cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

286
Views
5
Helpful
5
Replies
Highlighted
Beginner

QoS configuration - set and markdown in one map

Hello,

 

I'm not sure how to proceed with my problem, probabely I my idea is wrong, because I didn't found any examples of such confiugration, but then, what is the right way?

 

I'm going to classify traffic from untrusted source. So for example I would set AF21 for a specific application, that matches ACL21. But if the traffic exeeds CIR, I'm going to mark down to AF22 and if the traffic exeeds PIR, then to AF23.

Incoming packets have a DSCP value of 0, so I have in any case to set an AF value.

So what I did:

ip access-list extended ACL-AF21
 permit tcp any range 50040 50059 any range 40803 49151
 permit udp any range 50040 50059 any range 40803 49151
class-map match-any CM-AF2x 
 match access-group name ACL-AF21
policy-map MARK2x
  class CM-AF2x
  police cir percent 10 pir percent 20 be 200 ms
   conform-action transmit
   exceed-action set-dscp-transmit af22
   violate-action set-dscp-transmit af23
  set dscp af21
end

Can it work as I expect, to set AF21 for all packets <= 10% BW, AF22 for all packets <= 20% BW and AF23 for all other packts? Will it first set AF21 and then run two-rate three color policer?

 

At the end, I'm going to use an egress policy, with DSCP based WRED and queue-limits for AF2x; but to first of all, I have to mark incoming packets with AF2x values.

 

May be it is better to mark all traffic matching ACL-AF21 with AF21 and then set in the output policy:

class-map match-any CM-AF21
match dscp AF21

policy-map OUTPUT class CM-AF21 police cir percent 10 pir percent 20 be 200 ms conform-action transmit exceed-action set-dscp-transmit af22 violate-action set-dscp-transmit af23 bandwidth remaining percent 10 queue-limit dscp af21 percent 100 queue-limit dscp af22 percent 90 queue-limit dscp af23 percent 80 queue-buffers ratio 10 end

could it be the better way?

btw. I just noticed, that cat3650 doesn't offer "random-detect dscp" command in policy map configuration menu - is there another way to adjust WRED?

p-man-config.PNG

 

What is the better way to achive my goal?

 

Thanks

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: QoS configuration - set and markdown in one map

Hello,

 

thanks for answers, the solution was an update to version 16 (everest), there is possible to set "conform-action set-dscp-transmit <value>"

 

 

5 REPLIES 5
VIP Expert

Re: QoS configuration - set and markdown in one map

I'm unsure where that policy will work as desired. The conform portion doesn't also offer a set-transmit option?

If it doesn't work as desired, can you use an ingress policy to mark all traffic in that class to AF21, allowing the policer to down mark the overrate traffic?
Beginner

Re: QoS configuration - set and markdown in one map

Hi,

 

unfortunately not, cat3650/3850 just offers transmit as confirm action

confirm-action.PNG


@Joseph W. Doherty wrote:
If it doesn't work as desired, can you use an ingress policy to mark all traffic in that class to AF21, allowing the policer to down mark the overrate traffic?

I just added a second possibility to my initial post - do you mean this option? It is possible, but I'm also there not sure, if it work like this.

will queue limits applay, to differentiate between AF21, 22 and 23? (apparantly WRED is not available, so only tail drop is possible - isn't it?)

VIP Expert

Re: QoS configuration - set and markdown in one map

I believe what the bandwidth percentages are doing is setting a WTD which would only take effect when the egress queues starts to overflow. Also unsure whether packets need the correct AF markings before entering egress or whether those set by the policer would also be processed. BTW, the WTD is one aspect of WRED, is basically the same at the final threshold value, i.e. no percentage drop before it's reached, also (again) it would require actual queue congestion.

What I was suggesting was in ingress policy to set all class AF2x to AF21, then allowing the egress policy to down mark if some traffic is overrate. I.e. I'm not sure whether traffic that conforms to the policer would get the AF21 marking.
Beginner

Re: QoS configuration - set and markdown in one map

Hello,

 

thanks for answers, the solution was an update to version 16 (everest), there is possible to set "conform-action set-dscp-transmit <value>"

 

 

VIP Expert

Re: QoS configuration - set and markdown in one map

Ah, so a later version does support the set option with conform. Nice to know.
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards