cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1835
Views
0
Helpful
18
Replies

class-map and policy-map question

hugh2_nguyen
Level 1
Level 1

Hi,

I'm using Cisco 3825 router and trying to set reserved bandwidth for different priority ingress traffic from different interface. I have high priority traffic comming into interface fa2/14 at rate ~1Mbps and low priority traffic comming into interface g2/0 at rate ~7Mbps. I configured the following classes and policy-map to reverse 2Mbps for Fa2/14 and 7Mbps for G2/0 over the congested Ethernet port fa2/0 (i.e. Tunnel0), which is the output Ethernet interface to the WAN:

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

!

!

policy-map TRAFFIC

class high

bandwidth 2000

class low

bandwidth 7000

policy-map FQ

class class-default

fair-queue

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

!

interface FastEthernet2/0

no switchport

bandwidth 10000

ip address 192.x.x.10 255.255.255.0

load-interval 30

service-policy output TRAFFIC

!

The class-map and policy-map don't seem to work. The "show policy-map int f2/0" showed that int f2/0 is still running on class-default:

Router6-w-AXP#show policy-map int f2/0

FastEthernet2/0

Service-policy output: TRAFFIC

Class-map: high (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 2000 kbps

Class-map: low (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 7000 kbps

Class-map: class-default (match-any)

11971181 packets, 8583659812 bytes

30 second offered rate 10602000 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 3165/620740

Would you please give me some advice on a proper way to configure reserved bandwidth over the congested tunnel. Attached are running-config file and show policy-map data.

Thanks!

Hugh

18 Replies 18

hugh2_nguyen
Level 1
Level 1

Here're attachments

Hi Hugh.

Does all traffic go out of the tunnel and nothing goes out the physical interface? It might be that all the class-default traffic is actually GRE traffic sourced from f2/0 so none of it will match your other classes as the traffic is not coming from those interfaces.

You can see if this is right or not by adding between class 'low' and class-default a class which matches all GRE traffic. Then if you check your 'show policy-map' command you can see if it is getting hits.

Have you tried putting the service policy on the tunnel interface? Not sure if this is possible, can't test in a the lab at the mo.

Cheers

Simon

Simon,

Thanks for the quick reply.

Interface Tunnel0 would not accept the "service-policy output TRAFFIC" and the error message was "Weighted Fair Queueing feature is not supported in user defined class of parent level policy." I don't know if a child level polity for the tunnel can work around the issue.

Yes, the traffic does seem like comming from GRE tunnel. I added a class "gre" to match protocol GRE traffic, not sure if that was what you suggested but here're the configuration:

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

class-map match-any gre

match protocol gre

!

!

policy-map TRAFFIC

class high

bandwidth 200

class low

bandwidth 700

class gre

bandwidth 9000

policy-map FQ

class class-default

fair-queue

The "show policy-map int f2/0" did show hit on class gre.

Would you please give me some advice on any other work around method. Thanks.

Hugh

Hi Hugh

looks like the only option supported on a gre tunnel is shaping

try adding PARENT to the tunnel interface

policy-map PARENT

class-default

shape average 100000000

service-policy TRAFFIC

Simon,

Thanks for the input. I added the policy-map PARRENT but class high and class low still did not get any hit. Here's current interfaces and policy configuration along with "show policy-map int t0" data:

!

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

!

!

policy-map TRAFFIC

class high

bandwidth 2000

class low

bandwidth 7000

policy-map FQ

class class-default

fair-queue

policy-map PARENT

class class-default

shape average 10000000

service-policy TRAFFIC

!

!

!

interface FastEthernet2/14

description HIGH PRIORITY INGRESS TRAFFIC

no switchport

ip address 192.168.12.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

!

!

interface GigabitEthernet2/0

description LOW PRIORITY INGRESS TRAFFIC

no switchport

ip address 192.168.2.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

!

!

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

service-policy output PARENT

!

!

!

interface FastEthernet2/0

description EGRESS TRAFFIC TO THE WAN

no switchport

bandwidth 10000

ip address 192.x.x.10 255.255.255.0

load-interval 30

Router6-w-AXP#show policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

1924994 packets, 1358517804 bytes

30 second offered rate 10065000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

Class-map: high (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 2000 kbps

Class-map: low (match-any)

0 packets, 0 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

0 packets, 0 bytes

30 second rate 0 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 7000 kbps

Class-map: class-default (match-any)

1924994 packets, 1358517804 bytes

30 second offered rate 10066000 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Joseph W. Doherty
Hall of Fame
Hall of Fame

One reason your original policy map might not be working as expected because the traffic you're trying to match against is encapsulated within GRE packets. (Confirmed by your 3rd post?) What might correct this is usage of "qos pre-classify" on the tunnel interface. (The reason I write "might", I'm not positive about usage of matching against input interfaces within the class-maps. Which also might be the problem within your 4th post.)

What you might also try is using an input service policy to ToS mark (different markings) the traffic arriving on the two "special" interfaces and then on the outbound policy match against those markings. Unless you need to shape the tunnel slower, you can have the policy again on the outbound interface. You won't need the pre-classify since the ToS markings will be copied to the GRE header. The only issues are what ToS marking to use and whether you want to pass them along.

e.g. (NB: syntax might be incorrect)

policy-map high

class class-default

set dscp 2

policy-map low

class class-default

set dscp 1

class-map match-any high

match dscp 2

class-map match-any low

match dscp 1

policy-map TRAFFIC

class high

bandwidth 2000

set dscp be

class low

bandwidth 7000

set dscp be

policy-map FQ

class class-default

!btw, FQ on many platforms can skew the other class bandwidth reservations

fair-queue

interface GigabitEthernet2/0

service-policy input low

interface FastEthernet2/14

service-policy input high

interface FastEthernet2/0

service-policy output TRAFFIC

Hi Joe,

It finally worked but not as expected. I don't know what I mucked around with that got it to work. I still see class low gets more than 7Mbps bandwidth and class high only get about 1Mbps. I changed bandwidth to priority and saw the same bandwidth ratio. I'll try your suggestion and let you know the result.

Here's show policy data with current configuration:

Router6-w-AXP#sh policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

6008931 packets, 4240298312 bytes

30 second offered rate 10498000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

queue stats for all priority classes:

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Class-map: high (match-any)

303905 packets, 214533040 bytes

30 second offered rate 1061000 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

104215 packets, 73575172 bytes

30 second rate 1061000 bps

Priority: 2000 kbps, burst bytes 50000, b/w exceed drops: 0

Class-map: low (match-any)

1842540 packets, 1300348088 bytes

30 second offered rate 9436000 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

738719 packets, 521343420 bytes

30 second rate 9436000 bps

Priority: 7000 kbps, burst bytes 175000, b/w exceed drops: 0

Class-map: class-default (match-any)

3862466 packets, 2725403064 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Router6-w-AXP#

Could you post the "working" policy?

As to seeing a class obtain more bandwidth then the defined bandwidth statement, that's normal for non-LLQ classes. Their bandwidth statements defined a minimum, not maximum. Even with your LLQ, the implicit policer only engages if there's congestion and the defined rate is exceeded. (Also note that policing can be "rough" on traffic; something you might not want. Shaping is often a better approach.)

Depending on your requirements, physical interfaces QoS generally behaves better than a shaper (which QoS on the tunnel appears to require).

Here's the policy:

class-map match-any high

match input-interface FastEthernet2/14

class-map match-any low

match input-interface GigabitEthernet2/0

!

!

policy-map DATA

class high

priority 8000

class low

priority 1000

policy-map FQ

class class-default

fair-queue

policy-map PARENT

class class-default

shape average 10000000

service-policy DATA

!

!

With or without the command line "qos pre-classify" the policy worked the same. Class low still competed with class high for bandwidth during congestion:

!

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

service-policy output PARENT

!

!

Router6-w-AXP#sh policy-map int t0

Tunnel0

Service-policy output: PARENT

Class-map: class-default (match-any)

6008931 packets, 4240298312 bytes

30 second offered rate 10498000 bps, drop rate 0 bps

Match: any

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

shape (average) cir 10000000, bc 40000, be 40000

target shape rate 10000000

Service-policy : TRAFFIC

queue stats for all priority classes:

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Class-map: high (match-any)

303905 packets, 214533040 bytes

30 second offered rate 1061000 bps, drop rate 0 bps

Match: input-interface FastEthernet2/14

104215 packets, 73575172 bytes

30 second rate 1061000 bps

Priority: 2000 kbps, burst bytes 50000, b/w exceed drops: 0

Class-map: low (match-any)

1842540 packets, 1300348088 bytes

30 second offered rate 9436000 bps, drop rate 0 bps

Match: input-interface GigabitEthernet2/0

738719 packets, 521343420 bytes

30 second rate 9436000 bps

Priority: 7000 kbps, burst bytes 175000, b/w exceed drops: 0

Class-map: class-default (match-any)

3862466 packets, 2725403064 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

Router6-w-AXP#

"With or without the command line "qos pre-classify" the policy worked the same."

That's because your policy is configured on the tunnel. The purpose of the command is to allow QoS to "see" pre-tunnel traffic packet headers on the interface that's sending the tunnel traffic.

"Class low still competed with class high for bandwidth during congestion:"

Unclear what you mean. Results look alright for this configuration altough the policy itself, with the two LLQ classes may not. Then again, you haven't described what you want to accomplish.

Hi Joe,

I want to reserve a minimum tunnel bandwidth of 2Mbps for class high (i.e. traffic from interface fa2/14). I tried either "bandwidth" or "priority" but did not acchieved the minimum reserved bandwidth of 2Mbps for class high. I would like to limit class low bandwidth (i.e. traffic from g2/0) to below 8Mbps over the tunnel. Thanks.

Hugh

You might need to "define" what you consider reserving bandwidth. The priority or bandwidth commands do reserve bandwidth but perhaps not as you expect.

What might be a cause of confusion, such bandwidth reservations don't normally preclude other traffic from using that bandwidth if the traffic for that class isn't using all of it. (Normally this is a good thing).

If you really wanted to limit your other class to not exceed 8 Mbps, you would use a shaper or policer. (However, if you can priorize and/or guarantee bandwidth for other classes, this, restricting bandwidth, I suggest, isn't often the optimal approach for taking advanage of WAN bandwidth.)

e.g.

policy-map sample

class high

bandwidth 2000

class low

bandwidth 8000

shape average 8000000

Joe,

I have a highly congested WAN; that is if I let class low goes freely then it would clog up the whole 10Mbps WAN. I really need to throttle class low bandwidth down to no higher than 8Mbps.

Here's the DSCP policy map per your suggestion. The router wouldn't accept command "set dscp be":

class-map match-any high

match dscp 2

class-map match-any low

match dscp 1

!

!

policy-map high

class class-default

set dscp 2

policy-map TRAFFIC

class high

bandwidth 2000

class low

bandwidth 7000

shape average 7000000

policy-map low

class class-default

set dscp 1

!

!

interface FastEthernet2/14

description HIGH PRIORITY INGRESS TRAFFIC

no switchport

bandwidth 1544

ip address 192.168.12.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

service-policy input high

!

!

interface GigabitEthernet2/0

description LOW PRIORITY INGRESS TRAFFIC

no switchport

ip address 192.168.2.40 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 1 area 0 address-family ipv4 instance 64

service-policy input low

!

!

interface FastEthernet2/0

description WAN INTERFACE

no switchport

bandwidth 10000

ip address 192.x.x.10 255.255.255.0

load-interval 30

service-policy output TRAFFIC

!

!

interface Tunnel0

bandwidth 10000

ip address 10.1.1.1 255.255.255.0

load-interval 30

ipv6 enable

ospfv3 instance 64 network manet

ospfv3 1 area 0 address-family ipv4 instance 64

tunnel source FastEthernet2/0

tunnel destination 142.x.x.10

!

And here's the show policy-map:

Router6-w-AXP#sh policy-map int f2/0

FastEthernet2/0

Service-policy output: TRAFFIC

Class-map: high (match-any)

474505 packets, 341640510 bytes

30 second offered rate 1148000 bps, drop rate 0 bps

Match: dscp 2

474505 packets, 341640510 bytes

30 second rate 1148000 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 2000 kbps

Class-map: low (match-any)

3320165 packets, 2388688270 bytes

30 second offered rate 9477000 bps, drop rate 0 bps

Match: dscp 1

3320165 packets, 2388688270 bytes

30 second rate 9477000 bps

Queueing

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 0/0

bandwidth 7000 kbps

shape (average) cir 7000000, bc 28000, be 28000

target shape rate 7000000

Class-map: class-default (match-any)

184 packets, 35258 bytes

30 second offered rate 0 bps, drop rate 0 bps

Match: any

queue limit 64 packets

(queue depth/total drops/no-buffer drops) 0/0/0

(pkts output/bytes output) 125/25060

Router6-w-AXP#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: