Archive for the ‘6500’ Category

QOS Aggregate policer

Posted: June 22, 2006 by sankar in 6500, QOS

************* IGNORE THIS POST..this is still a big confusion****************** 

When applying a qos aggregate policer to traffic, you dont need to apply it on every line.

set qos acl ip TestACL dscp 26 tcp any eq 2000 any 

set qos acl ip TestACL dscp 26 aggregate Policer any

QoS templates for 3550

Posted: May 25, 2006 by sankar in 6500, Cisco General, QOS

1. mls qos
### enables qos globally#######

2. mls qos cos-map 0 8 16 26 34 46 48 56
### maps cos values to dscp values properly######

3. For IP phones ports, apply the following commands

int range fa 0/1 , fa 0/2
#### ip phone ports

flowcontrol receive off ***** important command********
flowcontrol send off *********important command*******

4. Mapping voice bearer traffic in priority queue

int fa0/1

wrr-queue cos-map 4 5
priority-queue out
### if asked to put Voice bearer in priority queue

5. Mapping voice signalling traffic in queue 3

wrr-queue cos-map 3 3

6. Port configuration

interface fa0/1

mls qos trust cos
#### trusts packet cos
mls qos trust device cisco-phone
#### trusts cos only if a phone is attached

switchport priority extend cos 0

### zeros out PC cos values.

7. If asked to modify bandwidth and buffer settings for each queue (only then do the following)

For fastE ports:

mls qos min-reserve 5 170
mls qos min-reserve 6 130
mls qos min-reserve 7 51
mls qos min-reserve 8 34
#### defines min-reserve levels (upto 8 levels may be defined, default buffer size is 100 for all levels)####

int range fa 0 /1, fa 0/2

wrr-queue bandwidth 20 20 60 1
### priority queue doesnt need wrr bandwidth allocation
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
### maps min-reserve levels to queues#####

For GigE ports:

int range gi 0/1 , gi 0/2
wrr-queue queue-limit 60 20 20 1
#### defines more buffer space for low priority queue ####
wrr-queue bandwidth 20 20 60 1

8. DSCP maps (optional)

For gig ports there is a dscp map that maps dscp values to thresholds.
Each queue has two thresholds, and by default all dscp values are mapped to threshold 1.
If asked to set voice traffic (may be video) to threshold 2, use command.

wrr-queue dscp-map 2 26 34 46 (this is higher threshold in the queue)

9. Tail Drop or WRED (optional)

For gig ports default drop mechanism is tail drop. Here is how you may modify these thresholds:

wrr-queue threshold 1 80 100
wrr-queue threshold 2 80 100
wrr-queue threshold 3 80 100

### no need to define drop thresholds for queue 4 if its priority queue

To enable WRED and specify thresholds, use following commands:

wrr-queue random-detect max-threshold 1 80 100
wrr-queue random-detect max-threshold 2 80 100
wrr-queue random-detect max-threshold 3 80 100

### WRED and tail drop are mutually exclusive

10. Classification using ACLs.

To classify based on subnet, define standard or extended acl's.

access-list 101 permit ip any any dscp 24

class-map test
match access-group 101

11 .Defining Policer and Remarking traffic
mls qos map policed-dscp-map 26 46 to 0
#### remarks voice control and bearer traffic to dscp 0. (Defined in policer)

mls qos aggregate-policer TestPolicer 256000 8000 exceed-action policed-dscp-transmit
#### defines an aggregate policer with a rate of 256kbps, burst of 8000 bits and remarks dscp for voice and bearer traffic based on above policed-dscp map
class-map match-all Voice
match ip dscp af31 ef

policy-map Voice
class Voice
trust dscp
police aggregate TestPolicer
#### applies aggregate policer to the class.
You cannot define same policer across multiple policy-maps.

int range fa 0/1 , fa0/2
service policy input Voice

Example configs:

1. To define a class-map that remarks traffic:
——————————————
class-map match-all VoiceControl
match ip dscp af31
class-map match-all VoiceBearer
match ip dscp ef

policy-map Voice
class VoiceControl
trust dscp
set ip dscp 40
class VoiceBearer
trust dscp
set ip dscp 24
int range fa 0/1 , fa0/2
service policy input Voice

2 . To perform per-vlan, per-port classification, marking, policing. (may be required on gateway ports which may be a trunk port)
—————————————————————
class-map match-all Voice
match ip dscp af31 ef

class-map match-all VoiceVLAN
match vlan 100 ————– defines which vlan you want to match
match class-map Voice ——- defines all traffic on voice vlan with dscp af31 or ef.
policy-map Voice
class VoiceVLAN
trust dscp
police aggregate TestPolicer

#### applies aggregate policer to vlan 100
You cannot define same policer across multiple policy-maps.

int range fa 0/3
Decription Gateway port
service policy input Voice

3. To perform individual policing on each class:
———————————————-

mls qos map policed-dscp-map 26 46 to 0

class-map match-all Voice
match ip dscp af31 ef

policy-map Voice
class Voice
trust dscp
police 256000 8000 exceed-action policed-dscp-transmit
####This is a individual policer

int range fa 0/1 , fa0/2
service policy input Voice

Sample QOS template for 6500

Posted: May 24, 2006 by sankar in 6500, QOS

set qos enable

set qos map 2q2t tx 2 1 cos 3 ### maps cos 3 packets to queue 2 threshold 1

set port qos 3/1-2 trust trust-cos

set port qos 3/1-2 trust-ext untrusted

### maps signalling to dscp24, rtp to dscp 46, video to dscp 34.
set qos cos-dscp-map 0 8 16 24 34 46 48 56


#Phones — acl defined at the phone port level to trust cos value coming from phones.
set qos acl ip Phones trust-cos ip any any

commit qos acl all

set qos acl map Phones 3/1-2

#CCM — ACL defined for applying qos to CCM port.
#Marks all control signals to dscp 24, rtp payload to dscp 46.


set qos acl ip CCM dscp 24 tcp any range 2000 2002 any
set qos acl ip CCM dscp 24 tcp any any eq 1718
set qos acl ip CCM dscp 24 tcp any any eq 1720
set qos acl ip CCM dscp 24 udp any eq 1719 any
set qos acl ip CCM dscp 46 udp any any range 16384 32767
set qos acl ip CCM dscp 24 tcp any any range 11000 11999
set qos acl ip CCM dscp 24 tcp any any range 1024 4999
set qos acl ip CCM dscp 24 tcp any any eq 1433
set qos acl ip CCM dscp 24 tcp any any eq 3372
set qos acl ip CCM dscp 24 udp any eq 69 any
set qos acl ip CCM dscp 24 tcp any any range 8002 8003
set qos acl ip CCM dscp 24 tcp any eq 2443 any
set qos acl ip CCM dscp 24 tcp any any eq 5060
set qos acl ip CCM dscp 24 udp any any eq 5060
set qos acl ip CCM dscp 24 tcp any any eq 4224
#To apply a policer to the Voice vlan and mark traffic down (both bearer and control)

#Pol

set qos policer aggregate Police rate 32000 burst 13000 policed-dscp
set qos acl ip Pol trust-dscp aggregate Police tcp any range 2000 2002 any
set qos acl ip Pol trust-dscp aggregate Police tcp any any eq 1718
set qos acl ip Pol trust-dscp aggregate Police tcp any any eq 1720
set qos acl ip Pol trust-dscp aggregate Police udp any eq 1719 any
set qos acl ip Pol trust-dscp aggregate Police udp any any range 16384 32767
set qos acl ip Pol trust-dscp aggregate Police tcp any any range 11000 11999
set qos acl ip Pol trust-dscp aggregate Police tcp any any range 1024 4999
set qos acl ip Pol trust-dscp aggregate Police tcp any any eq 1433
set qos acl ip Pol trust-dscp aggregate Police tcp any any eq 3372
set qos acl ip Pol trust-dscp aggregate Police udp any eq 69 any
set qos acl ip Pol trust-dscp aggregate Police tcp any any range 8002 8003
set qos acl ip Pol trust-dscp aggregate Police tcp any eq 2443 any
set qos acl ip Pol trust-dscp aggregate Police tcp any any eq 5060
set qos acl ip Pol trust-dscp aggregate Police udp any any eq 5060

set qos policed-dscp-map 24,46:0

#To mark Unity packets appropriately

#Unity
set qos acl ip Unity dscp 24 tcp any eq 2000 any
set qos acl ip Unity dscp 46 udp any any range 16384 32767

#To mark Gateway ports appropriately (H323)

#Gtway
set qos acl ip Gtway dscp 46 udp any any range 16384 32767
set qos acl ip Gtway dscp 24 tcp any any eq 1720
set qos acl ip Gtway dscp 24 tcp any any range 11000 11999
set qos acl ip Gtway dscp 24 tcp any any range 1024 4999

#To mark Gateway ports appropriately (MGCP)

set qos acl ip Gtway dscp 24 tcp any any eq 2428
set qos acl ip Gtway dscp 24 udp any any eq 2427
set qos acl ip Gtway dscp 46 udp any any range 16384 32767

#To mark Gatekeeper ports appropriately

set qos acl ip GK dscp 24 tcp any eq 1718 any
set qos acl ip GK dscp 24 udp any any eq 1719
set qos acl ip GK dscp 24 udp any eq 1719 any

Applying ACL at port or vlan level

commit qos acl all
set port qos 3/1-10 port-based

set qos acl map Phones 3/1-2 ### applying acl at port on phones

set qos acl map CCM 3/3-4 ### applying acl at port level on Callmanager Pub and Sub

set qos acl map Pol 21,421 ### applying Policer on Voice vlan

set qos acl map Unity 3/5 #### applying acl at port level on Unity

set qos acl map Gtway 3/6 ### applying acl at port level on Gateway

set qos acl map GK 3/7 #### applying acl at port level on gatekeeper.

