How do I use "match input-interface" in IOS XR (QoS bandwidth limiting)

gnk195133 · ‎01-17-2020

I want to limit downstream internet bandwidth for each customer. But need separate inter and domestic traffic.

And within a customer, all hosts will be share bandwidth together.

Everything looks good in my lab with this configuration below because my router in lab is IOS not IOS XR.

ip access-list extended acl_cust1_dl
 permit ip any 10.1.1.0 0.0.0.255

class-map match-all class_cust1_inter_dl
 match access-group name acl_cust1_dl
 match input-interface GigabitEthernet0/1
class-map match-all class_cust1_domestic_dl
 match access-group name acl_cust1_dl
 match input-interface GigabitEthernet0/4

policy-map policy_cust1_inter_dl_child
 class class_cust1_inter_dl
  bandwidth percent 99
policy-map policy_cust1_domestic_dl_child
 class class_cust1_domestic_dl
  bandwidth percent 99

policy-map policy_physical_dl
 class class_cust1_inter_dl
  shape average 100m
   service-policy policy_cust1_inter_dl_child
 class class_cust1_domestic_dl
  shape average 900m
   service-policy policy_cust1_domestic_dl_child

interface GigabitEthernet0/3
 service-policy output policy_physical_dl

BUT in my production I used ASR9K that doesn't support "match input-interface" in class-map.

Can anyone help me please?

Thanks in advance.

Muhammad Awais Khan · ‎01-17-2020

Hi,

As long as you are matching customers network based on the network address, you really don't need to put match input-interface command.

so for your configuration, below will be enough to match the traffic.

class-map match-all class_cust1_inter_dl
match access-group name acl_cust1_dl

Test it, it should be working fine for sure.

gnk195133 · ‎01-17-2020

Thanks for reply, but I think your suggestion without match input-interface will not work for me.

Without match input-interface we cannot classify that which is inter or domestic traffic.

Do not forget: In this scenario, inter and domestic traffic are not equal in bandwidth limiting.

So I'm here to ask someone about solution that replace the match input-interface.

Muhammad Awais Khan · ‎01-17-2020

Hi,

As you aware, match input-interface command is not available with ASR9K as mentioned in below QOS command reference guide

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-0/qos/command/reference/qr40asr9k_chapter1.html

You have still multiple options available like matching the traffic based on ACL where source and destination defined for each customer or you can use DSCP taggings where you can set the tag on the interfaces gi0/1 and gi0/4 with unique values like 10 or 12 for the traffic for domestic and internet and later use these tags for policing on gi0/3.

example config using DSCP Tags

class-map match-any class-cust1-dscptag
match access-group name acl_cust1_dl
!
policy-map policy_cust1_inter_dscptag
class class-cust1-dscptag
set dscp 10

!

policy-map policy_cust1_domes_dscptag
class class-cust1-dscptag
set dscp 12

interface gi0/1
service-policy input policy_cust1_inter_dscptag

interface gi0/4
service-policy input policy_cust1_domes_dscptag

!

class-map match-all class_cust1_inter_dl
match access-group name acl_cust1_dl
match dscp ipv4 10

!

class-map match-all class_cust1_domestic_dl
match access-group name acl_cust1_dl
match dscp ipv4 12

!

policy-map policy_cust1_inter_dl_child
class class_cust1_inter_dl
bandwidth percent 99

policy-map policy_cust1_domestic_dl_child
class class_cust1_domestic_dl
bandwidth percent 99