Solved

QOS policy map on Cisco 6500 not matching packets

Posted on 2013-12-16
10
1,586 Views
Last Modified: 2013-12-19
Hi,

I have created a class map to match an access list, and placed it in a policy map set to mark packets with a DSCP value.

Policy Map QOS-Markings
    Class Lync-ef
      set dscp ef
    Class Lync-af41
      set dscp af41

Open in new window


straight forward enough

then I have applied this policy map outbound to a vlan interface

but when i do #show policy-map int vlan 1001 I see

Service-policy output: QOS-Markings

    class-map: Lync-ef (match-all)
      Match: access-group name Lync-Voice
      set dscp 46:
      Earl in switch 1, slot 5 :
        2382 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 2382 bytes
      Earl in switch 2, slot 5 :
        588 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 588 bytes

    class-map: Lync-af41 (match-all)
      Match: access-group name Lync-Video
      set dscp 34:
      Earl in switch 1, slot 5 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes
      Earl in switch 2, slot 5 :
        0 bytes
        5 minute offered rate 0 bps
        aggregate-forwarded 0 bytes

    Class-map: class-default (match-any)
      38 packets, 4786 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any 
        38 packets, 4786 bytes
        5 minute rate 0 bps

Open in new window


however this interface is a 100mb and about 30-40% utilised as seen with the interface counters. So my questions is why is it not seeing the packets?

I assume its not seeing them because they are getting hardware switched (cef) but any help would be nice. I first thought this was because I applied the policy to a layer 2 port which is where I would like to apply it, but seeing as this did not work I tried moving it to the Layer 3 interface.

Cheers
0
Comment
Question by:Aaron Street
  • 6
  • 3
10 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39724587
Hi!
Everything looks good. You can use outbound policy on vlan interface.
Could you provide hardware(supervisor, PFC, MSFC), software version you use, and configuration without logins, passwords and exact IPs?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 39725365
Can you post the acl's that your classes maps are matching against?
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39726426
Hi,

The access lists are diffidently correct as if I apply them direct to the interface they see traffic.

I have a SUP 2t in the 6500 running ios Version 15.0(1)SY3

One thing I notice is that under the port I have configured for queuing.

switchport
 switchport access vlan 1020
 speed 100
 duplex full
 wrr-queue bandwidth 20 100 200
 priority-queue queue-limit 5
 wrr-queue queue-limit 65 15 15
 wrr-queue random-detect min-threshold 1 70 100 100 100 100 100 100 100
 wrr-queue random-detect min-threshold 2 70 100 100 100 100 100 100 100
 wrr-queue random-detect min-threshold 3 40 40 50 50 60 60 70 70
 wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100
 wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100
 wrr-queue random-detect max-threshold 3 70 70 80 80 90 90 100 100
 wrr-queue cos-map 2 1 1 2
 wrr-queue cos-map 3 5 3 4
 wrr-queue cos-map 3 7 6 7
 rcv-queue cos-map 1 2 1
 rcv-queue cos-map 1 3 2
 rcv-queue cos-map 1 4 3
 rcv-queue cos-map 1 5 4
 rcv-queue cos-map 1 6 5
 rcv-queue cos-map 1 7 6
 rcv-queue cos-map 1 8 7
 auto qos voip trust
 spanning-tree portfast edge

I see

Interface GigabitEthernet1/2/41 queueing strategy:  Weighted Round-Robin

  Port QoS is disabled globally
  Queueing on Gi1/2/41: Tx Disabled Rx Disabled

I still struggling to find the correct config for QOS on IOS15, should I be using policy based queuing now as described here

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SY/configuration/guide/qos_policy_based_queueing.pdf

rather than the legeacy wrr-queue .... commands?

So to summarise my only QOS configurations is one port configured with wrr-queue commands as above, and one vlan with the policy map applied for marking. There is no global commands configured as from what I have read it is enabled by default.
0
 
LVL 3

Accepted Solution

by:
vyaradaikin earned 500 total points
ID: 39728493
Check the mls qos command and then try to use mls qos vlan-based command on your l2 interfaces. It would be much easier to solve the issue if you provide configuration file.
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39729565
IOS 15 no longer supports the mls qos commands, and talks of the wrr-queue commands as legacy.

I think I am going to go back and not try to mix what I know from IOS 12 with IOS 15 and start fresh.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39729705
Sorry, it platform qos command and you can use platform qos vlan-based on l2 interfaces.
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39730456
Hi,

OK rather than simple abandon this question after your help I will post as much config as I can.

Globally there are no Platform qos commands configured apart from

table-map cos-discard-class-map
 map from  0 to 0
 map from  1 to 10
 map from  2 to 18
 map from  3 to 24
 map from  4 to 34
 map from  5 to 46
 map from  6 to 48
 map from  7 to 56
table-map discard-class-cos-map
 map from  0 1 2 3 4 5 6 7 to 0
 map from  8 9 10 11 12 13 14 15 to 1
 map from  16 17 18 19 20 21 22 23 to 2
 map from  24 25 26 27 28 29 30 31 to 3
 map from  32 33 34 35 36 37 38 39 to 4
 map from  40 41 42 43 44 45 46 47 to 5
 map from  48 49 50 51 52 53 54 55 to 6
 map from  56 57 58 59 60 61 62 63 to 7

with the following class maps

class-map match-all Lync-ef
  match access-group name Lync-Voice
class-map match-all Lync-af41
  match access-group name Lync-Video

ip access-list extended Lync-Video
 deny   ip host 149.155.224.67 any
 deny   ip any host 149.155.224.67
 permit udp any range 20040 20079 any range 20040 20079
 permit tcp any range 20040 20079 any range 20040 20079
ip access-list extended Lync-Voice
 deny   ip host 149.155.224.67 any
 deny   ip any host 149.155.224.67
 permit udp any range 20000 20039 any range 20000 20039
 permit tcp any range 20000 20039 any range 20000 20039

made in to police map as follows

policy-map QOS-Markings
  class Lync-ef
   set dscp ef
  class Lync-af41
   set dscp af41

I have then now applied it to an interface rather than the VLAN interface

interface GigabitEthernet1/2/42
 description --- FW eth8 - Compton ---
 switchport
 switchport access vlan 1020
 wrr-queue cos-map 2 1 1 2
 wrr-queue cos-map 3 5 3 4
 wrr-queue cos-map 3 7 6 7
 rcv-queue cos-map 1 2 1
 rcv-queue cos-map 1 3 2
 rcv-queue cos-map 1 4 3
 rcv-queue cos-map 1 5 4
 rcv-queue cos-map 1 6 5
 rcv-queue cos-map 1 7 6
 rcv-queue cos-map 1 8 7
 spanning-tree portfast edge
 service-policy input QOS-Markings

I have wrr-queueing on another port on the same ASIC which is why you see those commands.

G1/2/42 and G1/2/41 are simple transent through the switch via a non routed vlan (traffic will be mirrored to a monitor appliance at a later date.

As I say though I want to get police based queuing for the output policy, as what I want to do is mark packets on the inbound g1/0/42 which is running at 1gb, and then prioritize on the outgoing int g1/2/41 interface that is running at 100mbs.
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39730528
OH hold on, if i disable

platform qos queueing-only

then the service policy for marking works on int g1/2/42, but the wrr-queuing stops being applied on port 1/2/41

So i think the answer is to enable policy based queuing and not try to mix the two.
0
 
LVL 16

Author Comment

by:Aaron Street
ID: 39730723
OK so I worked it all out :)

it does seem to be the issue above, and trying to mix the legecy

wrr-queuing interface commands, with the service-policy configuration

once I redid the out going queueing using a "policy-map type lan-queuing" and replace the wrr-queue cos maps on the out going interface. And removed the

Platform qos queuing-only global config, I am now seeing both hits on the marking and the queuing policies :)


Cheers for all the help with lots of pointers I will close the questions shortly and share out some points :)
0
 
LVL 16

Author Closing Comment

by:Aaron Street
ID: 39730726
Cheers for the help :)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now