Nexus 3048 QoS policing?

martynworthington · ‎05-30-2012

Hi,

Just wondering if anyone may know a way of policing traffic on the Nexus 3k platform? I can't find a reference to say policing/shaping is supported...

Thanks

Sent from Cisco Technical Support iPhone App

nkarpysh · ‎05-30-2012

Hello,

Afaik no. Nexus 3k is considered as Low Latency Queueing switch and shaping and policing triggers the queueing (if we talk about egress one) which does not fit in low latency theory as per developers.

The way to configure QoS is to split traffic into queues and limit bandwidth for those.

E.G.

N3k-1(config)# class-map type qos QUE_class

N3k-1(config-cmap-qos)# match cos 0-7

2) Create a queuing policy-map:

N3k-1(config-cmap-qos)# policy-map type queuing QUE_policy

3) Assign a class to this policy map:

N3k-1(config-pmap-que)# class type queuing QUE_class

4) Set bandwidth percentage to 5%, which would be 50Mb on a 1G
interface

N3k-1(config-pmap-c-que)# bandwidth percent 5

5) Set the bandwidth on the class-default to 0%:

N3k-1(config-pmap-que)# class type queuing class-default

N3k-1(config-pmap-c-que)# bandwidth percent 0

6) Apply this policy-map to an interface:

N3k-1(config)# int e1/1

N3k-1(config-if)# service-policy type queuing output QUE_policy

N3k-1(config-if)# service-policy input QUE_policy

Here is what your interface should look like:

N3k-1# show policy-map int e1/1 in

Global statistics status : disabled

Ethernet1/1

Service-policy (qos) input: QUE_policy

policy statistics status: disabled

Class-map (qos): QUE_class (match-all)

Match: cos 0-7

Class-map (qos): class-default (match-any)

Match: any

set qos-group 0

N3k-1# show policy-map int e1/1 out

Global statistics status : disabled

Ethernet1/1

Service-policy (queuing) output: QUE_policy

policy statistics status: disabled

Class-map (queuing): QUE_class (match-any)

bandwidth percent 5

Class-map (queuing): class-default (match-any)

Match: qos-group 0

bandwidth percent 0

Nik

HTH,
Niko

martynworthington · ‎05-30-2012

Awesome Nik, thanks for the tip. I'll check that out and see how it goes.

nkarpysh · ‎05-30-2012

Hope it will help!

Nik

HTH,
Niko

martynworthington · ‎05-30-2012

Hi Nik,

What do you think of the config below? Do you think this would work for limiting the traffic to/from a specific network? (It's just an example.)

ip access-list My_ACL

10 permit ip 192.168.1.0/24 any

20 permit ip any 192.168.1.0/24

class-map type qos match-all My_ACL_QoS_Class

match access-group name My_ACL

policy-map type qos QoS_Classify_Policy

class My_ACL_QoS_Class

set qos-group 1

class-map type queueing My_Q_QoS_Class

match qos-group 1

policy-map type queueing My_Q_QoS_Policy

class type queueing My_Q_QoS_Class

bandwidth percent 10

class type network-qos class-default

bandwidth percent 10

int eth1/1

service-policy type queuing output My_Q_QoS_Policy

service-policy input My_Q_QoS_Policy

nkarpysh · ‎05-30-2012

That should work. Though policy QoS_Classify_Policy should be applied to interface to do inital marking or you just avoid using it and match ACL in class My_Q_QoS_Class instead of qos-group.

Nik

HTH,
Niko