cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
810
Views
0
Helpful
6
Replies

Router with Port Channel-where should service policy & nbar be applied

TONY SMITH
Spotlight
Spotlight

Hi,

The scenario here is a WAN router connected by port channel to a pair of Nexuses.  Obviously it's VPC at the Nexus end but I don't think the router needs to know that.  We want to use nbar to mark incoming traffic, to make sure everything has the correct DSCP to suit the WAN provider.  Where should this be configured, on the Port Channel interface, or on the member interfaces?  If I understand correctly I am being told that it won't accept the service policy applied on the Port Channel. It's a live customer system so we can only test during pre-agreed change windows.

 

Currently it has the service policy on both member interfaces, and " ip nbar protocol-discovery" on member interfaces and on also the Port Channel. With this configuration the policy is not matching anything, packet counts only appear under class-default, although strangely the rate is zero for class-default as well.

 

Any comment welcome,

 

Thanks, Tony S

6 Replies 6

Hello
Are you trying remark the traffic or classify upon already marked traffic?
You should be able to apply service-policys not only to specific interfaces including PC's (ingress only for l2) but also to vlans or even system wide.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TONY SMITH
Spotlight
Spotlight

It's a mixture of both. Some of the traffic like voice should already be correctly marked by the time it reaches the router, but the priority data applications will not be marked. So this will be an input service policy, on either the Port Channel, or on the member interfaces. It's just not clear how it should work given that it doesn't appear to be effective if applied to the member interfaces, and apparently cannot be applied to the port channel.

Hello Tony
would it be possible to provide an example of what you are trying to achieve may be a simple topology diagram attached!


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

See attached, hopefully this helps.  On the LAN side the router connects with two Ethernet interfaces, but since these are configured as an Etherchannel much of the functional LAN configuration is applied to the port channel interface, rather than the member ports.  On the WAN side it is again an Ethernet interface, but since this is a DMVPN much of the functional configuration is applied to the tunnel interface rather than the egress i/f.

When trying to apply the ingress policy to the Port Channel interface, we get an error ...

ROUTER(config)#int port-channel 1
ROUTER(config-if)#service-policy input LAN-MARKING
service-policy input LAN-MARKING not supported on this target

Hello Tony
Apologies my mistake I was on the understanding the qos was being applied to the nexus not the rtr, TBH I don’t think (as the rtr is showing) qos service-policy allowed on aggregation ports- as an alternative you could mark on the nexus and trust on the rtr.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card