Catalyst QOS Notes.
By Sarah Kent,
Avaya team leader!!
Cat QoS
Order of Cat3550 QoS functions:
receives packet
classifies packet with internal DSCP.
polices, marks or marks down internal DSCP.
determines egress CoS based on internal DSCP.
queues packet into one of 4 transmit queues based on egress CoS value.
schedules packet out of transmit queue based on strict-priority queuing or WRR.
How to check each step in functions:
receives packet
show mls qos int [int] statistics
mls qos monitor [dscp | bytes | packets]
classifies packet with internal DSCP:
The following config commands are mutually exclusive (u):
mls qos trust [cos | ip prec | dscp]
access-lists – IP, IP extended or Layer 2 MAC acls.
mls qos aggregate-policer
service policy input [policy-map]
show mls qos map
ip-prec-dscp
cos-dscp
dscp-mutation
polices, marks or marks down internal DSCP.
mls qos aggregate-policer
service policy input [policy-map]
determines egress CoS based on internal DSCP.
Map assign CoS values to select one of egress queues.
wrr-queue cos-map [Qid] [CoS1...CoS8]
show mls qos interface queuing
queues packet into one of 4 transmit queues based on egress CoS value.
Gigabit:
Set queue size wrr-queue queue-limit
Set queue thresholds wrr-queue threshold OR wrr-queue random-detect max-threshold
Map DSCP to thresholds wrr-queue dscp-map
Fast Ethernet:
Map CoS to queue mls qos map cos-dscp
Set min-reserve level mls qos min-reserve level [Qid] [level]
Set buffer size mls qos min-reserve [level] [buffersize in packets]
Set queue importance mls qos bandwidth [weights]
show mls qos int [int]statistics to display absolute value of queue size and examine FreeQ info.
show mls qos int [queuing|buffers|statistics] to look at queue depths.
schedules packet out of transmit queue based on strict-priority queuing or WRR.
Set queue importance wrr-queue bandwidth
sh mls qos int int statistics
Config Gotchas:
Switch(config)# mls qos
Switch(config-if)# mls qos trust on the interface connected to other switches.
If you have EtherChannel ports configured on your switch, you must configure QoS classification, policing, mapping, and queueing on the individual physical ports that comprise the EtherChannel. You must decide whether the QoS configuration should match on all ports in the EtherChannel. (univerd)
Can set this globally:
Set buffer size mls qos min-reserve [level] [buffersize in packets]
Apply the level to a Queue on the interface.
Cat3550(config-if)#wrr-queue min-reserve 1 ?
<1-8> min-reserve level
Cat Classify/Mark
3 ways to Classify:
1- Trusted ingress interface
a. CoS
mls qos trust [cos | dscp | ip-prec]
mls qos cos cos_value Assign CoS to untagged frames
b. DSCP
Cats use DSCP internally. They map CoS and IP Prec to DSCP.
mls qos trust dscp
c. IP precedence
2- Untrusted sets any QoS tags back to 0
3- IP address (eg ACL)
3 ways to mark QoS:
1- Rewrites CoS, DSCP or IP prec on ingress frames (eg mutation maps)
2- Interface configurations (eg mls qos cos override )
3- Cat Policing
Ingress DSCP Mutation is the exception (CatQos p151)
Maps ingress DSCP markings to internal DSCP
Switch(config-if)# mls qos trust dscp
Switch(config-if)# mls qos dscp-mutation [dscp-mutate-name]
Switch# show mls qos maps dscp-mutation
Default DSCP-to-CoS Mapping Table on 3550/3560:
DSCP 0-7 8-15 16-23 24-31 32-39 40-47 48-55 56-63
CoS 0 1 2 3 4 5 6 7
Switch# mls qos map dscp-cos
Switch# show mls qos map dscp-cos
Map CoS to particular queue on egress:
Cat3550(config-if)# wrr-queue cos-map [1-4] [cos]
Cat3560#sho mls qos map cos-output-q
Cos-outputq-threshold map:
cos: 0 1 2 3 4 5 6 7
————————————
queue-threshold: 2-1 2-1 3-1 3-1 4-1 1-1 4-1 4-1
Map cos to internal dscp on ingress:
Cat3550(config) mls qos map cos-dscp 0 8 16 26 32 40 48 56
Cat3560(config)#mls qos srr-queue input cos-map queue 1 0 1 2 3 4 5 Queue 1 or 2. Other values are CoS
Cat3560#show mls qos map cos-input-q
Cos-inputq-threshold map:
cos: 0 1 2 3 4 5 6 7
————————————
queue-threshold: 1-1 1-1 1-1 1-1 1-1 2-1 1-1 1-1 All CoS values are set to Q1 threshold 1 by default.
mls qos map
The CoS-dscp map is used for incoming traffic; the dscp-CoS map is used for
outgoing traffic.(bob)
This is my best guess at how maps work:
Cat3550 mls qos maps:
There are 6 different maps.
Policed-dscp map: used on ingress to mark out of profile packets.
Dscp-cos map: marks frames with CoS on trunks and queue frames on access ports.
Dscp-switch priority map: maps dscp values to switch priorities 0-3
Cos-dscp map: marks ingress frames with dscp
IpPrecedence-dscp map: marks ingress IP prec packets with dscp
Dscp-dscp mutation map: marks ingress DSCP packets with internal DSCP markings
mls qos dscp-switch-priority:
Define the DSCP-to-switch-priority map. This map generates the priority of a request to the switch fabric when using a priority-aware switch fabric.
For dscp-list, enter up to eight DSCP values, with each value separated by a space. The range is 0 to 63. Then enter the to keyword.
For switch-priority, the range is 0 to 3.
Need to doublecheck how these work!
The switch-priority is in reference to the four hardware queues that are
associated with each ethernet port.
Default DSCP-to-Switch Priority
DSCP Value/Switch Priority
0-15/0
16-31/1
32-47/2
48-63/3
DSCP values 0-15 covers IP precedence values 0 and 1, which is COS 0 and 1 by default.
DSCP values 16-31 covers IP precedence values 2 and 3, which is COS 2 and 3 by default.
’show mls qos interface queueing’ will show the defaults. (sm)
Cat Scheduling
True for 3550 and 3560s
Scheduling – 4 egress queues
Cat 3550 supports the following output scheduling and queuing:
Expedite (strict-priority) queue
WRR scheduling
Configurable drop thresholds per output queue
WRED congestion avoidance algorithm
1 ingress FIFO queue
Cat 3550 supports the following output scheduling and queuing:
Expedite (strict-priority) queue
SRR scheduling
Configurable drop thresholds per output queue
WTD congestion avoidance algorithm
2 configurable ingress queues
SRR does sharing or shaping
Cat WRR
Use this formula to calculate each queue’s weight (CatQoS 179):
(weight/sum of all weights) * Bandwidth = egress bandwidth
(CatQoS p 177)
Order of Output:
CoS Transmit Queue
6,7 4
4,5 3
2,3 2
0,1 1
Set minimum queue depth measured in packets:
The minimum-reserve level configuration is meaningless until it is assigned to a particular queue. (univercd)
!
mls qos min-reserve [min-reserve-level 1-8] [min-reserve buffers 10-170]
!
int fa0/10
wrr-queue min-reserve [Qid 1-4] [min-reserve level 1-8]
Fast Ethernet wrr-queue options:
CAT2(config-if)#wrr-queue
bandwidth Configure WRR bandwidth
cos-map Configure cos-map for a queue id
min-reserve Configure min-reserve level
Gigabit Ethernet wrr-queue options:
CAT2(config-if)#wrr-queue
bandwidth Configure WRR bandwidth
cos-map Configure cos-map for a queue id
dscp-map Configure dscp-map for a queue threshold
queue-limit Configure queue-limit for egress
random-detect Configure random-detect per queue
threshold Configure queue tail-drop thresholds
Set queue bandwidth sets percentage of bandwidth allocated in weights.
Switch(config-if)# wrr-queue bandwidth 10 20 70 1
Changing the queue depth is different for Fast Ethernets and Gigabit Ethernet Ports.
Gigabit Ethernets
Set the Queue depth:
Gig Ethernet will support 4096 packets total. 1024 for each queue by default. Weights are size ratios.
Switch(config-if)# wrr-queue-limit [1-100 1-100 1-100 1-100]
show mls qos interface buffers
To display the absolute value of the queue size, use the show mls qos interface interface-id statistics privileged EXEC command, and examine the FreeQ information. (univercd)
Set the importance of each queue(univercd):
wrr-queue bandwidth [weights 1-65536]
The weight sets the importance of a queue relative to the others.
Designate DSCP-to-threshold mappings.
wrr-queue dscp-map [threshold-id] [dscp]
show mls qos int buffers
Maps DSCP values to tail-drop thresholds of egress queues. (u)
Assign CoS values to select one of egress queues:
wrr-queu cos-map [Qid] [CoS1...CoS8]
show mls qos interface queuing
Fast Ethernets
Set queue-depth:
Set a minimum buffer size for Fast Ethernets. Fast Ethernet supports 8 buffer levels. Buffer size is 10 to 170 packets.
mls qos min-reserve [1-8] [10-170]
show mls qos interface [x] buffers
Set queue importance is the same as Gig Ethernets.
wrr-queue bandwidth
You configure the queues to be serviced according to the ratio of WRR weights by using the wrr-queue bandwidth interface configuration command. The ratio represents the importance (weight) of a queue relative to the other queues. WRR scheduling prevents low-priority queues from being completely neglected during periods of high-priority traffic by sending some packets from each queue in turn. (u)
wrr-queue min-reserve
Each minimum-reserve level is configured with a buffer size.
Cat strict-priority
Strict priority queuing aka Expedite Queuing
Cat 3550
Queue 4 is always serviced first. Other 3 queues are serviced in a WRR fashion.
(CatQoS p 178)
Cat 3560
Queue 1 is always serviced first. Other 3 queues are serviced in a SRR fashion.
Cat SRR
SRR Shaping and Sharing (univercd):
Both the ingress and egress queues are serviced by SRR, which controls the rate at which packets are sent. On the ingress queues, SRR sends packets to the internal ring. On the egress queues, SRR sends packets to the egress port.
In shaped mode, the egress queues are guaranteed a percentage of the bandwidth, and they are rate-limited to that amount. Shaped traffic does not use more than the allocated bandwidth even if the link is idle. Shaping provides a more even flow of traffic over time and reduces the peaks and valleys of bursty traffic. With shaping, the absolute value of each weight is used to compute the bandwidth available for the queues.
In shared mode, the queues share the bandwidth among them according to the configured weights. The bandwidth is guaranteed at this level but not limited to it. For example, if a queue is empty and no longer requires a share of the link, the remaining queues can expand into the unused bandwidth and share it among them. With sharing, the ratio of the weights controls the frequency of dequeuing; the absolute values are meaningless.
Ingress SRR – only set for sharing
Egress SRR – set for sharing or shaping
Sharing rate-limits traffic to guaranteed percentage. Shaped traffic is not allowed to use more bandwidth even if link is idle. Absolute value of each weight is used.
Shared mode shares bandwidth among queue according to weights. Sets minimum guaranteed bandwidth. (sounds like CBWFQ)
Ingress Queue Types
Normal
mls qos srr-queue input threshold
mls qos srr-queue input dscp-map [Qid] [DSCPs]
mls qos srr-queue input cos-map [queue | threshold]
Expedite
mls qos srr-queu input priority-queue
Shaped or Shared Mode for Egress Ints:
Cat3560(config)#mls qos queue-set outpu 1 buffers 25 25 25 25
Assigns percentage of buffer to each of 4 queues. 25 is default for each queue.
Cat3560(config-if)#queue-set [1-2]
SRR services each queue-set in shared or shaped mode. You map a port to a queue-set by using the queue-set (u)
When priority-queue is enabled, the first bandwidth weight is ignored.
You can combine the commands described in this section to prioritize traffic by placing packets with particular DSCPs or CoSs into certain queues, by allocating a large queue size or by servicing the queue more frequently, and by adjusting queue thresholds so that packets with lower priorities are dropped.
Bob Sinclair email:
Shaped weights both reserve and limit, whereas shared weights just reserve.
The shaped queue weights are not considered in the shared weight
calculation. The ratio of the shared weights determines the relative
bandwidth allocations of the bandwidth remaining after the shaped
reservation.
Imagine this example on a 100 Mbs link:
srr-queue bandwidth shape 2 0 0 0
srr-queue bandwidth share 1 2 2 1
I believe these would be the resulting reservations, in terms of Mbs:
Queue 1: 50 Mbs (reserved and limited 1/2 times 100 Mbs)
Queue 2: 20 Mbs (reserved 20/(20 + 20 + 10) times 50 Mbs)
Queue 3: 20 Mbs (reserved 20/(20 + 20 + 10) times 50 Mbs)
Queue 4: 10 Mbs (reserved 10/(20 + 20 + 10) times 50 Mbs)
Difficult to verify in practice.
Cat Congestion Avoidance
Cat Tail Drop
Tail Drop is 3550.
Each queue has 2 thresholds.
Threshold-1 is lower priority
Threshold-2 is higher priority
(CatQoS p 181) Internal DSCP determines which egress threshold applies. 2 thresholds for congestion avoidance only applicable for egress Gig ints. Cat 3550 treats all ingress packets from Fast E int with threshold-2 configuration.
wrr-queue threshold [Q_id] [threshold-1 x%] [threshold-2 y%]
Threshold-1 can transmit until designated queue becomes x% congested. Then, threshold-1 is tail-dropped. Threshold-2 is transmitted until designated queue becomes y% congested. Then, threshold-2 traffic is tail dropped.
Cat WRED
WRED is a 3550 feature.
2 ways to enable WRED:
Per queue, setting thresholds (Gigs only)
Whole interface: all traffic, dscp-based, ip_prec-based.
WRED works on Fast Ethernet and Gigabit ports, but the configuration differs:
Fast Ethernet and Gigabit:
CAT1(config-if)#random-detect ?
dscp-based Enable dscp based WRED on an inteface
prec-based Enable prec based WRED on an interface
<cr>
Configure WRED only on egress Gig Ethernet for each queue:
wrr-queue random-detect max-threshold 1 Threshold_1% Threshold_2%
wrr-queue random-detect max-threshold 2 Threshold_1% Threshold_2%
wrr-queue random-detect max-threshold 3 Threshold_1% Threshold_2%
wrr-queue random-detect max-threshold 4 Threshold_1% Threshold_2%
Enable WRED on whole interface:
CAT3550(config-if)# random-detect dscp-based
CAT3550#sh queueing random-detect int gig 0/1
Current random-detect configuration:
GigabitEthernet0/1
Queueing strategy: random early detection (WRED)
Exp-weight-constant: 9 (1/512)
Mean queue depth: 0
dscp Random drop Tail drop Minimum Maximum Mark
pkts/bytes pkts/bytes thresh thresh prob
af11 0/0 0/0 33 40 1/10
af12 0/0 0/0 28 40 1/10
af13 0/0 0/0 24 40 1/10
af21 0/0 0/0 33 40 1/10
af22 0/0 0/0 28 40 1/10
af23 0/0 0/0 24 40 1/10
af31 0/0 0/0 33 40 1/10
af32 0/0 0/0 28 40 1/10
af33 0/0 0/0 24 40 1/10
af41 0/0 0/0 33 40 1/10
af42 0/0 0/0 28 40 1/10
af43 0/0 0/0 24 40 1/10
cs1 0/0 0/0 22 40 1/10
cs2 0/0 0/0 24 40 1/10
cs3 0/0 0/0 26 40 1/10
cs4 0/0 0/0 28 40 1/10
cs5 0/0 0/0 31 40 1/10
cs6 0/0 0/0 33 40 1/10
cs7 0/0 0/0 35 40 1/10
ef 0/0 0/0 37 40 1/10
rsvp 0/0 0/0 37 40 1/10
default 0/0 0/0 20 40 1/10
Cat3560 WTD
WTD is a 3560 feature that is enabled on both ingress and egress.
Auto-QoS
IP Phones default DSCP settings:
RTP EF aka DSCP46 (NMC lab3)
VOIP Control DSCP 24 and 26 (univercd)
3 Auto-QoS commands:
auto qos voip trust
auto qos voip cisco-phone
auto qos voip cisco-softphone
auto qos voip trust:
This macro affects incoming and outgoing traffic on interface. Apply auto qos voip trust on interfaces that interconnect switches.
!
mls qos map cos-dscp 0 8 16 26 32 46 48 56
!
interface FastEthernet0/18
switchport mode dynamic desirable
mls qos trust cos
auto qos voip trust
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
!
The same macro does not add the cos-dscp map globally:
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
mls qos trust cos
auto qos voip trust
wrr-queue bandwidth 10 20 70 1
wrr-queue queue-limit 50 25 15 10
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
end
!
auto qos voip cisco-phone:
This macro affects incoming and outgoing traffic on interface connected to Cisco phone. For incoming traffic, it trusts CoS, tags untagged frames with CoS 0, and ignores IP precedence and DSCP.
!
interface FastEthernet0/19
switchport mode dynamic desirable
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
end
Same command on Gigabit Ethernet:
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
wrr-queue bandwidth 10 20 70 1
wrr-queue queue-limit 50 25 15 10
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
end
auto qos voip cisco-softphone
Cisco-softphone macro does not add trust device command.
!
mls qos map policed-dscp 24 26 46 to 0
!
class-map match-all AutoQoS-VoIP-RTP-Trust
match ip dscp ef
class-map match-all AutoQoS-VoIP-Control-Trust
match ip dscp cs3 af31
!
!
policy-map AutoQoS-Police-SoftPhone
class AutoQoS-VoIP-RTP-Trust
set dscp ef
police 320000 8000 exceed-action policed-dscp-transmit
class AutoQoS-VoIP-Control-Trust
set dscp cs3
police 32000 8000 exceed-action policed-dscp-transmit
!
interface FastEthernet0/20
switchport mode dynamic desirable
service-policy input AutoQoS-Police-SoftPhone
auto qos voip cisco-softphone
wrr-queue bandwidth 10 20 70 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
end
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
service-policy input AutoQoS-Police-SoftPhone
auto qos voip cisco-softphone
wrr-queue bandwidth 10 20 70 1
wrr-queue queue-limit 50 25 15 10
wrr-queue cos-map 1 0 1
wrr-queue cos-map 2 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
end
Override the PCs CoS settings:
switchport priority extend cos
Configures the telephone through the switch CLI to override the priority of the traffic received from the PC.
Voice VLANs
You should configure voice VLAN on switch access ports.
Enable mls qos globally
The Port Fast feature is automatically enabled when voice VLAN is configured.
If using port-security, set max MAC addresses to 2.
Do not use sticky secure MAC addresses on voice vlan
Can also set as 802.1x authentication, secure port or protected port.
Defatult CoS for voice traffic from Cisco phone is 5.
switchport priority extend cos [value ]
set phone to override the priority received from attached pc
switchport priority extend trust
trust priority from pc attached to phone
Cat BW Consumption Mgt
Cat Policing
You configure the bucket depth (the maximum burst that is tolerated before the bucket overflows) by using the burst-byte option
You configure how fast (the average rate) that the tokens are removed from the bucket by using the rate-bps option
Rules of Policing:
Only the average rate and committed burst parameters are configurable.
Policing can occur on ingress and egress physical interfaces on 3550.
You cannot police at the switch virtual interface level on a 3550.
The switch does not support per-VLAN QoS or VLAN QoS policing across the entire switch.
Build a class map:
Only one ACL per class map. (u)
only one match class-map configuration command per class map are supported. (u)
(u) You cannot use the service-policy interface configuration command to attach policy maps that contain these elements to an egress interface:
set or trust policy-map class configuration commands. Instead, you can use the police policy-map class configuration command to mark down (reduce) the DSCP value at the egress interface.
Access control list (ACL) classification.
Per-port per-VLAN classification.
3560 diference:
In Cisco IOS Release 12.2(25)SE or later, you can configure QoS on physical ports and on switch virtual interfaces (SVIs). Other than to apply policy maps, you configure the QoS settings, such as classification, queueing, and scheduling, the same way on physical ports and SVIs. When configuring QoS on a physical port, you apply a nonhierarchical policy map. When configuring QoS on an SVI, you apply a nonhierarchical or a hierarchical policy map.(u)
Comparison of 3550 and 3560 Policing Techniques:
Individual
Hierarchical
Supported on 3560 SVI
Non-hierarchical
Physical port
SVI supported on 3560
Per-port Per-Vlan on 3550
Aggregrate
3550 and 3560 supported
Individual Policing
Policers can be configured only on a physical port or on a per-port per-VLAN basis (specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port). Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port. (unvercd)
Switch(config)# mls qos cos policy-map ???
Physical Port
QoS applies the bandwidth limits specified in the policer separately to each matched traffic class. You configure this type of policer within a policy map by using the police policy-map configuration command.
Per-Port Per-VLAN
Per-port Per-VLAN policing supported on 3550.
Rules:
Per-port per-VLAN policing is supported only on ingress interfaces.
Must use the match-any keyword with the class-map (Bob)
Must put match vlan first in class-map (Bob)
Classify traffic:
class-map match-any [name_x]
match [ access-group | ip prec | ip dscp ]
class-map match-all [name_y]
match vlan
match class name_x
When to use per-port per-vlan policing instead of physical port policing?
Per-port per-VLAN basis specifies the bandwidth limits for the traffic on a per-VLAN basis, for a given port. Per-port per-VLAN policing is not supported on routed ports or on virtual (logical) interfaces. It is supported only on an ingress port configured as a trunk or as a static-access port. (u)
SVI Policing
Policing on SVIs is a 3560 supported feature.
Configure classification, queueing, and scheduling, the same way on physical ports and SVIs. Applying policy map is different. (u)
Policing
hierarchical aka single-level policy maps
Apply on SVI
hierarchical policy map contains two levels.
First level – the VLAN level, specifies the actions to be taken against a traffic flow on the SVI.
Second level – the interface level, specifies the actions to be taken against the traffic on the physical ports that belong to the SVI.
nonhierarchical dual-level policy maps
Applied on physical port or SVI
All traffic, regardless of whether it is bridged or routed, is subjected to a policer, if one is configured. As a result, bridged packets might be dropped or might have their DSCP or CoS fields modified when they are policed and marked.
Police->Mark->Ingress Queues->SRR->Internal Ring->Egress Queues->SRR
Only 1 policy per ingress.
Policy-map trust and port trust are mutually exclusive. Last one configured wins.
What’s the difference betweeen a hierarchical map on svi and a map that references a vlan and IP acl?
Hierarchical Maps
trust cos, dscp or ip prec
set cos, dscp or ip prec
Policing on SVIs
Enable VLAN-based QoS on the physical ports that belong to the SVI -Physical Level. (u)
Configure class maps that specify port trust state or set a new QoS tag in packet. Policers not supported here – VLAN level.
Checklist for hierarchical policy-maps for classification on 3560:
7. Enable mls qos vlan-based on physical interface
8. Build ACL and class-map to match IP traffic
9. Build policy-map using class-map for IP traffic
10. Apply policy-map to SVI
11.
Checklist for hierarchical policy-maps for policing on 3560:
Enable mls qos vlan-based on physical interface
Build ACL and class-map to match IP traffic
Build class-map to match interface range
Build policy-map using interface range class-map and rate-limit the class
Build another policy-map using IP traffic class-map. Optionally, change QoS here. Nest first policy-map.
Apply policy-map to SVI.
