Re: class-map queuing-Nexus9K

Anukalp S · ‎09-03-2018

Hello..

Looking to setup bandwidth restriction for VOIP traffic but not able to create even class-map queueing on nexus 9396 release 6x, pls help..

Switch9K-2(config)# class-map type queuing class_voip
^
% Invalid command at '^' marker.
Switch9K-2(config)# class-map type queuing class-voip
^
% Invalid command at '^' marker.
Switch9K-2(config)# class-map type queuing ?
c-out-q-default Egress default queue
c-out-q1 Egress queue 1
c-out-q2 Egress queue 2
c-out-q3 Egress queue 3
match-any Logical-OR all match statements under this classmap
Switch9K-2(config)# class-map type queuing

j.a.m.e.s · ‎09-03-2018

Hi Anukalp,

On the N9k platform, I don't think you can create your own queuing classes, you have to use the in-built ones but you can define your own queuing policy-map.

The in-built queues are configured as follows:

* qos-group-0 -> c-out-q-default (egress default queue) 
* qos-group-1 -> c-out-q1 (egress queue 1) 
* qos-group-2 -> c-out-q2 (egress queue 2) 
* qos-group-3 -> c-out-q3 (egress queue 3)

To restrict VoIP to say 100Mbits, you could do the following:

policy-map type queuing PM-QUEUE-OUT
  class type queuing c-out-q3
    priority level 1
    queue-limit dynamic 0
    shape min 100 mbps max 100 mbps

This assumes that you classified your VOIP (RTP) traffic into qos-group 3 via a "type qos" policy:

class-map type qos match-any CM-QOS-VOICERTP
  match ip rtp 16384-32767
policy-map type qos PM-QOS-IN
 class CM-QOS-VOICERTP 
  set qos-group 3

Hope this helps

James.

Anukalp S · ‎09-04-2018

Thanks James.. this mean if i have five locations connected to this nexus switch, i cannot classify more than 3or4 locations n/w segments..pls suggest

j.a.m.e.s · ‎09-04-2018

Hi Anukalp,

I cannot easily answer this question based on the information you provided. Egress queueing controls the traffic outbound through a port and that would apply no matter how many sites you have downstream.

If you are looking to mark traffic based on IP addressing, you can do this as follows:

ip access-list QACL-VOICERTP
  10 remark Cisco RTP
  20 permit udp <voicesubnets/xx> <voicesubnets> range 16384 32767
class-map type qos match-any CM-QOS-VOICERTP
 match access-group name QACL-VOICERTP
policy-map type qos PM-QOS-IN
 class CM-QOS-VOICERTP 
  set qos-group 3

If you have several sites with IP phones and bandwidth restrictions between them, the correct way to limit this is via the Call Manager CAC settings and not QoS on the switch.

Anukalp S · ‎09-04-2018

Hi James..

i am applying policy on interface but giving error..see below

ip access-list acl_voip-AP2
10 permit ip 172.16.10.0/24 172.21.11.0/24
20 permit ip 172.16.11.0/24 172.21.11.0/24
30 permit ip 172.18.7.0/24 172.21.11.0/24
40 permit ip 172.20.7.0/24 172.21.11.0/24

class-map type qos match-any class_qos_voip_AP2
match access-group name acl_voip-AP2
policy-map type qos AP2-QOS-POLICY
class class_qos_voip_AP2
set qos-group 3
policy-map type queuing VOIP_Queuing_AP2
class type queuing c-out-q3
shape min 10 mbps max 30 mbps
priority level 1
queue-limit dynamic 0

SWITCH9K-2(config)# int Ethernet1/23

service-policy type queuing output VOIP_Queuing_AP2
ERROR: policy-map VOIP_Queuing_AP2 does not have exact 4 or 8 number of class-maps

j.a.m.e.s · ‎09-04-2018

If VOIP is the only thing you are marking on ingress, you could do this:

policy-map type queuing VOIP_Queuing_AP2 
  class type queuing c-out-q3
    priority level 1
    queue-limit dynamic 0
    shape min 10 mbps max 30 mbps
 class type queuing c-out-q2
    bandwidth remaining percent 0
  class type queuing c-out-q1
    bandwidth remaining percent 0
  class type queuing c-out-q-default
    bandwidth remaining percent 100
exit
int Ethernet1/23
 service-policy type queuing output VOIP_Queuing_AP2
exit

Basically you have to take into account all four hardware queues within the policy.

Anukalp S · ‎09-04-2018

Thanks.. do I also need to attach policy-qos to interface so that ACL policy get Mark as qos-group 3 OR just configuring qos-policy with set qos-group 3 will work without attaching it on interface .pls suggest

I am new to nexus qos configuration.

Anukalp S · ‎09-04-2018

Thanks..do I also need to attach policy-qos-AP2 ingress interface to mark ACL traffic as qos-group 3 OR it will mark just configuring policy-qos-AP2 without attaching ingress interface ..pls suggest, I am new to nexus qos.

Anukalp S · ‎09-04-2018

Thanks James.. do i also need to attach policy policy-qos-AP2 to an ingress interface so that ACL traffic get mark as qos-group 3 OR just defining policy-qos-AP2 with set qos-group 3 will work & mark ACL without attaching it ingress interface.. pls suggest. I am new to nexus QoS configuration.

j.a.m.e.s · ‎09-04-2018

Yes, the traffic needs to be classified on the ingress, something like this should do it:

class-map type qos match-any CM-QOS-VOICERTP
  match ip rtp 16384-32767
exit
policy-map type qos policy-qos-AP2
  class CM-QOS-VOICERTP
    set qos-group 3
  class class-default
    set qos-group 0
exit

inter Eth1/X
 service-policy type qos input policy-qos-AP2
exit

Depending on which model of N9K you are using and which features are activated you might need to consider adding "no-stats" to the end of the service-policy attachment line above.

Anukalp S · ‎09-06-2018

Thanks for suggestion.. but i am unable to apply service-policy input under vlan interface to mark traffic.

Please suggest

int vlan 10

ip 172.16.10.3/24

Description "VOIP N/W"

ip access-list extended acl_voip
permit ip 172.16.10.0 0.0.0.255 172.21.11.0 0.0.0.255

class-map type qos match-any CM-QOS-VOICERTP
match access-group name acl_voip

policy-map type qos policy-qos-AP2
class CM-QOS-VOICERTP
set qos-group 3
class class-default
set qos-group 0

Anukalp S · ‎09-06-2018

Also getting below error, please help...

int Ethernet1/23
SwitchN9K-2(config-if)# service-policy type qos input policy-mark-qos-AP2
ERROR: Unable to perform the action due to incompatibility: Module 1 returned status "TCAM region is not configured. Please configure TCAM region and retry the command

j.a.m.e.s · ‎09-06-2018

Hi Anukalp,

The switch you are using is not one of the more recent CloudScale devices (such as 9300-FX) and the TCAM resources are limited. As I mentioned earlier you could try "no-stats":

inter Ethx/x
 service-policy type qos input policy-mark-qos-AP2 no-stats 
end

Failing this, we'll need to know which features you use on the box and take some of the tcam to use with QoS instead. This would involve the following and a device reload. You might need to carve some tcam from other features as well:

conf ter
hardware access-list tcam region l3qos-li 512 
end

Anukalp S · ‎09-06-2018

Hi James.. i tried with no-stats also but still TCAM error occurring, see below. Also see below Features enabled. I am running Nexus 9396PX

Switch9K-2(config)# int Ethernet1/23
Switch9K-2(config-if)# service-policy type qos input policy-mark-qos-AP2 no-stats
ERROR: Unable to perform the action due to incompatibility: Module 1 returned status "TCAM region is not configured. Please configure TCAM region and retry the command"

feature privilege
feature telnet
feature tacacs+
cfs eth distribute
feature ospf
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature lldp
feature vtp

Anukalp S · ‎09-06-2018

Hi James.. pls find below TCAM output and suggest if TCAM for QoS can be carved from other.

slot 1
=======

Atomic Update : ENABLED
Default ACL : DENY
Bank Chaining : DISABLED
Fabric path DNL : DISABLED
NS Buffer Profile: Burst optimized
Min Buffer Profile: all
EOQ Class Stats: qos-group-0
NS MCQ3 Alias: qos-group-3
Ing PG Share: ENABLED

LOU Threshold Value : 5

----------------------------------------------------------------------
INSTANCE 0 TCAM Region Information:
----------------------------------------------------------------------
Ingress:
----------
Region GID Base Size Width
----------------------------------------------------------------------
IPV4 PACL [ifacl] 3 0 512 1
IPV6 PACL [ipv6-ifacl] 4 0 0 2
MAC PACL [mac-ifacl] 5 0 0 2
IPV4 Port QoS [qos] 6 3072 256 2
IPV6 Port QoS [ipv6-qos] 7 0 0 2
MAC Port QoS [mac-qos] 8 0 0 2
FEX IPV4 PACL [fex-ifacl] 9 0 0 1
FEX IPV6 PACL [fex-ipv6-ifacl] 10 0 0 2
FEX MAC PACL [fex-mac-ifacl] 11 0 0 2
FEX IPV4 Port QoS [fex-qos] 12 0 0 2
FEX IPV6 Port QoS [fex-ipv6-qos] 13 0 0 2
FEX MAC Port QoS [fex-mac-qos] 14 0 0 2
IPV4 VACL [vacl] 15 512 512 1
IPV6 VACL [ipv6-vacl] 16 0 0 2
MAC VACL [mac-vacl] 17 0 0 2
IPV4 VLAN QoS [vqos] 18 0 0 2
IPV6 VLAN QoS [ipv6-vqos] 19 0 0 2
MAC VLAN QoS [mac-vqos] 20 0 0 2
IPV4 RACL [racl] 21 1024 512 1
IPV6 RACL [ipv6-racl] 22 0 0 2
IPV4 Port QoS Lite [qos-lite] 61 0 0 1
FEX IPV4 Port QoS Lite [fex-qos-lite] 62 0 0 1
IPV4 VLAN QoS Lite [vqos-lite] 63 0 0 1
IPV4 L3 QoS Lite [l3qos-lite] 64 0 0 1
IPV4 L3 QoS [l3qos] 37 0 0 2
IPV6 L3 QoS [ipv6-l3qos] 38 0 0 2
MAC L3 QoS [mac-l3qos] 39 0 0 2
Ingress System 1 2048 256 2
SPAN [span] 2 3584 256 1
Ingress COPP [copp] 40 2560 256 2
Ingress Flow Counters [flow] 43 0 0 1
Ingress SVI Counters [svi] 45 0 0 1
Redirect [redirect] 46 1536 512 1
NS IPV4 Port QoS [ns-qos] 47 0 0 1
NS IPV6 Port QoS [ns-ipv6-qos] 48 0 0 2
NS MAC Port QoS [ns-mac-qos] 49 0 0 1
NS IPV4 VLAN QoS [ns-vqos] 50 0 0 1
NS IPV6 VLAN QoS [ns-ipv6-vqos] 51 0 0 2
NS MAC VLAN QoS [ns-mac-vqos] 52 0 0 1
NS IPV4 L3 QoS [ns-l3qos] 53 0 0 1
NS IPV6 L3 QoS [ns-ipv6-l3qos] 54 0 0 2
NS MAC L3 QoS [ns-mac-l3qos] 55 0 0 1
VPC Convergence [vpc-convergence] 57 4096 256 1
----------------------------------------------------------------------
* - allocated 512 entry slice due to unavailability of 256 entry slices
----------------------------------------------------------------------
Total: 4096

----------------------------------------------------------------------
Egress
----------
Region GID Base Size Width
----------------------------------------------------------------------
Egress IPV4 VACL [vacl] 31 4352 512 1
Egress IPV6 VACL [ipv6-vacl] 32 0 0 2
Egress MAC VACL [mac-vacl] 33 0 0 2
Egress IPV4 RACL [e-racl] 34 4864 256 1
Egress IPV6 RACL [e-ipv6-racl] 35 0 0 2
Egress System 24 3840 256 1
Egress Flow Counters [e-flow] 44 0 0 1
----------------------------------------------------------------------
Total: 1024

----------------------------------------------------------------------

----------------------------------------------------------------------
INSTANCE 1 TCAM Region Information:
----------------------------------------------------------------------
Ingress:
----------
Region GID Base Size Width
----------------------------------------------------------------------
IPV4 PACL [ifacl] 3 0 0 1
IPV6 PACL [ipv6-ifacl] 4 0 0 2
MAC PACL [mac-ifacl] 5 0 0 2
IPV4 Port QoS [qos] 6 0 0 2
IPV6 Port QoS [ipv6-qos] 7 0 0 2
MAC Port QoS [mac-qos] 8 0 0 2
FEX IPV4 PACL [fex-ifacl] 9 0 0 1
FEX IPV6 PACL [fex-ipv6-ifacl] 10 0 0 2
FEX MAC PACL [fex-mac-ifacl] 11 0 0 2
FEX IPV4 Port QoS [fex-qos] 12 0 0 2
FEX IPV6 Port QoS [fex-ipv6-qos] 13 0 0 2
FEX MAC Port QoS [fex-mac-qos] 14 0 0 2
IPV4 VACL [vacl] 15 0 0 1
IPV6 VACL [ipv6-vacl] 16 0 0 2
MAC VACL [mac-vacl] 17 0 0 2
IPV4 VLAN QoS [vqos] 18 0 0 2
IPV6 VLAN QoS [ipv6-vqos] 19 0 0 2
MAC VLAN QoS [mac-vqos] 20 0 0 2
IPV4 RACL [racl] 21 0 0 1
IPV6 RACL [ipv6-racl] 22 0 0 2
IPV4 Port QoS Lite [qos-lite] 61 0 0 1
FEX IPV4 Port QoS Lite [fex-qos-lite] 62 0 0 1
IPV4 VLAN QoS Lite [vqos-lite] 63 0 0 1
IPV4 L3 QoS Lite [l3qos-lite] 64 0 0 1
IPV4 L3 QoS [l3qos] 37 0 0 2
IPV6 L3 QoS [ipv6-l3qos] 38 0 0 2
MAC L3 QoS [mac-l3qos] 39 0 0 2
Ingress System 1 0 0 2
SPAN [span] 2 0 0 1
Ingress COPP [copp] 40 0 0 2
Ingress Flow Counters [flow] 43 0 0 1
Ingress SVI Counters [svi] 45 0 0 1
Redirect [redirect] 46 0 0 1
NS IPV4 Port QoS [ns-qos] 47 320 256 1
NS IPV6 Port QoS [ns-ipv6-qos] 48 0 0 2
NS MAC Port QoS [ns-mac-qos] 49 0 0 1
NS IPV4 VLAN QoS [ns-vqos] 50 576 256 1
NS IPV6 VLAN QoS [ns-ipv6-vqos] 51 0 0 2
NS MAC VLAN QoS [ns-mac-vqos] 52 0 0 1
NS IPV4 L3 QoS [ns-l3qos] 53 64 256 1
NS IPV6 L3 QoS [ns-ipv6-l3qos] 54 0 0 2
NS MAC L3 QoS [ns-mac-l3qos] 55 0 0 1
VPC Convergence [vpc-convergence] 57 0 0 1
----------------------------------------------------------------------
Total: 768

----------------------------------------------------------------------
Egress
----------
Region GID Base Size Width
----------------------------------------------------------------------
Egress IPV4 VACL [vacl] 31 0 0 1
Egress IPV6 VACL [ipv6-vacl] 32 0 0 2
Egress MAC VACL [mac-vacl] 33 0 0 2
Egress IPV4 RACL [e-racl] 34 0 0 1
Egress IPV6 RACL [e-ipv6-racl] 35 0 0 2
Egress System 24 0 0 1
Egress Flow Counters [e-flow] 44 0 0 1
----------------------------------------------------------------------
Total: 0

----------------------------------------------------------------------