04-11-2018 11:09 AM - edited 03-01-2019 03:23 PM
I am transitioning some policy maps in our enviroment from 9k's over to the 5501 ver 6.2.3. I have read the guide located @ https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D
What I am trying to transition is the below class maps:
class-map match-any CLASS_SIG_INGRESS
description Sig Traffic
match dscp cs4
match cos 4
class-map match-any CLASS__RT_INGRESS
description Realtime Traffic
match dscp ef
match cos 5
policy-map PMAP_I
class CLASS_RT_INGRESS
police rate percent 30 peak-rate percent 100
conform-action set qos 5
conform-action set mpls exp imposition 5
exceed-action set qos 1
exceed-action set mpls exp imposition 1
violate-action drop
class CLASS_SIG_INGRESS
police rate percent 10 peak-rate percent 100
conform-action set qos 4
conform-action set mpls exp imposition 4
exceed-action set qos 0
exceed-action set mpls exp imposition 0
violate-action drop
class class-default
police rate percent 35 peak-rate percent 90
conform-action set qos 0
conform-action set mpls exp imposition 0
exceed-action set qos 1
exceed-action set mpls exp imposition 1
violate-action drop
!
When trying to commit this I get the following error:
!!% Qos verification failed for policy-map.: Policy-map PMAP_I class Policy_TEST failed: Number of actions for 'police conform' exceeds limit 0
end
Are you not allowed to set actions under policeing in 6.2.3?
Solved! Go to Solution.
04-11-2018 11:52 PM
We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:
1. Conform: DC is set to 0
2. Exceed: DC is set to 1
3. Violate: This is always drop. We cannot do any action for Violate case.
For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.
In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:
Ingress:
policy-map PMAP_I
class CLASS_RT_INGRESS
set qos 5
police rate percent 30 peak-rate percent 100
class CLASS_SIG_INGRESS
set qos 4
police rate percent 10 peak-rate percent 100
class class-default
set qos 0
police rate percent 35 peak-rate percent 90
egress:
policy-map PMAP_E
class dc0_qos5
set mpls exp 5
class dc1_qos4
set mpls exp 1
class dc0_qos4
set mpls exp 4
class dc1_qos4
set mpls exp 0
class dc0_qos0
set mpls exp 0
class dc1_qos0
set mpls exp 1
Let me see if I can find out a lab to test this, but this should work fine.
04-11-2018 11:16 AM
Hi,
Marking under policer is not supported in NCS550x. Please refer to Restriction section of https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D for more details:
Thanks,,
Santosh
04-11-2018 11:18 AM
04-11-2018 11:52 PM
We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:
1. Conform: DC is set to 0
2. Exceed: DC is set to 1
3. Violate: This is always drop. We cannot do any action for Violate case.
For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.
In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:
Ingress:
policy-map PMAP_I
class CLASS_RT_INGRESS
set qos 5
police rate percent 30 peak-rate percent 100
class CLASS_SIG_INGRESS
set qos 4
police rate percent 10 peak-rate percent 100
class class-default
set qos 0
police rate percent 35 peak-rate percent 90
egress:
policy-map PMAP_E
class dc0_qos5
set mpls exp 5
class dc1_qos4
set mpls exp 1
class dc0_qos4
set mpls exp 4
class dc1_qos4
set mpls exp 0
class dc0_qos0
set mpls exp 0
class dc1_qos0
set mpls exp 1
Let me see if I can find out a lab to test this, but this should work fine.
04-12-2018 05:40 AM
Thank you Santosh for the detailed explaination. I will give it a try in a lab today and see how it works.
04-18-2018 02:24 PM
Do you know if there is a way to change the QoS group at all on the 5500 platform?
We really need the functunalaity to be able to change the qos group under the policier.
policy-map PMAP_I
class class-default
police cir 5 m pir 10 m
conform-action set qos 7
exceed-action set qos 1
violate-action drop
Instead of the default of conform to qos group 0 for some classes we would like the ablitiy to set to let say the scavanger group of 7 as stated above.
!!% Qos verification failed for policy-map.: Policy-map PMAP_I class class-default failed: Number of actions for 'police conform' exceeds limit 0
04-20-2018 03:43 AM
Can you please provide more details on this. QoS group is local to the system, hence we can use combination of QoS group and discard class as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide