Configuring QoS on the Cisco 7600 Series Ethernet Services 20G Line Card
This chapter provides information about configuring Quality of Service (QoS) on the Cisco 7600 Series Ethernet Services 20G (ES20) line card on the Cisco 7600 series router.
Before referring to any other QoS documentation for the platform or in the Cisco IOS software, use this chapter to determine ES20 line card-specific QoS feature support and configuration guidelines.
For additional details about QoS concepts and features in Cisco IOS Release 12.2, you can refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html
This chapter includes the following sections:
•
QoS Functions in the Cisco 7600 Series Ethernet Services 20G Line Card
•
Configuring QoS Features Using MQC
•
Dual Rate Three Color (2R3C) Ingress Policer on Service Instances
•
EVCS QoS Support
•
Configuring Qos Over an EVC Group
•
Configuring Policing
•
Configuring Marking
•
Configuring Shaping
•
Configuring Shaping on the ES20 Main Interface
•
Configuring PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card
•
Configuring Hierarchical QoS
•
Configuring Bandwidth Remaining Ratio (BRR) - Utilizing Unused Bandwidth Support
•
EVC Configuration Examples
•
Troubleshooting QoS Features in a ES20 Line Card
QoS Functions in the Cisco 7600 Series Ethernet Services 20G Line Card
Note
Main interface refers to the maininterface and switchport unless specified otherwise.
If the supported feature is not mentioned, then the feature is not supported in the particular interface.
The following sections describe ingress and egress QoS functions.
Ingress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card
The following paragraphs describe ingress QoS support on the ES20 line card.
Ingress Trust
Trust is a port assignment instructing the port to trust (leave) existing priorities as they are on incoming frames or to rewrite the priorities back to zero.
A packet can arrive at an interface with a priority value already present in the packets header. The router needs to determine if the priority setting was set by a valid application or network device according to pre defined rules or if it was set by a user hoping to get better service.
The router has to decide whether to honor the priority value or change it to another value. How the router makes this determination is by using the port "trust" setting.
The ES20 line card always trusts Differentiated Services Code Point (DSCP) by default. Maininterfaces and subinterfaces use the ingress trust functionality.
Ingress Queue Scheduling
The ES20 line card does not support ingress queue scheduling.
Ingress Classification
After a frame is queued, the frame is passed on for classification. Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.
Traffic is classified to determine whether it should be:
•
Marked for further processing.
•
Policed to rate limit specific traffic types.
The ES20 line card supports ingress classification. For information on configuring classification, see "Configuring Classification" section.
Ingress Policing
Policing provides a means to limit the amount of bandwidth that traffic traveling through a given port, or a collection of ports in a VLAN, can use. Policing works by defining an amount of data that the router is willing to send or receive in kilobytes per second.
When policing is configured, it limits the flow of data through the router by dropping or marking down the QoS value traffic that is out-of-profiles. Policing allows the router to limit the rate of specific types to a level lower than what they might get otherwise based only the interface bandwidth.
The ES20 line card supports ingress policing. For information on configuring policing, see "Configuring Policing" section.
Ingress Marking
After it has been classified, traffic can be marked. Marking is a way to selectively modify the classification bits in a packet to identify traffic within the network. Other interfaces can then match traffic based on the markings.
The ES20 line card supports ingress marking. For information on configuring marking, see "Configuring Marking" section.
Ingress Shaping
The ES20 line card does not support ingress shaping.
Egress QoS Functions in a Cisco 7600 Series Ethernet Services 20G Line Card
The following sections describe QoS functions on the ES20 line card egress ports.
Egress Classification
Classification entails using a traffic descriptor to categorize a packet within a specific group to define that packet and make it accessible for QoS handling on the network. Using packet classification, you can partition network traffic into multiple priority levels or classes of service.
Traffic is classified to determine whether it should be:
•
Marked for further processing.
•
Queued to rate limit specific traffic types.
The ES20 line card supports egress classification. For information on configuring classification, see "Configuring Classification" section.
Egress Policing
The ES20 line card supports egress port policing only when paired with the priority command.
Egress Marking
After traffic has been classified, the router can mark it. You use marking to selectively modify the classification bits in the packet to differentiate packets based on the designated markings.
The ES20 line card supports egress port marking on service instances, maininterfaces, and subinterfaces. For information on configuring marking, see "Configuring Marking" section.
Egress Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface and to ensure that the traffic conforms to policies contracted for it. You can use shaping to meet downstream requirements, thereby eliminating bottlenecks in topologies with data-rate mismatches.
The ES20 line card supports shaping on egress port, maininterfaces, subinterfaces, and service instances. For information on configuring shaping, see "Configuring Shaping" section.
Egress Queue Scheduling
The egress line card uses congestion avoidance to help prevent congestion and keep its buffers from overflowing.
The ES20 line card supports Class-based Weighted Fair Queuing (CBWFQ), Low Latency Queueing (LLQ), and Weighted Random Early Detection (WRED).
Restrictions
Follow these restrctions and guidelines when you configure QoS in a ES20 line card:
•
A policy-map output on a route processor is linecard specific because all the policy-map statistics are exported from the linecard to the route processor. In a ES20 linecard egress scenario, an active Ternary Content Addressable Memory (TCAM) entry requires a queueing ASIC to relay the packet out of an egress interface. This is because the queue id is mapped to an egress port number programmed in a queuing ASIC through which packets are relayed out. However, a packet is dropped if a valid queue id is not allocated, and the TCAM entry is active. Hence classification happens only for classes with a valid queuing action in an egress direction.
•
You can configure a minimum bandwidth of 128kbps when using the bandwidth command.
Configuring QoS Features Using MQC
The Modular QoS CLI (MQC) is a CLI structure that allows users to create traffic policies and attach these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to select traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.
To configure QoS features using the Modular QoS CLI on the ES20 line card, complete the following basic steps:
Step 1
Define a traffic class using the class-map command.
Step 2
Create a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command).
Step 3
Attach the traffic policy to the interface using the service-policy command.
For a complete discussion about MQC, refer to the "Modular Quality of Service Command-Line Interface" section of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 publication at:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html
EVCS QoS Support
Ethernet Virtual Connection Services (EVCS) uses the concepts of service instances and EVCs (Ethernet virtual circuits). A service instance is the instantiation of an EVC on a given port on a given router. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered.
Mapping Between Bay and Ports
The following table maps the bay and port information in a ES20 line card:
Table 3-1 Mapping Between Bay and Ports
|
|
ESM20 1 GIG Variant with 2 Xchip ASICs where lower number of ports are assigned to Bay 0 and higher number ports are mapped to Bay 1. |
Ports 0 to 9 mapped to Bay 0 Ports 10 to 19 mapped to Bay 1 |
ESM20 10 GIG Variant |
10 G Port 0 mapped to Bay 0 10 G Port 1 mapped to Bay 1 |
Restrictions and Usage Guidelines
When configuring QoS with EVCs on the ES20 line card, follow these restrictions and usage guidelines:
•
Service instances use MQC.
•
QoS supports 16 000 service instances per line card and 8000 per bay.
•
HQoS supports 990 policy-maps per bay.
•
Configuring EVcs or subinterfaces is not permissible with QoS on the main interface.
•
Ingress shaping is not supported.
•
For egress QoS, both hierarchical and flat policy-maps are supported.
•
Before creating a service instance or a sub interface, remove any policy-maps on the maininterface.
•
Only classes defined with match vlan and vlan-inner and class-default can exist in a parent policy.
•
As service instance configurations change, you must remove and reapply the policy because the policy-map configuration may no longer be valid. However, changes on the main interface related to QoS are not cascaded to EVC QoS.
•
Because the policy-map does not work to its optimum capacity due to 1% of the port bandwidth being reserved for control packets, ensure that the policy-map is configured to use only 99% of the port bandwidth.
•
EVCs with default encapsulation support policy-maps similar to other supported EVCs.
•
Layer 3 classification, Ingress and Egress Marking combinations are supported for the ES20 line card on the Cisco 7600 series router. For more information on the supported combinations, see "Layer 3 Ingress Marking Scenarios On a Service Instance".
EVC QoS support is as follows:
•
For EVC QoS, classification is based on the following filters, which can be combined:
–
Inner VLAN tag
–
Outer VLAN tag
–
CoS
–
CoS Inner
–
Precedence
–
Dscp
–
Mpls exp (for egress classification only)
•
For EVC QoS, marking is based on:
–
Copy or rewrite inner CoS
–
Copy or rewrite outer CoS
–
Copy inner to outer CoS or vice versa
–
Copy or rewrite on EXP
–
Rewrite precedence
–
Rewrite dscp
•
For EVC QoS, actions supported include:
–
Marking, bandwidth, WRED aggregate, shape average, queue-limit, priority with police
For EVC QoS configuration examples, see "EVC Configuration Examples" section.
Restrictions and User Guidelines for EVC Port Channel
When configuring QoS on a EVC port channel, follow these restrictions and user guidelines:
•
In a EVC port channel, the maximum number of restricted queues is 8000 per bay. Ensure that you do not exceed the 8000 limitation.
•
Maximum number of member links that can be configured on a line card is 8.
•
On a port channel, each EVC is replicated by the number of member links. Ensure that the total number of EVCs after replication per bay does not exceed 8000.
•
EVC port channels do not support percentage values of bandwidth and policing.
•
Egress IP Precedence and DSCP marking are supported for EVCs or for EVCs with port channels.
Configuring Qos Over an EVC Group
A Service group is a logical interface that helps you to group EVCs, and apply features on the aggregate logical entity. An EVC group helps you to configure a single QoS policy-map on different EVCs. You can globally configure service groups, and associate the group IDs with each members to add new members. For example, you can configure the group ID within each EVC to associate EVCs with a particular service group.
Each EVC belongs to only one service group at a time and the group must exist before any members (EVCs) can join the group. In addition to the policy on the service group of which it is a member, you can also apply a policy on each EVC. A policy map is rejected if you simultaneously apply the policy-map on a group and an EVC in the same direction.
In 12.2(33)SRE release, QoS is supported on the service groups, and you can add EVCs or EVCs over PC as members of a service-group. You can use this feature to apply a QoS policy (both in ingress and egress) within service groups having EVCs or EVCs over PortChannel as its members.
Restrictions and Usage Guidelines
When configuring Qos over a EVC group, follow these restrictions and usage guidelines:
•
This feature is supported only on service instances.
•
Each service instance can belong to only one service group.
•
In EVCs, all members of a service group must reside within the same interface.
•
In EVCs within a port-channel, all members of a service group must reside within the port-channel.
•
You cannot individually assign a member of a service group to a load-balance link of a port-channel. You should assign the whole group to the link.
•
An EVC group cannot have members that are assigned to multiple load-balance links of a port-channel.
•
Ensure that you have configured a EVC group before adding a service instance to it.
•
Service Group membership is extended only to EVCs (service instances).
•
You can apply a Qos Policy on groups or individual EVCs that are part of groups.
•
Ingress 1R2C policing is not supported on EVC groups.
•
You cannot simultaneously apply QoS on a EVC and its group in the same direction.
•
Service group supports hierarchical Qos and flat ( class-default ) policy-maps.
•
All QoS parameters ( Shape, Set, Bandwidth, BRR, Police (2r3c ) , Set, Wred) within a class, applicable to an EVC, are also supported on a group.
•
2r3c policer is supported in a ingress policy-map on a group.
Table 3-2 lists the scalability values of EVC groups:
Table 3-2 Scalability Values for ES20 line cards
|
|
Service Groups per bay |
2000 |
Service Groups per line card |
4000 |
Number of EVCs per service group |
4000 |
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
service-group ID number
4.
service-policy [input| output]
5.
sh service-group ID number
6.
interface GigabitEthernet slot/bay/port
7.
service instance name
8.
group ID number
9.
sh service-group ID number
10.
end
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode and enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
service-group ID number
Router(config)# service-group 1000 |
Assigns a service group ID number. The acceptable range is 1-32768. |
Step 4 |
service-policy [input| output]
Router(config-service-group)# service-policy output |
Creates a service policy within the service group and attaches it to the ingress or egress of a service group. |
Step 5 |
sh service-group ID number
Router# sh service-group 1000 |
Displays the service group for which an ID has been assigned or the members belonging to a service group. |
Step 6 |
interface GigabitEthernet slot/bay/port
Router(config)# int gi 2/0/0 |
Identifies the interface to which the service group should be attached. |
Step 7 |
service instance name
Router(config-if)# service instance 1 eth |
Creates a service instance within the interface. |
Step 8 |
group ID number
Router(config-if-srv)# group 1000 |
Adds the created group to the service instance. |
Step 9 |
sh service-group ID number
Router# sh service-group 1000 |
Displays the service group for which an ID has been assigned or the service instances belonging to a service group. |
Step 10 |
end
Router(config-if-srv)# end |
Ends the command operations. |
Example
The following example shows the creation of a service group and attaching the policy map to the egress:
Router(config)# service-g
Router(config)# service-group ?
<1-32768> Service Group ID Number
Router(config)# service-group 1000
Router(config-service-group)#ser
Router(config-service-group)# service-policy ?
input Attach a policy-map to ingress of a service group
output Attach a policy-map to egress of a service group
Router(config-service-group)# service-policy output <policy-map name>
The following example shows the creation of a service instance and adding a service group to the service instance:
Router(config)# int gi 2/0/0
Router(config-if)# service in
Router(config-if)# service instance 1 eth
Router(config-if-srv)# en
Router(config-if-srv)# encapsulation d
Router(config-if-srv)# encapsulation do
Router(config-if-srv)# encapsulation dot1q 10
Ethernet EFP configuration commands:
bridge-domain Bridge-domain
default Set a command to its defaults
description Service instance specific description
encapsulation Configure ethernet frame match criteria
errdisable Configure error disable
ethernet Configure ether lmi parameters
exit Exit from ETHER EFP configuration mode
group Join a service group
l2protocol Configure l2 control protocol processing
mac Commands for MAC Address-based features
no Negate a command or set its defaults
rewrite Configure ethernet rewrite criteria
service-policy Attach a policy-map to an EFP
shutdown Take the Service Instance out of Service
snmp Modify SNMP service instance parameters
xconnect Xconnect commands
Router(config-if-srv)# gr
Router(config-if-srv)# group 1000
Execute the sh run service-group 1 command to display the input and output policymaps applied on a service group:
*Apr 24 01:17:21.904: %SYS-5-CONFIG_I: Configured from console by console
Router#sh service-group 1000
Interface: GigabitEthernet2/0/0
Number of members: 1
Dual Rate Three Color (2R3C) Ingress Policer on Service Instances
Dual Rate Three Color Policing (2R3C), elaborated in RFC 2698, lists the following characteristics of the data packets:
•
Metered and colored as green, yellow or red.
•
Marked for transmission drop or QoS marking.
•
Replenished in token buffer mode.
Based on the new feature implementation in ES20 line cards, the policy meter operates in a color blind mode in flat policy-maps. You can configure dual rates policing using the conform, exceed, and violate actions in the ingress service instances on an ES20 line card. For more information on Dual rate Three Color policers, refer to the section "QoS: Color-Aware Policer" at the following URL:
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_cap.html
You can configure the policer in any classes supported for marking. You can use the match vlan, match vlan inner, match QoS, or match CoS inner filters to configure these classes. For more information on Policing in ES20 line cards, refer the section "Configuring Policing" section.
Restrictions and Usage Guidelines
When configuring 2R3C ingress service policy on a ES 20 line card, follow these restrictions and usage guidelines:
•
You cannot configure 2R3C policer with the following characteristics:
–
A single rate two color (1R2C) policer in the same policy-map.
–
Packets marked for transmission drop.
–
Simultaneous execution of the set command operations in the same class.
•
Maximum of 3000 policers are supported on an ES20 line card (for a total of 6000 per line card).
•
If a 1R2C policer is configured, and actions other than conform, transmit, exceed, or drop are configured, or 1R2C is not as class-default, the microprocessor performs policing.
•
If you do not configure the values for cir and pir, the CLI commands are rejected.
•
2R3C policer works with user-class and class-default values.
•
2R3C policer does not support set- cos command within the policer. set- cos command are part of policer action such as set-cos transmit.
•
To set the DBUS COS, you can use set-cos action command instead of the set mpls exp .
•
You cannot configure 2R3C and 1R2C policer within the same policy-map.
•
You can configure a minimum policer value of 128 Kbps.
•
A hierarchical qos policymap in ingress should comprise of police at parent policy and marking cos in child policy. Configuration of police in both parent and child policy maps is not supported.
•
You must not change the child-policy dynamically when the parent policy is still attached to the interface.
•
Flat 2R3C policer is supported.
•
conform, exceed, and violate commands are used to mark all the policing actions.
•
The following policing actions are supported in an ES20 line card:
–
drop.
–
set-cos-inner-transmit (sets the outer tag Cos).
–
set-cos-transmit (sets dbus cos no tag Cos).
–
transmit
–
set-prec-transmit
–
set dscp-transmit
–
set mpls-exp-imposition-transmit
•
The following default policer actions are supported in an ES20 line card:
–
transmit for conform.
–
drop for exceed and violate.
•
You can classify cos-inner, vlan, and vlan-inner policers.
•
Ingress classification and policing is performed before an EVC rewrite.
Note
Effective from 12.2(33)SRD release onwards, the service-policy configuration supports policy conform burst (bc) size setting on an ES20 interface. Releases earlier than 12.2(33)SRD, do not support setting policy bc size.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
class-map match-any class name
4.
match cos name
5.
match [ip] precedence precedence-value
6.
policy-map policer
7.
class class name
8.
police cir bc pir be
9.
conform-action [ set-cos-inner-transmit | set-cos-transmit]
10.
exceed-action [ set-cos-inner-transmit | set-cos-transmit ]
11.
violate-action [ transmit | drop ]
12.
interface GigabitEthernet slot/bay/port
13.
service instance ethernet interface
14.
service policy input policy-map-name
15.
end
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
class-map match-any class name
Router# configure class-map match any test |
Configures the match criteria for a class-map to be successful match criteria for all packets. |
Step 4 |
match cos name
Router# (config-cmap)# match cos2 |
Matches a packet based on a Layer 2 class of service (CoS) name. |
Step 5 |
Router (config-cmap)# match [ip] precendence precedence-value
Router#(config-cpmap)# match ip precedence 3 |
Identifies IP precedence values as match criteria. |
Step 6 |
Router (config-cmap)# policy-map policer
Router (config-cmap)# policy-map 2r3c |
Specifies the traffic policy name and also allows you to enter policy-map configuration mode (a prerequisite for enabling QoS features such as traffic policing or traffic shaping). |
Step 7 |
Router (config-pmap)# class class name
Router (config-pmap)# class test |
Associates the traffic class with the traffic policy. For the class-name argument, you can specify the name of the class you created when you used the class-map command to create the traffic class. |
Step 8 |
Router (config-pmap-c)# Police cir bc pir be
Router (config-pmap-c)# police cir 1000000 bc 5000 pir 100000000 be 10000000 |
Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: • cir—Specifies the CIR (Committed Information Rate) at which the first token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000. • bc-conform burst—Specifies the conform burst (bc) size in bytes used by the first token bucket for policing. The value is a number from 1000 to 31,250,000. • pir rate—Specifies the PIR (Peak Information Rate) at which the second token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000. • be—Specifies the exceed burst value used by the second token bucket. |
Step 9 |
Router (config-pmap-c-police)# conform-action [set-cos-inner-transmit | set-cos-transmit ]
Router (config-pmap-c-police)# conform-action set-cos-inner-transmit 4 |
Configures the traffic policing based on the options specified: • Inner-transmit. • Transmit. |
Step 10 |
Router (config-pmap-c-police)# exceed-action [ set-cos-inner-transmit | set-cos-transmit ]
Router(config-pmap-c-police)# exceed action set-cos-transmit 3 |
Configures the traffic policing according to the options specified: • Inner-transmit. • Transmit. |
Step 11 |
Router (config-pmap-c-police)# violate-action [ transmit | drop ]
Router (config-pmap-c-police)# violate action set-cos-transmit 3 |
Configures the traffic policing according to the options specified: • Transmit. • Drop. |
Step 12 |
Router (config)# interface GigabitEthernet slot/bay/port
Router (config)# interface gig2/0/0 |
Identifies the interface to which the service policy should be attached. |
Step 13 |
Router (config-if)# service instance ethernet interface
Router(config-if)# service instance 1 eth |
Identifies the service instance of the interface to which the service policy is attached. |
Step 14 |
Router (config-if-srv)# service policy input policy-map-name
Router(config-if-srv)# service policy input test |
Attaches the configured policy-map to the ethernet service instance. |
Step 15 |
end
Router(config-if-srv)# end |
Ends the command operations. |
Example
The following example shows the 2R3C configuration in a class and policy-map:
police 1000000 pir 2000000 conform-action set-cos-transmit 3 exceed-action
set-cos-transmit 1 violate-action drop
The service policy should be attached to the service instance of the interface as follows:
---- EVC configurations ---
service-policy input test
Ingress Policing on EVC Port Channel
The EVC port channel supports 1R0C and 2R3C policers. The classifications and police actions supported on regular EVCs are supported on an EVC port channel.
Restrictions and Usage Guidelines
When configuring ingress policing on EVC port channel, follow these restrictions and guidelines:
•
1R0C is supported only in class-default (classification), and not for service groups.
•
1R0C supports these policing actions on packets:
–
transmit for conformed packets
–
drop for exceed packets
•
1R0C does not support set action for conformed and exceeded packets.
•
1R0C supports flat and HQOS policy maps. HQOS policy maps support policing actions only for the parent class class-default and marking action in child classes.
•
2R3C is supported in these user class and class-default classification:
–
match precedence
–
match dscp
–
match vlan-outer
–
match vlan-inner
–
match cos-outer
–
match cos-inner
•
2R3C supports the following policing actions:
–
Conformed packets: transmit, set-cos-transmit, set-cos-inner-transmit, set-prec-transmit, set-dscp-transmit, set-exp-transmit
–
Exceed packets: transmit, drop, set-cos-transmit, set-cos-inner-transmit, set-prec-transmit, set-dscp-transmit, set-exp-transmit
–
Violate packets: transmit, drop, set-prec-transmit, set-dscp-transmit, set-exp-transmit
•
2R3C is supported for service groups.
•
2R3C supports only flat policy-maps.
•
Each NPU complex supports a maximum of 3000 2R3C policers.
•
The maximum value for cir is limited to 990 Mbps for a 1 Gb port and 9.9 Gbps for a 10 Gb port. For 2R3C policer, the same restriction applies to pir.
Configuring Ingress Policing on EVC Port Channel
Configuring policing on EVC port channel is same as that for configuring policing on a regular EVC. For configuration, refer the section "Configuring Policing" section.
Configuring Classification
Use the QoS classification features to select your network traffic and categorize it into classes for further QoS processing based on matching certain criteria. The default class, named "class-default," is the class to which traffic is directed for any traffic that does not match any of the selection criteria in the configured class-maps.
Restrictions and Usage Guidelines
When configuring traffic classes on an ES20 line card, follow these restrictions and usage guidelines:
•
You can define up to 256 unique classes in a policy-map including class-default .
•
A single class-map can contain up to 8 different match command statements.
•
The ES20 line card does not support combining matches on QoS group, CoS, or input VLAN with other types of matching criteria (for example, access control lists [ACLs]) in the same class or policy-map. You cannot configure a class c1 with match CoS and class c2 with match ip prec in the same policy-map at same level.
•
When configuring hierarchical QoS on the ES20 line card, if you configure matching on an input VLAN in a parent policy, then only matching on a QoS group is supported in the child policy.
•
For ingress marking on EVCs, service instances support the match vlan command, match vlan-inner command, match cos command, match precedence, match dscp and match cos-inner commands.
•
For egress marking on EVCs, service instances support the match vlan command, match vlan-inner command, match cos command, match precedence, match dscp, match mpls experimental and the match cos-inner commands.
•
QoS classification on Egress ACL is not supported with the following TCP/UDP port parameters:
•
Port range
•
Port gt (greater than)
•
Port lt (lesser than)
•
Established (matching on established connections)
Table 3-3 provides information about which QoS classification features are supported for the ES20 line card on the Cisco 7600 series router. For more information about most of the commands documented in this table, refer to the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR, at:
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/12_2sr/qos_12_2sr_book.html
Table 3-3 QoS Classification Feature Support
|
|
|
|
Match on access list (ACL) number (match access-group command) |
• Maininterface • Subinterface • Switchport |
• Maininterface • Subinterface |
Supports the following ACLs: • IPv4 and IPv6. • Protocols—ARP, RARP, ICMP, IGMP, UDP, MAC, MPLS, and TCP. • Source and destination ports. • TCP flags. • ToS. |
Match on ACL name (match access-group name command) |
• Maininterface • Subinterface • Switchport |
• Maininterface • Subinterface |
|
Match on any packet (match any command) |
• Maininterface • Subinterface • Switchport • EVC |
• Maininterface • Subinterface • Switchport • EVC |
|
Match on ATM cell loss priority (CLP) (match atm clp command) |
— |
— |
Not supported. |
Match on class-map (match class-map command) |
— |
— |
Not supported. |
Match on Class of Service (CoS) (match cos command) |
• EVC |
• EVC • Switchport • Subinterfaces |
Supported for switchport queueing and EVC interface. Note CoS classification is available through PFC QoS using MAC address ACLs. |
Match on inner CoS (match inner-cos command) |
• EVC |
• EVC |
|
Match on Frame Relay discard eligibility (DE) bit (match fr-de command) |
— |
— |
Not supported. |
Match on Frame Relay data-link connection identifier (DLCI) (match fr-dlci command) |
— |
— |
Not supported. |
Match on input VLAN (match input vlan command—Matches the VLAN from an input interface.) |
— |
Maininterface |
Supported for output interface only for software-based EoMPLS. Note The service policy is applied on the output interface to match the VLAN from the input interface. If you configure matching on input VLAN in a parent policy with hierarchical QoS, then only matching on QoS group is supported in the child policy. |
Match on IP DSCP (match ip dscp command) |
• Maininterface • Subinterface • Switchport • EVCs |
• Maininterface • Subinterface • EVCs |
|
Match on IP precedence (match ip precedence command) |
• Maininterface • Subinterface • Switchport • EVCs |
• Maininterface • Subinterface • EVCs |
|
Match on IP Real-Time Protocol (RTP) (match ip rtp command) |
— |
— |
Not supported. |
Match on MAC address for an ACL name (match mac address command) |
— |
— |
Not supported. |
Match on destination MAC address (match destination-address mac command) |
— |
— |
Not supported. |
Match on source MAC address (match source-address mac command) |
— |
— |
Not supported. |
Match on MPLS experimental (EXP) bit (match mpls experimental command) |
• Maininterface • Subinterface |
• Maininterface • Subinterface • EVCs |
Supported. |
Match on Layer 3 packet length in IP header (match packet length command) |
— |
— |
Not supported. |
Match on QoS group (match QoS-group command) |
— |
Maininterface only for software-based EoMPLS configurations |
Supported in software-based EoMPLS configurations only using hierarchical QoS, where the parent policy configures matching on input VLAN and the child policy configures matching on QoS group. |
Match on protocol (match protocol command |
• Maininterface • Subinterface • Switchport |
• Maininterface • Subinterface |
Supports matching on IP and IPv6. |
Match on VLAN (match vlan command—Matches the outer VLAN of a Layer 2 802.1Q frame) |
• EVC |
• Switchport • EVC |
Supported. • Outer VLAN ID matching for 802.1Q tagged frames on EVC. |
Match on VLAN Inner (match vlan inner command—Matches the innermost VLAN of the 802.1Q tag in the Layer 2 frame) |
• EVC |
• EVC |
Supported. |
No match on specified criteria (match not command) |
— |
— |
Not supported. |
Configuration Tasks
To create a user-defined QoS traffic class, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# class-map [match-all | match-any] class-name |
Creates a traffic class, where: • match-all—(Optional) Specifies that all match criteria in the class-map must be matched, using a logical AND of all matching statements defined within the class. This is the default. • match-any—(Optional) Specifies that one or more match criteria must match, using a logical OR of all matching statements defined within the class. • class-name—Specifies the user-defined name of the class. Note You can define up to 255 unique class-maps within a policy map as 1 class is always class-default. |
Step 2 |
Router(config-cmap)# match type |
Specifies the matching criterion to be applied to the traffic, where type represents one of the forms of the match command supported by the ES20 line card as shown in Table 3-3. Note A single class-map can contain up to 8 different match command statements. |
Examples
This example shows how to configure a class-map named ipp5, and enter a match statement for IP precedence 5:
Router(config)# class-map ipp5
Router(config-cmap)# match ip precedence 5
This is an example of configuring class matching on multiple match statements.
Router(config)# class-map match-any many (id 1047)
Router(config-cmap)# match ip precedence 3
Router(config-cmap)# match access-group 100
Router(config-cmap)# match mpls experimental 5
This is an example of configuring class matching on named ACLS.
Router(config)# class-map match-all acl9 (id 1049)
Router(config-cmap)# match access-group name rock
This example shows a logical AND operation in a child policy with match vlan and class-default in a parent.
Router(config)# class-map match-all childAND
Router(config-cmap)# match cos 2-3
Router(config-cmap)# match cos inner 5 6
Router(config)# policy-map testchildAND
Router(config-pmap)# class childAND
Router(config-pmap-c)# shape average 100000000
Router(config)# policy-map parentAND
Router(config-pmap)# class vlan12
Router(config-pmap-c)# shape average 500000000
Router(config-pmap-c)# service-policy testchild
This example shows how to display class-map information for a specific class-map using the show class-map command:
Router# show class-map ipp5
Class Map match-all ipp5 (id 1)
Match ip precedence 5
This example shows how to display class-map information matching on extended ACLs using the show class-map command.
head# show class-map acl5
Class Map match-all acl5 (id 1042)
This example shows how to verify classification on a VLAN in the parent class of a HQoS policy.
head# show policy-map match
Configuring Policing
This section describes information for configuring QoS traffic policing policies.
Restrictions and Usage Guidelines
The Cisco 7600 series routers support different forms of policing using the police command. See Table 3-4 to determine which policing features are supported by ES20 line card type.
When configuring ingress policing on main, subinterface, and VLAN, follow these restrictions and usage guidelines:
•
The ES20 line card supports conform-action policing on input interfaces only.
•
Egress policing command is executed when the priority is defined, and the policy-map is not rejected because we can add policing and priority. While you configure the LLQ values on a dynamically applied policy-map, ensure that you define police values followed by priority values.
•
Egress policing command is executed when the priority is defined. The stand alone policing is not rejected because you can add priority values. When you configure the LLQ values on a dynamically applied policy-map, ensure that you define police values followed by bc and be priority values. You can configure these values and also define the queue limit.
•
Use policing with priority queueing to limit the traffic rate in egress.When configuring policing paired with priority, the conform action is fixed to transmit while violate or exceed is fixed to drop. These action are not user configurable.
•
When configuring one rate 2 color per EVC micro-flow policer:
–
Up to 16,000 policers per line card are supported; only one per service instance configured within the class class-default.
–
The conform-action or the exceed-action are statically defined and can not be altered.
–
One form of policy configuration is support with optional marking in the child policy and policing in the parent policy.
Table 3-4 provides information about which policing features are supported for the ES20 line card on the Cisco 7600 series routers.
Table 3-4 QoS Policing Feature Support
Policing Feature (police command)
|
|
|
Policing by aggregate policer (police aggregate command) |
• Maininterface • Subinterface |
Supported in ingress only. |
Policing by bandwidth using token bucket algorithm (police command) |
• Maininterface • Subinterface • EVC (egress only) |
For egress, must be paired with priority command. |
Policing with 2-color marker (committed information rate [CIR] and peak information rate [PIR]) (police (two rates) command—police cir pir form) |
• Maininterface • Subinterface |
Supported in ingress only. |
Policing by flow mask (police flow mask command) |
• Maininterface • Subinterface |
Supported in ingress only. |
Policing by microflow (police flow command) |
• Maininterface • Subinterface |
Supported in ingress only. |
One rate 2 color per EVC micro-flow policer (committed information rate [CIR]) (police command—police cir form) |
• EVC |
Supported in ingress only beneath class class-default. |
Table 3-5 provides information about the interfaces and their supported actions on an ES20 line card.
Table 3-5 One-Rate Two Color Ingress Support
|
|
|
Maininterface |
• transmit • set dscp transmit • set precedence transmit • set mpls imposition exp |
• drop • policed dscp transmit |
Subinterface |
• transmit • set dscp transmit • set precedence transmit • set mpls imposition exp |
• drop • policed dscp transmit |
EVC |
transmit |
drop
Note EVC is supported only in class-default.
|
Switchport |
• transmit • set dscp transmit • set precedence transmit • set mpls imposition exp |
• drop • policed dscp transmit • set precdence • set dscp • set mpls imposition exp |
Table 3-6 QoS Policing Action Support
Policing Action (set command)
|
|
|
Drop the packet. (drop command) |
• Maininterface • Subinterface • EVC |
Supported—Ingress and egress. |
Set the IP precedence and transmit. (set-prec-transmit command) |
• Maininterface • Subinterface |
Supported —Input interface only. |
Set the IP DSCP and transmit. (set-dscp-transmit command) |
• Maininterface • Subinterface |
Supported—Input interface only. |
Set the MPLS EXP bit (0-7) on imposition and transmit. (set-mpls-experimental-imposition-transmit command) |
• Maininterface • Subinterface |
Supported—Input interface only. |
Set the MPLS EXP bit in the topmost label and transmit. (set-mpls-experimental-topmost-transmit command) |
• Maininterface • Subinterface |
Supported—Input interface only. |
Transmit all packets without alteration. (transmit command) |
• Maininterface • Subinterface • EVC |
Supported—Ingress and egress. |
Configuration Tasks
To create QoS traffic policies with policing, use the following commands beginning in global configuration mode:
Note
Effective from 12.2(33)SRD release onwards, the service-policy configuration supports policy conform burst (bc) size setting on an ES20 interface. Releases earlier than 12.2(33)SRD, do not support setting policy bc size.
Note
When creating QoS traffic policies as shown below, you can perform only one of the commands shown in Step 3 through Step 7 for each policy. You can perform Step 4 or Step 5 or Step 6 or Step 7; do not attempt to perform Step 3 through Step 7 in the same policy.
|
|
|
Step 1 |
Router(config)# mls QoS |
Enables the QoS functionality on an interface. |
Step 2 |
Router(config)# policy-map policy-map-name |
Creates or modifies a traffic policy and enters policy-map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. |
Step 3 |
Router (config-pmap)# class {class-name | class-default} |
Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class. |
Step 4 |
Router(config-pmap-c)# police bps [burst-normal] [burst-max] conform-action action exceed-action action violate-action action |
Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: • bps—Specifies the average rate in bits per second. Valid values are 128000 to 1 Gigabyte or 10 Gigabyte. • burst-normal—(Optional) Specifies the normal burst size in bytes. Valid values are 1000 to 51200000. The default normal burst size is 1500 bytes. • burst-max—(Optional) Specifies the excess burst size in bytes. Valid values are 1000 to 51200000. • action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. |
Or |
|
Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]] |
Configures traffic policing using two rates, the committed information rate (CIR) and the peak information rate (PIR), where: • cir cir—Specifies the CIR at which the first token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000. • bc conform-burst—(Optional) Specifies the conform burst (bc) size in bytes used by the first token bucket for policing. The value is a number from 1000 to 31,250,000. • pir pir—Specifies the PIR at which the second token bucket is updated as a value in bits per second. The value is a number from 128000 to 10000000000. • be peak-burst—(Optional) Specifies the peak burst (be) size in bytes used by the second token bucket for policing. The size varies according to the interface and platform in use. • action—(Optional) Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. |
Or |
|
Router(config-pmap-c)# police flow {bits-per-second [normal-burst-bytes] [maximum-burst-bytes] [pir peak-rate-bps]} | [conform-action action] [exceed-action action] [violate-action action] |
Configures a microflow policer, where: • bits-per-second—Specifies the CIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second. • normal-burst-bytes—(Optional) Specifies the CIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes. • maximum-burst-bytes—(Optional) Specifies the PIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes. • pir peak-rate-bps—(Optional) Specifies the PIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second. • action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming, exceeding, or violating traffic. |
Or |
|
Router(config-pmap-c)# police flow mask {dest-only | full-flow | src-only} {bits-per-second [normal-burst-bytes] [maximum-burst-bytes]} [conform-action action] [exceed-action action] |
Configures a flow mask to be used for policing, where: • dest-only—Specifies the destination-only flow mask. • full-flow—Specifies the full-flow mask. • src-only—Specifies the source-only flow mask. • bits-per-second—Specifies the CIR in bits per second. Valid values are from 32,000 to 4,000,000,000 bits per second. • normal-burst-bytes—(Optional) Specifies the CIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes. • maximum-burst-bytes—(Optional) Specifies the PIR token-bucket size. Valid values are from 1000 to 31,250,000 bytes. • action—Specifies the policing command (as shown in Table 3-5) for the action to be applied to the corresponding conforming or exceeding traffic. |
Or |
|
Router(config-pmap-c)# police aggregate name |
Specifies a previously defined aggregate policer name and configures the policy-map class to use the specified name of the aggregate policer. |
Examples
This example shows a traffic policing configuration with the average rate at 128kbps, the normal burst size at 128,000 bytes, and the excess burst size at 4000 bytes:
Router(config)# class-map acgroup2
Router(config-cmap)# match access-group 2
Router(config-cmap)# exit
Router(config)# policy-map police
Router(config-pmap)# class acgroup2
police cir 128000 pir 10000000 conform-action transmit exceed-action drop 4 violate-action
drop set-cos-transmit 4 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface gigethernet 1/0/0
Router(config-if)# service-policy input police
This example shows a policy that contains a one rate 2 color per EVC micro-flow policer with marking operations.
Router(config)# policy-map child
Router(config-pmap)# class cos1
Router(config-pmap-c)# set cos 5
Router(config-pmap)# class class-default
Router(config-pmap-c)# set cos 6
Router(config)# policy-map efppolicy
Router(config-pmap)# class class-default
Router(config-pmap-c)# police cir 200000000 bc 6250000 conform-action transmit
exceed-action drop
Router(config-if)# service-policy child
This example shows a policy that contains a one- rate zero color (1R0C) policer:
Router(config)#policy-map 1r0c
Router(config-pmap)#class class-default
Router(config-pmap-c)#police cir 1000000
Router(config-pmap-c-police)#end
This example shows a policy that contains a two- rate three color (2R3C) policer:
Router(config)#policy-map 2r3c
Router(config-pmap)#class cos1
Router(config-pmap-c)#police cir 1000000 pir 2000000 conform-action set-prec-transmit 3
exceed-action set-prec-transmit 4 violate-action drop
Router(config-pmap-c-police)#end
This example shows how to apply a policy-map on the EVC port channel:
Router(config)#int port-channel 100
Router(config-if)#service instance 1 ethernet
Router(config-if-srv)#encapsulation dot1q 100
Router(config-if-srv)#service-policy in 1r0c
Verification
Use the following commands to verify policing:
|
|
|
|
Router# show policy-map |
Displays all configured policy-maps. |
|
Router# show policy-map policy-map-name |
Displays the user-specified policy-map. |
|
Router# show policy-map interface |
Displays statistics and configurations of all input and output policies that are attached to an interface. |
This example shows how to display policing statistics using the show policy-map interface command in the EXEC mode.
sh policy-map int gig 4/0/5
Service-policy output: example
Counters last updated 00:00:00 ago
queue stats for all priority classes:
(queue depth/total drops/no-buffer drops) 0/121416/0
(pkts output/bytes output) 428079/640406145
Class-map: prec1 (match-all)
497836 packets, 744762656 bytes
5 minute offered rate 18806000 bps, drop rate 828000 bps
cir 3000000 bps, bc 93750 bytes
conformed 324764 packets, 485846905 bytes; actions: transmit
exceeded 121416 packets, 181636879 bytes; actions: drop
conformed 12256000 bps, exceed 842000 bps
Priority: Strict, b/w exceed drops: 121416
Class-map: class-default (match-any)
1761338 packets, 1138941205 bytes
5 minute offered rate 27792000 bps, drop rate 26713000 bps
(queue depth/total drops/no-buffer drops) 70/824757/0
(pkts output/bytes output) 300574/420798000
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
This is another example of displaying policing statistics using the show policy-map interface command; in this case the statistics are for a one rate 2 color per EVC micro-flow policer.
TenGigabitEthernet4/0/0: EFP 1
Service-policy input: policesmall
Counters last updated 00:00:00 ago
Class-map: class-default (match-any)
12353351 packets, 3627868092 bytes
5 minute offered rate 671206 bps, drop rate 543206 bps
cir 128000 bps, bc 4000 bytes
conformed 2096904 packets, 130008048 bytes; actions: transmit
exceeded 10256447 packets, 134308720 bytes; actions: drop
conformed 127000 bps, exceed 543206 bps
Attaching a QoS Traffic Policy to an Interface
Before a traffic policy can be enabled for a class of traffic, it must be configured on an interface. A traffic policy also can be attached to Ethernet subinterfaces, maininterfaces, and service instances.
Traffic policies can be applied for traffic coming into an interface (input), and for traffic leaving that interface (output).
Attaching a QoS Traffic Policy for an Input Interface
When you attach a traffic policy to an input interface, the policy is applied to traffic coming into that interface. To attach a traffic policy for an input interface, use the following command beginning in interface configuration mode:
|
|
Router(config-if)# service-policy input policy-map-name |
Attaches a traffic policy to the input direction of an interface, where: • policy-map-name—Specifies the name of the traffic policy to configure. |
Attaching a QoS Traffic Policy to an Output Interface
When you attach a traffic policy to an output interface, the policy is applied to traffic leaving that interface. To attach a traffic policy to an output interface, use the following command beginning in interface configuration mode:
|
|
Router(config-if)# service-policy output policy-map-name |
Attaches a traffic policy to the output direction of an interface, where: • policy-map-name—Specifies the name of the traffic policy to configure. |
Configuring Marking
After you have created your traffic classes, you can configure traffic policies to configure marking features to apply certain actions to the selected traffic in those classes.
In most cases, the purpose of a packet mark is identification. After a packet is marked, downstream devices identify traffic based on the marking and categorize the traffic according to network needs. This categorization occurs when the match commands in the traffic class are configured to identify the packets by the mark (for example, match ip precedence, match ip dscp, match cos, and so on). The traffic policy using this traffic class can then set the appropriate QoS features for the marked traffic.
In some cases, the markings can be used for purposes besides identification. Distributed WRED, for instance, can use the IP precedence, CoS, IP DSCP, or MPLS EXP values to detect and drop packets.
Restrictions and Usage Guidelines
When configuring class-based marking on an ES20 line card, follow these restrictions and usage guidelines:
•
Ingress packet marking is supported on maininterfaces, subinterfaces, and service instances. You can configure packet marking and queueing actions in the same traffic policy.
•
If an ingress service policy configures both class-based marking and marking as part of a policing action, then the marking using policing takes precedence over any class-based marking.
•
The Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature supports mapping of the incoming VLAN dot1q p-bits to the outgoing MPLS EXP bits. Only outer tag dot1q pbits mapping is supported.
•
The Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature supports mapping of the incoming MPLS EXP bits to the outgoing VLAN dot1q p-bits.
•
MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE supports set cos and set cos inner commands in ingress marking. However, from 12.2(33) SRE onwards, ingress marking also supports set dscp and set precedence commands.
•
Set operations are not allowed at the parent level.
•
Up to two marking combinations can occur with the exception that Layer 2 marking is not combined with Layer 3 marking operations.
•
You should configure no mls qos trust value for ingress marking on the main and subinterfaces.
Table 3-7 and Table 3-8 provides information about the various Ingress and Egress Marking combinations supported for a ES20 line card on the Cisco 7600 series router.
For example, in Table 3-7, ¸ marked against DSCP and Cos (row 4 col 1) indicates that you can mark DSCP and Cos within a single class. Similarly, a x marked against MPLS Experimental and Precedence (row 5 col 3) indicates that you cannot use both within a single class.
Table 3-7 Layer 3 Egress Marking Scenarios For EVCs
|
|
|
|
|
|
|
Cos |
— |
¸ |
¸ |
¸ |
¸ |
— |
Cos_Inner |
¸ |
— |
x |
x |
¸ |
— |
Precedence |
¸ |
x |
— |
x |
x |
¸ |
DSCP |
¸ |
x |
x |
— |
x |
¸ |
MPLS Experimental |
¸ |
¸ |
x |
x |
— |
¸ |
Cos and Cos Inner |
— |
— |
¸ |
¸ |
¸ |
— |
Table 3-8 Layer 3 Ingress Marking Scenarios On a Service Instance
|
|
|
|
|
|
|
Cos |
— |
¸ |
¸ |
¸ |
x |
— |
Cos_Inner |
¸ |
— |
x |
x |
¸ |
x |
Precedence |
¸ |
x |
— |
— |
¸ |
¸ |
DSCP |
¸ |
x |
— |
— |
¸ |
¸ |
MPLS Experimental |
x |
¸ |
¸ |
¸ |
¸ |
— |
Cos and Cos Inner |
— |
— |
¸ |
¸ |
— |
— |
The following example shows the sample ingress policy map for layer 3 marking support.
The following example shows Egress marking - port in set trust cos mode.
policymap policy1-eg-mark-BD
policymap policy-hqos-eg-mark-BD
service-policy policy1-eg-mark-BD
The following example shows the sample output of the sh command.
pacv-7609S#
sh policy-map interface ten4/0/1 service instance 1
TenGigabitEthernet4/0/1: EFP 1
Service-policy output: policy-hqos-eg-mark-BD
Counters last updated 00:00:04 ago
Class-map: cosin_cos_dscp_all (match-all)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
Service-policy : policy1-eg-mark-BD
Counters last updated 00:00:04 ago
Class-map: prec5 (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
Class-map: cos_in (match-all)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
Class-map: cos_exp_all (match-all)
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: mpls experimental topmost 3
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 3000000, bc 12000, be 12000
target shape rate 3000000
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
Table 3-9 Qos Class Based Marking Feature Support On A Main-Interface, Sub-Interface, and Serivce Instance
Marking Feature (set command)
|
|
|
|
Set ATM CLP bit (set atm-clp command—Mark the ATM cell loss priority bit with value of 1) |
— |
— |
Not supported. |
Set discard class (set discard-class command—Marks the packet with a discard class value for per-hop behavior) |
— |
— |
Not supported. |
Set Frame Relay DE bit (set fr-de command—Mark the Frame Relay discard eligibility bit with value of 1) |
— |
— |
Not supported. |
Set IP DSCP (set ip dscp command—Marks the IP differentiated services code point (DSCP) in the type of service (ToS) byte with a value from 0 to 63.) |
• Subinterface • Maininterface • Switchport • EVC interface |
• Subinterface • Maininterface • Switchport • EVC interface |
Supported on ingress and egress. |
Set IP precedence (set ip precedence command—Marks the precedence value in the IP header with a value from 0 to 7.) |
• Subinterface • Maininterface • Switchport • EVC |
• Subinterface • Maininterface • Switchport • EVC |
Supported on ingress and egress. |
Set Layer 2 802.1Q CoS (set cos command—Marks the CoS value from 0 to 7 in an 802.1Q tagged frame.) |
• EVC interface |
• Subinterface • EVC interface • Switchport |
• Subinterfaces supported on egress. • EVCs supported in ingress and egress. |
Set Layer 2 802.1Q CoS (set cos-inner command—Marks the inner CoS field from 0 to 7 in a bridged frame.) |
• EVC |
• Subinterface • EVC interface |
• Subinterfaces supported on output. • EVCs supported in ingress and egress. |
Set Layer 2 802.1Q CoS (set cos-inner cos command—Copies out CoS to inner CoS. |
• EVC |
• Subinterface • EVC interface |
• Subinterfaces supported on egress. • EVCs supported in ingress and egress. |
Set Layer 2 802.1Q CoS (set cos cos-inner command) |
• EVC |
• Subinterface • EVC interface |
• Subinterfaces supported on output. • EVCs supported in input and output direction. |
Set MPLS experimental (EXP) bit on label imposition (set mpls experimental imposition command) |
• Maininterface • Subinterface • EVC interface • Switchport |
Not supported |
Supported on ingress for a service instance. Note Marking of EXP in case of MPB results in marking of DBUS CoS. Marking of EXP in case of xconnect and connect results in the marking of DBUS Cos as well as the MPLS Tags added as part of xconnect/connect processing. |
Set MPLS EXP topmost (set mpls experimental topmost command) |
— |
EVC interface |
Supported for EVC in egress. |
Set QoS group (set QoS-group command—Marks the packet with a QoS group association.) |
— |
— |
Not supported. |
Configuration Tasks
To configure a QoS traffic policy with class-based marking, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# policy-map policy-map-name |
Creates or modifies a traffic policy and enters policy-map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. |
Step 2 |
Router (config-pmap)# class {class-name | class-default} |
Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class. |
Step 3 |
Router(config-pmap-c)# set type |
Specifies the marking action to be applied to the traffic, where type represents one of the forms of the set command supported by the ES20 line card as shown in Table 3-8. |
Examples
This example shows the creation of a service policy called policy1. This service policy is associated to a previously defined classification policy through the use of the class command. This example assumes that a classification policy called class1 was previously configured.
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# set ip precedence 1
Verification
Use the following commands to verify marking:
|
|
|
|
Router# show policy-map |
Displays all configured policy-maps. |
|
Router# show policy-map policy-map-name |
Displays the user-specified policy-map. |
|
Router# show policy-map interface |
Displays statistics and configurations of all input and output policies that are attached to an interface. |
For more detailed information about configuring class-based marking features, refer to the Class-Based Marking document located at the following URL:
http://www.cisco.com/en/US/docs/ios/12_1t/12_1t5/feature/guide/cbpmark2.html
Configuring Shaping
This section describes information for configuring QoS traffic policies for shaping traffic.
Restrictions and Usage Guidelines
When configuring queueing features on an ES20 line card, follow these restrictions and usage guidelines:
•
The Cisco 7600 series routers support different forms of queueing features. See Table 3-10 to determine which traffic shaping features are supported by the ES20 line card type.
•
Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ. First, configure a parent policy to shape to the total bandwidth required. Then, define a child policy using CBWFQ for the minimum bandwidth percentages.
•
Traffic shaping is a queue with some CIR and excess information rate (EIR) value, such that CIR plus EIR is the shaped rate. Traffic shaping on an average cuts the flow of traffic from the queue at the configured shape rate over a mean period of time
For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.
Table 3-10 provides information about which QoS traffic shaping features are supported for the ES20 line card on the Cisco 7600 series router.
Table 3-10 QoS Traffic Shaping Feature Support
Traffic Shaping Feature (command)
|
|
Adaptive shaping for Frame Relay (shape adaptive command) |
Not supported. |
Class-based shaping (shape average, shape peak commands) |
Supports shape average only in egress. |
Policy-map class shaping with adaptation to backward explicit congestion notification (BECN) (shape adaptive command) |
Not supported. |
Policy-map class shaping with reflection of forward explicit congestion notification (FECN) as BECN (shape fecn-adapt command) |
Not supported. |
Policy-map class shaping of peak rate of traffic by percentage of bandwidth (shape peak percent command) |
Not supported. |
Configuration Tasks
Use MQC to configure traffic shaping. Create a class-map using the class-map command and a policy-map using the policy-map command. Attach the class to the policy using the class command and then use the shape command to configure shaping for that class.
|
|
|
Step 1 |
Router(config)# class-map [match-all | match-any] class-name |
Creates a class-map to be used for matching packets to a class. |
Step 2 |
Router(config-cmap)# match [ip dscp ip-dscp-value | ip precedence ip-precedence-value | mpls experimental mpls-exp-value] |
Specifies a specific IP DSCP, IP precedence, or MPLS EXP value as a match criterion. |
Step 3 |
Router(config)# policy-map policy-name |
Specifies the name of the policy-map to configure. |
Step 4 |
Router(config-pmap)# class class-name |
Specifies the name of a predefined class included in the service policy. |
Step 5 |
Router(config-pmap-c)# shape [average] mean-rate [[burst-size] [excess-burst-size]] |
Specifies new values for traffic shaping. Maximum values are 128000 to 990 Mbps or 9.9Gb. |
Examples
This example shows traffic shaping on a main interface; traffic leaving interface Gig1/0/0 is shaped at the rate of 10 Mbps:
Router(config)# class-map class-interface-all
Router(config-cmap)# match ip precedence 1
Router(config-cmap)# exit
Router(config)# policy-map dts-interface-all-action
Router(config-pmap)# class class-interface-all
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# exit
Router(config)# interface gig 1/0/0
Router(config-if)# service-policy output dts-interface-all-action
This is an example of an output shaping policy on a switchport interface that matches on a CoS value queuing defined in the classes.
Router(config)# policy-map switchport-cos-policy
Router(config-pmap)# class cos1
Router(config-pmap-c)# shape ave 100000000
Now the policy is applied in the egress direction on the main switchport.
Router(config)# interface TenGigabitEthernet9/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-cos-policy
In this example, the flat policy-map is applied in the egress direction to a subinterface.
Router(config)# policy-map x
Router(config-pmap)# class prec5
Router(config-pmap-c)# police 100000000
Router(config-pmap-c)# priority
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 100000000
In this example, the following policy-map is applied in the egress direction to a subinterface.
Router(config)# policy-map child2
Router(config-pmap)# class prec5
Router(config-pmap-c)# shape average 100000000
Router(config)# policy-map pcd
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 300000000
Router(config-if)# service-policy child2
Verification
Use the following commands to verify traffic shaping:
|
|
|
|
Router# show policy policy-name |
Displays the configuration of all classes composing the specified traffic policy. |
|
Router# show policy policy-name class class-name |
Displays the configuration of the specified class of the specified traffic policy. |
Configuring Shaping on the ES20 Main Interface
A traffic policy can be nested within a QoS policy when the service-policy command is used in a policy-map class configuration mode. A traffic policy that contains a nested traffic policy is called a hierarchical traffic policy.
A hierarchical traffic policy contains a child and a parent policy. The service-policy command associates the previously defined child policy with the new traffic policy and the parent policy uses the preexisting traffic policy.
Hierarchical traffic policies are supported on subinterfaces, EVCs, and EVC port channels. When hierarchical traffic policies are used, you c an use a single traffic policy (with a child and a parent policy) to shape and prioritize traffic.
You can use this feature to configure a HQoS on an ES20 main interface where the child policy-map is attached to the class-default of a parent policy-map. For more information on hierarchical shaping, refer to the section "Configuring Hierarchical QoS with Tiered Policy-Maps" section
About Traffic Shaping
Traffic shaping:
•
Controls the outbound traffic of an interface to match its flow to the speed of the remote target interface.
•
Manages the access to the available bandwidth.
•
Regulates the traffic flow to avoid congestion.
•
Ensures that the traffic conforms to policies contracted for it.
•
Shapes the traffic to eliminate the bottlenecks in topologies with data-rate mismatches.
Cisco IOS QoS uses policing and shaping to regulate data traffic. The rate-limiting features of the Committed Access Rate (CAR) and the Traffic Policing feature provides the functionality to police the traffic and the features of Generic Traffic Shaping (GTS), Class-Based Shaping, and Distributed Traffic Shaping (DTS) provides the functionality to shape traffic.
For more information on Shaping, refer to the "HQoS Polices with Shape in Child Classes"section in the Cisco IOS Quality of Serivce Configuration Guide.
Cisco IOS QoS software uses two types of traffic shaping: GTS and Class-Based.
Their have:
•
Similar traffic shaping methods using different CLIs.
•
Different types of queues to contain and shape deferred traffic.
•
Weighted fair queue to hold the delayed traffic for the deferred packets.
Restrictions and Usage Guidelines
Follow these restrictions and usage guidelines when you configure shaping on an ES20 main interface:
•
When a child policy is added to the class-default, no other classes should exist on the parent level.
•
When you apply a service policy on a main interface, ensure that the EVC or subinterface is not configured within the main interface.
•
A minimum of 128 Kbps shape value and a maximum of 99% of interface bandwidth is supported.
Non example
In the following non example, the policy-map parent has a user-defined class prec1 and a class class-default with a attached child policy.
Based on the following example, this feature does not support policies with:
•
user-defined classes at the parent level.
•
Class defaults with attached child policies.
Though this feature does not support the following scenario, you can apply the policies in the following example.
Class vlan12 (matches on Vlan 12)
Configuring the Child Policy
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map policy name
4.
class class-default
5.
class class name
6.
shape [average] mean-rate
7.
class class-default
8.
shape [average] mean-rate
9.
exit
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map policy name
P19_C7609-S(config)# policy-map child |
Enters the policy name. |
Step 4 |
class class default
P19_C7609-S(config)#(config-pmap-c) class class default |
Applies a class default value to the policy-map. |
Step 5 |
class class name
P19_C7609-S(config-pmap)# class test |
Attaches a class map to the child policy-map. |
Step 6 |
shape [average] mean-rate
P19_C7609-S(config-pmap-c)# shape average 50000000 |
Sets the average shaping rate in bits per second for the child policy-map. |
Step 7 |
class class-default
P19_C7609-S(config-pmap-c)# class class-default |
Specifies the name of the class, whose policy you want to create or change, and the default class (commonly known as the class-default class) before you configure its policy. |
Step 8 |
shape [average] mean-rate
P19_C7609-S(config-pmap-c)# shape average 50000000 |
Sets the average shaping rate in bits per second for the child policy-map. |
Step 9 |
exit
Router (config-if)# |
Exits to global configuration mode. |
Configuring the Parent Policy
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
policy-map policy name
4.
class class-default
5.
shape [average] mean-rate
6.
service-policy policy-map name
7.
interface type value
8.
service-policy [output class-default]
9.
exit
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode. • Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map policy-map
P19_C7609-S(config-pmap-c)# policy-map parent |
Creates a parent policy-map with a specified name. |
Step 4 |
class class-default
P19_C7609-S(config-pmap)# class class-default |
Specifies the name of the class whose policy you want to create or change, and the default class (commonly known as the class-default class), before you configure its policy. |
Step 5 |
shape [average] mean-rate
P19_C7609-S(config-pmap-c)# shape average 100000000 |
Sets the average shaping value in bits per second to ensure a specific bandwidth. |
Step 6 |
service- policy policy-map name
P19_C7609-S(config-pmap-c)# service-policy child |
Configures the hierarchical child policy. |
Step 7 |
interface type value
Router (config)# interface gig2/0/0 |
Identifies the interface to which the service policy should be attached. The format of value is slot/subslot/port and ensure that you do not include a space between the type and value when you execute the command. |
Step 8 |
service-policy [output class-default]
Router(config-if)# service-policy output parent |
Attaches the configured parent policy-map to the Ethernet interface. |
Step 9 |
exit
Router (config-if)# |
Exits to global configuration mode. |
Verification
You can execute the show run command to view the policy-map attached to the interface.In the following example, the child policy classifies and prioritizes the traffic, and the parent policy shapes the traffic.
USA# show policy-map int gig 1/0/0
Service-policy output: parent
Counters last updated 00:00:00 ago
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/164
shape (average) cir 100000000, bc 400000, be 400000
target shape rate 100000000
Counters last updated 00:00:00 ago
Class-map: prec0 (match-all)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 50000000, bc 200000, be 200000
target shape rate 50000000
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/164
shape (average) cir 50000000, bc 200000, be 200000
target shape rate 50000000
Configuring QoS Queue Scheduling
This section describes ES20 line card-specific information for configuring QoS queue scheduling.
Restrictions and Usage Guidelines
When configuring queueing features on an ES20 line card, follow these restrictions and usage guidelines:
•
The Cisco 7600 series routers support different forms of queueing features. See Table 3-11 to determine which queueing features are supported by ES20 line card type.
•
You must use policing with priority queueing to limit the traffic rate.
•
ES20 line card supports up to two LLQ queues per policy-maps with equal priority.
•
If you receive any exceed errors on the line card, we recommend you to remove all the policy-maps from the erroneous port.
•
Ensure that you configure the policy-maps to use 99% of the port bandwidth. Policy-map functions erroneously when it is configured to use the 100% bandwidth of the port because 1% of the port bandwidth is reserved for control packets.
•
A maximum of 8000 queues are supported per bay.
•
The maximum acceptable limit of the Excess Information Rate (EIR) limitation per port is 549 Gigabyte.
•
Priority or low latency queue with bit rates (priority <kbps> command) is not supported.
•
Priority or low latency queue with percent (priority percent command) is not supported.
For more detailed information about configuring congestion management features, refer to the Cisco IOS Quality of Service Solutions Configuration Guide document corresponding to your Cisco IOS software release.
Table 3-11 provides information about which QoS queueing features are supported for the ES20 line card on the Cisco 7600 series routers.
Table 3-11 QoS Congestion Management and Avoidance Feature Support
Congestion Management and Avoidance Feature (command)
|
|
Aggregate Weighted Random Early Detection (WRED) (random-detect aggregate, random-detect dscp (aggregate), and random-detect precedence (aggregate) commands) |
Egress supported. Note WRED DSCP based aggregate is supported only on the main and subinterfaces of Layer 3. It is not supported on EVC interfaces. |
Weighted RED (WRED) |
Not supported. |
Class-based Weighted Fair Queueing (CBWFQ) (bandwidth, queue-limit commands) |
Egress supported. |
Flow-based Queueing (fair queueing/WFQ) (fair-queue command) |
Not supported. |
Low Latency Queueing (LLQ)/Priority Queueing (priority command paired with police command) |
Egress supported. |
Random Early Detection (RED) (random-detect commands) |
Not supported. |
Configuring WRED
Note
You can use a maximum of 4 random detect statements with a single class-map and total of 128 WRED statements per bay.
To configure a QoS WRED policy, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# policy-map policy-name |
Specifies the name of the policy-map to configure. |
Step 2 |
Router(config-pmap)# class class-name |
Specifies the name of a predefined class included in the service policy. |
Step 3 |
Router(config-pmap-c)# shape average |
Shapes traffic to the indicated bit rate for the specified class. |
Step 4 |
Router(config-pmap-c)# random-detect aggregate |
Enables WRED. |
Step 5 |
Router(config)# interface interface-name |
Specifies the interface to which the policy-map will be applied. |
Step 6 |
Router(config-if)# service-policy [output policy-name] |
Attaches the specified policy-map to the interface. |
Examples
This is an example of a WRED configuration.
Router(config)# policy-map wredtest
Router(config-pmap)# class cos5
Router(config-pmap-c)# shape average 200000000
Router(config-pmap-c)# random-detect precedence-based aggregate
Router(config-pmap-c)# random-detect precedence values 0 min 100 max 200 mark-prob 1
Router(config-pmap-c)# random-detect precedence values 1 min 300 max 500 mark-prob 1
Router(config-pmap-c)# random-detect precedence values 2 min 600 max 900 mark-prob 1
The default line can also be configured as follows:
Router(config-pmap-c)# random-detect precedence-based aggregate min 200 max 300 mark-prob
1
Min and max threshold values listed in the previous command signifies the number of 256 byte packet buffers.
Note
Packets or datagrams or frames larger than 256 bytes consumes more packet buffers.
Note
In a EVC, if WRED config with precedence is used, the CoS value is mapped to the Prec value.
Configuring CBWFQ
To configure a QoS CBWFQ policy, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# policy-map policy-map-name |
Creates or modifies a traffic policy and enters policy-map configuration mode, where: • policy-map-name—Specifies the name of the traffic policy to configure. Names can be a maximum of 40 alphanumeric characters. |
Step 2 |
Router (config-pmap)# class {class-name | class-default} |
Specifies the name of the traffic class to which this policy applies and enters policy-map class configuration mode, where: • class-name—Specifies that the policy applies to a user-defined class name previously configured. • class-default—Specifies that the policy applies to the default traffic class. |
Step 3 |
Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent} |
Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth, to be assigned to the class. The minimum value to set is 128kbps.The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead. |
Step 4 |
Router(config-pmap-c)# queue-limit number-of-packets |
Specifies the maximum number of 256 byte packets that can be queued for the class. Note Packets or datagrams or frames larger than the 256 bytes consumes more packet buffers. For example a packet of size 500 bytes occupies 2 packet buffers. Note You cannot have more than 128 queue- limit commands per bay. Note You can use the queue-limit command with shape and priority queues. Note Cisco recommends that you use the default queue-limit tuned to the bandwidth rate configured in the queueing action. Use this step if the default is not satisfactory. |
Examples
This example shows a service policy called policy1 that specifies the amount of bandwidth to allocate for traffic classes 1 and 2:
Router(config)# class-map class1
Router(config-cmap)# match ip dscp 30
Router(config-cmap)# exit
Router(config)# class-map class2
Router(config-cmap)# match ip dscp 10
Router(config-cmap)# exit
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 30000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# class class2
Router(config-pmap-c)# bandwidth 20000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#
Router(config)# interface gig 1/0/0
Router(config-if)# service-policy output policy1
Use the following commands to verify CBWFQ:
|
|
Router# show policy-map policy-map |
Displays the configuration of all classes that make up the specified policy-map. |
Router# show policy-map policy-map class class-name |
Displays the configuration of the specified class of the specified policy-map. |
Router# show policy-map interface interface-name |
Displays the configuration of all classes configured for all policy-maps on the specified interface. |
Configuring LLQ
To configure LLQ, use the Modular QoS command-line interface. Define the class of traffic with the class-map command, create a policy-map that contains the priority command, and apply the policy to the appropriate interface with the service-policy command.
You can configure a maximum of 2 priority queue with policing on two different classes.
To configure a policy with LLQ and to assign the policy to an interface, perform the following tasks in global configuration mode:
|
|
|
Step 1 |
Router(config)# policy-map policy-name |
Specifies the name of the policy-map to configure. |
Step 2 |
Router(config-pmap)# class class-map-name
|
Specifies the name of a predefined class included in the service policy. |
Step 3 |
Router(config-pmap-c)# police bps [burst-normal] [burst-max] conform-action action exceed-action action violate-action action |
Specifies a maximum bandwidth usage by a traffic class through the use of a token bucket algorithm, where: • bps—Specifies the average rate in bits per second. Valid values are 128,000 to 200000000. • burst-normal—(Optional) Specifies the normal burst size in bytes. Valid values are 1000 to 31,250,000. The default normal burst size is 1500 bytes. • burst-max—(Optional) Specifies the excess burst size in bytes. Valid values are 1000 to 31,250,000. • action—Specifies the policing command (as shown in Table 3-5) for the corresponding conforming, exceeding, or violating traffic actions. Ensure that confirm action is always set to transmit and exceed and violate action is set to drop. |
Step 4 |
Router(config-pmap-c)# priority
|
Gives strict priority to a class of traffic belonging to the policy-map. |
Step 5 |
Router(config)# interface interface-name |
Specifies the interface to which the policy-map will be applied. |
Step 6 |
Router(config-if)# service-policy output policy-name |
Attaches the specified policy-map to the interface. |
Examples
The following example configures an output LLQ policy on a switchport interface that matches on a CoS value queuing defined in the classes.
Router(config)# policy-map switchport-llq-policy
Router(config-pmap)# class cos0
Router(config-pmap-c)# police 500000000
Router(config-pmap-c)# priority
Now the policy is applied to the interface.
Router(config)# interface TenGigabitEthernet9/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-llq-policy
Configuring PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card
The ES20 line card supports most of the same QoS features as those supported by the Policy Feature Card (PFC) on the Cisco 7600 series routers.
This section describes those QoS features that have ES20 line card-specific configuration guidelines. After you review the ES20 line card-specific guidelines described in this document, then refer to the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR located at the following URL:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/swcg.html
PFC QoS on a Cisco 7600 Series Ethernet Services 20G Line Card Configuration Guidelines
•
Output policing is not supported.
•
PFC egress marking is not supported.
•
Ingress marking and policing is performed with PFC Qos.
Configuring Hierarchical QoS
Table 3-12 provides information about where the hierarchical QoS features are supported.
Table 3-12 Hierarchical QoS Feature Support
|
|
|
Hierarchical QoS for EoMPLS VCs (parent policy) |
|
Supported at egress only using match iput vlan command in parent policy. |
Hierarchical QoS—Tiered policy-maps with parent policy using class-default only on the subinterface. |
Subinterface Maininterface |
Parent supports class-default only in egress direction. |
Hierarchical QoS—Tiered policy-maps with parent policy in user-defined match vlan on the maininterface. |
Main switchport interface |
Parent supports match vlan only in egress direction. Hierarchical class-default is not supported. |
Hierarchical QoS with Ethernet MPB (service instance) |
EVC |
Parent supports class-default, match vlan, and match vlan inner commands in egress direction. |
Hybrid Policy Support
The following hybrid policy is not supported on an ES20 line card.
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
LLB# sh policy-map unsupp
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
The following configuration is supported on the maininterfaces, switchport, and EVCs:
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Configuring Hierarchical QoS with Tiered Policy-Maps
Hierarchical QoS with tiered policy-maps is a configuration where the actions associated with a class contain a queuing action (such as shaping) and a nested service policy, which in itself is a policy-map with classes and actions. This hierarchy of the QoS policy-map is then translated into a corresponding hierarchy of queues.
Configuration Guidelines
When configuring hierarchical QoS with tiered policy-maps on an ES20 line card, follow these restrictions and usage guidelines:
•
You can configure up to two levels of hierarchy within the policy-maps.
•
The parent policy-map has the following restrictions on a main switchport interface:
–
Supports match vlan command in parent class and match cos command in the child class. You can configure shape or bandwidth queueing actions in any class (user-defined and class-default).
•
When configuring hierarchical QoS for software-based EoMPLS, if you configure match input vlan in the parent policy, then you can only configure match QoS-group in the child policy.
•
ES20 line card does not support a flat match QoS-group policy.
•
In hierarchical QoS, the set command is not supported in the parent policy.
•
In egress direction, the set command works if at least one queueing action is configured in the policy. This queueing action can also exist in the parent policy while child policies contain only marking.
•
The child policy-map supports shape, bandwidth, priority, set operations, and WRED QoS features.
•
With hierarchical QoS on a subinterface, the parent policy-map supports hierarchical QoS using only the shape average command as a queueing action in the default class (class-default) only.
•
If you configure shaping at both the parent policy and the child policy, the traffic is shaped first according to the parameters defined in the parent policy, followed by the parameters of the child policy.
•
Use a hierarchical policy if you want to achieve minimum bandwidth guarantees using CBWFQ with a map class. First, configure a parent policy to shape to the total bandwidth required. Then, define a child policy using CBWFQ for the minimum bandwidth percentages.
•
ES20 supports class-default hQoS policy-maps. A user-defined class-map in the parent policy is not supported on subinterfaces. The following example shows an unsupported policy-map on a sub-interface:
pavement#sh policy-map unsup
Class prec4 *** not supported
Average Rate Traffic Shaping
Average Rate Traffic Shaping
pavement#sh policy-map unsup2
Average Rate Traffic Shaping
Average Rate Traffic Shaping
•
You can configure hierarchical QoS up to the following limits, according to the current Cisco IOS software limits:
–
Up to 1024 class-maps
–
Up to 1024 policy-maps
–
Up to 256 unique classes in a policy-map including class-default
The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues. The first-level policy (the parent policy) configures the aggregated data rate to be shaped to 1 Mbps for the class-default class. The second-level policy (the child policy) configures the traffic in User-A class for 40 percent of the bandwidth and traffic in User-B class for 20 percent of the bandwidth.
! Configure the class-maps with your matching criteria
Router(config)# class-map match-any User-A
Router(config-cmap)# match access-group A
Router(config-cmap)# exit
Router(config)# class-map match-any User-B
Router(config-cmap)# match access-group B
Router(config-cmap)# exit
Configure the parent policy for class-default to shape all traffic in that class and apply a second-level policy.
Router(config)# policy-map child
Router(config-pmap)# class User-A
Router(config-pmap-c)# bandwidth percent 40
Router(config-pmap-c)# exit
Router(config-pmap)# class User-B
Router(config-pmap-c)# bandwidth percent 20
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 1000000
Router(config-pmap-c)# service-policy child
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Configure the child policy to allocate different percentages of bandwidth by class.
!Apply the parent service policy to an output subinterface.
Router(config)# interface TenGigabitEthernet 2/0/0.1
Router(config-if)# encapsulation dot1q 11
Router(config-if)# service-policy output parent
The following example shows configuration of hierarchical QoS that maps to two levels of hierarchical queues, where the parent policy configures average traffic shaping rates on both user-defined classes as well as the class-default class, which is supported beginning in Cisco IOS Release 12.2(33)SRA. This configuration does not show the corresponding class-map configuration, which also is required to support these policy-maps.
Configure the parent policy for user-defined and class-default classes to shape traffic in those classes and apply a second-level policy.
Configure the child policy to allocate different percentages of bandwidth by class.
Router(config)# policy-map child-pm
Router(config-pmap)# class cos0
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# class cos1
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map parent
Router(config-pmap)# class vlan100
Router(config-pmap-c)# shape average 1000000
Router(config-pmap-c)# service-policy child-pm
Router(config-pmap-c)# exit
Router(config-pmap)# class vlan200
Router(config-pmap-c)# shape average 1000000
Router(config-pmap-c)# service-policy child-pm
Router(config-pmap-c)# exit
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 2000000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
! Apply the parent service policy to an output interface.
Router(config)# interface TenGigabitEthernet 2/0/0
Router(config-if)# switchport
Router(config-if)# switchport access vlan 2000
Router(config-if)# switchport mode access
Router(config-if)# mls QoS trust cos
Router(config-if)# service-policy output switchport-cos-policy
Router(config-if)# service-policy output parent-pm
This example shows how to display information a class-default HQoS policy with child policy matching on various supported criteria.
Router# show policy-map parent2
Router(config-pmap-c)# shape average 3000000000 12000000 12000000
head# show policy-map child
shape average 100000000 400000 400000
police cir 200000000 bc 6250000 be 6250000 conform-action transmit exceed-action drop
shape average 50000000 200000 200000
Configuring Hierarchical QoS for EoMPLS VCs
The Hierarchical Quality of Service (HQoS) for EoMPLS VCs feature extends support for hierarchical, parent and child relationships in QoS policy-maps. This feature also provides EoMPLS per-VC QoS for point-to-point VCs.
The new feature adds the ability to match the virtual LAN (VLAN) IDs that were present on a packet when the packet was originally received by the router. It also supports the ability to match on a QoS group that is set to the same value of the IP precedence or 802.1P class of service (CoS) bits that are received on the incoming interface. This allows service providers to classify traffic easily for all or part of a particular EoMPLS network, as well as to preserve the customer's original differentiated services (DiffServ) QoS values.
In EoMPLS applications, the parent policy-map typically specifies the maximum or the minimum bandwidth for a group of specific VCs in an EoMPLS network. Then child policy-maps in the policy can implement a different bandwidth or perform other QoS operations (such as traffic shaping) on a subset of the selected VCs.
This feature enables service providers to provide more granular QoS services to their customers. It also gives service providers the ability to preserve customer IP precedence or CoS values in the network.
Hierarchical QoS with Service Instances
The Hierarchical Quality of Service (HQoS) with Service Instances extends support for hierarchical, parent and child relationships in QoS policy-maps. Both flat and hierarchical policies can be applied to service instances configured as Ethernet MPB, EoMPLS, local connect, or selective QinQ.
Configuration Guidelines
When configuring hierarchical QoS with Ethernet Service Instances on an ES20 line card, follow these restrictions and usage guidelines:
•
You can classify on the inner VLAN tag, the outer VLAN tag, or a combination of both. You can classify on the inner VLAN tag and CoS or the outer VLAN tag and CoS. You can classify on CoS, or CoS inner or any combination of these filters.
•
The following MQC actions are permitted:
–
Shaping
–
Bandwidth
–
Two priority queues per policy
–
Set cos, set cos-inner, set cos cos-inner, set cos-inner cos, and set mpls exp commands
–
set mpls exp is supported in ingress (for Eompls only).
–
WRED aggregate
–
Queue-limit
•
For marking, you can copy or rewrite the inner cos, the outer cos, or both inner and outer cos, or your can copy the inner cos to outer cos or vice versa.
EVC Configuration Examples
This example shows ingress QoS on scalable EoMPLS.
Router(config)# interface gig 1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if)# xconnect 2.2.2.2 100 pw-class vlan-xconnect
Router(config-pmap-c)# service-policy input mark-it-in
Router(config)# policy-map mark-it-in
Router(config-pmap)# class cos0
Router(config-pmap-c)# set mpls exp 5
In this example of a single tag VLAN configuration, because the encapsulation dot1q 10 is already classified, only the inner VLAN and CoS values are configured.
Router(config)# interface gig 1/0/0
Router(config-if)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge domain 200
Router(config-pmap-c)# service-policy input mark-it-in
Router(config)# policy-map mark-it-in
Router(config-pmap)# class innervlan20
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
This is an example of a single tag VLAN connect ingress policy.
Router(config)# interface interface GigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-pmap-c)# service-policy in mark-it-in
Router(config)# interface interface GigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-pmap-c)# service-policy in mark-it-in
Router(config-if-srv)# connect EVC1 GigabitEthernet1/0/1 100 GigabitEthernet1/0/2 101
Router(config)# policy-map mark-it-in
Router(config-pmap)# class vlaninner20cosinner5
Router(config-pmap-c)# set cos 0
This is an example of an egress double tag VLAN connect hierarchical configuration.
Router(config)# interface interface GigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-pmap-c)# service-policy out parent-out-100
Router(config)# interface interface GigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-pmap-c)# service-policy out parent-out-101
Router(config-if-srv)# connect EVC1 GigabitEthernet/0/1 100 GigabitEthernet 1/0/2 101
Router(config)# policy-map child-out-100
Router(config-pmap)# class cos5
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config)# policy-map parent-out-100
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out-100
Router(config)# policy-map child-out-101
Router(config-pmap)# class cos0
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 5
Router(config-pmap-c)# set cos-inner 5
Router(config)# policy-map parent-out-101
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out-101
This is an example of an egress double tag VLAN connect flat configuration.
Router(config)# policy-map flat-100
Router(config-pmap)# class cos5
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queuing action
Router(config-pmap-c)# set cos 6
Router(config)# policy-map flat-101
Router(config-pmap)# class cos0
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 5
Router(config-pmap-c)# set cos-inner 5
Router(config-pmap)# class class-default <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queuing action
Router(config-pmap-c)# set cos 4
The next examples show a selective QinQ MPB configuration and the service policy that can be applied to it. With this configuration, a range of VLANs exists in the outer tag of the encapsulation command. When VLAN ranges are configured, rewrite commands are not allowed so the packets pass through the bridge-domain without change. An inner tag cannot exist in this configuration. The first example is a hierarchical policy and the second example is a flat policy.
Router(config)# interface GigabitEthernet 1/0/2
Router(config-if)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 200
Router(config-pmap-c)# service-policy output parent-out
Router(config)# policy-map child-out
Router(config-pmap)# class cos5
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# set cos 0
Router(config)# policy-map parent-out
Router(config-pmap)# class outervlan10
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out
Router(config)# interface GigabitEthernet 1/0/2
Router(config-if)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# bridge-domain 200
Router(config-pmap-c)# service-policy out flat
Router(config)# policy-map flat
Router(config-pmap)# class vlanouter10cos5
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default: <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queueing action
Router(config-pmap-c)# set cos3
Router(config-pmap-c)# set cos-inner 3
The next two examples apply to MPBE configurations except Selective QinQ. The first is a hierarchical policy and the second is a flat policy.
Router(config)# interface interface GigabitEthernet 1/0/2
Router(config-if-srv)# service instance 1
Router(config-if-srv)# encapsulation dot1qencap dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config)# policy-map child-out
Router(config-pmap)# class vlaninner10
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default: <-- not required
Router(config)# policy-map parent-out
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# service-policy child-out
Router(config)# interface interface GigabitEthernet 1/0/2
Router(config-if-srv)# service instance 1
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config)# policy-map flat
Router(config-pmap)# class vlaninner10
Router(config-pmap-c)# shape average 10000000
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Router(config-pmap)# class class-default <-- required class
Router(config-pmap-c)# shape average 10000000 <-- required queueing action
Router(config-pmap-c)# set cos 0
Router(config-pmap-c)# set cos-inner 0
Configuring Bandwidth Remaining Ratio (BRR) - Utilizing Unused Bandwidth Support
BRR feature provides the functionality to utilize the unused bandwidth allocated to logical interfaces. BRR enables sharing of unused bandwidth among logical interfaces such as EVCs and L3 subinterfaces through oversubscription.
BRR is implemented on logical interfaces using the following maps:
•
Hierarchical Policy-Maps
•
Flat Policy- Maps
You can configure Bandwidth Remaining Ratio action in the policy-map of a parent or a child class. BRR can be configured to a minimum ratio of 1 and maximum of 1000 on a logical interface.
For more information on BRR, refer to: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/ipsuboe.html#wp1129803
QoS supports BRR CLI in the parent and child classes over a logical interface. You can use the shape command to oversubscribe the bandwidth in parent and child classes.
You cannot use the CLI to toggle the priority rate propagation to ON in ES20 line cards. For more information, refer to: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/ipsuboe.html#wp1131793
In the following BRR sample configuration:
•
The bandwidth is configured in the shape command oversubscribed in the parent and child classes.
•
The priority status of LLQ packets is propagated to the parent queue.
•
The class and class-default within a parent policy-map is allocated an excess bandwidth of 250 Mb/s (25% or 1/4 of 1 Gb/s) assuming the maximum link capacity is 1 Gb/s. The excess bandwidth 150 Mb/s (250Mb/s less 100 Mb/s from LLQ class) is allocated to the child policies. The class and childclass2, receives 5/6 or 125 Mb/s as minimum bandwidth, and the class, class-default, receives default BRR of 1 or 1/6 or 25 Mb/s as minimum bandwidth.
•
The parent2 policy-map is allocated an excess bandwidth of 750 Mb/s (75% or 3/4 of 1 Gb/s). The excess bandwidth of 650 Mb/s (750Mb/s less 100Mb/s from LLQ class) is allocated to the child policy. The class, childclass2, receives 5/6 or 541,666,666 Mb/s as minimum bandwidth and the class, class-default, receives default BRR of 1 or 1/6 or 108,333,333 Mb/s as minimum bandwidth.
•
NonBRR policy on a maininterface: The complete 100% link bandwidth is used to calculate the cir value in all the classes. The 1% reserved bandwidth is used from the class default. Ensure that the cir value of a class-default policy receives more than 1% of the port bandwidth. If not, an "exceed guarantee rate" error message is displayed.
•
BRR policy on a maininterface: In classes, cir values are calculated from 99% link bandwidth for all the classes with a BRR ratio. The 1% reservation value is not relayed from the class default and cir value is not adjusted for the class-default queue.
Note
Reserved link bandwidth is the maximum bandwidth available for distribution that is 1% less than the maximum link capacity.
bandwidth remaining ratio 5
class class-default # unspecified classes default to BRR of 1
bandwidth remaining ratio 1
bandwidth remaining ratio 3
service-policy output parent
service-policy output parent2
Hierarchical Policy-Maps
Hierarchical policy-maps implement parent-child relationships between various policy-maps applied on an interface. You can create a child policy-map from another policy-map to inherit its functionality. If BRR is implemented in a hierarchical policy-map for a class, all the other classes in the policy-map are automatically set to BRR with ratio one. Similarly, if BRR is implemented in a hierarchical policy-map over a logical interface, all the other hierarchical policy-maps applied to other interfaces on the same port automatically implement BRR with ratio 1.
Note
BRR does not propagate to the child level. For implicit propagation of BRR to the child classes, you should configure BRR in one of the child classes.
In the following example, two policy-maps, parentbr and parentbw, are applied to two different logical interfaces on the same port. BRR is implemented only in parentbr policy-map. In the configuration below, the policy-map, parentbw, results in a default BRR of 1. Applying the policy-map, parentbw, results in an error message if the sum of the child bandwidth CIR exceeds the excess ratio allocated for parentbw. If the calculated excess minimum CIR is greater then the guaranteed rates in the child, then classes cos5 and class-default are configured with guaranteed rate plus an evenly distributed fair share of excess bandwidth. The following sample displays the BRR implementation for parentbr and parentbw policy-maps:
bandwidth remaining ratio 2
bandwidth remaining ratio 2
bandwidth remaining ratio 4
You can configure BRR on the following policy-maps:
•
HQoS Policies with Bandwidth and Shape in Child Classes.
•
HQoS Polices with Shape in Child Classes.
•
HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes.
Note
You can individually or jointly configure BRR on child classes or parent classes.
HQoS Policies with Bandwidth and Shape in Child Classes
In the following sample configuration, the class-default, defined in the parent policy-map is allocated Committed Information Rate (CIR) share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth minus the reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s minus the reserved bandwidth of 10 Mb/s per port, 990/3 = 330 Mb/s). As BRR is enabled on the parent, the platform calculates the CIR share for the parents.
In the following example, the minimum bandwidth that the parent requires is 200 Mb/s to accept requests from its child classes. The parent class overrides the shape value configured in the child class and uses the CIR as shape value for the child. Though the child class can receive excess bandwidth of 330 Mb/s, as the parent class is shaped with a CIR value of 300 Mb/s, the excess bandwidth of 30Mb/s is unused. The child class, cos5, is allocated a CIR value of 100 Mb/s and the maximum acceptable CIR value is 300 Mb/s (parent shaper). The class, class-default, is allocated a CIR value of 100 Mb/s.
The class, class-default, defined in parent2 policy-map is allocated 2/3 share of 990 Mb/s that is 660 Mb/s. Class cos5 is allocated 100 Mb/s and class-default is allocated the remaining share of 550 Mb/s (660-100 Mb/s).
EIR values of the user-defined classes are proportional to the CIR values. If the EIR value is high, so is the CIR value.
Bandwidth remaining ratio 1
Bandwidth remaining ratio 2
service-policy output parent
service-policy output parent2
The following policy configurations exhibit similar behavior to the HQoS Policies with bandwidth and shape in the child classes:
•
HQoS Polices with Shape in Child Classes
•
HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes.
Restrictions and Usage Guidelines
When configuring HQoS Policies with Bandwidth and Shape in the child classes, follow these restrictions and usage guidelines:
•
CIR allocated to parent class should be greater than sum of child CIR. CIR is calculated using the following formula:
((Link rate - reserved bandwidth) * BRR) / (total BRR parts of all parent classes within the link)
•
To avoid configuration failure when CIR share for a parent is reduced due to increase in parent classes, you should also configure BRR in child classes.
•
You can configure BRR without shape within a class.
HQoS Polices with Shape in Child Classes
In the following sample configuration, the class, class-default, defined in the parent policy-map is allocated CIR share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth- reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s- reserved bandwidth of 10 Mb/s per port = 990/3 = 330 Mb/s). With BRR enabled on the parent, the platform calculates the CIR share.
In the following example, the excess bandwidth is divided between the child class, cos5 and class-default, in bandwidth ratio of 2:1. The class, class-default, is configured to BRR of one. Hence, the class, cos5, is allocated 220 Mb/s and the class, class-default, is allocated 110 Mb/s of bandwidth.
The class, class-default, in parent2 policy-map is allocated excess bandwidth of 660 Mb/s, which is further divided between the child classes in the parent2 policy-map. The class, cos5, is allocated 440Mb/s (2/3) and the class, class-default, is allocated 220Mb/s (1/3). The following example configuration shows the HQoS polices with only shape in child classes:
Bandwidth Remaining Ratio 2
bandwidth remaining ratio 1
bandwidth remaining ratio 2
service-policy output parent
service-policy output parent2
Restrictions and Usage Guideline
When configuring HQoS polices with only shape in child classes, follow this restriction and usage guideline:
•
You can configure BRR in both the child and parent classes.
HQoS Policies with Police+Priority (LLQ) and Shape in Child Classes
In the following sample configuration, the class, class-default, in the parent policy-map is allocated CIR share of 1/3 of the total available bandwidth. The total bandwidth is 1 Gb/s and available bandwidth is total bandwidth- reserved bandwidth (10 Mb/s). Hence, the class, class-default, is allocated 330 Mb/s (1/3 of 1 Gb/s- reserved bandwidth of 10 Mb/s per port = 990/3 = 330 Mb/s). With BRR enabled on the parent, the platform calculates the CIR share.
The excess bandwidth is allocated to the child classes. The priority class, cos3, is allocated CIR equal to 100Mb/s. The remaining excess bandwidth of 230 Mb/s (330 Mb/s-100 Mb/s) is allocated to the classes, cos5 and class-default. The class cos5 is allocated 153 Mb/s and class-default is allocated 76 Mb/s.
Similarly, Parent2 policy-map is configured to CIR of 660 Mb/s (2/3 of total available bandwidth of 1 Gb/s). The LLQ class is allocated 100 Mb/s. The remaining bandwidth of 550 Mb/s is divided between the two classes, cos5 and class-default, in the ratio of 2:1. The class, cos5, is allocated 373 Mb/s and the class, class-default, is allocated 186 Mb/s. Because the class, class-default, is configured to shape limit of 100 Mb/s, the excess bandwidth is not utilized. The sample configuration shows HQoS Policies with Police+Priority(LLQ) and Shape in the child classes:
Bandwidth remaining ratio 2
Bandwidth remaining ratio 1
Bandwidth remaining ratio 1
Bandwidth remaining ratio 2
service-policy output parent
service-policy output parent2
Restrictions and Usage Guideline
When configuring HQoS hierarchical policies with Police+Priority(LLQ) and Shape in the child classes, follow this restriction and usage guideline:
•
You can configure BRR in both the child and parent classes.
Flat Policy- Maps
If you implement BRR in one Flat policy-map over a logical interface, all the other Flat policy-maps applied on the other logical interface in the same port are not affected, and are allocated guaranteed bandwidth. The excess bandwidth is not available to other Flat policy-maps on the same interface.
In the following example, two policy-maps, testbrr and testbw, are applied on two different logical interfaces on the same port. BRR is implemented only in testbrr policy-map.
bandwidth remaining ratio 2
bandwidth remaining ratio
Note
You cannot simultaneously configure bandwidth and BRR in the child classes.
BRR Propagation
When you apply BRR on a:
•
Hierarchical Policy—All other policies on the same logical interface are configured to BRR value of 1.
•
Flat policy—
–
All other policies on the same logical interface are not configured to default BRR settings (refers to an implicit BRR value of 1).
–
When BRR is configured in one or more classes within the flat policy-map, classes within the same flat policy-map has a default BRR value of 1.
•
Flat policy coexisting with HQoS policies —BRR on flat policy-maps does not propagate the default BRR settings to HQoS policy-maps and vice versa.
Restrictions and Usage Guidelines
When you configure BRR on a logical interface, follow these restrictions and usage guidelines:
•
You can implement BRR on a logical and maininterface.
•
Bandwidth CIR is blocked in the parent policies that are applied to logical interfaces.
•
You cannot combine BRR and bandwidth CIR in a policy-map, class-map, or LLQ action.
•
The line card automatically configures the queue limit when BRR is configured. No explicit queue- limit statements are supported.
•
You can propagate BRR only if the same policy-map is applied across multiple interfaces within a single port.
•
The sum of the parent shape rates cannot exceed the link bandwidth if BRR is not configured. The shape sum can exceed the link bandwidth on an interface only if the BRR is available in the parent policy.
•
PRP state is set to `OFF'.
•
Hybrid policies are not supported with BRR. For more information on hybrid policies, refer section "Example of a Hybrid Policy" section.
Note
If the calculated excess cir is greater then the shape rate, the shape rate is used instead of the calculated BRR minimum rate. If the shape rate is modified, the guaranteed rate and shape rate for the specific queue is updated.
Example of a Hybrid Policy
The following example displays a sample configuration of a BRR on a hybrid policy:
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Average Rate Traffic Shaping
Hardware Restrictions
When you configure BRR on a logical interface, follow these restrictions and usage guidelines:
•
If the sum of LLQ and non LLQ bandwidth per class is:
–
More than the CIR share calculated through BRR, the line card rejects the policy-map.
–
Is less than the allocated BRR, excess bandwidth is not split among the remaining subscribers based on the configured ratio.
•
Excess unused bandwidth is distributed to active oversubscribed queues but not in the configured BRR ratio.
Troubleshooting QoS Features in a ES20 Line Card
Table 3-13 lists some of the QoS troubleshooting scenarios in a ES20 line card.
Table 3-13 QoS troubleshooting scenarios
|
|
Ingress Policer issues |
One rate two color (1R2C ) Policer issues: Ensure that: • You configure mls QoS for the EARL policing to work. • You did not configure 1R2C on user defined classes. • You did not configure policer in a child class on the EVC. • You did not configure the police actions. • If the issue persists, contact TAC. Two rate threee color (2R3C) Policer issues: Ensure that: • You created a single 1r0c/2r3c policer per EVC/SG per bay irrespective of the number of member links on that bay and at least one member link is part of EVC PC. • If the issue persists, contact TAC. |
Queue limit and WRED issues |
Ensure that: • You configure only four WRED statements in a class-map including the default WRED statement, i.e. random-detect aggregate. • You did not exceed the acceptable limit of 120 different queue-limits. • You did not exceed the acceptable limit of 120 WRED classes when each class uses different WRED statements. If two classes have the same WRED configurations, then they would share the same WRED group. • If the issue persists, contact TAC. |
Traffic drops resulting in buffer space issues while using the BRR feature. |
• Ensure that you correctly configured the queue-limit <x> value for each child class queue. • To check buffer exhaustion issues, execute the show policy-map int command and confirm the value of the queue depth parameter in the output. If the queue does not receive the guaranteed bandwidth, and the queue depth is close to zero or much less than its queue limit, traffic drops and buffer space issues occur. • If the issue persists, contact TAC. |
EXCEEDGUARANTEE rate error message (BRR feature) is displayed |
• Check if the class-default of the policy map has received less than one percent of of port bandwidth as its CIR value. • If the issue persists, contact TAC. |
Rate counters are not accurate |
• Rate counters are updated in fixed intervals. Use the load-interval seconds command to increase the load interval for accurate rate counter values. |
Traffic classified incorrectly |
• Use the show run class-map command to check the class-map definition. • Use the show policy-map interface interface command to check the classification statistics. • Use the show tcam interface interface qos type1/type2 ip detail (type1 is for input policy, type2 for output policy) command to verify that the classification hardware parameters are configured correctly and packets are relayed to the right class as shown in the example:
Router# sh tcam interface gig10/1 qos type1
ip detail
DPort - Destination Port SPort - Source
Port TCP-F - U -URG Pro
- Protocol
I - Inverted LOU TOS - TOS
Value - A -ACK
rtr - Router
MRFM - M -MPLS Packet TN - T -Tcp
Control - P -PSH COD
- C -Bank Care Flag
- R -Recirc. Flag - N
-Non-cachable - R -RST
- I -OrdIndep. Flag
- F -Fragment Flag CAP - Capture
Flag - S -SYN
- D -Dynamic Flag
- M -More Fragments F-P -
FlowMask-Prior. - F -FIN
T - V(Value)/M(Mask)/R(Result)
X - XTAG (*) - Bank
Priority
Interface: 1018 label: 513 lookup_type:
1
protocol: IP packet-type: 0
|T|Index| Dest Ip Addr | Source Ip Addr|
DPort | SPort | TCP-F
|Pro|MRFM|X|TOS|TN|COD|F-P|
V 36828 0.0.0.0 0.0.0.0
P=0 P=0 ------ 0 ----
0 0 -- --- 0-0 <-
M 36836 0.0.0.0 0.0.0.0
0 0 ------ 0 X--- 0
0 <-
V 36829 0.0.0.0 0.0.0.0
P=0 P=0 ------ 0 M---
0 0 -- --- 0-0
M 36836 0.0.0.0 0.0.0.0
0 0 ------ 0 X--- 0
0
|
|
R rslt: 142811A8
Note <- indicates the class where the packets are classified.
|
Excessive drops in packets |
• Use the show policy map interface command to check if the offered rate exceeds the configured policer shape rate. • Queuing on ES20/SIP-600 is performed on the L1 frame with an overhead of 24 bytes. The ES20 supports user-defined overhead accounting for shape/wfq classes. • Drops also occur due to low queue-limit configured. Increase the queue-limits value if unaccounted drops are seen. • In case of excessive drops, check if WRED can be used as, illustrated in this example.
Router#s h run policy-map queuing
Building configuration...
Current configuration : 276 bytes
random-detect precedence 1 100 1000
random-detect precedence 2 150 1500
random-detect precedence 3 200 800
|
|
Router#sh policy-map int gig10/6
Service-policy output: queuing
Counters last updated 00:00:27 ago
Class-map: prec1 (match-all)
5 minute offered rate 0000 bps, drop
rate 0000 bps
queue limit 65536 packets
(queue depth/total drops/no-buffer
drops) 0/0/0 <<< drops due to bandwidth
over subscription
(pkts output/bytes output) 0/0
bandwidth 200000 kbps <<<<
bandwidth configured in the policy-map
Class-map: prec2 (match-all)
5 minute offered rate 0000 bps, drop
rate 0000 bps
queue limit 32768 packets
(queue depth/total drops/no-buffer
drops) 0/0/0 <<< drops due to shaper
(pkts output/bytes output) 0/0
shape (average) cir 100000000, bc
400000, be 400000
target shape rate 100000000
<<< shaper configured in the policy-map by
the user
|
|
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0 packets
class Random drop Tail
drop Minimum Maximum
Mark
pkts/bytes pkts/bytes
thresh thresh prob
0 3457/5687000
0/0 8192 16384 1/10
<<< wred packet/bytes counts and threshold
values
3 1408/4508780
0/0 200 800 1/10
4 0/0 0/0
12288 16384 1/10
5 0/0 0/0
13312 16384 1/10
6 0/0 0/0
14336 16384 1/10
7 0/0 0/0
15360 16384 1/10
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop
rate 0000 bps
queue limit 32768 packets
(queue depth/total drops/no-buffer
drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 100000000, bc
400000, be 400000
target shape rate 100000000 <<<
shaper configured in the policy-map by the
user
|
Bandwidth not met |
Check if the queue limits are configured right. Based on this example, check if the bandwidth and priority class has been configured correctly.
Router# sh run policy-map queuing
Building configuration...
Current configuration : 276 bytes
random-detect precedence 1 100 1000
random-detect precedence 2 150 1500
random-detect precedence 3 200 800
Router#sh policy-map int gig10/6
Service-policy output: queuing
Counters last updated 00:00:27 ago
Class-map: prec1 (match-all)
5 minute offered rate 0000 bps, drop
rate 0000 bps
queue limit 65536 packets
(queue depth/total drops/no-buffer
drops) 0/0/0 <<< drops due to bandwidth
over subscription
(pkts output/bytes output) 0/0
bandwidth 200000 kbps <<<<
bandwidth configured in the policy-map
|
Debug QoS policing traffic issues in EARL |
• Check the policer configured on the hardware. For aggregate policer and microflow policer, check the aggregate Id value using the sh mls qos [ip|mpls|ipv6|arp] command. If the value is 0 or n/a, it indicates a failure. • Use the show tcam interface command to check whether or not the TCAM is programmed correctly for the interface. The result from the output can be used to find different fields in the QoS hardware on that interface.
Warning
Use the show tcam interface command with the module option to view the tcam programming on the DFCs.
• Check the rate and burst configured on the policer. • Use embedded logic analyzer (ELAM) tool to gather (captures the packets routed internally, checks dbus and rbus. dbus contains the packet details which is going from the line card to router and rbus has the packet details from router to line card) packet informations. Share the output information with TAC for further troubleshooting. |
Policer not receiving the packets |
• Use the sh mls qos [ip|mpls|ipv6|arp] and sh policy-map interface commands to confirm if the policer receives the packets. If not, share the output information with TAC to troubleshoot line card issues. |
Incorrect QoS ACLs in TCAM |
• Use the sh qm int xxx and sh tcam int xx qos [type1|type2] [ip|mpls|ipv6|other|arp] det commands to verify if the correct QoS ACLs are displayed in the TCAM. If not, Share the output information with TAC for further troubleshooting. |
Microflow policing issues |
• Use the sh fm int xxx and sh mls netflow ip detail commands to view the output. Share the information with TAC for troubleshooting. • Validation of microflow policing: Use the show mls netflow ip qos module module command to validate the microflow policing. In this output, Pkts/Bytes indicates total forwarded packets/bytes, and the police count column indicates the drop count.
Router# sh mls netflow ip qos module 10
Displaying Netflow entries in module 10
DstIP SrcIP
Prot:SrcPort:DstPort Src i/f
:AdjPtr
-------------------------------------------
-------------------------------------
Pkts Bytes LastSeen QoS
PoliceCount Threshold Leak
-------------------------------------------
-------------------------------------
20.1.1.2 10.1.1.2 255 :0
:0 -- 0x0
12857116 591427336 17:35:40 0x80
5117484352 0 0
|
Expected CIR/PIR rate not reached |
1. TCP traffic displays rates below the CIR due to the slow-start algorithms and retransmissions. 2. To increase the CIR/PIR rates, use a traffic generator or UDP traffic . 3. Use large burst values to police TCP traffic. |
Egress packet drop issues |
• Check the traffic type. • Raise the bandwidth. Eg: old 10M users - gig link in a 10 gig backbone network. • Modify the queue limit or introduce WRED. |