Catalyst 6500 Release 12.2SXF and Rebuilds Software Configuration Guide - Configuring PFC3BXL or PFC3B Mode MPLS QoS [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Configuring PFC3BXL or PFC3B Mode MPLS QoS

Terminology

PFC3BXL or PFC3B Mode MPLS QoS Features

MPLS Experimental Field

Trust

Classification

Policing and Marking

Preserving IP ToS

EXP Mutation

MPLS DiffServ Tunneling Modes

PFC3BXL or PFC3B Mode MPLS QoS Overview

Specifying the QoS in the IP Precedence Field

PFC3BXL or PFC3B Mode MPLS QoS

LERs at the Input Edge of an MPLS Network

LSRs in the Core of an MPLS Network

LERs at the Output Edge of an MPLS Network

Understanding PFC3BXL or PFC3B Mode MPLS QoS

LERs at the EoMPLS Edge

Ethernet to MPLS

MPLS to Ethernet

LERs at the IP Edge (MPLS, MPLS VPN)

IP to MPLS

MPLS to IP

MPLS VPN

LSRs at the MPLS Core

MPLS to MPLS

PFC3BXL or PFC3B MPLS QoS Default Configuration

MPLS QoS Commands

PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines

Configuring PFC3BXL or PFC3B Mode MPLS QoS

Enabling QoS Globally

Enabling Queueing-Only Mode

Restrictions and Usage Guidelines

Configuring a Class Map to Classify MPLS Packets

Restrictions and Usage Guidelines

Configuring the MPLS Packet Trust State on Ingress Ports

Restrictions and Usage Guidelines

Configuring a Policy Map

Configuring a Policy Map to Set the EXP Value on All Imposed Labels

Configuring a Policy Map Using the Police Command

Displaying a Policy Map

Displaying a PFC3BXL or PFC3B Mode MPLS QoS Policy Map Class Summary

Displaying the Configuration of All Classes

Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation

Configuring Named EXP Mutation Maps

Attaching an Egress EXP Mutation Map to an Interface

Configuring EXP Value Maps

Configuring an Ingress-EXP to Internal-DSCP Map

Configuring a Named Egress-DSCP to Egress-EXP Map

MPLS DiffServ Tunneling Modes

Short Pipe Mode

Short Pipe Mode Restrictions and Guidelines

Uniform Mode

Uniform Mode Restrictions and Guidelines

MPLS DiffServ Tunneling Restrictions and Usage Guidelines

Configuring Short Pipe Mode

Ingress PE Router—Customer Facing Interface

Configuring Ingress PE Router—P Facing Interface

Configuration Example

Configuring the P Router—Output Interface

Configuration Example

Configuring the Egress PE Router—Customer Facing Interface

Configuration Example

Configuring Uniform Mode

Configuring the Ingress PE Router—Customer Facing Interface

Configuration Example

Configuring the Ingress PE Router—P Facing Interface

Configuring the Egress PE Router—Customer Facing Interface

Configuring PFC3BXL or PFC3B Mode MPLS QoS

This chapter describes how to configure PFC3BXL or PFC3B mode Multiprotocol Label Switching (MPLS) quality of service (QoS) on the Catalyst 6500 series switches.

Note•For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS Master Command List, Release 12.2SX at this URL:

•http://www.cisco.com/en/US/docs/ios/mcl/122sxmcl/12_2sx_mcl_book.html PFC3BXL or PFC3B mode MPLS QoS extends to MPLS traffic the PFC QoS features described in Chapter 41, "Configuring PFC QoS."

•This chapter provides supplemental information on PFC3BXL or PFC3B mode MPLS QoS features. Be sure that you understand the PFC QoS features before you read this chapter.

•All policing and marking available for PFC3BXL or PFC3B mode MPLS QoS are managed from the modular QoS command-line interface (CLI). The modular QoS CLI (MQC) is a command-line interface that allows you to define traffic classes, create and configure traffic policies (policy maps), and then attach those traffic policies to interfaces. A detailed description of the modular QoS CLI can be found in the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 at this URL:

http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/fqos_c.html

This chapter contains these sections:

•Terminology

•PFC3BXL or PFC3B Mode MPLS QoS Features

•PFC3BXL or PFC3B Mode MPLS QoS Overview

•PFC3BXL or PFC3B Mode MPLS QoS

•Understanding PFC3BXL or PFC3B Mode MPLS QoS

•PFC3BXL or PFC3B MPLS QoS Default Configuration

•MPLS QoS Commands

•PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines

•Configuring PFC3BXL or PFC3B Mode MPLS QoS

•MPLS DiffServ Tunneling Modes

•Configuring Short Pipe Mode

•Configuring Uniform Mode

Terminology

This section defines some MPLS QoS terminology:

•Class of Service (CoS) refers to three bits in either an Inter-Switch Link (ISL) header or an 802.1Q header that are used to indicate the priority of the Ethernet frame as it passes through a switched network. The CoS bits in the 802.1Q header are commonly referred to as the 802.1p bits. To maintain QoS when a packet traverses both Layer 2 and Layer 3 domains, the type of service (ToS) and CoS values can be mapped to each other.

•Classification is the process used for selecting traffic to be marked for QoS.

•Differentiated Services Code Point (DSCP) is the first six bits of the ToS byte in the IP header. DSCP is only present in an IP packet.

•E-LSP is a label switched path (LSP) on which nodes infer the QoS treatment for MPLS packets exclusively from the experimental (EXP) bits in the MPLS header. Because the QoS treatment is inferred from the EXP (both class and drop precedence), several classes of traffic can be multiplexed onto a single LSP (use the same label). A single LSP can support up to eight classes of traffic because the EXP field is a 3-bit field. The maximum number of classes would be less after reserving some values for control plane traffic or if some of the classes have a drop precedence associated with them.

•EXP bits define the QoS treatment (per-hop behavior) that a node should give to a packet. It is the equivalent of the DiffServ Code Point (DSCP) in the IP network. A DSCP defines a class and drop precedence. The EXP bits are generally used to carry all the information encoded in the IP DSCP. In some cases, however, the EXP bits are used exclusively to encode the dropping precedence.

•Frames carry traffic at Layer 2. Layer 2 frames carry Layer 3 packets.

•IP precedence is the three most significant bits of the ToS byte in the IP header.

•QoS tags are prioritization values carried in Layer 3 packets and Layer 2 frames. A Layer 2 CoS label can have a value ranging between zero for low priority and seven for high priority. A Layer 3 IP precedence label can have a value ranging between zero for low priority and seven for high priority. IP precedence values are defined by the three most significant bits of the 1-byte ToS byte. A Layer 3 DSCP label can have a value between 0 and 63. DSCP values are defined by the six most significant bits of the 1-byte IP ToS field.

•LERs (label edge routers) are devices that impose and dispose of labels upon packets; also referred to as Provider Edge (PE) routers.

•LSRs (label switching routers) are devices that forward traffic based upon labels present in a packet; also referred to as Provider (P) routers.

•Marking is the process of setting a Layer 3 DSCP value in a packet. Marking is also the process of choosing different values for the MPLS EXP field to mark packets so that they have the priority that they require during periods of congestion.

•Packets carry traffic at Layer 3.

•Policing is limiting bandwidth used by a flow of traffic. Policing can mark or drop traffic.

PFC3BXL or PFC3B Mode MPLS QoS Features

QoS enables a network to provide improved service to selected network traffic. This section explains the following PFC3BXL or PFC3B mode MPLS QoS features, which are supported in an MPLS network:

•MPLS Experimental Field

•Trust

•Classification

•Policing and Marking

•Preserving IP ToS

•EXP Mutation

•MPLS DiffServ Tunneling Modes

MPLS Experimental Field

Setting the MPLS experimental (EXP) field value satisfies the requirement of service providers who do not want the value of the IP precedence field modified within IP packets transported through their networks.

By choosing different values for the MPLS EXP field, you can mark packets so that packets have the priority that they require during periods of congestion.

By default, the IP precedence value is copied into the MPLS EXP field during imposition.You can mark the MPLS EXP bits with a PFC3BXL or PFC3B mode MPLS QoS policy.

Trust

For received Layer 3 MPLS packets, the PFC3BXL or PFC3B usually trusts the EXP value in the received topmost label. None of the following have any effect on MPLS packets:

•Interface trust state

•Port CoS value

•Policy-map trust command

For received Layer 2 MPLS packets, the PFC3BXL or PFC3B can either trust the EXP value in the received topmost label or apply port trust or policy trust to the MPLS packets for CoS and egress queueing purposes.

Classification

Classification is the process that selects the traffic to be marked. Classification accomplishes this by partitioning traffic into multiple priority levels, or classes of service. Traffic classification is the primary component of class-based QoS provisioning. The PFC3BXL or PFC3B make classification decisions based on the EXP bits in the received topmost label of received MPLS packets (after a policy is installed). See the "Configuring a Class Map to Classify MPLS Packets" section for information.

Policing and Marking

Policing causes traffic that exceeds the configured rate to be discarded or marked down to a higher drop precedence. Marking is a way to identify packet flows to differentiate them. Packet marking allows you to partition your network into multiple priority levels or classes of service.

The PFC3BXL or PFC3B mode MPLS QoS policing and marking features that you can implement depend on the received traffic type and the forwarding operation applied to the traffic. See "Configuring a Policy Map" section for information.

Preserving IP ToS

The PFC3BXL or PFC3B automatically preserves the IP ToS during all MPLS operations including imposition, swapping, and disposition.You do not need to enter a command to save the IP ToS.

EXP Mutation

You can configure up to eight egress EXP mutation maps to mutate the internal EXP value before it is written as the egress EXP value. You can attach egress EXP mutation maps to these interface types:

•Optical service module (OSM) ports

•LAN or OSM port subinterfaces

•Layer 3 VLAN interfaces

•Layer 3 LAN ports

You cannot attach EXP mutation maps to these interface types:

•Layer 2 LAN ports (switchports)

•FlexWAN ports or subinterfaces

For configuration information, see the"Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation" section.

MPLS DiffServ Tunneling Modes

The PFC3BXL or PFC3B uses MPLS DiffServ tunneling modes. Tunneling provides QoS transparency from one edge of a network to the other edge of the network. See the "MPLS DiffServ Tunneling Modes" section for information.

PFC3BXL or PFC3B Mode MPLS QoS Overview

PFC3BXL or PFC3B mode MPLS QoS enables network administrators to provide differentiated types of service across an MPLS network. Differentiated service satisfies a range of requirements by supplying for each transmitted packet the service specified for that packet by its QoS. Service can be specified in different ways, for example, using the IP precedence bit settings in IP packets.

Specifying the QoS in the IP Precedence Field

When you send IP packets from one site to another, the IP precedence field (the first three bits of the DSCP field in the header of an IP packet) specifies the QoS. Based on the IP precedence marking, the packet is given the treatment configured for that quality of service. If the service provider network is an MPLS network, then the IP precedence bits are copied into the MPLS EXP field at the edge of the network. However, the service provider might want to set QoS for an MPLS packet to a different value determined by the service offering.

In that case, the service provider can set the MPLS EXP field. The IP header remains available for the customer's use; the QoS of an IP packet is not changed as the packet travels through the MPLS network.

For more information, see the "MPLS DiffServ Tunneling Modes" section.

PFC3BXL or PFC3B Mode MPLS QoS

This section describes how PFC3BXL or PFC3B mode MPLS QoS works.

Figure 42-1 shows an MPLS network of a service provider that connects two sites of a customer network.

Figure 42-1 MPLS Network Connecting Two Sites of a Customer's IP Network

The network is bidirectional, but for the purpose of this document the packets move left to right.

In Figure 42-1, the symbols have the following meanings:

•CE1—Customer equipment 1

•PE1—Service provider ingress label edge router (LER)

•P1—Label switch router (LSR) within the core of the network of the service provider

•P2—LSR within the core of the network of the service provider

•PE2—service provider egress LER

•CE2—Customer equipment 2

Note PE1 and PE2 are at the boundaries between the MPLS network and the IP network.

These sections describe LER and LSR operation in an MPLS network.

•LERs at the Input Edge of an MPLS Network

•LSRs in the Core of an MPLS Network

•LERs at the Output Edge of an MPLS Network

Note The QoS capabilities at the input interface differ depending on whether the input interface is a LAN port, a WAN port on an OSM, or a port adapter on a FlexWAN or Enhanced FlexWAN module. This section is for LAN ports. For information on OSMs, see the OSM Configuration Note, 12.2SX. For information on a FlexWAN or Enhanced FlexWAN module, see the FlexWAN and Enhanced FlexWAN Installation and Configuration Note.

LERs at the Input Edge of an MPLS Network

Note Incoming labels are aggregate or nonaggregate. The aggregate label indicates that the arriving MPLS or MPLS VPN packet must be switched through an IP lookup to find the next hop and the outgoing interface. The nonaggregate label indicates that the packet contains the IP next hop information.

This section describes how edge LERs can operate at either the ingress or the egress side of an MPLS network.

At the ingress side of an MPLS network, LERs process packets as follows:

1. Layer 2 or Layer 3 traffic enters the edge of the MPLS network at the edge LER (PE1).

2. The PFC3BXL or PFC3B receives the traffic from the input interface and uses the 802.1p bits or the IP ToS bits to determine the EXP bits and to perform any classification, marking, and policing. For classification of incoming IP packets, the input service policy can also use access control lists (ACLs).

3. For each incoming packet, the PFC3BXL or PFC3B performs a lookup on the IP address to determine the next-hop router.

4. The appropriate label is pushed (imposition) into the packet, and the EXP value resulting from the QoS decision is copied into the MPLS EXP field in the label header.

5. The PFC3BXL or PFC3B forwards the labeled packets to the appropriate output interface for processing.

6. The PFC3BXL or PFC3B also forwards the 802.1p bits or the IP ToS bits to the output interface.

7. At the output interface, the labeled packets are differentiated by class for marking or policing. For LAN interfaces, egress classification is still based on IP, not on MPLS.

8. The labeled packets (marked by EXP) are sent to the core MPLS network.

LSRs in the Core of an MPLS Network

This section describes how LSRs used at the core of an MPLS network process packets:

1. Incoming MPLS-labeled packets (and 802.1p bits or IP ToS bits) from an edge LER (or other core device) arrive at the core LSR.

2. The PFC3BXL or PFC3B receives the traffic from the input interface and uses the EXP bits to perform classification, marking, and policing.

3. The PFC3BXL or PFC3B performs a table lookup to determine the next-hop LSR.

4. An appropriate label is placed (swapped) into the packet and the MPLS EXP bits are copied into the label header.

5. The PFC3BXL or PFC3B forwards the labeled packets to the appropriate output interface for processing.

6. The PFC3BXL or PFC3B also forwards the 802.1p bits or the IP ToS bits to the output interface.

7. The outbound packet is differentiated by the MPLS EXP field for marking or policing.

8. The labeled packets (marked with EXP) are sent to another LSR in the core MPLS network or to an LER at the output edge.

Note Within the service provider network, there is no IP precedence field for the queueing algorithm to use because the packets are MPLS packets. The packets remain MPLS packets until they arrive at PE2, the provider edge router.

LERs at the Output Edge of an MPLS Network

At the egress side of an MPLS network, LERs process packets as follows:

1. MPLS-labeled packets (and 802.1p bits or IP ToS bits) from a core LSR arrive at the egress LER (PE2) from the MPLS network backbone.

2. The PFC3BXL or PFC3B pops the MPLS labels (disposition) from the packets. Aggregate labels are classified using the original 802.1p bits or the IP ToS bits. Nonaggregate labels are classified with the EXP value by default.

3. For aggregate labels, the PFC3BXL or PFC3B performs a lookup on the IP address to determine the packet's destination; the PFC3BXL or PFC3B then forwards the packet to the appropriate output interface for processing. For non-aggregate labels, forwarding is based on the label. By default, non-aggregate labels are popped at the penultimate-hop router (next to last), not the egress PE router.

4. The PFC3BXL or PFC3B also forwards the 802.1p bits or the IP ToS bits to the output interface.

5. The packets are differentiated according to the 802.1p bits or the IP ToS bits and treated accordingly.

Note The MPLS EXP bits allow you to specify the QoS for an MPLS packet. The IP precedence and DSCP bits allow you to specify the QoS for an IP packet.

Understanding PFC3BXL or PFC3B Mode MPLS QoS

PFC3BXL or PFC3B mode MPLS QoS supports IP QoS. For MPLS packets, the EXP value is mapped into an internal DSCP so that the PFC3BXL or PFC3B can apply non-MPLS QoS marking and policing.

For both the ingress and egress policies, PFC3BXL or PFC3B mode MPLS QoS marking and policing decisions are made on a per-interface basis at an ingress PFC3BXL or PFC3B. The ingress interfaces are physical ports, subinterfaces, or VLANs.

The QoS policy ACLs are programmed in QoS TCAM separately for ingress and egress lookup. The ternary content addressable memory (TCAM) egress lookup takes place after the IP forwarding table (FIB) and NetFlow lookups are completed.

The results of each QoS TCAM lookup yield an index into RAM that contains policer configuration and policing counters. Additional RAM contains the microflow policer configuration; the microflow policing counters are maintained in the respective NetFlow entries that match the QoS ACL.

The results of ingress and egress aggregate and microflow policing are combined into a final policing decision. The out-of-profile packets can be either dropped or marked down in the DSCP.

This section describes PFC3BXL or PFC3B mode MPLS QoS for the following:

•LERs at the EoMPLS Edge

•LERs at the IP Edge (MPLS, MPLS VPN)

•LSRs at the MPLS Core

Note The following sections refer to QoS features for LAN ports, OSM ports, and FlexWAN ports. For details about how the different features work, refer to the appropriate documentation.

LERs at the EoMPLS Edge

This section summarizes the Ethernet over MPLS (EoMPLS) QoS features that function on the LERs. EoMPLS QoS support is similar to IP-to-MPLS QoS:

•For EoMPLS, if the port is untrusted, the CoS trust state is automatically configured for VC type 4 (VLAN mode), not for VC type 5 (port mode). 802.1q CoS preservation across the tunnel is similar.

•Packets received on tunnel ingress are treated as untrusted for EoMPLS interfaces, except for VC Type 4 where trust CoS is automatically configured on the ingress port and policy marking is not applied.

•If the ingress port is configured as trusted, packets received on an EoMPLS interface are never marked by QoS policy in the original IP packet header (marking by IP policy works on untrusted ports).

•802.1p CoS is preserved from entrance to exit, if available through the 802.1q header.

•After exiting the tunnel egress, queueing is based on preserved 802.1p CoS if 1p tag has been tunnelled in the EoMPLS header (VC type 4); otherwise, queuing is based on the CoS derived from the QoS decision.

Ethernet to MPLS

For Ethernet to MPLS, the ingress interface, PFC3BXL or PFC3B mode MPLS QoS, and egress interface features are similar to corresponding features for IP to MPLS. For more information, see these sections:

•Classification for IP-to-MPLS

•Classification for IP-to-MPLS PFC3BXL or PFC3B Mode MPLS QoS

•Classification at IP-to-MPLS Ingress Port

•Classification at IP-to-MPLS Egress Port

MPLS to Ethernet

For MPLS to Ethernet, the ingress interface, PFC3BXL or PFC3B mode MPLS QoS, and egress interface features are similar to corresponding features for MPLS to IP except for the case of EoMPLS decapsulation where egress IP policy cannot be applied (packets can be classified as MPLS only). For more information, see these sections:

•Classification for MPLS-to-IP

•Classification for MPLS-to-IP PFC3BXL or PFC3B Mode MPLS QoS

•Classification at MPLS-to-IP Ingress Port

•Classification at MPLS-to-IP Egress Port.

LERs at the IP Edge (MPLS, MPLS VPN)

This section provides information about QoS features for LERs at the ingress (CE-to-PE) and egress (PE-to-CE) edges for MPLS and MPLS VPN networks. Both MPLS and MPLS VPN support general MPLS QoS features. See the "MPLS VPN" section for additional MPLS VPN-specific QoS information.

IP to MPLS

The PFC3BXL or PFC3B provides the following MPLS QoS capabilities at the IP-to-MPLS edge:

•Assigning an EXP value based on the mls qos trust or policy-map command

•Marking an EXP value using a policy

•Policing traffic using a policy

This section provides information about the MPLS QoS classification that the PFC3BXL or PFC3B supports at the IP-to-MPLS edge. Additionally, this section provides information about the capabilities provided by the ingress and egress interface modules.

Classification for IP-to-MPLS

The PFC3BXL or PFC3B ingress and egress policies for IP traffic classify traffic on the original received IP using match commands for IP precedence, IP DSCP, and IP ACLs. Egress policies do not classify traffic on the imposed EXP value nor on a marking done by an ingress policy.

After the PFC3BXL or PFC3B applies the port trust and QoS policies, it assigns the internal DSCP. The PFC3BXL or PFC3B then assigns the EXP value based on the internal DSCP-to-EXP global map for the labels that it imposes. If more than one label is imposed, the EXP value is the same in each label. The PFC3BXL or PFC3B preserves the original IP ToS when the MPLS labels are imposed.

The PFC3BXL or PFC3B assigns the egress CoS based on the internal DSCP-to-CoS global map. If the default internal DSCP-to-EXP and the internal DSCP-to-CoS maps are consistent, then the egress CoS has the same value as the imposed EXP.

If the ingress port receives both IP-to-IP and IP-to-MPLS traffic, classification should be used to separate the two types of traffic. For example, if the IP-to-IP and IP-to-MPLS traffic have different destination address ranges, you can classify traffic on the destination address, and then apply IP ToS policies to the IP-to-IP traffic and apply a policy (that marks or sets the EXP value in the imposed MPLS header) to the IP-to-MPLS traffic. See the following two examples:

•A PFC3BXL or PFC3B policy to mark IP ToS sets the internal DSCP—If it is applied to all traffic, then for IP-to-IP traffic, the egress port will rewrite the CoS (derived from the internal DSCP) to the IP ToS byte in the egress packet. For IP-to-MPLS traffic, the PFC3BXL or PFC3B will map the internal DSCP to the imposed EXP value.

•A PFC3BXL or PFC3B policy to mark MPLS EXP sets the internal DSCP—If it is applied to all traffic, then for IP-to-IP traffic, the egress port rewrites the IP ToS according to the ingress IP policy (or trust). The CoS is mapped from the ToS. For IP-to-MPLS traffic, the PFC3BXL or PFC3B will map the internal DSCP to the imposed EXP value.

Classification for IP-to-MPLS PFC3BXL or PFC3B Mode MPLS QoS

PFC3BXL or PFC3B mode MPLS QoS at the ingress to PE1supports:

•Matching on IP precedence or DSCP values or filtering with an access group

•The set mpls experimental imposition and police commands

PFC3BXL or PFC3B mode MPLS QoS at the egress of PE1 supports the mpls experimental topmost command.

Classification at IP-to-MPLS Ingress Port

Classification for IP- to- MPLS is the same as for IP-to-IP. LAN port classification is based on the received Layer 2 802.1Q CoS value. OSM and FlexWAN interfaces classify based on information in the received Layer 3 IP header.

Classification at IP-to-MPLS Egress Port

LAN port classification is based on the received EXP value and the egress CoS values is mapped from that value.

OSM and FlexWAN interfaces classify traffic when you use the match mpls experimental command to match on the egress CoS as a proxy for the EXP value. The match mpls experimental command does not match on the EXP value in the topmost label.

If the egress port is a trunk,the LAN ports and the OSM GE-WAN ports copy the egress CoS into the egress 802.1Q field.

MPLS to IP

PFC3BXL or PFC3B mode MPLS QoS supports these capabilities at the MPLS-to-IP edge:

•Option to propagate EXP value into IP DSCP on exit from an MPLS domain per egress interface

•Option to use IP service policy on the MPLS-to-IP egress interface

This section provides information about the MPLS-to-IP MPLS QoS classification. Additionally, this section provides information about the capabilities provided by the ingress and egress modules.

Classification for MPLS-to-IP

The PFC3BXL or PFC3B assigns the internal DSCP (internal priority that the PFC3BXL or PFC3B assigns to each frame) based on the QoS result. The QoS result is affected by the following:

•Default trust EXP value

•Label type (per-prefix or aggregate)

•Number of VPNs

•Explicit NULL use

•QoS policy

There are three different classification modes:

•Regular MPLS classification—For nonaggregate labels, in the absence of MPLS recirculation, the PFC3BXL or PFC3B classifies the packet based on MPLS EXP ingress or egress policy. The PFC3BXL queues the packet based on COS derived from EXP-to-DSCP-to-CoS mapping. The underlying IP DSCP is either preserved after egress decapsulation, or overwritten from the EXP (through the EXP-to-DSCP map).

•IP classification for aggregate label hits in VPN CAM—The PFC3BXL or PFC3B does one of the following:

–Preserves the underlying IP ToS

–Rewrites the IP ToS by a value derived from the EXP-to-DSCP global map

–Changes the IP ToS to any value derived from the egress IP policy

In all cases, egress queueing is based on the final IP ToS from the DSCP-to-CoS map.

•IP classification with aggregate labels not in VPN CAM—After recirculation, the PFC3BXL or PFC3B differentiates the MPLS-to-IP packets from the regular IP-to-IP packets based on the ingress reserved VLAN specified in the MPLS decapsulation adjacency. The reserved VLAN is allocated per VRF both for VPN and non-VPN cases. The ingress ToS after recirculation can be either the original IP ToS value, or derived from the original EXP value. The egress IP policy can overwrite this ingress ToS to an arbitrary value.

Note For information about recirculation, see the "Recirculation" section on page 24-4.

For incoming MPLS packets on the PE-to-CE ingress, the PFC3BXL or PFC3B supports MPLS classification only. Ingress IP policies are not supported. PE-to-CE traffic from the MPLS core is classified or policed on egress as IP.

Classification for MPLS-to-IP PFC3BXL or PFC3B Mode MPLS QoS

PFC3BXL or PFC3B mode MPLS QoS at the ingress to PE2 supports matching on the EXP value and the police command.

PFC3BXL or PFC3B mode MPLS QoS at the egress of PE2 supports matching on IP precedence or DSCP values or filtering with an access group and the police command.

Classification at MPLS-to-IP Ingress Port

LAN port classification is based on the EXP value. OSM and FlexWAN interfaces classify traffic using the match mpls experimental command. The match mpls experimental command matches on the EXP value in the received topmost label.

Classification at MPLS-to-IP Egress Port

Note The egress classification queuing is different for LAN and WAN ports.

Classification for MPLS-to-IP is the same as it is for IP-to-IP.

The LAN interface classification is based on the egress CoS. The OSM and WAN interfaces classify traffic on information in the transmitted IP header.

Note You can use PFC3BXL or PFC3B QoS features or OSM QoS features in an output policy; however, you cannot use both in the same output policy.

If the egress port is a trunk, the LAN ports and OSM GE-WAN ports copy the egress CoS into the egress 802.1Q field.

Note For MPLS to IP, egress IP ACL or QoS is not effective on the egress interface if the egress interface has MPLS IP (or tag IP) enabled. The exception is a VPN CAM hit, in which case the packet is classified on egress as IP.

MPLS VPN

The information in this section also applies to an MPLS VPN network.

The following PE MPLS QoS features are supported for MPLS VPN:

•Classification, policing, or marking of CE-to-PE IP traffic through the VPN subinterface

•Per-VPN QoS (per-port, per-VLAN, or per-subinterface)

For customer edge (CE)-to-PE traffic, or for CE-to-PE-to-CE traffic, the subinterface support allows you to apply IP QoS ingress or egress policies to subinterfaces and to physical interfaces. Per-VPN policing is also provided for a specific interface or subinterface associated with a given VPN on the CE side.

In situations when there are multiple interfaces belonging to the same VPN, you can perform per-VPN policing aggregation using the same shared policer in the ingress or egress service policies for all similar interfaces associated with the same PFC3BXLs or PFC3Bs.

For aggregate VPN labels, the EXP propagation in recirculation case may not be supported because MPLS adjacency does not know which egress interface the final packet will use.

Note For information on recirculation, see the "Recirculation" section on page 24-4.

The PFC3BXL or PFC3B propagates the EXP value if all interfaces in the VPN have EXP propagation enabled.

The following PE MPLS QoS features are supported:

•General MPLS QoS features for IP packets

•Classification, policing, or marking of CE-to-PE IP traffic through the VPN subinterface

•Per-VPN QoS (per-port, per-VLAN, or per-subinterface)

LSRs at the MPLS Core

This section provides information about MPLS QoS features for LSRs at the core (MPLS-to-MPLS) for MPLS and MPLS VPN networks. Ingress features, egress interface, and PFC3BXL or PFC3B features for Carrier Supporting Carrier (CsC) QoS features are similar to those used with MPLS to MPLS described in the next section. A difference between CsC and MPLS to MPLS is that with CsC labels can be imposed inside the MPLS domain.

MPLS to MPLS

PFC3BXL or PFC3B mode MPLS QoS at the MPLS core supports the following:

•Per-EXP policing based on a service policy

•Copying the input topmost EXP value into the newly imposed EXP value

•Optional EXP mutation (changing of EXP values on an interface edge between two neighboring MPLS domains) on the egress boundary between MPLS domains

•Microflow policing based on individual label flows for a particular EXP value

•Optional propagation of topmost EXP value into the underlying EXP value when popping the topmost label from a multi-label stack.

The following section provides information about MPLS-to-MPLS PFC3BXL or PFC3B mode MPLS QoS classification. Additionally, the section provides information about the capabilities provided by the ingress and egress modules.

Classification for MPLS-to-MPLS

For received MPLS packets, the PFC3BXL or PFC3B ignores the port trust state, the ingress CoS, and any policy-map trust commands. Instead, the PFC3BXL or PFC3B trusts the EXP value in the topmost label.

Note The PFC3BXL or PFC3B mode MPLS QoS ingress and egress policies for MPLS traffic classify traffic on the EXP value in the received topmost label when you enter the match mpls experimental command.

PFC3BXL or PFC3B mode MPLS QoS maps the EXP value to the internal DSCP using the EXP-to-DSCP global map. What the PFC3BXL or PFC3B does next depends on whether it is swapping labels, imposing a new label, or popping a label:

•Swapping labels—When swapping labels, the PFC3BXL or PFC3B preserves the EXP value in the received topmost label and copies it to the EXP value in the outgoing topmost label. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP global maps are consistent, then the egress CoS is based on the EXP in the outgoing topmost label.

The PFC3BXL or PFC3B can mark down out-of-profile traffic using the police command's exceed and violate actions. It does not mark in-profile traffic, so the conform action must be transmitted and the set command cannot be used. If the PFC3BXL or PFC3B is performing a markdown, it uses the internal DSCP as an index into the internal DSCP markdown map. The PFC3BXL or PFC3B maps the result of the internal DSCP markdown to an EXP value using the internal DSCP-to-EXP global map. The PFC3BXL or PFC3B rewrites the new EXP value to the topmost outgoing label and does not copy the new EXP value to the other labels in the stack. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP maps are consistent, then the egress CoS is based on the EXP value in the topmost outgoing label.

•Imposing an additional label—When imposing a new label onto an existing label stack, the PFC3BXL or PFC3B maps the internal DSCP to the EXP value in the imposed label using the internal DSCP-to-EXP map. It then copies the EXP value in the imposed label to the underlying swapped label. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP maps are consistent, the egress CoS is based on the EXP value in the imposed label.

The PFC3BXL or PFC3B can mark in-profile and mark down out-of-profile traffic. After it marks the internal DSCP, the PFC3BXL or PFC3B uses the internal DSCP-to-EXP global map to map the internal DSCP to the EXP value in the newly imposed label. The PFC3BXL or PFC3B then copies the EXP in the imposed label to the underlying swapped label. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. Therefore, the egress CoS is based on the EXP in the imposed label.

•Popping a label—When popping a label from a multi-label stack, the PFC3BXL or PFC3B preserves the EXP value in the exposed label. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP maps are consistent, then the egress CoS is based on the EXP value in the popped label.

•If EXP propagation is configured for the egress interface, the PFC3BXL or PFC3B maps the internal DSCP to the EXP value in the exposed label using the DSCP-to-EXP global map. The PFC3BXL or PFC3B assigns the egress CoS using the internal DSCP-to-CoS global map. If the DSCP maps are consistent, the egress CoS is based on the EXP value in the exposed label.

Classification for MPLS-to-MPLS PFC3BXL or PFC3B Mode MPLS QoS

PFC3BXL or PFC3B mode MPLS QoS at the ingress to P1 or P2 supports the following:

•Matching with the mpls experimental topmost command

•The set mpls experimental imposition, police, and police with set imposition commands

PFC3BXL or PFC3B mode MPLS QoS at the egress of P1 or P2 supports matching with the mpls experimental topmost command.

Classification at MPLS-to-MPLS Ingress Port

LAN port classification is based on the egress CoS from the PFC3BXL or PFC3B. OSM and FlexWAN interfaces classify traffic using the match mpls experimental command. The match mpls experimental command matches on the EXP value in the received topmost label.

Classification at MPLS-to-MPLS Egress Port

LAN port classification is based on the egress CoS value from the PFC3BXL or PFC3B. OSM and FlexWAN interfaces classify traffic using the match mpls experimental command. The match mpls experimental command matches on the egress CoS; it does not match on the EXP in the topmost label.

If the egress port is a trunk, the LAN ports and OSM GE-WAN ports copy the egress CoS into the egress 802.1Q field.

PFC3BXL or PFC3B MPLS QoS Default Configuration

This section describes the PFC3BXL or PFC3B MPLS QoS default configuration. The following global PFC3BXL or PFC3B MPLS QoS settings apply:

Feature

Default Value

PFC QoS global enable state

Note With PFC QoS disabled and all other PFC QoS parameters at default values, default EXP is mapped from IP precedence.

Note With PFC QoS enabled and all other PFC QoS parameters at default values, PFC QoS sets Layer 3 DSCP to zero (untrusted ports only), Layer 2 CoS to zero, the imposed EXP to zero in all traffic transmitted from LAN ports (default is untrusted). For trust CoS, the default EXP value is mapped from COS; for trust DSCP, the default EXP value is mapped from IP precedence. For OSM WAN ports, (default is trust DSCP) the DSCP is mapped to the imposed EXP.

PFC QoS port enable state

Enabled when PFC QoS is globally enabled

Port CoS value

0

Microflow policing

Enabled

IntraVLAN microflow policing

Disabled

Port-based or VLAN-based PFC QoS

Port-based

EXP to DSCP map
(DSCP set from EXP values)

EXP 0 = DSCP 0
EXP 1 = DSCP 8
EXP 2 = DSCP 16
EXP 3 = DSCP 24
EXP 4 = DSCP 32
EXP 5 = DSCP 40
EXP 6 = DSCP 48
EXP 7 = DSCP 56

IP precedence to DSCP map
(DSCP set from IP precedence values)

IP precedence 0 = DSCP 0
IP precedence 1 = DSCP 8
IP precedence 2 = DSCP 16
IP precedence 3 = DSCP 24
IP precedence 4 = DSCP 32
IP precedence 5 = DSCP 40
IP precedence 6 = DSCP 48
IP precedence 7 = DSCP 56

DSCP to EXP map
(EXP set from DSCP values)

DSCP 0-7 = EXP 0
DSCP 8-15 = EXP 1
DSCP 16-23 = EXP 2
DSCP 24-31 = EXP 3
DSCP 32-39 = EXP 4
DSCP 40-47 = EXP 5
DSCP 48-55 = EXP 6
DSCP 56-63 = EXP 7

Marked-down DSCP from DSCP map

Marked-down DSCP value equals original DSCP value (no mark down)

EXP mutation map

No mutation map by default

Policers

None

Policy maps

None

MPLS flow mask in NetFlow table

Label + EXP value

MPLS core QoS

There are four possibilities at the MPLS core QoS:

•Swapping—Incoming EXP field is copied to outgoing EXP field.

•Swapping + imposition—Incoming EXP field is copied to both the swapped EXP field and the imposed EXP field.

Note If there is a service policy with a set for EXP field, its EXP field will be placed into the imposed label and also into the swapped label.

•Disposition of topmost label—Exposed EXP field is preserved.

•Disposition of only label—Exposed IP DSCP is preserved.

MPLS to IP edge QoS

Preserve the exposed IP DSCP

MPLS QoS Commands

•match mpls experimental topmost

•set mpls experimental imposition

•police

•mls qos map exp-dscp

•mls qos map dscp-exp

•mls qos map exp-mutation

•mls qos exp-mutation

•show mls qos mpls

•no mls qos mpls trust exp

Note For information about supported non-MPLS QoS commands, see "Configuring PFC QoS" section on page 41-55.

The following commands are not supported:

•set qos-group

•set discard-class

PFC3BXL or PFC3B Mode MPLS QoS Restrictions and Guidelines

When configuring PFC3BXL or PFC3B mode MPLS QoS, follow these guidelines and restrictions:

•For IP-to-MPLS or EoMPLS imposition when the received packet is an IP packet:

–When QoS is disabled, the EXP value is based on the received IP ToS.

–When QoS is queuing only, the EXP value is based on the received IP ToS.

•For EoMPLS imposition when the received packet is a non-IP packet:

–When QoS is disabled, the EXP value is based on the ingress CoS.

–When QoS is queuing only, the EXP value is based on the received IP ToS.

•For MPLS-to-MPLS operations:

–Swapping when QoS is disabled, the EXP value is based on the original EXP value (in the absence of EXP mutation).

–Swapping when QoS is queuing only, the EXP value is based on the original EXP value (in the absence of EXP mutation).

–Imposing additional label when QoS is disabled, the EXP value is based on the original EXP value (in the absence of EXP mutation).

–Imposing an additional label when QoS is queuing only, the EXP value is based on the original EXP value (in the absence of EXP mutation).

–Popping one label when QoS is disabled, the EXP value is based on the underlying EXP value.

–Popping one label when QoS is queuing only, the EXP value is based on the underlying EXP value.

•EXP value is irrelevant to MPLS-to-IP disposition.

•The no mls qos rewrite ip dscp command is incompatible with MPLS. The default mls qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or PFC3B to assign the correct EXP value for the labels that it imposes.

•With Release 12.2(18)SXF2 and later releases, the no mls qos mpls trust exp command allows you to treat MPLS packets simiarly to Layer 2 packets for CoS and egress queueing purposes by applying port trust or policy trust instead of the default EXP value.

Configuring PFC3BXL or PFC3B Mode MPLS QoS

These sections describe how to configure PFC3BXL or PFC3B mode MPLS QoS:

•Enabling QoS Globally

•Enabling Queueing-Only Mode

•Configuring a Class Map to Classify MPLS Packets

•Configuring the MPLS Packet Trust State on Ingress Ports

•Configuring a Policy Map

•Displaying a Policy Map

•Configuring PFC3BXL or PFC3B Mode MPLS QoS Egress EXP Mutation

•Configuring EXP Value Maps

Enabling QoS Globally

Before you can configure QoS on the PFC3BXL or PFC3B, you must enable the QoS functionality globally using the mls qos command. This command enables default QoS conditioning of traffic.

When the mls qos command is enabled, the PFC3BXL or PFC3B assigns a priority value to each frame. This value is the internal DSCP. The internal DSCP is assigned based on the contents of the received frame and the QoS configuration. This value is rewritten to the egress frame's CoS and ToS fields.

To enable QoS globally, perform this task:

Command

Purpose

Step 1

Router(config)# mls qos

Enables PFC QoS globally on the switch.

Router(config)# no mls qos

Disables PFC QoS globally on the switch.

Step 2

Router(config)# end

Exits configuration mode.

Step 3

Router# show mls qos

Verifies the configuration.

This example shows how to enable QoS globally:
Router(config)# mls qos 
Router(config)# end 
Router#
This example shows how to verify the configuration:
Router# show mls qos 
QoS is enabled globally
  Microflow policing is enabled globally
  QoS ip packet dscp rewrite enabled globally
  Qos trust state is DSCP on the following interfaces:
    Gi4/1 Gi4/1.12 
  Qos trust state is IP Precedence on the following interfaces:
    Gi4/2 Gi4/2.42 
  Vlan or Portchannel(Multi-Earl) policies supported: Yes
  Egress policies supported: Yes
 ----- Module [5] -----
  QoS global counters:
    Total packets: 5957870
    IP shortcut packets: 0
    Packets dropped by policing: 0
    IP packets with TOS changed by policing: 6
    IP packets with COS changed by policing: 0
    Non-IP packets with COS changed by policing: 3
    MPLS packets with EXP changed by policing: 0
Enabling Queueing-Only Mode

To enable queueing-only mode, perform this task:

Command

Purpose

Step 1

Router(config)# mls qos queueing-only

Enables queueing-only mode.

Router(config)# no mls qos queueing-only

Disables PFC QoS globally.

Note You cannot disable queueing-only mode separately.

Step 2

Router(config)# end

Exits configuration mode.

Step 3

Router# show mls qos

Verifies the configuration.

When you enable queueing-only mode, the router does the following:

•Disables marking and policing globally

•Configures all ports to trust Layer 2 CoS

Note The switch applies the port CoS value to untagged ingress traffic and to traffic that is received through ports that cannot be configured to trust CoS.

This example shows how to enable queueing-only mode:
Router# configure terminal 
Router(config)# mls qos queueing-only 
Router(config)# end 
Router#
Restrictions and Usage Guidelines

If QoS is disabled (no mls qos) for the PFC3BXL or PFC3B, the EXP value is determined as follows:

•For IP-to-MPLS or EoMPLS imposition when the received packet is an IP packet:

–When QoS is disabled (no mls qos), the EXP value is based on the received IP ToS.

–When QoS is queuing only (mls qos queueing-only), the EXP value is based on the received IP ToS.

•For EoMPLS imposition when the received packet is a non-IP packet:

–When QoS is disabled, the EXP value is based on the ingress CoS.

–When QoS is queuing only, the EXP value is based on the received IP ToS.

•For MPLS-to-MPLS operations:

–Swapping when QoS is disabled, the EXP value is based on the original EXP value (in the absence of EXP mutation).

–Swappin