Enabling MLS on 6500

Unanswered Question
Jan 27th, 2009

Hi Gurus,

I want to implement a bandwidth tailoring mechanism on my 6500 and rate limit input and output doesnt work. so i use traffic shape for the output and policy map for input. but when i do service-policy input on the interface i have this error.

Warning (QoS): MLS QoS is disabled, marking/policing will be done after enabling MLS QoS globally

My question is if i enable this would it be a big impact on the performance of my switch. im just worried if i enable this something wrong would happen.

tnx.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 01/28/2009 - 00:40

Hello Jefferson,

enabling mls qos with

conf t

mls qos

has not a big impact on performance because the C6500 is thought to do it and has dedicated hardware the PFC (if you have at least a Sup2 or better).

I would be concerned about the mls qos trust concept: the risk with Hybrid mode Sup2/MSFC2 was to have all ports untrusted and all DSCP bytes replaced with 0x00: all ports are untrusted by default and the action is to remark with DSCP 00.

So you need to see what traffic flows there are in the network and to identify flows and ports where you need to preserve the QoS marking of applications.

see it is still so in native ios with 12.2SXH

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1478721

Hope to help

Giuseppe

jeffersoncbriones Wed, 01/28/2009 - 18:56

Hi Giuseppe,

Enabled it and my policing works well. I've noticed also that my proc and mem usage was drop to 50%. What do you think?

tnx.

Giuseppe Larosa Wed, 01/28/2009 - 23:59

Hello Jefferson,

do you mean that cpu and memory are less used now with QoS enabled ?

This is possible because dropping takes less resources then forwarding, but I would expect this on a software based router not on a powerful multilayer switch like C6500.

We could see this as a confirm that qos is implemented in hardware with PFC, so being all interfaces now under mls qos it is like a new player (the PFC) has entered the field taking part in forwarding process.

It is good news that is working well

Hope to help

Giuseppe

jeffersoncbriones Thu, 01/29/2009 - 00:18

Hi Guiseppe,

You are correct! It took less cpu and mem usage. Though my policing is not yet perfect. My configured 1Mbps and 2Mbps is still exceeding. Im using 6509 sup2, what do you think of my config.

here's my config

class-map match-all 5Mbps

description 5Mbps-Link

match access-group 110

class-map match-all 1Mbps

description 1Mbps-Link

match access-group 110

class-map match-all 2Mbps

description 2Mbps-Link

match access-group 110

!

policy-map 5Mbps

class 5Mbps

police 5120000 160000 160000 conform-action transmit exceed-action drop

policy-map 1Mbps

class 1Mbps

police 1024000 32000 32000 conform-action transmit exceed-action drop

policy-map 2Mbps

class 2Mbps

police 2048000 64000 64000 conform-action transmit exceed-action drop

!

mls flow ip destination

mls flow ipx destination

mls qos

access-list 110 permit ip any any

many tnx.

Actions

This Discussion