220 Chapter 7: QoS Features Available on the Catalyst 4000 IOS Family of Switches and the Catalyst
NOTE Buffering does not occur on the packets in the bucket. The Leaky Token Bucket Algorithm
only snapshots traffic to determine whether a packet is conforming or exceeding the
configured police rate.
Burst Size Parameter
Because of the flow-control nature of TCP/IP and UDP application behavior, packet drops
significantly impact traffic behavior and may result in a packet-per-second performance far
below the configured policer rate. The burst parameter of policing attempts to handle the
torrent nature of TCP/IP and web traffic by allowing period surges of traffic into the bucket.
Configuration of the burst size follows several other Catalyst platform recommendations.
For TCP applications, use the following formula for calculating the burst size parameter
used for policing:
<burst> = 2 * <RTT> * <rate>
RTT defines the approximate round-trip time for a TCP session. If RTT is unknown, use a
RTT value of 1 millisecond or 1 second depending on estimated latency. Example 7-16
illustrates the burst calculation for a rate of 64 kbps and an unknown RTT.
Nevertheless, from an application perspective, TCP/IP traffic-rate policing always results
in actual rates less than the configured rate regardless of the burst size. UDP applications
police closer to the configured rate in pure bits per second; however, some UDP applica-
tions retransmit heavily upon packet loss. As a result, the rate for applications that use UDP
may also fall well below the configured rate. In summary, system administrators must
carefully plan and consider application behavior and resiliency to rate policing before
applying policers.
Guaranteed Rate of Policer
During any time interval, the leaky token bucket algorithm implementation on the Catalyst
4000 IOS Family of switches guarantees the following conforming policing rate:
Conforming rate <= (<configured_rate bits/sec> * <1 byte/8 bits> * <period>) +
<burst_size> + 1 packet
Consider Example 7-14, for example, where the aggregate policer defines a rate of 1.54
Mbps and a burst size of 8000 bytes. Using the preceding formula, the guaranteed
conforming traffic rate for a 1-second interval calculates as follows:
Example 7-16 Sample Burst Calculation
<burst> = 2 * <1 sec> * <64000 bits/sec>
<burst> = 128000 bits = 16000 bytes
QoS Support on the Catalyst 4000 IOS Family of Switches 221
Conforming rate <= (1540000 bits/sec * 1 byte/8 bits * 1 sec) + 8000 bytes +
1 packet = 200500 bytes
In bits per second, the conforming rate is 2.006 Mbps, assuming an average 100-byte packet size.
Because of the nature of applications that use the TCP/IP and UDP/IP protocols, use careful
planning when configuring the burst size.
Policing Accuracy
Moreover, the architecture of the Catalyst 4000 IOS Family of switches bestows policing
at a finite set of rates distributed between 32 kbps and 32 Gbps in 1-bps increments.
Because of the hardware architecture, specified rates adjust up or down to the nearest
hardware-capable rate. The adjusted policy rate is always within 1.5 percent of the
configured rate. Subsequently, two distinct policy rates must differ by at least 3 percent.
DSCP-Policed Action
The Catalyst 4000 IOS Family of switches uses the DSCP-policed concept to mark down
packets. For DSCP-policed traffic, the switch marks the frame with a DSCP value derived
from the QoS DSCP-policed mapping table. The default mapping table maps 1:1 with the
internal DSCP values; therefore, the default mark down action results in no change to the
DSCP value. The QoS DSCP-policed mapping table requires a nondefault configuration to
actually mark down packets that exceed the rate specified in the policing action.
Use the following command to configure the QoS DSCP-policed mapping tables:
qos map dscp policed
dscp-list
to
dscp mark-down-dscp
dscp-list represents up to eight DSCP values that configure to represent the DSCP mark-
down-DSCP value. Example 7-17 displays the default QoS DSCP-policed mapping table,
configures the DSCP-policed mapping table for marking down DSCP values 50 to 59 to 0,
and verifies the configuration.
