip precedence Command
To set the precedence value in a packet header, use the set ip precedence command in policy-map class configuration mode. To remove the precedence value, use the no form of this command. By default, this command is disabled.
set ip precedence prec-valueno set ip precedence prec-valueSyntax Description
ip
Specifies that the match is for IPv4 packets only. You must specify this keyword.
precedence prec-value
Sets the precedence value. Valid values are from 0 to 7.
set ip precedence Command History
Usage Guidelines for the set ip precedence Command
Bit Settings
After the precedence bits are set, other quality of service (QoS) features such as weighted fair queuing (WFQ) and weighted random early detection (WRED) can then operate on the bit settings.
Precedence Value
The network can give priority (or some type of expedited handling) to marked traffic through the application of weighted fair queuing (WFQ) or weighted random early detection (WRED) at points downstream in the network. Typically, you set the precedence value at the edge of the network (or administrative domain); data then is queued according to the specified precedence. WFQ can speed up handling for certain precedence traffic at congestion points. WRED can ensure that certain precedence traffic has lower loss rates than other traffic during times of congestion.
In Cisco IOS Release 12.3(7)XI, the router accepts the set precedence command without specifying the ip keyword. However, you must specify the set ip precedence command to set the precedence value in a packet header.
IP Differentiated Services Code Point Marking
IP precedence marking might seem too restrictive and limiting because only eight classes are available for marking. You might choose instead to use the IP differentiated services code point (DSCP) marking model, which offers up to 64 different values (0 through 63).
The differentiated services (DiffServ) functionality of the Cisco IOS software is fully compliant with the Internet Engineering Task Force (IETF) standards defined in the following request for comments (RFCs) documents:
•
•
•
•
The router leverages the IETF definition of the IPv4 1-byte type of service (ToS) field in the IP packet header by using the six most significant bits of this field (the DSCP bits) to classify traffic into any of the 64 possible classes. After the router classifies packets, you can use the modular QoS CLI to implement IETF-defined per-hop behaviors (PHBs), including assured forwarding (AF) and expedited forwarding (EF).
The router also uses bits in the ToS field to prioritize packets using an IP precedence value. Because the IP precedence value is actually part of the DSCP value, you cannot simultaneously set both the IP precedence and DSCP values. If you attempt to, an error message displays.
Figure 7-1 shows the DSCP bits in the ToS field.
Figure 7-1 DSCP Bits in the IP ToS Byte
DSCP Per-Hop Behavior
You can enter DSCP values as numeric values or as special keyword names called per-hop behaviors (PHBs). For example, DSCP EF is the same as DSCP 46 and DSCP AF31 is the same as DSCP 26.
The router supports the following classes of DSCP PHBs:
•
•
•
•
Again, vendor-specific mechanisms need to be configured to implement these PHBs. For more information about EF PHB, see RFC-2598. To implement the PHBs, you must configure vendor-specific mechanisms. For more information, see the appropriate RFC as indicated in Table 7-4.
Assured Forwarding
There are four assured forwarding (AF) classes, AF1x through AF4x. The first number corresponds to the AF class and the second number (x) refers to the level of drop preference within each AF class. There are three drop probabilities, ranging from 1 (low drop) through 3 (high drop). Depending on a network policy, packets can be selected for a PHB based on required throughput, delay, jitter, loss, or according to the priority of access to network services. AF allows for a committed information rate between multiple classes in a network according to desired policies.
Table 7-3 provides the DSCP coding and drop probability for AF classes 1 through 4. Bits 0, 1, and 2 define the class; bits 3 and 4 specify the drop probability; bit 5 is always 0.
Expedited Forwarding
The expedited forwarding (EF) PHB is used to build a low-loss, low-latency, low-jitter, assured bandwidth, end-to-end service through differentiated services (DiffServ) domains. This PHB appears to the endpoints like a point-to-point connection or a virtual leased line. EF PHB, also referred to as a premium service, is suitable for applications such as Voice over IP (VoIP).
The recommended code point for the EF PHB is 101110.
Class Selector Code Points
The router also supports class selector (CS) code points, which is a way of marking the six DSCP bits so that the code points are identical to IP precedence values. These code points can be used with systems that only support the IP precedence. The CS code points have the form xyz000, where x, y, and z represent a 1 or 0.
For more information, see the appropriate RFC as indicated in Table 7-4.
DSCP Values
The following differentiated services (DiffServ) RFCs define DSCP values:
•
•
•
•
The RFCs do not dictate the way to implement PHBs; this is the responsibility of the vendor. Cisco implements queuing techniques that can base their PHB on the IP precedence or DSCP value in the IP header of a packet. Based on DSCP or IP precedence, traffic can be put into a particular service class. Packets within a service class are treated the same way.
Table 7-4 lists only the DSCP values suggested by the DiffServ RFCs.
You can configure a QoS policy to include an IP DSCP marking for packets entering the network. Devices within your network can then use the newly marked IP DSCP values to determine how to treat the packets. For example, class-based weighted random early detection (WRED) uses IP DSCP values to determine the probability that a packet is dropped. You can also mark voice packets with a particular DSCP value. You can then configure low-latency queuing (LLQ) to place all packets of that DSCP value into the priority queue.
DSCP-Based Weighted Random Early Detection
When you configure DSCP-based weighted random early detection (WRED) on an output policy map and the outgoing packets are MPLS packets, the router drops the MPLS packets based on the three experimental (EXP) bits in the MPLS label, instead of using the 6-bit DSCP field in the underlying IP packets. The router shifts the three EXP bits to the left to make it six bits. For example, if the value of the EXP bits is 5 (binary 101), the router left-shifts the bits to make them binary 101000, thus making it look like a 6-bit DSCP field. The router drops packets based on the shifted binary value.
set ip dscp Command
To mark a packet by setting the differentiated services code point (DSCP) value in the type of service (ToS) byte, use the set ip dscp command in policy-map class configuration mode. To remove a previously set DSCP value, use the no form of this command. By default, no packets are marked.
set ip dscp {dscp-value | afxy | csx | ef | default}no set ip dscp {dscp-value | afxy | csx | ef | default}Syntax Description
ip
Specifies that the match is for IPv4 packets only. You must specify this keyword.
dscp dscp-value
Sets the DSCP value. Valid values are from 0 to 63.
Instead of specifying a numeric dscp-value, you can specify one of the following reserved keywords:
•
•
•
•
For more information, see Table 7-4.
set ip dscp Command History
Usage Guidelines for the set ip dscp Command
•
•
•
•
Class of Service Marking
Class of service (CoS) marking enables the Cisco 10000 series router to interoperate with switches to deliver end-to-end QoS. The IEEE 802.1p standard enables the router to:
•
•
For Layer 2 devices, you can assign priority-indexed IEEE 802.1p CoS values to Ethernet frames. Layer 2 IEEE 802.1Q frame headers have a 2-byte Tag Control Information field in the 802.1p portion of the header. The three most-significant bits of this field (the User Priority bits) make up the Layer 2 CoS field. This 3-bit field allows you to mark eight classes of service (0 through 7) on Layer 2 Ethernet frames. Other QoS tools can then use the CoS marking to classify traffic. For IEEE 802.1Q, the User Priority bits are set to zero (0) in the Ethernet header.
Figure 7-2 shows the PRI field containing the 3-bit User Priority field.
Figure 7-2 User Priority Bits in the IEEE 802.1p Header
For CoS-based QoS, the Cisco 10000 series router uses the IP precedence bits in the IP header to give preference to higher-priority traffic. Layer 3 IP headers have a 1-byte Type of Service (ToS) field. The router uses the six most significant bits of this field (the differentiated services code point (DSCP) bits) to prioritize traffic. Figure 5-3 shows the DSCP bits in the TOS field.
Figure 7-3 DSCP Bits in the IP ToS Byte
The router uses the CoS value to determine how to prioritize packets for transmission and can also use CoS marking to perform Layer 2 to Layer 3 mapping. Using the CoS field, you can differentiate user-defined QoS services for packets leaving a router and entering a switch. Switches already have the ability to match and set CoS values; therefore, a router can set the CoS value of a packet to enable Layer 2 to Layer 3 mapping. The switch can then process the Layer 2 CoS header marking.
To allow the Cisco 10000 series router to interoperate with Layer 2 devices, CoS-based QoS on the router allows the 802.1p User Priority bits to be mapped to the IP DSCP bits for packets received on inbound interfaces. The DSCP bits are mapped to the User Priority bits for packets forwarded from outbound interfaces.
In the inbound direction, you can configure the router to match on the CoS bits and then perform an action (such as setting the IP precedence or DSCP bits). By default, the router ignores the CoS field of inbound packets.
In the outbound direction, you can configure the router to set the CoS bits of outbound packets to a value that you specify. If you do not do this, by default, the router ignores the CoS field and leaves it set to a default value.
QinQ Class of Service Marking
For EXP-to-CoS mapping in QinQ configurations, the parallel express forwarding (PXF) engine marks both the inner and outer CoS bits.
For CoS-to-EXP mapping in QinQ configurations, the PXF engine looks at the CoS bits in the outer dot1q header to determine how to mark the EXP bits.
set cos Command
To set the Layer 2 class of service (CoS) value of an outgoing packet, use the set cos command in policy-map class configuration mode. To remove a specific CoS value setting, use the no form of this command. By default, this command is disabled.
set cos cos-valueno set cos cos-valueSyntax Description
set cos Command History
Usage Guidelines for the set cos Command
The set cos command allows switches and routers to interoperate. By configuring the router to match packets based on the CoS value (using the match cos command) and to set CoS values, you can configure Layer 2 to Layer 3 mapping. If a packet that needs to be marked to differentiate user-defined QoS services is leaving a router and entering a switch, the router can set the CoS value of the packet because the switch can process the Layer 2 header.
Use the set cos command only in service policies that are attached in the output direction of an interface; packets entering an interface cannot be set with a CoS value. You can configure a CoS value on an Ethernet interface that is configured for 802.1Q or on a virtual access interface that is using an 802.1Q interface.
QoS Group Marking
You can use QoS group marking to assign packets to a QoS group. The QoS group field is an internal marking that exists only within the router. You can set this field as packets pass through the fabric of the router. The router uses the group ID marking to determine how to prioritize packets for transmission. QoS groups are used as part of QoS policy propagation through the Border Gateway Protocol (QPPB) and are useful in configurations that support MPLS QoS tunneling modes: short pipe, long pipe, and uniform pipe.
You can set up to 100 different QoS group markings.
set qos-group Command
To set a quality of service (QoS) group identifier (ID) that can be used later to classify packets, use the set qos-group command in policy-map class configuration mode. To remove the group ID, use the no form of this command. By default, this command is disabled; no group ID is specified.
set qos-group group-idno set qos-group group-id
Syntax Description
set qos-group Command History
Usage Guidelines for the set qos-group Command
The set qos-group command allows you to associate a group ID with a packet. The group ID can be used later to classify packets into QoS groups as part of QoS policy propagation through the Border Gateway Protocol (QPPB). QoS groups are also useful in configurations supporting MPLS QoS tunneling modes: short pipe, long pipe, and uniform pipe.
A QoS group and discard class are required when the input per-hop behavior (PHB) marking is used for classifying packets on the output interface
ATM Cell Loss Priority Marking
You can change the cell loss priority (CLP) bit setting in an ATM header of a cell to control the discarding of cells in congested ATM environments. As congestion occurs in the ATM network, the ATM network switch can discard cells with the CLP bit set to 1 (discard) before discarding cells with a CLP bit setting of 0.
You can set ATM CLP marking only on outbound packets. The Cisco 10000 series router does not support CLP bit matching.
set atm-clp Command
To set the cell loss priority (CLP) bit to 1, use the set atm-clp command in policy-map class configuration mode. To change the CLP bit setting back to 0, use the no form of the command. By default, the CLP bit automatically sets to 0 when the router sends packets as ATM cells.
set atm-clpno set atm-clpset atm-clp Command History
Usage Guidelines for the set atm-clp Command
You can attach a policy map containing the set atm-clp command only as an output policy. The set atm-clp command does not support packets that originate from the router.
To disable this command, remove the service policy from the interface by using the no service-policy command.
The router discards packets with the CLP bit set to 1 before it discards packets with the CLP bit set to 0.
MPLS Experimental Marking
The Multiprotocol Layer Switching (MPLS) experimental (EXP) field is a 3-bit field within the MPLS label that is used in QoS marking. By default, the IP precedence field in the underlying IP packet is copied to the MPLS EXP field during label imposition. Using the MPLS EXP field does not modify the DSCP or IP precedence markings in the packet IP header.
The MPLS EXP field allows up to eight different QoS markings that correspond to the eight possible IP precedence values. For more information, see Table 7-2.
The value of the EXP bits determines the per-hop behavior (PHB) for MPLS nodes and is also used as transparency mechanisms when used with MPLS DiffServ tunneling modes such as pipe and uniform modes. IP marking does not modify an MPLS packet carrying IP data. You must configure MPLS marking on an input interface. MPLS marking takes effect only during label imposition. You can combine marking and policing to change the DSCP and MPLS EXP values of an IP packet during MPLS label imposition.
A provider edge (PE) router at the edge of the MPLS network can be configured to map the DSCP or IP precedence field to the MPLS EXP field. The router uses the value of the EXP field as the basis for IP QoS. As a result, MPLS routers can perform QoS features indirectly, based on the original IP precedence field inside the MPLS-encapsulated IP packet. The IP packet does not need to be opened to examine the IP precedence field. When a packet leaves the MPLS network, IP QoS is still based on the DSCP or IP precedence value in the IP header.
QinQ MPLS Experimental Marking
For CoS-to-EXP mapping in QinQ configurations, the parallel express forwarding (PXF) engine looks at the CoS bits in the outer dot1q header to determine how to mark the EXP bits.
For EXP-to-CoS mapping in QinQ configurations, the PXF marks both the inner and outer CoS bits.
set mpls experimental imposition Command
To set the value of the Multiprotocol Label Switching (MPLS) experimental (EXP) field on all imposed label entries, use the set mpls experimental imposition command in policy-map class configuration mode. To disable the setting, use the no form of the command. By default, no MPLS EXP value is set.
set mpls experimental imposition mpls-exp-valueno set mpls experimental imposition mpls-exp-valueSyntax Description
set mpls experimental imposition Command History
Note
Usage Guidelines for the set mpls experimental imposition Command
The set mpls experimental imposition command is supported only on input interfaces. Use this command during label imposition. This command sets the MPLS EXP field on all imposed label entries.
You can use the set mpls experimental imposition command on the input interface of a provider edge (PE) router connected to a customer edge (CE) router. In MPLS QoS differentiated services (DiffServ) tunneling modes, you can also use this command on the input interfaces of CE routers in pipe mode.
Note
Discard-Class Marking
The discard-class is a 3-bit field that is used to set the per-hop behavior (PHB) for dropping traffic. The discard-class indicates the drop portion of the PHB. You can set the discard-class on the input interface to use as a matching criterion and to affect how packets are dropped on the output interface. You can use the discard-class with weighted random early detection (WRED) on the output interface to classify packets and determine packet drop probability. You can set up to eight discard-class values (0 through 7).
set discard-class Command
To mark a packet with a discard-class value or to drop a specific traffic type during congestion, use the set discard-class command in policy-map class configuration mode. To remove a discard-class value or to disable the discard-class value, use the no form of the command. By default, the discard-value is zero.
set discard-class valueno set discard-class valueSyntax Description
value
Is the priority of a type of traffic. Valid values are from 0 to 7.
Note
set discard-class Command History
Release 12.3(7)XI
This command was introduced on the PRE2 only.
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.
Usage Guidelines for the set discard-class Command
You can set the discard-class on the input interface to use as a matching criterion and to affect how packets are dropped on the output interface. You can use the discard-class with weighted random early detection (WRED) on the output interface to classify packets and determine packet drop probability.
The router supports the set discard-class command only on the PRE2.
Class-Based Frame Relay DE Bit Marking
The Class-Based Frame Relay DE Bit Marking feature provides the ability to prioritize frames in a Frame Relay network by setting the discard eligibility (DE) bit in the header of Frame Relay frames. As congestion occurs in the Frame Relay network, frames with the DE bit set are more likely to be dropped, resulting in improved network performance for higher priority traffic and applications.
This feature supports the classification of inbound Frame Relay traffic based on the DE bit setting and the marking of the DE bit of outbound Frame Relay traffic. During classification, the router matches the DE bit of inbound packets to previously configured traffic classes (created using a class map) and classifies each matching packet as belonging to a specific traffic class.
DE bit marking can occur either as a class-based shaping action or as a class-based policing action. The modular QoS command-line interface (MQC) commands used to mark the DE bit are the following:
•
•
The set-frde-transmit command is a policing action for conforming traffic and is used with the police command. When using the conforming-action set-frde-transmit command, the router sends the frames through the policer's token bucket mechanism for processing and sets the DE bit for all frames that conform to the committed rate.
The PRE3 and PRE4 support Frame Relay DE bit marking across packet fragments.
History for the Class-Based Frame Relay DE Bit Marking Feature
Release 12.2(31)SB22
This feature was introduced on the PRE3.
PRE2, PRE3
Release 12.2(33)SB
This feature was introduced on the PRE4.
PRE2, PRE3, PRE4
Marking and Policing Traffic
When you simultaneously configure a class in a policy map to include both marking and policing commands (the set and police commands), the router processes the set command first and then processes the police command. As a result, the values set by the police command override the values of the set command. This occurs regardless of whether you attach a policy map to an inbound or outbound interface.
For example, if you use the set command to configure a value for the IP precedence field and you configure a value for the same field by using the police command, the IP precedence value you set for the police command overrides the IP precedence value you configured for the set command.
The set and police commands allow you to configure the following fields:
•
•
•
•
•
Tunnel Header Marking
The Tunnel Header Marking (THM) feature allows you to mark the outer IP header's DSCP or precedence value during tunnel encapsulation of the packet.
The outer IP header type of service (ToS) field of a tunneled packet is typically exposed to a different QoS domain from that of the inner IP header. For example, for Multicast Virtual Private Network (MVPN) packets placed in Generic Routing Encapsulation (GRE) tunnels, the router processes the packet's outer ToS field based on the QoS services of a common core MPLS network. The router processes the packet's inner IP ToS field based on the QoS services of a particular VRF. Using tunnel header marking, different traffic streams that are aggregated into the same tunnel can mark their outer ToS field differently. This enables the streams to receive a different level of QoS processing at the outer ToS field's QoS domain.
A policy map is used to enable tunnel header marking and is applied to the inbound interface. If the outbound interface is a tunnel, the router marks the outer headers of packets as tunnel encapsulation occurs. If the outbound interface is not a tunnel, the policy map has no affect on the arriving packet headers.
As shown in Figure 7-4, the policy map named policy1 has tunnel header marking configured and is attached to inbound interface P1, and outbound interface P2 is a tunnel. As a result, the router classifies traffic as it enters the router through interface P1 and marks the traffic as it leaves through interface P2.
Figure 7-4 Tunnel Header Marking
Feature History for Tunnel Header Marking
Restrictions and Limitations for Marking
DSCP-Based and Precedence-Based Marking
•
•
•
•
•
Frame Relay DE Bit Marking Restrictions
•
Discard-Class-Based Marking Restrictions
•
•
CoS-Based Marking Restrictions
•
•
Tunnel Header Marking Restrictions
•
•
•
•
Interfaces Supporting Marking
The following describes interface support for marking using the set commands:
Interfaces Supporting the set Command
•
•
•
•
•
•
•
•
•
Note
Interfaces Not Supporting the set Command
•
•
Classification and Marking Design Guidelines
The Cisco 10000 series router provides many tools for classifying and marking traffic. Your task is to determine how best to use these tools in your network environment. The following are guidelines to help you make good design choices for classification and marking tools:
•
•
•
•
•
Recommended Values for Traffic Marking
Table 7-5 lists the recommended values to use for traffic marking.
Configuring Traffic Marking
To configure class-based traffic marking, perform any of the following optional tasks:
•
•
•
•
•
•
•
•
For more information about classifying traffic and creating QoS service policies, see Chapter 2 "Classifying Traffic" and Chapter 3 "Configuring QoS Policy Actions and Rules."
Configuring IP Precedence Marking
To mark the IP precedence field of packets, enter the following commands beginning in global configuration mode:
Step 1
Router(config)# policy-map policy-map-name
Specifies the name of the policy map and enters policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 2
Router(config-pmap)# class class-map-name
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# set ip precedence prec-valueSpecifies the IP precedence of packets within a traffic class.
prec-value is the IP precedence value. Valid values are from 0 to 7. See Table 7-2.
Note
Step 4
Router(config-pmap-c)# exitExits policy-map class configuration mode.
Step 5
Router(config-pmap)# exitExits policy-map configuration mode.
Step 6
Specifies the interface to which you want to attach the service policy map. Enters interface configuration mode.
type is the type of interface (for example, serial).
number is the number of the interface (for example, 1/0/0).
Step 7
Attaches the policy map you specify to the interface. The router applies the service policy to packets on the interface in either the input or output direction.
input indicates to apply the service policy to inbound packets.
output indicates to apply the service policy to outbound packets.
policy-map-name is the name of the policy map.
Configuration Examples for IP Precedence Marking and Classification
Example 7-1 shows how to configure IP precedence marking. In the example, a policy map named Bronze is created and the class map named Voice is associated with the Bronze policy. For all outbound packets on the Gigabit Ethernet 2/0/1 interface, the router sets the IP precedence bits to 5.
Example 7-1 Configuring IP Precedence Marking
Router(config)# class-map VoiceRouter(config-cmap)# match access-group 110Router(config-cmap)# exitRouter(config)# policy-map BronzeRouter(config-pmap)# class VoiceRouter(config-pmap-c)# set ip precedence 5Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 2/0/1Router(config-if)# service-policy output BronzeExample 7-2 shows how to configure IP precedence-based classification. In the example, a policy map named Second is created and the class map named ip-prec is associated with the Second policy. For all outbound packets on Gigabit Ethernet interface 2/0/1, the router classifies packets based on the setting of their IP precedence bits. If the bits are set to 3, the router assigns the packets to the ip-prec class and polices the traffic as indicated in the Second policy map.
Example 7-2 Configuring IP Precedence-Based Classification
Router(config)# class-map ip-precRouter(config-cmap)# match ip precedence 3Router(config-cmap)# exitRouter(config)# policy-map SecondRouter(config-pmap)# class ip-precRouter(config-pmap-c)# police 8000 4000 2000 conform-action transmit exceed-action drop violate-action dropRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 2/0/1Router(config-if)# service-policy output SecondConfiguring IP DSCP Marking
To mark the DSCP field of packets, enter the following commands beginning in global configuration mode:
Step 1
Router(config)# policy-map policy-map-name
Specifies the name of the policy map and enters policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 2
Router(config-pmap)# class class-map-name
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# set ip dscp {dscp-value | afxy | csx | ef | default}
Sets the DSCP value in the ToS byte.
ip specifies that the match is for IPv4 packets only. You must specify this keyword.
dscp dscp-value sets the DSCP value. Valid values are from 0 to 63.
Instead of specifying a numeric dscp-value, you can specify one of the following reserved keywords:
•
•
•
•
For more information, see Table 7-4.
Step 4
Router(config-pmap-c)# exitExits policy-map class configuration mode.
Step 5
Router(config-pmap)# exitExits policy-map configuration mode.
Step 6
Specifies the interface to which you want to attach the service policy map. Enters interface configuration mode.
type is the type of interface (for example, serial).
number is the number of the interface (for example, 1/0/0).
Step 7
Attaches the policy map you specify to the interface. The router applies the service policy to packets on the interface in either the input or output direction.
input indicates to apply the service policy to inbound packets.
output indicates to apply the service policy to outbound packets.
policy-map-name is the name of the policy map.
Configuration Examples for IP DSCP Marking and Classification
Example 7-3 shows how to configure IP DSCP marking. In the example, the router assigns outbound traffic on the Gigabit Ethernet 1/0/0 interface to either class1 or class2. The router marks the packets by setting the DSCP bits of class1 packets to DSCP 5 and by setting the DSCP bits of class2 packets to DSCP 3 as indicated in the policy map named Silver.
Example 7-3 Configuring IP DSCP Marking
Router(config)# class-map class1Router(config-cmap)# match qos-group 2Router(config-cmap)# class class2Router(config-cmap)# match access-group 108Router(config-cmap)# exitRouter(config)# policy-map SilverRouter(config-pmap)# class class1Router(config-pmap-c)# set ip dscp 5Router(config-pmap-c)# class class2Router(config-pmap-c)# set ip dscp 3Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# service-policy output SilverExample 7-4 shows how to configure IP DSCP-based classification. In the example, the router checks the DSCP bits of outbound packets on the GigabitEthernet interface 1/0/0. If the packet DSCP bits are set to 5, the router assigns the packet to the Voice class and gives the packet priority handling as indicated in the policy map named Platinum. All intermediate routers provide low-latency treatment to the Voice packets.
Example 7-4 Configuring IP DSCP-Based Classification
Router(config)# class-map VoiceRouter(config-cmap)# match ip dscp 5Router(config-cmap)# exitRouter(config)# policy-map PlatinumRouter(config-pmap)# class VoiceRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police 8000 600 400 conform-action transmit exceed-action drop violate-action dropRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# service-policy output PlatinumConfiguring Class of Service Marking
To mark the Layer 2 class of service (CoS) field in the 802.1p header of outbound packets, enter the following commands beginning in global configuration mode:
Configuration Examples for CoS Marking and Classification
Example 7-5 shows how to configure CoS classification and marking on an interface, setting the Layer 2 CoS value in the 802.1p header. In the example, the router checks the DSCP bits of inbound packets on the Gigabit Ethernet interface 1/0/0. If the bits are set to DSCP AF11, the router assigns the packet to the class named Cos-Class and on the outbound interface marks the packet by setting the class of service bits to 5 as indicated in the policy map named Policy1.
Example 7-5 Configuring CoS Marking
Router(config)# class-map Cos-ClassRouter(config-cmap)# match ip dscp AF11Router(config-cmap)# exitRouter(config)# policy-map Policy1Router(config-pmap)# class Cos-ClassRouter(config-pmap-c)# set cos 5Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# service-policy output Policy1Example 7-6 shows how to configure CoS-based classification on outbound packets. In the example, the router checks the class of service bits of packets leaving on Gigabit Ethernet interface 4/0/0. If the bits are set to 3, the router assigns the packet to the class named Voice and marks the packet by setting the IP DSCP bits to 8 as indicated in the policy map named Policy1.
Note
Example 7-6 Configuring CoS-Based Classification
Router(config)# class-map VoiceRouter(config-cmap)# match cos 3Router(config-cmap)# exitRouter(config)# policy-map Policy1Router(config-pmap)# class VoiceRouter(config-pmap-c)# set ip dscp 8Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 4/0/0Router(config-if)# service-policy output Policy1Configuring QoS Group Marking
To mark packets with a local QoS group ID, enter the following commands beginning in global configuration mode:
Configuration Examples for Configuring QoS Group Marking and Classification
Example 7-7 shows how to configure QoS group marking. In this example, the router classifies inbound packets on the Gigabit Ethernet interface 1/0/0 based on the class of service value. If the packet CoS value is 5, the router assigns the packet to the class named Group and sets the packet qos-group ID to 4 as indicated in the policy map named Policy1.
Example 7-7 Configuring QoS Group Marking
Router(config)# class-map GroupRouter(config-cmap)# match cos 5Router(config-cmap)# exitRouter(config)# policy-map Policy1Router(config-pmap)# class GroupRouter(config-pmap-c)# set qos-group 4Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# service-policy input Policy1Example 7-8 shows how to configure the router to classify packets based on the QoS group ID of the packet. In this example, the router checks outbound packets on Ethernet interface 1/0/0 for QoS group ID 5, assigns the matching packets to the traffic class named QoSGroup, defined in the policy map named Gold, and sets the packet DSCP bits to DSCP 0 (best effort).
Example 7-8 Configuring QoS Group-Based Classification
Router(config)# class-map QoSGroupRouter(config-cmap)# match qos-group 5Router(config-cmap)# exitRouter(config)# policy-map GoldRouter(config-pmap)# class QoSGroupRouter(config-pmap-c)# set dscp 0Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface Ethernet 1/0/0Router(config-if)# service-policy output GoldSetting the ATM Cell Loss Priority Bit
To set the ATM cell loss priority (CLP) bit to 1, enter the following commands beginning in global configuration mode:
Configuration Example for Setting the ATM CLP Bit
Example 7-9 shows how to set the ATM CLP bit of packets. For all packets arriving on the ATM interface 1/0/1, the router assigns the packets that match access control list (ACL) 100 to the Class1 traffic class and sets the ATM CLP bit of each packet.
