This document explains the Quality of Service (QoS) capabilities available in the Catalyst 6500 Switch as it applies to Policy Feature Card 4 (PFC4) engine and provides some examples of QoS implementation. It will expand on the concepts and terminologies detailed in the white paper, ["Understanding Quality of Service on the Catalyst 6500 Switch." http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_538840.html]
This QoS paper focuses on hardware that is shipping as of the date of this publication, and is not meant to be a configuration guide. Configuration examples are used throughout this paper to assist in the explanation of QoS features of the Catalyst 6500 hardware and software. For syntax reference for QoS command structures, please refer to the [configuration and command guides for the Catalyst 6500. http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/index.htm]
1. Overview
Policy Feature Card 4 (PFC4) is the next-generation forwarding engine for the Cisco Catalyst 6500 switch, and provides significant improvements over its predecessor, Policy Feature Card 3 (PFC3). Some of these improvements include support for distributed policing, expanded tables for holding more QoS policies, enhanced IPv4 and IPv6 classification, packet and byte mode policing, and more. Furthermore, one of the more significant enhancements is support for Cisco Common Classification Policy Language (C3PL), a platform-independent interface for configuring QoS that will now be supported in the Cisco Catalyst 6500.
2. New QOS Features in PFC 4-Based System
As with the PFC3, the PFC4 consists of two ASIC components. The first ASIC is responsible for frame parsing and Layer 2 switching. The second ASIC is responsible for IPv4/IPv6 routing, MPLS label switching and imposition/disposition, Access Control Lists, QoS policies, NetFlow, and more.
The PFC4-based system supports the following new QOS capabilities:
• Serialized QoS model in hardware
• Separated ingress and egress processing
• Port trust/COS defined both in PFC4/DFC4 (Distributed Forwarding Card 4)
• Up to 256K QoS TCAM entries
• Layer 2 classification for Layer 3 packet
• Enhanced IPv4 classification (Packet Length, Time To Live, and Option)
• Enhanced IPv6 classification (Extended Header and Flow Label)
• Ingress/egress aggregate/microflow policer
• Packet/byte mode policing
• More accurate policing result, even at low policing rate
• Distributed ingress/egress policing
• Cisco Common Classification Policy Language (C3PL)-based Command Line Interface (CLI)
Before we look into these capabilities in detail, here is an overview of the hardware:
3. QoS Hardware Support in Supervisor 2T Systems
3.1. PFC 4
The PFC4 supports the following new capabilities from a QoS standpoint:
• Microflow policer on both the ingress and egress directions
• Better hardware Control Plane Policing policy for Layer 2 traffic, matchable on exceptions
Figure 1. Policy Feature Card 4 on the Supervisor 2T
• Internal/discard-class markdown without rewriting outgoing packet Differentiated Services Code Point (DSCP)
• Bytes and packets-based policing, compared to bytes only in the PFC3
• Ability to set QoS policies on IP tunnels
• Ability to mark VPLS traffic on ingress
• Unified policy configurations for ingress/egress queuing
• Improved MPLS performance, with no packet recirculation when an IP policy is configured on an egress interface.
• Support for MPLS pipe mode QoS model on an egress Provider Edge (PE) interface.
The policing feature comparison between PFC4 and PFC3 can be found in Table 1 below.
Table 1. Policing Capability Differences Between PFC4 and PFC3
Policing Capability
PFC3 System
PFC4 System
Aggregate Policer
Number
1 K
16 K
Direction
Both
Both
Configuration
1023
1023
Accuracy
<=3-5%
Maximum (0.1%,1 kbps)
Distributed
No
Yes (supports up to 4095 distributed policers)
Microflow Policer
Number
256K
512 K/1 M (depending on non-XL or XL PFC
Direction
In
Both
Configuration
63
127
Accuracy
<=3-5%
Maximum (0.1%, 1 kbps)
3.2. Interface Types Supported
PFC3 provided features on a per-port or per-VLAN basis. PFC4 provides an additional way to map a port or VLAN or a port-VLAN combination to a Logical Interface (LIF). This represents an internal (to the operating system) structure for forwarding services/features for a port, VLAN or port-VLAN pair. This capability increases granularity by allowing for association of properties or features at port, VLAN, or port-VLAN level. Table 2 captures the hardware interface capability differences between the PFC3 and PFC4.
Table 2. Hardware Interface Capability Differences Between PFC3 and PFC4
Capability
PFC3
PFC4
Maximum number of physical ports
2 k
10 k
Maximum number of routed Interfaces
4 k
128 k
Maximum number of L3 sub-interfaces
4 k
128 k
Maximum number of SVI
4 k
16 k
Number of tunnel interfaces
2 k
128 k
Global VLAN map
No
Yes
3.3. Buffers, Queues, and Thresholds in PFC4-Based Line Cards
Buffers are used to store frames while forwarding decisions are made within the switch, or as packets are enqueued for transmission on a port at a rate greater than the physical medium can support. When QoS is enabled on the switch, the port buffers are divided into one or more individual queues. Each queue has one or more drop thresholds associated with it. The combination of multiple queues within a buffer, and the drop thresholds associated with each queue, allow the switch to make intelligent decisions when faced with congestion. Traffic sensitive to jitter and delay variance, such as VoIP packets, can be moved to a higher priority queue for transmission, while other less important or less sensitive traffic can be buffered or dropped.
The number of queues and the amount of buffering per port is dependent on the line card module and the port ASIC that is used on that module. Table 3 provides an overview of the QoS queue and buffer structures for the Supervisor 2T and the 69xx and 68xx line card modules. The following information is detailed for each of the Catalyst 6500 series Ethernet modules in the following table:
• Total buffer size per port (total buffer size)
• Overall receive buffer size per port (Rx buffer size)
• Overall transmit buffer size per port (Tx buffer size)
• Port receive queue and drop threshold structure (Rx port type)
• Port transmit queue and drop threshold structure (Tx port type)
• Default size of receive buffers per queue with QoS enabled (Rx queue sizes)
• Default size of transmit buffers per queue with QoS enabled (Tx queue sizes)
The individual queues and thresholds on a port are represented in the table using a simple terminology, which describes the number of strict priority queues (if present), the number of standard queues, and the number of tail-drop or Weighted Random Early Detection (WRED) thresholds within each of the standard queues. For example, a transmit queue of 1p7q4t will represent one strict priority queue, seven standard queues with four WRED drop thresholds per queue, supporting both Deficit Weighted Round Robin (DWRR) and Shaped Round Robin (SRR). Similarly, a receive queue of 8q4t will represent zero strict priority queues, eight standard queues with four tail-drop thresholds per queue.
Table 3. Buffers, Queues, and Thresholds in PFC4-Based Line Cards
Module Model Name
Module Description
Total Buffer Size
Rx Buffer Size
Tx Buffer Size
Rx Port Type
Tx Port Type
Rx Queue Size
Tx Queue Size
Supervisor Module
VS-S2T-10G-XL
Supervisor 2T 10 Gb uplink ports in 10 G only mode
191.8 MB
104.2 MB
87.6 MB
8q4t
1p7q4t
Q8-20.8 MB
Q7-0 MB
Q6-0 MB
Q5-0 MB
Q4-0 MB
Q3-0 MB
Q2-0 MB
Q1-83.4 MB
SP-13.9 MB
Q7-0 MB
Q6-0 MB
Q5-0 MB
Q4-0 MB
Q3-13.0 MB
Q2-17.3 MB
Q1-43.4 MB
Supervisor 2T 10 Gb uplink ports
191.8 MB
104.2 MB
87.6 MB
2q4t
1p3q4t, DWRR, SRR
Q2-20.8 MB
Q1-83.4 MB
SP-13.9 MB
Q3-13.0 MB
Q2-17.3 MB
Q1-43.4 MB
Supervisor 2T Gb uplink ports
17.7 MB
9.6 MB
8.1 MB
2q4t
1p3q4t, DWRR, SRR
Q2-1.9 MB
Q1-7.7 MB
SP-1.2 MB
Q3-1.2 MB
Q2-1.6 MB
Q1-4.1 MB
WS-X6908-10G
10 Gb Ethernet line card
191.8 MB
104.2 MB
87.6 MB
8q4t
1p7q4t
Q8-20.8 MB
Q7-0 MB
Q6-0 MB
Q5-0 MB
Q4-0 MB
Q3-0 MB
Q2-0 MB
Q1-83.4 MB
SP-13.9 MB
Q7-0 MB
Q6-0 MB
Q5-0 MB
Q4-0 MB
Q3-13.0 MB
Q2-17.3 MB
Q1-43.4 MB
WS-X6816-10G
10 Gb Ethernet 16-port line card
(oversubscription mode)
91 MB
1 MB
90 MB
1p7q2t
1p7q4t
10 Gb Ethernet 16-port line card (performance mode)
It is important to note that PFC4-based line cards (WS-X6816-10G, WS-6908-10G, and WS-6904-40G) are compatible only with the Supervisor 2T, and not with previous- generation Supervisors. QoS details for these new PFC4-based line cards are provided below.
3.4.1. 10 Gigabit Ethernet Line Card (WS-X6908-10G and WS-X6816-10G)
The 6908 is a 1:1 oversubscribed 8-port 10 Gb Ethernet line card that ships with a DFC4 on board. This module has a total of 80 Gb of bandwidth connecting into the switching fabric, and supports Cisco Trusted Security (CTS) and Layer 2 encryption (based on the IEEE 802.1ae standard) on all ports at wire speed.
Figure 2. WS-X6908-10G Line Card
Figure 3. WS-X6816-10G Line Card
The WS-6816-10G line card is 4:1 oversubscribed and has a 40 Gb connection to the switching fabric. It can operate in two modes: performance mode and oversubscription mode.
When configured in performance mode, the line card ports are classified by port groups, wherein each port group consists of four physical ports. It is important to note that only the first port of the port group is enabled, and that port comes with enhanced buffering and QoS functionality. The other three ports in the port group will be administratively shut down.
When configured in oversubscription mode, the default mode of operation, all 16 ports are operational, although they are oversubscribed. The QoS specifications for both line cards are detailed in the following table:
Table 4. Line Card Port ASIC Queue Structure for PFC4-Based 10 G Cards
WS-X6708-10 G
WS-X6816-10 G
Number of 10 GE ports
8
16
Number of port ASICs in the line card
8
16
Number of physical ports per port ASIC
1
1
Transmit (Tx) queue structure per port
1p7q4t
1p7q4t
Receive (Rx) queue structure per port
8q4t
1p7q4t
(oversubscription mode)
8q4t
(performance mode)
Receive strict priority queue
No
Yes
(oversubscription mode)
No
(performance mode)
Transmit strict priority queue
Yes
Yes
Port level shaping capability
No
No
Note that both line cards require a Supervisor 2T to be installed in the chassis.
3.4.2. 40 Gigabit Ethernet Line Card (WS-X6904-40GE)
This line card comes pre-installed with a DFC4 and is capable of 80 Gbps (4 * 40 G or 16 * 10 G) bandwidth per slot. In both 40 G and 10 G mode, this line card is 2:1 oversubscribed. The line card supports 10 G interfaces through SFP+ and the FourX adapter. All ports in both modes support Cisco Trusted Security (CTS) and Layer 2 encryption IEEE 802.1ae at wire speed. The line card is capable of port level shaping; however, this will be supported in a post-FCS software release. The QoS specifications for this line card are detailed in the following table.
Figure 4. WS-X6904-40G Line Card: Can Operate in 40 G or 10 G Mode
Table 5. Line Card Port ASIC Queue Structure for PFC4-Based 40 G Cards
WS-X6904-40 G (40 G mode)
WS-X6904-40 G (10 G mode)
Number of 40 GE ports
4
0
Number of 10 GE ports
0
16
Number of port ASICs in the line card
2
2
Number of physical ports per port ASIC
2
8
Transmit queue structure per port
1p7q4t
1p7q4t
Receive queue structure per port
1p7q4t
8q4t
Receive (Rx) strict priority queue
Yes
No
Transmit (Tx) strict priority queue
Yes
Yes
Port level shaping capability
Yes (egress only)
Yes (egress only)
It is important to note that this line card requires a Supervisor 2T to be installed in the chassis.
4. QoS Processing in PFC4 System
QoS processing for the PFC4-based line cards can be split into three processing steps, with each step occurring at a different point in the system. These three steps are:
Figure 5. QoS Processing in PFC4-Based Line Card
1. Ingress QoS is performed on the ingress line card port; features include input queue scheduling and congestion avoidance.
2. PFC4 QoS features include port trust, marking, classification, QoS ACLs, and policing.
3. Egress QoS is performed on the egress line card port; features include queue scheduling, congestion avoidance, and, in some line cards, shaping.
5. QoS TCAM
In PFC3, QoS and ACL functions own separate Ternary Content Addressable Memories (TCAMs), with each TCAM supporting 32 K. The PFC4 moves to using a single TCAM with a flexible bank utilization capability supporting both QoS and other ACL features together. The TCAM size differences in the PFC4 (XL) and PFC4 (non-XL) modes can be found in Table 6.
Table 6. TCAM Resource Differences for QoS in PFC4
Resources
PFC3/PFC3XL
PFC4
PFC4-XL
QoS TCAM
32 K
16 K (default)
64 K (default)
Security ACL TCAM
32 K
48 K (default)
192 K (default)
6. Serial QoS Model with PFC4 Hardware
One of the limitations of the PFC3 is that decisions are made in multiple cycles, thereby adding latency to the whole forwarding process. PFC4 makes many of these decisions in a single pass, albeit by going through the Layer 2 and Layer 3 components in a step-by-step process. The component that performs Layer 3 and QoS functionalities is implemented in a pipeline mode, with each stage in the pipeline performing a specific task. The two logical pipelines that make up the physical pipeline are the Input Forwarding Engine (IFE) and Output Forwarding Engine (OFE).
IFE and OFE are two separate processes within the same physical hardware. The PFC4 architecture allows ingress and egress policing mechanisms in a single pass through the forwarding engine.
(Learn more details about PFC4 hardware in the Cisco Catalyst 6500 Supervisor 2T Architecture White Paper.)
7. Unified Policy Configuration with C3PL
Cisco Common Classification Policy Language (C3PL) is similar to the Modular QoS CLI (MQC), in which class maps identify the traffic that is affected by the action that the policy map applies. C3PL supports configuration for QoS across Cisco platforms, and provides a platform-independent interface for configuring QoS.
Figure 7. Unified Policy Configuration with C3PL
Due to differences in queueing implementation in port ASICs, Modular Quality of Service (MQC)-compliance in PFC3-based Catalyst 6500 systems is limited to marking and policing. Queuing configuration can map incoming traffic to a specific queue, allowing other functionalities such as trust, global maps, and more. This is configurable through platform-specific command-line interfaces (CLI). PFC4-based Supervisor 2T system removes these limitations by supporting C3PL, which is a policy-driven CLI syntax, for marking, policing, and queueing.
7.1. Change in Default QoS Behavior
Prior to Supervisor 2T, there was a single global command to enable or disable QoS, which applied both at the PFC and port level. The major change with QoS in a PFC4 system is the behavior of default QoS at the PFC level. By default, QoS will be enabled in the PFC4, and there will only be a global command option to enable or disable QoS at the port level. The main changes can be broadly summarized as follows:
• No global CLI required to enable QoS in the box
• QoS for an interface is always defined by the attached service policies
• By default, packets are passed through without a change in DSCP, EXP, or CoS for L2 packets or L2-classified L3 packets
• Service-policy marking does not depend on port trust
• The port state has no effect on marking, by default.
The PFC3-based mls qos global command is replaced with the auto qos default global command, which is used for enabling QoS just at the port level and not at the PFC level.
7.2. Default State of Port Level QoS
As alluded to in the previous section, the PFC4 global QoS command cannot be used to control QoS at the PFC. By default, the port level QoS is disabled and the port level ingress queue scheduling and congestion avoidance are CoS-based.
Figure 8. PFC4 Default Port QoS Status
If a port is trusted and is not a Dot1Q trunk port, it will also use the default port CoS.
7.3. Port Ingress CoS to Queue Mapping
When port is in default QoS mode, frames entering the switch get placed into either the strict priority queue or normal queue, based on ingress CoS values.
Figure 9. PFC4 Default Port Ingress CoS to Queue Mapping
If a strict priority queue is present, frames with a CoS value of 5 are placed in it. All other frames are queued in the normal queue. The normal queues are configured with drop thresholds that define which CoS packets can be dropped when the queue fills up beyond the threshold.
7.4. Configuration CLI
The QoS status for the system can be identified using the following command:
6513E.SUP2T.SA.1#show auto qos default
"auto qos default" is configured
Earl qos Enabled port qos Enabled queueing-only No
6513E.SUP2T.SA.1#
6513E.SUP2T.SA.1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
6513E.SUP2T.SA.1(config)#no auto qos defa
6513E.SUP2T.SA.1(config)#no auto qos default
6513E.SUP2T.SA.1(config)#end
6513E.SUP2T.SA.1#
6513E.SUP2T.SA.1#show auto qos default
"auto qos default" is not configured
Earl qos Enabled port qos Disabled queueing-only No
6513E.SUP2T.SA.1#
The QoS status, such as the queueing at the port level, can be obtained using the following CLI:
A table detailing summary of changed CLIs for a PFC4-based system can be found in Appendix 1.
8. PFC4 Ingress Map and Port Trust
In a PFC4 system, port trust is now defined in the PFC4/DFC4, instead of being taken from the port ASIC. The Layer 3 forwarding logic will assign a 6-bit Discard Class value for the packet passing through the whole packet processing pipeline.
Figure 10. PFC4 Ingress Map
As represented in Figure 11, each frame's CoS, IP precedence, EXP, and DSCP value gets mapped to a corresponding discard value, based on an ingress map maintained in the PFC4.
9. Layer 2 Classification of Layer 3 Packets
PFC4 provides a new capability to perform classification on a Layer 3 packet using Layer 2 information. The decision matching is performed on the MAC address, even though the packet may not have arrived on a Layer 2 interface. This feature allows:
• Separate ingress/egress control
• Control of Layer 2 or Layer 3 NetFlow creation
• DSCP for Layer 2-classified IP packets preserved by default, unless rewritten by an explicit DSCP marking command
• Per-port option to choose VLAN-based packet classification setting
Figure 11. Classification of Layer 3 Packets with Layer 2
In a PFC3 system, MAC access list functions are for non-IP traffic only, as it is not possible to police Layer 3 traffic based on Layer 2 MAC information. In a PFC4 system, this limitation has been lifted, so a class map using Layer 2 information can be applied to IP traffic.
9.1. Use Cases for Layer 2 Classification of Layer 3 Traffic
Consider a provider edge with pure Layer 2 network that wants to classify Layer 3 traffic, based on one of the following Layer 2 elements:
• Match incoming CoS for Layer 3 traffic
• Match outer VLAN for Q-in-Q traffic
• Match inner VLAN for Q-in-Q traffic
• Match inner Dot1Q CoS for Q-in-Q traffic
• Match Layer 2 destination missed traffic
• Match ARP traffic
• Match BPDU traffic
9.2. Configuration
SUP2T(config-if)#mac packet-classify ?
input classify L3 packets as layer2 on input
output classify L3 packets as layer2 on output
SUP2T(config)#class-map match-all [Name]
SUP2T(config-cmap)# match cos 5
Sup2T(config)#mac packet-classify use outer-vlan ?
in Apply to Ingress mac acl
out Apply to egress mac acl
Sup2T(config)#mac access-list extended [Name]
Sup2T(config-ext-macl)#permit any any ce_vlan [ID]
SUP2T(config-if)#mac packet-classify use ce_cos ?
input User inner cos for classification in ingress direction
Match Layer 2 Destination Missed Traffic:
SUP2T(config)#class-map match-all [Name]
SUP2T(config-cmap)# match l2 miss
Match ARP:
SUP2T(config)#arp access-list test
SUP2T(config-arp-nacl)#permit ip any mac ?
H.H.H Senders MAC address (and mask)
any Any MAC address
host Single Sender host
BPDU Classification:
SUP2T(config)# mac packet-classify bpdu
10. Enhanced IPv4/IPv6 Classification
With the PFC4 system, classification for IPv4 and IPv6 packets can now be performed based on packet length, Time To Live (TTL), and various different fields in the headers. For the IPv6 packets, classification can be performed using flow label and extended header.
11. Marking
The important changes for QoS marking in PFC4 involve compatibility to the C3PL and are summarized below:
• No global CLI required to enable PFC QoS
• QoS global maps defined using C3PL table-map syntax
• DSCP is preserved by default, independent of port state
• CoS is preserved by default for Layer2 packets, independent of port state
• Port trust dscp/precedence command is eliminated
In the PFC3-based system, prioritizing a packet resulted in a rewrite of the IP packet and, therefore, the DSCP. The PFC4 provides the ability to prioritize a packet without rewriting the IP packet. DSCP transparency can be controlled on a per-policy class basis.
11.1. Use Case for Marking
Consider a scenario where a user gets packets with a certain discard-class on the ingress, but does not want them to be classified with a discard-class on the egress. Here, both match dscp and match discard-class commands can be present in the configuration. With the PFC4 system, it is possible for match dscp to use the incoming packet's DSCP to classify and for match discard-class to use the discard-class after the rewrite for classification.
12. Policing
12.1. Distributed Policer
Distributed Policing is a new PFC4 feature with which policers from multiple DFC4 line cards can be configured to collectively rate-limit the aggregate traffic received on a set of interfaces. This is not possible with previous-generation PFC systems, which can only rate limit traffic received local to the specific line card. As illustrated in Figure 11, Distributed Policing is desirable when customers want to apply rate-limiting on a set of interfaces that belong to a cluster. This can include, for example, a VLAN or ether channel with member ports on different PFC-based line cards.
In addition to metering traffic independently, each policer within the system is capable of synchronizing with other policers. As a result, a policer on any PFC4 effectively sees all the traffic received for that cluster throughout the system across all PFC4s.
