Policed Dsc P Mark Down M apping

The Catalyst 6I00 has an additional feature that allows it to mark down DSCP values, based on int policed DSCP mark-down tables. Contingent on configured policing parameters, instead of dropping profile frames, the mark-down table enables the administrator to define DSCP translations. This m previous internal DSCP value to another defined marked-down DSCP value for frames violating tl configured policing contract. The PFC hardware version, either a PFC1 or PFC2, determines how m mark-down...

Example 104 Catalyst 4507R Sample Configuration for Figure 101

Current configuration 4241 bytes class-map match-all VOIP match access-group 100 class-map match-all Database_iSCSI match access-group 102 class-map match-all Other match any class-map match-all VIDEO match access-group 101 priority high spanning-tree portfast (text deleted) interface GigabitEthernet5 1 switchport trunk encapsulation dotlq switchport trunk allowed vlan 2,3,700 switchport mode trunk service-policy input RECLASSIFY tx-queue 3 interface GigabitEthernet5...

Example 101 Catalyst 2950 Sample Configuration for Figure 101

Current configuration 2304 bytes i wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 3 wrr-queue cos-map 3 4 wrr-queue cos-map 4 5 6 7 match access-group 100 class-map match-all Student_Profile match access-group 101 police 4000000 16384 exceed-action drop policy-map FACULTY police 1000000 8192 exceed-action drop set ip dscp 0 interface FastEthernet0 1 switchport access vlan 2 switchport voice vlan 700 no ip address service-policy input FACULTY mls qos trust device...

Congestion Management Mechanisms

As previously mentioned, several mechanisms in Cisco devices fall under the definition of congestion manag 3ment . A ltfaougIs vhis cha pter does not ge t dee p in to the specifics of the ae mechanisms, because there are several other books from Cisco Press that already cover these in detail, an overview of the various mechanisms will help explain the overall function of congestion managamert as part of an end -to-end QmS rtrategy. The preceding section alluded to the need to queue packets, but...

Figure 88 Microflow Versus Aggregate Policer

By default, microflow policing only impacts routed traffic. To police bridged traffic, set qos bridge policing enable VLAN must be configured in Hybrid mode. The equivalent command for policing in Cisco IOS is mls qos bridged, which is configured under the VLAN interface.

Example 833 Configuring an Aggregate Two Rate Policer in Hybrid

Hybrid (enable) set qos policer aggregate HTTP-police rate 1000 policed-dscp erate 'ilrop burst 13 eburst 13 QoS policer for aggregate HTTP-police updated successfully. Rate is set to 992, erate is set to 1984 burst is set to 13 and eburst is set to 1 hardware due to hardware granularity. hybrid (enable) set qos acl ip HTTP-traffic dscp 0 aggregate HTTP-police tcp any a HTTP-traffic editbuffer modified. Use 'commit' command to apply changes. hybrid (enable) commit qos acl HTTP-traffic QoS ACL...

Random Early Detection RED

The problems of tail drop and global synchronization can both be addressed with congestion avoidance. Congesfion a voipanQe is sometimes called adtive rueue management, or Random Early Deteeiion (RED). The Introduction section of RFC 23P9 defines the need for active queue management as follows The trr d onal technique for man aging ro btet queue len gths is to s et a maximum longth (in terms of1 pa ckets) on each que ue, accept pa ctets for the q ueue undil the maximum length te ferphed, then...

MSFC and FlexWAN Architectural Overview

This section expands on some of the concepts presented in Chapter 8 within the section titled Catalyst 6500 Architectural Overview. As discussed in Chapter 8, the MSFC, in conjunction with the PFC, is responsible for Layer 3 forwarding within the Catalyst 6500. With a Supervisor I Engine, the first packet in a flow is software switched by the MSFC. When the first packet is forwarded, the forwarding decision made by the MSFC is also programmed into hardware ASICs on the superviso a engine. This...

Example 102 Catalyst 4506 Sample Configuration for Figure 101

Building configuration Current configuration 4658 bytes class-map match-all Management_Profile match access-group 101 class-map match-all Engineering_Profile match access-group 100 police 1 mbps 16000 byte conform-action transmit exceed-action drop policy-map ENGINEERING police 5 mbps 1600 byte conform-action transmit exceed-action drop interface GigabitEthernet1 1 switchport mode trunk switchport encap dot1q qos trust dscp tx-queue 1 bandwidth 200 mbps priority high tx-queue 4 interface...

Trademar k Acknowledgmen ts

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. Cisco MarCCting Communications Manager Jason Cornett Lauren Dygowski Balaji Sivasubramanian Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA 800 553-NETS (6387)...

Figure 21 Token Bucket Mechanism

Tokens-replenished every feifesh interval Number of tokens equal to size ot pactoel afe removed Irom bucket If the actual ingress traffic rate exceeds the configured rate, and there are insufficient tokens ir the token bucket to accommodate the arriving traffic, the excess data is considered out-of-profile and can be dealt with in one of two ways Re-assign QoS values to appropriate header f the decision is to mark down the nonconforming traffic, the DSCP value is derived from the mapping...

Assured Forwarding Versus Expedited Forwarding

Assured forwarding (AF, RFC t597), and expedited forwarding (EF, RFC t598) are PHBs that have reco mmended codeko nts. EF has only 1 re commended codepoint, whereas AF has 1t recommkuded codepoin ts0 RFCs t597 and t598 both describe PHBs beyond that, they are not specifically related, but the discussion oU each Ihas been cbmbined in th is section to contruttthe two function s. The point of contrasting th ese two PHBs is to demonstrate how the DiffServ architecture allows for a great deal of...

Figure 86 WRED Operation for 1p1q8t Port Types

Whan queue reaches ioo capactiy. rrames art dropped by tail-drop. Whan queue reaches ioo capactiy. rrames art dropped by tail-drop. 100 j sT riM l6 (< mpp*d lo tfireshokJs H h5 Lo Mi C S fl imapp d to thra hcld & ) Hi 1h- lo jg S3 jirucpHJ'tnthre hciaa) Mi lh3.L.r> IM 50 jCoS 2j (imppgd to trirashcld 3) hi. ingjLo gj jOnST) flapped to threshold 2) 30 Cq& T (mappad to threshold 1 20 * During poriotte of congestion as Panics approach the- high ilnreshcild lor (heir p ciflcwPE class....

Table 86 Layer 4 IP Protocol Criteria

Although not as granular as IP, IPX and MAC ACLs can classify traffic based on specific protocol numbers and ethertype values, as well as based on the source and destination network and host numbers. Administrators can identify particular IPX protocols based on keywords (ncp (17), rip (1),sap (4), spx (h)) or a protocol number in the range from 0 to 19 or 21 to 2hh. MAC ACLs enable the administrator to identify traffic based on ethertype value, utilizing one of the keywords or values shown in...

Congestion Management and Congestion Avoidance

After a frame has been classified, processed through all the applicable QoS policies, and a forwardi decision has been made, the frame is then forwarded to the appropriate egress queue. At the trans interface, the Catalyst 6500 employs congestion management and congestion avoidance features t priority traffic has p recedence when accessing the network during periods of link oversubscription. buffers and more complex queuing mechanisms are normally found at egress interfaces. This is bei during...

Example 821 Configuring and Applying an IP QoS ACL in Hybrid Mode

Hybrid (enable) set qos acl ip VideoConf dscp 26 tcp any any eq 1720 VideoConf editbuffer modified. Use 'commit' command to apply changes. hybrid (enable) set qos acl ip VideoConf dscp 26 tcp any any eq 1731 VideoConf editbuffer modified. Use 'commit' command to apply changes. hybrid (enable) set qos acl ip VideoConf dscp 26 tcp any any eq 1503 VideoConf editbuffer modified. Use 'commit' command to apply changes. hybrid (enable) set qos acl ip VideoConf trust-cos ip any any Warning ACL...

Example 913 Configuring Distributed WFQ

MSFC(config) class-map match-any Low-Priority MSFC(config-cmap) match protocol smtp MSFC(config-cmap) match protocol secure-http MSFC(config) class-map match-any Business-essential MSFC(config-cmap) match protocol sqlnet MSFC(config-cmap) match protocol sqlserver MSFC(config) class-map match-any Video-preso (config-cmap) match protocol netshow (config-cmap) exit (config) policy-map dCBWFQ (config-pmap) class Low-Priority (config-pmap-c) bandwidth 400 (config-pmap-c) fair-queue (config-pmap-c)...

NBAR Protocol Discovery

The first step in being able to classify network traffic is to actually know what protocols and applications are running on the network. This knowledge enables administrators to prioritize business-cr itical information and applications over less-important applications. Unfortunately, to configure ACLs to classify network traffic you must have prior knowledge of the network applications, as well as their associated protocol or port numbers. One option for discovering the protocols currently...

Two Rate Policing

The PFC2 provides additional policing enhancements beyond the capabilities of the PFC1. The PFC2 aggregate policieg at dual rates. Dual-rate aggregate policing was introduced for the Catalyst 650( Software Release 6.1(1) and in Cisco IOS Release 12.1(8a)E. In addition to the traditional normal burst aize, the PFC2 introduces an excess rate and an excess burst for the policer. With this configl drop) indication applies to the excess raoe, as o pposed to the normal rate. Packets exceeding the no...

Catalyst 65100 Hybrid OS

Exampae 10-5 shows the Catalyst 6500 H ybrid OS sample configuration applied to Figure 10-1. Example 10-5. Catalyst 6500 CatOS Sample Configuration for Figure 10-1 This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ***** NON-DEFAULT CONFIGURATION ***** set qos policed-dscp-map 47 47 set qos policed-dscp-map 48 48 set qos policed-dscp-map 49 49 set qos policed-dscp-map 50 50 set qos policed-dscp-map 51 51 set qos...

Example 634 Catalyst 3550 Case Study Configuration

Class-map match-all RESTRICT_INTERNET_ONLY match access-group 151 policy-map RESTRICT_INTERNET class RESTRICT INTERNET ONLY police 10000000 16000 exceed-action policed-dscp-transmit interface GigabitEthernet0 1 ip address 10.1.1.0 255.255.255.248 mls qos trust dscp service-policy input RESTRICT_INTERNET wrr-queue random-detect max-threshold 1 20 100 wrr-queue random-detect max-threshold 2 40 100 wrr-queue cos-map 4 5 priority-queue out i nd-to-end Qon deployment techniques for Cisco Catalyst...

Committed Access Rate CAR

Prior to class-based policing and ahe release of toe Cisco MQC, CAR was the preferred method for p traffic. CAR does not allocate buffer space for queuing oversubscribed packets, nor does CAR guara minimum amounts of bandwidth for applications. The purpose of CAR, like most policers, is to limit the availab le bandwidth. This enables administrators, through designing specific policies, to ensure priority applications do not starve out mission-critical applications. This facilitates network...

About the Technical Reviewers

Jason Cornett is a customer support engineer at Cisco Systems, where he is a technical leader for the LAN Switching team in Research Triangle Park. Jason joined Cisco in 1999 and has a total of five years of networking experience. He holds a diploma in business technology information communications systems from St. Lawrence College. Previously Jason was a network support specialist with a network management company. Lauren L. Dygowski, CCIE No. 7068, is a senior network engineer at a major...