cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1844
Views
0
Helpful
4
Replies

QOS on 7604

qussay
Level 1
Level 1

Hello ,

I have problem with QOS and applied service policy to sub interfaces . I have a 7604 with supervisor engine 720 . about 700 subinterface configured on the router and for each subinterface there is an egress service policy at appllied . the problem is the router didn't limiting the traffic of all subinterfaces when we check the sh mls qos ip egress output we found that many subinterfaces have no agg id check below :

Gi2/4.2416  1 Out class-defa    0  504     --  0          62869              0

Gi2/4.2416  1 Out class-defa    0  505     --  0          12521              0

Gi2/4.2416  1 Out class-defa    0  506     --  0           4992              0

Gi2/4.2417  1 Out class-defa    0  507     --  0           9015              0

Gi2/4.2417  1 Out class-defa    0  508     --  0          19420              0

Gi2/4.2417  1 Out class-defa    0  509     --  0          75802              0

Gi2/4.2417  1 Out class-defa    0  510     --  0           2304              0

Gi2/4.2417  1 Out class-defa    0  511     --  0          88616              0

Gi2/4.2418  1 Out class-def  0    F     --    0

Gi2/4.2418  1 Out class-def  0    F     --    0

Gi2/4.2418  1 Out class-def  0    F     --    0

Gi2/4.2418  1 Out class-def  0    F     --    0

Gi2/4.2418  1 Out class-def  0    F     --    0

it seems that the router only limiting 512 subinterface . at same time the sh tcam counts output didn't show any problem .

Router#sh tcam count

           Used        Free        Percent Used       Reserved

           ----        ----        ------------       --------

Labels:(in)  8        4088            0

Labels:(eg) 512        3584           12

ACL_TCAM

--------

  Masks:     13        4083            0                    72

Entries:     63       32705            0                   576

QOS_TCAM

--------

  Masks:    647        3449           15                    18

Entries:   5135       27633           15                   144

any one familaier with such problem ?? .

Regards .

1 Accepted Solution

Accepted Solutions

Hello,

Are you trying to apply all the interfaces with the same service policy?

would it be possible for you to upgrade the IOS to SXI or SXJ versions?

Do you use class default in your configurations? please post the full configurations of class-map/service-policy attached in a file.

Assuming if you have class-default configurations in your service-policy,

For IPv6 interfaces each time you reserve a label you must reserve 8 labels which limits ipv6 label to 512.

Also for a class-default configs it will install entry match all for all protocol bucket (ipv4, ipv6, mpls and other).

You may want to try not to use class-default but try using  a class with a match on acl that permit ip any any, to see if it makes a difference.

Another option is the following :

when you apply a service-policy to an interface by default it assume it is a policer and reseve an aggregate id policer.

We can't share label  if we have a differnet agg id. So if you apply the same policy-map to 100 interface you are copying 100 times your ACL in hardware. With the below policer you are not using any policing but only marking, so you can configure the following in global mode :

no mls qos marking statistics

This will make all interface with same policy-map to share the same agg id and spare a lot of tcam space. However this is done at the cost of policy statis. As all int will use same hardware id, we won't have separate qos stat per interface.

Let me know how this goes

Thanks,

Richard

View solution in original post

4 Replies 4

Richard Michael
Cisco Employee
Cisco Employee

Hello,

Can you provide me the output of the show platform hardware capacity qos command?

I understand that you use sup 720 is it a 3B flavor or 3BXL? please specify, sh mod would be great

Any Error messages in the switch(show log would show you if any)

Do you use IPv6 in your setup?

Let me know the answers inline to proceed further...

In case if you have trust or set command you can try increasing the support by adding "no mls qos marking statistics" this is used to avoid consumption of aggregate pid's for set/trust commands.

Thanks,

Richard

Dear Richards ,

First of all thanks for following up , I really appreciate that .

Regarding information requested currently the 720 is 3B flavored check the sh mod output below :

Router#sh mod

Mod Ports Card Type                              Model              Serial No.

--- ----- -------------------------------------- ------------------ -----------

  1    2  Supervisor Engine 720 (Active)         WS-SUP720-3BXL     SAL09337S5B

  2   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAD114102TJ

Mod MAC addresses                       Hw    Fw           Sw           Status

--- ---------------------------------- ------ ------------ ------------ -------

  1  0013.7f0a.d57c to 0013.7f0a.d57f   4.3   8.5(2)       12.2(33)SRB7 Ok

  2  001d.45f9.0ee2 to 001d.45f9.0f11   2.6   12.2(14r)S5  12.2(33)SRB7 Ok

Mod  Sub-Module                  Model              Serial       Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  1  Policy Feature Card 3       WS-F6K-PFC3BXL     SAL09337GC8  1.6    Ok

  1  MSFC3 Daughterboard         WS-SUP720          SAL09337GEX  2.3    Ok

  2  Distributed Forwarding Card WS-F6700-DFC3B     SAD1140003C  4.6    Ok

Mod  Online Diag Status

---- -------------------

  1  Pass

  2  Pass

Router#

When i applied service-policy to new sub-interfaces the below error appear :

02:42:18: %QM-4-TCAM_LABEL: Hardware TCAM label capacity exceeded

02:42:18: %QM-4-TCAM_LABEL: Hardware TCAM label capacity exceeded

I didn't use IPv6 and didn't use trust or set commands on any router interfaces , also the QOS marking is already disabled .

you can check the output of sh platform hardware capacity QOS below :

Router#sh platform hardware capacity qos

QoS Policer Resources

  Aggregate policers: Module                      Total         Used     %Used

                      1                            1024          658       64%

                      2                            1024          658       64%

  Microflow policer configurations: Module        Total         Used     %Used

                                    1                64            1        1%

                                    2                64            1        1%

also check the output of sh fm summery below :

Interface: GigabitEthernet2/3.22004 is up

  TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22005 is up

  TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22006 is up

  TCAM screening for features: ACTIVE inbound

Interface: GigabitEthernet2/3.22008 is up

  TCAM screening for features: ACTIVE inbound

is it normal that TCAM screening is only active on inbound ?

also if it is importnant to know the currently running image which is: c7600s72033-adventerprisek9-mz.122-33.SRB7.bin

It was choosen based on cisco software advisor .

Regards .

Hello,

Are you trying to apply all the interfaces with the same service policy?

would it be possible for you to upgrade the IOS to SXI or SXJ versions?

Do you use class default in your configurations? please post the full configurations of class-map/service-policy attached in a file.

Assuming if you have class-default configurations in your service-policy,

For IPv6 interfaces each time you reserve a label you must reserve 8 labels which limits ipv6 label to 512.

Also for a class-default configs it will install entry match all for all protocol bucket (ipv4, ipv6, mpls and other).

You may want to try not to use class-default but try using  a class with a match on acl that permit ip any any, to see if it makes a difference.

Another option is the following :

when you apply a service-policy to an interface by default it assume it is a policer and reseve an aggregate id policer.

We can't share label  if we have a differnet agg id. So if you apply the same policy-map to 100 interface you are copying 100 times your ACL in hardware. With the below policer you are not using any policing but only marking, so you can configure the following in global mode :

no mls qos marking statistics

This will make all interface with same policy-map to share the same agg id and spare a lot of tcam space. However this is done at the cost of policy statis. As all int will use same hardware id, we won't have separate qos stat per interface.

Let me know how this goes

Thanks,

Richard

Dear Richard

You were right about the using of class-defualt , when remove the class-defualt from the policy-map and add another class to match ip any any the problem solved ,

So for final review the class-defualt match all protocols even ipv6 and as long as the router will reserve 8 lebel for ipv6 that will limit the aggregate ID to 512 , which is normally must be about 4k .

Thanks you for follwoing up with me I really aprciate your help .

Review Cisco Networking for a $25 gift card