cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5148
Views
5
Helpful
6
Replies

NCS5501 QOS Policy: Traffic Policing

tsiemers1
Spotlight
Spotlight

I am transitioning some policy maps in our enviroment from 9k's over to the 5501 ver 6.2.3. I have read the guide located @  https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D

 

What I am trying to transition is the below class maps:

 

class-map match-any CLASS_SIG_INGRESS
description Sig Traffic
match dscp cs4
match cos 4


class-map match-any CLASS__RT_INGRESS
description Realtime Traffic
match dscp ef
match cos 5

 

policy-map PMAP_I
 class CLASS_RT_INGRESS
  police rate percent 30  peak-rate percent 100

   conform-action set qos 5
   conform-action set mpls exp imposition 5
   exceed-action set qos 1
   exceed-action set mpls exp imposition 1
   violate-action drop
 class CLASS_SIG_INGRESS
  police rate percent 10 peak-rate percent 100

   conform-action set qos 4
   conform-action set mpls exp imposition 4
   exceed-action set qos 0
   exceed-action set mpls exp imposition 0
   violate-action drop
 class class-default
  police rate percent 35 peak-rate percent 90
   conform-action set qos 0
   conform-action set mpls exp imposition 0
   exceed-action set qos 1
   exceed-action set mpls exp imposition 1
   violate-action drop
!

 

When trying to commit this I get the following error:

!!% Qos verification failed for policy-map.: Policy-map PMAP_I class Policy_TEST failed: Number of actions for 'police conform' exceeds limit 0
end

 

Are you not allowed to set actions under policeing in 6.2.3?

 

 

 

1 Accepted Solution

Accepted Solutions

We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:

1. Conform: DC is set to 0

2. Exceed: DC is set to 1

3. Violate: This is always drop. We cannot do any action for Violate case.

For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.

 

In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:

Ingress:

policy-map PMAP_I
 class CLASS_RT_INGRESS

set qos 5
  police rate percent 30  peak-rate percent 100
 class CLASS_SIG_INGRESS

set qos 4
  police rate percent 10 peak-rate percent 100

 class class-default

set qos 0
  police rate percent 35 peak-rate percent 90

 

egress:

policy-map PMAP_E

class dc0_qos5

set mpls exp 5

class dc1_qos4

set mpls exp 1

class dc0_qos4

set mpls exp 4

class dc1_qos4

set mpls exp 0

class dc0_qos0

set mpls exp 0

class dc1_qos0

set mpls exp 1

 

Let me see if I can find out a lab to test this, but this should work fine.

View solution in original post

6 Replies 6

Santosh Sharma
Cisco Employee
Cisco Employee

Hi,

 

Marking under policer is not supported in NCS550x. Please refer to Restriction section of https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/qos/62x/b-qos-cg-ncs5500-62x/b-qos-cg-ncs5500-62x_chapter_0100.html#concept_8C09549AC9D44D70BF203A72EE92418D for more details:

 

Restriction

  • Policer marking is not supported.

Thanks,,

Santosh

Okay. What is the recommended way of doing this on a 5501 or is it a limitation that can't be worked around. Also, why are the commands visible under police in 6.2.3 if they are not allowed?
Thanks

We can use a combination of QoS group and discard class here. We have following behavior of DC in NCS5501:

1. Conform: DC is set to 0

2. Exceed: DC is set to 1

3. Violate: This is always drop. We cannot do any action for Violate case.

For the current configuration we can use a combination of qos-group and discard class in ingress to mark the conformed and exceeded traffic. qos-group here will help to distinguish between classes.

 

In the egress, we can set mpls exp based on qos-group and DC value. The configuration will be something like this:

Ingress:

policy-map PMAP_I
 class CLASS_RT_INGRESS

set qos 5
  police rate percent 30  peak-rate percent 100
 class CLASS_SIG_INGRESS

set qos 4
  police rate percent 10 peak-rate percent 100

 class class-default

set qos 0
  police rate percent 35 peak-rate percent 90

 

egress:

policy-map PMAP_E

class dc0_qos5

set mpls exp 5

class dc1_qos4

set mpls exp 1

class dc0_qos4

set mpls exp 4

class dc1_qos4

set mpls exp 0

class dc0_qos0

set mpls exp 0

class dc1_qos0

set mpls exp 1

 

Let me see if I can find out a lab to test this, but this should work fine.

Thank you Santosh for the detailed explaination. I will give it a try in a lab today and see how it works.

@Santosh Sharma

 

Do you know if there is a way to change the QoS group at all on the 5500 platform?

 

We really need the functunalaity to be able to change the qos group under the policier.

 

policy-map PMAP_I
class class-default
police cir 5 m pir 10 m
   conform-action set qos  7
   exceed-action set qos 1
   violate-action drop

 

Instead of the default of conform to qos group 0 for some classes we would like the ablitiy to set to let say the scavanger group of 7 as stated above.

 

!!% Qos verification failed for policy-map.: Policy-map PMAP_I class class-default failed: Number of actions for 'police conform' exceeds limit 0

 

 

 

 

Can you please provide more details on this.  QoS group is local to the system, hence we can use combination of QoS group and discard class as well.