09-09-2013 03:01 AM - edited 03-07-2019 03:21 PM
Hi,
I have a 6513 with a Layer 2 Port channel trunk (802.1q) configured that allows multiple vlans to pass over it. Traffic received from one specific Vlan on the Port channel trunk is classified with a class-map and its DSCP value set according to a policy-map instigated by a service-policy on the said VLAN interface. The Port Channel trunk is configured with “mls qos vlan-based” to apply the policy from the vlan interface to traffic tagged in that vlan.
My question is, what happens to other VLAN traffic received on the same Port Channel trunk when there is no policy configured on their respective VLAN interfaces?
Are their DSCP/CoS values left unaltered?
OR
because no policy-map is provided for their respective VLAN interfaces, do their DSCP/ CoS values get reset to default 00 and 0 respectively?
Would really appreciate any help anyone may have on this!
Many thanks
Richard
09-09-2013 10:32 AM
Hi,
pls confirm port-channel physical interface on same switch module or not
Br/subhojit
09-09-2013 01:36 PM
Hello Richard,
CoS/ToS/DSCP is marked to default '0' in case you do not configure marking for VLANs on the same trunk with vlan-based qos.
--
Best regards,
Dmitry Skotnikov
09-10-2013 03:30 AM
Hi Dmitry,
Thanks for coming back to me.
However this not good news!
So just to make sure I understand what you're saying, traffic arriving with different Vlan-ID's at the Port-channel trunk will have its CoS/ToS/DSCP values remarked to default 0, unless its respective Vlan has a Vlan interface with a service policy configured that classifies and remarks it according to defined class and policy maps.
The problem I have here, is that the Port-chjannel trunk services about 30 Vlans to which some of them don't have locally configured vlan interfaces associated with them - the switch just acts as a transit and their respective Vlan interfaces reside on another switch elswhere.
Also, for those Vlans serviced by the Port-channel that do have locally configured Vlan interfaces, it would therefore be cumbersome (to say the least!) to implement them with service policies of their own.
Are you absolutly sure this is how this works, as I will have to rethink how I'm going to classify and remark traffic for the Vlan I have in mind?
Kind regards
Richard
PS. The port-channel physical interfaces span different modules on the switch.
09-10-2013 03:37 AM
Hi Dmitry,
Sorry if you've already received this, but wasn't sure if I sent it correctly!
Thanks for coming back to me.
However this not good news!
So just to make sure I understand what you're saying, traffic arriving with different Vlan-ID's at the Port-channel trunk will have its CoS/ToS/DSCP values remarked to default 0, unless its respective Vlan has a Vlan interface with a service policy configured that classifies and remarks it according to defined class and policy maps.
The problem I have here, is that the Port-chjannel trunk services about 30 Vlans to which some of them don't have locally configured vlan interfaces associated with them - the switch just acts as a transit and their respective Vlan interfaces reside on another switch elswhere.
Also, for those Vlans serviced by the Port-channel that do have locally configured Vlan interfaces, it would therefore be cumbersome (to say the least!) to implement them with service policies of their own.
Are you absolutly sure this is how this works, as I will have to rethink how I'm going to classify and remark traffic for the Vlan I have in mind?
Kind regards
Richard
PS. The port-channel physical interfaces span different modules on the switch.
09-10-2013 05:55 AM
Hello Richard,
In case you don't utilize "trust" concept for the mentioned trunk interface, as soon as you enabled mls qos globally all traffic are marked down to default.
I have verified the behavior and it matches my previous statement, just in case i am referring to PFC3/DFC3 qos logic.
Thank you
--
Best regards,
Dmitry Skotnikov
09-10-2013 06:59 AM
Hi Dmitry,
I understand the port trust concept as packets ingress but didn't know how this relates when the port is also configured for vlan based qos.
So, are you saying that if I configure the Port-channel to trust dscp, it will leave DSCP values of arriving packets unaltered from those vlans that don't have a service-policy assigned to their vlan interface, and for those vlans that do have a service policy assigned to their vlan interface, the DSCP values can be remarked by an associated poliy-map?
I'll try to explain a bit more clearly what I want to do:
Say Port-channel trunk allows vlans 10,20,30,40 50 and 60.
A.) For ingress packets on the Port-channel assigned to vlan 20, I want to classify those that match a specific source IP address and remark their DSCP value using a service-policy assigned to the locally configured interface Vlan20.
B.) For all other vlan packets arriving on the same Port-channel, I want to trust their DSCP values and leave them unaltered without having to configure a service-policy to acheive that.
I understand to enable A.) the Port-channel must be configured with 'mls qos vlan-based' in order to apply the service-policy on the interface vlan20.
What I think you are saying is:
To acheive both A.) and B.) together, I also need to configure the Port-channel with 'mls qos trust dscp'
Could you please confirm if this is what you mean?
Many thanks
Richard
.
09-10-2013 07:27 AM
Hello Richard,
You can't use vlan-based and trust concept on the same interface simultaneously, because in this case "trust dscp" will supersedes the vlan-based behavior.
In order to mark down a custom VID and retain marking for all others VIDs there is only a single way to do so.For all VLAN IDs you want to retain DSCP marking you need to apply a policy-map with the following configuration:
policy-map PM-TRUST-DSCP
class class-default
trust dscp
!
!
interface Vlan
service-policy input PM-TRUST-DSCP
!
...
interface Vlan
service-policy input PM-TRUST-DSCP
!
--
Best regards,
Dmitry Skotnikov
09-10-2013 07:57 AM
Hi Dmitry,
Thanks agian for coming back to me - I get it now !
So finally just to complete the picture, packets arriving on the Port-channel trunk (configured with 'mls qos vlan-based') belonging to Vlans that either:
A.) don't have a Vlan interface locally configured on the switch
or
B.) do have a Vlan interface locally configured on the switch BUT don't implement an ingress service-policy
will have their DSCP values remarked to default 0.
Sorry to be a pain, but if you could just confirm what I've said above is correct, then I promise I'll leave alone!!!
Your input has been very much appreciated.
Many thanks
Richard.
09-10-2013 08:03 AM
Hello Richard,
Don't worry I am glad to help you
The answer to you questions is yes, DSCP will be remarked to default 0.
Don't hesistate to ask anything else and have a nice day
--
Best regards,
Dmitry Skotnikov
09-10-2013 08:08 AM
Thanks Dmitry - your help has been invaluable!
Many kind regards
Richard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide