-
Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) Line Card Configuration Guide
-
Preface
-
Overview of the Cisco 7600 Series Ethernet Services 40G Line Card
-
Configuring the Cisco 7600 Series Ethernet Services 40G Line Card
-
Configuring High Availability Features
-
Configuring Layer 1 and Layer 2 Features
-
Configuring Multicast Features
-
Configuring MPLS Features
-
Configuring QoS Features
-
Troubleshooting the Cisco 7600 Series Ethernet Service + Line Card
-
Upgrading Field-Programmable Devices
-
Configuring IPoDWDM
-
Configuring Automatic Laser Shutdown
-
Network Clocking on Cisco 7600 Series Ethernet Services Plus Line Cards
-
Configuring Layer 3 and Layer 4 Features
-
IPv6 First-Hop Security Features
-
Feedback
Table Of Contents
Ingress Bandwidth and Ingress Queueing
Restrictions and Usage Guidelines
Configuring QoS Features Using MQC
Restrictions and Usage Guidelines
Restrictions and Usage Guidelines
Attaching a QoS Traffic Policy to an Interface
Attaching a QoS Traffic Policy for an Input Interface
Attaching a QoS Traffic Policy to an Output Interface
Restrictions and Usage Guidelines
Restrictions and Usage Guidelines
Configuring QoS Overhead Accounting for Shaping Parameters
Configuring QoS Queue Scheduling
Restrictions and Usage Guidelines
WRED Aggregate and Non-Aggregate Mode
Restrictions and Usage Guidelines
Examples for WRED Configurations
Example for WRED Scale Factor Usage
Example for Default WRED Configuration
Example for Changed Threshold Configuration
Example for Using Queue-limit in the Parent Policy to Reduce WRED Profile Utilization
Configuring Bandwidth and CBWFQ
Restrictions and Usage Guidelines
Restrictions and Usage Guidelines
Configuring Bandwidth Remaining Ratio (BRR)
Restrictions and Usage Guidelines
Configuring PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card
PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card Configuration Guidelines
Restrictions and Usage Guidelines
QoS on Port-Channel Member-Link
Supported Egress QoS Configurations
Restrictions and Usage Guidelines
QoS on Port-Channel Member-Link Configuration Examples
Troubleshooting QoS on Port-Channel Member-Link
IPv6 - Hop by Hop Rate Limiter
Restrictions and Usage Guidelines
Configuring IPv6 - Hop by Hop Rate Limiter
Port Level Shaping Concurrent with 4HQoS on ES+
Restrictions and Usage Guidelines
Configuring Port Level Shaping Concurrent with 4HQoS on ES+
Troubleshooting the Port Level Shaping Configuration
Minimum Bandwidth Guarantee Plus Multiple Policy
Port Channel QoS Considerations
Restrictions and Usage Guidelines
Configuring Bandwidth Guarantee on a Service Group
Troubleshooting the Minimum Bandwidth Guarantee Configuration
Service Group QoS Support on the Cisco 7600 Series Router
Restrictions and Usage Guidelines
Configuring Flexible Service Mapping Based on CoS and Ethertype
Restrictions and Usage Guidelines
Egress QoS Scheduling on Port Channel Interfaces
Restrictions and Usage Guidelines
Configuring Egress QoS Scheduling on Port Channel Interfaces
Troubleshooting Egress QoS Scheduling on a Port Channel Interface
Layer 2 and Layer 3 QoS ACL Classification for EVC
Restrictions and Usage Guidelines
Configuring Layer 2 and Layer 3 QoS ACL Classification
Troubleshooting Layer 2 and Layer 3 QoS ACL Classification
Restrictions and Usage Guidelines
Configuring Deny ACL QoS Classification
Troubleshooting Deny ACL QoS Classification
Ingress HQoS for Port Channel Interfaces
Configuring Ingress HQoS on Port Channel Interfaces
Troubleshooting QoS on a ES+ Line Card
Configuring QoS
This chapter provides information about configuring Quality of Service (QoS) on the Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) line card on the Cisco 7600 series router.
Note
QoS on the Cisco 7600 Series Ethernet Services Plus line cards uses Layer 2 frame size.
Note
When mls qos channel-consistency command is disabled, you can configure ports from cards belonging different family, as member-links of the same port-channel if QoS is not applied on service instances, sub-interfaces, service-groups, sessions, and main-interfaces of the port-channel or the member-links of the port-channel.
For more information about the commands in this chapter, see the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/en/US/products/ps6922/prod_command_reference_list.html.
Before referring to any other QoS documentation for the platform or in the Cisco IOS software, use this chapter to determine Cisco 7600 Series ES+ line card specific QoS feature support and configuration guidelines.
Note
For additional details about QoS concepts and features in Cisco IOS Release 12.2, you can refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at https://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html.
This chapter includes the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
Supported Interfaces
The Cisco 7600 Series ES+ line cards support QoS on the following interfaces:
•
•
•
•
•
•
Note
•
•
Note
•
•
•
Mapping Between Bay and Ports
The following table maps the bay and port information in a ES+ line card:
Table 7-1 Mapping between Bay and Ports
There are other flavours with 20 Ports as well. In all these cases, least number of NP is mapped to the least number ports. For example, 1gig or 10 gig with each NP is mapped to 10 - 1 GIG or 1 - 10 GIG ports.
Table 7-2 Mapping between Bay and Ports
in Combo Cards
The following table maps the bay and port information in an ES+ HD (both variants) line card:
Table 7-3 Mapping between Bay and Ports in ES+HD line card
ES+ HD (Lowq and Highq)
1 and 5 NP 0
2 and 6 NP 1
3 and 7 NP 2
4 and 8 NP 3
QoS Functions
The following sections describe ingress and egress QoS functions.
Ingress QoS Functions
The following paragraphs describe ingress QoS support on the Cisco 7600 Series ES+ line card.
Ingress Trust
Trust is a port assignment instructing the port to trust (leave) existing priorities as they are on incoming frames or to rewrite the priorities back to zero.
A packet can arrive at an interface with a priority value already present in the packets header. The router needs to determine if the priority setting was set by a valid application or network device according to pre defined rules or if it was set by a user hoping to get better service.
The router has to decide whether to honor the priority value or change it to another value. How the router makes this determination is by using the port "trust" setting.
Note
The main Layer 3 interface and the Layer 3 subinterface always trust Differentiated Services Code Point (DSCP) by default.
To change the ingress type of service (ToS), use marking. For information on marking, see the "Configuring Marking" section.
Note
Ingress Queue Scheduling
The Cisco 7600 Series ES+ line card supports ingress queue scheduling. For information on configuring ingress scheduling, see the "Configuring QoS Queue Scheduling" section.
Ingress Classification
Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.
Traffic is classified to determine whether it should be:
•
•
The Cisco 7600 Series ES+ line card supports ingress classification. For information on configuring classification, see the "Configuring Classification" section.
Ingress Policing
Policing provides a means to limit the amount of bandwidth that traffic traveling through a given port, or a collection of ports in a VLAN, can use. Policing works by defining an amount of data that the router is willing to send or receive in kilobytes per second.
When policing is configured, it limits the flow of data through the router by dropping or marking down the QoS value. Policing allows the router to limit the rate of specific types to a level lower than what they might get otherwise based only the interface bandwidth.
The Cisco 7600 Series ES+ line card supports ingress policing. For information on configuring policing, see the "Configuring Policing" section.
Ingress Marking
After it has been classified, traffic can be marked. Marking is a way to selectively modify the classification bits in a packet to identify traffic within the network. Other interfaces can then match traffic based on the markings.
The Cisco 7600 Series ES+ line card supports ingress marking. For information on configuring marking, see the "Configuring Marking" section.
Ingress Bandwidth and Ingress Queueing
Ingress bandwidth allows you to specify or modify the bandwidth allocated for a class belonging to a policy-map. Class-based weighted fair queueing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. Ingress bandwidth and CBWFQ are supported on on main Layer 3 interface, Layer 3 subinterface, and service instances.
The Cisco 7600 Series ES+ line card supports ingress bandwidth, for more information, see the "Configuring QoS Queue Scheduling" section.
LLQ (Ingress Priority)
Low-Latency Queuing (LLQ) allows you to allocate bandwidth to the class maps in the policy-map.
The Cisco 7600 Series ES+ line card supports LLQ. For information, see the "Configuring LLQ" section.
Ingress Shaping
The Cisco 7600 Series ES+ line card supports ingress shaping. The shape average command is supported in flat/H-QoS policy-maps in ingress on main Layer 3 interface, Layer 3 subinterface, and service instances. For more information, see the "Configuring Shaping" section
Note
Egress QoS Functions
The following sections describe QoS functions on the Cisco 7600 Series ES+ line card egress ports.
Restrictions and Usage Guidelines
Follow these restrictions and usage guidelines when configuring the Egress QoS functions:
•
Egress Classification
Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.
Traffic is classified to determine whether it should be:
•
•
The Cisco 7600 Series ES+ line card supports egress classification. For information on configuring classification, see the "Configuring Classification" section.
Egress Policing
The Cisco 7600 Series ES+ line card supports egress port policing.
Egress Marking
After traffic has been classified, the router can mark it. You use marking to selectively modify the classification bits in the packet to differentiate packets based on the designated markings.
The Cisco 7600 Series ES+ line card supports egress port marking. For information on configuring marking, see the "Configuring Marking" section.
Egress Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface and to ensure that the traffic conforms to policies contracted for it. You can use shaping to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.
The Cisco 7600 Series ES+ line card supports shaping on egress port, subinterfaces, and service instances. For information on configuring shaping, see the "Configuring Shaping" section.
Egress Queue Scheduling
The egress line card uses congestion avoidance to help prevent congestion and keep its buffers from overflowing.
The Cisco 7600 Series ES+ line card supports Class-based Weighted Fair Queuing (CBWFQ), Low Latency Queueing (LLQ), and Weighted Random Early Detection (WRED). For information on configuring egress scheduling, see the Configuring QoS Queue Scheduling section.
Configuring QoS Features Using MQC
The Modular QoS CLI (MQC) is a CLI structure that allows users to create traffic policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to select traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.
To configure QoS features using the Modular QoS CLI on the Cisco 7600 Series ES+ line card, complete the following basic steps:
Step 1
Step 2
Step 3
For a complete discussion about MQC, refer to the "Modular Quality of Service Command-Line Interface Overview" section of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.3 publication at:
http://www.cisco.com/en/US/docs/ios/12_3/featlist/qos_vcg.html
Configuring Classification
Use the QoS classification features to select your network traffic and categorize it into classes for further QoS processing based on matching certain criteria. The default class, named "class-default," is the class to which any traffic that does not match any of the selection criteria in the configured class maps is directed.
Restrictions and Usage Guidelines
Follow these restrictions and usage guidelines when configuring the QoS classification an ES40 line card:
•
•
•
•
Table 7-4 provides information about which QoS classification features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router. For more information about most of the commands documented in this table, refer to the Cisco IOS Quality of Service Solutions Command Reference.
Table 7-4 QoS Classification Feature Support
Match on access list (ACL) number (match access-group command)
Input and output for the following interfaces:
•
•
•
•
•
•
Note
Match on Class of Service (CoS) (match cos command)
Input and output for the following interfaces:
•
•
•
•
•
•
•
•
•
Match on inner CoS (match cos inner command)
Input and output for the following interfaces:
•
•
Match on input VLAN (match input vlan command)
Output for the following interfaces:
•
Note
Match on IP DSCP (match ip dscp command)
Input and output for the following interfaces:
•
•
•
•
•
•
•
Match on IP precedence (match ip precedence command)
Input and output for the following interfaces:
•
•
•
•
•
•
•
Match on MPLS experimental (EXP) bit (match mpls experimental command)
Input and output for the following interfaces:
•
•
•
•
•
•
Match on VLAN
(match vlan command—Matches the outer VLAN of a Layer 2 IEEE 802.1Q frame)
Input and output for the following interfaces:
•
•
•
•
•
•
•
Match on VLAN Inner
(match vlan inner command—Matches the innermost VLAN of the 802.1Q tag in the Layer 2 frame)
Input and output for the following interfaces:
•
•
•
•
Match on source-address MAC
match source-address mac command—Matches the source MAC address.
Input and output for the following interfaces:
•
•
•
•
1 Only classified based on source MAC address using Layer 2 ACL.
2 For more information on ACL Classification on service instances, see Layer 2 and Layer 3 QoS ACL Classification for EVC
3 To match subinterface/EVC traffic and policy-map applied on the main interface.
4 Cisco 7600 Series ES+ line cards support classification on SVI only for EoMPLS and VPLS.
5 The match not command is not supported.
Note
•
•
Note
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
DETAILED STEPS
Step 1
enable
Example:Router# enableEnables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
class-map [match-all | match-any] class-map-name
Example:Router(config)# class-map match-all acl9 (id 1049)
Creates a traffic class, where:
•
•
•
Note
Step 4
match type
Example:Router(config-cmap)# match ip precedence 5
Specifies the matching criterion to be applied to the traffic, where type represents one of the forms of the match command supported by the Cisco 7600 Series ES+ line card as shown in Table 7-4.
Note
Examples
This example shows how to configure a class map named ipp5, and enter a match statement for IP precedence 5:
Router# enableRouter# configure terminalRouter(config)# class-map ipp5Router(config-cmap)# match ip precedence 5Router(config-cmap)#This is an example of configuring class matching on multiple match statements.
Router# enableRouter# configure terminalRouter(config)# class-map match-any many (id 1047)Router(config-cmap)# match ip precedence 3Router(config-cmap)# match access-group 100Router(config-cmap)# match mpls experimental 5This is an example of configuring class matching on named ACLS.
Router# enableRouter# configure terminalRouter(config)# class-map match-all acl9 (id 1049)Router(config-cmap)# match access-group name rockThis example shows a logical AND operation in a child policy with match vlan and class-default in a parent.
Router# enableRouter# configure terminalRouter(config)# class-map match-all childANDRouter(config-cmap)# match vlan inner 2-3Router(config-cmap)# match cos inner 5 6Router(config)# policy-map testchildANDRouter(config-pmap)# class childANDRouter(config-pmap-c)# shape average 100000000Router(config)# policy-map parentANDRouter(config-pmap)# class vlan12Router(config-pmap-c)# shape average 500000000Router(config-pmap-c)# service-policy testchildANDThis example shows how to display class-map information for a specific class map using the show class-map command:
Router# show class-map ipp5Class Map match-all ipp5 (id 1)Match ip precedence 5This example shows how to display class map information matching on extended ACLs using the show class-map command.
Router# show class-map acl5Class Map match-all acl5 (id 1042)Match access-group 102This example shows how to verify classification on a VLAN in the parent class of a H-QoS policy.
head# show policy-map matchPolicy Map matchClass vlan11shape average 2000000 8000 8000service-policy match4Class vlan12shape average 2000000 8000 8000service-policy match4Class vlansshape average 500000000 2000000 2000000service-policy match2Configuring Policing
The Cisco 7600 Series ES+ line cards support the following features:
•
•
•
–
–
–
–
•
–
•
•
•
•
•
•
Policing is supported at the input and output for the following interfaces:
•
•
•
•
•
•
•
Micro-flow policing is supported at the input for the following interfaces:
•
•
•
Restrictions and Usage Guidelines
When configuring policing, follow these restrictions and usage guidelines:
•
•
•
•
•
•
–
–
•
•
•
–
–
•
Any modification to the micro-flow policing policy that shifts the policy implementation from NPE to the PFC or from the PFC to the NPE is not supported. All such modifications would require the policy to be first removed from the attached ES40 interfaces, modified, and then reattached to ES40 interfaces.
Table 7-5 provides information about which policing features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series routers.
SUMMARY STEPS
1.
2.
3.
4.
5.
or
police cir percent % conform-action action exceed-action action
or
police cir bps value pir bps value conform-action action exceed-action action violate-action action
or
police cir percent % pir percent % conform-action action exceed-action action violate-action action
DETAILED STEPS
Step 1
enable
Example:Router# enableEnables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
policy-map policy-map-name
Example:Router(config)# policy-map policy-map-test
Creates or modifies a traffic policy and enters policy-map configuration mode, where:
•
Step 4
class {class-name | class-default}
Example:Router (config-pmap)# class acgroup2
Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where:
•
•
Step 5
police bps-value conform-action action exceed-action action
Example:Router(config-pmap-c)# police 5000000 conform-action drop exceed-action set-dscp-transmit
Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where:
•
•
Or
police cir percent % conform-action action exceed-action action
Example:Router(config-pmap-c)# police cir percent 20 conform-action transmit exceed-action set-prec-transmit 1
Configures traffic policing on the basis of a percentage of bandwidth available on an interface, where:
•
•
•
•
Or
police cir bps-value pir bps-value conform-action action exceed-action action violate-action action
Example:Router(config-pmap-c)# police cir 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop
Configures traffic policing using two rates, the CIR and the peak information rate (PIR), where:
•
•
•
•
Or
police cir percent % pir percent % conform-action action exceed-action action violate-action action
Example:Router(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit exceed-action set-prec-transmit 1 violate-action drop
Configures traffic policing using two rates, the CIR and the PIR, where:
•
•
•
•
•
Examples
In the following example, all actions are configured in separate lines.
Router# (config)# policy-map ABCRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police 10000000 8000 8000Router(config-pmap-c-police)# conform-action set-cos-transmit 2Router(config-pmap-c-police)# exceed-action set-cos-transmit 1Router(config-pmap-c-police)# endRouter#Router# show policy-map ABCPolicy Map ABCClass class-defaultpolice cir 10000000 bc 8000 be 8000conform-action set-cos-transmit 2exceed-action set-cos-transmit 1Router#This example configures a 1 rate 2-color policer:
Router(config)# policy-map 1r2cRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police 2000000Router(config-pmap-c-police)# conform-action transmitRouter(config-pmap-c-police)# exceed-action dropRouter(config-pmap-c-police)# endRouter# show policy-map 1r2cPolicy Map 1r2cClass class-defaultpolice cir 2000000 bc 62500conform-action transmitexceed-action dropRouter#This example configures a 1 rate 2-color policer with percent:
Router(config)# policy-map 1r2c_percentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police cir percent 20Router(config-pmap-c-police)# conform-action set-cos-transmit 0Router(config-pmap-c-police)# exceed-action dropRouter(config-pmap-c-police)# endRouter#Router# show policy-map 1r2c_percentPolicy Map 1r2c_percentClass class-defaultpolice cir percent 20conform-action set-cos-transmit 0exceed-action dropRouter#This example configures a 2 rate 3-color policer:
Router(config)# policy-map 2r3cRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police cir 2000000 pir 3000000Router(config-pmap-c-police)# conform-action set-prec-transmit 3Router(config-pmap-c-police)# exceed-action set-prec-transmit 2Router(config-pmap-c-police)# violate-action set-prec-transmit 1Router(config-pmap-c-police)# endRouter#Router# show policy-map 2r3cPolicy Map 2r3cClass class-defaultpolice cir 2000000 bc 62500 pir 3000000 be 93750conform-action set-prec-transmit 3exceed-action set-prec-transmit 2violate-action set-prec-transmit 1Router#This example configures a 2 rate 3-color policer with percent:
Router(config)# policy-map 2r3c_percentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police cir percent 10 pir percent 20Router(config-pmap-c-police)# conform-action transmitRouter(config-pmap-c-police)# exceed-action set-cos-transmit 0Router(config-pmap-c-police)# violate-action dropRouter(config-pmap-c-police)# endRouter#Router# show policy-map 2r3c_percentPolicy Map 2r3c_percentClass class-defaultpolice cir percent 10 pir percent 20conform-action transmitexceed-action set-cos-transmit 0violate-action dropRouter#This example configures a single rate two color policer in class-default with a CIR of 64 Kbps, a conform action of transmit and an exceed action of drop with as small a Bc as possible:
Router# enableRouter# configure terminalRouter(config)# policy-map policeRouter(config-pmap)# class test8Router(config-pmap-c)# police 64000 2000This example configures a single rate two color policer in class-default and a child policy with policing:
Router# enableRouter# configure terminalRouter(config)# policy-map police5Router(config-pmap)# class test18Router(config-pmap-c)# service policy child-levelRouter(config-pmap-c)# police cir 64000 50The following example shows a 2R3C configuration in a class and policy-map:
Router# enableRouter# configure terminalRouter(config)# policy-map testRouter(config-pmap)# class cos2Router(config-pmap-c)# police 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop
The following example configures a dual rate three color policer in class-default with a CIR of 64 Kbps, and PIR doubled the CIR rate, a conform action of transmit, and an exceed action mark dscp af11 and violate mark dscp cs1 with default setting on Bc.
Router# enableRouter# configure terminalRouter(config)# policy-Map qos_testRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police cir 64000 bc 2000 pir 128000 be 2000 conform-action transmit exceed-action set-dscp-transmit af11 violate-action set-dscp-transmit cs1The following example configures a dual rate three color policer in class-default.
Router# enableRouter# configure terminalRouter(config)# policy-map testRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit exceed-action set-prec-transmit 1 violate-action dropVerification
Use the following commands to verify policing:
This example shows how to display policing statistics using the show policy-map interface command in the EXEC mode.
Router# show policy-map interfaceTenGigabitEthernet3/1service-policy output: xclass-map: a (match-all)0 packets, 0 bytes5 minute rate 0 bpsmatch: ip precedence 0police:1000000 bps, 10000 limit, 10000 extended limitconformed 0 packets, 0 bytes; action: transmitexceeded 0 packets, 0 bytes; action: dropconformed 0 bps, exceed 0 bps, violate 0 bps
This is another example of displaying policing statistics using the show policy-map interface command; in this case the statistics are for a one rate 2 color per EVC policer.
Router# show policy-map interface ten 4/1 service instance 1
TenGigabitEthernet4/1: EFP 1
Service-policy input: evc_ingress
Counters last updated 00:00:00 ago
Class-map: class-default (match-any)
72077 packets, 36903424 bytes
5 minute offered rate 981000 bps, drop rate 440000 bps
Match: any
police:
cir 10000000 bps, bc 8000 bytes
conformed 87426 packets, 44762112 bytes; actions:
transmit
exceeded 85974 packets, 44018688 bytes; actions:
drop
conformed 556000 bps, exceed 448000 bps
Attaching a QoS Traffic Policy to an Interface
Before a traffic policy can be enabled for a class of traffic, it must be configured on an interface. A traffic policy also can be attached to Ethernet subinterfaces, main interfaces, and service instances.
Traffic policies can be applied for traffic coming into an interface (input), and for traffic leaving that interface (output).
Attaching a QoS Traffic Policy for an Input Interface
When you attach a traffic policy to an input interface, the policy is applied to traffic coming into that interface. To attach a traffic policy for an input interface, use the following command beginning in interface configuration mode:
Attaching a QoS Traffic Policy to an Output Interface
When you attach a traffic policy to an output interface, the policy is applied to traffic leaving that interface. To attach a traffic policy to an output interface, use the following command beginning in interface configuration mode:
Configuring Marking
After you have created your traffic classes, you can configure traffic policies to configure marking features to apply certain actions to the selected traffic in those classes.
In most cases, the purpose of a packet mark is identification. After a packet is marked, downstream devices identify traffic based on the marking and categorize the traffic according to network needs. This categorization occurs when the match commands in the traffic class are configured to identify the packets by the mark (for example, match ip precedence, match ip dscp, match cos, and so on). The traffic policy using this traffic class can then set the appropriate QoS features for the marked traffic.
In some cases, the markings can be used for purposes besides identification. Distributed WRED, for instance, can use the IP precedence, IP DSCP, or MPLS EXP values to detect and drop packets.
Restrictions and Usage Guidelines
When configuring class-based marking on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
•
•
•
•
Table 7-6 provides information about which QoS class-based marking features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router.
Table 7-6 QoS Class-Based Marking Feature Support
Set IP DSCP
(set ip dscp command—Marks the IP differentiated services code point (DSCP) in the type of service (ToS) byte with a value from 0 to 63.)
Input and output for the following interfaces:
•
•
•
•
•
•
•
Set IP precedence
(set ip precedence command—Marks the precedence value in the IP header with a value from 0 to 7.)
Input and output for the following interfaces:
•
•
•
•
•
•
•
Set Layer 2 IEEE 802.1Q CoS
(set cos command—Marks the CoS value from 0 to 7 in an 802.1Q tagged frame.)
Input and output for the following interfaces:
•
•
•
•
•
•
•
•
Set Layer 2 802.1Q CoS
(set cos-inner command—Marks the inner CoS field from 0 to 7 in a bridged frame.)
Input and output for the following interfaces:
•
•
•
Set Layer 2 802.1Q CoS
(set cos-inner cos command—Copies out CoS to inner CoS.)
Input and output for the following interfaces:
•
•
•
Set Layer 2 802.1Q CoS
(set cos cos-inner command)
Input and output for the following interfaces:
•
•
•
Set MPLS experimental (EXP) bit on label imposition
(set mpls experimental imposition command)
Input for the following interfaces:
•
•
•
•
Set MPLS EXP topmost
(set mpls experimental topmost command)
Input and output for the following interfaces:
•
•
1 To match subinterface/EVC traffic and policy-map applied on the main interface.
Note
•
•
Note
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS:
Step 1
enable
Example:Router# enableEnables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
policy-map policy-map-name
Example:Router(config)# policy-map policymap3
Creates or modifies a traffic policy and enters policy-map configuration mode, where:
•
Step 4
class {class-name | class-default}
Example:Router(config-pmap)# class class1
Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where:
•
•
Step 5
set type
Example:Router(config-pmap-c)# set ip precedence2
Specifies the marking action to be applied to the traffic, where type represents one of the forms of the set command supported by the Cisco 7600 Series ES+ line card as shown in Table 7-6.
Examples
This example shows the creation of a service policy called policy1. This service policy is associated to a previously defined classification policy through the use of the class command. This example assumes that a classification policy called class1 was previously configured.
Router# enableRouter# configure terminalRouter(config)# policy-map policy1Router(config-pmap)# class class1Router(config-pmap-c)# set ip precedence 1This example configures marking to set the imposed MPLS EXP bits to 1:
Router# enableRouter# configure terminalRouter(config)# policy-map testRouter(config-pmap)# class testRouter(config-pmap-c)# set mpls experimental imposition 1This example configures marking to set the inner cos value:
Router# enableRouter# configure terminalRouter(config)# policy-map testRouter(config-pmap)# class testRouter(config-pmap-c)# set cos inner 1This example configures marking to set the imposed MPLS EXP bits to 1:
Router# enableRouter# configure terminalRouter(config)# policy-map testRouter(config-pmap)# class testRouter(config-pmap-c)# set mpls experimental topmost 1Verification
Use the following commands to verify marking:
For more detailed information about configuring class-based marking features, refer to the Class-Based Marking document located at the following URL:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html
Configuring Shaping
This section describes information for configuring QoS traffic policies for shaping traffic. Shaping is the process of delaying packets in queues to make them conform to a specified profile.
Restrictions and Usage Guidelines
When configuring shaping on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
•
•
•
•
•
•
–
–
•
–
•
–
–
–
–
•
•
For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.
Table 7-7 provides information about which QoS traffic shaping features are supported for the Cisco 7600 Series ES+ line card on the Cisco 7600 series router.
Shaper Tc Granularity for ES+ Line Card
The lowest supported Tc on the hardware is 50 micro sec. The value of Tc is derived as:
Tc = BC/CIRwhere:
•
•
•
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Examples
This example shows traffic shaping on a main interface; traffic leaving interface gi1/1 is shaped at the rate of 10 Mb/s:
Router# enableRouter# configure terminalRouter(config)# class-map class-interface-allRouter(config-cmap)# match ip precedence 2Router(config-cmap)# exitRouter(config)# policy-map dts-interface-all-actionRouter(config-pmap)# class class-interface-allRouter(config-pmap-c)# shape average 10000000Router(config-pmap-c)# exitRouter(config)# interface gi1/1Router(config-if)# service-policy output dts-interface-all-action
This is an example of an output shaping policy on a switchport interface that matches on a CoS value queuing defined in the classes.
Router# enableRouter# configure terminalRouter(config)# policy-map switchport-cos-policyRouter(config-pmap)# class cos1Router(config-pmap-c)# shape ave 100000000Now the policy is applied in the egress direction on the main switchport.
Router# enableRouter# configure terminalRouter(config)# interface TenGigabitEthernet9/1Router(config-if)# switchportRouter(config-if)# switchport access vlan 2000Router(config-if)# switchport mode accessRouter(config-if)# service-policy output switchport-cos-policyIn this example, shape is applied at the parent level of an HQoS policy-map.
Router# enableRouter# configure terminalRouter(config)# policy-map child2Router(config-pmap)# class prec5Router(config-pmap-c)# shape average 100000000Router(config)# policy-map pcdRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 300000000Router(config-if)# service-policy child2This example configures a shaping policy in default-class with WRED:
Router# enableRouter# configure terminalRouter(config)# policy Map qos_testRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape ave 100MbpsRouter(config-pmap-c)# random-detect dscp-based aggregateVerification
Use the following commands to verify traffic shaping:
Configuring QoS Overhead Accounting for Shaping Parameters
By default, the ES+ shaper algorithm uses only layer 2 frame length excluding FCS or CRC. This feature helps you to configure shaping the QoS features with overheads like FCS or CRC, IFG, and Preamble.
Use the hw-module slot slot-number account np np-index out/in length command in the global configuration mode to enable this feature. You can use this command for both ingress and egress shaping.
Complete the following steps to configure Overhead accounting feature.
Restrictions
This command is not applicable for policer and LLQ classes.
SUMMARY STEPS
Step 1
Step 2
Step 3
Step 4
DETAILED STEPS
Configuration Examples
This example describes how to configure shaping and policing QoS features:
Router> enableRouter# configure terminalRouter(config)# hw-module slot 1 account np 0 out 4Router(config-if)# endConfiguring QoS Queue Scheduling
This section describes Cisco 7600 Series ES+ line card-specific information for configuring QoS queue scheduling.
Restrictions and Usage Guidelines
When configuring queueing features on an Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
–
–
–
•
•
•
•
•
–
–
–
–
–
–
–
–
–
–
–
–
–
–
For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.
Configuring WRED
Weighted RED (WRED) drops packets selectively based on DSCP, IP precedence (the default), or CoS QoS values. Packets with higher QoS values are less likely to be dropped than packets with lower QoS values. WRED is supported on the output of the following interfaces:
•
•
•
•
•
•
WRED Aggregate and Non-Aggregate Mode
WRED Aggregate mode and Non-Aggregate modes define how the hardware resources are internally used to provide the WRED behavior. On an ES+linecard, there are 8 WRED curves. In a WRED Non-Aggregate mode, a single CoS or Prec value maps to one WRED curve, and in a WRED Aggregate mode, multiple dscp or Prec values are mapped to one WRED curve.
For more information on this, see https://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_q1.html#wp1053666
The set of subclass (DSCP or precedence) values defined on a random-detect dscp or precedence (aggregate) CLI is aggregated into a single hardware WRED resource. The statistics for these subclasses are also aggregated.
Restrictions and Usage Guidelines
When configuring WRED on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:
•
–
- random-detect dscp-based aggregate minimum-thresh 32 maximum-thresh 64 mark-prob 20
- random-detect dscp values 30 50 minimum-thresh 32 maximum-thresh 64 mark-prob 20
- random-detect dscp values 10 40 minimum-thresh 80 maximum-thresh 112 mark-prob 20
–
–
•
–
–
–
–
–
•
•
•
•
•
•
•
•
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Examples for WRED Configurations
This is an example of a WRED configuration.
Router# enableRouter# configure terminalRouter(config)# policy-map wredtestRouter(config-pmap)# class cos5Router(config-pmap-c)# shape average 200000000Router(config-pmap-c)# random-detect dscp-based aggregateRouter(config-pmap-c)# random-detect dscp values 0 min 100 max 200 mark-prob 1Router(config-pmap-c)# random-detect dscp values 1 min 300 max 500 mark-prob 1Router(config-pmap-c)# random-detect dscp values 2 min 600 max 900 mark-prob 1The following example configures a class-map which matches IPP=1, 3, 5 and 7, and configures a WRED policy that is applied to the egress interface:
Router# enableRouter# configure terminalRouter(config)# policy-map wredRouter(config-pmap)# class IPP1Router(config-pmap-c)# shape average 100000000Router(config-pmap-c)# random-detect precedence-basedRouter(config-pmap)# class IPP3Router(config-pmap-c)# shape average 100000000Router(config-pmap-c)# random-detect precedence-basedRouter(config-pmap)# class IPP5Router(config-pmap-c)# shape average 100000000Router(config-pmap-c)# random-detect precedence-basedRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# random-detect precedence-basedThe following example show the output of the show policy-map interface command (transmit packets are not displayed).
Router# enableRouter# configure terminalRouter# show policy-map int gig 11/1 service instance 1GigabitEthernet11/1: EFP 1Service-policy output: temp_parentCounters last updated 00:00:00 agoClass-map: class-default (match-any)139358 packets, 71351296 bytes5 minute offered rate 1745000 bps, drop rate 283000 bpsMatch: anyQueueingqueue limit 2048 packets(queue depth/total drops/no-buffer drops) 0/104062/0(pkts output/bytes output) 35296/18071552shape (average) cir 10000000, bc 40000, be 40000target shape rate 10000000Service-policy : tempCounters last updated 00:00:00 agoClass-map: class-default (match-any)139358 packets, 71351296 bytes5 minute offered rate 1745000 bps, drop rate 1304000 bpsMatch: anyqueue limit 2048 packets(queue depth/total drops/no-buffer drops) 0/104062/0(pkts output/bytes output) 35296/18071552Exp-weight-constant: 9 (1/512)Mean queue depth: 0 packetsclass Random drop Tail drop Minimum Maximum Markpkts/bytes pkts/bytes thresh thresh probWRED Profiles
A WRED profile is a set of minimum thresholds, maximum thresholds, and Mark Probability Denominator (MPD) settings for a class. MPD represents the fraction for the amount of packets that will be dropped during periods of congestion when the average queue size is at maximum capacity. The minimum and maximum thresholds are defined as the number of entries in the queue. WRED can have a WRED minimum threshold, maximum threshold, and MPD settings for each QoS priority marking. Applying different drop thresholds for QoS priority markings differentiates the traffic flows. Hence, different types of traffic have different QoS.
In ES+ line cards, there are 16 unique drop profiles for a Traffic Manager (TM), of which 4 profiles are used for internal queuing configurations. WRED profiles differ from each other in the threshold values, mark probability values, and the values on which thresholds and mark probability are defined.
For example, consider a WRED cos-based configuration and a WRED precedence-based configuration that are identical in all respects except for one being cos-based and the other, precedence-based. The two configurations then constitute one profile. The same applies to WRED dscp configurations too. Also, two WRED configurations that are identical except for one minimum threshold configuration constitute two profiles. Similarly, differences in the maximum threshold, mark probability value, and the value on which thresholds and probability are defined also constitute different profiles.
With regard to WRED settings, you can do either of the following:
•
•
When you configure WRED without specifying the WRED minimum threshold, maximum threshold, and MPD settings, the configuration uses the default WRED settings. When programming the ES+ module hardware, the default WRED settings ensure the application of WRED profile optimization. For details, see WRED Profile Optimization.
The ES+ module supports 12 user-defined WRED profiles in hardware for every TM. For more information, see TM - Port Mapping. If you specify the WRED settings, the WRED minimum threshold, the maximum threshold, and MPD, ensure that you do not exceed the supported number of user-defined WRED profiles that can be programmed in the ES+ hardware.
Optimize the programming of user-defined WRED settings in the following ways:
•
•
Note
•
Note
Note
WRED Profile Optimization
Release 12.2(33)SRD5 and 12.2(33)SRE2 onwards, WRED profile optimization that is specific to the default random detect configuration has been made available. Earlier, the default aggregate curve value largely depended on the parent shape rate, and ignored the queue-limit completely for the class. If the parent was configured with a shape rate of 10mbps and two classes, each class configured with a different queue-limit, they still had the same threshold despite having different queue limits. Now there are, primarily, three base WRED profiles that are pre-defined in hardware, along with different scale factors, to achieve the various threshold values.
The three base WRED profiles are initialized as the following:
•
•
•
As hardware only supports values in multiples of 16, values that are not multiples of 16 do not use the same scale factor.
Profile usage largely depends on different thresholds and different mark-probabilities. The threshold, in turn, depends upon the queue-limit configuration of the class. Hence, differences in the queue limits between two classes result in two different WRED profiles.The parent queue-limit, derived from the parent shaper by default, is used to program the queue-limit for each child class based on the "bandwidth" configured for the class using either Bandwidth, Bandwidth Remaining Ratio (BRR), Bandwidth Percent (BP), or Bandwidth Remaining Percent (BRP). This queue-limit forms the basis for the programming of the default WRED profile for the class. Use the show policy-map command to check the queue-limit set for the parent policy and child classes.
Note
WRED Scale Factors
Default WRED configurations use the scale factor. Scale factors are used in the WRED profile to optimize WRED profile usage. To achieve different WRED minimum or maximum thresholds, scale factors can be considered multiplication factors along with base values.
Note
With a scale factor of three, the WRED profile is used to provide 20 combinations of unique max-threshold values which will be mapped to the different queue-limit values that are received.
Scale factor implementation is as follows:
Table 7-8
Scale Factor Implementation
A requested queue-limit of 1024 for default random-detect takes profile ID = 8 and scale ID = 2. A subsequent request for a queue-limit of 192 for default random-detect selects profile ID=5 and scale ID= 0. With one WRED configuration, requests can use the same WRED profile with different scale values. If the WRED profile ID is 4, then one request takes WRED profile ID=4 and scale ID=2 and the other takes WRED profile ID=4 and scale ID=0.
Example for WRED Scale Factor Usage
The following example shows how a WRED policy is configured and then applied to an interface.
Step 1: Use a sample WRED configuration and current profile usage.
class-map match-all c1_testmatch ip dscp cs5!class-map match-all c2_testmatch ip dscp 33!class-map match-all c3_testmatch ip dscp af31!policy-map CHILD_WREDclass c1_testbandwidth percent 30random-detectclass c2_testbandwidth percent 18random-detectclass c3_testbandwidth percent 6random-detectpolicy-map PARENT_WREDclass class-defaultshape average 25000000service-policy CHILD_WREDRouter# attach module 10Router-dfc10#show plat hardware qos np 0 prof res* WFQ profiles at TM level3 and level4 belong to one common pool.Profile usage is shared between the entities at L3 and L4 layers;hence same WFQ profile Total and Used counts are shown in thebelow output.Shaper wfq wrednp tm level total/used total/used total/used-------------------------------------------------------------0 0 L4 64/1 64/1* 12/00 0 L3 256/6 64/1* n/a0 0 L2 32/3 16/1 n/a0 0 L1 32/1 32/1 n/a-------------------------------------------------------------0 1 L4 64/0 64/1* 12/0 <<<<<<<<<initial WRED profile usage0 1 L3 256/1 64/1* n/a0 1 L2 32/1 16/1 n/a0 1 L1 32/1 32/1 n/a-------------------------------------------------------------0 2 L4 64/0 64/1* 12/00 2 L3 256/1 64/1* n/a0 2 L2 32/1 16/1 n/a0 2 L1 32/1 32/1 n/a-------------------------------------------------------------Policy :max used---------------256 0Router-dfc10# exitStep 2: Apply the configured WRED policy to an interface.
interface GigabitEthernet10/3no ip addressmpls propagate-cosservice-policy output PARENT_WREDRouter#show policy-map inte gig10/3 | inc Class-map|queue limitClass-map: class-default (match-any)queue limit 6144 packetsClass-map: c1_test (match-all)queue limit 2048 packets <<<<<<<<<<<<Q-limit for c1_test class-mapClass-map: c2_test (match-all)queue limit 1024 packets <<<<<<<<<<<<Q-limit for c2_test class-mapClass-map: c3_test (match-all)queue limit 384 packets <<<<<<<<<<<<Q-limit for c3_test class-mapClass-map: class-default (match-any)queue limit 3072 packetsRouter# attach module 10Router-dfc10#show plat hardware qos np 0 prof res* WFQ profiles at TM level3 and level4 belong to one common pool.Profile usage is shared between the entities at L3 and L4 layers;hence same WFQ profile Total and Used counts are shown in thebelow output.Shaper wfq wrednp tm level total/used total/used total/used-------------------------------------------------------------0 0 L4 64/1 64/1* 12/00 0 L3 256/6 64/1* n/a0 0 L2 32/3 16/1 n/a0 0 L1 32/1 32/1 n/a-------------------------------------------------------------0 1 L4 64/0 64/6* 12/1 <<<<<<<Only one profile is used0 1 L3 256/2 64/6* n/a0 1 L2 32/1 16/1 n/a0 1 L1 32/1 32/1 n/a-------------------------------------------------------------0 2 L4 64/0 64/1* 12/00 2 L3 256/1 64/1* n/a0 2 L2 32/1 16/1 n/a0 2 L1 32/1 32/1 n/a-------------------------------------------------------------Police :max used---------------256 0Router-dfc10#exitRouter# attach module 10Router-dfc10#show plat npc qos action np 0 interface gigabitEthernet 10/3 output queue | inc WRED|Level 4:GigabitEthernet10/3 - if_number 65 0 policymap PARENT_WRED dir Outputpolicymap CHILD_WRED classid 1 dfs classid 0 class index 0Shape mode/factor: Unshaped/One Profiles- WRED/Scale:4/2 Shape:0 WFQ:2policymap CHILD_WRED classid 2 dfs classid 1 class index 1Shape mode/factor: Unshaped/One Profiles- WRED/Scale:4/1 Shape:0 WFQ:3policymap CHILD_WRED classid 3 dfs classid 2 class index 2Shape mode/factor: Unshaped/One Profiles- WRED/Scale:4/0 Shape:0 WFQ:4policymap CHILD_WRED classid 0 dfs classid 3 class index 3Shape mode/factor: Unshaped/One Profiles- WRED/Scale:1/14 Shape:0 WFQ:5Router-dfc10#exitThe example shows scale factor usage:
•
•
•
Example for Default WRED Configuration
Policy-map details=====================RSP#sh running-config policy-map hqosparentBuilding configuration...Current configuration : 107 bytes!policy-map hqosparentclass class-defaultshape average 100000000service-policy hqoschild!endRSP#sh running-config policy-map hqoschildBuilding configuration...Current configuration : 155 bytes!policy-map hqoschildclass cos0bandwidth remaining percent 10random-detectclass cos1bandwidth remaining percent 30random-detect!endSh Policy-map interface===========================-Here we have a parent policy with shaper action-The queue limit in the child classes are calcuated as per the parent shaper-According to that the thresholds are calculated and WRED profiles are determined-From the output below you can see that for the first threshold values, max threshold will be half the queue-limit and min threshold half of max threshold.RSP#sh policy-map interface gig8/5GigabitEthernet8/5Service-policy output: hqosparentCounters last updated 00:02:56 agoClass-map: class-default (match-any)0 packets, 0 bytes5 minute offered rate 0000 bps, drop rate 0000 bpsMatch: anyQueueingqueue limit 32768 packets(queue depth/total drops/no-buffer drops) 0/0/0(pkts output/bytes output) 0/0shape (average) cir 100000000, bc 400000, be 400000target shape rate 100000000Service-policy : hqoschildCounters last updated 00:02:56 agoClass-map: cos0 (match-all)0 packets, 0 bytes5 minute offered rate 0000 bps, drop rate 0000 bpsMatch: cos 0Queueingqueue limit 3072 packets(queue depth/total drops/no-buffer drops) 0/0/0(pkts output/bytes output) 0/0bandwidth remaining 10%Exp-weight-constant: 9 (1/512)Mean queue depth: 0 packetsclass Random drop Tail drop Minimum Maximum Markpkts/bytes pkts/bytes thresh thresh prob0 0/0 0/0 768 1536 1/101 0/0 0/0 864 1536 1/102 0/0 0/0 960 1536 1/103 0/0 0/0 1056 1536 1/104 0/0 0/0 1152 1536 1/105 0/0 0/0 1248 1536 1/106 0/0 0/0 1344 1536 1/107 0/0 0/0 1440 1536 1/10Class-map: cos1 (match-all)0 packets, 0 bytes5 minute offered rate 0000 bps, drop rate 0000 bpsMatch: cos 1Queueingqueue limit 8192 packets(queue depth/total drops/no-buffer drops) 0/0/0(pkts output/bytes output) 0/0bandwidth remaining 30%Exp-weight-constant: 9 (1/512)Mean queue depth: 0 packetsclass Random drop Tail drop Minimum Maximum Markpkts/bytes pkts/bytes thresh thresh prob0 0/0 0/0 2048 4096 1/101 0/0 0/0 2304 4096 1/102 0/0 0/0 2560 4096 1/103 0/0 0/0 2816 4096 1/104 0/0 0/0 3072 4096 1/105 0/0 0/0 3328 4096 1/106 0/0 0/0 3584 4096 1/107 0/0 0/0 3840 4096 1/10Class-map: class-default (match-any)0 packets, 0 bytes5 minute offered rate 0000 bps, drop rate 0000 bpsMatch: anyqueue limit 16384 packets(queue depth/total drops/no-buffer drops) 0/0/0(pkts output/bytes output) 0/0RSP#RSP# attach module 8RSP-dfc8#sh platform hardware qos np 0 profile resources* WFQ profiles at TM level3 and level4 belong to one common pool.Profile usage is shared between the entities at L3 and L4 layers;hence same WFQ profile Total and Used counts are shown in thebelow output.Shaper wfq wrednp tm level total/used total/used total/used-------------------------------------------------------------0 0 L4 64/1 64/1* 12/00 0 L3 256/6 64/1* n/a0 0 L2 32/3 16/1 n/a0 0 L1 32/1 32/1 n/a-------------------------------------------------------------0 1 L4 64/0 64/4* 12/2 ---------------->2 different WRED profiles created as the b/w remaining percent is different for both the classes0 1 L3 256/2 64/4* n/a0 1 L2 32/1 16/1 n/a0 1 L1 32/1 32/1 n/a-------------------------------------------------------------0 2 L4 64/0 64/1* 12/00 2 L3 256/1 64/1* n/a0 2 L2 32/1 16/1 n/a0 2 L1 32/1 32/1 n/a-------------------------------------------------------------Police :max used---------------256 0RSP-dfc8#exitExample for Changed Threshold Configuration
The following sample configuration shows that the (highlighted) threshold configuration can be changed to have the same threshold. Having the same threshold results in reduction WRED profile usage.
interface Gig10/3service-policy out WRED_DEMOpolicy-map WRED_DEMOclass routingbandwidth percent 1class bphbandwidth percent 39random-detect dscp-based aggregaterandom-detect dscp values 18 minimum-thresh 96 maximum-thresh 192 mark-prob 5random-detect dscp values 20 minimum-thresh 128 maximum-thresh 192 mark-prob 10random-detect dscp values 10 12 minimum-thresh 150 maximum-thresh 200 mark-prob 5class bplbandwidth percent 20random-detect dscp-based aggregaterandom-detect dscp values 18 minimum-thresh 96 maximum-thresh 192 mark-prob 5random-detect dscp values 20 minimum-thresh 128 maximum-thresh 192 mark-prob 10random-detect dscp values 10 12 minimum-thresh 130 maximum-thresh 200 mark-prob 5class class-defaultbandwidth percent 10random-detect dscp-based aggregaterandom-detect dscp values 0 minimum-thresh 48 maximum-thresh 96 mark-prob 5random-detect dscp values 8 minimum-thresh 64 maximum-thresh 96 mark-prob 10Example for Using Queue-limit in the Parent Policy to Reduce WRED Profile Utilization
The following sample configuration shows that the same (highlighted) queue-limit configuration is being used by the 2 parent policies that have different shaper rates applied. This ensures that the WRED profile resources of the child policy are shared by the 2 parent policies.
policy-map hqosparent_1class class-defaultshape average 6328000queue-limit 100000 packetsservice-policy output hqoschild!policy-map hqosparent_2class class-defaultshape average 200000000queue-limit 100000 packetsservice-policy output hqoschild!policy-map hqoschildclass class1police 64000 8000 8000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af21 violate-action set-dscp-transmit af21bandwidth remaining percent 1random-detect dscp-based aggregate minimum-thresh 800 maximum-thresh 1600 mark-prob 1class class2police 64000 8000 8000 conform-action transmit exceed-action transmit violate-action transmitbandwidth remaining percent 1random-detect dscp-based aggregate minimum-thresh 800 maximum-thresh 1600 mark-prob 1class class3police cir 1000000000 bc 125000000 be 125000000 conform-action set-dscp-transmit ef exceed-action drop violate-action droppriorityclass class4police cir 900000000 bc 112500000 be 112500000 conform-action set-dscp-transmit af31 exceed-action set-dscp-transmit af32 violate-action set-dscp-transmit af32bandwidth remaining percent 59random-detect dscp-based aggregate minimum-thresh 800 maximum-thresh 1600 mark-prob 1random-detect exponential-weighting-constant 1random-detect dscp values 26 minimum-thresh 3200 maximum-thresh 4800 mark-prob 1random-detect dscp values 28 minimum-thresh 2400 maximum-thresh 3200 mark-prob 1class class5police cir 450000000 bc 56250000 be 56250000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af22 violate-action set-dscp-transmit af22bandwidth remaining percent 30random-detect dscp-based aggregate minimum-thresh 800 maximum-thresh 1600 mark-prob 1random-detect exponential-weighting-constant 1random-detect dscp values 18 minimum-thresh 3200 maximum-thresh 4800 mark-prob 1random-detect dscp values 20 minimum-thresh 2400 maximum-thresh 3200 mark-prob 1class class6police cir 150000000 bc 18750000 be 18750000 conform-action set-dscp-transmit default exceed-action set-dscp-transmit default violate-action set-dscp-transmit defaultbandwidth remaining percent 9random-detect dscp-based aggregate minimum-thresh 800 maximum-thresh 1600 mark-prob 1random-detect exponential-weighting-constant 1!interface GigabitEthernet8/12.1service-policy output hqosparent_1!interface GigabitEthernet8/12.2service-policy output hqosparent_2!TM - Port Mapping
Traffic Manager (TM) is a queuing application-specific integrated circuit (ASIC) of the network processor (NP). TM ensures that critical traffic get preferential treatment through a scheduler.
For different versions of an ES+ line card, some interfaces that are mapped to the same NP share the same TM. As the 12 unique profile limit works per TM, you may also overcome the limit by spreading the interface across different TMs.
TM-Port Mapping tabulates TM to port mapping.
Table 7-9
TM-Port Mapping
Note
Configuring Bandwidth and CBWFQ
Class-based weighted fair queueing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria and access control lists (ACLs).
Bandwidth is supported on the output of the following interfaces:
•
•
•
•
•
•
WFQ is a method to determine bandwidth or allocating remaining bandwidth to queueing entities at a specific level in the hierarchical QoS. You can distribute bandwidth or remaining bandwidth to each entity based on the commit and excess weights set on the WFQ configuration attached to the entity. The commit and excess WFQ weights are initially programmed into WFQ profile registers, where later the WFQ profiles are attached to one or more queuing entities based on whether or not they share the same or similar bandwidth configuration.
Effective from Cisco IOS Release15.1(1)S, the layer 3 and layer 4 level WFQ profiles belong to one hardware pool and can be commonly used among the layers.
Calculating commit-weight and excess-weight
Use the following formula to calculate weight for bandwidth:
Commit weight = (Bandwidth of the class) x (Maximum weight allowed at the level) / (Parent bandwidth).
Commit weight is then rounded to integer value based on optimizations allowed by hardware.
Excess weight = Commit weight (at layer 4 level).
Note
Use the following formula to calculate weight for bandwidth percent:
Commit weight = (Bandwidth percent of class) x (Maximum weight allowed at the level).
Commit weight is then rounded to integer value based on optimizations as allowed by hardware.
Excess weight = Commit weight (at layer 4 level).
Note
Use the following formula to calculate weight for remaining bandwidth percent:
Calculate weights for the remaining bandwidth percent by first calculating the remaining bandwidth under a policy-map and then allotting this bandwidth for each class based on its remaining bandwidth percent. Once this remaining bandwidth for a class is known, the excess weight is calculated as:
Excess weight = (Bandwidth remaining allotted to the class) x (Maximum weight allowed at the level) / (Parent bandwidth).
Excess weight is then rounded to integer value based on optimizations as allowed by hardware.
Commit weight = Excess weight (at layer 4 level).
Note
Use the following formula to calculate weight for Bandwidth Remaining Ratio(BRR):
Excess weight = (BRR of class) subject to maximum weight at the level.
Excess weight is then rounded to integer value based as allowed by hardware.
Commit weight = Excess weight (at layer 4 level).
Table 7-10 lists the maximum and allowed weights at various levels:
Table 7-10
L4
1020
1.. 255, 256, 260, 264.. 1020
L3
1020
1.. 255, 256, 260, 264.. 1020
L2
255
1.. 255
L1
255
1.. 255
Maximum and Allowed weights at various levels
Restrictions and Usage Guidelines
When configuring Bandwidth and CBWFQ on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:
•
•
•
•
•
•
Note
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Examples
This example shows a service policy called policy1 that specifies the amount of bandwidth to allocate for traffic classes 1 and 2:
Router# enableRouter# configure terminalRouter(config)# class-map class1 Router(config-cmap)# match ip dscp 30Router(config-cmap)# exitRouter(config)# class-map class2 Router(config-cmap)# match ip dscp 10Router(config-cmap)# exit
Router(config)# policy-map policy1Router(config-pmap)# class class1Router(config-pmap-c)# bandwidth 30000Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config-pmap)# class class2Router(config-pmap-c)# bandwidth 20000Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)#
Router(config)# interface gigabit ethernet 2/1 Router(config-if)# service-policy output policy1Router(config-if)# exitThe following example configures a QoS policy with multiple user class with rate guarantee setting using the bandwidth command.
Router(config)# policy-map policy1Router(config)# Class c1Router(config-pmap-c)# Bandwidth percent 1%Router(config-pmap)# Class c2Router(config-pmap-c)# Bandwidth percent 10%Router(config-pmap)# Class c3Router(config-pmap-c)# Bandwidth percent 88%Router(config-pmap)# Class class-defaultRouter(config-pmap-c)# Bandwidth 1%The following example configures a QoS policy with multiple user class with rate guarantee setting:
Router# enableRouter# configure terminalRouter(config)# Policy Map parent_policyRouter(config-pmap)# class-defaultRouter(config-pmap-c)# shape average 20000000Router(config-pmap-c)# bandwidth remaining ratio 5Router(config-pmap-c)# service-policy child_policyRouter(config)# policy-map child_policyRouter(config-pmap)# class videoRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police 10000000Router(config-pmap)# class criticalRouter(config-pmap-c)# bandwidth remaining percent 80Router(config-pmap)# class class-defaultRouter(config-pmap-c)# bandwidth remaining percent 20Use the following commands to verify CBWFQ:
Configuring LLQ
Low-Latency Queuing (LLQ) uses the priority command to allocate bandwidth to the class maps in the policy-map.
LLQ is supported on the output of the following interfaces:
•
•
•
•
•
•
Restrictions and Usage Guidelines
When configuring LLQ on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:
•
–
–
–
–
–
–
–
•
–
–
–
–
–
–
•
–
–
–
–
–
–
SUMMARY STEPS
1.
2.
3.
4.
5.
or
police cir percent % conform-action action exceed-action action
or
police cir bps-value pir bps-value conform-action action exceed-action action violate-action action
or
police cir percent % pir percent % conform-action action exceed-action action violate-action action
6.
or
priority level
DETAILED STEPS
Step 1
enable
Example:Router# enableEnables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
policy-map policy-name
Example:Router(config)# policy-map silver
Specifies the name of the policy-map to configure.
Step 4
class {class-name | class-default}
Example:Router(config-pmap)# class classcos0Specifies the name of a predefined class included in the service policy.
Step 5
police bps-value conform-action action exceed-action action
Example:Router(config-pmap-c)# police 5000000 conform-action set-dscp-transmit 0 exceed-action drop
Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where:
•
•
Or
police cir percent % conform-action action exceed-action action
Example:Router(config-pmap-c)# police cir percent 20 conform-action transmit exceed-action set-prec-transmit 1
Configures traffic policing on the basis of a percentage of bandwidth available on an interface, where:
•
•
•
•
Or
police cir bps-value pir bps-value conform-action action exceed-action action violate-action action
Example:Router(config-pmap-c)# police cir 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action set-cos-transmit 1 violate-action drop
Configures traffic policing using two rates, the CIR and the PIR, where:
•
•
•
•
Or
police cir percent % pir percent % conform-action action exceed-action action violate-action action
Example:Router(config-pmap-c)# police cir percent 20 pir percent 40 conform-action transmit exceed-action set-prec-transmit 1 violate-action drop
Configures traffic policing using two rates, the CIR and the PIR, where:
•
•
•
•
•
Step 6
priority
Example:Router(config-pmap-c)# priorityGives strict priority to a class of traffic belonging to the policy-map.
Or
priority level
Example:Router(config-pmap-c)# priority level 1
Gives priority level to a class of traffic belonging to the policy-map.
Examples
The following example configures an output LLQ policy on a switchport interface that matches on a CoS value queuing defined in the classes.
Router# enableRouter# configure terminalRouter(config)# policy map switchport-llq-policyRouter(config-pmap)# class cos0Router(config-pmap-c)# police 500000000Router(config-pmap-c)# priorityNow the policy is applied to the interface.
Router# enableRouter# configure terminalRouter(config)# interface TenGigabitEthernet9/1Router(config-if)# switchportRouter(config-if)# switchport access vlan 2000Router(config-if)# switchport mode accessRouter(config-if)# service-policy output switchport-llq-policyThe following example configures a simple LLQ QoS policy on a class c1 with strict priority setting.
Router# enableRouter# configure terminalRouter(config)# Policy Map qos_llqRouter(config-pmap)# Class c1Router(config-pmap-c)# police 500000000Router(config-pmap-c)# priorityThe following example configures an LLQ policy with multiple priority classes with a smallest percent value and default burst value for testing:
Router# enableRouter# configure terminalRouter(config-pmap)# Class-map VoiceRouter(config-pmap-c)# police cir percent 10Router(config-pmap-c)# PriorityRouter(config-pmap)# Class-map VideoRouter(config-pmap-c)# Police cir percent 20Router(config-pmap-c)# PriorityRouter(config-pmap)# Class-defaultConfiguring DBUS CoS Queuing
This feature allows you to configure which DBUS CoS values are mapped to the high-priority queue. The hw-module slot slot queue priority switch-fpga output cos values|none command is used on the Routing Processor (RP) to configure the priority values. You can change the priority by changing the CoS values. The system allows you to configure eight class-of-service values. The default CoS values are 5,6, and 7.
Configuring Bandwidth Remaining Ratio (BRR)
Bandwidth Remaining Ratio (BRR) specifies the ratio that bandwidth is split between users when the link is congested (oversubscribed). This feature allows the link rate to be prorated out to logical interfaces such as EVCs and L3 subinterfaces. This feature is needed by the user since it provides the ability to oversubscribe the shape rate so logical interfaces can utilize unused bandwidth of other logical interfaces.
BRR is implemented on logical interfaces using hierarchical policy-maps.
Restrictions and Usage Guidelines
When configuring BRR on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
•
•
•
•
•
•
•
•
•
–
–
•
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Examples
In the following configuration, three policy-maps are applied in egress on three service instances. If gold, silver, and bronze service instances send their full quota of 300, 300, and 100 Mb/s of priority traffic, then because PRP/service propagation is ON, the remaining (1 Gb/s - 700 Mb/s) 300 Mb/s of link bandwidth is shared between users in the ratio 1 : 2 : 3 where:
User A gets : 1 / (1+2+3) * 300 Mb/s = 50 Mb/s of non-LLQ traffic
User B gets : 2 / (1+2+3) * 300 Mb/s = 100 Mb/s of non-LLQ traffic
User C gets : 3 / (1+2+3) * 300 Mb/s = 150 Mb/s of non-LLQ traffic
Router# enableRouter# configure terminalRouter(config)# policy-map data_gold_child_outRouter(config-pmap)# class videoRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police 300000000Router(config-pmap-c)# set cos 4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# set cos 3Router(config)# policy-map data_gold_parent_outRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 500000000Router(config-pmap-c)# bandwidth remaining ratio 3Router(config-pmap-c)# service-policy data_gold_child_outRouter(config)# policy-map data_silver_child_outRouter(config-pmap)# class videoRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police 300000000Router(config-pmap-c)# set cos 4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# set cos 1Router(config)# policy-map data_silver_parent_outRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 500000000Router(config-pmap-c)# bandwidth remaining ratio 2Router(config-pmap-c)# service-policy data_silver_child_outRouter(config)# policy-map data_bronze_child_outRouter(config-pmap)# class videoRouter(config-pmap-c)# priorityRouter(config-pmap-c)# police 100000000Router(config-pmap-c)# set cos 4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# set cos 1Router(config)# policy-map data_bronze_parent_outRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 500000000Router(config-pmap-c)# bandwidth remaining ratio 1Router(config-pmap-c)# service-policy data_bronze_child_outConfiguring PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card
The Cisco 7600 Series ES+ line card supports most of the same QoS features as those supported by the Policy Feature Card (PFC) on the Cisco 7600 series routers.
This section describes those QoS features that have Cisco 7600 Series ES+ line card-specific configuration guidelines. After you review the Cisco 7600 Series ES+ line card-specific guidelines described in this document, then refer to the Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 15.0SR located at the following URL:
http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/qos.html
PFC QoS on a Cisco 7600 Series Ethernet Services Plus Line Card Configuration Guidelines
The Cisco 7600 Series ES+ line card supports Policy Feature Card (PFC) QoS for SVI interfaces only in the case of ingress cos-to-exp marking and micro flow policing. For supported interfaces, see "Supported Interfaces" section.
Configuring Hierarchical QoS
The Cisco 7600 Series ES+ line cards support hierarchical QoS (H-QoS) that you configure using Cisco Modular QoS CLI (MQC). The following H-QoS capabilities are supported:
•
•
•
Note
•
•
•
•
•
•
•
•
•
–
–
–
–
•
–
–
Follow these restrictions while configuring Hierarchical QoS for the Cisco 7600 series ES+ line cards:
•
•
•
•
Follow these restrictions and usage guidelines while configuring Hierarchical QoS for the Cisco 7600 series ES+T line cards:
•
•
•
•
•
•
•
In IOS hierarchical levels are represented as follows and current support is up to five levels:
•
•
•
•
•
A policy-map with two levels has three levels of hierarchy when attached on the main interface, and four levels of hierarchy when attached on a subinterface.
A policy-map with three levels has four levels of hierarchy when attached on the main interface, and five levels of hierarchy when attached on a subinterface.
On the ingress, three level H-QOS is supported (port, parent, child).
Table 7-11 provides information about supported H-QoS features.
Table 7-11 Hierarchical QoS Feature Support
Main Layer 3 interface
CoS, prec/dscp, EXP
Yes
Yes
Yes
No
Yes
Yes
Layer 3 subinterface
CoS, prec/dscp, EXP
Yes
Yes
Yes
No
Yes
Yes
Service instances
outer CoS, prec/dscp, inner CoS
Yes
Yes
Yes
No
Yes
Yes
SVI interface
Yes
No1
No
No
No
No
No
Switchport interfaces
Outer CoS
Yes
Yes
Yes
No
Yes
Yes
Port-channel service instances
outer CoS, inner CoS
Yes
Yes
Yes
No
Yes
Yes
Port-channel Layer 3 member link
CoS, prec/dscp, EXP
Yes
Yes
Yes
No
Yes
Yes
1 Earl Policing is not supported post 12.2(33)SRE release.
Examples
This example configures the child policy to allocate different percentages of bandwidth by class:
!Router# enableRouter# configure terminalRouter(config)# policy-map childRouter(config-pmap)# class User-ARouter(config-pmap-c)# bandwidth percent 40Router(config-pmap-c)# exitRouter(config-pmap)# class User-BRouter(config-pmap-c)# bandwidth percent 60Router(config-pmap-c)# exitRouter(config-pmap)# exit!This example applies the parent service policy to an output subinterface:
!Router# enableRouter# configure terminalRouter(config)# interface TenGigabitEthernet 2/1.1Router(config-if-srv)# encapsulation dot1q 11Router(config-if)# service-policy output parentThis example shows how to configure a 2 level H-QoS policy on a main interface:
Router(config)# policy-map child_1Router(config-pmap)# class prec1Router(config-pmap-c)# priority level 1Router(config-pmap)# class prec2Router(config-pmap-c)# priority level 1 2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# Police 100kbps!Router(config)# policy-map HQoS_parentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# service-policy child_1This example shows how to configure a 2 level H-QoS policy on an EVC interface:
Router(config)# policy-map child_1Router(config-pmap)# class cos1Router(config-pmap-c)# priority level 1Router(config-pmap)# class cos 2Router(config-pmap-c)# priority 2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# Police 100kbps!Router(config)# policy-map HQoS_parentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# service-policy child_1This example configures an ingress 3-level H-QOS policy on a main-interface:
Router(config)# policy-map child_1Router(config-pmap)# class prec123Router(config-pmap-c)# random-detect precedence basedRouter(config-pmap)# class prec456Router(config-pmap-c)# shape average 10MRouter(config-pmap)# class class-default!Router(config)# policy-map HQoS_parentRouter(config-pmap)# class ACL_c1Router(config-pmap-c)# Police 100kbpsRouter(config-pmap-c)# priority 1Router(config-pmap-c)# service policy child_1Router(config-pmap)# class ACL_c2Router(config-pmap-c)# Police 100kbpsRouter(config-pmap-c)# priority level 2Router(config-pmap-c)# service policy child_2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# Police 100kbpsRouter(config-pmap-c)# service policy child_3!Router(config)# policy-map HQos_grandparentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape 100000000Router(config-pmap-c)# service-policy HQoS_parentThis example configures an egress 3 level H-QOS policy on a main-interface:
Router(config)# policy-map child_1Router(config-pmap)# class prec123Router(config-pmap-c)# random-detect precedence basedRouter(config-pmap)# class prec456Router(config-pmap-c)# shape average 10MRouter(config-pmap)# class class-default!Router(config)# policy-map HQoS_parentRouter(config-pmap)# class ACL_c1Router(config-pmap-c)# Police 100kbpsRouter(config-pmap-c)# priority level 1Router(config-pmap-c)# service policy child_1Router(config-pmap)# class ACL_c2Router(config-pmap-c)# Police 100kbpsRouter(config-pmap-c)# priority level 2Router(config-pmap-c)# service policy child_2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# service policy child_3!Router(config)# policy-map HQos_grandparentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape 100000000Router(config-pmap-c)# service-policy HQoS_parent!EVCS QoS Support
Ethernet Virtual Connection Services (EVCS) uses the concepts of service instances and EVCs (Ethernet virtual circuits). A service instance is the instantiation of an EVC on a given port on a given router. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered.
EVC QoS works with the following EVC combinations:
•
•
•
•
•
•
•
•
•
For information on how to configure EVC QoS, refer to the following sections to see how service instances and port channel service instances are handled:
•
Restrictions and Usage Guidelines
When configuring QoS with EVCS on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
•
•
•
•
•
•
•
•
•
–
–
–
–
–
•
•
EVC Configuration Examples
This example shows ingress QOS on scalable EoMPLS.
Router# enableRouter# configure terminalRouter(config)# interface GE 1/2Router(config-if)# service instance 1 ethernetRouter(config-if-srv)# encapsulation dot1q 100Router(config-if-srv)# rewrite ingress tag pop 1 symmetricRouter(config-if)# xconnect 2.2.2.2 100 pw-class vlan-xconnectRouter(config-pmap-c)# service-policy input mark-it-inRouter(config)# policy-map mark-it-inRouter(config-pmap)# class cos0Router(config-pmap-c)# policeRouter(config-pmap-c)# set mpls exp imposition 5In this example of a single tag VLAN configuration, because the encapsulation dot1q 10 is already classified, only the inner VLAN and CoS values are configured.
Router# enableRouter# configure terminalRouter(config)# interface GE 1/2Router(config-if)# service instance 1Router(config-if-srv)# encapsulation dot1q 10 second-dot1q anyRouter(config-if-srv)# rewrite ingress tag pop 1 symmetricRouter(config-if-srv)# bridge domain 200Router(config-pmap-c)# service-policy input mark-it-inRouter(config)# policy-map mark-it-inRouter(config-pmap)# class innervlan20Router(config-pmap-c)# police 100000000Router(config-pmap-c)# set cos 0Router(config-pmap-c)# set cos-inner 0This is an example of a single tag VLAN connect ingress policy.
Router# enableRouter# configure terminalRouter(config)# interface GigabitEthernet1/1Router(config-if)# service instance 100 ethernetRouter(config-if-srv)# encapsulation dot1q 10 second-dot1q anyRouter(config-if-srv)# rewrite ingress tag pop 1 symmetricRouter(config-pmap-c)# service-policy in mark-it-inRouter(config)# interface GigabitEthernet 1/2Router(config-if)# service instance 101 ethernetRouter(config-if-srv)# encapsulation dot1q 11 second-dot1q anyRouter(config-if-srv)# rewrite ingress tag pop 1 symmetricRouter(config-pmap-c)# service-policy in mark-it-inRouter(config-if-srv)# connect EVC1 GigabitEthernet 1/1 100 GigabitEthernet 1/2 101Router(config)# policy-map mark-it-inRouter(config-pmap)# class vlaninner20cosinner5Router(config-pmap-c)# set cos 0This is an example of an egress double tag VLAN connect hierarchical configuration.Router# enableRouter# configure terminalRouter(config)# interface GigabitEthernet 1/1Router(config-if)# service instance 100 ethernetRouter(config-if-srv)# encapsulation dot1q 10 second-dot1q 20Router(config-if-srv)# rewrite ingress tag pop 2 symmetricRouter(config-pmap-c)# service-policy out parent-out-100Router(config)# interface GigabitEthernet 1/2Router(config-if)# service instance 101 ethernetRouter(config-if-srv)# encapsulation dot1q 11 second-dot1q 21Router(config-if-srv)# rewrite ingress tag pop 2 symmetricRouter(config-pmap-c)# service-policy out parent-out-101Router(config-if-srv)# connect EVC1 GigabitEthernet 1/1 100 GigabitEthernet 1/2 101Router(config)# policy-map child-out-100Router(config-pmap)# class cos5Router(config-pmap-c)# bandwidth percent 10Router(config-pmap-c)# set cos 0Router(config-pmap-c)# set cos-inner 0Router(config)# policy-map parent-out-100Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 10000000Router(config-pmap-c)# service-policy child-out-100Router(config)# policy-map child-out-101Router(config-pmap)# class cos0Router(config-pmap-c)# bandwidth percent 10Router(config-pmap-c)# set cos 5Router(config-pmap-c)# set cos-inner 5Router(config)# policy-map parent-out-101Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 10000000Router(config-pmap-c)# service-policy child-out-101This is an example of an egress double tag VLAN connect flat configuration.Router# enableRouter# configure terminalRouter(config)# policy-map flat-100Router(config-pmap)# class cos5Router(config-pmap-c)# shape average 10000000Router(config-pmap-c)# set cos 0Router(config-pmap-c)# set cos-inner 0Router(config-pmap)# class class-default <-- required classRouter(config-pmap-c)# shape average 10000000 <-- required queuing actionRouter(config-pmap-c)# set cos 6Router(config)# policy-map flat-101Router(config-pmap)# class cos0Router(config-pmap-c)# shape average 10000000Router(config-pmap-c)# set cos 5Router(config-pmap-c)# set cos-inner 5Router(config-pmap)# class class-default <-- required classRouter(config-pmap-c)# shape average 10000000 <-- required queuing actionRouter(config-pmap-c)# set cos 4QoS on Port-Channel Member-Link
The QoS on Port-Channel Member-Link feature provides support to apply QoS service-policies in ingress and egress traffic on the following interfaces:
•
•
•
•
For a policy-map attached to a port-channel main interface, ingress or egress traffic coming from any member link is subjected to policy-map configured on port-channel main interface. If no policy-map is configured on port-channel main interface, ingress or egress traffic from member-link is subject to the::
•
•
For more information, see Table 7-12.
QoS policy-maps cannot co-exist on a port-channel main interface, subinterface, and EVC. However, member-link policy-map can co-exist with policy-map on L3 port-channel main interface, subinterface, or EVC. In case of L2 port-channels, you can configure QoS on either port-channel main-interface or on the member-link. QoS on both the L2 port-channel main-interface and member-link is not supported.
Note
•
•
Note
•
•
•
Supported Egress QoS Configurations
Table 7-12 lists the QoS configurations supported on ingress and egress.
Table 7-12 Supported QoS Configurations
Policy-map attached to layer 3 port-channel interface (input and output)
•
•
•
•
•
•
Policy-map attached to layer 3 port-channel subinterface (input and output)
•
•
•
•
Policy-map attached on the member-link with no policy-map configured on port-channel interface, port-channel subinterface, and portchannel EVC.
•
•
•
•
•
Policy-map attached to port-channel member link and policy-map configured on port-channel interface.
•
Policy-map attached to port-channel member link and policy-map configured on port-channel subinterface.
•
Policy-map attached to port-channel member link and policy-map configured on port-channel EVC service instance.
•
•
•
1 For more information on classification, see Table 7-4
2 For more information on policing, see Table 7-5
Note
Restrictions and Usage Guidelines
When configuring the QoS on Port-Channel Member-Link feature on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
If the port-channel subinterface or port-channel service instance has its own policy, traffic is subjected to the policy applied on that port-channel subinterface or port-channel service instance.
It is not recommended to configure member link policy on the ingress if there is a micro-flow policing policy configured on the port-channel main interface or port-channel subinterface. If a member link policy and a micro-flow policing policy exist together, traffic is subjected to both policies, first by the member link policy on the NP and then the micro-flow policing policy on the PFC.
Having Layer 3 port-channel member links with user defined classes in the parent introduces an additional queuing hierarchy. The interface bandwidth is shared equally between all the user defined classes.
To protect and guarantee the port channel service instance bandwidth, the member link policy should have a grand-parent class-default with shape configured to restrict the maximum interface bandwidth given to non port-channel service instance traffic (if there is more than one class at the parent level in the member link policy).
•
•
•
•
QoS on Port-Channel Member-Link Configuration Examples
The following example shows a sample policy-map configuration:
Router# enableRouter# configure terminalRouter(config)# policy-map port-channel-egress_qosRouter(config-pmap)# class prec0Router(config-pmap-c)# police cir 100000000Router(config-pmap)# set ip precedence 3Router# enableRouter(config)# policy-map subint_egressRouter(config-pmap)#class prec1 <<<< match on precedence 1Router(config-pmap-c)# police 200000 conform-action set-prec-transmit 3 exceed-action dropRouter(config-pmap)#class class-defaultRouter(config-pmap-c)#police 400000Router#Router(config)# policy-map memlink_childRouter(config-pmap)# class cos0 >>>match on cos 0Router(config-pmap-c)# shape average 50000000Router(config-pmap-c)# priorityRouter(config-pmap)# class cos1Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# policy-map memlink_parent_ingressRouter(config-pmap)# class vlan11Router(config-pmap-c)# shape average 300000000Router(config-if)# service-policy childRouter(config-pmap)# class vlan12Router(config-pmap-c)# shape average 300000000Router(config-if)# service-policy childRouter(config-pmap)# class class-defaultThe following example illustrates how to configure the service-policy under a router port-channel Layer 3 member link.
Router# enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# ip addressRouter(config-if)# mpls ipRouter(config)# interface gi1/0Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosRouter(config)# interface gi1/1Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosThe following example includes a bandwidth remaining ratio:
Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class cos0 >>>match on cos 0Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class cos1Router(config-pmap-c)# bandwidth remaining ratio 2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# bandwidth remaining ratio 1The following are four examples of Layer 3 service policies:
Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class prec1 >>>match on ip prec 1Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class prec2Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# random-detect aggregateRouter(config-pmap-c)# random-detect precedence values 3 minimum-thresh 40 maximum-thresh 60 mark-prob 1Router(config-pmap-c)# random-detect precedence values 4 minimum-thresh 70 maximum-thresh 90 mark-prob 1Router(config-pmap-c)# random-detect precedence values 5 minimum-thresh 100 maximum-thresh 120 mark-prob 1:
Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class exp1 >>>match on exp 1Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class exp2Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class ip-exp1 >>>match on ip prec1, or exp 1Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class ip-exp22Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class exp1 >>>match on exp 1Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class exp2Router(config-pmap-c)# bandwidth remaining ratio 5Router(config-pmap)# class class-defaultRouter(config-pmap-c)# bandwidth remaining ratio 2The following example shows the flat service-policies that can be configured under member-links:
Router# enableRouter# configure terminalRouter(config)# policy-map port-qosRouter(config-pmap)# class vlan11 >>>match on vlan 11Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class vlan12Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000.
The following examples shows the H-QoS policy that can be configured under member-links:
Router# enableRouter# configure terminalRouter(config)# policy-map childRouter(config-pmap)# class prec0 >>>match on prec 0Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class prec1Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# policy-map parentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 300000000Router(config-if)# service-policy childRouter# enableRouter# configure terminalRouter(config)# policy-map childRouter(config-pmap)# class cos0 >>>match on cos 0Router(config-pmap-c)# police cir 100000000Router(config-pmap-c)# priorityRouter(config-pmap)# class cos1Router(config-pmap-c)# bandwidth 100000Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# policy-map parentRouter(config-pmap)# class vlan11Router(config-pmap-c)# shape average 300000000Router(config-if)# service-policy childRouter(config-pmap)# class vlan12Router(config-pmap-c)# shape average 300000000Router(config-if)# service-policy childRouter(config-pmap)# class class-defaultThe following example shows how to configure QoS on port-channel subinterface in egress:
Router# enableRouter# configure terminalRouter(config)# interface Port-channel 1.1Router(config-if-srv)# encapsulation dot1q 1001Router(config-if)# service-policy input subint-engressThe following examples show service-policy combination on various interfaces.
The first example shows an egress service-policy attached to a port-channel member-link. There is no service-policy on the port-channel service instance.
Router# enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# ip addressRouter(config-if)# service instance 1 ethernetRouter(config-if-srv)# encapsulation dot1q 100Router(config-if-srv)# bridge-domain 200Router(config-if)# service instance 2 ethernetRouter(config-if-srv)# encapsulation dot1q 101Router(config-if-srv)# bridge-domain 200interface gi1/0Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosRouter(config)# interface gi1/1Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosIn the next example, an egress service-policy is attached to a port-channel member-link. An egress and an ingress service-policy are applied on the port-channel service instance.
Router# enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# ip addressRouter(config-if)# service instance 1 ethernetRouter(config-if-srv)# encapsulation dot1q 100Router(config-if-srv)# bridge-domain 200Router(config-if)# service-policy output evc-egressRouter(config-if)# service-policy input evc-ingressRouter(config-if)# service instance 2 ethernetRouter(config-if-srv)# encapsulation dot1q 101Router(config-if-srv)# bridge-domain 200Router(config-if)# service-policy output evc-egressRouter(config-if)# service-policy input evc-ingressRouter(config)# interface gi1/0Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosRouter(config)# interface gi1/1Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosIn the following example, an egress service-policy is attached to a port-channel member-link. An egress and an ingress service-policy are applied on the port-channel service instance. An ingress service-policy is applied on the port-channel subinterface.
Router# enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# ip addressRouter(config-if)# service instance 1 ethernetRouter(config-if-srv)# encapsulation dot1q 100Router(config-if-srv)# bridge-domain 200Router(config-if)# service-policy output evc-egressRouter(config-if)# service-policy input evc-ingressRouter(config-if)# service instance 2 ethernetRouter(config-if-srv)# encapsulation dot1q 101Router(config-if-srv)# bridge-domain 200Router(config-if)# service-policy output evc-egressRouter(config-if)# service-policy input evc-ingressRouter(config)# interface Port-channel 1.1Router(config-if-srv)# encapsulation dot1q 1000Router(config-if)# service-policy input subint-ingressRouter(config-if)# service-policy output subint-egressRouter(config)# interface gi1/0Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosRouter(config)# interface gi1/1Router(config-if)# channel-group 1Router(config-if)# service-policy output port-qosThe following example shows how to configure QoS on member-link for Ingress
Router# enableRouter# configure terminalRouter(config)# interface gi1/1Router(config-if)# channel-group 1Router(config-if)# service-policy input memlink-Parent_ingressThe following examples shows the policy that can be configured under Port channel main interface:
Router# enableRouter# configure terminalRouter(config)# policy-map port-channel-egress_qosRouter(config-pmap)# class dscp0Router(config-pmap-c)# police cir 100000000Router(config-pmap)# set ip precedece 3Router# enableRouter# configure terminalRouter(config)# policy-map port-channel-ingress_qosRouter(config-pmap-c)# class cos1Router(config-pmap-c)#police cir 80000 pir 160000 conform-action set-dscp-transmit 5 exceed-action set-dscp-transmit 6 violate-action dropRouter#enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# service-policy output port-channel-egress-qosRouter(config-if)# service-policy input port-channel-ingress-qosThe following examples shows how to confiure QoS on port-channel main interface:Router# enableRouter# configure terminalRouter(config)# policy-map port-channel-ingress_qosRouter(config-pmap-c)# class cos1 >>>match on cos 1Router(config-pmap-c)#police cir 80000 pir 160000 conform-action set-dscp-transmit 5 exceed-action set-dscp-transmit 6 violate-action dropRouter#enableRouter# configure terminalRouter(config)# interface Port-channel 1Router(config-if)# service-policy output port-channel-egress-qosRouter(config-if)# service-policy input port-channel-ingress-qosTroubleshooting QoS on Port-Channel Member-Link
This section describes how to troubleshoot QoS on a Port-Channel Member-Link.
•
An example output:PE2#sh policy-map int port-ch 51Port-channel51Service-policy output: abcService policy abc is in suspended modeA policy is suspended when there are no member-links attached to it. Use the show etherchannel summary command to check the member-links attached to a policy and the corresponding status. The following example shows the output of the show etherchannel summary command:
PE2#show etherchannel summaryFlags: D - down P - bundled in port-channelI - stand-alone s - suspendedH - Hot-standby (LACP only)R - Layer3 S - Layer2U - in use f - failed to allocate aggregatorM - not in use, minimum links not metu - unsuitable for bundlingw - waiting to be aggregatedd - default portNumber of channel-groups in use: 4Number of aggregators: 4Group Port-channel Protocol Ports------+-------------+-----------+-----------------------------------------------1 Po1(RU) - Gi2/12(P)2 Po2(SD) -3 Po3(SD) -4 Po4(RU) - Gi2/1(P) Gi2/2(P) Gi2/22(P)•
Run the following commands on the route processor:
–
–
–
–
–
–
Run the following commands on the line card:
–
PE2-dfc2#Port-Channel 3 : No policies attachedPort-Channel 4 :np port dir pc-type count---------------------------------------0 0 Input PC-L3 20 0 Output PC-L3 20 0 Input PC-EVC 10 1 Input PC-L3 20 1 Output PC-L3 20 1 Input PC-EVC 10 1 Output PC-EVC 12 1 Input PC-L3 22 1 Output PC-L3 22 1 Input PC-EVC 1--------------------------------–
PE2-dfc2#sh platform npc qos sp np all countnp dir count----------------------------0 Input 30 Output 31 Input 01 Output 02 Input 32 Output 23 Input 03 Output 0–
–
–
Note
show policy-map interface intf service group group.
IPv6 - Hop by Hop Rate Limiter
The IPv6 Hop-by-Hop (HBH) extension header is part of the original specification of the IPv6 protocol (RFC 2460). It is identified by header type 0 and when present, this extension header must always be the first extension header (EH) to follow the main header. Because a node must process any received packet that has an HBH extension header, forwarding of packets containing the HBH header can represent or be used as a security threat.
The IPv6 - Hop by Hop Rate Limiter feature provides protection from Denial of Service (DoS) attacks by allowing you to rate limit IPv6 HBH packets.
Restrictions and Usage Guidelines
When rate limiting IPv6 HBH packets on the Cisco 7600 Series ES+ line card, follow these restrictions and usage guidelines:
•
–
–
–
–
•
•
•
Configuring IPv6 - Hop by Hop Rate Limiter
To connect to a specific line card for the purpose of executing the test platform police ipv6 set command, test platform police ipv6 get command or the test platform police ipv6 disable command, use the attach command in privileged EXEC mode.
You can then set the IPv6 internal police rate by using the test platform police ipv6 set command in privileged EXEC mode from the line card console:
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Example
This example shows how to set the rate.
Console# attach 3
Trying Switch ...
Entering CONSOLE for Switch
Type "^C^C^C" to end this session
osr3-dfc3#
Router-dfc3# enable
Router-dfc3# test platform police ipv6 set 1234
You can obtain IPv6 internal police rate by using the test platform police get command in privileged EXEC mode from the line card console:
Router-dfc3# test platform police ipv6 getIPv6 with HBH header is policed at 100000 kbps
You can disable the IPv6 internal police rate by using the test platform police ipv6 get command in privileged EXEC mode from the line card console:
Router-dfc3# test platform police ipv6 disableRouter-dfc3# test platform police ipv6 get
IPv6 with HBH header is not policed.Port Level Shaping Concurrent with 4HQoS on ES+
In a network having a PE router connected to a low level device with lesser line rate capability, you can configure the traffic shaping QoS on the output direction of the PE port. Until Cisco IOS release 15.0(1), QoS on main interface is not supported to co-exist with the QoS policy on any other target on the same physical port. This feature allows class-default shaping only QoS policy on a main interface to co-exist with QoS policy on the sub targets. You can also use this feature to apply a shaping policy on the main interface and a HQoS policy on the sub targets such as sub-interfaces, EVCs, sessions, and service groups.
Furthermore, this feature also enables you to control the bandwidth assigned to a node directly connected to a port as per the service agreement.
Restrictions and Usage Guidelines
Follow these restrictions and usage guidelines while configuring port level shaping concurrent with 4HQoS on an ES+ line card:
•
•
•
–
–
–
–
–
–
•
•
•
•
•
•
Note
Configuring Port Level Shaping Concurrent with 4HQoS on ES+
Complete these steps to configure port level shaping concurent with 4HQoS on an ES+ line card:
•
•
•
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
DETAILED STEPS
Example
This example displays port level shaping configuration on ES+ line card.
Router#enableRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#policy-map subrateRouter(config-pmap)#class class-defaultRouter(config-pmap-c)#Shape average 1000000Router(config-pmap-c)#interface gigabitethernet3/1Router(config-if)#Service-policy out subrateRouter(config-if)#endVerification
Use these commands to verify port level shaping configuration on ES+ line card:
Troubleshooting the Port Level Shaping Configuration
For information on troubleshooting, see Troubleshooting QoS on a ES+ Line Card.
Minimum Bandwidth Guarantee Plus Multiple Policy
The minimum bandwidth guarantee on the service groups plus multiple policy feature enables a user to configure a guaranteed minimum bandwidth at the service group level. This feature allows you to explicitly guarantee a minimum bandwidth for the subscribers in the service groups and implicitly for the subscribers without any service group on the same interface. Until release 15.0(1), absolute bandwidth is not supported for the policies applied on the service groups. Using this feature a user can configure a minimum bandwidth on a policy-map applied on the service groups. The remaining bandwidth is computed on each physical port by subtracting the sum of guaranteed bandwidths from the link rate. This remaining bandwidth is then allocated to the port-default entity that manages those service groups with no Quality of Service (QoS), and all the members that do not belong to any service group. Thus, providing a way to configure minimum bandwidth on the default node.
