09-03-2018 04:19 AM - edited 03-08-2019 04:03 PM
Hello..
Looking to setup bandwidth restriction for VOIP traffic but not able to create even class-map queueing on nexus 9396 release 6x, pls help..
Switch9K-2(config)# class-map type queuing class_voip
^
% Invalid command at '^' marker.
Switch9K-2(config)# class-map type queuing class-voip
^
% Invalid command at '^' marker.
Switch9K-2(config)# class-map type queuing ?
c-out-q-default Egress default queue
c-out-q1 Egress queue 1
c-out-q2 Egress queue 2
c-out-q3 Egress queue 3
match-any Logical-OR all match statements under this classmap
Switch9K-2(config)# class-map type queuing
09-03-2018 05:17 AM
Hi Anukalp,
On the N9k platform, I don't think you can create your own queuing classes, you have to use the in-built ones but you can define your own queuing policy-map.
The in-built queues are configured as follows:
* qos-group-0 -> c-out-q-default (egress default queue) * qos-group-1 -> c-out-q1 (egress queue 1) * qos-group-2 -> c-out-q2 (egress queue 2) * qos-group-3 -> c-out-q3 (egress queue 3)
To restrict VoIP to say 100Mbits, you could do the following:
policy-map type queuing PM-QUEUE-OUT class type queuing c-out-q3 priority level 1 queue-limit dynamic 0 shape min 100 mbps max 100 mbps
This assumes that you classified your VOIP (RTP) traffic into qos-group 3 via a "type qos" policy:
class-map type qos match-any CM-QOS-VOICERTP match ip rtp 16384-32767 policy-map type qos PM-QOS-IN class CM-QOS-VOICERTP set qos-group 3
Hope this helps
James.
09-04-2018 12:45 AM
Thanks James.. this mean if i have five locations connected to this nexus switch, i cannot classify more than 3or4 locations n/w segments..pls suggest
09-04-2018 01:35 AM
Hi Anukalp,
I cannot easily answer this question based on the information you provided. Egress queueing controls the traffic outbound through a port and that would apply no matter how many sites you have downstream.
If you are looking to mark traffic based on IP addressing, you can do this as follows:
ip access-list QACL-VOICERTP 10 remark Cisco RTP 20 permit udp <voicesubnets/xx> <voicesubnets> range 16384 32767 class-map type qos match-any CM-QOS-VOICERTP match access-group name QACL-VOICERTP policy-map type qos PM-QOS-IN class CM-QOS-VOICERTP set qos-group 3
If you have several sites with IP phones and bandwidth restrictions between them, the correct way to limit this is via the Call Manager CAC settings and not QoS on the switch.
09-04-2018 05:48 AM
Hi James..
i am applying policy on interface but giving error..see below
ip access-list acl_voip-AP2
10 permit ip 172.16.10.0/24 172.21.11.0/24
20 permit ip 172.16.11.0/24 172.21.11.0/24
30 permit ip 172.18.7.0/24 172.21.11.0/24
40 permit ip 172.20.7.0/24 172.21.11.0/24
class-map type qos match-any class_qos_voip_AP2
match access-group name acl_voip-AP2
policy-map type qos AP2-QOS-POLICY
class class_qos_voip_AP2
set qos-group 3
policy-map type queuing VOIP_Queuing_AP2
class type queuing c-out-q3
shape min 10 mbps max 30 mbps
priority level 1
queue-limit dynamic 0
SWITCH9K-2(config)# int Ethernet1/23
service-policy type queuing output VOIP_Queuing_AP2
ERROR: policy-map VOIP_Queuing_AP2 does not have exact 4 or 8 number of class-maps
09-04-2018 06:58 AM
If VOIP is the only thing you are marking on ingress, you could do this:
policy-map type queuing VOIP_Queuing_AP2 class type queuing c-out-q3 priority level 1 queue-limit dynamic 0 shape min 10 mbps max 30 mbps class type queuing c-out-q2 bandwidth remaining percent 0 class type queuing c-out-q1 bandwidth remaining percent 0 class type queuing c-out-q-default bandwidth remaining percent 100 exit int Ethernet1/23 service-policy type queuing output VOIP_Queuing_AP2 exit
Basically you have to take into account all four hardware queues within the policy.