QOS maps in 6500

Posted: May 24, 2006 by sankar in 6500, QOS

COS-to-DSCP maps:
set qos cos-dscp-map d1 d2 d3 d4 d5 d6 d7 d8
                  

dscp

0 8 16 24 34 46 48 56
cos 0 1 2 3 4 5 6 7

IPPrec-to-DSCP maps:

set qos ipprec-dscp-map d1 d2 d3 d4 d5 d6 d7 d8

DSCP

0 8 16 24 34 46 48 56
TOS 0 1 2 3 4 5 6 7

policed-dscp-map

set qos policed-dscp-map normal-rate 0-5:3
set qos policed-dscp-map excess-rate 0,1:3
set qos policed-dscp-amp 0,1:3

QOS template for 6500 – Egress

Posted: May 24, 2006 by sankar in 6500, Cisco General, QOS

Mapping packets to a particular queue / threshold

set qos map 2q2t tx 2 1 cos 3 (mandatory)

Optional commands:

set qos wrr 2q2t 5 255 (optional)

The values are absolute based on a scale of 255. To get the values in percent, you need to multiply it by 2.5.10% means 25 and 20% means 50 and so forth.

set qos drop-threshold 2q2t tx queue 1 80 100

OR

set qos wred 1p2q2t tx queue 1 80 100 (both optional)

set qos drop-threshold 2q2t tx queue 2 80 100

OR

set qos wred 1p2q2t tx queue 2 80 100 (both optional)

set qos txq-ratio 2q2t 80 20 (optional)

QOS template for 6500 – Ingress

Posted: May 24, 2006 by sankar in 6500, QOS

Globally enable QOS

set qos enable

Port commands (Mandatory)

set port qos <mod/port> vlan-based | port-based (mandatory)
set port qos <mod/port> trust {trust-dscp|trust-cos|trust-ipprec|untrusted} (mandatory)
SET port qos <mod/port> trust-ext untrusted | trust-cos (mandatory)
### instructs phones to not trust cos coming from PC or to trust the cos.

Port commands (optional)

set port qos <mod/port> cos-ext <value> (0 through 7) —- resets cos to specified value. (optional)
set port qos <mod/port> cos <value> (optional)
set port qos <mod/port> trust-device cisco-ipphone (optional)
set qos rxq-ratio 1q4t 80 20 (optional)
### works only for 1p1q type receive queues (6548, 6748)

Policing

set qos policer aggregate <nameofpolicer> rate <rate> burst <burst> {drop|policed-dscp}
############ used in PFC or PFC2

set qos policer agggreate <nameofpolicer> rate <rate> {policed-dscp-map} erate <erate> {drop|policed-dscp-map} burst <burst> eburst <eburst>
########### used in PFC2 or PFC3.


set qos policed-dscp-map {in-profile-dscp : dscp-mark-down}

##This is used with aggregate policer defined in section 1 (specify one rate and one burst)

set qos policed-dscp-map normal-rate {in-profile-dscp|dscp-mark-down}

##Used with aggregate policer defined in section 2 (specify, rate and erate, burst and eburst)

set qos policed-dscp-map excess-rate {in-profile-dscp|dscp-mark-down}

##Used with aggregate policer defined in section 2 (specify, rate and erate, burst and eburst)


burst = rate /4000 + 12kbps.
Commands needed for Microflow policing
—————————————
set qos bridged-microflow-policing enable <vlan no>
### Only for MSFC2

set qos policer microflow <nameofpolicer> rate <rate> burst <burst> {drop|policed-dscp}

QOS ACLs

set qos acl ip <acl_name> {dscp|trust-dscp|trust-ipprec|trust-cos} {microflow <mflowpolicer>|aggregate <agg policer>} {ip|tcp|udp} <src address> <mask> <port> <dst address> <mask> <port> {precedecne <prec> | dscp-field <dscp>} {before <editbuffer>|modify <editbuffer>}
commit qos acl <acl_name>
set qos acl map <acl_name> <mod/port>

rollback qos acl map <acl_name>

clear qos acl map <acl_name>