Configuring DSCP Policing and Media Bandwidth Policing
Last Updated: August 24, 2012
This module explains the following features:
AS SIP--DSCP Policing
AS SIP--Media Bandwidth Policing
The Assured Services over Session Initiation Protocol Differentiated Services Code Point (AS SIP--DSCP Policing) Policing and the AS SIP--Media Bandwidth Policing feature adds the media policy functionality to the Cisco Unified Border Element (Cisco UBE) on a per-call basis to control the bandwidth. Real Time Protocol (RTP) packets are dropped, and MIB and system logs are generated if there is any DSCP policy, marking, and media bandwidth profiling violation.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see
Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for Configuring DSCP Policing and Media Bandwidth Policing
Following are the restrictions for the AS SIP--DSCP Policing feature:
The Session Description Protocol (SDP) pass-through feature along with Resource Priority Header (RPH) to DSCP marking and policing are not supported.
High availability (HA) is not supported.
Following are the restrictions for the AS SIP--Media Bandwidth Policing feature:
The SDP pass-through feature along with the Media Bandwidth Policing feature are not supported.
Flow-around cases are not applicable to the Media Bandwidth Policing feature.
HA is not supported.
Information About Configuring DSCP Policing and Media Bandwidth Policing
The AS SIP--DSCP Policing feature provides the following functionalities:
A mechanism to map the RPH to the DSCP values in the IP header for audio and video calls.
A policy to match DSCP values of incoming media calls to the preconfigured value and take an action depending upon the configuration.
You must map RPH to DSCP values to provide priority and precedence for VoIP calls at all layers. DSCP policing and marking are supported as part of the AS SIP--DSCP Policing feature for RTP media. The DSCP policing functionality checks DSCP values for media packets (RTP) and informs incorrect marking of DSCP values. The DSCP marking functionality marks packets with the correct DSCP value as per the SIP RPH.
The AS SIP--DSCP Policing feature supports two new namespaces, UC and CUC. The namespace support is enabled by default and no configuration is required. Asymmetric call leg configuration is also supported: that is, you can have the RPH pass-through configuration on one call leg and RPH to DSCP policing on the another.
AS SIP--Media Bandwidth Policing
In releases prior to Cisco IOS Release 15.2(2)T, Cisco UBE does not support media on a policing per-call basis. Hence, few endpoints negotiate the G729 codec using the SIP offer answer model and send RTP packets with the payload of G711. Few endpoints negotiate with G729 10 ms (one packet per 10 ms) but send two packets as a response to the request of 10 ms. In both cases, more bandwidth than the negotiated bandwidth is used. Cisco UBE has no mechanism to detect bandwidth violation and enforce policing on media policing approaches.
To overcome this problem, the AS SIP--Media Bandwidth Policing feature was introduced in Cisco IOS Release 15.2(2)T. This feature introduces traffic policing on the Cisco UBE to limit media bandwidth usage to the negotiated rate. Excess traffic is dropped when the traffic rate reaches the configured maximum value. The AS SIP--Media Bandwidth Policing feature is supported only on RTP packets.
The AS SIP--Media Bandwidth Policing feature identifies violations in the bandwidth and triggers the following policing actions on additional RTP packets received:
Drops all violated packets.
Drops all violated packets and disconnects the call once it reaches the configured number of violations.
Ignores the violations.
You can enable system log and Simple Network Management Protocol (SNMP) trap generations to inform system administrators about policing violations.
Resource Priority Header
RPH is a SIP header. A SIP request with a RPH is treated as follows:
The request is given an elevated priority to access public switched telephone network (PSTN) gateway resources, such as trunk circuits.
The request can interrupt lower priority requests at a user terminal, such as an IP phone.
The request can carry information from one multilevel priority domain in a telephone network to another, without SIP proxies inspecting or modifying the header field.
In SIP proxies and back-to-back user agents, requests of higher priorities can displace the existing signaling requests or bypass the PSTN gateway capacity limits in effect for lower priorities.
This RPH header provides priority and precedence at Layer 7. It is not treated the same way in lower layers.
Differentiated Services Code Point
DSCP or differentiated services code point (DiffServ) is a computer networking architecture that specifies a simple, scalable, and coarse-grained mechanism for classifying and managing network traffic, and providing quality of service (QoS) on modern IP networks.
How to Configure DSCP Policing and Media Bandwidth Policing Features
Specifies the action that needs to be performed on any violation in the DSCP policy.
Step 6
end
Example:
Router(config-class)# end
Exits voice class configuration mode and enters privileged EXEC mode.
Applying the DSCP Policing Profile at the Global Level
Perform this task to apply the DSCP policing profile at the global level, that is to apply the profile to all dial peers.
SUMMARY STEPS
1.enable
2.configure terminal
3.voice service voip
4.sip
5.dscp-profiletag
6.end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
voice service voip
Example:
Router(config)# voice service voip
Enters voice service configuration mode.
Step 4
sip
Example:
Router(conf-voi-serv)# sip
Enters service SIP configuration mode.
Step 5
dscp-profiletag
Example:
Router(conf-serv-sip)# dscp-profile 1
Applies a DSCP policing profile at the global level.
If a DSCP policy is applied globally and to a dial peer, the dial peer configuration takes precedence over the global configuration.
Step 6
end
Example:
Router(conf-serv-sip)# end
Exits service SIP configuration mode and enters privileged EXEC mode.
Applying the DSCP Policing Profile at the Dial Peer Level
Perform this task to apply the DSCP policing profile at the dial peer level.
When the DSCP policing profile is applied to a dial peer and the mode is configured as RPH pass-through, the policy will be enforced if there is any match for the "r-priority" value in the RPH. If there is no match in the namespace, the domain name system (DNS) will be used to match the "r-priority".
If the RPH pass-through mode is configured, the RPH is passed as it is. The RPH is truncated if the following values are above the specified limits:
Only the namespace is changed and there is no change in the subdomain and priority.
Maximum namespace allowed is up to ten characters.
Maximum subdomains supported range is from 000000 to FFFFFF.
Maximum priority values allowed are 24 characters.
SUMMARY STEPS
1.enable
2.configure terminal
3.dial-peer voice tag {pots |
voatm |
vofr |
voip}
Exits dial peer configuration mode and enters privileged EXEC mode.
Verifying the AS SIP-DSCP Policing Feature
Perform this task to verify the configuration for AS SIP-DSCP Policing feature on Cisco UBE. The
show commands need not be entered in any specific order.
SUMMARY STEPS
1.enable
2.show ip interface brief
3.show call active voice brief
DETAILED STEPS
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Step 2
show ip interface brief
Example:
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.0.35.11 YES manual up up
GigabitEthernet0/1 10.1.3.3 YES NVRAM administratively down down
Displays a brief summary of an interface's IP information and status.
Step 3
show call active voice brief
Example:
Router# show call active voice brief
<ID>: <CallID> <start>.<index> +<connect> pid:<peer_id> <dir> <addr> <state>
dur hh:mm:ss tx:<packets>/<bytes> rx:<packets>/<bytes> dscp:<packets violation> media:<packets violation>
IP <ip>:<udp> rtt:<time>ms pl:<play>/<gap>ms lost:<lost>/<early>/<late>
delay:<last>/<min>/<max>ms <codec> <textrelay> <transcoded
media inactive detected:<y/n> media cntrl rcvd:<y/n> timestamp:<time>
long duration call detected:<y/n> long duration call duration :<sec> timestamp:<time>
MODEMPASS <method> buf:<fills>/<drains> loss <overall%> <multipkt>/<corrected>
last <buf event time>s dur:<Min>/<Max>s
FR <protocol> [int dlci cid] vad:<y/n> dtmf:<y/n> seq:<y/n>
<codec> (payload size)
ATM <protocol> [int vpi/vci cid] vad:<y/n> dtmf:<y/n> seq:<y/n>
<codec> (payload size)
Tele <int> (callID) [channel_id] tx:<tot>/<v>/<fax>ms <codec> noise:<l> acom:<l> i/o:<l>/<l> dBm
MODEMRELAY info:<rcvd>/<sent>/<resent> xid:<rcvd>/<sent> total:<rcvd>/<sent>/<drops>
speeds(bps): local <rx>/<tx> remote <rx>/<tx>
Proxy <ip>:<audio udp>,<video udp>,<tcp0>,<tcp1>,<tcp2>,<tcp3> endpt: <type>/<manf>
bw: <req>/<act> codec: <audio>/<video>
tx: <audio pkts>/<audio bytes>,<video pkts>/<video bytes>,<t120 pkts>/<t120 bytes>
rx: <audio pkts>/<audio bytes>,<video pkts>/<video bytes>,<t120 pkts>/<t120 bytes>
Telephony call-legs: 0
SIP call-legs: 2
H323 call-legs: 0
Call agent controlled call-legs: 0
SCCP call-legs: 0
Multicast call-legs: 0
Total call-legs: 2
0 : 21 23:08:52.157 IST Tue Jul 12 2011.1 +8900 pid:3 Answer 1000 active
dur 00:00:56 tx:2766/442560 rx:2811/449760 dscp:2814 media:0
IP 9.44.46.21:20332 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off Transcoded: No
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
0 : 22 23:08:52.707 IST Tue Jul 12 2011.1 +7780 pid:4 Originate 2000 active
dur 00:00:57 tx:2811/449760 rx:2766/442560 dscp:2767 media:0
IP 9.44.46.25:31290 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off Transcoded: No
media inactive detected:n media contrl rcvd:n/a timestamp:n/a
long duration call detected:n long duration call duration:n/a timestamp:n/a
Telephony call-legs: 0
SIP call-legs: 2
H323 call-legs: 0
Call agent controlled call-legs: 0
SCCP call-legs: 0
Multicast call-legs: 0
Total call-legs: 2
Displays call information for voice calls in progress.
Configuring the AS SIP--Media Bandwidth Policing Profile at the Global Level
SUMMARY STEPS
1.enable
2.configure terminal
3.media profile policetag
4.violationnumberaction {disconnect |
drop |
ignore} [no-syslog]
5.overhead {audio |
video}
percentage
6.end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
media profile policetag
Example:
Router(config)# media profile police 1
Configures the media bandwidth policing profile at the global level and enters media profile configuration mode.
Step 4
violationnumberaction {disconnect |
drop |
ignore} [no-syslog]
Example:
Router(cfg-mediaprofile)# violation 20000 action drop no-syslog
Specifies the number of violations after which the action needs to be taken.
Use the
no-syslog keyword to configure the Cisco UBE to disable the system log.
Step 5
overhead {audio |
video}
percentage
Example:
Router(cfg-mediaprofile)# overhead audio 10
Configures the overhead bandwidth percentage above the negotiated bandwidth.
Step 6
end
Example:
Router(cfg-mediaprofile)# end
Exits media profile configuration mode and enters privileged EXEC mode.
Applying the Media Bandwidth Policing Profile at the Global Level
SUMMARY STEPS
1.enable
2.configure terminal
3.voice service voip
4.media police-profiletag
5.end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Enter your password if prompted.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
voice service voip
Example:
Router(config)# voice service voip
Enters voice service configuration mode.
Step 4
media police-profiletag
Example:
Router(conf-voi-serv)# media police-profile 1
Applies the media bandwidth policing profile at the global level.
Step 5
end
Example:
Router(conf-voi-serv)# end
Exits voice service configuration mode and enters privileged EXEC mode.
Applying the Media Bandwidth Policing Profile at the Dial Peer Level
Applying the media bandwidth policing profile at the dial peer level involves two actions: applying the profile for a media class and then applying the corresponding media class to a dial peer.
Perform this task to apply the media bandwidth policing profile at the dial peer level.
SUMMARY STEPS
1.enable
2.configure terminal
3.media classtag
4.police profiletag
5.exit
6.dial-peer voicetagvoip
7.media-classtag
8.end
DETAILED STEPS
Command or Action
Purpose
Step 1
enable
Example:
Router> enable
Enables privileged EXEC mode.
Step 2
configure terminal
Example:
Router# configure terminal
Enters global configuration mode.
Step 3
media classtag
Example:
Router(config)# media class 1
Configures a media class and enters media class configuration mode.
Step 4
police profiletag
Example:
Router(cfg-mediaclass)# police profile 1
Applies the media bandwidth policing profile to the media class.
Step 5
exit
Example:
Router(cfg-mediaclass)# exit
Exits media class configuration mode and enters global configuration mode.
Enables SNMP media policy voice traps at the dial peer level.
Step 5
end
Example:
Router(config-dial-peer)# end
Exits dial peer configuration mode and enters privileged EXEC mode.
Verifying the AS SIP-Media Bandwidth Policing Profile Feature
Perform this task to verify the configuration for AS SIP-Media Bandwidth Policing Profile feature on Cisco UBE. The
show commands need not be entered in any specific order.
Example: Applying the Media Bandwidth Policing Profile
The following example shows how to apply the media bandwidth policing profile globally and at the dial peer level:
Router(config)# voice service voip
Router(conf-voi-serv)# media police-profile 1
Router(config)# media class 1
Router(cfg-mediaclass)# police profile 1
Router(cfg-mediaclass)# end
Router# configure terminal
Router(config)# dial-peer voice 4 voip
Router(config-dial-peer)# media-class 1
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for Configuring DSCP Policing and Media Bandwidth Policing
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1
Feature Information for Configuring DSCP Policing and Media Bandwidth Policing
Feature Name
Releases
Feature Information
AS SIP--DSCP Policing
15.2(2)T
The AS SIP--DSCP Policing feature provides the following functionalities:
A mechanism to map the RPH to the DSCP values in the IP header for audio and video calls.
A policy to match DSCP values of incoming media calls to the preconfigured value and take an action depending upon the configuration.
The following commands were introduced or modified:
The AS SIP--Media Bandwidth Policing feature introduces traffic policing on the Cisco UBE to limit media bandwidth usage to the negotiated rate. Excess traffic is dropped when the traffic rate reaches the configured maximum value.
The following commands were introduced or modified:
media police-profile,
media profile police,
overhead,
police profile,
violation (media profile).
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.