Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Police and Priority with bandwidth/percent are not allowed in the same class

Hi Team,

 

I am replacing a 7204VXR Router with an ASR1002-X Router running IOS-XE 3.7.5S

 

When it comes to configure QoS for a traffic class, I am getting the below error when configuring the priority and police commands:

"Police and Priority with bandwidth/percent are not allowed in the same class"

 

This is what I'd like to implement:

policy-map EMEA_Outbound

class Out_Shaper_Traffic_A
  priority 4608
    police 4608000 conform-action transmit  exceed-action set-dscp-transmit af41 violate-action set-dscp-transmit af41

 

The intent is to reserve 4608 for Traffic_A and to re-mark it as AF41 when it exceeds the limit, that is to ensure that our provider does not drop it when we fill their QoS class, thus I want to remark it to another class.

 

However the Router IOS does not seem to support both commands any longer.

Any hints on how we could solve or bypass this?

 

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

Hello, Ruggero.Just use

Hello, Ruggero.

Just use priority statement without any numeric value and keep your policer.

 

PS: before changing the policy, I would detach it from interface!

Two more comments:I would

Two more comments:

I would rewrite the statement

class Out_Shaper_Heartbeat
  set dscp ef

  priority
  police rate 1024000
   conform-action transmit

as

class Out_Shaper_Heartbeat

 priority level 1

  police rate 1024000
   conform-action set-dscp-transmit ef

At the same time you need to understand, that even though you remark traffic to af41, it stays in priority queue, so it might impact the link if too much traffic matches the class! It's recommended to have drop action!

In this case I would tweak bc/be and configure violate action as drop.

22 REPLIES

Hello, Ruggero.Just use

Hello, Ruggero.

Just use priority statement without any numeric value and keep your policer.

 

PS: before changing the policy, I would detach it from interface!

Hi Vasilii,That's absolutely

Hi Vasilii,

That's absolutely correct, it worked sweet and I just faced a second issue with QoS moving from the 7204VXR platform to ASR1002-X IOS-XE.

I have a policy that needs to use the priority command on two different classes inside the same polic-map and the IOS-XE does no longer allow to use two priority commands within the same policy-map.

Would you have any workaround for that too?

Here is what I need to accomplish:

policy-map EMEA_Outbound

 description Nike Voice and Data Policy for EMEA.
 class Out_Shaper_internet
  bandwidth remaining percent 10
 class Out_Shaper_intranet
  bandwidth remaining percent 15
class Out_Shaper_ms-shares
  bandwidth remaining percent 8
  shape average percent 50
 class Out_Shaper_ftp
  bandwidth remaining percent 3
 class Out_Shaper_smtp
  bandwidth remaining percent 10
 class Out_Shaper_citrix
  bandwidth remaining percent 2
 class Out_Shaper_blackberry
  bandwidth remaining percent 4
 class Out_Shaper_RTP-Voice
  priority
  police rate 3890000
   conform-action transmit
   exceed-action set-dscp-transmit af41
   violate-action set-dscp-transmit af41
  set dscp ef
 class Out_Shaper_Heartbeat
  set dscp ef

  priority
  police rate 1024000
   conform-action transmit
   exceed-action set-dscp-transmit af41
  violate-action set-dscp-transmit af41
 class Out_Shaper_Video
  bandwidth remaining percent 8
 class class-default
  fair-queue
  random-detect
  set dscp default

 

As soon as I try to apply the second priority to the class, it states that two priorities are not allowed within the same policy-map.

I had this running for years and all of a sudden we can't implement it anymore, that's a bummer.

Hello.In this case you can

Hello.

In this case you can use "priority level 1" and "priority level 2" (you can't have multiple classes with equal level under single policy).

PS: level 1 has higher priority then level 2.

Hey Vasilii,Since you are a

Hey Vasilii,

Since you are a Guru here :) maybe you can clarify a doubt too on QoS:

On the 7204VXR I used to have a global nested policy-map with shape-average and bandwidth commands applied:

policy-map EMEA_MPLS_Outbound_Shaper
 description EMEA Policy for MPLS QoS outbound
 class Site1  shape average 10000000
  bandwidth 10000
  service-policy EMEA_Outbound_Site1

 class Site2

  shape average 1984000
  bandwidth 1984
  service-policy EMEA_Outbound_Site2

 class Site3

  shape average 4096000
  bandwidth 4096
  service-policy EMEA_Outbound_Site3

The policy-map is applied to a 100Mb interface on an hub site that serves different spoke sites, thus the need to have a QoS class different for each site.

Shape-average was used to limit the traffic to the remote site to not exceed more than the remote site BW

Bandwidth statement was to allow the child service-policy to have a BW in reference when using the "bandwidth remaining percent X" command.

So for example if "service-policy EMEA_Outbound_Site1" has different classes like HTTP bandwidth remainin percent 10, ms-share 5% etc etc the bandwidth statement was allowing the Router to calculate how much 10% it needed to take for HTTP traffic.

For example on Site1 I use bandwidth 10000 which is 10Mb and the child policy "service-policy EMEA_Outbound_Site1" was able to calculate bandwidth remaining percent for the HTTP class at 10% of 10Mb.

However now that I upgraded to ASR1002-X the Router does not allow to apply the child policy-maps if I use the bandwidth command:

Here is an example of what happens:

Router(config)#policy-map EMEA_MPLS_Outbound_Shaper
Router(config-pmap)# class Site1
Router(config-pmap-c)#  shape average 10000000
Router(config-pmap-c)#  bandwidth 10000
Router(config-pmap-c)#  service-policy EMEA_Outbound_Site1
Policy EMEA_Outbound_Site1 attached to class with bandwidth kbps or perc configured is not supported
% service-policy EMEA_Outbound_Site1 of type default is not allowed in policy-map EMEA_MPLS_Outbound_Shaper of type default
Router(config-pmap-c)#
 

I wonder if I remove the Bandwidth command out of each class, how will the router know that I need to reserve 10% of 10Mb for the HTTP traffic on Site1 if it does not know the Bandwidth of Site1? Is it now going to refer to the Internface BW 100Mb in which I apply the global-pmap?

That would be a bummer because it would screw up the purpose of running nested QoS policies and it would end up reserving 10% of 100Mb for HTTP traffic on Site1 which has a shape-average max pipe of 10Mb.

This is how the child service-policy looks like in case you wonder:

policy-map EMEA_Outbound_Site1
 description Nike Voice and Data Policy for EMEA.
 class Out_Shaper_internet
  bandwidth remaining percent 10
 class Out_Shaper_Riverbed
  bandwidth remaining percent 1
 class Out_Shaper_intranet
  bandwidth remaining percent 15
 class Out_Shaper_ms-shares
  bandwidth remaining percent 8
  shape average percent 50
 class Out_Shaper_ftp
  bandwidth remaining percent 3
 class Out_Shaper_smtp
  bandwidth remaining percent 10
 class Out_Shaper_citrix
  bandwidth remaining percent 2
 class Out_Shaper_blackberry
  bandwidth remaining percent 4
 class Out_Shaper_RTP-Voice
  priority 128
 class class-default
  fair-queue
  random-detect
  set dscp default
 

 

 

Hello, Ruggero.I'm not sure

Hello, Ruggero.

I'm not sure about ASR behavior in this case, but I think you may remove bandwidth from classes SiteX, as shaper's CIR would make child policies aware of available bandwidth. To check the values try "sh policy-map int ... out".

At the same time if you have no bandwidth assigned to classes SiteX, I'm not sure how scheduling will work.

PS: I'll try to review ASR's QoS model.

I've tried sh policy-map int

I've tried sh policy-map int before, in some IOSs it used to reveal how much Bandwidth remaining percent it is able to calculate for each class in KBPS, however in the IOS-XE it just shows that I've applied the commands bandwidth remaining percent without showing how much BW is being calculated. I've currently shut the router down as they make too much noise in the lab. I'll turn them up later in the afternoon and paste the show policy-map output.

Hello, Ruggero.Could you

Hello, Ruggero.

Could you please hint me where have learnt about this nested-policy design? I'm not familiar with it and I couldn't find it in any design guides.

PS: ASR 1000 design might be found at http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Video/qoswanaggasraag.html (take a look at QoS design 4.0)

Hi Vasilii,I've created this

Hi Vasilii,

I've created this design by myself 4 years ago, I haven't looked at anywhere on the Internet, I just based it on the commands I had available at that time using a Hierarchical Nested policies, and it worked good until I migrated to the new IOS-XE.

Hello, Ruggero.I saw similar

Hello, Ruggero.

I saw similar design a couple of times; but the only business reason I could imagine is poor QoS model on ISP side.

I'm looking for design guide[s], that could shed the light on the underlying requirements.

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I thought starting with HQF, child policies would pick up the bandwidth of the parent's (class) shaper.

Have you tried the policy w/o the parent class bandwidth statements?

PS:

Having a parent class per remote, makes sense, but each remote has its own (different?) child policy?

BTW, I wouldn't recommend using both FQ and WRED in class-default.  (Actually I usually recommend against using WRED if FQ is available.  Also if FQ is supported in non-default classes, I often recommend using it there too.)

Lastly, FQ in class-default might negate the need for many or even all your non-LLQ classes.  Or, you might find a tiered set of classes, each with FQ, works well.

e.g.

policy-map Tiered

class LLQ

priority percent 33

class foreground

bandwidth remaining percent 81

fair-queue

class background

bandwidth remaining percent 1

fair-queue

class class-default

bandwidth remaining percent 9

 

In the above Tiered you allow most traffic to just go to class-default and allow FQ to deal with it.  If you have some traffic that really needs extra priority, perhaps such as your Citrix (although I would exclude Citrix printing and disk-to-disk copying) might be directed to foreground class.  Known bandwidth consumers, such as FTP, might be directed to background class.

Apart from the FQ subject,

Apart from the FQ subject, you mean that in my policy the child policy should be able to calculate the BW via the shape average command that is setup in the parent? If that's the case then I am good and I should not do anything else to correct the configuration.

Super Bronze

DisclaimerThe Author of this

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

from: http://www.cisco.com/c/en/us/td/docs/ios/qos/configuration/guide/convert/qos_hrhqf/qos_frhqf_support.pdf

 

Nested Policy and Reference Bandwidth for Child-Policy
In HQF when you configure a nested policy with a child queueing policy under a parent shaping class, the reference bandwidth for the child queueing policy is taken from the following: minimum (parent shaper rate, parent class's implicit/explicit bandwidth guarantee).
 
I think the above means child will use either the parent's shaper rate or class bandwidth.

Right, that's what I expect

Right, that's what I expect it to happen, in such case I should be safe to keep the shape-average on the parent and let the child use it to calculate the % bandwidth of the individial classes. I'll run some traffic over the router next week and see how it behaves. Tks.

Two more comments:I would

Two more comments:

I would rewrite the statement

class Out_Shaper_Heartbeat
  set dscp ef

  priority
  police rate 1024000
   conform-action transmit

as

class Out_Shaper_Heartbeat

 priority level 1

  police rate 1024000
   conform-action set-dscp-transmit ef

At the same time you need to understand, that even though you remark traffic to af41, it stays in priority queue, so it might impact the link if too much traffic matches the class! It's recommended to have drop action!

In this case I would tweak bc/be and configure violate action as drop.

Great, that works! Excellent

Great, that works! Excellent job.

I have reseved an EF queue of 5Mb, so if Voice exceeds 3890 it remarks to AF41 and if Heartbeat exceeds 1Mb it is remarked to AF41 that is to prevent the provider to drop that traffic at 5Mb.

Do you mean that even when they violate and get remarked to AF41 they keep the priority in AF41?

That would not be an issue as I have a 10Mb total line that can take care of AF41 priorities anyway.

Thanks for the help

Hello, Ruggero.I meant that

Hello, Ruggero.

I meant that if you EF traffic tried to allocate 100M, it would even though you remark a lot of it into AF41. As far as you run this as priority queue this (flood) might kill your link.

In this case you either need to review your QoS policy or apply inbound policer on LAN interface remarking exceeded traffic.

I also would note, that is you remark voice traffic from EF to AF41, this might cause your ISP to place the traffic in different queues (traffic paths)... as are result you will observe too high jitter and packet reordering (that is fatal for voice).

 

Right, that's not really

Right, that's not really Voice traffic, they are Heartbeat packets between Voice servers that if they drop they cause the Voice systems to go down, they are not sensitive to jitter and latency like the RTP Voice protocol

Hello, Ruggero.Anyway I would

Hello, Ruggero.

Anyway I would say it's a risk to run priority queue without upper limit.

I could imagine a couple of scenarios when it could kill your WAN; like: L2 temporal loop or flood of EF traffic, some "smart" user marking traffic with EF; crazy IPT system.

PS: once I saw application server sending about 15M of ICMP just as echo-requests (I guess that was misconfiguration).

In my case I am putting under

In my case I am putting under priority the packets that have been matched by the Heartbeat and Voice class and they match the physical IPs and ports of the real Voice systems and then just marking them out as EF. So if there is a user running ICMP over EF or HTTP over EF it won't be matched by the Priority class that I defined and it will be dropped on the EF class by the ISP.

And I am also running NetFlow to constantly monitor the classes in case something weird occurs, I am ready to stop it.

But apart from that, there is already an ISP imposed limit on the EF class so there is no chance that it can take more than it is allocated on the ISP side.

If I have a 10Mb line, and I purchase a 4Mb EF queue, they will not allow EF to go over the 4Mb, no matter what I do on the CPE.

New Member

Hey Rug, How's it going? It's

Hey Rug,

 

How's it going? It's Phil from UN. Funny, we've run into same issue here, when moving from 7206vxr to asr 1006.

 

Any chance you could take a look please at our config? Roberto will buy you 1/many tequila's I am sure :)

 

Cheers

Phil

Hi Phil,I am doing great, yep

Hi Phil,

I am doing great, yep that's is really funny indeed.

I was able to solve the issue, if you send me your portion of QoS configuration at ruggero.delcuratolo@nike.com or ruggero.delcuratolo@xerox.com I'll be glad to help you out.

But don't forget that you promised many tequilas :)

Cheers

Rug

New Member

Hey Rug, Long time, gathered

Hey Rug, Long time, gathered dust. In the end my question was quite different to your problem. We managed to get it sorted. The limitation was can only do shaping in a parent policy in class-default. as a result, I had to subnet and use dot1q interfaces for each wan link. Actually, we found a neat way using per-tunnel qos feature (the wan is dmvpn) for the child classes, with default/shape on the physical. 

 

Id din't try yet with the priority 1 and priority 2 queues.

Besides, looks like you don't need my tequila, Ibiza! I'm in the wrong job ;) ciao!

3844
Views
30
Helpful
22
Replies
CreatePlease login to create content