Solved: Re: QoS on Cisco 7600

wernerleg1 · ‎02-10-2011

Greetings

I'm marking all ingress traffic with AF21, however, on the egress interface the traffic isn't matching the marking of AF21 I've set on the input policy -seeing all egress traffic in class-default

The ingress and egress interfaces are on the same router.

Ingress interface:

interface GigabitEthernet3/22.10
description labmspe2-int22-10-v3data-speednew-mi | |
encapsulation dot1Q 10
ip vrf forwarding NEW-QOS
ip address 10.10.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
service-policy input 2MB-INPUT-1DATA-P-CHILD-NEW
end

Input policy:

mi-za-lab-mspe2#sh run policy-map 2MB-INPUT-1DATA-P-CHILD-NEW
Building configuration...

Current configuration : 150 bytes
!
class class-default
police cir 2048000 bc 384000 be 768000 conform-action set-dscp-transmit af21 exceed-action set-dscp-transmit af23

Egress interface:

interface GigabitEthernet3/21.10
description labmspe2-int21-10-v3data-speednew-mi | |
encapsulation dot1Q 11
ip vrf forwarding NEW-QOS
ip address 11.10.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
service-policy output 2MB-OUTPUT-3DATA-CHILD-NEW
end

Output policy:

mi-za-lab-mspe2#sh run policy-map 2MB-OUTPUT-3DATA-CHILD-NEW
Building configuration...

Current configuration : 356 bytes
!
class ALL-VRF-OUTPUT-PLATINUM
    police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
class ALL-VRF-OUTPUT-GOLD
    police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
class class-default
    police cir 512000 bc 96000 be 192000 conform-action transmit exceed-action transmit
!
end

Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
   Match   dscp af21 (18)
   Match   dscp af22 (20)
   Match   dscp af23 (22)
   Match access-group name ALL-VRF-OUTPUT-PLATINUM

Policy stats - ingress

mi-za-lab-mspe2#sh policy-map int GigabitEthernet3/22.10
GigabitEthernet3/22.10

Service-policy input: 2MB-INPUT-1DATA-P-CHILD-NEW

Counters last updated 00:00:00 ago

    Class-map: class-default (match-any)
      2294930 packets, 206543700 bytes
      30 second offered rate 684000 bps, drop rate 0000 bps
      Match: any
      police:
          cir 2048000 bps, bc 384000 bytes, be 768000 bytes
        conformed 2294924 packets, 206543160 bytes; actions:
          set-dscp-transmit af21
        exceeded 0 packets, 0 bytes; actions:
          set-dscp-transmit af23
        violated 0 packets, 0 bytes; actions:
          set-dscp-transmit af23
        conformed 684000 bps, exceed 0000 bps, violate 0000 bps

Policy stats - egress

mi-za-lab-mspe2#sh policy-map int GigabitEthernet3/21.10
GigabitEthernet3/21.10

Service-policy output: 2MB-OUTPUT-3DATA-CHILD-NEW

Counters last updated 00:00:00 ago

    Class-map: ALL-VRF-OUTPUT-PLATINUM (match-all)
      0 packets, 0 bytes
      30 second offered rate 0000 bps, drop rate 0000 bps
      Match: dscp af21 (18)
      Match: dscp af22 (20)
      Match: dscp af23 (22)
      Match: access-group name ALL-VRF-OUTPUT-PLATINUM
      police:
          cir 512000 bps, bc 96000 bytes, be 192000 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          transmit
        violated 0 packets, 0 bytes; actions:
          transmit
        conformed 0000 bps, exceed 0000 bps, violate 0000 bps

    Class-map: ALL-VRF-OUTPUT-GOLD (match-all)
      0 packets, 0 bytes
      30 second offered rate 0000 bps, drop rate 0000 bps
      Match: dscp af11 (10)
      Match: dscp af12 (12)
      Match: dscp af13 (14)
      police:
          cir 512000 bps, bc 96000 bytes, be 192000 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          transmit
        violated 0 packets, 0 bytes; actions:
          transmit
        conformed 0000 bps, exceed 0000 bps, violate 0000 bps

    Class-map: class-default (match-any)
      6917038 packets, 622533420 bytes
      30 second offered rate 681000 bps, drop rate 0000 bps
      Match: any
      police:
          cir 512000 bps, bc 96000 bytes, be 192000 bytes
        conformed 5474588 packets, 492712920 bytes; actions:
          transmit
        exceeded 1115 packets, 100350 bytes; actions:
          transmit
        violated 1441329 packets, 129719610 bytes; actions:
          transmit
        conformed 539000 bps, exceed 0000 bps, violate 142000 bps

Router:

Cisco CISCO7606-S (M8500) processor (revision 1.1) with 3670016K/262144K bytes of memory.
Processor board ID FOX1437H0X8
BASEBOARD: RSP720
CPU: MPC8548_E, Version: 2.1, (0x80390021)
CORE: E500, Version: 2.2, (0x80210022)
CPU:1200MHz, CCB:400MHz, DDR:200MHz,
L1: D-cache 32 kB enabled
I-cache 32 kB enabled

Last reset from power-on
1 Virtual Ethernet interface
53 Gigabit Ethernet interfaces
12 Ten Gigabit Ethernet interfaces
3964K bytes of non-volatile configuration memory.

Linecard: ES+ linecard

IOS: c7600rsp72043-adventerprisek9-mz.122-33.SRE2.bin

dwillie · ‎02-10-2011

Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
   Match   dscp af21 (18)
   Match   dscp af22 (20)
   Match   dscp af23 (22)
   Match access-group name ALL-VRF-OUTPUT-PLATINUM

Impossible for a egress packet to match-all dscp values listed, changed to match any.

View solution in original post

dwillie · ‎02-10-2011

Class Map match-all ALL-VRF-OUTPUT-PLATINUM (id 3)
   Match   dscp af21 (18)
   Match   dscp af22 (20)
   Match   dscp af23 (22)
   Match access-group name ALL-VRF-OUTPUT-PLATINUM

Impossible for a egress packet to match-all dscp values listed, changed to match any.

wernerleg1 · ‎02-10-2011

Hi Darren

Well spotted! I forgot about the default behavior of a class-map.

Many thanks

dwillie · ‎02-11-2011

No problem, glad to help. That happens more than you would think, we all

do it...