Re: Policy-Map ASR9k matching issue

mustafa_salih · ‎07-31-2019

Hi Team,

I got an issue with Policy-map applied on interface Tengig inside ASR9k (Cisco IOS XR Software, Version 5.3.4), I can't see any matching for packets on the interface applied to the Tengig, it was working correctly before but suddenly the matching for any packets stopped is there any way to troubleshooting and solving the issue.

Appreciated your help.

Giuseppe Larosa · ‎07-31-2019

Hello Mustafa,

can you post the configuration of the tengiga interface and the configuration of the policy-map applied to it.

Hope to help

Giuseppe

mustafa_salih · ‎08-01-2019

Hi Guiseppe,

Thanks for your help, much appreciated, please see below, it's normal matching based on IPv4 I just hide the IP address:

show running-config class-map ALE-COMPANY
class-map match-any ALE-COMPANY
match access-group ipv4 ALE-COMPANY
end-class-map
!

show access-lists ALE-COMPANY

ipv4 access-list ALE-COMPANY
10 permit ipv4 X.X.X.X 0.0.0.3 any
20 permit ipv4 any X.X.X.X 0.0.0.3

interface TenGigE0/1/1/1.22
service-policy input Limits
service-policy output Limits
ipv4 address 192.168.202.193 255.255.255.252
encapsulation dot1q 22

show policy-map interface TenGigE0/1/1/1.22 output | be Class ALE

Class ALE-COMPANY
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Transmitted : N/A
Total Dropped : 0/0 0
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 0/0 0
Policed(exceed) : 0/0 0
Policed(violate) : 0/0 0
Policed and dropped : 0/0

Giuseppe Larosa · ‎08-01-2019

Hello Mustafa,

use another extended ACL to verify if packets to /from X.X.X.X 0.0.0.3.

ipv4 access-list CHECK-QOS

10 permit ipv4 X.X.X.X 0.0.0.3 any
20 permit ipv4 any X.X.X.X 0.0.0.3

30 permit ipv4 any any

Apply it inbound on the subif

int interface TenGigE0/1/1/1.22

access-group ipv4 CHECK-QOS in

An verify if counters match on the first two lines . One possible event is that the traffic is using a different path to/from X.X.X.X address and for this reason the QoS policy-map does not match anymore.(A topology change)

Hope to help

Giuseppe

mustafa_salih · ‎08-02-2019

Hi Giuseppe,

Appreciated your help, I just configured new class-map to match all the traffic, I'm still seeing low traffic passing over this class while I have more than 1 Gbps passing through this interface:

show access-lists MATCH_ANY
ipv4 access-list MATCH_ANY
10 permit ipv4 any any

class-map match-any MATCH_ANY
match access-group ipv4 MATCH_ANY
end-class-map
!

show run policy-map DPLC
!
class MATCH_ANY
police rate 3 gbps
conform-action transmit
exceed-action drop
!
!
class class-default
!
end-policy-map

!

Class MATCH_ANY
Classification statistics (packets/bytes) (rate - kbps)
Matched : 204736/258889101 5236
Transmitted : N/A
Total Dropped : 0/0 0
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 204736/258889101 5236
Policed(exceed) : 0/0 0
Policed(violate) : 0/0 0
Policed and dropped : 0/0
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 34285119/46888898929 1191780
Transmitted : N/A
Total Dropped : N/A

--------------------------

You can see all the traffic matched only on the default-class.