Example 7-9 Setting the ATM CLP Bit
Router(config)# class-map Class1Router(config-cmap)# match access-group 100Router(config-cmap)# exitRouter(config)# policy-map PremiumRouter(config-pmap)# class Class1Router(config-pmap-c)# set atm-clpRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface atm 1/0/1Router(config-if)# service-policy output PremiumConfiguring MPLS Experimental Marking
To copy the IP precedence or DSCP value to the MPLS experimental bits during label imposition, enter the following commands beginning in global configuration mode:
Configuration Examples for Configuring MPLS Experimental Marking and Classification
Example 7-10 shows how to configure MPLS Experimental (EXP) marking. In the example, for all packets on the inbound Gigabit Ethernet interface 1/0/0 that match class of service 3, the router sets the packet MPLS experimental bits to 5.
Example 7-10 Configuring MPLS EXP Marking
Router(config)# class-map voiceRouter(config-cmap)# match cos 3Router(config-cmap)# exitRouter(config)# policy-map SilverRouter(config-pmap)# class voiceRouter(config-pmap-c)# set mpls experimental imposition 5Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# mpls ipRouter(config-if)# service-policy input SilverExample 7-11 shows how to configure MPLS EXP-based classification. In the example, the router checks the MPLS EXP bits of the packets arriving on the Gigabit Ethernet interface 1/0/0. The router assigns the packets whose bits have a setting of 5 to the mpls-exp class. As indicated in the policy map, the router provides low-latency priority handling of MPLS experimental traffic.
Example 7-11 Configuring MPLS EXP-Based Classification
Router(config)# class-map mpls-expRouter(config-cmap)# match mpls experimental 5Router(config-cmap)# exitRouter(config)# policy-map PlatinumRouter(config-pmap)# class mpls-expRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police percent 30 4000 2000 conform-action transmit exceed-action dropRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface GigabitEthernet 1/0/0Router(config-if)# mpls ipRouter(config-if)# service-policy output PlatinumConfiguring Discard-Class Marking
To mark packets with a discard-class value, enter the following commands beginning in global configuration mode:
Configuration Examples for Configuring Discard-Class Marking and Classification
Example 7-12 shows how to configure the discard eligibility value for a traffic class. In the example, the router classifies inbound traffic on Ethernet interface 1/0/0 based on the class of service setting of the packets. If the CoS value matches 1, the router assigns the matching packets to the class named Class1 and sets the packet discard-class value to 4, as defined in the policy map named MyPolicy.
Example 7-12 Configuring Discard-Class Marking
Router(config)# class-map Class1Router(config-cmap)# match cos 1Router(config-cmap)# exitRouter(config)# policy-map MyPolicyRouter(config-pmap)# class Class1Router(config-pmap-c)# set discard-class 4Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface Ethernet 1/0/0Router(config-if)# service-policy input MyPolicyExample 7-13 shows how to configure discard-class-based classification. In the example, the router classifies outbound traffic on Gigabit Ethernet interface 2/0/1 based on the discard-class setting of the packets. If the discard-class value matches 3, the router assigns the matching packets to the class named Group1 and provides a minimum bandwidth guarantee of 8000 kbps to Group1 traffic, as defined in the policy map named Manhattan.
Example 7-13 Configuring Discard-Class-Based Classification
Router(config)# class-map Group1Router(config-cmap)# match discard-class 3Router(config-cmap)# exitRouter(config)# policy-map ManhattanRouter(config-pmap)# class Group1Router(config-pmap-c)# police 8000 600 400 conform-action transmit exceed-action dropRouter(config-pmap-c)# exitRouter (config-pmap)# exitRouter(config)# interface GigabitEthernet 2/0/1Router(config-if)# service-policy output ManhattanConfiguring Tunnel Header Marking Using the set Command
To configure tunnel header marking using the set command, enter the following configuration commands beginning in global configuration mode:
Configuration Example for Tunnel Header Marking Using the set Command
The following example configuration shows how to configure tunnel header marking using the set command. In the example, marking is configured for the match_ip traffic class. For all packets belonging to that class, the router sets the DSCP bits to 3.
class-map match_ipmatch protocol ippolicy-map Tunnel_Markingclass match_ipset ip dscp tunnel 3class class-defaultshape 64000Configuring Tunnel Header Marking Using the police Command
To configure tunnel header marking using the police command, enter the following commands beginning in global configuration mode:
Step 1
Router(config)# policy-map policy-map-name
Specifies the name of the policy map and enters policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 2
Router(config-pmap)# class class-map-name
Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.
class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# police [cir] bps [bc] burst-normal [pir pir] [be] burst-excess [conform-action {set-dscp-tunnel-transmit value | set-prec-tunnel-transmit value}] [exceed-action {set-dscp-tunnel-transmit value | set-prec-tunnel-transmit value}] [violate-action {set-dscp-tunnel-transmit value | set-prec-tunnel-transmit value}]
Configures policing and uses the policer action to mark a packet's outer tunnel header.
set-dscp-tunnel-transmit value is a number from 0 to 63 or one of the following reserved keywords:
•
•
•
set-prec-tunnel-transmit value is a number from 0 to 7 that sets the precedence bit in the packet header.
For more information, see the "police Command (Single-Rate)" section or the "police Command (Two-Rate)" section.
Example Configuration for Tunnel Header Marking Using the police Command
The following example configuration shows how to mark the tunnel header of a packet using the police command. In the example, the policer sets the DSCP bits to 4 for all conforming traffic belonging to the match_ip class.
class-map match_ipmatch protocol ippolicy-map Tunnel_Markingclass match_ippolice 8000 conform-action set-dscp-tunnel-transmit 4class class-defaultshape 64000Verifying Traffic Marking
The Cisco 10000 series router collects statistical information about the number of packets and bytes marked.
To verify traffic marking, enter any of the following commands in privileged EXEC configuration mode:
Verification Examples for Traffic Marking
Example 7-14 shows how to verify marking for the traffic classes in a policy map. In this example, traffic assigned to the Gold class has the precedence bits set to 5.
Example 7-14 Verifying Marking in a Policy Map
Router# show policy-map ChildPolicy Map ChildClass Bronzepolice percent 30 6 ms 4 ms conform-action transmit exceed-action set-prepClass Goldpolice 8000 2000 4000 conform-action transmit exceed-action set-qos-transpset ip precedence 5Example 7-15 shows how to verify marking on a specific interface. In this example, the QoS policy is a hierarchical policy that is attached to PVC 5/101 on the ATM 3/0/0.3 subinterface. In the Child policy, the Bronze class indicates to set the DSCP bits of Bronze packets to 3. The Gold class indicates to set the IP precedence bits of Gold packets to 5.
Example 7-15 Verifying Marking in a Hierarchical Policy
Router# show policy-map interface atm 3/0/0.3ATM3/0/0.3: VC 5/101 -Service-policy output: ParentClass-map: class-default (match-any)0 packets, 0 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: anyOutput queue: 0/64; 0/0 packets/bytes output, 0/0 dropsShape : 2000 kbpsService-policy : ChildClass-map: Bronze (match-all)0 packets, 0 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: ip precedence 3 5Police:600000 bps, 1536 limit, 1000 extended limitconformed 0 packets, 0 bytes; action: transmitexceeded 0 packets, 0 bytes; action: set-prec-transmit 2violated 0 packets, 0 bytes; action: dropQoS Setdscp 3Packets marked 0Class-map: Gold (match-all)0 packets, 0 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: ip precedence 2Police:8000 bps, 2000 limit, 4000 extended limitconformed 0 packets, 0 bytes; action: transmitexceeded 0 packets, 0 bytes; action: set-qos-transmit 4violated 0 packets, 0 bytes; action: dropQoS Setprecedence 5Packets marked 0Class-map: class-default (match-any)0 packets, 0 bytes5 minute offered rate 0 bps, drop rate 0 bpsMatch: anyOutput queue: 0/64; 0/0 packets/bytes output, 0/0 dropsRelated Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this chapter. To display the documentation, click the document title or a section of the document highlighted in blue. When appropriate, paths to applicable sections are listed below the documentation title.
3-Color Marker for Traffic Policing (single rate)
Release Notes for the Cisco 10000 Series ESR for Cisco IOS Release 12.0(23)SX
New Features in Cisco IOS Release 12.0(23)SX > Single Rate 3-Color Marker for Traffic Policing
ATM Cell Loss Priority Marking
When Does a Router Set the CLP Bit in an ATM Cell?
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
Classification and Marking
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
Class-Based Marking, Release 12.0(26)S feature module
Configuring Packet Marking on Frame Relay PVCs
Class of Service Marking
Service Provider Quality of Service Design Guide
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
DSCP Marking
Service Provider Quality of Service Design Guide
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
QoS Packet Marking, Implementing Quality of Service Policies with DSCP
IP Precedence Marking
Service Provider Quality of Service Design Guide
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
MPLS Experimental Marking
Cisco IP Solution Center, 3.0: Quality of Service Management User Guide, Release 3.0
Quality of Service Concepts > MPLS Experimental Values
Service Provider Quality of Service Design Guide
QoS Group Marking
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Configuring Class-Based Packet Marking
QoS Policy Propagation through the Border Gateway Protocol (QPPB)
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 1: Classification > Classification Overview > QoS Policy Propagation via Border Gateway Protocol
Part 1: Classification > Configuring QoS Policy Propagation via Border Gateway Protocol
