cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


140
Views
0
Helpful
10
Replies
Beginner

Quality of Service

I am trying to shape AF1 traffic

I am seeing hits on my other queues but not AF1

I know there is traffic matching my ACL

Q has anyone got a similar configuration ?

class-map match-any ce_af1_customer
  description Match AF1 Class map
 match ip dscp cs1  af11  af12  af13
 match access-group name preactor-gmps-critical

 kf-r-park-royal-01#s hinv
bkf-r-park-royal-01#show inv
bkf-r-park-royal-01#show inventory
NAME: "Chassis", DESCR: "Cisco ISR4331 Chassis"
PID: ISR4331/K9        , VID: V04, SN: FDO2223A2N7

class-map match-any ce_af1_output
  description Marking AF1 Class map
 match class-map ce_af1_customer

policy-map cpe_out_child
 description MGMT:8K EF:0K AF1:0K AF2:0K AF3:0K AF4:0K
 class ce_mgmt_bun_output
  police 8000 8000 8000 conform-action set-prec-transmit 6 exceed-action set-prec-transmit 6
  bandwidth 3
  random-detect
  random-detect precedence 0 22 35 10
  random-detect precedence 6 22 35 10
 class ce_af4_output
  police 3000000 conform-action set-dscp-transmit af41 exceed-action set-dscp-transmit af42
 class ce_af3_output
  police 400000 conform-action set-dscp-transmit af31 exceed-action set-dscp-transmit af32
 class ce_ef_output
  police 4000000 conform-action set-dscp-transmit ef exceed-action drop
  priority
 class ce_af2_output
  shape average 8000000
 class ce_af1_output
  shape average 8000000
 class class-default
  random-detect

 

Everyone's tags (2)
10 REPLIES
Highlighted
VIP Advisor

Re: Quality of Service

Hello

i don’t see why your class map ce_af1_customer is nested into the parent class map ce_af1_output as it not nested with anything else  you could try matching on ce_af1_customer instead 

 



kind regards
Paul

Please don't forget to rate any posts that have been helpful.

Re: Quality of Service

"Q has anyone got a similar configuration ?"

Depends how you define "similar.

BTW, as you've only posted part of all your QoS policy's supporting class-map, have no idea what your earlier policy-map classes are matching against. I.e. it's possible an earlier class is also matching against AF11.

Also BTW, you might consider replacing "match ip dscp cs1 af11 af12 af13" with just matching IPPrec 1.

Lastly, I generally recommend against using RED unless you're a QoS expert. I also generally recommend using class based FQ instead.
Beginner

Re: Quality of Service

additional configuration

Re: Quality of Service

Better - but ACLs you're using in class-maps?
Beginner

Re: Quality of Service

ip access-list standard altiris-tools-burst
permit 172.23.200.76
ip access-list standard ax-critical
permit 10.20.2.12
permit 10.20.2.11
permit 10.0.106.133
permit 10.0.106.134
ip access-list standard biztalk-app-critical
permit 169.254.1.18
permit 10.0.106.194
permit 10.0.106.184
permit 10.0.106.185
permit 10.0.106.186
ip access-list standard cognos-controller-critical
permit 10.0.106.8
permit 10.0.106.9
ip access-list standard dev-web-critical
permit 10.0.106.163
permit 172.23.200.138
ip access-list standard preactor-aps-critical
permit 10.21.0.23
permit 10.21.0.22
permit 172.23.10.37
permit 172.23.10.39
ip access-list standard preactor-gmps-critical
permit 10.21.0.23
permit 10.21.0.22
permit 172.23.200.64
permit 172.23.10.37
permit 172.23.10.39
ip access-list standard protean-critical
permit 10.20.2.29
permit 10.20.2.30
permit 10.20.2.31
permit 10.0.136.135
permit 10.20.2.40
permit 10.20.2.36
permit 10.20.2.37
permit 10.20.2.38
permit 10.20.2.39
permit 10.20.2.32
permit 10.20.2.33
permit 10.20.2.34
permit 10.20.2.35
permit 10.0.106.236
permit 10.0.106.205
permit 10.0.106.206
permit 10.0.106.207
permit 10.0.106.208
permit 10.0.106.209
permit 10.0.106.210
permit 10.0.106.211
permit 10.0.106.212
permit 10.0.106.213
permit 10.0.106.214
permit 10.0.106.215
permit 10.0.106.216
permit 10.0.106.217
permit 10.0.106.218
permit 85.115.54.202
ip access-list standard qlikview-critical
permit 10.0.105.62
permit 10.0.105.61
permit 10.0.105.60
ip access-list standard rgpweb-critical
permit 10.21.2.31
permit 10.21.2.30
permit 172.23.200.167
permit 172.23.200.166
ip access-list standard ukh-critical
permit 10.0.106.174
permit 10.0.106.175
permit 10.0.106.183
permit 10.0.106.184
ip access-list standard wms-critical
permit 172.24.0.41
permit 172.24.0.42

Re: Quality of Service

Hmm, so I now look at your first policy class, which is:

policy-map cpe_out_child
 description MGMT:8K EF:0K AF1:0K AF2:0K AF3:0K AF4:0K
 class ce_mgmt_bun_output

Then I look at the class-map:

class-map match-any ce_mgmt_bun_output
 match access-group name QOS_MANAGEMENT

Then I look to see what's in "QOS_MANAGEMENT" - missing from your latest post?  Other ACLs also missing?

Beginner

Re: Quality of Service

thanks for your reply
bkf-r-park-royal-01#sh access-lists QOS_MANAGEMENT
Extended IP access list QOS_MANAGEMENT
    10 permit ip any 194.72.105.0 0.0.0.31
bkf-r-park-royal-01#

note --- we have checked netflow and packet captures toe ensure there are active IP packets matching the ACL

we still do not see hits

when I change the match to protocol http -- I see hits

 

Q do you think this behaviour could relate to a software defect on the router ?

Re: Quality of Service

Yes, software defects are always possible, including those that just impact counters showing what's happening. I.e. sometimes the routers is actually processing packets correctly, but that stats don't show that.

I'm now further confused - what ACL do you see being match, where do you set/change to match protocol http and you see hits?

In any case, any packets that match your QOS_MANAGEMENT ACL should match that first class and not be seen by your ce_af4_output class.
Beginner

Re: Quality of Service

thanks all for your help

I had to change the ACL to extended -- saw no hits on the standard

Beginner

Re: Quality of Service

thanks for your quick reply

 

I had tried removing the nested class map

it made no difference

CreatePlease to create content
Ask the Expert- Introduction to Network Design