09-10-2012 06:35 PM - edited 03-07-2019 08:48 AM
I've been testing some QoS policies, and I have not been able to make a type QoS policy work in the outbound direction.
Simple example:
ip access-list QOS-VOICE
10 permit ip any 10.120.11.0/24
20 permit ip 10.120.11.0/24 any
class-map type qos match-any IN-VOICE
description Voice/VoIP/IPT
match access-group name QOS-VOICE
policy-map type qos IN-MARKING
description Inbound classification/marking policy for trust boundaries.
class IN-VOICE
set dscp 46
For my scenario, some ping traffic passes from a remote device inbound through e2/9 on 7K1 to an interface on 7K1, then the return packet is sent out e2/10 on 7K1, and then through 7K2 back to the remote device. When I appy the policy inbound to 7K1 e2/9, the traffic is marked when received on 7K2, and it shows up on the policy map for the interface:
7K1(config-if)# sh pol int e2/9
Global statistics status : enabled
Ethernet2/9
Service-policy (qos) input: IN-MARKING
SNMP Policy Index: 285212997
Class-map (qos): IN-VOICE (match-any)
Slot 2
35 packets 4130 bytes
5 minute offered rate 0 bps
Aggregate forwarded :
35 packets 4130 bytes
Match: access-group QOS-VOICE
35 packets
set dscp 46
. . .
However, when I apply the same policy outbound on e2/10 on 7K1, the traffic is NOT marked when it is received at 7K2, and does not appear on the policy map for the interface:
7K1(config-if)# sh pol int e2/10
Global statistics status : enabled
Ethernet2/10
. . .
Service-policy (qos) output: IN-MARKING
SNMP Policy Index: 285213001
Class-map (qos): IN-VOICE (match-any)
Aggregate forwarded :
0 packets
Match: access-group QOS-VOICE
0 packets
set dscp 46
. . .
The 7Ks are running NX-OS 5.2(4).
Just wondering - has any one got an outbound qos policy to work on a N7K?
09-12-2012 10:39 AM
fwiw, here is a summary of my test process:
http://www.netcraftsmen.net/resources/blogs/testing-egress-marking-in-nx-os-qos.html
09-18-2012 07:32 PM
Update - I did determine outbound policy maps work - IF you are not sourcing the traffic from the local device that has the outbound policy. Sigh.
The original test described above was flawed in that 7K1 was trying to mark traffic sourced from it's own SVI (this was the return ping traffic.) When I updated the test and applied the policy to traffic not sourced from the same device, the outbound policy maps worked fine.
fwiw, here is a summary of my second test process:
http://www.netcraftsmen.net/resources/blogs/testing-egress-marking-in-nx-os-qos-part-2.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide