[c-nsp] Prioritizing Software generated traffic like BGP on Cisco 4500x IOS-XE

Nilesh Khambal nkhambal at apple.com
Thu May 5 21:27:01 EDT 2016 

Hello,

I have a wan link which is shaped at 200Mbps. It is configured as L2 Port channel trunk on a 10GE interface

interface TenGigabitEthernet1/10
 switchport trunk allowed vlan 912,913
 switchport mode trunk
 bandwidth 200000
 speed nonegotiate
 channel-group 11 mode on
 service-policy output shape-wan-200-meg
!

class-map match-all class1
 match any
!
policy-map shape-wan-200-meg
 class class1
  shape average 200000000
!


I am running BGP over L3 SVI over this link. My objective is to prioritize BGP packets over other data packets going over this shaped link to keep the control plane stable in the event of congestion.

What I read in documentation is that, “software generated”  packets in 4500x are marked with CS6 dscp marking. I also see that in the tcpdump for the BGP packets sent and received over this link. When I created a policy-map similar to this, it somehow does not seem to match on dscp cs6 packets.


<—— Below output is from lab router with similar configuration where I am trying to test this policy.



class-map match-all match-bgp
 match ip dscp cs6
 match access-group 100
!

policy-map priority-bgp
 class match-bgp
  priority
 class class-default
  shape average 200000000
!

interface TenGigabitEthernet1/1
 switchport trunk allowed vlan 50
 switchport mode trunk
 service-policy output priority-bgp
!
interface Vlan50
 ip address x.y.159.1 255.255.255.0
!

access-list 100 permit tcp any any eq bgp
access-list 100 permit tcp any eq bgp any
!

Cisco1#show policy-map interface tenGigabitEthernet 1/1
 TenGigabitEthernet1/1

  Service-policy output: priority-bgp

    queue stats for all priority classes:
      Queueing
      queue limit
      (queue depth/total drops) 0/0
      (bytes output) 0

    Class-map: match-bgp (match-all)
      0 packets                             <<<< Not matching any packets here
      Match: ip dscp cs6 (48)
      Match: access-group 100
      Priority: Strict, b/w exceed drops: 0


    Class-map: class-default (match-any)
      189 packets                           <<<< Only this counter increments.
      Match: any
      Queueing
      queue limit 3072 packets
      (queue depth/total drops) 0/0
      (bytes output) 0
      shape (average) cir 200000000, bc 800000, be 800000
      target shape rate 200000000
Cisco1#

As you can see, it is not matching cs6 dscp packets.

This is the IP header of the BGP packet captured. It does have cs6 priority set.

Internet Protocol Version 4, Src: x.y.159.1, Dst: x.y.159.3
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes
    Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
        1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 59
    Identification: 0x3f2b (16171)
    Flags: 0x02 (Don't Fragment)
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 1
        [Expert Info (Note/Sequence): "Time To Live" only 1]
            ["Time To Live" only 1]
            [Severity level: Note]
            [Group: Sequence]
    Protocol: TCP (6)
    Header checksum: 0xd5cd [validation disabled]
        [Good: False]
        [Bad: False]
    Source: x.y.159.1
    Destination: x.y.159.3
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 179 (179), Dst Port: 1033 (1033), Seq: 1, Ack: 1, Len: 18
    Source Port: 179
    Destination Port: 1033
    [Stream index: 0]
    [TCP Segment Len: 18]
    Sequence number: 1    (relative sequence number)
    [Next sequence number: 19    (relative sequence number)]
    Acknowledgment number: 1    (relative ack number)
    Header Length: 20 bytes
    .... 0000 0001 1000 = Flags: 0x018 (PSH, ACK)
        000. .... .... = Reserved: Not set
        ...0 .... .... = Nonce: Not set
        .... 0... .... = Congestion Window Reduced (CWR): Not set
        .... .0.. .... = ECN-Echo: Not set
        .... ..0. .... = Urgent: Not set
        .... ...1 .... = Acknowledgment: Set
        .... .... 1... = Push: Set
        .... .... .0.. = Reset: Not set
        .... .... ..0. = Syn: Not set
        .... .... ...0 = Fin: Not set
        [TCP Flags: *******AP***]
    Window size value: 16213
    [Calculated window size: 16213]
    [Window size scaling factor: -1 (unknown)]
    Checksum: 0x96c1 [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    Urgent pointer: 0
    [SEQ/ACK analysis]
        [Bytes in flight: 18]
    [Timestamps]
        [Time since first frame in this TCP stream: 0.000000000 seconds]
        [Time since previous frame in this TCP stream: 0.000000000 seconds]
    TCP segment data (18 bytes)


Has anyone done this type of configuration or can point me to a configuration example which shows such configuration? This is the release I am using

Cisco1#show version
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.01.E RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Sat 23-Nov-13 00:13 by prod_rel_team
<..>



Thanks,
Nilesh.

More information about the cisco-nsp mailing list