Note
Furthermore, this feature allows you to allocate a bandwidth share for these targets:
•
•
Note
Port Channel QoS Considerations
The QoS configuration is based on the load balancing mechanism configured on the port channel. If a port-channel is configured with non flow-based load-balancing, the sum of bandwidth of all the active links is considered as the total available bandwidth on the port-channel. In non flow-based load balancing, the service group QoS is installed on the link where the group is load balanced. When a port-channel is configured with flow-based load balancing, the service group QoS is replicated on all the active member links and the maximum bandwidth that can be guaranteed on a port channel is equal to the single link bandwidth.
Restrictions and Usage Guidelines
Follow these restrictions and usage guidelines when configuring minimum bandwidth guarantee on ES+ line cards:
•
•
•
•
•
•
•
•
•
•
Configuring Bandwidth Guarantee on a Service Group
You can configure minimum bandwidth guarantee on a service group on an ES+ line card in two ways:
•
•
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
DETAILED STEPS
Example
This example displays minimum bandwidth guarantee configuration by bandwidth rate:
Router>enableRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#policy-map 4g-bandwidth-policyRouter(config-pmap)#class class-defaultRouter(config-pmap-c)#bandwidth 4000000Router(config-pmap-c)#exitRouter(config-pmap)#exitRouter(config)#service-group 100Router(config-service-group)#service-policy output 4g-bandwidth-policyRouter(config-service-group)#int teng2/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encap dot1q 200Router(config-if-srv)#group 100Router(config-if-srv)#endThis example displays the minimum bandwidth guarantee configuration by percentage:Router>enableRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#policy-map 4g-bandwidth-policyRouter(config-pmap)#class class-defaultRouter(config-pmap-c)# bandwidth precent 20Router(config-pmap-c)#exitRouter(config-pmap)#exitRouter(config)#service-group 100Router(config-service-group)#service-policy output 4g-bandwidth-policyRouter(config-service-group)#int teng2/1Router(config-if)#service instance 100 ethernetRouter(config-if-srv)#encap dot1q 20Router(config-if-srv)#group 1Router(config-if-srv)#endVerification
Use these commands to verify minimum bandwidth guarantee on service groups configuration:
Troubleshooting the Minimum Bandwidth Guarantee Configuration
For information on troubleshooting, see Troubleshooting QoS on a ES+ Line Card.
Service Group QoS Support on the Cisco 7600 Series Router
A service group is a logical entity that allows you to group different interface types and apply features as a whole to the group. The interface types can be grouped under a service group and you can apply QoS policies on an aggregate basis for a number of interface types grouped under the service group.
In Cisco releases prior to 15.1(1)S, only Ethernet Virtual Circuits (EVCs) were supported as members of service groups. Effective from Cisco IOS release 15.1(1)S, sub interfaces and sessions on those sub interfaces are supported as members of a service group and you can group all these under the same service group. Service groups also support port channels with EVCs, sub interfaces or sessions.
Restrictions and Usage Guidelines
Follow these restrictions and guidelines while configuring a QoS service group on the Cisco 7600 series :
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
–
–
•
–
•
–
–
–
–
•
–
–
–
–
Note
Configuring Service Group QoS
Perform these steps to configure service group QoS.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
DETAILED STEPS
Examples
This example shows how to configure a service group with output service policy and attach a service instance to the service group.
Router# enableRouter# configure terminalRouter# policy-map p1Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# service-group 1Router(config-service-group)# service-policy output p1Router(config)# interface gigabitethernet 1/1Router(config-if)# service instance 101 ethernetRouter(config-if-srv)# group 1This example shows how to configure a service policy in egress direction and attach the access sub interface to the service group.
Router# enableRouter# configure terminalRouter# policy-map p2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# service-group 2Router(config-service-group)# service-policy output p2Router(config)# interface gigabitethernet 1/1.1 accessRouter(config-subif)# group 2Router(config-subif)# exitThis example shows how to apply a QoS policy to sessions and attach the service group to a sub interface where sessions are brought up.
Router# enableRouter# configure terminalRouter(config)# policy-map p3Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# service-group 3Router(config-service-group)# service-policy output p3Router(config)# policy-map p4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# policy-map type service hqos_dynamicRouter(config-service-policy-map)# service-policy output p4Router(config)# policy-map type control hqos_dynamic_controlRouter(config-control-policy-map)# class type control always event session-startRouter(config-control-policy-map-class-control)# 1 service-policy type service name hqos_dynamicRouter(config)# interface gigabit ethernet 1/1.1 accessRouter(config-subif)# service-policy type control hqos_dynamic_controlRouter(config-subif)# group 3Router(config-subif)# ip subscriber routedRouter(config-subscriber)# initiator unclassified ip-addressThis example shows how to configures a service group with an output service policy and attaches the service group to a port-channel EVC interface:
Router# enableRouter# configure terminalRouter# policy-map p5Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)#service-group 5Router(config-service-group)# service-policy output p5Router(config)# interface Port-channel 1Router(config-if)# service instance 1 ethernetRouter(config-if-srv)# group 5Router(config-if-srv)#exitThis example shows how to apply a QoS policy to sessions and attach the service group to a port-channel access sub interface where sessions are brought up.
Router# enableRouter# configure terminalRouter(config)# policy-map p3Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# service-group 3Router(config-service-group)# service-policy output p3Router(config)# policy-map p4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# poliy-map type service hqos_dynamicRouter(config-service-policy-map)# service-policy output p4Router(config)# poliy-map type control hqos_dynamic_controlRouter(config-control-policy-map)# class type control always event session-startRouter(config-control-policy-map-class-control)# 1 service-policy type service name hqos_dynamicRouter(config)# interface port-channel 1.1 accessRouter(config-subif)# service-policy type control hqos_dynamic_controlRouter(config-subif)# group 3Router(config-subif)# ip subscriber routedRouter(config-subscriber)# initiator unclassified ip-addressRouter(config-if-srv)#endVerification
Use these commands to verify the configuration.
Configuring Flexible Service Mapping Based on CoS and Ethertype
The Flexible Service Mapping based on CoS and Etherytpe feature enhances the current capability of mapping packets to service instance by allowing you to use CoS and Ethertypes to classify traffic into different service instances, thereby consuming a lesser number of VLANs on the module.
This feature adds the following capabilities for mapping to service instances:
•
•
•
•
–
–
–
•
•
•
•
Restrictions and Usage Guidelines
When configuring Flexible Service Mapping based on CoS and Ethertype, follow these restrictions and guidelines:
•
•
•
•
•
•
•
•
•
•
Summary Steps
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Supported Configurations
The following are the supported Ethertype and CoS configurations:
•
Router(config)#interface gigabitethernet 1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q vlan_id etype etype string•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q vlan id second-dot1q vlan id etype etype string•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 10 etype ipv4Router(config-if-srv)#exitRouter(config-if)#service instance 2 ethernetRouter(config-if-srv)#encapsulation dot1q 10 etype ipv6Router(config-if-srv)#exitRouter(config-if)#service instance 3 ethernetRouter(config-if-srv)#encapsulation dot1q 10 etype pppoe-all•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 11-15 etype ipv4Router(config-if-srv)#exitRouter(config-if)#service instance 2 ethernetRouter(config-if-srv)#encapsulation dot1q 11-15 etype ipv6Router(config-if-srv)#exitRouter(config-if)#service instance 3 ethernetRouter(config-if-srv)#encapsulation dot1q 11-15 etype pppoe-all•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 1001 etype ipv4Router(config-if-srv)#exitRouter(config-if)#service instance 2 ethernetRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 1001 etype ipv6Router(config-if-srv)#exitRouter(config-if)#service instance 3 ethernetRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 1001 etype pppoe-all•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 11-15 etype ipv4Router(config-if-srv)#exitRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 11-15 etype ipv6Router(config-if-srv)#exitRouter(config-if-srv)#encapsulation dot1q 10 second-dot1q 11-15 etype pppoe-all•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id cos single cos valueRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id cos list/range of cos valuesRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q list/range of vlan ids cos single cos value•
Router(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan _id second-dot1q single vlan id cos single cos valueRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id second-dot1q single vlan_id cos list/range of cos_valuesRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id second-dot1q list/range of vlan_ids cos single cos_valueRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id cos single cos_value second-dot1q single vlan_idRouter(config)#interface gigabitethernet 1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id cos list/range of cos_values second-dot1q single vlan idRouter(config)#interface gigabitethernet1/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q single vlan_id cos single cos_value second-dot1q list/range of vlan_idsExamples
The following example displays EVCs with encap dot1q and CoS under bridge-domain.
Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface gigabitethernet3/1Router(config-if)#no shutRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 100 cos 5Router(config-if-srv)#bridge-domain 202Router(config-if-srv)#interface gigabitethernet3/2Router(config-if)#no shutRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 100 cos 5Router(config-if-srv)#bridge-domain 202Router(config-if-srv)#endRouter#Router#Router#show bridge-domain 202Bridge-domain 202 (2 ports in all)State: UP Mac learning: EnabledGigabitEthernet3/1 service instance 1GigabitEthernet3/2 service instance 1The following example shows EVC with encap dot1q and ethertype ipv4 with bridge-domain.
Router(config)#interface gigabitethernet 3/1Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 100 etype ipv4Router(config-if-srv)#bridge-domain 202Router(config-if-srv)#interface gigabitethernet 3/2Router(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 100 etype ipv4Router(config-if-srv)#bridge-domain 202Router(config-if-srv)#Router(config-if-srv)# endRouter#Router#Router#show bridge-domain 202Bridge-domain 202 (2 ports in all)State: UP Mac learning: EnabledGigabitEthernet3/1 service instance 1GigabitEthernet3/2 service instance 1The following is an example of local connect.
Router(config)#interface TenGigabitEthernet2/3Router(config-if)#no ip addressRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 2 second-dot1q 2-3 cos 5Router(config)#interface TenGigabitEthernet2/4Router(config-if)#no ip addressRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 2 second-dot1q 2-3 cos 5Router(config-if-srv)#connect local1 te2/3 1 te2/4 1The following is an example of xconnect.
Router(config)#interface TenGigabitEthernet2/3Router(config-if)#no ip addressRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 2 second-dot1q 2-3 cos 5Router(config-if-srv)#xconnect 75.1.1.5 10000 encapsulation mpls!Router(config-if-srv)#endThe peer side router configuration is below:
Router(config)#interface GigabitEthernet3/0/14Router(config-if)#no ip addressRouter(config-if)#service instance 1 ethernetRouter(config-if-srv)#encapsulation dot1q 2 second-dot1q 2-3 cos 5Router(config-if-srv)#xconnect 75.1.1.1 10000 encapsulation mpls!Router(config-if-srv)#endVerification
Use the following commands to verify operation.
Egress QoS Scheduling on Port Channel Interfaces
A port channel is an aggregation of individual ethernet links to form a single logical link. Queuing and scheduling is used as a congestion management technique to prioritize selected data traffic while implementing QoS. In Cisco IOS releases prior to 15.1(2)S, queuing and scheduling in egress on a port channel interface or subinterface was not supported, and port channel QoS was implemented using port-channel member link QoS. Effective from Cisco IOS release 15.1(2)S, egress queuing on port channel interfaces or subinterfaces is supported on the Cisco 7600 ES+ line cards.
Restrictions and Usage Guidelines
Follow these restrictions and guidelines while configuring Egress QoS scheduling on port channel interfaces:
•
–
–
–
–
–
•
•
•
•
•
•
•
•
Configuring Egress QoS Scheduling on Port Channel Interfaces
Complete these steps to configure Egress QoS scheduling.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Detailed Steps
ExamplesThis example shows how to configure egress QoS scheduling on a port channel main interface.
Router# enableRouter# configure terminalRouter# policy-map p1Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# interface Port-channel 1Router(config-if)# no ip addressRouter(config-if)# service-policy output p1Router(config)# exit
This example shows how to configure egress QoS scheduling on a port channel subinterface.
Router# enableRouter# configure terminalRouter# policy-map p2Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# interface Port-channel 200.1Router(config-subif)# encapsulation dot1q 200Router(config-subif)# ip address 100.1.1.1 255.0.0.0Router(config-if)# service-policy output p2Router(config)# exit
This example shows how to configure egress QoS scheduling on a port channel access subinterface.
Router# enableRouter# configure terminalRouter# policy-map p3Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# interface Port-channel 200.1 accessRouter(config-subif)# encapsulation dot1q 200Router(config-subif)# ip address 100.1.1.1 255.0.0.0Router(config-if)# service-policy output p3Router(config)# exit
This example shows how to configure egress QoS scheduling on a port channel subinterface with service group.
Router# enableRouter# configure terminalRouter# policy-map p4Router(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config)# service-group 2Router(config-service-group)# service-policy output p4Router(config)# interface Port-channel 200.1Router(config-subif)# encapsulation dot1q 200Router(config-subif)# ip address 100.1.1.1 255.0.0.0Router(config-subif)# group 2Router(config)# exit
Verification
Use these commands to verify the egress QoS scheduling on a port channel interface.
Troubleshooting Egress QoS Scheduling on a Port Channel Interface
For information on troubleshooting, see Troubleshooting QoS on a ES+ Line Card.
Layer 2 and Layer 3 QoS ACL Classification for EVC
Classification is the separation of packets into traffic classes. Using classification, you can partition network traffic into multiple priority levels or classes of service. Once the classification criteria is defined, the traffic that matches the classification criteria is then subjected to the QoS service policy you apply to the interface. The QoS policy specifies the actions and rules to apply to packets belonging to a particular traffic class.
Ethernet Virtual Connection (EVC) is the primary component used in the deployment of the carrier ethernet technology. Before Cisco IOS release 15.1(2)S, service policies configured under EVCs were classified only using layer 2 MAC access control lists (ACL). Effective from Cisco IOS release 15.1(2)S, applying service policies with layer 2, layer 3 or layer 4 ACLs to EVCs are supported.
Restrictions and Usage Guidelines
Follow these restrictions and guidelines while configuring layer 2 and layer 3 QoS ACL classification:
•
–
–
–
•
•
•
•
•
–
–
–
–
–
–
–
–
–
•
•
•
•
Configuring Layer 2 and Layer 3 QoS ACL Classification
Complete these steps to configure the layer 2 and layer 3 QoS ACL classification feature.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Detailed Steps
Examples
This example shows how to configure the layer 2 and layer 3 QoS ACL classification on a gigabit ethernet interface using a named layer 3 or 4 access control list.
Router# enableRouter# configure terminalRouter(config)# ip access-list extended l3_l4aclRouter(config-ext-nl3-l4acl)# 10 permit ip 0.0.0.1 255.255.0.0 any dscp 32Router# class-map l3_l4aclRouter(config-cmap)# match access-group name l3_l4aclRouter# policy-map p1Router(config-pmap)# class l3_l4aclRouter(config)# interface gigabitethernet 1/2Router(config-if)# no ip addressRouter(config-if)# service-instance 1 ethernetRouter(config-if-srv)# service-policy output p1Router(config)# exit
This example shows how to configure layer 2 and layer 3 QoS ACL classification using a numbered layer 3 or 4 access control list.
Router# enableRouter# configure terminalRouter(config)# ip access-list extended 121Router(config-ext-nacl)# 10 permit ip 0.0.0.1 255.255.0.0 any dscp 32Router# class-map 121Routeer(config-cmap)# match access-group 121Router# policy-map p2Router(config-pmap)# class 121Router(config)# interface gigabitethernet 1/3Router(config-if)# no ip addressRouter(config-if)# service-instance 1 ethernetRouter(config-if-srv)# service-policy output p2Router(config)# exit
This example shows how to configure layer 2 and layer 3 QoS ACL classification using a named layer 2 access control list.
Router# enableRouter# configure terminalRouter(config)# MAC access-list extended l2aclRouter(config-ext-nacl)# permit 2222.33ef.0000.0000.ffff any cos 2Router# class-map l2aclRouter(config-cmap)# match access-group name l2aclRouter# policy-map p3Router(config-pmap)# class l2aclRouter(config)# interface gigabitethernet 1/2Router(config-if)# no ip addressRouter(config-if)# service instance 1 ethernetRouter(config-if-srv)# service-policy output p3Router(config)# exit
Verification
Use these commands to verify the layer 2 and layer 3 QoS ACL classification feature.
Troubleshooting Layer 2 and Layer 3 QoS ACL Classification
For troubleshooting information, see Troubleshooting QoS on a ES+ Line Card.
Deny ACL QoS Classification
Access Control Lists (ACL) are used to filter data traffic based on a filtering criteria configured on the router interface. Data packets are matched to the criteria specified in the ACLs and traffic is either allowed or denied. When deny ACLs are configured under a class map, the packets that match the ACLs are not classified under that class but classified in the remaining classes depending on the class-map configuration.
Effective from Cisco IOS release 15.1(3)S, deny ACL QoS classification is supported on the Cisco 7600 ES+ line cards, and Access Control Entries (ACEs) configured with a deny action are considered for traffic classification.
Restrictions and Usage Guidelines
Follow these restrictions and guidelines while configuring deny ACL QoS classification:
•
•
–
–
–
•
•
•
Configuring Deny ACL QoS Classification
Complete these steps to configure the deny ACL QoS classification feature.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
Detailed Steps
Examples
This example shows how to configure deny ACL QoS classification on an EVC interface using a numbered access control list.
Router# enableRouter# configure terminalRouter(config)# ip access-list extended 102Router(config-ext-nacl)# deny ip 200.1.1.0 0.0.0.255 anyRouter(config)# class-map c1Router(config-cmap)# match access-group 102Router(config)# policy-map p1Router(config-pmap)# class c1Router(config)# interface gigabitethernet 1/2Router(config-if)# no ip addressRouter(config-if)# service-instance 1 ethernetRouter(config-if-srv)# service-policy output p1Router(config-if-srv)# encapsulation dot1q 100Router(config-if-srv)# bridge-domain 10Router(config-if-srv)# endVerification
Use these commands to verify the deny ACL QoS classification feature.
Troubleshooting Deny ACL QoS Classification
For troubleshooting information, see Troubleshooting QoS on a ES+ Line Card.
Ingress HQoS for Port Channel Interfaces
A port channel is an aggregation of individual ethernet links to form a single logical link. Queuing and scheduling is used as a congestion management method to prioritize the selected data traffic while implementing QoS. Effective with Cisco IOS release 15.3(1)S, ingress queuing and scheduling is supported on port channel interfaces of the Cisco 7600 ES+ line cards.
Restrictions
Following restrictions apply to ingress QoS on port channel interfaces:
•
–
–
–
–
–
•
•
•
•
•
•
Configuring Ingress HQoS on Port Channel Interfaces
Complete these steps to configure ingress QoS on a port channel interface.
Summary Steps
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Detailed Steps
Configuration ExamplesThis example shows how to configure ingress HQoS on a port channel main interface.
Router# enableRouter# configure terminalRouter# policy-map childRouter(config-pmap)# class class1Router(config-pmap-c)# bandwidth 2000Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter# policy-map parentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# service-policy childRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface Port-channel 1Router(config-if)# service-policy input parentRouter(config)# end
This example shows how to configure ingress HQoS on a port channel subinterface.
Router# enableRouter# configure terminalRouter# policy-map childRouter(config-pmap)# class class1Router(config-pmap-c)# bandwidth 3000Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter# policy-map parentRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape average 100000000Router(config-pmap-c)# service-policy childRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface Port-channel 200.1Router(config-subif)# service-policy input parentRouter(config)# end
Verifying Ingress HQoS
Use these commands to verify the ingress HQoS on a port channel interface.
Troubleshooting QoS on a ES+ Line Card
Table 7-13 lists some of the troubleshooting scenarios for a ES+ line card.
Table 7-13 Troubleshooting Scenarios for QoS in a ES+ Line Card
Non-functional classification and marking on an ES+ interface.
Use the show tcam interface interface qos type1/type2 ip detail (type1 is for input policy, type2 for output policy) command to verify that the classification hardware parameters are configured correctly and packets are relayed to the right class as shown in this example:
Router#
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config
)#
Router(config
)#
Router(config
)#
3/1
Router(config-if)#
Router(config-if)#
Router>
Router#
Enter configuration commands, one per line. End with CNTL/Z.0 -- --- 0-0 <-
Router(config)#0 <-R rslt: 1D29C700 <-
{ in the abouve output, "<-" indicates which class the packets being classified to. }
2) Do do an elam capture and check the the QoS values received and re-written to.
Elam can capture data coming from the Constellation Data Bus interface (DBUS), partial results coming from the L3 Forwarding Engine (Tycho), and final results transmitted on the Constellation Result Bus (RBUS).
Following are the commands to use the elam.
1. Select slot on which to run elam: show platform capture elam asic <sup/tyco> slot <slot no>
2. Set the trigger for packets of interest:show platform capture elam trigger <intersted fields of the packets such as vlan id, source and destination IP, source index, etc>
3. Start the Elam capture: show platform capture elam start
4. Show the status of Elam: show platform capture elam status
5. Show the captured Elam data: show platform capture elam data
Weneed to repeat the above steps for both dbus as well as rbus captures .
show platform capture elam help
* Return a brief help that reminds how to use the ELAM commands
Note
•
•
–
–
–
–
–
–
–
Service group issues
Use the show run service-group, show service group details, show service group statistics command to display the policy-map applied to service-group, policy-map applied on service-group along with the members of the service-group, and the output of the number of service-groups configured. Share the output with TAC for troubleshooting.
QoS policy map configured on port-channel interface is non- functional
Check the following commands on the route processor:
•
•
–
–
–
•
•
Traffic statistic issues in service instances and service groups
Use the show ethernet service instance stat and show service-group traffic-stats commands to troubleshoot traffic issues in service instances and groups. If the issue persists, contact TAC.
Service-group traffic statistics issue
Use the clear service-group traffic-stats command to clear redundant traffic statistics. If the issue persists, contact TAC.
Incorrect QoS rates on EVCs and service group issues
•
•
QoS service policy on a suspend mode
The policy moves to a suspension mode when there are no member links attached to it. Use the show etherchannel summary command to check member links attached to it and their status. If the issue persists, contact TAC.
Router(config-pmap)#
Router(config-pmap-c)#
Router(config-pmap-c)#
Router(config-pmap)#
Router(config)#
Router(config-service-group)#
Router(config-service-group)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router>
Router#
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config-pmap)#
Router(config-pmap-c)#
Router(config-pmap)#Troubleshooting policing issues on the port-channel for member links across a network processor
On the ES+ line card, policing is performed per NP (Network Processor) aggregate basis. For example, if 100M policer is configured on PC sub-targets and if there are 2 member-links spread across 2 different Network Processors (NPs), traffic from both the member-links are policed to 200M and not 100M. If the issue persists, contact TAC.
Queuing issues
Use the show policy map interface command to view the queuing details, shaping, bandwidth, queue limit and WRED values, that has all these and highlight the queuing, bandwidth parameters.
Rate counters are not accurate
•
Traffic classified incorrectly
•
•
•
Router#sh tcam interface gig10/1 qos type1 ip detail* Global Defaults sharedDPort - Destination Port SPort - Source Port TCP-F - U -URG Pro - ProtocolI - Inverted LOU TOS - TOS Value - A -ACK rtr - RouterMRFM - M -MPLS Packet TN - T -Tcp Control - P -PSH COD - C -Bank Care Flag- R -Recirc. Flag - N -Non-cachable - R -RST - I -OrdIndep. Flag- F -Fragment Flag CAP - Capture Flag - S -SYN - D -Dynamic Flag- M -More Fragments F-P - FlowMask-Prior. - F -FIN T - V(Value)/M(Mask)/R(Result)X - XTAG (*) - Bank PriorityInterface: 1018 label: 513 lookup_type: 1protocol: IP packet-type: 0|T|Index| Dest Ip Addr | Source Ip Addr| DPort | SPort | TCP-F |Pro|MRFM|X|TOS|TN|COD|F-P|V 36828 0.0.0.0 0.0.0.0 P=0 P=0 ------ 0 ---- 0 0 -- --- 0-0<-M 36836 0.0.0.0 0.0.0.0 0 0 ------ 0 X--- 0 0<-
Router(config)#<-
Router(config-service-group)#
Router(config-service-group)#
Router(config-if)#
Note
Excessive drops in packets
•
•
•
•
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-pmap-c)# shape average 10000000
Router(config)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#<<< drops due to bandwidth over subscription
1/1
Router(config-if)#<<<< bandwidth configured in the policy-map
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1(queue depth/total drops/no-buffer drops) 0/0/0 <<< drops due to shaper
Router(config-if)#
Router(config-if-srv)#target shape rate 100000000 <<< shaper configured in the policy-map by the user
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config)#
1/1<<< wred packet/bytes counts and threshold values
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#shaper configured in the policy-map by the userBandwidth not met
Check if the queue limits are configured right.
Based on this example, check if the bandwidth and priority class has been configured correctly.
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#
Router(config)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#
1/1
Router(config-if)#
Router(config-if-srv)#!
Router#
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
3/1
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
3/2
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router#
Router#
Router#
Bridge-domain 202 (2 ports in all)<<< drops due to bandwidth over subscription
State: UP Mac learning: Enabled
GigabitEthernet3/1 service instance 1<<<< bandwidth configured in the policy-mapDebug QoS policing traffic issues in EARL
•
•
Warning
•
•
Microflow policing issues
•
•
GigabitEthernet3/2 service instance 1
Router(config)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)# endPolicer not receiving the packets
Use the sh mls qos [ip|mpls|ipv6|arp] and sh policy-map interface commands to confirm if the policer receives the packets. If not, share the output information with TAC to troubleshoot line card issues.
Incorrect QoS ACLs in TCAM
•
Expected CIR/PIR rate not reached
1.
2.
3.
Egress packet drop issues
•
•
•
Non-functional classification and marking on an ES+ interface.
Use the show tcam interface interface qos type1/type2 ip detail (type1 is for input policy, type2 for output policy) command to verify that the classification hardware parameters are configured correctly and packets are relayed to the right class as shown in this example:
Router#
Router#
Router#
Bridge-domain 202 (2 ports in all)
State: UP Mac learning: Enabled
GigabitEthernet3/1 service instance 1
GigabitEthernet3/2 service instance 1
Router(config)#
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#
Router(config)#
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#0 -- --- 0-0 <-
Router(config-if-srv)#0 <-R rslt: 1D29C700 <-
{ in the abouve output, "<-" indicates which class the packets being classified to. }
2) Do do an elam capture and check the the QoS values received and re-written to.
Elam can capture data coming from the Constellation Data Bus interface (DBUS), partial results coming from the L3 Forwarding Engine (Tycho), and final results transmitted on the Constellation Result Bus (RBUS).
Following are the commands to use the elam.
1. Select slot on which to run elam: show platform capture elam asic <sup/tyco> slot <slot no>
2. Set the trigger for packets of interest:show platform capture elam trigger <intersted fields of the packets such as vlan id, source and destination IP, source index, etc>
3. Start the Elam capture: show platform capture elam start
4. Show the status of Elam: show platform capture elam status
5. Show the captured Elam data: show platform capture elam data
Weneed to repeat the above steps for both dbus as well as rbus captures .
show platform capture elam help
* Return a brief help that reminds how to use the ELAM commands
Note
•
•
–
–
–
–
–
–
–
Service group issues
Use the show run service-group, show service group details, show service group statistics command to display the policy-map applied to service-group, policy-map applied on service-group along with the members of the service-group, and the output of the number of service-groups configured. Share the output with TAC for troubleshooting.
QoS policy map configured on port-channel interface is non- functional
Check the following commands on the route processor:
•
•
–
–
–
•
•
Traffic statistic issues in service instances and service groups
Use the show ethernet service instance stat and show service-group traffic-stats commands to troubleshoot traffic issues in service instances and groups. If the issue persists, contact TAC.
Service-group traffic statistics issue
Use the clear service-group traffic-stats command to clear redundant traffic statistics. If the issue persists, contact TAC.
Incorrect QoS rates on EVCs and service group issues
•
•
QoS service policy on a suspend mode
The policy moves to a suspension mode when there are no member links attached to it. Use the show etherchannel summary command to check member links attached to it and their status. If the issue persists, contact TAC.
Router(config)#
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config)#
Router(config-if)#
Router(config-if)#
Router(config-if-srv)#
Router(config-if-srv)#
Router(config-if-srv)#
Router#sh tcam interface gig10/1 qos type1 ip detail
* Global Defaults not shared
DPort - Destination Port SPort - Source Port TCP-F - U -URG Pro - Protocol
I - Inverted LOU TOS - TOS Value - A -ACK rtr - Router
MRFM - M -MPLS Packet TN - T -Tcp Control - P -PSH COD - C -Bank Care Flag
- R -Recirc. Flag - N -Non-cachable - R -RST - I -OrdIndep. FlagTroubleshooting policing issues on the port-channel for member links across a network processor
On the ES+ line card, policing is performed per NP (Network Processor) aggregate basis. For example, if 100M policer is configured on PC sub-targets and if there are two member-links spread across two different NPs, traffic from both the member-links are policed to 200M and not 100M. If the issue persists, contact TAC.
Queuing issues
Use the show policy map interface command to view the queuing details, shaping, bandwidth, queue limit and WRED values that has all these and highlight the queuing, bandwidth parameters.
