[c-nsp] 7600 QoS policing

Tony td_miles at yahoo.com
Tue Jul 28 02:45:18 EDT 2009 

Hi all,

I'm hoping that someone might be able to help with some suggestions for how to configure QoS for the following setup. I've read a whole lot of documentation and can't find anything that helps me.

Device: 7609 sup720-3b running 12.2(33)SRD1. GigE card = WS-X6516-GE-TX

Site 1 = 40Mbps, two VLANs, connected to Gi7/5
Site 2 = 10Mbps, two VLANs (21 & 22), connected to Gig7/4
Site 3 = 4Mbps, two VLANs (31 & 32), connected to Gig7/4
Site 4 = 4Mbps, two VLANs (41 & 42), connected to Gig7/4

All of the links are provided by external carriers (two different ones) and it is assumed that they rate limit to the agreed purchased bandwidth non-discriminantly (ie. they chuck out whatever exceeds the configured rate).

If you're wondering how 40Mbps in from one site is ever going to work going out to other sites that only have an aggregate of 18Mbps, that's because there are other sites connected via MPLS, I'm just interested in the ones that are local to this PE for now.

What I want to achieve is that for each of site 2, 3 & 4 I prioritise voice traffic. This voice traffic is allowed to have up to 3Mbps of the link to itself if required, the rest is available for general data traffic. The voice traffic will always be in ONE of the VLANs to each site. The voice VLAN is attached to a seperate VRF than the data VLAN, but no MPLS on the site links, the traffic is L3 seperated by being on different VLANs, with each VLAN connecting to different gear at the CPE.

I have been looking at PFC QoS and my first thought was to police based on the VLANs using a hierarchical model like this (assuming hierarchical qos is supported on PFC3B, which I think it is ?):

class-map c1
   match any

class-map s2
!site 2
   match vlan 21, 22

class-map s3
!site 3
   match vlan 31, 32

class-map s4
!site 4
   match vlan 41, 42

policy p_gig7-4
   class c1
      police 18000000
      service-policy p_vlan

policy p_vlan
  class s2
     police 10000000
  class s2
     police 4000000
  class s2
     police 4000000
     
I'm well aware that the above isn't a valid config, consider it pseudocode for what I'm trying to achieve which is to limit all of the vlans together to 18Mbps, with each site limited to it's own specific bandwidth within a child policy below that.

This seems like a reasonable place to start (provided it could actually be implemented). I don't think I can match on vlan attribute, but I can probably get around that by matching on either destination address or something else. The main problem I can see is that the policer won't discriminate between the different vlan's so if the data vlan is using too much, then I'm probably going to lose voice packets when both vlans get policed (which I don't want, I want to chuck data packets first). The voice packets are marked DSCP-EF (COS-5), so will the policer favour throwing out the lower DSCP packets first to keep within the policed values ? I can't see anything that says it will and I can't see why it would as it's just a plain policer.

I could police the data vlan for each site so that there is always 3Mbps left for the voice (ie. site2 - police to 7Mbps, site3&4 police to 1Mbps), but this means that I am enforcing that limit regardless of whether there is voice traffic or not and so not getting most efficient use of bandwidth available.

My understanding from the documentation & flowcharts that I've read is that policing is done by PFC BEFORE interface queueing, so that if I want to police to a certain rate, it needs to be done before the traffic gets to the egress queues (ie. Q1, Q2 & PQ for my particular card). Once it gets to the egress queues I can't rate-limit and it will try to send at the interface speed (ie. Gbps) to the provider, who will most likely accept the traffic at Gbps rate and then drop at a later stage somewhere in their network if it exceeds link speed to the site in question.

So how can I police to a certain rate with preference given to dropping lower priority packets up to the policed rate ? I'd like to be able to specify a policing situation so that for each pair of VLANs per site I have 4Mbps of bandwidth with up to 3Mbps committed to voice traffic. Ideally I could also speficy others too, so up to 3Mbps for COS-5, up to 1Mbps guaranteed for COS-4 (after COS-5 had been served) and then whatever is left for everything else. Am I missing something simple here ?

I haven't really said anything about Site 1, but it needs to have a similar config so that traffic over the configured rate will be dropped with lower priority packets being dropped first.

I'm not looking for someone to give me the entire answer with config included, I'm happy to be pointed in the right direction. Any workarounds will be actively entertained.

If you've read this far, thanks for sticking with me.


regards,
Tony.

More information about the cisco-nsp mailing list