Example 7-17 Displaying, Configuring, and Verifying the QoS DSCP-Policed Mapping Table
Switch#show qos map dscp policed
Policed DSCP Mapping Table (DSCP = d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
-------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Switch(config)#qos map dscp policed 50 51 52 53 54 55 56 57 to dscp 0
Switch(config)#qos map dscp policed 58 59 to dscp 0
Switch#show qos map dscp policed
Policed DSCP Mapping Table (DSCP = d1d2)
continues
222 Chapter 7: QoS Features Available on the Catalyst 4000 IOS Family of Switches and the Catalyst
To configure the traffic-rate policer for marking down the DSCP value for the exceed
action, use the policed-dscp-transmit keyword for the exceed-action parameter for the
following individual policy map and aggregate global policer configuration commands:
police
rate burst
[[conform-action {transmit | drop}] [exceed-action {transmit | drop |
policed-dscp-transmit}]]
qos aggregate-policer
policer_name
rate burst
[[conform-action {transmit | drop}]
[exceed-action {transmit | drop | policed-dscp-transmit}]]
d1 : d2 0 1 2 3 4 5 6 7 8 9
-------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 00 00 00 00 00 00 00 00 00 00
6 : 60 61 62 63
Example 7-18 Sample Configuration for policed-dscp-transmit Exceed Action of an Individual Policer
Current configuration : 327064 bytes
!
(text deleted)
!
qos map dscp policed 50 51 52 53 54 55 56 57 to dscp 7
qos map dscp policed 58 59 to dscp 7
qos
(text deleted)
class-map match-all UDP_PORT_10000
description MATCH PACKETS ON DESTINATION UDP PORT 10000
match access-group 105
!
policy-map MARK_BASED_ON_RATE
class UDP_PORT_10000
police 32000 bps 16000 byte conform-action transmit exceed-action policed-dscp-
transmit
!
interface FastEthernet6/1
switchport mode access
service-policy input MARK_BASED_ON_RATE
spanning-tree portfast
!
(text deleted)
!
access-list 105 permit udp any any eq 10000
!
end
Example 7-17 Displaying, Configuring, and Verifying the QoS DSCP-Policed Mapping Table (Continued)
QoS Support on the Catalyst 4000 IOS Family of Switches 223
Marking Action
Policy maps allow for marking of packets using ACL-based classification. Class maps
frame ACLs for policy maps. Review the “ACL-Based Classification” section earlier in this
chapter for discussion of class maps and ACL options.
Policy maps organize the marking action using the following policy map class clause
command:
set ip [dscp | precedence] [
value
]
value represents the actual value to mark on the packet for DSCP or IP precedence.
Example 7-19 illustrates marking based on ACL-based classification.
Trusting Action
Trusting DSCP or CoS using a policing action is another way to refer to trusting DSCP or
CoS based on an ACL. Packets that match the configured class clause have the internal
DSCP determined based on ingress packets’ DSCP or CoS value. The switch does not alter
the internal DSCP of frames that do match the class clause ACLs. For configurations using
trusting in class map clauses, there is no need for a trusting configuration on the interface.
Example 7-19 Sample Configuration of Marking Based on ACL Classification
Current configuration : 327064 bytes
!
(text deleted)
!
qos
!
(text deleted)
!
class-map match-all UDP_PORT_10000
description MATCH PACKETS ON DESTINATION UDP PORT 10000
match access-group 105
!
!
policy-map ACL_MARK
class UDP_PORT_10000
set ip dscp 40
!
!
interface FastEthernet6/1
switchport mode access
service-policy input ACL_MARK
spanning-tree portfast
!
(text deleted)
access-list 105 permit udp any any eq 10000
(text deleted)
!
end
224 Chapter 7: QoS Features Available on the Catalyst 4000 IOS Family of Switches and the Catalyst
Configuring an interface for trusting and configuring a policing action of trusting needs
careful consideration because a trusting configuration on an interface classifies ingress
frames before a policy.
Policy maps organize the trusting actions using the following policy map class clause
command:
trust [dscp | cos]
Example 7-20 illustrates a policy map configured to trust DSCP for a specific class map.
Congestion Management
After the switch classifies and processes packets against QoS policies, the switch places the
packet in transmit queues for output scheduling. Refer to Figure 7-1 for a logical diagram
of this behavior.
Example 7-20 Sample Configuration for a Policy Map Configured to Trust DSCP
Current configuration : 327064 bytes
!
(text deleted)
!
qos
!
(text deleted)
!
interface FastEthernet3/1
switchport access vlan 2
switchport voice vlan 700
service-policy input TRUST_UDP_GT_10000
no snmp trap link-status
tx-queue 3
priority high
spanning-tree portfast
!
(text deleted)
!
class-map match-all UDP_PORT_GT_10000
match access-group 150
!
!
policy-map TRUST_UDP_GT_10000
class UDP_PORT_GT_10000
trust dscp
!
(text deleted)
access-list 150 permit udp any any gt 10000
(text deleted)
end
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.