346 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
tions configured by selecting either the match-any or match-all keyword. The example
demonstrates the match-all keyword. Within the policy map fasttrack, the MSFC polices
traffic to limit the utilized bandwidth for these protocols. Additionally, the MSFC marks
packets conforming to the policing contract with an IP precedence value of zero. This
provides only Best Effort delivery for these packets and ensures the MSFC does not favor
these packets over more mission-critical applications when competing for bandwidth on
congested interfaces.
As demonstrated in the preceding example, NBAR is not an all-encompassing QoS
mechanism. Rather, it is a classification tool used for classifying IP-based traffic. NBAR
works in conjunction with other available QoS tools such as policing. Another mechanism
NBAR operates with is class-based marking. The following section discusses class-based
marking for the MSFC and FlexWAN module.
Marking
The purpose of marking is to assign different priority levels to various traffic flows. It allows
downstream devices to differentiate higher-priority traffic from lower-priority traffic and
perform predefined policies based on assigned precedence values or specific bits set within
the particular header. The FlexWAN module is capable of marking traffic using class-based
marking, committed access rate (CAR), or class-based policing to identify various traffic
streams. Class-based marking enables the administrator to specify the IP precedence or
DSCP values within the IP header, assign incoming packets to a local QoS group, or set
MPLS experimental bits. CAR and class-based policing can be configured to solely mark
traffic matched by the configured classification criteria. Instead of discarding violating
packets, the packets are marked down and forwarded. This section explains class-based
marking, CAR, and class-based policing as marking mechanisms and how they are
configured on the FlexWAN module.
Class-Based Marking
Class-based marking is a mechanism used to identify and mark various traffic flows in the
network. Different devices then use these set values to prioritize traffic when congestion is
experienced in the network. The administrator assigns values to the various traffic flows,
based on specific classification criteria. When the individual flows or groups of flows are
assigned the appropriate marking parameters, devices in the network are able to act on those
packets based on their assigned marking. This action allows downstream devices to differ-
entiate among the various high- and low-priority protocols and applications, and determin-
istically drop or forward packets to maintain defined service levels. When configuring
class-based marking on the FlexWAN module, you have three possible marking options.
The following command syntax shows the three available options:
set {{ip {dscp {
dscp
} | precedence {
prec
}}} | {qos-group {
group#
}} | { mpls experimental
{
exp
}}}
Marking 347
One option is to assign a value to the ToS field. The administrator assigns either an IP prece-
dence or DSCP value within the IP header. The second option is to assign the traffic to a
QoS group. This provides additional granularity beyond the 64 possible DSCP values. set
qos-group can be used in networks that have a significant number of different classes of
traffic, and can scale up to 100 different assigned values. Because QoS groups are assigned
to ingress traffic, the FlexWAN module uses the QoS group value to prioritize traffic for
transmission. Finally, the FlexWAN module also supports set mpls experimental for
egress traffic. Often, packets are marked based on IP precedence or DSCP values. DSCP is
the recommended alternative if all devices in the network support DSCP. DSCP provides
substantially more granularity than IP precedence, permitting up to 64 different service
levels to be defined. Example 9-3 through Example 9-6 demonstrate and explain the various
steps of configuring class-based marking on the FlexWAN module, including the
following:
• Defining classes and grouping application by class (Example 9-3)
• Configuring policies based on essential and nonessential traffic (Example 9-4)
• Implementing the service policy statement (Example 9-5)
• Verifying that the configuration appears as intended (Example 9-6)
The first step in configuring class-based marking is to define the various classes and group
the related applications and protocols into those classes. In this example, the classes are
defined based on the impact they have on business functions. Applications using the
Fasttrack protocol and normal web-based traffic are considered nonessential, and as a result
are placed in the appropriate class. Mail traffic and secure web traffic, although not
considered business-critical, are placed in a higher category than the nonessential elements.
Applications essential to the business are placed in an even higher category. Because
database traffic is time-sensitive, it is critical that any database components receive prefer-
ential treatment over other less-important protocols and applications. Finally, a separate
category has been configured for the video applications. When the traffic has been
classified, the policies are configured.
Example 9-3 Configuring Distributed Class-Based Marking on the FlexWAN Module
MSFC#configure terminal
MSFC(config)#class-map match-any Non-essential
MSFC(config-cmap)#match protocol http
MSFC(config-cmap)#match protocol fasttrack
MSFC(config)#class-map match-any Low-Priority
MSFC(config-cmap)#match protocol smtp
MSFC(config-cmap)#match protocol secure-http
MSFC(config)#class-map match-any Business-essential
MSFC(config-cmap)#match protocol sqlnet
MSFC(config-cmap)#match protocol sqlserver
MSFC(config)#class-map match-any Video-preso
MSFC(config-cmap)#
mm
mm
aa
aa
tt
tt
cc
cc
hh
hh
pp
pp
rr
rr
oo
oo
tt
tt
oo
oo
cc
cc
oo
oo
ll
ll
nn
nn
ee
ee
tt
tt
ss
ss
hh
hh
oo
oo
ww
ww
348 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
In addition to marking the “nonessential” traffic with DSCP 0, the traffic is also being
policed to 256 kbps. Therefore, not only is the nonessential traffic dropped first during
periods of congestion, the bandwidth is also limited, allowing more availability to other
protocols and applications, such as voice. When the policies are defined, the configured
policy map is applied to the interface with the desired service-policy statement.
After all the configuration steps have been taken, you can verify the configuration and
performance with show policy-map interface {type num}.
Example 9-4 Configuring Essential and Nonessential Traffic
MSFC#configure terminal
MSFC(config)#policy-map CB-Marking
MSFC(config-pmap)#class Non-essential
MSFC(config-pmap-c)# police 256000 1500 1500 conform-action set-dscp-transmit 0
exceed-action drop
MSFC(config-pmap-c)#class Low-Priority
MSFC(config-pmap-c)#set ip dscp 8
MSFC(config-pmap-c)#class Business-essential
MSFC(config-pmap-c)#set ip dscp 16
MSFC(config-pmap-c)#class Video-preso
MSFC(config-pmap-c)#set ip dscp 24
Example 9-5 Configuring the service-policy Statement
MSFC(config)#interface serial 3/0/0
MSFC(config-if)#service-policy input CB-Marking
MSFC(config-if)#end
Example 9-6 Verifying the Configuration
MSFC#show policy-map interface serial 3/0/0
Serial3/0/0
service-policy input: CB-Marking
class-map: Non-essential (match-any)
198987 packets, 61685950 bytes
30 second offered rate 1233000 bps, drop rate 925000 bps
match: protocol http
119392 packets, 41787200 bytes
30 second rate 834000 bps
match: protocol fasttrack
79595 packets, 19898750 bytes
30 second rate 395000 bps
police:
256000 bps, 1500 limit, 1500 extended limit
conformed 49311 packets, 12694050 bytes; action: set-dscp-transmit 0
exceeded 8 packets, 2600 bytes; action: drop
violated 149668 packets, 48989300 bytes; action: drop
conformed 252000 bps, exceed 0 bps violate 978000 bps
class-map: Low-Priority (match-any)
129343 packets, 35071825 bytes
30 second offered rate 699000 bps, drop rate 0 bps
match: protocol smtp
Marking 349
Marking Using Committed Access Rate (CAR)
CAR is a legacy QoS mechanism and is not generally recommended for new deployments.
For the sake of completeness, an explanation of CAR’s configuration and functionality is
included in this chapter. Although CAR is primarily used as a policing mechanism, you can
also use CAR to mark traffic. CAR is configured to match traffic using an ACL, a pre-estab-
lished DSCP value, a QoS group, or CAR matches all ingress or egress traffic traversing an
interface, based on the direction the command is applied. The following command applies
CAR to the desired interface:
rate-limit {input | output} [[access-group[rate-limit]
list #
] | [qos-group
group#
>] | [dscp
dscp
]] {
rate
} {
normal burst
} {
excess burst
} conform-action
{
conform-action
} exceed-action {
exceed-action
}
The rate-limit command is applied to a specific interface and configured in interface
configuration mode. The required input or output option specifies the direction the rate-
limit command is applied, relative to the traffic flow. The next set of options allows traffic
39798 packets, 5969700 bytes
30 second rate 118000 bps
match: protocol secure-http
89545 packets, 29102125 bytes
30 second rate 580000 bps
set:
ip dscp 8
class-map: Business-essential (match-any)
139292 packets, 23878575 bytes
30 second offered rate 476000 bps, drop rate 0 bps
match: protocol sqlnet
79595 packets, 17908875 bytes
30 second rate 355000 bps
match: protocol sqlserver
59697 packets, 5969700 bytes
30 second rate 118000 bps
set:
ip dscp 16
class-map: Video-preso (match-any)
159189 packets, 55716150 bytes
30 second offered rate 1113000 bps, drop rate 0 bps
match: protocol netshow
159189 packets, 55716150 bytes
30 second rate 1113000 bps
set:
ip dscp 24
class-map: class-default (match-any)
176 packets, 11174 bytes
30 second offered rate 0 bps, drop rate 0 bps
match: any
176 packets, 11174 bytes
30 second rate 0 bps
Example 9-6 Verifying the Configuration (Continued)
350 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
to be matched against a predetermined list or assigned value. The specified rate is measured
in bits per seconds, and the burst values are measured in bytes. The conform-action and
exceed-action determine what actions are taken for conforming and nonconforming
packets, respectively. The following output displays the configurable actions. The
keywords shown are available for both conform-action and exceed-action.
If the intent is to use CAR to mark packets, as opposed to police, the drop keyword is not
used. Instead, a set action is specified to modify the ToS field in the IP header, or set the
local QoS group value for a packet. The transmit keyword is yet another option, which
allows a packet to be forwarded without modifying any existing settings. One additional
feature with CAR is the flexibility to configure multiple rate-limit statements on the same
interface. By using the continue keyword, independently or within a set action, packets can
be processed through multiple rate-limit statements until a match is found. In the event a
match is not found, the default action is to transmit. Therefore, in the absence of a match,
the packet is just forwarded. Example 9-8 demonstrates configuring CAR to mark traffic.
In the example, an extended ACL is configured specifying the traffic to be considered. In
this instance, secure web traffic is being forwarded to the serial interface noted in the
example. However, the traffic is not marked with a value that conforms to the QoS policy
in place. The intent is to mark all secure web traffic conforming to the configured 1-Mbps
rate with DSCP 8. Any traffic exceeding this rate is marked with DSCP 0.
Example 9-7 Configurable Options for the rate-limit Command
MSFC(config-if)#rate-limit input 1000000 187500 375000 conform-action ?
continue scan other rate limits
drop drop packet
set-dscp-continue set dscp, scan other rate limits
set-dscp-transmit set dscp and send it
set-prec-continue rewrite packet precedence, scan other rate limits
set-prec-transmit rewrite packet precedence and send it
set-qos-continue set qos-group, scan other rate limits
set-qos-transmit set qos-group and send it
transmit transmit packet
Example 9-8 Marking Secure Web Traffic with CAR
MSFC#configure terminal
MSFC(config)#access-list 101 permit tcp any any eq 443
MSFC(config)#interface serial 3/0/0
MSFC(config-if)#rate-limit input access-group 101 1000000 187500 375000 conform-
action set-dscp-transmit 8 exceed-action set-dscp-transmit 0
MSFC(config-if)#end
MSFC#show interface serial 3/0/0 rate-limit
Serial3/0/0
Input
matches: access-group 101
params: 1000000 bps, 187500 limit, 375000 extended limit
conformed 115046 packets, 46018400 bytes; action: set-dscp-transmit 8
exceeded 56927 packets, 22770800 bytes; action: set-dscp-transmit 0
last packet: 4ms ago, current burst: 281100 bytes
last cleared 00:06:12 ago, conformed 988000 bps, exceeded 489000 bps
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.