qos class-map marking issue

Answered Question
Aug 6th, 2010

Hello expert,

I have a hub and spoke enviroment using all cisco 2811 routers.

I am currently working on qos.

I have apply class -maps and policy-map  on one router close to the source as per best practice.

I went to second router and configure qos, i tried to use class-map match dscp21 etc ---- since i do not want to remark packets

previously marked at the source.

The problem is that when i check the second router using the sh policy-map int I am only see all the packets being queued under class-default

which suggest that the match dscp21 etc is not working.

Is there a something missing do i have to issue some command etc to allow the other sister routers to trust the orginal marking.

Attached are two file for clarification

Regards

I have this problem too.
0 votes
Correct Answer by Collin Clark about 6 years 5 months ago

Yup, exactly what Jon posted.

Geez Jon the notification email and your response came in at the same time. You're now faster than email.

Correct Answer by Jon Marshall about 6 years 5 months ago

1) You need to enable QOS globally on the switch ie.

2960(config)# mls qos

2) the "mls qos trust dscp" command is an interface command not a global config command so if you need to apply it at the interface level eg.

2960(config)# int gi0/1

2960(config-if)# mls qos trust dscp

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Collin Clark Mon, 08/09/2010 - 12:41

A couple of things to keep in mind. 1. Packets are only placed into your configured queues when the tx ring is full. If the interface is not congested packets will not go into the queues you have setup, they will go into the default queue. 2. It looks like your applying QoS to an internet link. If so, keep in mind that some Service Providers strip the CoS values from your packets.

Hope it helps.

jomo frank Mon, 08/09/2010 - 13:19

Hello Collin,

>> Packets are only placed into your configured queues when the tx ring is full. If the interface is not congested packets will not go into the queues you have setup, they will go into the default queue

While awaiting your response I  removed the class mappings as per attactment and created new class mappings.

And the respective queues where populated as per mapping

See attachment.

>> It looks like your applying QoS to an internet link. If so, keep in mind that some Service Providers strip the CoS values from your packets.

Sorry for the misleading naming of the policy-map this policy is actual link to the lan interface of the second router as the aim is just see if the

mapping created on Router1 will remain the same when they hit Router 2.

I am trying to let one Router do all the inpection and marking of the packets and the other routers just accept the mark packets.

Regards

relsethagen Mon, 08/09/2010 - 20:33

If you are marking on router 1 and router 2's Ethernet is in the path of that marked traffic it should show up and match your policy coming into router 2, but It doesn't appear to. my first guess is that your LAN switch is remarking it. If your LAN switch is a 2950 or a 2960/3560/3750 with qos enabled you will have to make sure the ports you have your routers attached to are set to trust dscp on the switch.

jomo frank Tue, 08/10/2010 - 05:40

Hello Colin,

My Lan switch may be the problem I have 2960 series at all locations.

But did not set the respective ports that the router is connected to trust dscp.

Colin, if i do not want to trouble my switch will I have to  setup  class markings on all my routers?

Regards

Jomo

Collin Clark Tue, 08/10/2010 - 06:11

Best practices is exactly what relsethagen stated, use the trust feature under the LAN switch interface. Always mark as close to the source as possible and trust the marking for as far as possible. The router will have to write to COS. Yes you can setup it marking on the router, but remember that QoS in switches is done in hardware asics and QoS in routers is done by CPU/software. It's much more efficient to perform QoS in switches than it is in routers.

mls qos trust dscp

If you want it really easy, enable auto qos on your devices. You will then need to add the command below instead of the one above (you can have both with no ill effects).


auto qos voip trust

Hope it helps.

jomo frank Wed, 08/11/2010 - 10:00

Hello Colin,

Can please assist i getting and error when enabling

mls qos trust dscp on my switch.

All detail below for your guidance.

Switch info.

------------------------------------

Switch   Ports        Model                    SW Version               SW Image
------     -----              -----                         ----------                            ----------
*    1     50         WS-C2960-48TT-L      12.2(25)SEE3             C2960-LANBASE-M

When I attempt to enable trust dscp

------------------------------------------------------------------

Linden> en
Password:
Linden#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Linden(config)#mls qos trust dscp
                       ^
% Invalid input detected at '^' marker.

Linden(config)#

Checking mls for all the options

------------------------------------------------------------

Linden(config)#mls ?
  qos  qos keyword

Linden(config)#mls qos ?
  aggregate-policer  Named aggregate policer
  map                qos map keyword
  queue-set          Choose a queue set for this queue
  rewrite            Rewrite Packet/Frame
  srr-queue          Configure SRR receive queues
 

When I  issue show mls

-------------------------------------------------------------------------------

Linden>sh mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

Correct Answer
Jon Marshall Wed, 08/11/2010 - 10:06

1) You need to enable QOS globally on the switch ie.

2960(config)# mls qos

2) the "mls qos trust dscp" command is an interface command not a global config command so if you need to apply it at the interface level eg.

2960(config)# int gi0/1

2960(config-if)# mls qos trust dscp

Jon

Correct Answer
Collin Clark Wed, 08/11/2010 - 10:20

Yup, exactly what Jon posted.

Geez Jon the notification email and your response came in at the same time. You're now faster than email.

Jon Marshall Wed, 08/11/2010 - 14:24

Collin_Clark wrote:

Yup, exactly what Jon posted.

Geez Jon the notification email and your response came in at the same time. You're now faster than email.

Collin, got a lot of time on my hands at the moment due to a bike accident (mountain bike that is) so that probably explains it

Actions

This Discussion