09-04-2018 09:06 AM
Thanks.. do I also need to attach policy-qos to interface so that ACL policy get Mark as qos-group 3 OR just configuring qos-policy with set qos-group 3 will work without attaching it on interface .pls suggest
I am new to nexus qos configuration.
09-04-2018 09:37 AM
Thanks..do I also need to attach policy-qos-AP2 ingress interface to mark ACL traffic as qos-group 3 OR it will mark just configuring policy-qos-AP2 without attaching ingress interface ..pls suggest, I am new to nexus qos.
09-04-2018 09:54 AM
Thanks James.. do i also need to attach policy policy-qos-AP2 to an ingress interface so that ACL traffic get mark as qos-group 3 OR just defining policy-qos-AP2 with set qos-group 3 will work & mark ACL without attaching it ingress interface.. pls suggest. I am new to nexus QoS configuration.
09-04-2018 10:02 AM
Yes, the traffic needs to be classified on the ingress, something like this should do it:
class-map type qos match-any CM-QOS-VOICERTP match ip rtp 16384-32767 exit policy-map type qos policy-qos-AP2 class CM-QOS-VOICERTP set qos-group 3 class class-default set qos-group 0 exit inter Eth1/X service-policy type qos input policy-qos-AP2 exit
Depending on which model of N9K you are using and which features are activated you might need to consider adding "no-stats" to the end of the service-policy attachment line above.
09-06-2018 12:36 AM
Thanks for suggestion.. but i am unable to apply service-policy input under vlan interface to mark traffic.
Please suggest
int vlan 10
ip 172.16.10.3/24
Description "VOIP N/W"
ip access-list extended acl_voip
permit ip 172.16.10.0 0.0.0.255 172.21.11.0 0.0.0.255
class-map type qos match-any CM-QOS-VOICERTP
match access-group name acl_voip
policy-map type qos policy-qos-AP2
class CM-QOS-VOICERTP
set qos-group 3
class class-default
set qos-group 0
09-06-2018 02:53 AM
Also getting below error, please help...
int Ethernet1/23
SwitchN9K-2(config-if)# service-policy type qos input policy-mark-qos-AP2
ERROR: Unable to perform the action due to incompatibility: Module 1 returned status "TCAM region is not configured. Please configure TCAM region and retry the command
09-06-2018 07:15 AM
Hi Anukalp,
The switch you are using is not one of the more recent CloudScale devices (such as 9300-FX) and the TCAM resources are limited. As I mentioned earlier you could try "no-stats":
inter Ethx/x service-policy type qos input policy-mark-qos-AP2 no-stats end
Failing this, we'll need to know which features you use on the box and take some of the tcam to use with QoS instead. This would involve the following and a device reload. You might need to carve some tcam from other features as well:
conf ter hardware access-list tcam region l3qos-li 512 end
09-06-2018 07:37 AM
Hi James.. i tried with no-stats also but still TCAM error occurring, see below. Also see below Features enabled. I am running Nexus 9396PX
Switch9K-2(config)# int Ethernet1/23
Switch9K-2(config-if)# service-policy type qos input policy-mark-qos-AP2 no-stats
ERROR: Unable to perform the action due to incompatibility: Module 1 returned status "TCAM region is not configured. Please configure TCAM region and retry the command"
feature privilege
feature telnet
feature tacacs+
cfs eth distribute
feature ospf
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature lldp
feature vtp
09-06-2018 10:01 PM
Hi James.. pls find below TCAM output and suggest if TCAM for QoS can be carved from other.
