QOS in Cisco 7600 router // Marking IP precedence

smartboy2255 · ‎12-29-2010

Dear all,

I have configured below QOS in the router and applied in the outside interface of the router.But no traffic is passing through the default class..Also what will be the impact if the traffic exceeds 30 %.

class-map match-any IPSEC

match access-group name IPSEC-DATA

class-map match-all FTP

match access-group 2001

class-map match-all default

fair que

!

policy-map QOS

class IPSEC

Set ip precedence 4

police rate percentage 30 conform-action transmit exceed-action set-prec-transmit 0

class FTP

Set ip precedence 4

police rate 20 conform-action transmit exceed-action set-prec-transmit 0

class default

fair-queue

ip access-list extended IPSEC-DATA

permit esp any any

permit udp any eq isakmp any eq isakmp

service-policy output QOS

Thanks in advance for quick reply...

Regards,

Anish

Mahesh Gohil · ‎12-29-2010

Hello Anish,

I think class-default is generated by default and you do not need to configure it

try to see class-default at last in output of sh policy-map interface

if not you can remove below lines from config

class default

fair-queue

and add

class class-default

and see if traffic matches in this

Hope this helps

Regards

Mahesh

smartboy2255 · ‎12-29-2010

Thanks mahesh for your quick reply ,today I will check it and update yisou. Second thing what will be the impact of below command while traffic crossing 30%.

police rate percentage 30 conform-action transmit exceed-action set-prec-transmit 0

Regards,

Anish

Mahesh Gohil · ‎12-29-2010

Hello Anish,

exceed-action set-prec-transmit 0

as you set above statement the exceed traffic will be carry forwarded to class-default

hope this helps

Regards

mahesh

smartboy2255 · ‎01-04-2011

HI Mahesh,

Today I have tried with the below config ....But still no traffic is going through the default class...Pls find the output of show policy int command also..

class-map match-any IPSEC
match access-group name IPSEC-DATA
class-map match-all FTP
match access-group 2001

policy-map TEST
       class IPSEC
              set precedence 4
       class FTP
              set precedence 3
       class class-default

ip access-list extended IPSEC-DATA
permit esp any any
permit udp any eq isakmp any eq isakmp

access-list 2001 permit ip 172.16.16.0 0.0.0.255 any

Router#sh run int Gi2/5
Building configuration...

Current configuration : 236 bytes
!
interface GigabitEthernet2/5

bandwidth 74516
ip address 1.x.x.x 255.255.255.252
speed 100
duplex full
no snmp trap link-status
no keepalive
no cdp enable
service-policy output TEST
end

Router#

***************************** Output *************************

Router#sh policy-map int Gi2/5

GigabitEthernet2/5

Service-policy output: TEST

    class-map: IPSEC (match-any)
      Match: access-group name IPSEC-DATA
      set precedence 4:
      Earl in slot 5 :
        27934360 bytes
        5 minute offered rate 632024 bps
        aggregate-forwarded 27934360 bytes

    class-map: FTP (match-all)
      Match: access-group 2001
      set precedence 3:
      Earl in slot 5 :
        155917 bytes
        5 minute offered rate 3664 bps
        aggregate-forwarded 155917 bytes

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps
Router#
Router#
Router#sh policy-map int Gi2/5

GigabitEthernet2/5

Service-policy output: TEST

    class-map: IPSEC (match-any)
      Match: access-group name IPSEC-DATA
      set precedence 4:
      Earl in slot 5 :
        33400816 bytes
        5 minute offered rate 735152 bps
        aggregate-forwarded 33400816 bytes

    class-map: FTP (match-all)
      Match: access-group 2001
      set precedence 3:
      Earl in slot 5 :
        181727 bytes
        5 minute offered rate 4128 bps
        aggregate-forwarded 181727 bytes

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps

Regards,

Anish