Solved: QoS class issue

cscyangyu · ‎06-08-2010

I have a QoS issue. Please help me figure out.

ip access-list extended SILVER-TRAFFIC

permit tcp any 10.0.0.0 0.255.255.255 eq 80

ip access-list extended BRONZE-TRAFFIC

permit tcp any 10.3.115.0 0.0.0.255 eq 80

permit tcp any 10.60.52.0 0.0.0.255 eq 80

class-map match-any SILVER-CLASS

match access-group name SILVER-TRAFFIC

class-map match-any BRONZE-CLASS

match access-group name BRONZE-TRAFFIC

policy-map QOS

class SILVER-CLASS

set dscp cs3

class BRONZE-CLASS

set dscp cs2

class class-default

set dscp default

There are 2 QoS class in this configuration. The ACL (permit tcp any 10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?

Jon Marshall · ‎06-08-2010

cscyangyu wrote:
 There are 2 QoS class in this configuration. The ACL  (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the  Bronze class. Does that means those bronze class  traffic are marked as silver class, instead of Bronze class?

It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.

The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -

policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default

Jon

View solution in original post

Giuseppe Larosa · ‎06-08-2010

Hello Angyu,

your understanding is correct: the order of call of the class-maps counts like in an ACL

you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble

It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic

Hope to help

Giuseppe

View solution in original post

Jon Marshall · ‎06-08-2010

cscyangyu wrote:
 There are 2 QoS class in this configuration. The ACL  (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the  Bronze class. Does that means those bronze class  traffic are marked as silver class, instead of Bronze class?

It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.

The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -

policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default

Jon

Giuseppe Larosa · ‎06-08-2010

Hello Angyu,

your understanding is correct: the order of call of the class-maps counts like in an ACL

you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble

It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic

Hope to help

Giuseppe