Hi Francesco !! Thanks for responding to my post !!

Yeah, the config is in production but it doesn't look like it's working as designed. For some reason all traffic is falling under the "class Flash-Override". Please see the rest of the config below. I do not see traffic in the "class Flash".

class-map match-any Flash-Override

match ip precedence 4

match ip dscp af41

match access-group name ThreePAR-Rep-to-DR

class-map match-any Flash

match ip precedence 3

match access-group name HANA-Replication

match access-group name DXI-Rep-to-DR

match access-group name VMWare-Rep-to-DR

policy-map Voice-Over-Wan

class Critical

  set ip dscp ef

  priority percent 20

class Flash-Override

  bandwidth percent 30

class voice-signaling

  bandwidth percent 5

  set ip precedence 4

class Flash

  bandwidth percent 40

class class-default

  fair-queue

  random-detect

  set ip dscp default

Hi Francesco,

The policy map is applied on the router WAN interface applying to outbound traffic.

Here is the traffic flow:

PBR is applied at the my core switch Nexus 7K with ip next to my WAN router --> the ip policy route-map Set-IP-QoS is applied on the router LAN interface --> policy-map Voice-Over-Wan is applied to the router WAN interface.

Thanks Francesco !!

Danny

Hi

Could you share the config of your WAN router (remove confidential things) and some outputs of sh policy-map interface.

Have you done a wireshark trace? Could you share it please?

Thanks 

PS: Please don't forget to rate and mark as correct answer if this answered your question

Hi Francesco,

Attached is the QoS related config, please have a look and let me know what you think.

No, I have not tried wireshark packet capture yet.

Thanks Francesco !!!

Danny

Based on your outputs, traffic is going through the right class-map except the flash one that doesn't handle any traffic.

How did you test it to say that your traffic isn't passing through the right class-map.

Can you test end to end and take a capture at the output of your WAN router to see if your QoS tag is correct?

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Thanks Francesco !!

Yeah, traffic is flowing through but it all flowing through the class-map Flash-Override. I should see traffic flowing through the class-map Flash as well. I am confident the ACL's are correct and traffic is flowing. Just not flowing in the right bucket as configured.

Danny

I look quickly your config and it seems ok.

Now we need to troubleshoot if the traffic is marked correctly and if it's classified correctly on the outside.

Which router are you using? With new devices, you can do some capture on the router itself to validate that everything is working as expected or not.

On ACL used into route-map configuration for flash precedence, do you see some hits using the command show access-list?

Why are you using PBR to mark QoS because I don't see any next-hop config within your route-map. In that case, I would use a policy-map with service-policy input on the interface itself instead of PBR. Except if you're really using PBR on this router and don't show up all the config.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question

Hi Francesco,

I am using a Cisco 3945 running 15.3.3.M4

I am not using PBR with the route-map. I am using the route-map for marking the traffic only (no PBR).

I have a case opened with TAC and TAC has confirmed the config is good. TAC is digging into the route-map as to why we are not seeing hits or matches.

Thanks Francesco !! I very much appreciate your time getting back to me !!!

Danny

Yes your config is good as I said previously. 

My point was instead of using route-map with ip policy under interface, have you tried to use policy-map to verify if the issue is your acl or is related to the route-map.

Normally, using route-map, you should be able to see if your acls have hits. This indicates that your traffic is passing through the right statement. Then you can continue the troubleshooting to validate that traffic is going along the way to the right class-map agreed confirm maybe a bug or something else. 

Thanks