06-12-2018 07:48 AM - edited 03-08-2019 03:20 PM
Dear Cisco support community
I am trying to get a QoS configuration running on a 3850 Switch. The configuration is similar to QoS on routers, but yet still very different. Just the fact that we cant us NBAR makes we wish they didnt go the MQC way at all and stayed with the mls qos configuration. But thats another topic. I have following configuration:
ip access-list extended QOS_CITRIX remark ---------------------------------- remark mark citrix inbound & outbound permit tcp any any eq 1494 permit tcp any eq 1494 any permit tcp any eq 2598 any permit tcp any any eq 2598 remark ---------------------------------- ip access-list extended QOS_ROUTING remark ---------------------------------- remark mark eigrp traffic permit eigrp any any remark ---------------------------------- ip access-list extended QOS_VOICE remark ---------------------------------- remark mark voice RTP traffic permit ip host 192.168.22.50 any remark ---------------------------------- ip access-list extended QOS_VOICESIGNAL remark ---------------------------------- remark mark SIP traffic permit udp any any eq 5060 5061 permit tcp any any eq 5060 5061 remark ---------------------------------- class-map match-any QOS_CITRIX match access-group name QOS_CITRIX class-map match-any QOS_ROUTING match access-group name QOS_ROUTING class-map match-any QOS_VOICE match access-group name QOS_VOICE class-map match-any QOS_VOICESIGNAL match access-group name QOS_VOICESIGNAL policy-map QOS_IN class QOS_CITRIX set dscp cs4 class QOS_ROUTING set dscp cs6 class QOS_VOICE set dscp ef class QOS_VOICESIGNAL set dscp cs3 policy-map QOS_OUT class QOS_CITRIX bandwidth percent 50 class QOS_ROUTING priority percent 5 class QOS_VOICE priority percent 20 class QOS_VOICESIGNAL bandwidth percent 5
Problem is, as soon as i want to set the QOS_OUT policy on an interface, it does not stick. There is no error or anything, it just isnt there:
swRZ101(config)#int gigabitEthernet 1/0/25
swRZ101(config-if)#do show run int gi 1/0/25 Building configuration... Current configuration : 139 bytes ! interface GigabitEthernet1/0/25 description roRZ1sip01 switchport access vlan 303 switchport mode access spanning-tree portfast end swRZ101(config-if)#service-policy output QOS_OUT swRZ101(config-if)#do show run int gi 1/0/25 Building configuration... Current configuration : 139 bytes ! interface GigabitEthernet1/0/25 description roRZ1sip01 switchport access vlan 303 switchport mode access spanning-tree portfast end
I can configure a service-policy on the input though. Anyone has any idea why that may be? I have seen some tutorials where people use a service-policy output on a 3850 switch, so it should be possible. We run IOS XE 03.07.04E
Solved! Go to Solution.
06-12-2018 09:00 AM
Hello,
there are numerous restrictions when applying service policies on the 3850. Are there any messages logged in your syslog when you try to apply the service policy ?
06-13-2018 12:38 AM
Hey Georg
You are right. there is a line in the syslog at the time the command was entered:
Jun 13 09:16:10.509: Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!! Jun 13 09:16:10.509: %QOS-6-POLICY_INST_FAILED: Service policy installation failed
I created a different class map for outgoing traffic and had to set the level in the priority command. it works now.
class-map match-any QOS_CITRIX_OUT match dscp cs4 class-map match-any QOS_ROUTING_OUT match dscp cs6 class-map match-any QOS_VOICE_OUT match dscp ef class-map match-any QOS_VOICESIGNAL_OUT match dscp cs3 policy-map QOS_OUT class QOS_CITRIX_OUT bandwidth percent 50 class QOS_ROUTING_OUT priority level 2 percent 5 class QOS_VOICE_OUT priority level 1 percent 20 class QOS_VOICESIGNAL_OUT bandwidth percent 5
I can configure both service policies now:
swRZ101#show running-config interface gigabitEthernet 1/0/25 Building configuration... Current configuration : 199 bytes ! interface GigabitEthernet1/0/25 description roRZ1sip01 switchport access vlan 303 switchport mode access spanning-tree portfast service-policy input QOS_IN service-policy output QOS_OUT end
Thanks for your help.
06-12-2018 09:00 AM
Hello,
there are numerous restrictions when applying service policies on the 3850. Are there any messages logged in your syslog when you try to apply the service policy ?
06-13-2018 12:38 AM
Hey Georg
You are right. there is a line in the syslog at the time the command was entered:
Jun 13 09:16:10.509: Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence based classification!!! Jun 13 09:16:10.509: %QOS-6-POLICY_INST_FAILED: Service policy installation failed
I created a different class map for outgoing traffic and had to set the level in the priority command. it works now.
class-map match-any QOS_CITRIX_OUT match dscp cs4 class-map match-any QOS_ROUTING_OUT match dscp cs6 class-map match-any QOS_VOICE_OUT match dscp ef class-map match-any QOS_VOICESIGNAL_OUT match dscp cs3 policy-map QOS_OUT class QOS_CITRIX_OUT bandwidth percent 50 class QOS_ROUTING_OUT priority level 2 percent 5 class QOS_VOICE_OUT priority level 1 percent 20 class QOS_VOICESIGNAL_OUT bandwidth percent 5
I can configure both service policies now:
swRZ101#show running-config interface gigabitEthernet 1/0/25 Building configuration... Current configuration : 199 bytes ! interface GigabitEthernet1/0/25 description roRZ1sip01 switchport access vlan 303 switchport mode access spanning-tree portfast service-policy input QOS_IN service-policy output QOS_OUT end
Thanks for your help.
05-10-2019 05:19 PM
Hi Mario,
It's been a while but I got the same error in C9300, could you point me out what is wrong in my configuration:
1. Create a Traffic Class:
access-list 101 permit ip any host 192.168.211.101
class-map match-all CLASS_VDI
match access-group 101
2. Create traffic Policy:
Create traffic policy which matches the VDI_ACL and limit the bandwidth to 2% (20Mbps)
policy-map VDI_20M_OUT
class CLASS_VDI
bandwidth 2
3. Apply the traffic policy to interface:
interface GigabitEthernet2/48
service-policy output VDI_20M_OUT
Invalid queuing class-map!!! Queuing actions supported only with dscp/cos/qos-group/precedence/exp based classification!!!
Thanks,
05-13-2019 02:18 AM
On these switches, you can only prioritize based on a marking. So you have to do this in 2 steps:
Step1: mark traffic based on classification
Step2: prioritize based on marking
So your configuration would look something like this:
access-list 101 permit ip any host 192.168.211.101 class-map match-all CLASS_VDI_IN match access-group 101 policy-map VDI_IN class CLASS_VDI_IN set dscp 32 class-map match-all CLASS_VDI_OUT match ip dscp 32 policy-map VDI_20M_OUT class CLASS_VDI_OUT bandwidth 2 interface GigabitEthernet1/48 description all other interfaces service-policy input VDI_IN interface GigabitEthernet2/48 service-policy output VDI_20M_OUT
So if course based on your setup you'd have to assign the incoming service policy to every interface where VDI traffic could come in. So most of the time it is pretty common to assign the incoming service-policy to every interface on your switch in order to catch and mark all traffic. Hope I could help out a little.
05-14-2019 01:23 PM
Hi Mario,
It is awesome. I applied your configuration and the switch took it without any error. I really appreciate.
I have another question. Could you show me what is the best way to limit the bandwidth in out interface? I am trying to limit the bandwidth to 20Mbps on the up-link port but look like the switch doesn't understand what I am trying to do. I tried these commands in the policy-map VDI_20M_OUT but none of them works as expected, still getting around 1Gbps speed with Iperf.
- bandwidth percent 2
- shape average percent 2 and queue-buffers ratio 0.
I don't know what I am missing.
Thanks
Hung Doan
05-16-2019 12:37 AM
So the bandwidth command is a QoS measure to guarantee the minimum bandwidth. But this wont limit the max bandwidth. Not sure if these switches support shaping. Try it with a policer:
policy-map VDI_20M_OUT class CLASS_VDI_OUT police cir 20000000 conform-action transmit exceed-action drop
The bandwidth is in bit/s so 20Mbit/s x 1000 gives you 20'000Kbit/s x 1000 gives you 20'000'000bit/s
Cheers
02-07-2021 12:51 AM
Thanks, Mario
I was looking for a policing example for traffic control. I tested it a few minutes ago and it works great. Do you have any similar policing for Nexus switches?
Regards
Raul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide