Kevin Dorrell, CCIE #20765

24 Feb 2008

Catalyst QoS

Filed under: QoS — dorreke @ 11:10

I’m going to have to get a grip on this QoS stuff.  About three years ago I went on the official Cisco QoS course, but I never got a chance to use it in anger.  I have also been to quite a few Networkers presentations about it, and they all made sense at the time.  but the information did not stick.  In any case, a lot of it has changed, and the 4500, 3560, 3550, 2960, 2950 all use subtly different paradigms.

I’m doing NMC Lab 8.13, and I’m thrashing between the config line and the documentation, but I hope I’m learning something in the process.  I’m feeling the lack of any 3560s.  I have the proper 3550s for CAT1 and CAT2 (albeit with 12.1=), but my CAT3 and CAT4 are 2950s with a 2610 router on a stick behind each one in case there are any layer-3 tasks.  So far, there have not been any, but there has been plenty of QoS and special features.

So far, I tripped over a couple of configuration gotchas.  The first is “let’s put the service policy on the interface first and I’ll define it later”.

CAT2#conf t 
Enter configuration commands, one per line.  End with CNTL/Z. 
CAT2(config)#int f0/1 
CAT2(config-if)#service-policy input set-af11 
policy map set-af11 not configured 
CAT2(config-if)#end 
CAT2# 
Feb 24 09:57:47.247: %SYS-5-CONFIG_I: Configured from console by console

No, that isn’t just a warning.  It hasn’t remembered it:

CAT2#show run int f0/1 
Building configuration... Current configuration : 150 bytes 
! 
interface FastEthernet0/1 
 description R1-F0/0 
 switchport trunk encapsulation isl 
 switchport trunk allowed vlan 12,16 
 switchport mode trunk 
end CAT2#

 You must define the policy-map first.

The second gotcha was to do with monitoring the DSCP on the QoS:

CAT2#show run int f0/1 
Building configuration... Current configuration : 211 bytes 
! 
interface FastEthernet0/1 
 description R1-F0/0 
 switchport trunk encapsulation isl 
 switchport trunk allowed vlan 12,16 
 switchport mode trunk 
 mls qos monitor dscp 0 10 11 
 service-policy input Set-AF11 
end

Woops, no I didn’t mean 0, 10, and 11.  I meant 12.  OK, I have 8 slots in the stats, so I’ll just add it in:

CAT2#conf t 
Enter configuration commands, one per line.  End with CNTL/Z. 
CAT2(config)#interface FastEthernet0/1 
CAT2(config-if)#mls qos monitor dscp 0 10 11 12 
QoS: Following DSCPs are monitored already: 0 10 11 
CAT2(config-if)#end 
CAT2# 
Feb 24 10:05:05.824: %SYS-5-CONFIG_I: Configured from console by console

That was just a warning, wasn’t it?

CAT2#show run int f0/1 
Building configuration... Current configuration : 211 bytes 
! 
interface FastEthernet0/1 
 description R1-F0/0 
 switchport trunk encapsulation isl 
 switchport trunk allowed vlan 12,16 
 switchport mode trunk 
 mls qos monitor dscp 0 10 11 
 service-policy input Set-AF11 
end

No, clearly it wasn’t just a warning.  However, you can add the DSCP into the existing monitor list provided you don’t mention any of the existing entries:

CAT2#conf t 
Enter configuration commands, one per line.  End with CNTL/Z. 
CAT2(config)#int f0/1 
CAT2(config-if)#mls qos monitor dscp 12 
CAT2(config-if)#end 
CAT2# 
Feb 24 10:03:53.589: %SYS-5-CONFIG_I: Configured from console by console

Let’s have a look:

CAT2#show run int f0/1 
Building configuration... Current configuration : 214 bytes 
! 
interface FastEthernet0/1 
 description R1-F0/0 
 switchport trunk encapsulation isl 
 switchport trunk allowed vlan 12,16 
 switchport mode trunk 
 mls qos monitor dscp 0 10 11 12 
 service-policy input Set-AF11 
end

That’s better!

Here is another gotcha.  It seems you cannot set DSCP (on the input service-policy of a 3550) on the class-default.  You can only do that in the classes you have actually defined.  For example, I started with this policy map, applied input from the R6 connection on CAT1:

CAT1#show policy-map Set-AF11 
 Policy Map Set-AF11 
   class  class-default 
   set ip dscp 10

But that didn’t work.  It’s lucky I tested it by monitoring the DSCP on the the R1 connection on CAT2, with show mls qos int Fa0/1 statistics, and doing lots of pings from R6 to R1.  Otherwise I might not have noticed that the service policy was not marking the packets.  What I needed was:

CAT1#show class-map 
 Class Map match-any class-default (id 0) 
   Match any 
 Class Map match-all All-IP (id 1) 
   Match access-group name All-IP CAT1#show policy-map Set-AF11 
 Policy Map Set-AF11 
  class  All-IP 
   set ip dscp 10 
  class  class-default

 Now I can see the markings on R6’s packets at the R1 port.

One thing I did think of was to put mls qos trust dscp on each side of each trunk link.  In my case, that meant only CAT1-F0/13, CAT1-F0/23, CAT2-F0/13, CAT2-F0/23 since it was irrelevant for the CAT3 and CAT4 2950s.  Just to make sure it was necessary, I remove the command from those interfaces and tried pinging from R6 to R1 again.  Sure enough, the AF11 marking had been stripped.  Strangely, the SHOWiT does not do that, so I have asked the question on the DISCUSSiT forum.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: