6500 QoS
Hi All,
I'm trying to figure out how I can do QoS on a 6500 and police traffic based on an IP access-list.
I want to define an access-list which specifies the traffic based on soure and destination IP addresses. I then plan to use a class map to match this access list and police the traffic in a qos policy. I was planning on applying the qos policy on a gig interface.
As the 6500 has a different architecture, compared to a normal router, can some suggest how I can do this. I'd like to do this on a:
WS-C6509-E (R7000) with a Supervisor Engine 720
Regards
D
Dear all,
I'm facing with a problem about monitor traffic for each class of service when i apply poilce on my Tengiga interface. The output command result as below:
7600#sh policy-map inter ten4/4
class-map: Hosting-Colocation-to-Network (match-any)
Match: access-group name Hosting-Colocation-to-Network
police :
10000000000 bps 31250000 limit 31250000 extended limit
Earl in slot 4 :
13801619258245 bytes
30 second offered rate 144487304 bps
aggregate-forwarded 13801619258245 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 145773304 bps exceed 0 bps
Earl in slot 5 :
72837 bytes
30 second offered rate 0 bps
aggregate-forwarded 72837 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 0 bps exceed 0 bps
class-map: class-default (match-any)
Match: any
police :
10000000000 bps 31250000 limit 31250000 extended limit
Earl in slot 4 :
74520070218188 bytes
30 second offered rate 879718984 bps
aggregate-forwarded 74520070218188 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 888842536 bps exceed 0 bps
Earl in slot 5 :
5622549680569 bytes
30 second offered rate 93300336 bps
aggregate-forwarded 5622549680569 bytes action: transmit
exceeded 0 bytes action: transmit
aggregate-forward 99314912 bps exceed 0 bps
My traffic have 2 type which classify to 2 class as above. I would like monitor traffic at fields bold (30 second offered ...). Pls advice me how to monitor this field on graph.
Thanks and best reagards,
Vo Minh Thuan
Similar Messages
-
I have a problem with an interface Gi that it has qos enable. It drops packets in priority queue ( cos 5 asignated), following the q2 and there is not drops on q1.
This is the status:
Interface GigabitEthernet9/32 queueing strategy: Weighted Round-Robin
Port QoS is enabled
Trust state: trust COS
Extend trust state: not trusted [COS = 0]
Default COS is 0
Transmit queues [type = 1p2q2t]:
Queue Id Scheduling Num of thresholds
1 WRR low 2
2 WRR high 2
3 Priority 1
WRR bandwidth ratios: 100[queue 1] 255[queue 2]
queue-limit ratios: 70[queue 1] 15[queue 2]
queue random-detect-min-thresholds
1 40[1] 70[2]
2 40[1] 70[2]
queue random-detect-max-thresholds
1 70[1] 100[2]
2 70[1] 100[2]
queue thresh cos-map
1 1 0 1
1 2 2 3
2 1 4 6
2 2 7
3 1 5
Receive queues [type = 1q2t]:
Queue Id Scheduling Num of thresholds
1 Standard 2
queue tail-drop-thresholds
1 100[1] 100[2]
queue thresh cos-map
1 1 0 1 2 3 4
1 2 5 6 7
Packets dropped on Transmit:
BPDU packets: 0
queue thresh dropped [cos-map]
1 1 0 [0 1 ]
1 2 0 [2 3 ]
2 1 0 [4 6 ]
2 2 486* [7 ]
3 1 486* [5 ]
* - shared transmit counter
Packets dropped on Receive:
BPDU packets: 0
queue thresh dropped [cos-map]
1 1 0 [0 1 2 3 4 ]
1 2 0 [5 6 7 ]
Thanks,
Marcelocheck out the following link on Troubleshooting Output Drops with Priority Queueing, hope this helps :
http://www.cisco.com/en/US/tech/tk39/tk51/technologies_tech_note09186a0080103e8a.shtml -
Hello,
Does anyone know if it is possible to apply a 6500 QoS service-policy to a ACE module interface? I would like to leverage CBQOS to apply policing to traffic entering/leaving the ACE module.
Thanks!
LeeHI Collin,
You can use this by Configuring Control Plane Policing (CoPP).
CoPP uses a dedicated control plane configuration through the modular QoS CLI (MQC) to provide filtering and rate-limiting capabilities for the control plane packets.
CoPP is disabled by default.
CoPP is only supported on ingress (service-policy output CoPP cannot be applied to the control plane interface). Neither egress CoPP nor silent mode is supported.
Just follow the CoPP Configuration Guidelines and Restrictions .
CoPP uses MQC to define traffic classification criteria and to specify the configurable policy actions for the classified traffic. You must first identify the traffic to be classified by defining a class map. The class map defines packets for a particular traffic class. After you have classified the traffic, you can create policy maps to enforce policy actions for the identified traffic. The control-plane global configuration command allows the CoPP service policies to be directly attached to the control plane.
Use the below mentioned URL for Defining Traffic Classification
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html#wp1141968
the commonly required traffic is identified with these ACLs:
â¢ACL 120-Critical traffic
â¢ACL 121-Important traffic
â¢ACL 122-Normal traffic
â¢ACL 123-Explicitly denies unwanted traffic
â¢ACL 124-All other traffic
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/copp.html
Use the control plane commands as follows:
control-plane
To enter control-plane configuration mode, which allows users to associate or modify attributes or parameters (such as a service policy) that are associated with the control plane of the device, use the control-plane command in global configuration mode. To remove an existing control-plane configuration from the router, use the no form of this command.
Syntax for T Releases
control-plane [host | transit | cef-exception]
no control-plane [host | transit | cef-exception]
Syntax for 12.0S Releases
control-plane [slot slot-number] [host | transit | cef-exception]
no control-plane [slot slot-number] [host | transit | cef-exception]
Syntax for 12.2S Releases for Cisco 7600 Series Routers
control-plane
no control-plane
Syntax for ASR 1000 Series Routers
control-plane [host]
no control-plane [host]
The below link can be of huge information and config examples for control plane configuration:
http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_a1.html#wp1047593
Get back to me if you find this information relevant and useful to you.
Sachin garg -
Qos- I want to apply limit on FTP traffic
I want to apply Qos on ftp traffic on cisco 6500. Ftp traffic should use only 512 kbps bandwidth. Please any one suggest how should i establish this and any study document will be welcome.
Thanks in advanceDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
How would depend very much on the QoS features of the device. Even 6500 QoS features depend on line cards.
Most, but not all, Cisco switches support 4 egress queue which you can provide different bandwidth allocations. Such allocations usually provide a minimum, but more bandwidth might be used if its otherwise not being used.
For example, you might define four queues that one is a priority queue for real-time traffic; one is a foreground queue with a large bandwidth allocation (not that such traffic should be bandwidth intensive, but to insure high priority for dequeuing; one is a background queue with minimum bandwidth allocation (often where you might want to direct FTP); and the last is a middle allocation for everything else, i.e. your default.
Also on switches, traffic is often placed into a particular egress queue based on L2 CoS or L3 ToS. So, what this means, you'll want to mark your FTP traffic differently than your other traffic, perhaps with CoS 1 or DSCP CS1 or AF1x.
Cisco has some great guides on how to configure QoS for their different platforms although their 11 class model is often overly complex. -
QoS Packets not matching on 6500 with SUP720-10GE and SU2T
Hi,
I do not see packets matching in policy.
output below:
Switch#sh policy-map interface vlan 2232
Vlan2232
Service-policy input: HARDPHONE-VVLAN
Class-map: VOICETRAFFIC (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICETRAFFIC
Class-map: VOICESIGNALING (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICESIGNALING
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
I also not find packets matching ACL:
switch#sh access-lists
Extended IP access list VIDEOTRAFFIC
10 permit udp any any range 16384 32767
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 range 16384 32767
I checked policies, they looks applied correctly.
On SUP-720-10GE, I modified ACL to 'permit udp any any' but not found any matching packets. There are plenty of IP phones connected directly to this switch belongs to voice VLAN. I applied VLAN based QoS under voice VLAN and other VLANs too.
I observed different thing on SUP 2T. I saw packets matching ACL statement 'permit udp any any' but when I took off this line, ACL was not showing packets matching.
OUTPUT of IP phones connected to switch:
switch#sh cdp neighbors | in SEP
SEP0008308A5D7B Gig 13/38 143 H P M IP Phone Port 1
SEP0008308A5DE0 Gig 10/1 121 H P M IP Phone Port 1
SEP0023049C6348 Gig 3/42 152 H P M IP Phone Port 1
SEP0021A02D64D4 Gig 9/28 120 H P M IP Phone Port 1
SEP1C6A7AE0588E Gig 3/9 127 H P M IP Phone Port 1
SEP00229059969E Gig 12/48 166 H P M IP Phone Port 1
SEP0008308AF26F Gig 2/7 161 H P M IP Phone Port 1
SEP00235EB7BE0E Gig 4/2 154 H P M IP Phone Port 1
SEP00229059BE5A Gig 6/37 158 H P M IP Phone Port 1
SEP1CAA07115CF3 Gig 12/29 148 H P M IP Phone Port 1
SEP00235EB7884F Gig 9/3 156 H P M IP Phone Port 1
SEP0008308B03FB Gig 2/30 178 H P M IP Phone Port 1
SEP006440B42CD3 Gig 3/45 132 H P M IP Phone Port 1
SEP0022905991C9 Gig 11/4 145 H P M IP Phone Port 1
SEP0008308A5E6C Gig 6/36 124 H P M IP Phone Port 1
SEP006440B427CA Gig 13/31 170 H P M IP Phone Port 1
SEP006440B425FF Gig 3/19 168 H P M IP Phone Port 1
SEP0008308A7AD7 Gig 2/3 159 H P M IP Phone Port 1
SEP0008308A3EB2 Gig 10/4 132 H P M IP Phone Port 1
SEP002414B45A0E Gig 10/28 170 H P M IP Phone Port 1
SEP04C5A4B19C8B Gig 2/15 162 H P M IP Phone Port 1
SEP006440B43DE6 Gig 9/48 162 H P M IP Phone Port 1
SEP006440B42B0D Gig 9/23 179 H P M IP Phone Port 1
Could anyone please help, how to make sure that packets are hitting correct ACL and policy on 6500 with SUP720-10GE and SUP2T.
Thanks,
PruthviPlease note that 6500 is used as L2 switch only and SVI are used for applying policies only.
Configuration below:
class-map match-all VOICESIGNALING
match access-group name VOICESIGNALING
class-map match-all VOICETRAFFIC
match access-group name VOICETRAFFIC
class-map match-all VIDEOTRAFFIC
match access-group name VIDEOTRAFFIC
policy-map HARDPHONE-VVLAN
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class class-default
police flow mask src-only 32000 8000 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STUDENT-DVLAN
class class-default
police flow mask src-only 25000000 1562500 conform-action set-dscp-transmit default exceed-action policed-dscp-transmit
policy-map STAFF-DVLAN
class VOICESIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class VOICETRAFFIC
police flow mask src-only 128000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VIDEOTRAFFIC
police flow mask src-only 2000000 150000 conform-action set-dscp-transmit ef exceed-action drop
class class-default
police flow mask src-only 50000000 1000000 conform-action set-dscp-transmit ef exceed-action drop
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VOICETRAFFIC
permit udp any any dscp ef
permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
permit udp any any range 16384 32767 dscp ef
ip access-list extended VOICESIGNALING
remark Skinny and SIP protocols From Phones to Voice Core Infrastructure
permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
permit tcp any 10.128.0.0 0.3.255.255 eq 5060
permit udp any 10.128.0.0 0.3.255.255 eq 5060
permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
permit tcp any 172.20.10.0 0.0.1.255 eq 5060
permit udp any 172.20.10.0 0.0.1.255 eq 5060
ip access-list extended VIDEOTRAFFIC
permit udp any any range 16384 32767 dscp ef
interface Vlan104
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan105
description PolicyOnlyInt
no ip address
service-policy input STAFF-DVLAN
interface Vlan573
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan604
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan654
description PolicyOnlyInt
no ip address
service-policy input STUDENT-DVLAN
interface Vlan674
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan807
ip address 172.18.128.5 255.255.255.0
interface Vlan860
description PolicyOnlyInt
no ip address
service-policy input PUBLIC-DVLAN
interface Vlan2016
description PolicyOnlyInt
no ip address
service-policy input HARDPHONE-VVLAN
interface Vlan3124
description PolicyOnlyInt
no ip address
shutdown
service-policy input HARDPHONE-VVLAN
switch#sh access-lists
Extended IP access list VOICESIGNALING
10 permit tcp any 10.128.0.0 0.3.255.255 range 2000 2002
20 permit tcp any 10.128.0.0 0.3.255.255 eq 5060
30 permit udp any 10.128.0.0 0.3.255.255 eq 5060
40 permit tcp any 172.20.10.0 0.0.1.255 range 2000 2002
50 permit tcp any 172.20.10.0 0.0.1.255 eq 5060
60 permit udp any 172.20.10.0 0.0.1.255 eq 5060
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef <----- not showing any match
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255 <----not shwoing any match
12 permit udp any any range 16384 32767 dscp ef<----not shwoing any match
If I user "permit udp any any ", acl is showing match.
switch#sh access-lists
Extended IP access list VOICETRAFFIC
10 permit udp any any dscp ef
11 permit udp 10.128.0.0 0.63.255.255 10.128.0.0 0.63.255.255
12 permit udp any any range 16384 32767 dscp ef
13 permit udp any any (527055 matches) -
We have the following QoS config running on Edge, Distributions and Cores and got the following error.
âpriority command is not supported in output direction for this interface
Configuration failed on: Port-channelâ
We had opened a TAC case and they said â PFC QoS does not support these policy map class commands:
bandwidth
priority
queue-limit
random-detect
set qos-group
service-policy
How can we prioritize voip traffic. On our monitoring application, it says queues empty. Even if the priority command is not working there should be traffic in the queue.Different version of supervisors in Distribution (sup720) and COREs (Sup2).
Any suggestions? Attached document gives Config details.Are your Access Layer switches also 6500s? What Supervisor(s) are running in your 6500s & what CatOS or CatIOS are you running?
It sounds like you are redefining your trust boundary at every layer (Access, Distribution, Core). Did you get a chance to look over this SRND document?
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a008049b062.pdf
Here's an example of our L2 6513 with a WS-X6724 which has 1p3q8t for QoS Scheduling:
interface GigabitEthernet1/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
logging event link-status
logging event bundle-status
logging event trunk-status
wrr-queue bandwidth 5 25 70
wrr-queue queue-limit 5 25 40
wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100
wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100
wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100
wrr-queue cos-map 1 1 1
wrr-queue cos-map 2 1 0
wrr-queue cos-map 3 1 4
wrr-queue cos-map 3 2 2
wrr-queue cos-map 3 3 3
wrr-queue cos-map 3 4 6
wrr-queue cos-map 3 5 7
priority-queue cos-map 1 5
udld port
mls qos trust dscp
rmon collection stats 6001 owner monitor
channel-group 2 mode desirable non-silent
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust dscp
We also use NetMRI and you're correct, because the Cat 6500 PFC performs classification, marking, mapping, and policing functions, but the queuing and dropping policies are administered by the line cards, there are no MIBs for NetMRI to poll.
HTH
Steve -
All of the QOS configuration guidance I've seen in the documentation on this website refers to 6500 switched interfaces (switchport mode access/trunk).
Is the QOS configuration different on a 6500 routed interface. For instance on an interface between two core switches in a routed (Layer 3) core?
I have already reviewed all of the IOS-related 6500 Cisco documents I could find, and the latest QOS SRND with no luck finding info on this issue.
Thanks
GregThis URL should help you:
http://www.cisco.com/application/pdf/en/us/guest/products/ps708/c2001/ccmigration_09186a00801a90cc.pdf -
Any one ever worked on 6500 series Cisco switches QOS or 6503 or 6524 QOS(Urgent help needed)
Hi All,
I am having issue specifally doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls.
Below is the scenario & configuration which i am having issue.
CE1(2821 router)(dot1Q)--------->PE1(2821 router)------->P(6524 switch)-------->PE2(6503 switch)------->(dot1Q)(2821 switch)CE2.
On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5.
On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work?
---match means=classification or classify
Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario.
i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin.
below r my questions for 6503 qos:
1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc.
2.any other configutaion of qos needed on 6503?
3.i am unable to match anything on outbound port of 6503.
4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl.
5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface.
CE1(2821) config:
class-map match-any EF
match ip precedence 5
class-map match-any data
match ip precedence 3
policy-map ip2mpls
class EF
set cos 5
class data
set cos 3
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.455
encapsulation dot1Q 455
ip address 172.16.15.1 255.255.255.252
service-policy output EF
PE1(2821) config:
mls qos map cos-dscp 0 8 16 24 32 40 48 56
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all mpls_exp
match mpls experimental topmost 5
class-map match-any cos3
match cos 3
class-map match-any LOO1
match cos 5
policy-map EF
class LOO1
set mpls experimental imposition 5
class cos3
set mpls experimental imposition 3
policy-map QOS_G_5
class mpls_exp
priority
class exp_3
bandwidth 500
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
service-policy output QOS_G_5
interface FastEthernet0/1.455
encapsulation dot1Q 455
xconnect 5.5.5.5 455 encapsulation mpls
service-policy input EF
PE2(6503 qos):
R1#show module
Mod Ports Card Type Model Serial No.
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL09401U2L
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114247YN
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0712AM69
4 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL10019J4N
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3BXL SAD102805VM
6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD0846060F
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3BXL SAD102504EF 5.3 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD111300PD 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1004BQ2A 2.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAD10270189 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD102801G5 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1415FE95 1.11 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD08440794 2.4 Ok
R1#show mls qos maps
Normal Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 01 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 01 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Maximum Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Dscp-exp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
mls netflow interface
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all EXP_5
match mpls experimental topmost 5
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all prec5
match ip precedence 5
class-map match-all cos5
match cos 5
policy-map mpls2ip
class QOS_GROUP_5
set cos 5
policy-map IN_FROM_R3
class EXP_5
set qos-group 5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/2
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
interface GigabitEthernet2/2.455
encapsulation dot1Q 455
xconnect 3.3.3.3 455 encapsulation mpls
service-policy output mpls2ip
interface GigabitEthernet2/1
ip address 192.168.34.4 255.255.255.0
ip ospf network point-to-point
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
mpls ip
service-policy input IN_FROM_R4
Thanks & regards,
Ahsan RasheedHi All,.
I am still having issue on 6503 or 6524 Cisco Switch.
" Can any one give me any sample of 6524 or 6503 QOS working configuration, i would be really thankful "
As i have mentioned in my prevoius post of configuration of 6503. I am unable to match mpls exp 5 packet on 6503. My qos configuration on PE1(2811 router) is working perfectly. I am unable to classify mpls ex5 or mpls exp3 on 6503 switch. Am i missing something on configuration?
PE2 config:"6503 switch"
class-map match-all mpls_exp
match mpls experimental topmost 5
policy-map EF
class mpls_exp
R!#mls qos
int Gi2/4
service-policy input EF
mls qos trust cos
dscp: 0 10 18 24 34 46 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
Thanks,
Ahsan Rasheed -
CBWFQ style QoS on 6500 (Native)
Hi, Is it possible to have CBWFQ style QoS on 6500 SUP2/MFSC2/PFC2, 12.1.23E on the LAN cards, the cards with 1P2Q2T type ports (not the flexWANs). I have read 6500 PFC QoS documentation and did not found any reference to router style CBWFQ (I did not find an option for defining policy maps with 'bandwidth' under classes like the way we do on router IOS). Wondering if it is possible at all with HW/SW combination mentioned above.
If it not possible on the HW above, is it possible with any new HW like S720 etc and 12.2 codes ?
thanks
IftikharCBWFQ is not supported on the 6500, except in the case of WAN interfaces, as the QoS is not supplied by the PFC for these modules.
HTH,
Bobby -
Without 'MLS QOS' in 6500 does any interface queueing and trusting take place?
I have a 6500 that does not have 'mls qos' global configured, although the interfaces do have 'mls qos trust dscp' on them as in:
interface GigabitEthernet3/3
switchport
switchport access vlan 536
switchport mode access
switchport voice vlan 910
logging event link-status
mls qos trust dscp
spanning-tree portfast
When I 'show queueing int gx/x', it does show the default queueing structure of the interface as in:
LLT-6509AS-A#sh queueing int g3/3
Interface GigabitEthernet3/3 queueing strategy: Weighted Round-Robin
QoS is disabled globally
Port is untrusted
Extend trust state: not trusted [COS = 0]
Default COS is 0
Queueing Mode In Tx direction: mode-cos
Transmit queues [type = 1p3q8t]:
Queue Id Scheduling Num of thresholds
01 WRR 08
02 WRR 08
03 WRR 08
04 Priority 01
---- snip ----
queue thresh cos-map
1 1 0 1 2 3 4 5 6 7
1 2
1 3
1 4
1 5
1 6
1 7
1 8
Packets dropped on Transmit:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
2 0 []
3 0 []
4 0 []
Packets dropped on Receive:
BPDU packets: 0
queue dropped [cos-map]
1 0 [0 1 2 3 4 5 6 7 ]
So just what does the global 'mls qos' do? Without it is the command 'mls qos trust dscp' ignored?
I'm trying to track down where in our network dscp settings are being stripped out of packets and this is when I noticed the 'mls qos' was not configured.it enables QOS on the switch, without it no QOS is being used.
Sent from Cisco Technical Support iPhone App -
NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
JoshuaHi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew. -
N/A
Hi Siddigirf
The requirements which you have mentioned I think can be very well implemented on c6500 Platform.
Howerver before putting up my understanding in front of you regarding this QoS requirement I would like to confirm with you why you specifically need Long Pipe (PIPE) mode of operation here..As your requirement is that Customer;s DSCP ie IP QoS marking be remain untouched through MPSL Cloud then I would like to mention that in MPLS QoS the default mode of operation is Short PIPE Mode wherein that the Customer QoS remains untouched and passed transparently across the cloud and PHP has no effect on this behaviour. Remember PHP is on EXP and Customer QoS is in DSCP which is in the underlying IP Packet.Under default mode of Short PIPE operation the PHB((Per Hop Behaviour)) at the Egress PE is decided based on underlying DSCP value of the IP Packet
PIPE mode is useful in Carrier Supporting Carrier Scenarios weherby we want to send traffic to the upstream Carrier with the same PHB treatment as in the porivider's own MPLS Cloud and the PHB is based on EXP value and not DSCP Value.
Having said that I think we should be using Short PIPE Mode only and PHP enabled on the Egress PEs.Please confirm so that I can think more on the actual QoS requirement at the Ingress and Egress PEs.
Regards
Varma -
Hi all,
I have a Cisco 6509 switch with PFC-3BXL onboard and currently no QoS activated on the PFC.
My question is : if I activate QoS on the PFC by typing the following command on the switch :
mls qos
... what really happens and what will change (if I only type this command and nothing else) ?
By default the trust state for all ports is "untrust" which means DSCP and CoS fields will be rewritten to 0 by the switch. So this is a change which I have already in mind. But will the switch start behaving differently regarding output queuing of the frames ? Are for example the buffers and queues on the ingress and egress of the switch going to be changed and could this induce frames drop which I wouldn't have had if I don't type the command "mls qos" ?
Thanks for clarifying this !
Cheers,
Sam.Thanks Reza for your reply.
Indeed what I intend to do is configure CoPP which requires "mls qos" to be configured in order to permit CoPP to be applied at the hardware level (on the PFC). So the "mls qos port-queueing" cannot be used in such context because I want QoS at the PFC.
What I would like to do is enable qos just to permit hardware CoPP but not change anything to how frames are queued on the ports (in/out) currently and not change the DSCP/CoS field value within the frames transiting through the switch.
What is the best approach for this please ?
Thanks ! -
I have 6506E Sup32 PFC3B 12.2(18)SXE device at the access layer of the network and would like to implement QoS (for access ports) for Voice, Video.
I suppose that untrusted microflow policing is best for me. But documents say that such kind functionality works for L3 MSFC routed traffic. For PFC3b I can use "mls qos bridged" for bridged traffic on specified vlans. Does it really work for input service policy on access ports for traffic from user ports (if I use this command on user's int VLAN)?
Distribution and core layers of my networks are MPLS based.
Config:
interface FastEthernet2/1
switchport
switchport access vlan 10
switchport mode access
switchport voice vlan 30
no ip address
spanning-tree portfast
service-policy input IPPHONE+VIDEO
interface Vlan30 ! also for Vlan 30
ip vrf forwarding VOICE
ip address 10.168.8.254 255.255.255.0
ip helper-address 10.168.2.33
ip helper-address 10.168.2.34
ip pim sparse-dense-mode
mls qos bridged
policy-map IPPHONE+VIDEO
class VOICE
police flow mask src-only 320000 8000 conform-action set-dscp-transmit ef exceed-action drop
class VIDEO-INTERACTIVE
police flow mask src-only 2400000 8000 conform-action set-dscp-transmit af41 exceed-action drop
class CALL-SIGNALING
police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
class class-default
police flow mask src-only 5000000 8000 conform-action transmit exceed-action policed-dscp-transmitThis URL should help you:
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml -
QoS Sample configuration: Catalyst 6500-E
Dear Experts,
I'm looking for sample configuration documents for configuring QoS on Sup2T with IOS 15.1 SY.
Cuold you point me to appropriate documents please.
SPort is configurable with QoS service policy.
Unable to configure VLAN with QoS service policy.
6506E-2T#
interface Vlan112
ip address 10.112.112.1 255.255.255.0
end
6506E-2T(config)#int vlan 112
6506E-2T(config-if)#service-policy type lan-queuing input INGRESS-1P7Q2T
HQM not supported interface Vlan112MQC features are not supported for this interface
Anyone come accross this please?
platform qos vlan-based is not available in config listing.
(config)#platform qos ?
10g-only qos pure 10G mode
aggregate-policer Named aggregate policer
marking marking keyword
police police keyword
protocol protocol keyword
queueing-only queueing-only (no QoS rewrite, no policing)
rewrite packet qos rewrite enable/disable
service-policy global policy map name
statistics-export qos statistics data export
Testing on 6506-E, Sup2T, IOS15.1SY.
SS
Maybe you are looking for
-
D-Link DI-604 or Netgear RP614V2 ???
hi. im going to buy a router and want end user comments on these 2. D-Link DI-604 Netgear RP614V2 they are both priced similar and is the only 2 i am interested in or else i would have to buy online and dont want that. also want to know if any of the
-
I am running oracle 8i on linux (mandrake 6) and have applied the patch. While playing around with some simple triggers etc I attempted to use the dbms_output.put_line('stuff here') to keep track of, and report on events as they happened. The problem
-
i recently imported my phots into iphoto 09 that i got the with snow leopard last year. can i delete them from my pictures folder (i imported from) and it will be stored on iphoto
-
Why can't I rotate/select my group? Known bug? (CS5)
I have a group of a few layers that I wanted to resize. As they are in a group and I only want to resize the object, not the picture, I select the move tool, than try to choose 'Edit->Resize'... and get a message telling me there's nothing in my gr
-
How to convert mailboxes to mbox format?
hi i need to convert all my email messages from the mailbox format used by Apple Mail to mbox so that they can be imported to Mozilla Thunderbird. is there any software available for doing this? i'm aware of the cosmicsoft "EMLX to mbox Converter" wh