Solved: QOS on 7604

qussay · ‎12-04-2011

Hello ,

I have problem with QOS and applied service policy to sub interfaces . I have a 7604 with supervisor engine 720 . about 700 subinterface configured on the router and for each subinterface there is an egress service policy at appllied . the problem is the router didn't limiting the traffic of all subinterfaces when we check the sh mls qos ip egress output we found that many subinterfaces have no agg id check below :

Gi2/4.2416 1 Out class-defa 0 504 -- 0 62869 0

Gi2/4.2416 1 Out class-defa 0 505 -- 0 12521 0

Gi2/4.2416 1 Out class-defa 0 506 -- 0 4992 0

Gi2/4.2417 1 Out class-defa 0 507 -- 0 9015 0

Gi2/4.2417 1 Out class-defa 0 508 -- 0 19420 0

Gi2/4.2417 1 Out class-defa 0 509 -- 0 75802 0

Gi2/4.2417 1 Out class-defa 0 510 -- 0 2304 0

Gi2/4.2417 1 Out class-defa 0 511 -- 0 88616 0

Gi2/4.2418 1 Out class-def 0 F -- 0

it seems that the router only limiting 512 subinterface . at same time the sh tcam counts output didn't show any problem .

Router#sh tcam count

Used Free Percent Used Reserved

---- ---- ------------ --------

Labels:(in) 8 4088 0

Labels:(eg) 512 3584 12

ACL_TCAM

--------

Masks: 13 4083 0 72

Entries: 63 32705 0 576

QOS_TCAM

--------

Masks: 647 3449 15 18

Entries: 5135 27633 15 144

any one familaier with such problem ?? .

Regards .

Richard Michael · ‎12-05-2011

Hello,

Are you trying to apply all the interfaces with the same service policy?

would it be possible for you to upgrade the IOS to SXI or SXJ versions?

Do you use class default in your configurations? please post the full configurations of class-map/service-policy attached in a file.

Assuming if you have class-default configurations in your service-policy,

For IPv6 interfaces each time you reserve a label you must reserve 8 labels which limits ipv6 label to 512.

Also for a class-default configs it will install entry match all for all protocol bucket (ipv4, ipv6, mpls and other).

You may want to try not to use class-default but try using a class with a match on acl that permit ip any any, to see if it makes a difference.

Another option is the following :

when you apply a service-policy to an interface by default it assume it is a policer and reseve an aggregate id policer.

We can't share label if we have a differnet agg id. So if you apply the same policy-map to 100 interface you are copying 100 times your ACL in hardware. With the below policer you are not using any policing but only marking, so you can configure the following in global mode :

no mls qos marking statistics

This will make all interface with same policy-map to share the same agg id and spare a lot of tcam space. However this is done at the cost of policy statis. As all int will use same hardware id, we won't have separate qos stat per interface.

Let me know how this goes

Thanks,

Richard

View solution in original post

Richard Michael · ‎12-04-2011

Hello,

Can you provide me the output of the show platform hardware capacity qos command?

I understand that you use sup 720 is it a 3B flavor or 3BXL? please specify, sh mod would be great

Any Error messages in the switch(show log would show you if any)

Do you use IPv6 in your setup?

Let me know the answers inline to proceed further...

In case if you have trust or set command you can try increasing the support by adding "no mls qos marking statistics" this is used to avoid consumption of aggregate pid's for set/trust commands.

Thanks,

Richard

qussay · ‎12-05-2011

Dear Richards ,

First of all thanks for following up , I really appreciate that .

Regarding information requested currently the 720 is 3B flavored check the sh mod output below :

Router#sh mod

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

1 2 Supervisor Engine 720 (Active) WS-SUP720-3BXL SAL09337S5B

2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAD114102TJ

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

1 0013.7f0a.d57c to 0013.7f0a.d57f 4.3 8.5(2) 12.2(33)SRB7 Ok

2 001d.45f9.0ee2 to 001d.45f9.0f11 2.6 12.2(14r)S5 12.2(33)SRB7 Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ ----------- ------- -------

1 Policy Feature Card 3 WS-F6K-PFC3BXL SAL09337GC8 1.6 Ok

1 MSFC3 Daughterboard WS-SUP720 SAL09337GEX 2.3 Ok

2 Distributed Forwarding Card WS-F6700-DFC3B SAD1140003C 4.6 Ok

Mod Online Diag Status

---- -------------------

1 Pass

2 Pass

Router#

When i applied service-policy to new sub-interfaces the below error appear :

02:42:18: %QM-4-TCAM_LABEL: Hardware TCAM label capacity exceeded

I didn't use IPv6 and didn't use trust or set commands on any router interfaces , also the QOS marking is already disabled .

you can check the output of sh platform hardware capacity QOS below :

Router#sh platform hardware capacity qos

QoS Policer Resources

Aggregate policers: Module Total Used %Used

1 1024 658 64%

2 1024 658 64%

Microflow policer configurations: Module Total Used %Used

1 64 1 1%

2 64 1 1%

also check the output of sh fm summery below :

Interface: GigabitEthernet2/3.22004 is up

TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22005 is up

TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22006 is up

TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22008 is up

TCAM screening for features: ACTIVE inbound

is it normal that TCAM screening is only active on inbound ?

also if it is importnant to know the currently running image which is: c7600s72033-adventerprisek9-mz.122-33.SRB7.bin

It was choosen based on cisco software advisor .

Regards .

Richard Michael · ‎12-05-2011

Hello,

Are you trying to apply all the interfaces with the same service policy?

would it be possible for you to upgrade the IOS to SXI or SXJ versions?

Do you use class default in your configurations? please post the full configurations of class-map/service-policy attached in a file.

Assuming if you have class-default configurations in your service-policy,

For IPv6 interfaces each time you reserve a label you must reserve 8 labels which limits ipv6 label to 512.

Also for a class-default configs it will install entry match all for all protocol bucket (ipv4, ipv6, mpls and other).

You may want to try not to use class-default but try using a class with a match on acl that permit ip any any, to see if it makes a difference.

Another option is the following :

when you apply a service-policy to an interface by default it assume it is a policer and reseve an aggregate id policer.

We can't share label if we have a differnet agg id. So if you apply the same policy-map to 100 interface you are copying 100 times your ACL in hardware. With the below policer you are not using any policing but only marking, so you can configure the following in global mode :

no mls qos marking statistics

This will make all interface with same policy-map to share the same agg id and spare a lot of tcam space. However this is done at the cost of policy statis. As all int will use same hardware id, we won't have separate qos stat per interface.

Let me know how this goes

Thanks,

Richard

qussay · ‎12-09-2011

Dear Richard

You were right about the using of class-defualt , when remove the class-defualt from the policy-map and add another class to match ip any any the problem solved ,

So for final review the class-defualt match all protocols even ipv6 and as long as the router will reserve 8 lebel for ipv6 that will limit the aggregate ID to 512 , which is normally must be about 4k .

Thanks you for follwoing up with me I really aprciate your help .