Re: QOS marking policy doesn't match on N7K

gilou_1973 · ‎08-13-2012

Hello

I have a pair of Nexus 7K's running 6.0(1).

I have a handful of edge devices (Blades switches, CAtalyst switches)that I need to mark ingress traffic.

I've created and attached a very simple policy to the port-channel and noting matches in the Policy.

It's confirmed further in the backbone when I capture the traffic, the datas are still marked to default.

Here under is my configuration:

policy-map type qos test

class test

set dscp cs2

class-map type qos match-any test

match access-group name test

IP access list test

10 permit tcp any any eq telnet

20 permit tcp any eq telnet any

interface port-channel14

description C2960-N-60.riziv.be

switchport

switchport mode trunk

switchport trunk allowed vlan 1,11-12,14-15,40,90

spanning-tree guard root

mac packet-classify

service-policy type qos input test

vpc 14

layer2-switched flow monitor v9_l2_standard input

Nexus_1# sh policy-map int po 14 type qos

Global statistics status : enabled

port-channel14

Service-policy (qos) input: test

SNMP Policy Index: 285216008

Class-map (qos): test (match-any)

Aggregate forwarded :

0 packets 0 bytes

Match: access-group test

0 packets

set dscp cs2

I've generated traffic but as you can see packet counters remains null.

Any idea about my mistake?

By advance thanks

Jerry Ye · ‎08-13-2012

Did you put the QoS policy on both vPC peering switches??? Traffic might hit the other switch through the other vPC.

I tested this in my lab switch and the counter is increaming correctly for me. I am running 5.2(4) right now.

Regards,

jerry

gilou_1973 · ‎08-13-2012

Hello Jerry,

Yes, absolutely I've put the QOS on both N7K.

Do you think that it can be linked to the Line Card module.

I've set it on a M148GT-11 card.

I'm going to test it on another line card and give you a feedback.

Another questions:

- When you do a " sh policy-map int po xx type qos", do you see matches ?

- Do you also have two input policies on your port, a queuing policy (the default one) and a qos policy?

Regards

Gildas

port-channel14

Service-policy (qos) input: test

SNMP Policy Index: 285216008

Class-map (qos): test (match-any)

Aggregate forwarded :

0 packets 0 bytes

Match: access-group test

0 packets

set dscp cs2

Service-policy (queuing) input: default-in-policy

SNMP Policy Index: 301992025

Class-map (queuing): in-q1 (match-any)

queue-limit percent 50

bandwidth percent 80

queue dropped pkts : 0

Class-map (queuing): in-q-default (match-any)

queue-limit percent 50

bandwidth percent 20

queue dropped pkts : 0

gilou_1973 · ‎08-14-2012

Hello Jerry,

I've just tested on another line card, model

N7K-M148GS-11L

Same way, marking doesn't work.

Regards

Gildas

Jerry Ye · ‎08-14-2012

Can you ask how did you do your test?

Regards,

jerry

Jerry Ye · ‎08-14-2012

I just realized the problem.

interface port-channel14

description C2960-N-60.riziv.be

switchport

switchport mode trunk

switchport trunk allowed vlan 1,11-12,14-15,40,90

spanning-tree guard root

mac packet-classify <<<<< This is what causing it

service-policy type qos input test

vpc 14

layer2-switched flow monitor v9_l2_standard input

I know you might need the mac packet-classify for other feature, like L2 netflow. My test doesn't have this on and it is working for me. If you removed that, it should be able to classify packets.

Regards,

jerry

gilou_1973 · ‎08-15-2012

Hello Jeye,

You're right Jeye.

I removed it from the interface and I can see matches in my qos policy.

And i's confirmed by packet capture, packets are well marked.

Does it mean that Netflow work no more for this interface?

Thanks a lot for your help.

Regards

Gildas

Jerry Ye · ‎08-16-2012

Yes, since your NetFlow is L2 based. All L2 based traffic classification needs to use the mac packet-classify to make it to work. This includes L2 NF, L2 VLAN filters (VACL), etc.

HTH,

jerry