Checklist for hierarchical policy-maps for policing markdown on 3560:
Same steps as above except police statement has exceed policed added
Add global mls qos map policed-dscp x to y
interface int-id
mls qos vlan-based
class-map vlan-map
match [acl | dscp | prec ] Can only use 1 match per class map in this case. Therfore it doesn’t matter whether I use match-all or match-any in class-map name.
class-map interface-map
match input-interface(s) Can only use 1… Same rules apply.
policy-map interface-policy-map
class interface-map
police
policy-map vlan-based-policy-map
class vlan-map
trust [cos | dscp | prec ] OR set [dscp | prec]
service-policy interface-policy-map
int vlan 123
service-policy input vlan-based-policy-map
Is exceed policed-dscp-transmit’s default action to downgrade the DSCP to 0?
Differ between policing on SVI and other forms of policing?
Aggregate Policing
mls qos aggregate-policer
The aggregate policer is shared by multiple classes of traffic within a policy map. (univercd) you cannot use the aggregate policer across different policy maps or interfaces.
Other features
Flowcontrol
Switch(config-if)# flowcontrol [receive | send] [desired | off | on]
flow control send
When it detects any congestion at its end, it notifies the link partner or the remote device of the congestion by sending a pause frame. (univercd)
flow control receive
When it receives a pause frame, it stops sending any data packets. This prevents any loss of data packets during the congestion period. (univercd)
Flowcontrol is off by default:
CAT1#sh int fa0/1 flowcontrol
Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
——— ——– ——– ——– ——– ——- ——-
Fa0/1 Unsupp. Unsupp. off off 0 0
CAT1#sh int fa0/1 flowcontrol
Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
——— ——– ——– ——– ——– ——- ——-
Fa0/1
Defaults:
Gigabit Ethernet – flowcontrol receive off and flowcontrol send desired.
Fast Ethernet interfaces are flowcontrol receive off and flowcontrol send off. (univercd)
Monitoring
Switch(config-if)# mls qos monitor dscp dscp1 … dscp8
mls qos monitor packets
show mls qos interface interface-id statistics
DSCP Transparency
DSCP Transparency is a Cat3560 feature.
Global command that is disabled by default. If DSCP transparency is enabled by using the no mls qos rewrite ip dscp command, the switch does not modify the DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet.
Cat3560(config)# mls qos rewrite ip dscp
disable DSCP transparency to allow switch to modify DSCP values based on trust or ACL
-OR-
Cat3560(config)# no mls qos rewrite ip dscp
Cat3560(config-if)# mls qos trust [cos | dscp ] does the same thing per interface
Passthrough Option is a 3550 Feature:
Cat3550(config-if)# mls qos trust [cos | dscp] pass-through [ dscp | cos]
Forces Cat to treat CoS and DSCP independently. So, it trusts one and doesn’t change the other marked as pass-through.
How to allow CoS to pass through on a 3560?
Cat 3560 vs 3550
Cat3560(config)#mls qos ?
aggregate-policer Named aggregate policer
map qos map keyword
queue-set Choose a queue set for this queue
rewrite Rewrite Packet/Frame
srr-queue Configure SRR receive queues
<cr>
Cat3550(config)#mls qos ?
aggregate-policer Assign aggregate policer
cos Configure CoS setting
map Define QoS mapping
min-reserve Configure min-reserve buffers
<cr>
Cat3560#sh mls qos ?
aggregate-policer aggregate-policer keyword
input-queue input-queue keyword
interface interface keyword
maps maps keyword
queue-set queue-set keyword
vlan VLAN keyword
| Output modifiers
<cr>
Cat3550#sh mls qos ?
aggregate-policer Show aggregate-policer information
interface Show interface information
maps Show mapping information
| Output modifiers
<cr>
Cat3550(config)#mls qos map dscp-switch-priority ?
<0-63> DSCP values separated by spaces (up to 8 values total)
What does this do?
Define the DSCP-to-switch-priority map. This map generates the priority of a request to the switch fabric when using a priority-aware switch fabric. (u)
enable VLAN-based QoS on a switch port.
This procedure is required on physical ports that are specified in the interface level of a hierarchical policy map on an SVI.
Cat3560(config-if)#mls qos vlan-based ?
<cr>
Can only map cos values to egress queues on 3550.
Sarita you rock!
Victor.-
[...] Summary Notes BSCI Review Notes Catalyst QOS Notes MPLS Summary Notes Multicast Summary Notes Quality of Service [...]