02-10-2011 07:22 AM - edited 03-04-2019 11:22 AM
Greetings
I'm marking all ingress traffic with AF21, however, on the egress interface the traffic isn't matching the marking of AF21 I've set on the input policy -seeing all egress traffic in class-default
The ingress and egress interfaces are on the same router.
Ingress interface:
interface GigabitEthernet3/22.10
description labmspe2-int22-10-v3data-speednew-mi | |
encapsulation dot1Q 10
ip vrf forwarding NEW-QOS
ip address 10.10.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
service-policy input 2MB-INPUT-1DATA-P-CHILD-NEW
end
Input policy:
mi-za-lab-mspe2#sh run policy-map 2MB-INPUT-1DATA-P-CHILD-NEW
Building configuration...
Current configuration : 150 bytes
!
class class-default
police cir 2048000 bc 384000 be 768000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af23
Egress interface:
interface GigabitEthernet3/21.10
description labmspe2-int21-10-v3data-speednew-mi | |
encapsulation dot1Q 11
ip vrf forwarding NEW-QOS
ip address 11.10.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
service-policy output 2MB-OUTPUT-3DATA-CHILD-NEW
end
Output policy:
mi-za-lab-mspe2#sh run policy-map 2MB-OUTPUT-3DATA-CHILD-NEW
Building configuration...
Current configuration : 356 bytes
!
class ALL-VRF-OUTPUT-PLATINUM
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
class ALL-VRF-OUTPUT-GOLD
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
class class-default
police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
!
end
Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
Match dscp af21 (18)
Match dscp af22 (20)
Match dscp af23 (22)
Match access-group name ALL-VRF-OUTPUT-PLATINUM
Policy stats - ingress
mi-za-lab-mspe2#sh policy-map int GigabitEthernet3/22.10
GigabitEthernet3/22.10
Service-policy input: 2MB-INPUT-1DATA-P-CHILD-NEW
Counters last updated 00:00:00 ago
Class-map: class-default (match-any)
2294930 packets, 206543700 bytes
30 second offered rate 684000 bps, drop rate 0000 bps
Match: any
police:
cir 2048000 bps, bc 384000 bytes, be 768000 bytes
conformed 2294924 packets, 206543160 bytes; actions:
set-dscp-transmit af21
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit af23
violated 0 packets, 0 bytes; actions:
set-dscp-transmit af23
conformed 684000 bps, exceed 0000 bps, violate 0000 bps
Policy stats - egress
mi-za-lab-mspe2#sh policy-map int GigabitEthernet3/21.10
GigabitEthernet3/21.10
Service-policy output: 2MB-OUTPUT-3DATA-CHILD-NEW
Counters last updated 00:00:00 ago
Class-map: ALL-VRF-OUTPUT-PLATINUM (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: dscp af21 (18)
Match: dscp af22 (20)
Match: dscp af23 (22)
Match: access-group name ALL-VRF-OUTPUT-PLATINUM
police:
cir 512000 bps, bc 96000 bytes, be 192000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
transmit
conformed 0000 bps, exceed 0000 bps, violate 0000 bps
Class-map: ALL-VRF-OUTPUT-GOLD (match-all)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: dscp af11 (10)
Match: dscp af12 (12)
Match: dscp af13 (14)
police:
cir 512000 bps, bc 96000 bytes, be 192000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 0 packets, 0 bytes; actions:
transmit
conformed 0000 bps, exceed 0000 bps, violate 0000 bps
Class-map: class-default (match-any)
6917038 packets, 622533420 bytes
30 second offered rate 681000 bps, drop rate 0000 bps
Match: any
police:
cir 512000 bps, bc 96000 bytes, be 192000 bytes
conformed 5474588 packets, 492712920 bytes; actions:
transmit
exceeded 1115 packets, 100350 bytes; actions:
transmit
violated 1441329 packets, 129719610 bytes; actions:
transmit
conformed 539000 bps, exceed 0000 bps, violate 142000 bps
Router:
Cisco CISCO7606-S (M8500) processor (revision 1.1) with 3670016K/262144K bytes of memory.
Processor board ID FOX1437H0X8
BASEBOARD: RSP720
CPU: MPC8548_E, Version: 2.1, (0x80390021)
CORE: E500, Version: 2.2, (0x80210022)
CPU:1200MHz, CCB:400MHz, DDR:200MHz,
L1: D-cache 32 kB enabled
I-cache 32 kB enabled
Last reset from power-on
1 Virtual Ethernet interface
53 Gigabit Ethernet interfaces
12 Ten Gigabit Ethernet interfaces
3964K bytes of non-volatile configuration memory.
Linecard: ES+ linecard
IOS: c7600rsp72043-adventerprisek9-mz.122-33.SRE2.bin
Solved! Go to Solution.
02-10-2011 01:19 PM
Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
Match dscp af21 (18)
Match dscp af22 (20)
Match dscp af23 (22)
Match access-group name ALL-VRF-OUTPUT-PLATINUM
Impossible for a egress packet to match-all dscp values listed, changed to match any.
02-10-2011 01:19 PM
Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
Match dscp af21 (18)
Match dscp af22 (20)
Match dscp af23 (22)
Match access-group name ALL-VRF-OUTPUT-PLATINUM
Impossible for a egress packet to match-all dscp values listed, changed to match any.
02-10-2011 11:25 PM
Hi Darren
Well spotted! I forgot about the default behavior of a class-map.
Many thanks
02-11-2011 05:52 AM
No problem, glad to help. That happens more than you would think, we all
do it...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: