Solved: Re: NCS5501 QOS Policy: Traffic Policing

tsiemers1 · ‎04-11-2018

I am transitioning some policy maps in our enviroment from 9k's over to the 5501 ver 6.2.3. I have read the guide located @ https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D

What I am trying to transition is the below class maps:

class-map match-any CLASS_SIG_INGRESS
description Sig Traffic
match dscp cs4
match cos 4

class-map match-any CLASS__RT_INGRESS
description Realtime Traffic
match dscp ef
match cos 5

policy-map PMAP_I
class CLASS_RT_INGRESS
police rate percent 30 peak-rate percent 100

   conform-action set qos 5
   conform-action set mpls exp imposition 5
   exceed-action set qos 1
   exceed-action set mpls exp imposition 1
   violate-action drop
class CLASS_SIG_INGRESS
police rate percent 10 peak-rate percent 100

   conform-action set qos 4
   conform-action set mpls exp imposition 4
   exceed-action set qos 0
   exceed-action set mpls exp imposition 0
   violate-action drop
class class-default
police rate percent 35 peak-rate percent 90
   conform-action set qos 0
   conform-action set mpls exp imposition 0
   exceed-action set qos 1
   exceed-action set mpls exp imposition 1
   violate-action drop
!

When trying to commit this I get the following error:

!!% Qos verification failed for policy-map.: Policy-map PMAP_I class Policy_TEST failed: Number of actions for 'police conform' exceeds limit 0
end

Are you not allowed to set actions under policeing in 6.2.3?

Santosh Sharma · ‎04-11-2018

We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:

1. Conform: DC is set to 0

2. Exceed: DC is set to 1

3. Violate: This is always drop. We cannot do any action for Violate case.

For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.

In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:

Ingress:

policy-map PMAP_I
class CLASS_RT_INGRESS

set qos 5
police rate percent 30 peak-rate percent 100
class CLASS_SIG_INGRESS

set qos 4
police rate percent 10 peak-rate percent 100

class class-default

set qos 0
police rate percent 35 peak-rate percent 90

egress:

policy-map PMAP_E

class dc0_qos5

set mpls exp 5

class dc1_qos4

set mpls exp 1

class dc0_qos4

set mpls exp 4

class dc1_qos4

set mpls exp 0

class dc0_qos0

set mpls exp 0

class dc1_qos0

set mpls exp 1

Let me see if I can find out a lab to test this, but this should work fine.

View solution in original post

Santosh Sharma · ‎04-11-2018

Hi,

Marking under policer is not supported in NCS550x. Please refer to Restriction section of https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D for more details:

Restriction

Policer marking is not supported.

Thanks,,

Santosh

tsiemers1 · ‎04-11-2018

Okay. What is the recommended way of doing this on a 5501 or is it a limitation that can't be worked around. Also, why are the commands visible under police in 6.2.3 if they are not allowed?
Thanks

Santosh Sharma · ‎04-11-2018

We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:

1. Conform: DC is set to 0

2. Exceed: DC is set to 1

3. Violate: This is always drop. We cannot do any action for Violate case.

For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.

In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:

Ingress:

policy-map PMAP_I
class CLASS_RT_INGRESS

set qos 5
police rate percent 30 peak-rate percent 100
class CLASS_SIG_INGRESS

set qos 4
police rate percent 10 peak-rate percent 100

class class-default

set qos 0
police rate percent 35 peak-rate percent 90

egress:

policy-map PMAP_E

class dc0_qos5

set mpls exp 5

class dc1_qos4

set mpls exp 1

class dc0_qos4

set mpls exp 4

class dc1_qos4

set mpls exp 0

class dc0_qos0

set mpls exp 0

class dc1_qos0

set mpls exp 1

Let me see if I can find out a lab to test this, but this should work fine.

tsiemers1 · ‎04-12-2018

Thank you Santosh for the detailed explaination. I will give it a try in a lab today and see how it works.

tsiemers1 · ‎04-18-2018

@Santosh Sharma

Do you know if there is a way to change the QoS group at all on the 5500 platform?

We really need the functunalaity to be able to change the qos group under the policier.

policy-map PMAP_I
class class-default
police cir 5 m pir 10 m
   conform-action set qos 7
   exceed-action set qos 1
   violate-action drop

Instead of the default of conform to qos group 0 for some classes we would like the ablitiy to set to let say the scavanger group of 7 as stated above.

!!% Qos verification failed for policy-map.: Policy-map PMAP_I class class-default failed: Number of actions for 'police conform' exceeds limit 0

Santosh Sharma · ‎04-20-2018

Can you please provide more details on this. QoS group is local to the system, hence we can use combination of QoS group and discard class as well.