Table Of Contents

Configuring QoS

Supported Interfaces

QoS Functions

Ingress QoS Functions

Ingress Trust

Ingress Queue Scheduling

Ingress Classification

Ingress Policing

Ingress Marking

Ingress Bandwidth and CBWFQ

LLQ (Ingress Priority)

Ingress Shaping

Egress QoS Functions

Egress Classification

Egress Policing

Egress Marking

Egress Shaping

Egress Queue Scheduling

Configuring QoS Features Using MQC

Configuring Classification

Restrictions and Usage Guidelines

Examples

Configuring Policing

Restrictions and Usage Guidelines

Examples

Verification

Attaching a QoS Traffic Policy to an Interface

Attaching a QoS Traffic Policy for an Input Interface

Attaching a QoS Traffic Policy to an Output Interface

Configuring Marking

Restrictions and Usage Guidelines

Examples

Verification

Configuring Shaping

Restrictions and Usage Guidelines

Examples

Verification

Configuring QoS Queue Scheduling

Restrictions and Usage Guidelines

Configuring WRED

WRED Aggregate and Non-Aggregate Mode

Restrictions and Usage Guidelines

Examples

Configuring Bandwidth and CBWFQ

Restrictions and Usage Guidelines

Examples

Configuring LLQ

Restrictions and Usage Guidelines

Examples

Configuring DBUS CoS Queing

Configuring Bandwidth Remaining Ratio (BRR)

Restrictions and Usage Guidelines

Configuring PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card

PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card Configuration Guidelines

Configuring Hierarchical QoS

Examples

EVCS QoS Support

Restrictions and Usage Guidelines

EVC Configuration Examples

QoS on Port-Channel Member-Link

Supported Egress QoS Configurations

Restrictions and Usage Guidelines

QoS on Port-Channel Member-LinkConfiguration Examples

IPv6 - Hop by Hop Rate Limiter

Restrictions and Usage Guidelines

Configuring IPv6 - Hop by Hop Rate Limiter

Example

QoS: Service Group Support on Cisco 7600

Restrictions and Usage Guidelines

Examples

Verification

Configuring Flexible Service Mapping Based on CoS and Ethertype

Restrictions and Usage Guidelines

Supported Configurations

Examples

Verification

Configuring QoS

---

This chapter provides information about configuring Quality of Service (QoS) on the Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) line card on the Cisco 7600 series router.

---

Note QoS on the Cisco 7600 Series Ethernet Services Plus line cards uses Layer 2 frame size.

---

---

Note With QoS enabled globally, cross bundling is not allowed between 6xxx cards and ES20 line cards, between 6xxx cards and ES+ line cards, and between ES20 and ES+ line cards.

---

For more information about the commands in this chapter, see the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sr/cr/index.htm.

Before referring to any other QoS documentation for the platform or in the Cisco IOS software, use this chapter to determine Cisco 7600 Series Cisco 7600 Series ES+ line card-specific QoS feature support and configuration guidelines.

---

Note The information provided in this chapter is applicable to both the ES+ and ES+T line cards unless specified otherwise.

---

For additional details about QoS concepts and features in Cisco IOS Release 12.2, you can refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html.

This chapter includes the following sections:

•Supported Interfaces

•QoS Functions

•Configuring QoS Features Using MQC

•Configuring Classification

•Configuring Policing

•Configuring Marking

•Configuring Shaping

•Configuring QoS Queue Scheduling

•Configuring PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card

•Configuring Hierarchical QoS

•EVCS QoS Support

•QoS on Port-Channel Member-Link

•IPv6 - Hop by Hop Rate Limiter

•QoS: Service Group Support on Cisco 7600

•Configuring Flexible Service Mapping Based on CoS and Ethertype

Supported Interfaces

The Cisco 7600 Series ES+ line cards support QoS on the following interfaces:

•Main Layer 3 interface

•Layer 3 subinterface

•Switchport interfaces

•SVI interfaces

•Service instances

•Port-channel service instances

•Port-channel subinterface (supported in input direction only)

•Port-channel Layer 3 member link (supported in output direction only)

---

Note The following interfaces support Modular QoS CLI (MQC) commands; however, only limited QoS support exists for Cisco IOS Release 12.2(33)SRD.Additional QoS functionality will be in future releases.

---

•Port-channel Layer 2 main interface

•Port-channel Layer 3 main interface

•Port-channel Layer 2 member link

QoS Functions

The following sections describe ingress and egress QoS functions.

Ingress QoS Functions

The following paragraphs describe ingress QoS support on the Cisco 7600 Series ES+ line card.

Ingress Trust

Trust is a port assignment instructing the port to trust (leave) existing priorities as they are on incoming frames or to rewrite the priorities back to zero.

A packet can arrive at an interface with a priority value already present in the packets header. The router needs to determine if the priority setting was set by a valid application or network device according to pre defined rules or if it was set by a user hoping to get better service.

The router has to decide whether to honor the priority value or change it to another value. How the router makes this determination is by using the port "trust" setting.

The main Layer 3 interface and the Layer 3 subinterface always trust Differentiated Services Code Point (DSCP) by default. For switchport interfaces and service instances, the port is untrusted and EARL QoS is ignored.

To change the ingress type of service (ToS), use marking. For information on marking, see the "Configuring Marking" section.

Ingress Queue Scheduling

The Cisco 7600 Series ES+ line card supports ingress queue scheduling. For information on configuring ingress scheduling, see the "Configuring QoS Queue Scheduling" section.

Ingress Classification

Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.

Traffic is classified to determine whether it should be:

•Marked for further processing

•Policed to rate limit specific traffic types

The Cisco 7600 Series ES+ line card supports ingress classification. For information on configuring classification, see the "Configuring Classification" section.

Ingress Policing

Policing provides a means to limit the amount of bandwidth that traffic traveling through a given port, or a collection of ports in a VLAN, can use. Policing works by defining an amount of data that the router is willing to send or receive in kilobytes per second.

When policing is configured, it limits the flow of data through the router by dropping or marking down the QoS value traffic that is out-of-profiles. Policing allows the router to limit the rate of specific types to a level lower than what they might get otherwise based only the interface bandwidth.

The Cisco 7600 Series ES+ line card supports ingress policing. For information on configuring policing, see the "Configuring Policing" section.

Ingress Marking

After it has been classified, traffic can be marked. Marking is a way to selectively modify the classification bits in a packet to identify traffic within the network. Other interfaces can then match traffic based on the markings.

The Cisco 7600 Series ES+ line card supports ingress marking. For information on configuring marking, see the "Configuring Marking" section.

Ingress Bandwidth and CBWFQ

Ingress bandwidth allows you to specify or modify the bandwidth allocated for a class belonging to a policy-.map. Class-based weighted fair queueing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. Ingress bandwidth and CBWFQ are supported on on main Layer 3 interface, Layer 3 subinterface, and service instances.

The Cisco 7600 Series ES+ line card supports ingress bandwidth and CBWFQ. For information, see the "Configuring Bandwidth and CBWFQ" section.

LLQ (Ingress Priority)

Low-Latency Queuing (LLQ) allows you to allocate bandwidth to the class maps in the policy map.

The Cisco 7600 Series ES+ line card supports LLQ. For information, see the "Configuring LLQ" section.

Ingress Shaping

The Cisco 7600 Series ES+ line card supports ingress shaping. The shape average command is supported in flat/H-QoS policy-maps in ingress on main Layer 3 interface, Layer 3 subinterface, and service instances. For more information, see the "Configuring Shaping" section.

---

Note Ingress queueing commands are not supported on port channel service instances.

---

Egress QoS Functions

The following sections describe QoS functions on the Cisco 7600 Series ES+ line card egress ports.

Egress Classification

Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.

Traffic is classified to determine whether it should be:

•Marked for further processing

•Queued to rate limit specific traffic types

The Cisco 7600 Series ES+ line card supports egress classification. For information on configuring classification, see the "Configuring Classification" section.

Egress Policing

The Cisco 7600 Series ES+ line card supports egress port policing.

Egress Marking

After traffic has been classified, the router can mark it. You use marking to selectively modify the classification bits in the packet to differentiate packets based on the designated markings.

The Cisco 7600 Series ES+ line card supports egress port marking. For information on configuring marking, see the "Configuring Marking" section.

Egress Shaping

Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface and to ensure that the traffic conforms to policies contracted for it. You can use shaping to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.

The Cisco 7600 Series ES+ line card supports shaping on egress port, subinterfaces, and service instances. For information on configuring shaping, see the "Configuring Shaping" section.

Egress Queue Scheduling

The egress line card uses congestion avoidance to help prevent congestion and keep its buffers from overflowing.

The Cisco 7600 Series ES+ line card supports Class-based Weighted Fair Queuing (CBWFQ), Low Latency Queueing (LLQ), and Weighted Random Early Detection (WRED). For information on configuring egress scheduling, see the "Configuring QoS Queue Scheduling" section.

Configuring QoS Features Using MQC

The Modular QoS CLI (MQC) is a CLI structure that allows users to create traffic policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to select traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.

To configure QoS features using the Modular QoS CLI on the Cisco 7600 Series ES+ line card, complete the following basic steps:

---

Step 1 Define a traffic class using the class-map command.

Step 2 Create a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command).

Step 3 Attach the traffic policy to the interface using the service-policy command.

---

For a complete discussion about MQC, refer to the "Modular Quality of Service Command-Line Interface Overview" section of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.3 publication at:

http://www.cisco.com/en/US/docs/ios/12_3/featlist/qos_vcg.html

Configuring Classification

Use the QoS classification features to select your network traffic and categorize it into classes for further QoS processing based on matching certain criteria. The default class, named "class-default," is the class to which any traffic that does not match any of the selection criteria in the configured class maps is directed.

Restrictions and Usage Guidelines

Table 7-1 provides information about which QoS classification features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router. For more information about most of the commands documented in this table, refer to the Cisco IOS Quality of Service Solutions Command Reference.

Table 7-1 QoS Classification Feature Support  

Feature (match command)	Supported Interfaces
Match on access list (ACL) number (match access-group command)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces1 •Service instances1 •Port-channel service instances1 •Port-channel subinterface(input only)
Match on Class of Service (CoS) (match cos command)	Input and output for the following interfaces: •Main Layer 3 interface2 •Layer 3 subinterface •Switchport interfaces •SVI interfaces3 •Service instances •Port-channel service instances •Port-channel subinterface(input only) •Port-channel Layer 3 member link (output only)
Match on inner CoS (match cos inner command)	Input and output for the following interfaces: •Service instances •Port-channel service instances
Match on input VLAN (match input vlan command)	Output for the following interfaces: •Main Layer 3 Note Used with nonintelligent line card in the input side and a Cisco 7600 Series ES+ line card on the output side. The service policy is applied on the output side to match the VLAN from the input side.
Match on IP DSCP (match ip dscp command)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces •Service instances •Port-channel service instances •Port-channel subinterface(input only) •Port-channel Layer 3 member link (output only)
Match on IP precedence (match ip precedence command)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces •Service instances •Port-channel service instances •Port-channel subinterface (input only) •Port-channel Layer 3 member link (output only)
Match on MPLS experimental (EXP) bit (match mpls experimental command)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces •Port-channel service instances •Port-channel subinterface (input only) •Port-channel Layer 3 member link (output only)
Match on VLAN (match vlan command—Matches the outer VLAN of a Layer 2 IEEE 802.1Q frame)	Input and output for the following interfaces: •Main Layer 3 interface2 •Layer 3 subinterface •Switchport interfaces •Service instances •Port-channel service instances •Port-channel subinterface (input only)
Match on VLAN Inner (match vlan inner command—Matches the innermost VLAN of the 802.1Q tag in the Layer 2 frame)	Input and output for the following interfaces: •Layer 3 subinterface •Service instances •Port-channel service instances •Port-channel subinterface (input only)
Match on source-address MAC match source-address mac command—Matches the source MAC address.	Input and output for the following interfaces: •Switchport interfaces •Service instances •Port-channel service instances

1 Only classified based on source MAC address using Layer 2 ACL. 2 To match subinterface/EVC traffic and policy map applied on the main interface. 3 Cisco 7600 Series ES+ line cards support classification on SVI only for EoMPLS and VPLS.

SUMMARY STEPS

1. enable

2. configure terminal

3. class-map [match-all | match-any] class-map-name

4. match type

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	class-map [match-all | match-any] class-map-name Example: Router(config)# class-map match-all acl9 (id 1049)	Creates a traffic class, where: •match-all—(Optional) Specifies that all match criteria in the class map must be matched, using a logical AND of all matching statements defined under the class. This is the default. •match-any—(Optional) Specifies that one or more match criteria must match, using a logical OR of all matching statements defined under the class. •class-map-name—Specifies the user-defined name of the class. Note You can define up to 4,000 unique class maps.
Step 4	match type Example: Router(config-cmap)# match ip precedence 5	Specifies the matching criterion to be applied to the traffic, where type represents one of the forms of the match command supported by the Cisco 7600 Series ES+ line card as shown in Table 7-1. Note A single class map can contain up to 8 different match command statements.

Examples

This example shows how to configure a class map named ipp5, and enter a match statement for IP precedence 5:

Router# enable

Router# configure terminal

Router(config)# class-map ipp5

Router(config-cmap)# match ip precedence 5

Router(config-cmap)# 

This is an example of configuring class matching on multiple match statements.

Router# enable

Router# configure terminal

Router(config)# class-map match-any many (id 1047)

Router(config-cmap)# match ip precedence 3 

Router(config-cmap)# match access-group 100 

Router(config-cmap)# match mpls experimental 5 

This is an example of configuring class matching on named ACLS.

Router# enable

Router# configure terminal

Router(config)# class-map match-all acl9 (id 1049)

Router(config-cmap)# match access-group name rock

This example shows a logical AND operation in a child policy with match vlan and class-default in a parent.

Router# enable

Router# configure terminal

Router(config)# class-map match-all childAND

Router(config-cmap)# match vlan inner 2-3

Router(config-cmap)# match cos inner 5 6

Router(config)# policy-map testchildAND

Router(config-pmap)# class childAND

Router(config-pmap-c)# shape average 100000000

Router(config)# policy-map parentAND

Router(config-pmap)# class vlan12

Router(config-pmap-c)# shape average 500000000

Router(config-pmap-c)# service-policy testchildAND

This example shows how to display class-map information for a specific class map using the show class-map command:

Router# show class-map ipp5

Class Map match-all ipp5 (id 1)

Match ip precedence 5

This example shows how to display class map information matching on extended ACLs using the show class-map command.

Router# show class-map acl5

	Class Map match-all acl5 (id 1042)

	 Match access-group 102 

This example shows how to verify classification on a VLAN in the parent class of a H-QoS policy.

head# show policy-map match

	Policy Map match

	 Class vlan11

      shape average 2000000 8000 8000

      service-policy match4

	 Class vlan12

      shape average 2000000 8000 8000

      service-policy match4

	 Class vlans

      shape average 500000000 2000000 2000000

      service-policy match2

Configuring Policing

The Cisco 7600 Series ES+ line cards support the following features:

•Individual Actions

•Multiple Actions

•Single Rate, 2 Color Policer

–Granularity

– Accuracy (Rate and Bucket Depths)

– Statistics

– Percent based policer

•Dual Rate, 3 color

–Percent based policer

•Color aware policer not supported

•Single-rate 3-color not supported.

•Color blind mode

•Hierarchical Policies (up to two levels)

•256 Profiles at different rates

•Micro-flow policing

Policing is supported at the input and output for the following interfaces:

•Main Layer 3 interface

•Layer 3 subinterface

•Switchport interfaces

•Service instances

•Port-channel service instances

•Port-channel subinterface (input only) (aggregate per Trident)

•Layer 3 port-channel member link

Micro-flow policing is supported at the input for the following interfaces:

•Main Layer 3 interface (micro-flow policing)

•Layer 3 subinterface (micro-flow policing)

•Port-channel subinterface (micro-flow policing)

Restrictions and Usage Guidelines

When configuring policing, follow these restrictions and usage guidelines:

•The Cisco 7600 Series ES+ line card supports maximum of 1k unique global policy maps per line card.

•The Cisco 7600 Series ES+ line card supports 16K EVCs. 16K ingress service policies and 16K egress service policies are supported per line card.

•Maximum class maps per policy map are 255.

---

Note Note: You can use CLI to configure grand parent level shaper with minimum of 64000 bps but it will be rounded to 160,000 bps.

---

•Policer CIR and PIR can be any value between 64,000 bps to 10 Gbps.

•If a service policy configures both class-based marking and marking as part of a policing action, then the marking using policing takes precedence over any class-based marking.

•When configuring policing paired with queueing actions:

–If there are some other bandwidth classes configured in the policy-map, then either exceed or violate action must be dropped. The conform action can be any action.

–If no other bandwidth class is configured, then conform, exceed, and violate can be any action.

•Up to 48,000 policers per Trident are supported for one rate 2 color or two rate 3 color policers.

•EVC micro-flow policer is not supported.

•When configuring supported micro-flow policing:

–A policy must only contain micro-flow policing commands. Micro-flow policing is not supported with other QoS features (that is, with marking, policing, or queueing).

–Micro-flow policing is PFC action. Other QoS features (that is, marking, policing, or queueing) are implemented in the Trident.

–Any modification to the micro-flow policing policy that shifts the policy implementation from Trident to the PFC or from the PFC to the Trident is not supported. All such modifications would require the policy to be first removed from the attached ES40 interfaces, modified, and then reattached to ES40 interfaces.

Table 7-2 provides information about which policing features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series routers.

Table 7-2 QoS Policing Feature Support 

Policing Command	Policing Action (set command)
police bps value conform-action action exceed-action action	•Transmit the packet (transmit action) •Drop the packet (drop command) •Set the IP precedence value (set ip precedence command) •Set the IP DSCP value (set ip dscp command) •Set the MPLS EXP bit (0-7) on imposition (set-mpls-experimental-imposition command) •Set the MPLS EXP bit in the topmost label (set-mpls-experimental-topmost command) •Set the COS value (set cos command) •Set the COS-inner value (set cos-inner command)
police cir percent % conform-action action exceed-action action	•Transmit the packet (transmit action) •Drop the packet (drop command) •Set the IP precedence value (set ip precedence command) •Set the IP DSCP value (set ip dscp command) •Set the MPLS EXP bit (0-7) on imposition (set-mpls-experimental-imposition command) •Set the MPLS EXP bit in the topmost label (set-mpls-experimental-topmost command) •Set the COS value (set cos command) •Set the COS-inner value (set cos-inner command)
police cir bps value pir bps value conform-action action exceed-action action violate-action action	•Transmit the packet (transmit action) •Drop the packet (drop command) •Set the IP precedence value (set ip precedence command) •Set the IP DSCP value (set ip dscp command) •Set the MPLS EXP bit (0-7) on imposition (set-mpls-experimental-imposition command) •Set the MPLS EXP bit in the topmost label (set-mpls-experimental-topmost command) •Set the COS value (set cos command) •Set the COS-inner value (set cos-inner command)
police cir percent % pir percent % conform-action action exceed-action action violate-action action	•Transmit the packet (transmit action) •Drop the packet (drop command) •Set the IP precedence value (set ip precedence command) •Set the IP DSCP value (set ip dscp command) •Set the MPLS EXP bit (0-7) on imposition (set-mpls-experimental-imposition command) •Set the MPLS EXP bit in the topmost label (set-mpls-experimental-topmost command) •Set the COS value (set cos command) •Set the COS-inner value (set cos-inner command)

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-map-name

4. class {class-name | class-default}

5. police bps value conform-action action exceed-action action

or

police cir percent % conform-action action exceed-action action

or

police cir bps value pir bps value conform-action action exceed-action action violate-action action

or

police cir percent % pir percent % conform-action action exceed-action action violate-action action

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-map-name Example: Router(config)# policy-map policy-map-test	Creates or modifies a traffic policy and enters policy map configuration mode, where: •policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.
Step 4	class {class-name | class-default} Example: Router (config-pmap)# class acgroup2	Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: •class-name—Specifies that the policy applies to a user-defined class name previously configured. •class-default—Specifies that the policy applies to the default traffic class.
Step 5	police bps-value conform-action action exceed-action action Example: Router(config-pmap-c)# police 5000000 conform-action drop exceed-action set-dscp-transmit	Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: •bps value—Specifies the average rate in bits per second. Valid values are 8000 to 200000000. •action—Specifies the actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir percent % conform-action action exceed-action action Example: Router(config-pmap-c)# police cir percent 20 conform-action transmit exceed-action set-prec-transmit 1	Configures traffic policing on the basis of a percentage of bandwidth available on an interface, where: •cir—Specifies the committed information rate. Indicates that the committed information rate (CIR) will be used for policing traffic. •percent—Specifies that a percentage of bandwidth will be used for calculating the CIR. •%—Specifies the CIR bandwidth percentage. Valid values are 1 to 100. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir bps-value pir bps-value conform-action action exceed-action action violate-action action Example: Router(config-pmap-c)# police cir 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop	Configures traffic policing using two rates, the CIR and the peak information rate (PIR), where: •cir—Specifies the committed information rate. Indicates that the CIR will be used for policing traffic. •pir—Specifies the peak information rate. Indicates that the PIR will be used for policing traffic. •bps-value—Specifies the average rate in bits per second. Valid values are 8000 to 200000000. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir percent % pir percent % conform-action action exceed-action action violate-action action Example: Router(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit exceed-action set-prec-transmit 1 violate-action drop	Configures traffic policing using two rates, the CIR and the PIR, where: •cir—Specifies the committed information rate. Indicates that the CIR will be used for policing traffic. •percent—Specifies that a percentage of bandwidth will be used for calculating the CIR. •%—Specifies the CIR or PIR bandwidth percentage. Valid values are 1 to 100. •pir—Specifies the peak information rate. Indicates that the PIR will be used for policing traffic. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.

Examples

In the following example, all actions are configured in separate lines.

Router# (config)# policy-map ABC 

Router(config-pmap)# class class-default 

Router(config-pmap-c)# police 10000000 8000 8000 

Router(config-pmap-c-police)# conform-action set-cos-transmit 2 

Router(config-pmap-c-police)# exceed-action set-cos-transmit 1 

Router(config-pmap-c-police)# end 

Router# 

Router# show policy-map ABC 

Policy Map ABC 

Class class-default 

police cir 10000000 bc 8000 be 8000 

conform-action set-cos-transmit 2 

exceed-action set-cos-transmit 1 

Router# 

This example configures a 1 rate 2-color policer:

Router(config)# policy-map 1r2c

Router(config-pmap)# class class-default

Router(config-pmap-c)# police 2000000

Router(config-pmap-c-police)# conform-action transmit 

Router(config-pmap-c-police)# exceed-action drop 

Router(config-pmap-c-police)# end

Router# show policy-map 1r2c

  Policy Map 1r2c

    Class class-default

     police cir 2000000 bc 62500

       conform-action transmit

       exceed-action drop

Router#

This example configures a 1 rate 2-color policer with percent:

Router(config)# policy-map 1r2c_percent

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir percent 20

Router(config-pmap-c-police)# conform-action set-cos-transmit 0

Router(config-pmap-c-police)# exceed-action drop

Router(config-pmap-c-police)# end

Router#

Router# show policy-map 1r2c_percent

  Policy Map 1r2c_percent

    Class class-default

     police cir percent 20

       conform-action set-cos-transmit 0

       exceed-action drop

Router#

This example configures a 2 rate 3-color policer:

Router(config)# policy-map 2r3c

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir 2000000 pir 3000000 

Router(config-pmap-c-police)# conform-action set-prec-transmit 3

Router(config-pmap-c-police)# exceed-action set-prec-transmit 2

Router(config-pmap-c-police)# violate-action set-prec-transmit 1

Router(config-pmap-c-police)# end

Router#

Router# show policy-map 2r3c

  Policy Map 2r3c

    Class class-default

     police cir 2000000 bc 62500 pir 3000000 be 93750

       conform-action set-prec-transmit 3

       exceed-action set-prec-transmit 2

       violate-action set-prec-transmit 1

Router#

This example configures a 2 rate 3-color policer with percent:

Router(config)# policy-map 2r3c_percent

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir percent 10 pir percent 20 

Router(config-pmap-c-police)# conform-action transmit 

Router(config-pmap-c-police)# exceed-action set-cos-transmit 0

Router(config-pmap-c-police)# violate-action drop

Router(config-pmap-c-police)# end

Router#

Router# show policy-map 2r3c_percent

  Policy Map 2r3c_percent

    Class class-default

     police cir percent 10 pir percent 20

       conform-action transmit

       exceed-action set-cos-transmit 0

       violate-action drop

Router#

This example configures a single rate two color policer in class-default with a CIR of 64 Kbps, a conform action of transmit and an exceed action of drop with as small a Bc as possible:

Router# enable

Router# configure terminal

Router(config)# policy-map police

Router(config-pmap)# class test8

Router(config-pmap-c)# police 64000 2000

This example configures a single rate two color policer in class-default and a child policy with policing:

Router# enable

Router# configure terminal

Router(config)# policy-map police5

Router(config-pmap)# class test18

Router(config-pmap-c)# service policy child-level

Router(config-pmap-c)# police cir 64000 50

The following example shows a 2R3C configuration in a class and policy map:

Router# enable

Router# configure terminal

Router(config)# policy-map test

Router(config-pmap)# class cos2

Router(config-pmap-c)# police 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop

The following example configures a dual rate three color policer in class-default with a CIR of 64 Kbps, and PIR doubled the CIR rate, a conform action of transmit, and an exceed action mark dscp af11 and violate mark dscp cs1 with default setting on Bc.

Router# enable

Router# configure terminal

Router(config)# policy-Map qos_test

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir 64000 bc 2000 pir 128000 be 2000 conform-action transmit 
exceed-action set-dscp-transmit af11 violate-action set-dscp-transmit cs1

The following example configures a dual rate three color policer in class-default.

Router# enable

Router# configure terminal

Router(config)# policy-map test

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit 
exceed-action set-prec-transmit 1 violate-action drop

Verification

Use the following commands to verify policing:

	Command	Purpose
	Router# show policy-map	Displays all configured policy maps.
	Router# show policy-map policy-map-name	Displays the user-specified policy map.
	Router# show policy-map interface	Displays statistics and configurations of all input and output policies that are attached to an interface.

This example shows how to display policing statistics using the show policy-map interface command in the EXEC mode.

Router# show policy-map interface

TenGigabitEthernet3/1

service-policy output: x

class-map: a (match-all)

0 packets, 0 bytes

5 minute rate 0 bps

match: ip precedence 0

police:

1000000 bps, 10000 limit, 10000 extended limit

conformed 0 packets, 0 bytes; action: transmit

exceeded 0 packets, 0 bytes; action: drop

conformed 0 bps, exceed 0 bps, violate 0 bps

This is another example of displaying policing statistics using the show policy-map interface command; in this case the statistics are for a one rate 2 color per EVC policer.

Router# show policy-map interface ten 4/1 service instance 1

TenGigabitEthernet4/1: EFP 1

Service-policy input: evc_ingress

Counters last updated 00:00:00 ago

Class-map: class-default (match-any)

72077 packets, 36903424 bytes

5 minute offered rate 981000 bps, drop rate 440000 bps

Match: any

police:

cir 10000000 bps, bc 8000 bytes

conformed 87426 packets, 44762112 bytes; actions:

transmit

exceeded 85974 packets, 44018688 bytes; actions:

drop

conformed 556000 bps, exceed 448000 bps

Attaching a QoS Traffic Policy to an Interface

Before a traffic policy can be enabled for a class of traffic, it must be configured on an interface. A traffic policy also can be attached to Ethernet subinterfaces, main interfaces, and service instances.

Traffic policies can be applied for traffic coming into an interface (input), and for traffic leaving that interface (output).

Attaching a QoS Traffic Policy for an Input Interface

When you attach a traffic policy to an input interface, the policy is applied to traffic coming into that interface. To attach a traffic policy for an input interface, use the following command beginning in interface configuration mode:

Command	Purpose
Router(config-if)# service-policy input policy-map-name	Attaches a traffic policy to the input direction of an interface, where: •policy-map-name—Specifies the name of the traffic policy to configure.

Attaching a QoS Traffic Policy to an Output Interface

When you attach a traffic policy to an output interface, the policy is applied to traffic leaving that interface. To attach a traffic policy to an output interface, use the following command beginning in interface configuration mode:

Command	Purpose
Router(config-if)# service-policy output policy-map-name	Attaches a traffic policy to the output direction of an interface, where: •policy-map-name—Specifies the name of the traffic policy to configure.

Configuring Marking

After you have created your traffic classes, you can configure traffic policies to configure marking features to apply certain actions to the selected traffic in those classes.

In most cases, the purpose of a packet mark is identification. After a packet is marked, downstream devices identify traffic based on the marking and categorize the traffic according to network needs. This categorization occurs when the match commands in the traffic class are configured to identify the packets by the mark (for example, match ip precedence, match ip dscp, match cos, and so on). The traffic policy using this traffic class can then set the appropriate QoS features for the marked traffic.

In some cases, the markings can be used for purposes besides identification. Distributed WRED, for instance, can use the IP precedence, IP DSCP, or MPLS EXP values to detect and drop packets.

Restrictions and Usage Guidelines

When configuring class-based marking on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•There is no limit on the number of marking statements per class map.

•Marking can be configured at parent and leaf.

•EARL marking is not used.

•Marking can be combined with queueing policies.

•Marking statistics are not provided in show policy-map interface command output. You can refer to classification statistics in place of marking statistics.

Table 7-3 provides information about which QoS class-based marking features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router.

Table 7-3 QoS Class-Based Marking Feature Support 

Marking Feature (set command)	Supported Interfaces
Set IP DSCP (set ip dscp command—Marks the IP differentiated services code point (DSCP) in the type of service (ToS) byte with a value from 0 to 63.)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Service instances •Port-channel service instances •Port-channel subinterface (input only) •Port-channel Layer 3 member link (output only)
Set IP precedence (set ip precedence command—Marks the precedence value in the IP header with a value from 0 to 7.)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Service instances •Port-channel service instances •Port-channel subinterface (input only) •Port-channel Layer 3 member link (output only)
Set Layer 2 IEEE 802.1Q CoS (set cos command—Marks the CoS value from 0 to 7 in an 802.1Q tagged frame.)	Input and output for the following interfaces: •Main Layer 3 interface1 •Layer 3 subinterface •Switchport interfaces •Service instances (excluding EoMPLS on input) •Port-channel service instances •Port-channel subinterface (input only) •Port-channel Layer 3 member link (output only)
Set Layer 2 802.1Q CoS (set cos-inner command—Marks the inner CoS field from 0 to 7 in a bridged frame.)	Input and output for the following interfaces: •Layer 3 subinterface •Service instances •Port-channel service instances
Set Layer 2 802.1Q CoS (set cos-inner cos command—Copies out CoS to inner CoS.)	Input and output for the following interfaces: •Layer 3 subinterface •Service instances •Port-channel service instances
Set Layer 2 802.1Q CoS (set cos cos-inner command)	Input and output for the following interfaces: •Layer 3 subinterface •Service instances •Port-channel service instances
Set MPLS experimental (EXP) bit on label imposition (set mpls experimental imposition command)	Input for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •SVI interfaces (for EoMPLS and VPLS) •Service instances (EVC-based EoMPLS) •Port-channel service instances (Not supported on switchport)
Set MPLS EXP topmost (set mpls experimental topmost command)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces

1 To match subinterface/EVC traffic and policy map applied on the main interface.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-map-name

4. class {class-name | class-default}

5. set type

DETAILED STEPS:

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-map-name Example: Router(config)# policy-map policymap3	Creates or modifies a traffic policy and enters policy map configuration mode, where: •policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.
Step 4	class {class-name | class-default} Example: Router(config-pmap)# class class1	Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: •class-name—Specifies that the policy applies to a user-defined class name previously configured. •class-default—Specifies that the policy applies to the default traffic class.
Step 5	set type Example: Router(config-pmap-c)# set ip precedence2	Specifies the marking action to be applied to the traffic, where type represents one of the forms of the set command supported by the Cisco 7600 Series ES+ line card as shown in Table 7-3.

Examples

This example shows the creation of a service policy called policy1. This service policy is associated to a previously defined classification policy through the use of the class command. This example assumes that a classification policy called class1 was previously configured.

Router# enable

Router# configure terminal

Router(config)# policy-map policy1

Router(config-pmap)# class class1

Router(config-pmap-c)# set ip precedence 1 

This example configures marking to set the imposed MPLS EXP bits to 1:

Router# enable

Router# configure terminal

Router(config)# policy-map test

Router(config-pmap)# class test

Router(config-pmap-c)# set mpls experimental imposition 1

This example configures marking to set the inner cos value:

Router# enable

Router# configure terminal

Router(config)# policy-map test

Router(config-pmap)# class test

Router(config-pmap-c)# set cos inner 1

This example configures marking to set the imposed MPLS EXP bits to 1:

Router# enable

Router# configure terminal

Router(config)# policy-map test

Router(config-pmap)# class test

Router(config-pmap-c)# set mpls experimental topmost 1

Verification

Use the following commands to verify marking:

	Command	Purpose
	Router# show policy-map	Displays all configured policy maps.
	Router# show policy-map policy-map-name	Displays the user-specified policy map.
	Router# show policy-map interface	Displays statistics and configurations of all input and output policies that are attached to an interface.

For more detailed information about configuring class-based marking features, refer to the Class-Based Marking document located at the following URL:

http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html

Configuring Shaping

This section describes information for configuring QoS traffic policies for shaping traffic. Shaping is the process of delaying packets in queues to make them conform to a specified profile.

Restrictions and Usage Guidelines

When configuring shaping on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•Up to 256 shaping profiles are supported.

•Shaping can be performed at all levels of the hierarchy.

•Shaping rates range from 64 Kbps to link rate.

•Dual shapers are not supported.

•Service instance, port channel service instance, and Layer 3 subinterface support two-level policy-map: parent class-default and child policy.

•Main interface supports three-level policy-map: grand-parent class-default, parent user defined classes, and child user defined classes.

•Shaper CIR granularity for leaf level shaper:

–64,000 bps to 32,768,000 bps: granularity of 16,000 bps

–32,768,000 bps to 131,008,000 bps: granularity of 64,000 bps

•Shaper CIR granularity for parent level shaper:

–Can be any value between 64,000 bps to 10 Gbps

•Shaper CIR granularity for grand parent level shaper:

–160,000bps to 40,960,000 bps: granularity of 160,000 bps

–40,960,000 bps to 163,840,000 bps: granularity of 640,000 bps

–163,840,000 bps to 655,360,000 bps: granularity of 2,560,000 bps

–655,360,000 bps to 10G: granularity of 10,240,000 bps

•The shape average percent command is not supported.

For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.

Table 7-4 provides information about which QoS traffic shaping features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router.

Table 7-4 QoS Traffic Shaping Feature Support

Traffic Shaping Feature (command)	Cisco 7600 Series ES+ Line Card
Class-based shaping (shape average commands)	Input and output for the following interfaces: •Main Layer 3 interface •Layer 3 subinterface •Switchport interfaces •Port-channel service instances •Port-channel Layer 3 member link (output only)

SUMMARY STEPS

1. enable

2. configure terminal

3. class-map [match-all | match-any] class-map-name

4. match [ip dscp ip-dscp-value | ip precedence ip-precedence-value | mpls experimental mpls-exp-value]

5. policy-map policy-name

6. class class-name

7. shape average cir [bc] [be]

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	class-map [match-all | match-any] class-map-name Example: Router(config)# class-map class-interface-all	Creates a class map to be used for matching packets to a class.
Step 4	match [ip dscp ip-dscp-value | ip precedence ip-precedence-value | mpls experimental mpls-exp-value] Example: Router(config-cmap)# match ip precedence 2	Specifies a specific IP DSCP, IP precedence, or MPLS EXP value as a match criterion.
Step 5	policy-map policy-name Example: Router(config)# policy-map test2	Specifies the name of the policy map to configure.
Step 6	class class-name Example: Router(config-pmap)# class classtest	Specifies the name of a predefined class included in the service policy.
Step 7	shape average cir [bc] [be] Example: Router(config-pmap-c)# shape average 10000000	Specifies average or peak rate traffic shaping.

Examples

This example shows traffic shaping on a main interface; traffic leaving interface gi1/1 is shaped at the rate of 10 Mbps:

Router# enable

Router# configure terminal

Router(config)# class-map class-interface-all

Router(config-cmap)# match ip precedence 2

Router(config-cmap)# exit

Router(config)# policy-map dts-interface-all-action

Router(config-pmap)# class class-interface-all

Router(config-pmap-c)# shape average 10000000

Router(config-pmap-c)# exit

Router(config)# interface gi1/1

Router(config-if)# service-policy output dts-interface-all-action

This is an example of an output shaping policy on a switchport interface that matches on a CoS value queuing defined in the classes.

Router# enable

Router# configure terminal

Router(config)# policy-map switchport-cos-policy

Router(config-pmap)# class cos1

Router(config-pmap-c)# shape ave 100000000

Now the policy is applied in the egress direction on the main switchport.

Router# enable

Router# configure terminal

Router(config)# interface TenGigabitEthernet9/1

Router(config-if)# switchport

Router(config-if)# switchport access vlan 2000

Router(config-if)# switchport mode access

Router(config-if)# service-policy output switchport-cos-policy

In this example, shape is applied at the parent level of an HQoS policy-map.

Router# enable

Router# configure terminal

Router(config)# policy-map child2

Router(config-pmap)# class prec5

Router(config-pmap-c)# shape average 100000000

Router(config)# policy-map pcd

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 300000000

Router(config-if)# service-policy child2

This example configures a shaping policy in default-class with WRED:

Router# enable

Router# configure terminal

Router(config)# policy Map qos_test

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape ave 100Mbps

Router(config-pmap-c)# random-detect dscp-based aggregate

Verification

Use the following commands to verify traffic shaping:

	Command	Purpose
	Router# show interface [interface-name] shape	Displays detail status of the traffic shaping.
	Router# show policy policy-name	Displays the configuration of all classes composing the specified traffic policy.
	Router# show policy policy-name class class-name	Displays the configuration of the specified class of the specified traffic policy.

Configuring QoS Queue Scheduling

This section describes Cisco 7600 Series ES+ line card-specific information for configuring QoS queue scheduling.

Restrictions and Usage Guidelines

When configuring queueing features on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•The number of data queues configurable per policy-map at child level depends on the priority queue configuration:

–If there are no priority queue configured, each subscriber can have up to 8 normal queues.

–If there is any priority queue of any priority level configured, each subscriber can have 2 priority queues and up to 6 normal queues.

–If there is only 1 priority queue configured, the other priority queue is reserved and cannot be used as a normal queue.

•4k parent queues for ingress and 8k parent queues for egress per Trident (nonconfigurable).

•32K child queues on ingress and 64k child queues for egress per Trident (nonconfigurable).

•Parent class-default on sub-interface/EVCs scales more.

•Parent user-defined classmap is supported on main Layer 3 interface, and port-channel Layer 3 member link (output only).

•QoS queue scheduling supports the following commands:

–bandwidth x kbps

–bandwidth percent x%

–bandwidth remaining percent x %

–bandwidth remaining ratio

–priority

–priority level level

–queue-limit queue-size

–queue-limit queue-size packets

–random-detect

–random-detect exponential-weighting-constant 1-16

–random-detect min-threshold max-threshold mark-prob

–random-detect dscp-based aggregate

–random-detect dscp 0-63 min-threshold max-threshold mark-prob

–random-detect prec-based

–random-detect precedence 0-7 min-threshold max-threshold mark-prob

For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.

Configuring WRED

Weighted RED (WRED) generally drops packets selectively based on IP precedence. Packets with a higher IP precedence are less likely to be dropped than packets with a lower precedence. WRED is supported on the output of the following interfaces:

•Main Layer 3 interface

•Layer 3 subinterface

•Switchport interfaces

•Service instances

•Port-channel service instances

•Port-channel Layer 3 member link

WRED Aggregate and Non-Aggregate Mode

WRED Aggregate mode and Non-Aggregate modes define how the hardware resources are internally used to provide the WRED behavior. On an ES+linecard, there are 8 WRED curves. In a WRED Non-Aggregate mode, a single CoS value maps to one WRED curve and in a WRED Aggregate mode, multiple dscp values are mapped to one WRED curve.

For more information on this, see https://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_q1.html#wp1053666

The set of subclass (DSCP precedence) values defined on a random-detect dscp (aggregate) CLI will be aggregated into a single hardware WRED resource. The statistics for these subclasses will also be aggregated.

Restrictions and Usage Guidelines

When configuring WRED on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:

•WRED support is precedence-based, dscp-based, and cos-based. The default with the random-detect command is precedence-based WRED.

–dscp-based is supported only in aggregate mode, as dscp takes 64 possible values, and maps multiple DSCP values to each of the 8 WRED curves. Example: DSCP 30, 50, 60 takes WRED Curve1, DSCP 10, 40 takes WRED Curve2.

–CoS is supported only in non-aggregate mode, as CoS takes eight possible values, and maps single value to each of the 8 WRED curves.

–IP-prec is supported in both aggregate and non-aggregate mode.

•The support per interface is as follows:

–For switchport, only cos-based is supported.

–For EVC and subinterfaces, dscp-based, precedence-based, and cos-based are supported.

–For main Layer 3 interface, only dscp-based and precedence-based are supported.

•Not supported in input direction and parent classes.

•Not supported for priority queues of all priority levels.

•Random Detect in class queue needs a queueing feature.

•Random Detect in default class does not need a queueing feature.

•Cisco 7600 Series ES+ line cards do not support discard-class-based, ecn, and WRED.

•Cisco 7600 Series ES+ line cards support aggregate WRED.

•Supports 8 curves per queue

•The show policymap interface command for WRED does not display transmitted packet count. Random and tail drop counts are displayed.

•The maximum threshold value must be between 16 and 1000000.

•EXP-based WRED for MPLS packets is supported.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-name

4. class class-name

5. shape average cir [bc] [be]

6. random-detect

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-name Example: Router(config)# policy-map wred	Specifies the name of the policy map to configure.
Step 4	class class-name Example: Router(config-pmap)# class IPP1	Specifies the name of a predefined class included in the service policy.
Step 5	shape average cir [bc] [be] Example: Router(config-pmap-c)# shape average 200000000	Shapes traffic to the indicated bit rate for the specified class.
Step 6	random-detect Example: Router(config-pmap-c)# random-detect dscp-based aggregate	Enables WRED.

Examples

This is an example of a WRED configuration.

Router# enable

Router# configure terminal

Router(config)# policy-map wredtest

Router(config-pmap)# class cos5

Router(config-pmap-c)# shape average 200000000

Router(config-pmap-c)# random-detect dscp-based aggregate

Router(config-pmap-c)# random-detect dscp values 0 min 100 max 200 mark-prob 1

Router(config-pmap-c)# random-detect dscp values 1 min 300 max 500 mark-prob 1

Router(config-pmap-c)# random-detect dscp values 2 min 600 max 900 mark-prob 1

The following example configures a class-map which matches IPP=1, 3, 5 and 7, and configures a WRED policy that is applied to the egress interface:

Router# enable

Router# configure terminal

Router(config)# policy-map wred

Router(config-pmap)# class IPP1

Router(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# random-detect precedence-based

Router(config-pmap)# class IPP3

Router(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# random-detect precedence-based

Router(config-pmap)# class IPP5

Router(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# random-detect precedence-based

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# random-detect precedence-based

The following example show the output of the show policy map interface command (transmit packets are not displayed).

Router# enable

Router# configure terminal

Router# show policy-map int gig 11/1 service instance 1 

GigabitEthernet11/1: EFP 1 

Service-policy output: temp_parent 

Counters last updated 00:00:00 ago 

Class-map: class-default (match-any) 

139358 packets, 71351296 bytes 

5 minute offered rate 1745000 bps, drop rate 283000 bps 

Match: any 

Queueing 

queue limit 2048 packets 

(queue depth/total drops/no-buffer drops) 0/104062/0 

(pkts output/bytes output) 35296/18071552 

shape (average) cir 10000000, bc 40000, be 40000 

target shape rate 10000000 

Service-policy : temp 

Counters last updated 00:00:00 ago 

Class-map: class-default (match-any) 

139358 packets, 71351296 bytes 

5 minute offered rate 1745000 bps, drop rate 1304000 bps 

Match: any 

queue limit 2048 packets 

(queue depth/total drops/no-buffer drops) 0/104062/0 

(pkts output/bytes output) 35296/18071552 

Exp-weight-constant: 9 (1/512) 

Mean queue depth: 0 packets 

class Random drop Tail drop Minimum Maximum Mark 

pkts/bytes pkts/bytes thresh thresh prob 

Configuring Bandwidth and CBWFQ

Class-based weighted fair queueing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols and access control lists (ACLs).

Bandwidth is supported on the output of the following interfaces:

•Main Layer 3 interface

•Layer 3 subinterface

•Switchport interfaces

•Service instances

•Port-channel service instances

•Port-channel Layer 3 member link

---

Note Excluding port channel service instances, bandwidth is supported on the input of the above interfaces for H-QoS only. Ingress queueing is not supported for port channel service instances.

---

Restrictions and Usage Guidelines

When configuring Bandwidth and CBWFQ on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:

•The bandwidth kbps and bandwidth percent x% commands are supported.

•On ingress, the bandwidth kbps, bandwidth remaining ratio, bandwidth remaining percent, and bandwidth percent x% commands are supported on the main Layer 3 interface, the Layer 3 subinterface, and on service instances.

•On ingress, the bandwidth kbps, bandwidth remaining ratio, bandwidth remaining percent, and bandwidth percent x% commands must be configured in the child of an H-QoS policy-map.

•The bandwidth remaining percent command is supported at the child/leaf level. The bandwidth remaining ratio command is supported at the parent and child/leaf level.

•The bandwidth command used within a QoS policymap must be consistant across classes.For example, class1 with bandwidth kbps and class2 with bandwidth remaining ratio in the same policy-map is not supported.

---

Note The consistancy need not be maintained between parent and child policymaps. For example, parent with bandwidth remaining ratio and child with bandwidth kbps is supported.

---

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-name

4. class {class-name | class-default}

5. bandwidth {bandwidth-kbps | percent percent | remaining {ratio ratio | percent percent}}

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-map-name Example: Router(config)# policy-map policy1	Creates or modifies a traffic policy and enters policy map configuration mode, where: •policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters.
Step 4	class {class-name | class-default} Example: Router(config)# class c3	Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: •class-name—Specifies that the policy applies to a user-defined class name previously configured. •class-default—Specifies that the policy applies to the default traffic class.
Step 5	bandwidth {bandwidth-kbps | percent percent | remaining {ratio ratio|percent percent}} Example: Router(config-pmap-c)# bandwidth 20000	Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth, to be assigned to the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.

Examples

This example shows a service policy called policy1 that specifies the amount of bandwidth to allocate for traffic classes 1 and 2:

Router# enable

Router# configure terminal

Router(config)# class-map class1 
Router(config-cmap)# match ip dscp 30

Router(config-cmap)# exit

Router(config)# class-map class2 
Router(config-cmap)# match ip dscp 10

Router(config-cmap)# exit

Router(config)# policy-map policy1

Router(config-pmap)# class class1

Router(config-pmap-c)# bandwidth 30000 

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config-pmap)# class class2

Router(config-pmap-c)# bandwidth 20000 

Router(config-pmap-c)# exit

Router(config-pmap)# exit

Router(config)#

Router(config)# interface gigabit ethernet 2/1 
Router(config-if)# service-policy output policy1 

Router(config-if)# exit

The following example configures a QoS policy with multiple user class with rate guarantee setting using the bandwidth command.

Router(config)# policy-map policy1

Router(config)# Class c1

Router(config-pmap-c)# Bandwidth percent 1%

Router(config-pmap)# Class c2

Router(config-pmap-c)# Bandwidth percent 10%

Router(config-pmap)# Class c3 

Router(config-pmap-c)# Bandwidth percent 88%

Router(config-pmap)# Class class-default

Router(config-pmap-c)# Bandwidth 1%

The following example configures a QoS policy with multiple user class with rate guarantee setting:

Router# enable

Router# configure terminal 

Router(config)# Policy Map parent_policy

Router(config-pmap)# class-default

Router(config-pmap-c)# shape average 20000000

Router(config-pmap-c)# bandwidth remaining ratio 5

Router(config-pmap-c)# service-policy child_policy

Router(config)# policy-map child_policy

Router(config-pmap)# class video

Router(config-pmap-c)# priority

Router(config-pmap-c)# police 10000000 

Router(config-pmap)# class critical

Router(config-pmap-c)# bandwidth remaining percent 80

Router(config-pmap)# class class-default

Router(config-pmap-c)# bandwidth remaining percent 20 

Use the following commands to verify CBWFQ:

Command	Purpose
Router# show policy-map policy-map	Displays the configuration of all classes that make up the specified policy map.
Router# show policy-map policy-map class class-name	Displays the configuration of the specified class of the specified policy map.
Router# show policy-map interface interface-name	Displays the configuration of all classes configured for all policy maps on the specified interface.
Router# show queue interface-type interface-number	Displays queueing configuration and statistics for a particular interface.

Configuring LLQ

Low-Latency Queuing (LLQ) uses the priority command to allocate bandwidth to the class maps in the policy map.

LLQ is supported on the output of the following interfaces:

•Main Layer 3 interface

•Layer 3 subinterface

•Switchport interfaces

•Service instances

•Port-channel service instances

•Port-channel Layer 3 member link

Restrictions and Usage Guidelines

When configuring LLQ on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:

•Ingress LLQ

–Dual Priority Queues (High, Medium and Data)

–LLQ configuration is allowed only at the leaf policy-map.

–The priority and priority level commands are supported but you cannot use both in the same policy-map.

–Basic Priority/Low Latency Queue with bit rates is not supported.

–Basic Low Latency Queue with percent is not supported.

–Priority queue with bit rates is not supported.

•Egress LLQ

–Dual Priority Queues (High, Medium and Data)

–LLQ configuration is allowed only at the leaf policy-map.

–The priority and priority level commands are supported but you cannot use both in the same policy-map.

–Basic Priority/Low Latency Queue with bit rates is not supported.

–Basic Low Latency Queue with percent is not supported.

–Priority queue with bit rates is not supported.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-name

4. class {class-name | class-default}

5. police bps-value conform-action action exceed-action action

or

police cir percent % conform-action action exceed-action action

or

police cir bps-value pir bps-value conform-action action exceed-action action violate-action action

or

police cir percent % pir percent % conform-action action exceed-action action violate-action action

6. priority

or

priority level

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-name Example: Router(config)# policy-map silver	Specifies the name of the policy map to configure.
Step 4	class {class-name | class-default} Example: Router(config-pmap)# class classcos0	Specifies the name of a predefined class included in the service policy.
Step 5	police bps-value conform-action action exceed-action action Example: Router(config-pmap-c)# police 5000000 conform-action set-dscp-transmit 0 exceed-action drop	Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: •bps-value—Specifies the average rate in bits per second. Valid values are 8000 to 200000000. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir percent % conform-action action exceed-action action Example: Router(config-pmap-c)# police cir percent 20 conform-action transmit exceed-action set-prec-transmit 1	Configures traffic policing on the basis of a percentage of bandwidth available on an interface, where: •cir—Specifies the committed information rate. Indicates that the CIR will be used for policing traffic. •percent—Specifies that a percentage of bandwidth will be used for calculating the CIR. •%—Specifies the CIR bandwidth percentage. Valid values are 1 to 100. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir bps-value pir bps-value conform-action action exceed-action action violate-action action Example: Router(config-pmap-c)# police cir 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop	Configures traffic policing using two rates, the CIR and the PIR, where: •cir—Specifies the committed information rate. Indicates that the CIR will be used for policing traffic. •pir—Specifies the peak information rate. Indicates that the PIR will be used for policing traffic. •bps-value—Specifies the average rate in bits per second. Valid values are 8000 to 200000000. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Or
	police cir percent % pir percent % conform-action action exceed-action action violate-action action Example: Router(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit exceed-action set-prec-transmit 1 violate-action drop	Configures traffic policing using two rates, the CIR and the PIR, where: •cir—Specifies the committed information rate. Indicates that the CIR will be used for policing traffic. •percent—Specifies that a percentage of bandwidth will be used for calculating the CIR. •%—Specifies the CIR or PIR bandwidth percentage. Valid values are 1 to 100. •pir—Specifies the peak information rate. Indicates that the PIR will be used for policing traffic. •action—Specifies the he actions that are taken on a packet when it conforms or exceeds. The possible actions are shown in Table 7-2.
Step 6	priority Example: Router(config-pmap-c)# priority	Gives strict priority to a class of traffic belonging to the policy map.
	Or
	priority level Example: Router(config-pmap-c)# priority level 1	Gives priority level to a class of traffic belonging to the policy map.

Examples

The following example configures an output LLQ policy on a switchport interface that matches on a CoS value queuing defined in the classes.

Router# enable

Router# configure terminal

Router(config)# policy map switchport-llq-policy

Router(config-pmap)# class cos0

Router(config-pmap-c)# police 500000000 

Router(config-pmap-c)# priority

Now the policy is applied to the interface.

Router# enable

Router# configure terminal

Router(config)# interface TenGigabitEthernet9/1

Router(config-if)# switchport

Router(config-if)# switchport access vlan 2000

Router(config-if)# switchport mode access

Router(config-if)# service-policy output switchport-llq-policy

The following example configures a simple LLQ QoS policy on a class c1 with strict priority setting.

Router# enable

Router# configure terminal

Router(config)# Policy Map qos_llq

Router(config-pmap)# Class c1

Router(config-pmap-c)# police 500000000 

Router(config-pmap-c)# priority

The following example configures an LLQ policy with multiple priority classes with a smallest percent value and default burst value for testing:

Router# enable

Router# configure terminal

Router(config-pmap)# Class-map Voice

Router(config-pmap-c)# police cir percent 10

Router(config-pmap-c)# Priority

Router(config-pmap)# Class-map Video

Router(config-pmap-c)# Police cir percent 20

Router(config-pmap-c)# Priority

Router(config-pmap)# Class-default

Configuring DBUS CoS Queing

This feature allows you to configure which DBUS CoS values are mapped to the high-priority queue. The hw-module slot slot queue priority switch-fpga output cos values|none command is used on the Routing Processor (RP) to configure the priority values. You can change the priority by changing the CoS values. The system allows you to configure eight class-of-service values . The default CoS values are 5,6, and 7.

Configuring Bandwidth Remaining Ratio (BRR)

Bandwidth Remaining Ratio (BRR) specifies the ratio that bandwidth is split between users when the link is congested (oversubscribed). This feature allows the link rate to be prorated out to logical interfaces such as EVCs and L3 subinterfaces. This feature is needed by the user since it provides the ability to oversubscribe the shape rate so logical interfaces can utilize unused bandwidth of other logical interfaces.

BRR is implemented on logical interfaces using hierarchical policy-maps.

Restrictions and Usage Guidelines

When configuring BRR on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•You can configure Bandwidth Remaining Ratio as an action in the policy-map of a parent or a child class. BRR can be configured to a minimum ratio of 1 and maximum of 1000 on a logical interface.

•Because there is no support for an implicit BRR of 1, you must explicitly configure a BRR of 1 on policies. This does not mean that a BRR of 1 is required in an LLQ class (LLQ and CBWFQ configurations in the same class will be rejected by the CLI). A child level BRR will automatically exclude LLQ classes from participating in bandwidth sharing because LLQ classes have bandwidth guarantees.

•Use the bandwidth remaining ratio number command to configure BRR. The larger the number, the more bandwidth the logical interface that the QoS policy-map is applied to will receive when the link is congested.

•BRR at the parent level of an HQoS policymap will functions if and only if the port is congested with traffic. If the total traffic on the port is lower than the link bandwidth, then all the traffic that comes in has sufficient bandwidth to go out and there is no necessity for BRR.

•For BRR on the ES+ line cards, the bandwidth sharing calculation is dynamic. BRR calculations are updated reguarly so that as the traffic profile changes, the bandwidth sharing changes.

•BRR between flat and H-QoS policy-maps is not supported.

•BRR configurations for a child policymap and a parent policymap are similar. However, at the child level the congestion level that initiates BRR calculations are shifted from the physical port level to the parent shaper level.

•At parent level, you must configure the shaper along with BRR for BRR to work.

•BRR is supported on port channel service instances and port-channel member links ( Layer 3). The ratios are maintained between all service instances load balanced on a member link. For example, if service instances 1, 2, and 3 were load balanced to link Gi1/1 and service instances 4 and 5 to link Gi1/2, then BRR ratios would be maintained between service instances 1, 2, and 3 on Gi1/1 and between 4 and 5 on link Gi1/2.

•The ES+ line card supports service propagation. When a port is congested in egress, service propagation splits the bandwidth remaining on the link between users in the configured ratio after all LLQ traffic has been serviced.

–Service propagation is always on.

–Service propagation is turned on automatically when there is no bandwidth guarantee in the parent.

•In order to avoid running out of buffer space on an ES+ line card, it is strongly recommended that the queue-limit num of pkts command is configured for each child class queue, where num of pkts is a number reasonable for the queue. Failure to configure the queue-limit command can result in distorted BRR ratios on sending traffic.

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-name

4. class {class-name | class-default}

5. shape average cir [bc] [be]

6. bandwidth remaining ratio ratio

7. service-policy policy-map

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	policy-map policy-name Example: Router(config)# policy-map silver	Specifies the name of the policy map to configure.
Step 4	class {class-name | class-default} Example: Router(config-pmap)# class classcos0	Specifies the name of a predefined class included in the service policy.
Step 5	shape average cir [bc] [be] Example: Router(config-pmap-c)# shape average 10000000	Specifies average or peak rate traffic shaping.
Step 6	bandwidth remaining ratio ratio Example: Router(config-pmap-c)# bandwidth remaining ratio 2	Specifies a bandwidth-remaining ratio for class-level or subinterface-level queues to be used during congestion to determine the amount of excess bandwidth (unused by priority traffic) to allocate to nonpriority queues. Note The value of ratio is between 1 to 1000.
Step 7	service-policy policy-map Example: Router(config-pmap-c)# service-policy cust2-classes	Attaches a policy map to a class.

Examples

In the following configuration, three policy-maps are applied in egress on three service instances. If gold, silver, and bronze service instances send their full quota of 300, 300, and 100 Mbps of priority traffic, then because PRP/service propagtion is ON, the remaining (1 Gbps - 700 Mbps) 300 Mbps of link bandwidth is shared between users in the ratio 1 : 2 : 3 where:

User A gets : 1 / (1+2+3) * 300 Mbps = 50 Mbps of non-LLQ traffic

User B gets : 2 / (1+2+3) * 300 Mbps = 100 Mbps of non-LLQ traffic

User C gets : 3 / (1+2+3) * 300 Mbps = 150 Mbps of non-LLQ traffic

Router# enable

Router# configure terminal

Router(config)# policy-map data_gold_child_out

Router(config-pmap)# class video

Router(config-pmap-c)# priority

Router(config-pmap-c)# police 300000000

Router(config-pmap-c)# set cos 4 

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 300000000 

Router(config-pmap-c)# set cos 3

Router(config)# policy-map data_gold_parent_out

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 500000000

Router(config-pmap-c)# bandwidth remaining ratio 3

Router(config-pmap-c)# service-policy data_gold_child_out

Router(config)# policy-map data_silver_child_out

Router(config-pmap)# class video

Router(config-pmap-c)# priority

Router(config-pmap-c)# police 300000000 

Router(config-pmap-c)# set cos 4

Router(config-pmap)# class gaming

Router(config-pmap-c)# bandwidth remaining ratio 2 

Router(config-pmap-c)# set cos 2

Router(config-pmap)# class class-default

Router(config-pmap-c)# bandwidth remaining ratio 1

Router(config-pmap-c)# set cos 1

Router(config)# policy-map data_silver_parent_out

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 500000000

Router(config-pmap-c)# bandwidth remaining ratio 2

Router(config-pmap-c)# service-policy data_silver_child_out

Router(config)# policy-map data_bronze_child_out

Router(config-pmap)# class video

Router(config-pmap-c)# priority

Router(config-pmap-c)# police 100000000 

Router(config-pmap-c)# set cos 4

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 300000000

Router(config-pmap-c)# set cos 1

Router(config)# policy-map data_bronze_parent_out

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 500000000

Router(config-pmap-c)# bandwidth remaining ratio 1

Router(config-pmap-c)# service-policy data_bronze_child_out

Configuring PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card

The Cisco 7600 Series ES+ line card supports most of the same QoS features as those supported by the Policy Feature Card (PFC) on the Cisco 7600 series routers.

This section describes those QoS features that have Cisco 7600 Series ES+ line card-specific configuration guidelines. After you review the Cisco 7600 Series ES+ line card-specific guidelines described in this document, then refer to the Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SR located at the following URL:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html

PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card Configuration Guidelines

The Cisco 7600 Series ES+ line card supports Policy Feature Card (PFC) QoS for SVI interfaces only in the case of ingress cos-to-exp marking.

Configuring Hierarchical QoS

The Cisco 7600 Series ES+ line cards support hierarchical QoS (H-QoS) that you configure using Cisco Modular QoS CLI (MQC). The following H-QoS capabilities are supported:

•Four-level H-QoS (A policy map with two levels has three levels of hierarchy when attached on the main interface, and four levels of hierarchy when attached on a subinterface.)

•Granular QoS—Policing and shaping, down to 64 Kbps data rate

•Color blind policing— 2-rate, 3-color policers and 1-rate, 2-color policers

---

Note Color aware policing not supported

---

•Ingress and egress classification

•Subinterface/Switch port QoS for Ethernet

•Egress Class-based Weighted Fair Queuing (CBWFQ)

•Low Latency Queuing (LLQ) (Ingress and Egress)

•Egress H-QoS on IP/MPLS and Layer 2 CoS classification

•AToM QoS features

•Hierarchical policing

•Input shaping

•Scaling for ES+ line cards

–128,000 queues

–16,000 traffic shapers

–48,000 policers per Trident

–8,000 H-QoS policy maps per Trident in egress. (On the 20xGE and 40xGE port line cards, the first five ports on the Trident support a maximum of 4,000 H-QoS policy map applications. Similarly, the next 5 ports on the Trident also support a maximum of 4000 H-QoS policy map applications, giving a total of 4000 + 4000 = 8000 H-QoS policy maps per Trident in egress). In ingress, a maximum of 3904 HQoS policymaps can be applied across the 10 ports of the Trident. Note that unlike egress, there is no limit in ingress on a per-5-port basis.

•Scaling for ES+T line cards

–16 Child Queues (leaf) for ingress and egress direction each.

–If child service policy is not applied with queueing feature, the parent class queue is considered for per port queue limit.

–If child service policy is applied with queueing feature, the child classes with queueing feature is counted for the per port queue limit. The parent class queue is not counted against the per port limit in this case.

–Child Queues can be applied with all QoS queueing (BRR, bandwidth, LLQ, Shaper, CBWFQ, WRED) features.

–48000 Policers per ES+T card.

–8,000 H-QoS policy maps per Trident in egress. (On the 20xGE and 40xGE port line cards, the first five ports on the Trident support a maximum of 4,000 H-QoS policy map applications. Similarly, the next 5 ports on the Trident also support a maximum of 4000 H-QoS policy map applications, giving a total of 4000 + 4000 = 8000 H-QoS policy maps per Trident in egress). In ingress, a maximum of 3904 HQoS policymaps can be applied across the 10 ports of the Trident. Note that unlike egress, there is no limit in ingress on a per-5-port basis.

In IOS hierarchical levels are represented as follows and current support is up to five levels:

•Physical or main interface

•Subinterface or logical layer

•Grandparent class

•Parent class

•Child class

A policy map with two levels has three levels of hierarchy when attached on the main interface, and four levels of hierarchy when attached on a subinterface.

A policy map with three levels has four levels of hierarchy when attached on the main interface, and five levels of hierarchy when attached on a subinterface.

On the ingress, three level H-QOS is supported (port, parent, child).

Table 7-5 provides information about supported H-QoS features.

Table 7-5 Hierarchical QoS Feature Support 

Interface Type	Marking	Policing	Shaping	Bandwidth	Priority and Priority Percent	Priority and Policing	WRED
Main Layer 3 interface	CoS, prec/dscp, EXP	Yes	Yes	Yes	No	Yes	Yes
Layer 3 subinterface	CoS, prec/dscp, EXP	Yes	Yes	Yes	No	Yes	Yes
Service instances	outer CoS, prec/dscp, inner CoS	Yes	Yes	Yes	No	Yes	Yes
SVI interface	EARL marking	EARL policing	No	No	No	No	No
Switchport interfaces	Outer CoS	Yes	Yes	Yes	No	Yes	Yes
Port-channel service instances	outer CoS, inner CoS	Yes	Yes	Yes	No	Yes	Yes
Port-channel Layer 3 member link	CoS, prec/dscp, EXP	Yes	Yes	Yes	No	Yes	Yes

Examples

This example configures the child policy to allocate different percentages of bandwidth by class:

!

Router# enable

Router# configure terminal

Router(config)# policy-map child

Router(config-pmap)# class User-A

Router(config-pmap-c)# bandwidth percent 40

Router(config-pmap-c)# exit

Router(config-pmap)# class User-B

Router(config-pmap-c)# bandwidth percent 60

Router(config-pmap-c)# exit

Router(config-pmap)# exit

!

This example applies the parent service policy to an output subinterface:

!

Router# enable

Router# configure terminal

Router(config)# interface TenGigabitEthernet 2/1.1

Router(config-if-srv)# encapsulation dot1q 11

Router(config-if)# service-policy output parent

This example shows how to configure a 2 level H-QoS policy on a main interface:

Router(config)# policy-map child_1

Router(config-pmap)# class prec1

Router(config-pmap-c)# priority level 1 

Router(config-pmap)# class prec2

Router(config-pmap-c)# priority level 1 2 

Router(config-pmap)# class class-default

Router(config-pmap-c)# Police 100kbps

!

Router(config)# policy-map HQoS_parent

Router(config-pmap)# class class-default

outer(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# service-policy child_1

This example shows how to configure a 2 level H-QoS policy on an EVC interface:

Router(config)# policy-map child_1

Router(config-pmap)# class cos1

Router(config-pmap-c)# priority level 1 

Router(config-pmap)# class cos 2

Router(config-pmap-c)# priority 2 

Router(config-pmap)# class class-default

Router(config-pmap-c)# Police 100kbps

!

Router(config)# policy-map HQoS_parent

Router(config-pmap)# class class-default

outer(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# service-policy child_1

This example configures an ingress 3-level H-QOS policy on a main-interface:

Router(config)# policy-map child_1

Router(config-pmap)# class prec123

Router(config-pmap-c)# random-detect precedence based

Router(config-pmap)# class prec456

Router(config-pmap-c)# shape average 10M

Router(config-pmap)# class class-default

!

Router(config)# policy-map HQoS_parent

Router(config-pmap)# class ACL_c1

Router(config-pmap-c)# Police 100kbps

Router(config-pmap-c)# priority 1 

Router(config-pmap-c)# service policy child_1

Router(config-pmap)# class ACL_c2

Router(config-pmap-c)# Police 100kbps

Router(config-pmap-c)# priority level 2

Router(config-pmap-c)# service policy child_2

Router(config-pmap)# class class-default

Router(config-pmap-c)# Police 100kbps

Router(config-pmap-c)# service policy child_3

!

Router(config)# policy-map HQos_grandparent

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape 100000000

Router(config-pmap-c)# service-policy HQoS_parent

This example configures an egress 3 level H-QOS policy on a main-interface:

Router(config)# policy-map child_1

Router(config-pmap)# class prec123

Router(config-pmap-c)# random-detect precedence based

Router(config-pmap)# class prec456

Router(config-pmap-c)# shape average 10M

Router(config-pmap)# class class-default

!

Router(config)# policy-map HQoS_parent

Router(config-pmap)# class ACL_c1

Router(config-pmap-c)# Police 100kbps

Router(config-pmap-c)# priority level 1 

Router(config-pmap-c)# service policy child_1

Router(config-pmap)# class ACL_c2

Router(config-pmap-c)# Police 100kbps

Router(config-pmap-c)# priority level 2

Router(config-pmap-c)# service policy child_2

Router(config-pmap)# class class-default

Router(config-pmap-c)# service policy child_3

!

Router(config)# policy-map HQos_grandparent

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape 100000000

Router(config-pmap-c)# service-policy HQoS_parent

!

EVCS QoS Support

Ethernet Virtual Connection Services (EVCS) uses the concepts of service instances and EVCs (Ethernet virtual circuits). A service instance is the instantiation of an EVC on a given port on a given router. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered.

EVC QoS works with the following EVC combinations:

•One TAG case

•Two TAG case

•One TAG to one TAG

•One TAG to two TAG

•Two TAG to one TAG

•Two TAG to two TAG

•One TAG termination

•Two TAG termination

•Tag to Tag Translation

For information on how to configure EVC QoS, refer to the following sections to see how service instances and port channel service instances are handled:

•Configuring Classification

•Configuring Policing

•Configuring Marking

•Configuring Shaping

•Configuring QoS Queue Scheduling

•Configuring Hierarchical QoS

Restrictions and Usage Guidelines

When configuring QoS with EVCS on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•Service instances use MQC.

•QoS supports 16,000 service instances.

•H-QoS supports up to 2000 policies.

•Ingress QoS supports H-QoS and flat policy maps.

•Ingress shaping is supported.

•For egress QoS, both hierarchical and flat policy maps are supported.

•Before creating a service instance, remove any policy maps on the main interface.

•Any policy map can exist in a parent policy.

•When QoS is applied on a port channel service instances with member links, the router verifies QoS compatibility with the ES+ line card. However, if the QoS policy-map is applied when the port channel service instances does not have member links, the router assumes ES+ line card capability and allows the policy-map to be attached.

•For service instances configured on port channels:

–Member links of the port channel can span multiple line cards, but the line cards must be of the same type. For example, you cannot have an ESM20 and an ES+ member link in the same port channel.

–Ingress QoS is limited to marking and policing.

–Ingress queuing is not supported.

–The bandwidth percent and police percent commands are not supported in flat policy-maps or parents of H-QoS policy-maps. Both commands are supported in child policy-maps.

–Five-minute load intervals are recommended (30 second load intervals cause higher fluctuations in rates).

•BRR is supported on port-channel service instances.

EVC Configuration Examples

This example shows ingress QOS on scalable EoMPLS.

Router# enable

Router# configure terminal

Router(config)# interface GE 1/2

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100

Router(config-if-srv)# rewrite ingress tag pop 1 symmetric

Router(config-if)# xconnect 2.2.2.2 100 pw-class vlan-xconnect

Router(config-pmap-c)# service-policy input mark-it-in

Router(config)# policy-map mark-it-in

Router(config-pmap)# class cos0

Router(config-pmap-c)# police 

Router(config-pmap-c)# set mpls exp imposition 5

In this example of a single tag VLAN configuration, because the encapsulation dot1q 10 is already classified, only the inner VLAN and CoS values are configured.

Router# enable

Router# configure terminal

Router(config)# interface GE 1/2

Router(config-if)# service instance 1

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any

Router(config-if-srv)# rewrite ingress tag pop 1 symmetric

Router(config-if-srv)# bridge domain 200

Router(config-pmap-c)# service-policy input mark-it-in

Router(config)# policy-map mark-it-in

Router(config-pmap)# class innervlan20

Router(config-pmap-c)# police 100000000

Router(config-pmap-c)# set cos 0

Router(config-pmap-c)# set cos-inner 0

This is an example of a single tag VLAN connect ingress policy.

Router# enable

Router# configure terminal

Router(config)# interface GigabitEthernet1/1 

Router(config-if)# service instance 100 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any

Router(config-if-srv)# rewrite ingress tag pop 1 symmetric

Router(config-pmap-c)# service-policy in mark-it-in

Router(config)# interface GigabitEthernet 1/2 

Router(config-if)# service instance 101 ethernet

Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any

Router(config-if-srv)# rewrite ingress tag pop 1 symmetric

Router(config-pmap-c)# service-policy in mark-it-in

Router(config-if-srv)# connect EVC1 GigabitEthernet 1/1 100 GigabitEthernet 1/2 101

Router(config)# policy-map mark-it-in

Router(config-pmap)# class vlaninner20cosinner5

Router(config-pmap-c)# set cos 0

This is an example of an egress double tag VLAN connect hierarchical configuration.

Router# enable

Router# configure terminal

Router(config)# interface GigabitEthernet 1/1   

Router(config-if)# service instance 100 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20

Router(config-if-srv)# rewrite ingress tag pop 2 symmetric

Router(config-pmap-c)# service-policy out parent-out-100

Router(config)# interface GigabitEthernet 1/2 

Router(config-if)# service instance 101 ethernet

Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21

Router(config-if-srv)# rewrite ingress tag pop 2 symmetric

Router(config-pmap-c)# service-policy out parent-out-101

Router(config-if-srv)# connect EVC1 GigabitEthernet 1/1 100 GigabitEthernet 1/2 101

Router(config)# policy-map child-out-100

Router(config-pmap)# class cos5

Router(config-pmap-c)# bandwidth percent 10

Router(config-pmap-c)# set cos 0

Router(config-pmap-c)# set cos-inner 0

Router(config)# policy-map parent-out-100

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 10000000

Router(config-pmap-c)# service-policy child-out-100

Router(config)# policy-map child-out-101

Router(config-pmap)# class cos0

Router(config-pmap-c)# bandwidth percent 10

Router(config-pmap-c)# set cos 5

Router(config-pmap-c)# set cos-inner 5

Router(config)# policy-map parent-out-101

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 10000000

Router(config-pmap-c)# service-policy child-out-101

This is an example of an egress double tag VLAN connect flat configuration.

Router# enable

Router# configure terminal

Router(config)# policy-map flat-100 

Router(config-pmap)# class cos5 

Router(config-pmap-c)# shape average 10000000 

Router(config-pmap-c)# set cos 0 

Router(config-pmap-c)# set cos-inner 0

Router(config-pmap)# class class-default  <-- required class

Router(config-pmap-c)# shape average 10000000 <-- required queuing action

Router(config-pmap-c)# set cos 6 

Router(config)# policy-map flat-101 

Router(config-pmap)# class cos0 

Router(config-pmap-c)# shape average 10000000 

Router(config-pmap-c)# set cos 5

Router(config-pmap-c)# set cos-inner 5 

Router(config-pmap)# class class-default  <-- required class

Router(config-pmap-c)# shape average 10000000 <-- required queuing action

Router(config-pmap-c)# set cos 4

QoS on Port-Channel Member-Link

The QoS on Port-Channel Member-Link feature provides support for service-policies on the following:

•Port-channel Layer 3 member links with per port queueing (output only)

When a policy map attached to a port-channel main interface, ingress or egress traffic coming from any member link should be subjected to port-channel main interface QoS. When a policy map attached to member link interface, ingress or egress traffic from that member link should be subject to either QoS attached to EVC or subinterface configured under port-channel or QoS attached to member link.

Supported Egress QoS Configurations

Table 7-6 lists the QoS configurations supported on ingress and egress.

Table 7-6 Supported QoS Configurations

QoS Configurations	Comments
Policy-map attached to port-channel subinterface (input only)	•Marking is supported on port-channel subinterface. •Policing is supported on port-channel subinterface (aggregated policing for each Trident). •Queueing is not supported on port-channel subinterface.
Policy-map attached to port-channel Layer 3 member link AND no QoS configured on port-channel subinterface (input only), or port-channel service instance.	•Layer 3 classification for Layer 3 port-channel. •All traffic flowing through port-channel Layer 3 member is subject to policy-map attached to port-channel Layer 3 member link.
Policy-map attached to port-channel Layer 3 member link AND QoS configured on port-channel subinterface (input only).	•Policy-map on port-channel subinterface will take precedence over policy-map configured on port-channel Layer 3 member link for that subinterface traffic.
Policymap attached to port-channel Layer 3 member link AND QoS configured on port-channel service instance.	•Traffic flowing through port-channel service instance is subject to policy-map attached to port-channel service instance.

Restrictions and Usage Guidelines

When configuring the QoS on Port-Channel Member-Link feature on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•Match on cos-inner is not supported.

•Any traffic that belongs to a port-channel subinterface or port-channel service instance will go through the member link policy only if there is no policy directly attached on that port-channel subinterface or port-channel service instance.

If the port-channel subinterface or port-channel service instance has its own policy, traffic is subjected to the policy applied on that port-channel subinterface or port-channel service instance.

It is not recommended to configure member link policy on the ingress if there is a micro-flow policing policy configured on the port-channel main interface or port-channel subinterface. If a member link policy and a micro-flow policing policy exist together, traffic is subjected to both policies, first by the member link policy on the Trident and then the micro-flow policing policy on the PFC.

Having Layer 3 port-channel member links with user defined classes in the parent introduces an additional queuing hierarchy. The member link policy will use half of the interface bandwidth and the remaining policies (port channel service instance policies) will get the remaining half of the interface bandwidth.

To protect and guarantee the port channel service instance bandwidth, the member link policy should have a grand-parent class-default with shape configured to restrict the maximum interface bandwidth given to non port-channel service instance traffic (if there is more than one class at the parent level in the member link policy).

QoS on Port-Channel Member-LinkConfiguration Examples

The following example illustrates one way of configuring the service-policy under a router port-channel Layer 3 member link.

Router# enable

Router# configure terminal

Router(config)# interface Port-channel 1

Router(config-if)# ip address

Router(config-if)# mpls ip

Router(config)# interface gi1/0

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

Router(config)# interface gi1/1

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

The following example includes a bandwidth remaining ratio:

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class cos0 >>>match on cos 0

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class cos1

Router(config-pmap-c)# bandwidth remaining ratio 2 

Router(config-pmap)# class class-default

Router(config-pmap-c)# bandwidth remaining ratio 1

The following are four examples of Layer 3 service policies:

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class prec1 >>>match on ip prec 1

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class prec2

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router(config-pmap-c)# random-detect aggregate

Router(config-pmap-c)# random-detect precedence values 3 minimum-thresh 40 maximum-thresh 
60 mark-prob 1

Router(config-pmap-c)# random-detect precedence values 4 minimum-thresh 70 maximum-thresh 
90 mark-prob 1

Router(config-pmap-c)# random-detect precedence values 5 minimum-thresh 100 maximum-thresh 
120 mark-prob 1

:

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class exp1 >>>match on exp 1

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class exp2

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class ip-exp1 >>>match on ip prec1, or exp 1

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class ip-exp22

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class exp1 >>>match on exp 1

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class exp2

Router(config-pmap-c)# bandwidth remaining ratio 5 

Router(config-pmap)# class class-default

Router(config-pmap-c)# bandwidth remaining ratio 2 

The folowing example shows the flat service-policies that can be configured under member-links:

Router# enable

Router# configure terminal

Router(config)# policy-map port-qos

Router(config-pmap)# class vlan11 >>>match on vlan 11

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class vlan12

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

.

The following examples shows the H-QoS policy that can be configured under member-links:

Router# enable

Router# configure terminal

Router(config)# policy-map child

Router(config-pmap)# class prec0 >>>match on prec 0

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class prec1

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router(config)# policy-map parent

Router(config-pmap)# class class-default 

Router(config-pmap-c)# shape average 300000000

Router(config-pmap-c)# shape average 300000000

Router(config-if)# service-policy child

---

Note In the above scenario there should be no other class defined at the parent level.

---

Router# enable

Router# configure terminal

Router(config)# policy-map child

Router(config-pmap)# class cos0 >>>match on cos 0

Router(config-pmap-c)# police cir 100000000

Router(config-pmap-c)# priority

Router(config-pmap)# class cos1

Router(config-pmap-c)# bandwidth 100000

Router(config-pmap)# class class-default

Router(config-pmap-c)# shape average 100000000

Router(config)# policy-map parent

Router(config-pmap)# class vlan11

Router(config-pmap-c)# shape average 300000000

Router(config-if)# service-policy child

Router(config-pmap)# class vlan12

Router(config-pmap-c)# shape average 300000000

Router(config-if)# service-policy child

Router(config-pmap)# class class-default

The following examples show service-policy combination on various interfaces.

The first example shows an egress service-policy attached to a port-channel member-link. There is no service-policy on the port-channel service instance.

Router# enable

Router# configure terminal

Router(config)# interface Port-channel 1

Router(config-if)# ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100

Router(config-if-srv)# bridge-domain 200

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 101

Router(config-if-srv)# bridge-domain 200

interface gi1/0

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

Router(config)# interface gi1/1

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

In the next example, an egress service-policy is attached toa port-channel member-link. An egress and an ingress service-policy are applied on the port-channel service instance.

Router# enable

Router# configure terminal

Router(config)# interface Port-channel 1

Router(config-if)# ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100

Router(config-if-srv)# bridge-domain 200

Router(config-if)# service-policy output evc-egress

Router(config-if)# service-policy input evc-ingress

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 101

Router(config-if-srv)# bridge-domain 200

Router(config-if)# service-policy output evc-egress

Router(config-if)# service-policy input evc-ingress

Router(config)# interface gi1/0

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

Router(config)# interface gi1/1

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

In the following example, an egress service-policy is attached to a port-channel member-link. An egress and an ingress service-policy are applied on the port-channel service instance. An ingress service-policy is applied on the port-channel subinterface.

Router# enable

Router# configure terminal

Router(config)# interface Port-channel 1

Router(config-if)# ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100

Router(config-if-srv)# bridge-domain 200

Router(config-if)# service-policy output evc-egress

Router(config-if)# service-policy input evc-ingress

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 101

Router(config-if-srv)# bridge-domain 200

Router(config-if)# service-policy output evc-egress

Router(config-if)# service-policy input evc-ingress

Router(config)# interface Port-channel 1.1

Router(config-if-srv)# encapsulation dot1q 1000

Router(config-if)# service-policy input subint-ingress

Router(config)# interface gi1/0

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

Router(config)# interface gi1/1

Router(config-if)# channel-group 1

Router(config-if)# service-policy output port-qos

IPv6 - Hop by Hop Rate Limiter

The IPv6 Hop-by-Hop (HBH) extension header is part of the original specification of the IPv6 protocol (RFC 2460). It is identified by header type 0 and when present, this extension header must always be the first extension header (EH) to follow the main header. Because a node must process any received packet that has an HBH extension header, forwarding of packets containing the HBH header can represent or be used as a security threat.

The IPv6 - Hop by Hop Rate Limiter feature provides protection from Denial of Service (DoS) attacks by allowing you to rate limit IPv6 HBH packets.

Restrictions and Usage Guidelines

When rate limiting IPv6 HBH packets on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:

•Supported with the following supervisor engines:

–Route Switching Processor 720-1GE

–Route Switching Processor 720-10GE

–Supervisor Engine 32

–Supervisor Engine 720

•Setting the police rate to 0 turns off policing.

•After setting the police rate, the setting will remain on the line card even if the line card is moved to another chassis running Cisco IOS Release 12.2(33)SRD1 or later.

•IPv6 packets with HBH and EH will bypass other QoS configured on the the Cisco 7600 Series ES+ line card.

Configuring IPv6 - Hop by Hop Rate Limiter

To connect to a specific line card for the purpose of executing the test platform police set command or the test platform police get command, use the attach command in privileged EXEC mode.

You can then set the IPv6 internal police rate by using the test platform police set command in privileged EXEC mode from the line card console:

SUMMARY STEPS

1. attach module-number

2. enable

3. test platform police set rate

4. test platform police set

DETAILED STEPS

	Command	Purpose
Step 1	attach module-number Example: Router# attach 9	Connects to the line card.
Step 1	enable Example: Router-dfc3# enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	test platform police set rate Example: Router-dfc3# test platform police ipv6 set 1234	Sets the IPv6 internal police rate.
Step 3	test platform police get Example: Router-dfc3# test platform police ipv6 get	Gets the IPv6 internal police rate.

Example

This example shows how to set the rate.

Console# attach 3

Trying Switch ...

Entering CONSOLE for Switch

Type "^C^C^C" to end this session

osr3-dfc3#

Router-dfc3# enable

Router-dfc3# test platform police ipv6 set 1234

You can then obtain IPv6 internal police rate by using the test platform police get command in privileged EXEC mode from the line card console:

Router-dfc3# test platform police ipv6 get       

IPv6 with HBH header is policed at 100000 kbps

QoS: Service Group Support on Cisco 7600

A service group is a logical entity that allows you to add the capability to group existing different interface types (service instance, sub-interface, ISG session) and apply features on this aggregate logical entity. You can use a service group to apply QoS policy on a aggregate basis for a number of services encompassed under the service group.

You can create a service group for each subscriber. An ingress policing and an egress hierarchical (H-QoS) policy can be configured at the group level. A number of service instances are added as members of the group. Consequently, the group service policies are applied to the members. The aggregate policy on this group should co-exist with the existing policies on the individual members.

The members of these service groups can be EFPs only.

In addition other restrictions imposed by other modules QoS requires that due to the current hardware design. Also the membership is rejected if there is conflict between a member level policy and the group level policy.

You can create service group only on EVCs; service groups cannot be created on sessions and sub-interfaces.

Restrictions and Usage Guidelines

When configuring EVC Group 7600 Support, follow these restrictions and guidelines:

•Service groups support the following:

–Classification

–CBWFQ

–Priority queueing

–Bandwidth remaining ratio

–Shaping

–Policing

–WRED

– 4-Level Egress QoS on members

– 3-Level Ingress QoS

•Each service instance can belong to only one service group at time and the group must exist before any member can join the group.

•All the members of a service group must reside on the same port.

•Service groups are configured globally and the members join the group by configuring the group ID under the member. Please note that there can be more than one service group per interface.

•An EVC could have hierarchical policy but the corresponding group can have only a policy with class-default. Note that non-queueing functions are allowed in user-defined classes in the group.

•A Group can have a hierarchical policy but the members of the group cannot have any QoS policies.

•The EVCs could be a part of port-channel interfaces.

• Counters for policies on both Group and members will be supported.

•Only the Shape and Bandwidth remaining ratio is configured on a Flat policy-map applied on a Service Group .

•Only the Shape and Bandwidth remaining ratio is configured on the parent policy-map. For a child policy-map, you can configure Shape, LLQ, CBWFQ, WRED, and police.

•If police command is configured in the policy-map, you cannot configure policy-map on both members and service-group.

•Only two levels of policing is supported counting both group and member policies.

•On a flat policy-map only class-default is supported on service-group.

•A flat policy-map applied on a service-group supports only shaping and bandwidth remaining ratio configurations.

•For port-channels, all the EVCs of a particular service group will automatically be load balanced to a single member link. Different service groups on a port-channel will be shared automatically on the port-channel members. You can also load balance manually using the the port-channel load-balance command.

Summary Steps

1. enable

2. configure terminal

3. service-group id number

4. service-policy [{input | output} policy-map-name]

5. interface gigabitethernet slot/port or interface tengigabitethernet slot/port or interface port-channel number

6. service instance id {Ethernet [service-name}

7. group id number

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	service-group id number Example: Router(config)# service-group 1	Assigns a service group ID number. The acceptable range is 1-32768.
Step 4	service-policy [{input | output} policy-map-name] Example: Router(config-service-group)# service-policy in qos-group-in	Creates a service policy within the service group and attaches it to the ingress or egress of a service group.
Step 5	interface gigabitethernet slot/port or interface tengigabitethernet slot/port or interface port-channel number Example: Router(config)# interface gigabitethernet 4/1	Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where: •slot/port—Specifies the location of the interface. Creates the port-channel interface.
Step 6	service instance id {Ethernet [service-name} Example: Router(config-if)# service instance 1 ethernet	Creates a service instance on the selected ethernet interface.
Step 7	group id number Example: Router(config-if-srv)# group 1000	Adds the created group to the service instance.

Examples

This example configures a service group and configures an output service policy.

Router(config)# service-group 1

Router(config-service-group)# service-policy output p<1-3>

Router(config)# service-group 2

Router(config-service-group)# service-policy output p<4-6>

This example creates an EFP member with and/or without service-policy add it to the newly created service-group and configure a 3-level service policy.

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 101 ethernet

Router(config-if-srv)# group 1

Router(config-service-group)# service-policy output p4 | p5

Verification

Use the following commands to verify operation.

Table 7-7 Commands for Displaying Traffic Storm Control Status and Configuration

Command	Purpose
Router# Show class-map	Displays class maps and their matching criteria.
Router# Show policy-map	Displays the configuration of all classes for a specified service policy map or of all classes for all existing policy maps.
Router# Show policy-map interface	Displays the statistics and the configurations of the input and output policies that are attached to an interface.
Router# Show policy-map interface service instance	Displasy the policy-map information for a given service instance under a port channel.
Need to add show service group commands below when they are completed. show service-group ? <1-32768> Service Group ID Number all All service groups interface Interface configured state Service Group Administrative State stats Service Group statistics traffic-stats Service Group Traffic Statistics	Displays service group information.

Configuring Flexible Service Mapping Based on CoS and Ethertype

The Flexible Serivce Mapping based on CoS and Etherytpe feature enhances the current capability of mapping packets to service instance by allowing you to use CoS and Ethertypes to classify traffic into different service instances, thereby consuming a lesser number of VLANs on the module.

This feature adds the following capabilities for mapping to service instances:

•For QinQ, match on a single CoS value (either inner CoS or outer CoS, but not both simultaneously)

•Match on a range or list of CoS values when a single VLAN or QinQ is specified in the match criteria

•Match support for a single CoS value for a range or list of VLANs

•Match on the following supported payload ether types

–IPv4 (etype 0x0800)

–IPv6 (etype 0x086dd)

–pppoe-all (0x8863 and 0x8864)

•In the case of QinQ, inner VLAN can have a range when the outer VLAN is a single VLAN.

•Match on range or list of CoS values when both outer and inner VLANs are single.

•Match on etype is supported both in the case of a single VLAN or in QinQ.

•The pppoe-all CLI option is supported (matches both 0x8863 and 0x8864). The pppoe-session CLI option is not supported.

Restrictions and Usage Guidelines

When configuring Flexible Service Mapping based on CoS and Ethertype, follow these restrictions and guidelines:

•This feature supports both Dot1Q and QinQ.

•Egress behavior implemented for mismatched CoS and Ethertype forwards the packet without re-write and there is no filtering on egress based on the CoS or Layer 3 Ethertype. (Even if CoS or Etherype mismatches, if egress VLAN information matches, then the frames are forwarded.)

•Neither pppoe-discovery or pppoe-session are supported individually as ethertypes. Cisco IOS release 12.2(33)SRD3 only supports pppoe-all.

•Service instances on port-channels are supported.

•Matching on both Etherype and CoS for the same service instance is not allowed.

•OuterCoS or inner CoS can be specified under the same service instance, but not at the same time.

•Specifying a range or list of outer VLANs in double tag cases is not supported.

•MAC learning occurs with bridge-domain, but does not occur with xconnect and connect.

•Egress checking of VLAN matching does not occure with xconnect and local connect.

•Rewrites are supported.

Summary Steps

1. enable

2. configure terminal

3. interface gigabitethernet slot/port or interface tengigabitethernet slot/port or interface port-channel number

4. [no] shut

5. service instance id {Ethernet [service-name}

6. encapsulation dot1q vlan-id {cos | comma| hyphen| etype} or encapsulation dot1q vlan-id second-dot1q {any | vlan-id[,vlan-id[-vlan-id]]} or encapsulation dot1q vlan-id cos [0-7] or encapsulation dot1q vlan-id etype [IPv4|IPv6|pppoe-all]

DETAILED STEPS

	Command	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	interface gigabitethernet slot/port or interface tengigabitethernet slot/port or interface port-channel number Example: Router(config)# interface gigabitethernet 4/1	Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where: •slot/port—Specifies the location of the interface. Creates the port-channel interface.
Step 4	[no] shut Example: Router(config-if)# no shut	Initiates the selected interface.
Step 5	service instance id {Ethernet [service-name} Example: Router(config-if)# service instance 1 ethernet	Creates a service instance on the selected ethernet interface.
Note The commands that follow are used for Dot1q or QinQ configurations. Read the purpose of each command to determine which to use.
Step 6	encapsulation dot1q vlan-id {cos | comma| hyphen|etype} Example: Router(config-if-srv)# encapsulation dot1q 100?	Defines the matching criteria to map dot1Q ingress frames on an interface to the appropriate service instance.VLAN ID is an integer in the range 1 to 4094. Hyphen must be entered to separate the starting and ending VLAN ID values that are used to define a range of VLAN IDs. Available options are CoS and ethertype.
or
	encapsulation dot1q vlan-id second-dot1q {any | vlan-id[,vlan-id[-vlan-id]]} Example: Router(config-if-srv)# encapsulation dot1q second-dot1q 20	Defines the matching criteria to map Q-in-Q ingress frames on an interface to the appropriate service instance.
or
	encapsulation dot1q vlan-id cos [0-7] Example: Router(config-if-srv)# encapsulation dot1q 100 cos 5-6	Specifies the CoS value in the match criteria for the ingress frames on the service instance.
or
	encapsulation dot1q vlan-id etype [IPv4|IPv6|pppoe-all] Example: Router(config-if-srv)# encapsulation dot1q 100 etype ipv4	Specifies the payload ethertype value in the match criteria for the ingress frames on the service instance.
	Example: encapsulation dot1q 100 cos 5-7 second-dot1q 500	Specifies cos value in the match criteria based on the outer tag

Supported Configurations

The following are the supported Ethertype and CoS configurations:

•Supported payload ether type configurations for a single tag:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q vlan_id etype etype string

•Supported payload Ethertype configurations for a double tag:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q vlan id second-dot1q vlan id etype etype 
string

•Supported payload Ethertype configurations for single tag with single VLAN:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 10 etype ipv4

Router(config-if-srv)# exit

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 10 etype ipv6

Router(config-if-srv)# exit

Router(config-if)# service instance 3 ethernet

Router(config-if-srv)# encapsulation dot1q 10 etype pppoe-all

•Supported payload Ethertype configurations for single tag with range of VLANs:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 11-15 etype ipv4

Router(config-if-srv)# exit

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 11-15 etype ipv6

Router(config-if-srv)# exit

Router(config-if)# service instance 3 ethernet

Router(config-if-srv)# encapsulation dot1q 11-15 etype pppoe-all

•Supported payload Ethertype configurations for double tag with no range:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype ipv4

Router(config-if-srv)# exit

Router(config-if)# service instance 2 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype ipv6

Router(config-if-srv)# exit

Router(config-if)# service instance 3 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 1001 etype pppoe-all

•Supported payload Ethertype configurations for double tag with range on inner VLANs:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype ipv4

Router(config-if-srv)# exit

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype ipv6

Router(config-if-srv)# exit

Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 11-15 etype pppoe-all

•Supported CoS configurations for a single tag:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id cos single cos value

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id cos list/range of cos values

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q list/range of vlan ids cos single cos value

• Supported CoS configurations for a double tag:

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan _id second-dot1q single vlan id 
cos single cos value

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id second-dot1q single vlan_id 
cos list/range of cos_values

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id second-dot1q list/range of 
vlan_ids cos single cos_value

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id cos single cos_value 
second-dot1q single vlan_id

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id cos list/range of cos_values 
second-dot1q single vlan id

Router(config)# interface gigabitethernet 1/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q single vlan_id cos single cos_value 
second-dot1q list/range of vlan_ids

Examples

The following example displays EVCs with encap dot1q and CoS under bridge-domain.

Router# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# interface gigabitethernet 3/1

Router(config-if)# no shut

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100 cos 5

Router(config-if-srv)# bridge-domain 202 

Router(config-if-srv)# interface gigabitethernet 3/2

Router(config-if)# no shut

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100 cos 5

Router(config-if-srv)# bridge-domain 202

Router(config-if-srv)# end

Router#

Router#

Router# show bridge-domain 202

Bridge-domain 202 (2 ports in all)

State: UP                    Mac learning: Enabled

    GigabitEthernet3/1 service instance 1

    GigabitEthernet3/2 service instance 1

The following example shows EVC with encap dot1q and ethertype ipv4 with bridge-domain.

Router(config)# interface gigabitethernet 3/1

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 100 etype ipv4

Router(config-if-srv)# bridge-domain 202

Router(config-if-srv)# interface gigabitethernet 3/2

Router(config-if)# service instance 1 ethernet 

Router(config-if-srv)# encapsulation dot1q 100 etype ipv4

Router(config-if-srv)# bridge-domain 202         

Router(config-if-srv)#

Router(config-if-srv)# end 

Router#

Router#

Router# show bridge-domain 202

Bridge-domain 202 (2 ports in all)

State: UP                    Mac learning: Enabled

    GigabitEthernet3/1 service instance 1

    GigabitEthernet3/2 service instance 1

The following is an example of local connect.

Router(config)# interface TenGigabitEthernet2/3

Router(config-if)# no ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5

Router(config)# interface TenGigabitEthernet2/4

Router(config-if)# no ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5

Router(config-if-srv)# connect local1 te2/3 1 te2/4 1

The following is an example of xconnect.

Router(config)# interface TenGigabitEthernet2/3

Router(config-if)# no ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5

Router(config-if-srv)# xconnect 75.1.1.5 10000 encapsulation mpls

 !

Router(config-if-srv)# end

The peer side router configuration is below:

Router(config)# interface GigabitEthernet3/0/14

Router(config-if)# no ip address

Router(config-if)# service instance 1 ethernet

Router(config-if-srv)# encapsulation dot1q 2 second-dot1q 2-3 cos 5

Router(config-if-srv)# xconnect 75.1.1.1 10000 encapsulation mpls

 !

Router(config-if-srv)# end

Verification

Use the following commands to verify operation.

Table 7-8 Commands for Displaying Traffic Storm Control Status and Configuration

Command	Purpose
Router# show ethernet service instance [detail | id id interface type number [detail | mac security [address | last violation | statistics] | platform | stats] | interface type number [detail | platform | stats | summary] | mac security [address | last violation | statistics] | platform | policy-map | stats | summary]	Displays information about Ethernet service instances.
Router# show bridge-domain [bridge-id [mac security [address | last violation | statistics] | split-horizon [group {group-number | all | none}]] | stats]	Displays bridge-domain information.