Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Applying QoS based on ToS on a switchport

I'm trying to wrap my head around QoS and I guess I have to start at the beginning - classification. I have a TDM to IP device that sets a ToS value of 0x08 to packets before it forwards the frame out towards the LAN.

Now as I understand it, ToS is an IP tag so I'm having a hard time understanding whether or not a L2 switch can read the ToS bit, map it to CoS to send about the LAN to the router, at which point CoS is mapped to DSCP, shipped out the WAN to the far end router where DSCP is mapped back to CoS to it's destination port.

I understand that the next steps are Policing, Marking and Queuing, and I'll cross those bridges when I come to them, but at this point, I think I just need to understand how the classification works on an L2 switch. The switch in question is a 2970 running 12.2(25)SEB4.

Thanks in advance.

24 REPLIES

Re: Applying QoS based on ToS on a switchport

If your device marks ToS only, have your switch map it DSCP. CoS/ToS are older and are generally only used by legacy equipment. Once you remark ToS to DSCP there is no reason to remap back unless of legacy equipment. Here's an example-

http://www.cisco.com/en/US/tech/tk652/tk698/technologies_configuration_example09186a00800a954d.shtml

Hope that helps.

New Member

Re: Applying QoS based on ToS on a switchport

Hi Collin,

Thanks for the link. I had seen this previously, but within it I couldn't understand how to actually match a ToS value of 0x08. The only option that seems relevant is match ip precedence, and all that looks reasonable there is to match ip precedence 7, which would be 0x08 in decimal.

Am I way off base?

Re: Applying QoS based on ToS on a switchport

If your device marks ToS only, have your switch map it DSCP. CoS/ToS are older and are generally only used by legacy equipment. Once you remark ToS to DSCP there is no reason to remap back unless of legacy equipment. Here's an example-

http://www.cisco.com/en/US/tech/tk652/tk698/technologies_configuration_example09186a00800a954d.shtml

Hope that helps.

New Member

Re: Applying QoS based on ToS on a switchport

Hi Collin,

In order to be able to map ToS to DSCP as you suggest, I believe I need to first match the ToS value of 0x08 and I'm not sure how to match that. As I said in my previous post, all I could find to match that looked relevant is ip precedence, and I don't know if precedence is the right thing to match on.

Super Bronze

Re: Applying QoS based on ToS on a switchport

If the ToS byte is set to 0x08, then match against the DSCP value 0x04.

If it's a voice bearer packet, remark to DSCP EF. For CoS, if supported, mark as priority 5.

Super Bronze

Re: Applying QoS based on ToS on a switchport

Addendum (correction):

Believe I slipped a (binary) decimal point. If the ToS byte is set to 0x08, then match against the DSCP value 0x02. (DSCP is the first 6 bits of the ToS byte, so you need to divide by 4 to convert a ToS value to a DSCP value.)

New Member

Re: Applying QoS based on ToS on a switchport

From what I'm seeing, there's no DSCP value of 0x02 (2) to match against. What am I missing?

Super Bronze

Re: Applying QoS based on ToS on a switchport

You'll have to further explain what you're "seeing". DSCP values, being six bits, can be between 0..63 (decimal), although less than half are used when using CS(0..7)/AF(1..3)(1..3))/EF tags. Depending on the device, some old platforms don't recognize DSCP at all but may recognize the lower bits by "name" of their prior ToS functions DTR (delay/throughput/reliability).

New Member

Re: Applying QoS based on ToS on a switchport

Well, the device in question (Engage IPTube) applies ToS value 0x08 to packets. I'm trying to configure a class-map to match that traffic so I can do stuff with it in a policy-map.

Looking at the IP Tube manual for QoS configuration, it simply says: "The TUBE TOS command is used to set the Type of Service byte in the IP packets encapsulated in T1/E1 frames. The setting of the TOS byte can be used to ensure that the real time TDM data from the IP Tube is ensured high priority. The Quality of Service support is required within each router or switch within the interconnect between the IP Tubes. A TOS setting of 0x08 "maximizes throughput".

Please correct me if I'm way off base with my bin/hex conversion and how that relates to various ToS/DSCP values -

So if it sets ToS and doesn't make any use of DSCP natively, then I can figure it's looking through the entire ToS field; all 8 bits of it. Unless I'm mistaken, a ToS value 0x08 in an 8 bit field converts to 00001000. Looking through RFC795, that seems translates to the following: Routine Precedence (000), Normal Delay (0), High Throughput (1), Normal Reliability (0), Reserved (00).

In Cisco land, I can't find the proper knobs in the class-map configuration to match that bit four. I tried match ip dscp 2, as that's what 0x08 converts to in DSCP value but that didn't match anything, and the interface is doing a ton of traffic right now - all voice.

2970#sh policy-map int g0/16

GigabitEthernet0/16

Service-policy input: IPTube

Class-map: IPTube (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: ip dscp 2

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

2970#sh int g0/16

GigabitEthernet0/16 is up, line protocol is up (connected)

Hardware is Gigabit Ethernet, address is 0017.5a76.ca10 (bia 0017.5a76.ca10)

Description: Engage IPTube

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 4/255, rxload 4/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX

input flow-control is off, output flow-control is unsupported

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:01, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 1669000 bits/sec, 335 packets/sec

5 minute output rate 1670000 bits/sec, 336 packets/sec

946229337 packets input, 310385943 bytes, 0 no buffer

Received 568480 broadcasts (0 multicast)

0 runts, 0 giants, 0 throttles

245 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast, 0 pause input

0 input packets with dribble condition detected

2970#

Re: Applying QoS based on ToS on a switchport

You can configure the class-map to use tos with the keyword ip-precendence.

This can be mapped to a cos value wich in turn can be converted into dscp on any other port.

regards

Leo

New Member

Re: Applying QoS based on ToS on a switchport

How?

2970(config-cmap)#match ip precedence ?

<0-7> Enter up to 4 precedence values separated by white-spaces

critical Match packets with critical precedence (5)

flash Match packets with flash precedence (3)

flash-override Match packets with flash override precedence (4)

immediate Match packets with immediate precedence (2)

internet Match packets with internetwork control precedence (6)

network Match packets with network control precedence (7)

priority Match packets with priority precedence (1)

routine Match packets with routine precedence (0)

2970(config-cmap)#

This seems to match only 3 bits (0-2) in the precedence portion of the ToS octet. I need to match on bit 4.

Please clarify for me.

Super Bronze

Re: Applying QoS based on ToS on a switchport

I think we're in agreement on your analysis of the ToS byte.

In principle, your class-map and policy-map appear reasonable, although not only are there no matches against "IP Tube", but there appear to be none against class-default. So, there's a good chance we're missing a config statement.

Unable to find documentation for the 2970, but from release notes, appears similar to 3560/3750.

Without 2970 documetation, unsure whether any of these are needed, but do you have QoS enabled (mls qos); and/or within the policy class, not the class map, do you trust dscp (mls qos trust dscp); and/or trust dscp on the interface (mls qos trust dscp); and/or enabled dscp Transparency Mode (no mls qos rewrite ip dscp)?

New Member

Re: Applying QoS based on ToS on a switchport

Good point that we're not matching against anything, even class-default.

mls qos is enabled, but I've configured nothing else, with the exception of the policy-map, class-map and service-policy on the interface:

!

mls qos

!

class-map match-any IPTube

match ip dscp 2

!

policy-map IPTube

class IPTube

!

interface GigabitEthernet0/16

description IPTUBE01

switchport access vlan 31

service-policy input IPTube

!

Keep in mind that it's not my intention to *do* anything with what's matched - yet. Like I said in my first post, I want to just start with classifying the traffic. I'll mark with set statements in the policy-map once I can verify that I'm matching what I want to match.

Super Bronze

Re: Applying QoS based on ToS on a switchport

Understood about you just wanting to match. You might need one of options (noted in my prior post) allowing dscp trust or insuring the dscp value isn't reset upon receipt.

New Member

Re: Applying QoS based on ToS on a switchport

I've been looking over all those options. Based on how I'm interpreting the configuration guide (http://www.cisco.com/en/US/docs/switches/lan/catalyst2970/software/release/12.2_25_se/configuration/guide/swqos.html#wp1022237) , I'm not sure they are what I need.

mls qos trust dscp would be used on a routed port or an SVI. This is a switchport.

no mls qos rewrite ip dscp is about rewriting a DSCP value, and I'm still at the point of trying to match an incoming DSCP value.

trust dscp from within the policy-map didn't seem to make any difference.

The switch certainly sees DSCP on the port though.

show mls qos int g0/16 shows the counters incrementing for the bits I expect them to increment on:

2970#show mls qos interface g0/16 statistics

GigabitEthernet0/16

dscp: incoming

-------------------------------

0 - 4 : 0 0 5854 0 0

...

dscp: outgoing

-------------------------------

0 - 4 : 5862 0 0 0 0

Super Bronze

Re: Applying QoS based on ToS on a switchport

Ah, great, a reference to the correct documentation!

It's information like "When QoS is enabled with the mls qos global configuration command and all other QoS settings are at their defaults, traffic is classified as best effort (the DSCP and CoS value is set to 0) without any policing. No policy maps are configured. The default port trust state on all ports is untrusted." within your reference that concerns me.

Information like the foregoing is also why I noted the "no mls qos rewrite ip dscp" since the reference document has:

"In software releases earlier than Cisco IOS Release 12.2(25)SE, if QoS is disabled, the DSCP value of the incoming IP packet is not modified. If QoS is enabled and you configure the interface to trust DSCP, the switch does not modify the DSCP value. If you configure the interface to trust CoS, the switch modifies the DSCP value according to the CoS-to-DSCP map.

In Cisco IOS Release 12.2(25)SE or later, the switch supports the DSCP transparency feature. It affects only the DSCP field of a packet at the egress. By default, DSCP transparency is disabled. The switch modifies the DSCP field in an incoming packet, and the DSCP field in the outgoing packet is based on the quality of service (QoS) configuration, including the port trust setting, policing and marking, and the DSCP-to-DSCP mutation map.

If DSCP transparency is enabled by using the no mls qos rewrite ip dscp command, the switch does not modify the DSCP field in the incoming packet, and the DSCP field in the outgoing packet is the same as that in the incoming packet."

The way I read the above, the switch does see the incoming ToS value, but it might reset it before your policy "sees" the DSCP value. If this is happening, we need the switch to preserve the DSCP value so you can classify using it.

With regard to "routed ports" and "mls qos trust dscp", does the 2970 support routing? I didn't think it did. So, it's unclear whether this information only applies to routed ports or any physical switchport.

Lastly, note the stats do indeed show bit 2 incrementing on input, but zero incrementing on output. This would seem to indicate the switch is reseting the ToS byte.

New Member

Re: Applying QoS based on ToS on a switchport

Ok, so what you are saying makes sense now that I understand things a bit more. Those points in the configuration guide were lost on me the first couple of times I read through them.

I enabled DSCP transparency, and now I see the outbound DSCP value 2 counter incrementing:

2970#show mls qos int g0/16 statistics

GigabitEthernet0/16

dscp: incoming

-------------------------------

0 - 4 : 0 0 785099 0 0

...

dscp: outgoing

-------------------------------

0 - 4 : 1018 0 785099 0 0

That said, I still don't see my policy-map counters incrementing:

2970#show policy-map interface G0/16

GigabitEthernet0/16

Service-policy input: IPTube

Class-map: IPTube2 (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps

Match: ip dscp 2

Class-map: class-default (match-any)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any

0 packets, 0 bytes

5 minute rate 0 bps

2970#

If I configure mls qos trust dscp on the port (routed or not) it disables the service-policy, which isn't the desired behavior.

Super Bronze

Re: Applying QoS based on ToS on a switchport

Don't know about the 2970, but I recall on the 3560/3750, they don't show policy-map stats correctly (the packet counters), as the routers do. Believe you need to use the mls stats command (as you've done). In other words, things might be working correctly now, as the latest mls stats command appears to confirm. What you might now try, setting the inbound DSCP values to a different DSCP values and see if the mls stats reflects the change. I.e. DSCP 2 to DSCP EF.

New Member

Re: Applying QoS based on ToS on a switchport

The mls qos stats are not reflecting the change made to the policy map. I even set mls qos rewrite ip dscp to turn of transparency, but all that did was reset the outgoing DSCP value to 0, so I enabled transparency again:

!

no mls qos rewrite ip dscp

mls qos

!

class-map match-any IPTube

match ip dscp 2

!

!

policy-map IPTube

class IPTube

set dscp 1

!

interface GigabitEthernet0/16

description IPTUBE01

switchport access vlan 31

service-policy input IPTube

!

2970#show mls qos interface g0/16 statistics

GigabitEthernet0/16

dscp: incoming

-------------------------------

0 - 4 : 0 0 12399 0 0

...

dscp: outgoing

-------------------------------

0 - 4 : 14 0 12398 0 0

Not sure what the 14 outbound packets with DSCP 0 are all about. Maybe that's a counter issue.

New Member

Re: Applying QoS based on ToS on a switchport

Any ideas on this?

Again, I have a device that marks packets with ToS 0x08 (or DSCP 0x02). I'm trying to take dscp 2 and rewrite it to dscp 46 without much success. The only thing I can think of is the mls qos rewrite, but enabling that sets outbound DSCP to 0x00, which is not the desired effect either.

!

no mls qos rewrite ip dscp

mls qos

!

class-map match-any IPTube

match ip dscp 2

!

policy-map IPTube

class IPTube

set dscp ef

!

interface GigabitEthernet0/16

description IPTUBE01

switchport access vlan 31

service-policy input IPTube

!

2970#show mls qos interface g0/16 statistics | i 45 - 49 | 0 - 4 | dscp

dscp: incoming

0 - 4 : 0 0 172174 0 0

45 - 49 : 0 0 0 0 0

dscp: outgoing

0 - 4 : 271 0 172131 0 0

45 - 49 : 0 0 0 0 0

!

mls qos rewrite ip dscp

!

2970#show mls qos int g0/16 statistics | i 0 - 4 | 45 - 49 | dscp

dscp: incoming

0 - 4 : 0 0 7017 0 0

45 - 49 : 0 0 0 0 0

dscp: outgoing

0 - 4 : 7024 0 0 0 0

45 - 49 : 0 0 0 0 0

Super Bronze

Re: Applying QoS based on ToS on a switchport

What do the mls stats look like on the actual egress interface (not the ingress interface)?

New Member

Re: Applying QoS based on ToS on a switchport

G0/16 is the ingress, G0/12 is the egress.

This output is with rewrite disabled.

2970#show mls qos int g0/16 statistics | i 0 - 4 | 45 - 49 | dscp

dscp: incoming

0 - 4 : 0 0 6966 0 0

45 - 49 : 0 0 0 0 0

dscp: outgoing

0 - 4 : 9 0 6966 0 0

45 - 49 : 0 0 0 0 0

0 - 4 : 6966 0 0 0 0

0 - 4 : 6974 0 0 0 0

2970#show mls qos int g0/12 statistics | i 0 - 4 | 45 - 49 | dscp

dscp: incoming

0 - 4 : 956 0 6969 0 157

45 - 49 : 0 0 0 82 0

dscp: outgoing

0 - 4 : 1203 0 6969 0 4

45 - 49 : 0 0 0 90 0

0 - 4 : 8170 0 0 10 0

0 - 4 : 8218 0 0 0 0

This output is with rewrite enabled:

2970#show mls qos int g0/16 statistics | i 0 - 4 | 45 - 49 | dscp

dscp: incoming

0 - 4 : 0 0 10388 0 0

45 - 49 : 0 0 0 0 0

dscp: outgoing

0 - 4 : 10407 0 0 0 0

45 - 49 : 0 0 0 0 0

0 - 4 : 10389 0 0 0 0

0 - 4 : 10407 0 0 0 0

2970#show mls qos int g0/12 statistics | i 0 - 4 | 45 - 49 | dscp

dscp: incoming

0 - 4 : 1474 0 10391 0 54

45 - 49 : 0 0 0 30 0

dscp: outgoing

0 - 4 : 11887 0 0 0 0

45 - 49 : 0 0 0 30 0

0 - 4 : 11957 0 0 16 0

0 - 4 : 11928 0 0 0 0

This seems odd to me. How can the outgoing DSCP on both interfaces reset to 0 when rewrite is enabled, yet the incoming on both interfaces is still set to 2? i'd expect the incoming on G0/12 to be 0 if the outgoing on G0/16 is 0.

Super Bronze

Re: Applying QoS based on ToS on a switchport

Assuming the switch software is working correctly (Cisco's often does), I suspect we're just missing something simple, but not, at least to me, obvious. I suspect we're missing a statement or have an incorrect statmement either within the policy or external to the policy.

Not sure I can offer much more help.

Some other ideas, see the section "Configuring the DSCP Trust State on a Port Bordering Another QoS Domain" in your referenced document to try DSCP mutation mapping instead of class-maps and policy-maps.

Leave on the default gobal DSCP rewrite, and try a mls qos trust DSCP statment within the ingress interface.

Repost to the forum (there are so many responses on this current post, others might not look at it.)

If you have a support contract, open up a TAC case.

Sorry I haven't help you find the solution, beyond perhaps looking for DSCP value 2.

New Member

Re: Applying QoS based on ToS on a switchport

Hi Joseph,

I tried the dscp mutation map and got pretty much the same results. Thanks for the tips.

591
Views
3
Helpful
24
Replies
CreatePlease to create content