Qos Statistics on the 7K

Tim Stevenson (tstevens) tstevens at cisco.com
Tue Dec 4 17:48:38 EST 2018 

Hi Brad, 

I checked this on n7700 F3 - concur that even w/'statistics per-entry', the hit count is not incrementing in 'sh ip access' output when the ACL is used for QOS classification. Same behavior in 8.3.1.

>From what I see, the statistics are in fact incrementing in hardware, you can verify by attaching to the LC via 'attach mod x' and using 'sh sys internal access-list input entries detail' and find the block with your ACL (might be a bit tedious doing it this way as all policies, including CoPP etc, will be listed out there). Not sure why that is not just being exported up and aggregated in the sup, though the 'usual' use-case for monitoring ACL hit counts has centered around security ACLs.

                VDC-1 Ethernet2/1 : 
                ==================== 

INSTANCE 0x0
---------------

  Tcam 0 resource usage:
  ----------------------
  Label_a = 0x201
   Bank 1
   ------
     IPv4 Class
       Policies: QoS(all-ip) 
       Netflow profile: 0
       Netflow deny profile: 0
       Entries: 
         [Index] Entry [Stats]
         ---------------------
  [0015:000b:000b] qos ip 0.0.0.0/0 10.1.1.0/24  [398869316] 


I guess you're hoping to figure out which specific ACEs are matching in each class (vs just seeing the total number of packets classified in each class, as seen in 'sh policy-map interface')? I can check w/our engineering team and see if there's some reason this has not been implemented.

Hope that helps,
Tim



-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces at puck.nether.net> On Behalf Of Bradley Ordner
Sent: Wednesday, November 14, 2018 8:49 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Qos Statistics on the 7K

Hi,

This may have been asked before, even on Cisco Support Community I have an answer but it doesn't seem to be working for me.

We have a Layer 3 port with a QoS policy for marking traffic inbound. I have added the 'statistics per-entry' command in our ACL but I do not see any hits. When checking the policy and queueing, I see traffic being matched.

We are only marking inbound on this port, is it not supported or do I have a bug? I am on version - 7.2(0)D1(1)

Match: access-group QOSACL- BLAH
        46082768 packets
      set dscp 56

Thanks

Brad Ordner

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list