I have an issue which gives me headaches, and I'm a newbie regarding QoS
I have an optical fiber between 2 3750 (gigabit) and I want to run QinQ over it (IOS version is 12.2.52).
I will have a VLAN for a customer A (let's say Vlan 10) and another for a customer B (Vlan 20)
I want to limit the bandwidth for customer A to 20 Mb and 100Mb for customer B on the interswitch link; I wanted to use cos-based ingress marking in the access port dedicated to each customer (to mark the traffic internally with .1p in the outer 802.1q header), and then apply queueing and/or policing on the egress interface.
For example set a cos to 1 for the vlan 10 and 3 for vlan 20; map cos 1 to queue 2 and cos 3 to queue 3 (this is default mapping according to the documentation); and then give 2% to queue 2 and 10% to queue 3.
It seems there are a lot of ways to configure that and I'm totally confused on the right way to use. It's only layer 2 QoS and I don't want to remark anything in the tunneled traffic.
I skip this part as I don't want to change the default association
mls qos srr-queue output cos-map queue queue-id threshold threshold-id cos1...cos8
On the egress interface I expect to use something close to this :
Switch(config)# interface gigabitethernet1/1/1
Switch(config-if)# srr-queue bandwidth share 39 2 10 39
Switch(config-if)# priority-queue out
One question on this : if I have no traffic in queues 1 and 4; will the 2 other queues able to get all the remaining bandwidth ? I expect yes as it's queuing and not policing / shaping.
Now on my ingress interfaces how does it work ?
As I want to control bandwidth allocation on a per vlan basis; do I have to enable "mls qos vlan-based" on my ingress interfaces ?
Do I have to trust the incoming traffic on each ingress ports (I guess yes to not override any incoming QoS marking, even if I don't want to use it) ? And finally how can I map/mark the vlan defined on the access port (vlan which is in fact a tunnel ID) to a cos value ?
Do I have to use the "override" keyword or not ? Does it seems to be correct ? I don't want to copy the incoming cos field to the outer header but I want the tunnel to be the most transparent and I don't want to change the 802.1q payload. The doc says that by default the switch copies the inner 802.1p field to the outer header, can I disable this behaviour ?
description **** QinQ tunnel customer A ****
switchport access vlan 10
switchport mode dot1q-tunnel
mls qos trust cos
mls qos cos 1 override
Queueing is usually a congestion management method, not policing, so when there is no congestion, the remaining bandwidth will be used by other queues.
mls qos vlan-based :
In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is driven by the policy map that is attached to the corresponding VLAN interface.
by default any packets that enter the switch has a CoS 0 unless it's been set before.
for seting a cos or dscp value you have to configure a policy-map.
mls qos cos specifies a default CoS value to be assigned to a port. If the port is CoS trusted and packets are untagged. the Override keyword is to override the previously configured trust state of the incoming packets and to apply the default port CoS value to all incoming packets.
plz Rate if it helped.
no problem Surya.
I believe this Doc will prove helpful for you
plz Rate if it helped.
Thank you; but the 3750 is pretty basic; Metro Ethernet switches seem to be far more advanced than traditionnal 3750 switches regarding QinQ-based QoS.
In my case, what is unclear is the effect of the following commands on my ingress port, as I don't want to modify the incoming .1p field but just to mark the outer QinQ header, I'm not even sure it's possible as the switch copies the incoming .1p information to the outer header :
mls qos trust cos switchport priority extend cos 1
mls qos trust cos mls qos cos 1
mls qos trust cos mls qos cos 1 override
hmm, I am not sure how a C3750 reacts to these commands in this situation either, but if i were you, i'd have analyzed the packets (SPAN) before and after the inputting the commands and find out the right thing to do.
btw, i will continue researching about it, make sure you let me know how u dealt with it.