cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
636
Views
0
Helpful
4
Replies

Traffic Classification Questions

philclemens1835
Level 1
Level 1

Working on optimizing a prioritization and marking config, and have a couple of questions about classifying traffic.

If I have a 30 line ACL that I'm matching on for a class, is it more efficient to continue using the ACL or is it better to add the "match destination|source" lines directly in the class-map config?  This would create a longer class-map section, but if it's better for the router, that's not a problem.

If I want to match all remaining traffic into a class, like COS3, prior to it hitting the default queue, it appears that the best way to handle this would be to use a "match protocol ipv4" in the desired class.  In our case, all traffic is ipv4.

Any advice or best practice recommendations are appreciated.  I have reviewed the Modular QoS document prior to posting this, and did not find this guidance in the document.  If there's a good Cisco Live or other document out there for Modular QoS, I'd appreciate those links as well.

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

depends how your config, any way you need extended ACL to match,

Not sure what hardware is this - in General OLD school still good valid document :

https://www.cisco.com/c/dam/global/fr_ca/assets/techsymp2004/presentations/pdf/deploying_qos_project_voice.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This is an ASR9906 running 6.4.2 Classic.

Yes, we have a 30 line extended ACL we're matching on under the class.  But, I see you can simply match on source or destination addresses within the class itself, eliminating the requirement for matching on an ACL with those sources and/or destinations defined.  Just not sure which is better or more efficient.

I generally match with application that is best i got results, again depends on use case. look at the presentation you get some ideas to improve.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Joseph W. Doherty
Hall of Fame
Hall of Fame

Unless you believe you have a real need for the most "efficient" approach, I would recommend you work on implementing your matching policies in a way that makes what you're doing in the most clear and/or the easiest config to maintain.

There are several reasons why I suggest this.  First, how Cisco does its actual matching, with any possible optimizations, is likely considered proprietary and possibly might change between IOS versions or even releases.  Second, I believe an ASR 9K is likely to have additional hardware support, so that how you configure your matching, for "efficiency", might matter very little.  Third, again, unless you have some reason to believe exactly how you're matching for QoS classification is a performance impediment, likely your time can better be devoted elsewhere.

As an example of what I'm talking about, suppose you had an ACL like:

permit ip host 192.168.1.4
permit ip host 192.168.1.5
permit ip host 192.168.1.6
permit ip host 192.168.1.7

For efficiency, you go "old school" and order you ACEs by frequency hits.  So, for instance if .6 had a million matches, .5 had a thousand matches, .7 one hundred matches and .4 only ten matches, your ACL might be configured as:

permit ip host 192.168.1.6
permit ip host 192.168.1.5
permit ip host 192.168.1.7
permit ip host 192.168.1.4

But if there was something like TCAM matching being done, sequence of the ACEs wouldn't matter.

Or suppose, the Cisco device, "optimizes" your ACEs into one ACE like:

permit ip 192.168.1.4 0.0.0.3

Again, your resequencing the ACEs wouldn't matter.  (NB: or course, you could also manually "optimize" the four ACEs into the one ACE, but it has maintenance issues, such as, perhaps at some point someone wants you to log matches on just .4.)

So, once again, unless you believe there's a real need to optimize (for efficiency) how your QoS matching is being accomplished on your ASR 9K, it's more likely you would be better served by trying to config your QoS to make it as clear as possible what you're doing.

BTW, I'm not against learning as much about how your ASR 9K does what it does, and such knowledge might be useful down-the-road, but in this case, perhaps learning more about how QoS should be used, and/or seeing how it benefits, or not, your traffic, would also possibly be better use of your learning time.