Figure 12. Distributed Policer in the PFC4-Based System
A distributed policer maintains two sets of buckets and thresholds:
• Global counts and thresholds, which reflect the aggregate traffic across all PFC4s
• Local counts and thresholds, which reflect the local unpoliced traffic.
Policing decisions are made using the global and local bucket counts. When the sum of these two counts exceeds the global threshold, the policer on each PFC4-based line card applies the policer action independently.
Distributed policing is supported in the first 4 K of the 16 K aggregate policers available on any PFC4 in the system. There are two modes of distributed policing:
• Strict mode, where a single policy map will be rejected on the interface if it cannot fit fully within the 4 k distributed policer region
• Loose mode, where the policy map will not be rejected, but will be installed in the non-distributed policer region, and will behave as in PFC3
12.1.1. Use Cases for Distributed Policing
The following use cases are applicable for distributed policing:
1. When the traffic for a particular VLAN that is spread across multiple line cards needs to be rate-limited.
2. When a port channel has members across line cards, and a rate-limiting policy is applied to it
3. When traffic of a set of interfaces on different line cards needs to be policed together as a cluster; specifically, a shared/aggregate policer that is also distributed across PFC4-based line cards.
12.1.2. Configuration
Distributed Policing is disabled by default, and can be enabled or disabled with a global command, making the feature very flexible for customers. Since we can have only up to 4 K distributed policers, if there are more number of policers configured on the VLANs or port-channels, subsequent ones will not be distributed and will behave as in PFC3.
Microflow policing is predominantly used to perform traffic control and accounting. Like aggregate policing, all flows arriving on ports associated with the policer are policed down to the stated rate. PFC4 supports double the number of microflow policers, compared to the number supported on PCF3, and has the additional capability to perform egress microflow policing. The important capability differences between PFC3 and PFC4 can be found in Table 6.
Table 7. Microflow Policer Capability Differences Between PFC3 and PFC4
Feature
PFC4
PFC3
Number of microflow policers
1 M (input + output)
128 K/256 K
(Non-XL and XL-based PFC3)
Number of microflow policer Configurations
128
64
Egress microflow policing
Yes
No
Shared NetFlow and microflow policing
Yes
No
In addition to supporting a greater number of microflow policers, the PFC4 improves the policer configuration accuracy down to 0.1 percent for microflow and distributed policing. (Previously, in PFC3, it was 3 to 5 percent.) This accuracy is maintained even at low policing rates.
12.2.1. Packets and Bytes-Based Policing
PFC4-based line cards, including the Supervisor 2T, can now be configured for either packet-based or byte-based policing, unlike PFC3-based cards that support byte-based policing only.
The need to distinguish inner from outer headers in an IP tunnel packet for classification and marking poses challenges for QoS. Equally challenging is the additional requirement to recirculate, in order to forward tunnel packets. The first pass of the address lookup identifies the tunnel to which the packet is destined for or arriving from. The second pass lookup identifies the actual egress interface for the encapsulated (tunneled) packet.
With PFC3, it is not possible to mark the inner header of a tunnel packet upon encapsulation. PFC4 removes this limitation and adds the capability to mark both the outer and inner header or mark just the outer header.
As represented in Figures 15 and 16, the PFC4 system supports the following two operational modes for tunneled traffic:
• Diff-serv uniform mode
• Diff-serv pipe mode
Although PFC3 supported these operational modes, support for these modes with tunnel interfaces is available only with the PFC4. Additionally, PFC4 offers better control for tunnel interface trust, as the bits after recirculation are no longer derived from the port ASIC.
Figure 13. Diff Serv Uniform Mode
Figure 14. Diff Serv Pipe Mode
Note that in the absence of ingress QoS policy, default mode in PFC4 is uniform mode, whereas the default mode in PFC3 is pipe mode.
13.1.1. Use Case for IP Tunnel QoS
Customers willing to control the marking of packets in an IP tunnel interface for uniform or pipe tunnel modes can use the new PFC4 capability.
13.1.2. Configuration
It is important to note that QoS policies and configurations are similar between PFC3 and PFC4, except that PFC4 allows a new action to be defined under the policy class, where marking can be performed based on either outer and inner or outer header.
Marking Based on Inner Header
SUP2T(config)#policy-map [Name]
SUP2T(config-pmap)#class class-default
SUP2T(config-pmap-c)#set dscp [Value]
Marking Based on Outer Header
SUP2T(config)#policy-map [Name]
SUP2T(config-pmap)#class class-default
SUP2T(config-pmap-c)#set dscp tunnel [Value]
Example of a Tunnel Interface Attached with a Service Policy
Sup2T#show run interface g6/1
Building configuration...
Current configuration : 117 bytes
!
interface GigabitEthernet6/1
ip address 3.0.0.2 255.0.0.0
service-policy input interface-ingress-policy
service-policy output interface-egress-policy
end
Sup2T#show run interface Tunnel0
Building configuration...
Current configuration : 168 bytes
!
interface Tunnel0
ip address 5.0.0.2 255.0.0.0
tunnel source GigabitEthernet6/1
tunnel destination 4.0.0.2
service-policy input tunnel-ingress-policy
service-policy output tunnel-egress-policy
end
13.2. MPLS Over GRE Tunnels
In order to enable hardware switching of MPLSoGRE packets, the ingress line card must remove the IP GRE encapsulation before forwarding them to the PFC, and the egress line card must add the IP GRE encapsulation to the egress tag packets. PFC3 did not support MPLS over GRE natively, so Sup 720 PFC3 supervisors provide support using WAN line cards, which performed the actual GRE encapsulation and decapsulation operations.
The PFC4 eliminates the need for WAN modules by supporting MPLSoGRE natively in the hardware. PFC4 handles both single MPLS label push/swap followed by GRE encapsulation on an IPv4 tunnel in one single pass. After GRE encapsulation, the packet is recirculated for Layer 2 MAC rewrite. For GRE decapsulation, the GRE header is removed in the first pass and the packet must be recirculated for further processing.
MPLS over GRE tunnels operate in pipe mode by default. If there is an explicit uniform mode policy, marking is done for both outer tunnel header DSCP and inner MPLS EXP bits.
14. MPLS QoS
Previous-generation PFCs support comprehensive MPLS features, along with QoS for MPLS packets. PFC3-based systems support MPLS pipe mode, as well as the ability to perform EXP marking.
• For an IP to MPLS packet, IP DSCP can be mapped into the outgoing EXP value, with an option to override the EXP value
• For MPLS packets, the packet EXP can be mapped into an internal DSCP, so that the regular QoS marking and policing logic can be applied
• For MPLS-to-IP, there is an option to propagate CoS value from EXP into IP DSCP in the underlying IP packet
Note that the above can be performed only at the egress PE side. PFC4 overcomes this limitation with a new capability
14.1. Ability to Distinguish IP-to-IP from IP-to-Tag Traffic
Unlike PFC3, PFC4 supports the capability to distinguish IP-to-IP traffic from IP-to-MPLS traffic at ingress. As a result, it can perform MPLS EXP marking for IP-to-MPLS traffic both on an ingress and egress PE. Additionally, this capability helps avoid the need to do ingress pipe policy for an IP-to-IP packet. Although PFC3 supports MPLS pipe mode and the ability to do EXP marking, the lack of this new capability means that it can only be used at the ingress PE side for tunnel interfaces.
14.1.1 Use Case for MPLS QoS
Consider scenarios where QoS implemented by service providers in an MPLS cloud needs to be different from the QoS implemented by a customer's IP policy. PFC4 MPLS QoS capabilities can be utilized for cases where IP packets need to be tunneled through an MPLS network without losing the DSCP.
14.2. Improved Performance
In the PFC3, a packet gets recirculated if its IP policy is configured on an egress interface. PFC4 does not have this limitation, and is capable of delivering improved performance.
15. Multicast QoS
For ingress QoS, multicast behavior in PFC4 is similar to that in PFC3. While PFC4 has the hardware capability to perform egress policing in egress replication mode, there are several limitations:
• For egress QoS, EARL8 has restrictions for multicast packets, as egress policing and marking of bridged multicast packets is not supported
• Egress policing is not supported with egress replication enabled
16. Appendix 1
A summary of commands with changes necessary to migrate from PFC3 to PFC4 is shown in Tables 8, 9, and 10. The status column is indicated by letters that refer to:
R: Retained and converted to a new CLI
I: Ignored
P: To be phased out, converted to a temporary "platform" CLI
Table 8. Summary of Command Migration for Cat6500 Specific Global CLI
PFC3 Command
Sta-tus
PFC4 Migration NVGEN and Action
Comments on PFC4 Behavior
mls qos
P
auto qos default
Used in mls qos trust migration actions as indicator of existing PFC3 configuration
Auto-configure default queueing on ports without queueing policy. No direct effect on Earl policing/marking.
Migration actions triggered if mls qos is seen on bootup or on configuration copy.
no mls qos
I
Ignored
No effect in PFC4 platform
mls qos queueing-only
R
platform qos queueing-only
Queueing behavior identical to auto qos default. Policing/marking and DSCP/CoS rewrite is disabled.
no mls qos rewrite ip dscp
P
no platform qos rewrite ip dscp
Same behavior as in PFC3. Not necessary: PFC4 rewrite control is per-class
mls qos marking ignore port-trust
I
Used as indicator that PFC3 port trust commands can be ignored
Port trust ignored in PFC4 marking, by default
mls qos marking statistics
R
platform qos marking statistics
Same behavior as in PFC3
mls qos police serial
I
Ignored
Serial mode is always on in PFC4
mls qos police redirected
I
Ignored
Ingress policing of redirected packets is always enabled
Egress policing of packets to RP is always disabled, except for CPP
Egress policing of packets, redirected to service cards, is controlled by a policy on the respective egress VLAN
mls qos map
R
table-map
Same behavior as in PFC3. Certain dscp map names are auto-converted to discard-class map names
mls qos aggregate-policer
R
platform qos aggregate-policer
Same behavior as in PFC3
mls qos protocol
R
platform qos protocol
Same behavior as in PFC3
mls qos statistics-export
R
platform qos statistics-export
Same behavior as in PFC3
mac packet-classify use vlan
I
N/A
VLAN field is always enabled in PFC4 MAC ACLs
mls qos gre input uniform-mode (ST2)
I
N/A
Uniform mode is default and is controlled by C3PL per ingress policy class
mls mpls input uniform-mode (ST2)
I
N/A
Uniform mode is default and is controlled by C3PL per ingress policy class
Table 9. Summary of Command Migration for Cat6k Specific Interface CLI
PFC3 Command
Sta-tus
PFC4 Migration NVGEN and Action
Comments on PFC4 Behavior
mls qos trust cos
R
platform qos trust cos
Initial ingress discard-class mapped from COS. Does not rewrite packet DSCP.
PFC4 Differences:
In port-based mode, port trust cos is ignored if there is a port (ingress) policy
In VLAN-based mode, port trust cos is ignored in both default and VLAN policy case
mls qos trust dscp
I
N/A
Default behavior in PFC4 and C3PL
mls qos trust precedence
I
N/A
Handling is the same as mls qos trust dscp. Low 3 bits of incoming DSCP are not zeroed
no mls qos trust
R
platform qos trust none remark
Converted to trust none if mls qos present, otherwise, ignored. Ignored in VLAN-based mode
mls qos trust extend
R
platform qos trust extend
Same behavior as in PFC3
mls qos trust device
R
platform qos trust device
Same behavior as in PFC3
mls qos mpls trust experimental
R
platform qos mpls trust experimental
Same behavior as in PFC3
mls qos vlan-based
R
platform qos vlan-based
Same behavior as in PFC3
mls qos dscp-mutation
R
platform qos dscp-mutation
Same behavior as in PFC3
mls qos exp-mutation
R
platform qos exp-mutation
Same behavior as in PFC3
mls qos statistics-export
R
platform qos statistics-export
Same behavior as in PFC3
mls qos bridged
I
N/A
Auto-enabled/disabled internally per NetFlow profile, depending on the presence of microflow policing
mac packet-classify
R
mac packet-classify input
Equivalent to mac packet-classify input
mls qos loopback
R
platform qos loopback
Same behavior as in PFC3
mls qos queueing mode
R
platform qos queueing mode
Same behavior as in PFC3. Not supported in C3 LCs
mls qos cos
R
platform qos cos
Same behavior as in PFC3
wrr-queue
R
wrr-queue
Same behavior as in PFC3. Not supported in C3 LCs
rcv-queue
R
rcv-queue
Same behavior as in PFC3. Not supported in C3 LCs
pri-queue
R
pri-queue
Same behavior as in PFC3. Not supported in C3 LCs
mls qos channel-consistency
R
platform qos channel consistency
Enabled by auto qos default. Future: member ports must have the same ingress and egress queueing policy.
Table 10. Summary of Migration for Cat6K Specific Policy Map Commands
PFC3 Command
Sta-tus
PFC4 Migration NVGEN and Action
Comments on PFC4 behavior
trust dscp
R
trust dscp
Default behavior in PFC4 and C3PL
trust precedence
R
trust precedence
Handling is the same as trust dscp. Low 3 bits of incoming DSCP are not zeroed
trust cos
R
trust cos
PFC4 Differences:
The incoming 802.1q CoS is always used unless port CoS override configured. Warning to user to use set dscp cos or set-dscp-cos-transmit in police conform-action.