slot 1
=======
Atomic Update : ENABLED
Default ACL : DENY
Bank Chaining : DISABLED
Fabric path DNL : DISABLED
NS Buffer Profile: Burst optimized
Min Buffer Profile: all
EOQ Class Stats: qos-group-0
NS MCQ3 Alias: qos-group-3
Ing PG Share: ENABLED
LOU Threshold Value : 5
----------------------------------------------------------------------
INSTANCE 0 TCAM Region Information:
----------------------------------------------------------------------
Ingress:
----------
Region GID Base Size Width
----------------------------------------------------------------------
IPV4 PACL [ifacl] 3 0 512 1
IPV6 PACL [ipv6-ifacl] 4 0 0 2
MAC PACL [mac-ifacl] 5 0 0 2
IPV4 Port QoS [qos] 6 3072 256 2
IPV6 Port QoS [ipv6-qos] 7 0 0 2
MAC Port QoS [mac-qos] 8 0 0 2
FEX IPV4 PACL [fex-ifacl] 9 0 0 1
FEX IPV6 PACL [fex-ipv6-ifacl] 10 0 0 2
FEX MAC PACL [fex-mac-ifacl] 11 0 0 2
FEX IPV4 Port QoS [fex-qos] 12 0 0 2
FEX IPV6 Port QoS [fex-ipv6-qos] 13 0 0 2
FEX MAC Port QoS [fex-mac-qos] 14 0 0 2
IPV4 VACL [vacl] 15 512 512 1
IPV6 VACL [ipv6-vacl] 16 0 0 2
MAC VACL [mac-vacl] 17 0 0 2
IPV4 VLAN QoS [vqos] 18 0 0 2
IPV6 VLAN QoS [ipv6-vqos] 19 0 0 2
MAC VLAN QoS [mac-vqos] 20 0 0 2
IPV4 RACL [racl] 21 1024 512 1
IPV6 RACL [ipv6-racl] 22 0 0 2
IPV4 Port QoS Lite [qos-lite] 61 0 0 1
FEX IPV4 Port QoS Lite [fex-qos-lite] 62 0 0 1
IPV4 VLAN QoS Lite [vqos-lite] 63 0 0 1
IPV4 L3 QoS Lite [l3qos-lite] 64 0 0 1
IPV4 L3 QoS [l3qos] 37 0 0 2
IPV6 L3 QoS [ipv6-l3qos] 38 0 0 2
MAC L3 QoS [mac-l3qos] 39 0 0 2
Ingress System 1 2048 256 2
SPAN [span] 2 3584 256 1
Ingress COPP [copp] 40 2560 256 2
Ingress Flow Counters [flow] 43 0 0 1
Ingress SVI Counters [svi] 45 0 0 1
Redirect [redirect] 46 1536 512 1
NS IPV4 Port QoS [ns-qos] 47 0 0 1
NS IPV6 Port QoS [ns-ipv6-qos] 48 0 0 2
NS MAC Port QoS [ns-mac-qos] 49 0 0 1
NS IPV4 VLAN QoS [ns-vqos] 50 0 0 1
NS IPV6 VLAN QoS [ns-ipv6-vqos] 51 0 0 2
NS MAC VLAN QoS [ns-mac-vqos] 52 0 0 1
NS IPV4 L3 QoS [ns-l3qos] 53 0 0 1
NS IPV6 L3 QoS [ns-ipv6-l3qos] 54 0 0 2
NS MAC L3 QoS [ns-mac-l3qos] 55 0 0 1
VPC Convergence [vpc-convergence] 57 4096 256 1
----------------------------------------------------------------------
* - allocated 512 entry slice due to unavailability of 256 entry slices
----------------------------------------------------------------------
Total: 4096
----------------------------------------------------------------------
Egress
----------
Region GID Base Size Width
----------------------------------------------------------------------
Egress IPV4 VACL [vacl] 31 4352 512 1
Egress IPV6 VACL [ipv6-vacl] 32 0 0 2
Egress MAC VACL [mac-vacl] 33 0 0 2
Egress IPV4 RACL [e-racl] 34 4864 256 1
Egress IPV6 RACL [e-ipv6-racl] 35 0 0 2
Egress System 24 3840 256 1
Egress Flow Counters [e-flow] 44 0 0 1
----------------------------------------------------------------------
Total: 1024
----------------------------------------------------------------------
----------------------------------------------------------------------
INSTANCE 1 TCAM Region Information:
----------------------------------------------------------------------
Ingress:
----------
Region GID Base Size Width
----------------------------------------------------------------------
IPV4 PACL [ifacl] 3 0 0 1
IPV6 PACL [ipv6-ifacl] 4 0 0 2
MAC PACL [mac-ifacl] 5 0 0 2
IPV4 Port QoS [qos] 6 0 0 2
IPV6 Port QoS [ipv6-qos] 7 0 0 2
MAC Port QoS [mac-qos] 8 0 0 2
FEX IPV4 PACL [fex-ifacl] 9 0 0 1
FEX IPV6 PACL [fex-ipv6-ifacl] 10 0 0 2
FEX MAC PACL [fex-mac-ifacl] 11 0 0 2
FEX IPV4 Port QoS [fex-qos] 12 0 0 2
FEX IPV6 Port QoS [fex-ipv6-qos] 13 0 0 2
FEX MAC Port QoS [fex-mac-qos] 14 0 0 2
IPV4 VACL [vacl] 15 0 0 1
IPV6 VACL [ipv6-vacl] 16 0 0 2
MAC VACL [mac-vacl] 17 0 0 2
IPV4 VLAN QoS [vqos] 18 0 0 2
IPV6 VLAN QoS [ipv6-vqos] 19 0 0 2
MAC VLAN QoS [mac-vqos] 20 0 0 2
IPV4 RACL [racl] 21 0 0 1
IPV6 RACL [ipv6-racl] 22 0 0 2
IPV4 Port QoS Lite [qos-lite] 61 0 0 1
FEX IPV4 Port QoS Lite [fex-qos-lite] 62 0 0 1
IPV4 VLAN QoS Lite [vqos-lite] 63 0 0 1
IPV4 L3 QoS Lite [l3qos-lite] 64 0 0 1
IPV4 L3 QoS [l3qos] 37 0 0 2
IPV6 L3 QoS [ipv6-l3qos] 38 0 0 2
MAC L3 QoS [mac-l3qos] 39 0 0 2
Ingress System 1 0 0 2
SPAN [span] 2 0 0 1
Ingress COPP [copp] 40 0 0 2
Ingress Flow Counters [flow] 43 0 0 1
Ingress SVI Counters [svi] 45 0 0 1
Redirect [redirect] 46 0 0 1
NS IPV4 Port QoS [ns-qos] 47 320 256 1
NS IPV6 Port QoS [ns-ipv6-qos] 48 0 0 2
NS MAC Port QoS [ns-mac-qos] 49 0 0 1
NS IPV4 VLAN QoS [ns-vqos] 50 576 256 1
NS IPV6 VLAN QoS [ns-ipv6-vqos] 51 0 0 2
NS MAC VLAN QoS [ns-mac-vqos] 52 0 0 1
NS IPV4 L3 QoS [ns-l3qos] 53 64 256 1
NS IPV6 L3 QoS [ns-ipv6-l3qos] 54 0 0 2
NS MAC L3 QoS [ns-mac-l3qos] 55 0 0 1
VPC Convergence [vpc-convergence] 57 0 0 1
----------------------------------------------------------------------
Total: 768
----------------------------------------------------------------------
Egress
----------
Region GID Base Size Width
----------------------------------------------------------------------
Egress IPV4 VACL [vacl] 31 0 0 1
Egress IPV6 VACL [ipv6-vacl] 32 0 0 2
Egress MAC VACL [mac-vacl] 33 0 0 2
Egress IPV4 RACL [e-racl] 34 0 0 1
Egress IPV6 RACL [e-ipv6-racl] 35 0 0 2
Egress System 24 0 0 1
Egress Flow Counters [e-flow] 44 0 0 1
----------------------------------------------------------------------
Total: 0
----------------------------------------------------------------------
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: