QoS class issue

Answered Question
Jun 8th, 2010
User Badges:

I have a QoS issue. Please help me figure out.


ip access-list extended SILVER-TRAFFIC


permit tcp any  10.0.0.0 0.255.255.255 eq 80


ip access-list extended BRONZE-TRAFFIC

permit tcp any  10.3.115.0 0.0.0.255 eq 80

permit tcp any  10.60.52.0 0.0.0.255 eq 80



class-map match-any SILVER-CLASS

  match access-group name SILVER-TRAFFIC

class-map match-any BRONZE-CLASS

  match access-group name BRONZE-TRAFFIC



policy-map QOS


  class SILVER-CLASS

   set dscp cs3

  class BRONZE-CLASS

   set dscp cs2

  class class-default

   set dscp default


There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?


Correct Answer by Giuseppe Larosa about 6 years 9 months ago

Hello Angyu,


your understanding is correct: the order of call of the class-maps counts like in an ACL


you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble


It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic


Hope to help

Giuseppe

Correct Answer by Jon Marshall about 6 years 9 months ago

cscyangyu wrote:



There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?



It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.


The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -


policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 06/08/2010 - 10:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

cscyangyu wrote:



There are 2 QoS class in this configuration. The ACL (permit tcp any  10.0.0.0 0.255.255.255 eq 80) of the silver class includes the ACL of the Bronze class. Does that means those bronze class traffic are marked as silver class, instead of Bronze class?



It means that all traffic with the first octet of 10 in the IP address will be matched to the silver class. Nothing with a 10.x.x.x address will ever get past the silver class so all 10.x.x.x traffic will be marked with dscp cs3.


The policy-map is checked sequentially so and if a match is found processing stops so if you want bronze traffic to be marked as bronze -


policy-map QOS

class BRONZE-CLASS

set dscp cs2

class SILVER-CLASS

set dscp cs3

class class-default

set dscp default


Jon

Correct Answer
Giuseppe Larosa Tue, 06/08/2010 - 10:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Angyu,


your understanding is correct: the order of call of the class-maps counts like in an ACL


you should rewrite the policy-map invoking the bronze-traffic first or you will be in trouble


It could be a safe measure to rewrite the ACL for silver traffic denying the other traffic


Hope to help

Giuseppe

Actions

This Discussion