Re: Show Policy-map interface

Lee Smitherman · ‎09-19-2020

Hi,

I am trying to verify if QOS is working correctly on my switch. It have a QOS policy applied on all Interfaces and an input direction. I have two interfaces that are up which are trunk links which also have the same Policy applied inwards, the rest of the interfaces are down

If I run a #Show Policy-map interface x input

command on the trunk link with the relevent interesting traffic coming in, I can see the counters in the above policy for that class increasing(being marked with a COS Value of 5)

If I run the same command on a down interface, I can see the exact same counters increasing!!!

So does the #Show Policy-map interface command reflect the policy/class hits globally on the switch or just for interface, as my testing suggests globally.

Lee

balaji.bandi · ‎09-20-2020

At the moment we are not sure about the increasing value on your environment, to assess better can you post relevant config and output of the increasing value you have observed.

Technically if the interface down it should not see any counters increased if the configuration is done correctly.

or this could be a bug - please post device information and show version.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Lee Smitherman · ‎09-20-2020

Hi, sure, please see below...

class-map match-all Real_Time_Ingress
match access-group name Real_Time_Ingress
class-map match-all Critical_Ingress
match access-group name Critical_Ingress
class-map match-all Transactional_Ingress
match access-group name Transactional_Ingress
class-map match-all Best_Effort_Ingress
match access-group name Best_Effort_Ingress
class-map match-all Real_Time_Egress
match cos 5
class-map match-all Critical_Egress
match cos 3 4
class-map match-all Transactional_Egress
match cos 1 2
class-map match-all Best_Effort_Egress
match cos 0

policy-map QoS_In
class Real_Time_Ingress
set cos 5
class Critical_Ingress
set cos 3
class Transactional_Ingress
set cos 1
class Best_Effort_Ingress
set cos 0

policy-map QoS_Out
class Real_Time_Egress
priority level 1 percent 40
class Critical_Egress
priority level 2 percent 30
class Transactional_Egress
bandwidth percent 20
class Best_Effort_Egress
bandwidth percent 10

ip access-list extended Real_Time_Ingress
remark HSRP
10 permit udp any any eq 1985
remark Rockwell-csp2
20 permit udp any any eq 2222
etc...

ip access-list extended Critical_Ingress
remark ada-cip
10 permit tcp any any eq 2085
remark asa-appl-proto
20 permit tcp any any eq 502
etc...

ip access-list extended Transactional_Ingress
remark documentum
10 permit udp any any eq 10002
remark undefined
20 permit udp any any eq 24576
etc...

ip access-list extended Best_Effort_Ingress
10 permit ip any any

For brevity..

int range gi 1/0/1 - 24

service-policy input QoS_In

service-policy output QoS_Out

int gi 1/1/2

service-policy input QoS_In

service-policy output QoS_Out

shut

int gi 1/1/3

service-policy input QoS_In

service-policy output QoS_Out

no shut

Counters cleared and traffic generated with destination TCP Port 502

show policy-map interface gi 1/1/3 in class Critical_Ingress
GigabitEthernet1/1/3

Service-policy input: QoS_In

Class-map: Critical_Ingress (match-all)
27134 packets
Match: access-group name Critical_Ingress
QoS Set
cos 3

show policy-map interface gi 1/1/2 in class Critical_Ingress
GigabitEthernet1/1/2

Service-policy input: QoS_In

Class-map: Critical_Ingress (match-all)
27134 packets
Match: access-group name Critical_Ingress
QoS Set
cos 3

As you can see, even the down Interface seem to be incrementing counters.

Lee

Giuseppe Larosa · ‎09-21-2020

Hello @Lee Smitherman ,

can you post

show version

you haven't provided the switch model and IOS / IOS XE version running on it.

You can easily find out what is happening by creating two additional QoS policy-maps to be applied to a down interface.

Their counters should stay at zero.

Hope to help

Giuseppe

Lee Smitherman · ‎09-21-2020

Hi,

Just found the issue to be related to the following

policy-map QoS_Out
class Real_Time_Egress
priority level 1 percent 40
class Critical_Egress
priority level 2 percent 30
class Transactional_Egress
bandwidth percent 20
class Best_Effort_Egress
bandwidth percent 10

As soon as I removed the Percent 40 and Percent 30 from the respective priority levels all the ghosting of stats on down interfaces as well as output drops even when there was no contention and the policy was applied went away.

Final policy looked like this...

policy-map QoS_Out
class Real_Time_Egress
priority level 1
class Critical_Egress
priority level 2
class Transactional_Egress
bandwidth remaining percent 70
class Best_Effort_Egress
bandwidth remaining percent 30

Not sure how or why it fixed it, but glad its working. When I simulated traffic with iPerf the classes behaved as expected.

Lee.

Lee Smitherman · ‎09-21-2020

It was a Cat 9200L

Initially running on 16.9.5, but upgraded to 16.12.04 to try and rule out a bug.

Lee.