08-28-2017 12:52 AM - edited 03-05-2019 09:03 AM
Hello,
Im new to the ASR920 service instance but would like to know if anyone has done traffic policing on a service interface. Scenario is multiple service instances servicing multiple downstream clients configured on a physical interface. I would like to shape a downstream cust to an specific 20Mbps pipe.
I had alook at the limited docs on this.
I tried using a ACL with my policy map but every time i try and add it either to the physical port or the service instance i get the error.
Match named access-list is not supported for this interface
here is a configure snip:
 class-map Client1
 match access-group name Client1
 
 ip access-list ext Client1
 permit ip any host X.X.X.X
 
 policy-map Service_Inst1
 class Client1
 police cir 20000000
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 service instance 1 ethernet
  description Client 1
  encapsulation dot1q 1999
  rewrite ingress tag pop 1 symmetric
 bridge-domain 1000
policy-map output Service_Inst1
 interface BDI1000
 description Internet Gateway
 ip vrf forwarding ISP
 ip address X.X.X.X 255.255.255.240
Is this scenario possible?
11-22-2017 08:21 AM
Hi,
As QoS ACLs are supported only for ingress traffic in ASR920 , separate Ingress policy-map and Egress Policy-map need to be configured along with separate Ingress and Egress Class-maps respectively
 
					
				
		
11-22-2017 08:37 AM
Hello,
as far as I recall, you have to configure a service group, add the policy to the service group, and then add the service group to the service instance. In your case, the whole thing would look like this:
class-map Client1
 match access-group name Client1
! 
ip access-list ext Client1
 permit ip any host X.X.X.X
!
policy-map Service_Inst1
 class Client1
 police cir 20000000
class class-default
!
service-group 1
service-policy output Service_Inst1
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
 service instance 1 ethernet
 description Client 1
 encapsulation dot1q 1999
 group 1
 rewrite ingress tag pop 1 symmetric
 bridge-domain 1000
11-22-2017 08:43 AM
11-22-2017 08:54 AM
What exactly is not working ? Can you add the configuration sample I posted, or do the commands get rejected ?
Also, which IOS version are you running ?
05-18-2018 08:07 AM
 
					
				
		
05-23-2018 09:47 AM
The link you posted has this. Appears shaping and policing may fall under the same restriction in this case.
If you configure port level shaper with the policy applied at EFP level then port shaper does not work. However, 3 level HQoS policy with port and logical shaper can be applied at the EFP level. Logical shaper configured at logical level does work but port shaper does not work.
If you configure a class-based policy on the port, then you cannot configure service-policies on Ethernet Flow Points (EFPs).
Attaching a service policy to the BDI is not supported.
ACL based shaping policy-map cannot be applied to the EFP and/or egress interface.
Usage of bandwidth remaining percentage (BRP) in the absence of priority class, allocates the available bandwidth in an iterative way. For example, the bandwidth is allocated for the first BRP class as per the percentage of share configured in the respective class-map and the remaining bandwidth is iteratively allocated to all other BRP classes until the bandwidth is exhausted.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide