Documente Academic
Documente Profesional
Documente Cultură
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Cisco 10000 Series Router Quality of Service Configuration Guide
Copyright 2007-2009, Cisco Systems, Inc. All rights reserved.
CONTENTS
About This Guide
xxxv
xxxv
xl
Document Organization
xl
Document Conventions
xlii
Related Documentation
xliii
CHAPTER
xliii
1-1
1-2
1-2
1-4
1-4
1-4
1-4
1-5
1-12
iii
Contents
iv
OL-7433-09
Contents
Contents
vi
OL-7433-09
Contents
CHAPTER
Classifying Traffic
1-55
1-61
2-1
2-1
vii
Contents
2-11
CHAPTER
2-5
2-12
2-14
3-1
3-4
viii
OL-7433-09
Contents
Policy Map ActionsCisco IOS Release 12.0(22)S and Later Releases 3-11
Policy Map ActionsCisco IOS Release 12.2(31)SB2 and Later Releases 3-11
Policing Actions
3-11
3-17
3-17
3-18
CHAPTER
3-19
3-22
3-23
4-1
4-1
4-9
ix
Contents
4-14
4-28
4-32
CHAPTER
4-36
5-1
5-2
OL-7433-09
Contents
CHAPTER
Policing Traffic
5-26
6-1
6-2
6-5
xi
Contents
6-9
6-11
6-13
6-14
6-15
6-15
6-14
6-16
6-17
6-17
6-17
6-23
6-23
6-25
6-25
6-26
6-28
xii
OL-7433-09
Contents
Configuration Examples for Configuring Single-Rate Traffic Policing Based on Bits per
Second 6-28
Configuring Percent-Based Policing 6-32
Configuration Examples for Configuring Percent-Based Policing 6-32
Configuring Two-Rate Policing 6-35
Configuration Example for Configuring Two-Rate Three-Color Policing 6-35
Marking Traffic Using Police Actions 6-36
Configuration Example for Marking Traffic Using Police Actions 6-36
Configuring Dual Police Actions 6-37
Configuration Example for Configuring Dual Police Actions 6-37
Configuration Examples 6-38
Configuration Example for Dual Actionsset-clp-transmit and set-mpls-exp-transmit
Configuration Example for Dual Actionsset-frde-transmit and
set-mpls-exp-imposition-transmit 6-39
Configuration Example of the set-cos-transmit Police Action 6-40
Verifying and Monitoring Traffic Policing 6-41
Verification Examples for Traffic Policing 6-41
Verifying Policing for a Specific Traffic Class 6-42
Verifying Policing on a Specific Interface 6-42
Verifying Dual Police Actionsset-clp-transmit and set-mpls-exp-transmit
Related Documentation
CHAPTER
Marking Traffic
6-38
6-43
6-43
7-1
7-3
7-9
xiii
Contents
7-10
7-12
7-13
7-14
7-17
7-17
7-18
7-16
7-19
7-19
7-20
7-21
xiv
OL-7433-09
Contents
7-21
CHAPTER
Prioritizing Services
7-38
7-39
8-1
8-2
8-4
8-4
8-4
8-5
8-5
8-5
8-6
8-7
8-9
xv
Contents
Configuring a Priority Queue with a Guaranteed Bandwidth Based on Kilobits per Second:
Example 8-9
Configuring a Priority Queue with a Percent-Based Bandwidth Guarantee: Example 8-9
Configuring Multi-Level Priority Queues: Example 8-10
Unacceptable MPQ Configurations: Examples 8-10
Verifying and Monitoring Priority Queues
8-11
CHAPTER
Shaping Traffic
8-12
8-13
9-1
9-9
9-10
9-10
9-11
9-11
9-12
9-12
xvi
OL-7433-09
Contents
9-13
9-17
9-19
CHAPTER
10
Overhead Accounting
9-22
10-1
10-3
10-5
10-5
10-5
10-6
10-7
10-7
10-11
10-12
10-15
Cisco 10000 Series Router Quality of Service Configuration Guide
OL-7433-09
xvii
Contents
CHAPTER
11
11-1
11-1
11-6
11-21
11-22
11-24
xviii
OL-7433-09
Contents
CHAPTER
12
11-40
12-1
12-3
12-4
12-6
12-7
xix
Contents
CHAPTER
13
12-18
12-19
12-20
12-20
13-1
13-3
13-3
13-11
13-12
13-12
13-13
xx
OL-7433-09
Contents
13-15
13-16
13-18
CHAPTER
14
13-27
13-29
13-30
14-1
14-4
14-6
xxi
Contents
Configuration Example for Applying Simultaneous Policies on ATM VCs and PPPoA Sessions
Configuration Example for Applying Simultaneous Policies on ATM VCs and PPPoE Sessions
Verifying Simultaneous Policy Maps
14-17
14-18
14-18
CHAPTER
15
15-1
15-3
15-9
15-9
15-10
15-21
xxii
OL-7433-09
Contents
15-40
xxiii
Contents
CHAPTER
16
15-43
15-44
16-1
16-5
xxiv
OL-7433-09
Contents
16-59
xxv
Contents
CHAPTER
17
16-69
17-1
17-19
xxvi
OL-7433-09
Contents
17-32
17-50
xxvii
Contents
CHAPTER
18
17-66
18-1
xxviii
OL-7433-09
Contents
18-25
xxix
Contents
18-42
CHAPTER
19
18-51
19-1
xxx
OL-7433-09
Contents
CHAPTER
20
19-53
20-1
xxxi
Contents
xxxii
OL-7433-09
Contents
20-32
Related Documentation
CHAPTER
21
20-32
21-1
21-4
21-5
CHAPTER
22
21-14
21-15
22-1
xxxiii
Contents
APPENDIX
22-11
22-12
A-3
A-3
A-2
A-2
APPENDIX
A-1
A-1
22-8
A-4
A-5
B-1
B-1
B-4
GLOSSARY
INDEX
xxxiv
OL-7433-09
Part Number
Publication Date
Release 12.2(33)SB2
OL-7433-08
September, 2008
Description
Added the following new and modified features:
MLP at LNS with H-QoS & ATM Overgead AccountingSee the MLP on LNS with HQoS and
ATM Overhead Accounting section on page 10-3
Part Number
Publication Date
Release 12.2(33)SB
OL-7433-06
March, 2008
Description
Added the following new and modified features:
ATM CLP-Based WREDSee the Controlling Congestion Using Weighted Random Early
Detection section on page 11-11.
ATM VP Average Traffic RateSee the ATM VP Average Traffic Rate, Release 12.2(33)SB feature
guide.
AToM Set ATM CLP Bit Using a PolicerSee the AToM Set ATM CLP Bit Using a Policer
section on page 6-13.
AToM Set Frame Relay DE as Police ActionSee the AToM Set FR DE as Police Action section
on page 6-14.
Class-Based Frame Relay DE Bit Matching and MarkingSee Chapter 2, Classifying Traffic and
the Class-Based Frame Relay DE Bit Marking section on page 7-17.
xxxv
Ethernet Overhead AccountingSee the Ethernet Overhead Accounting section on page 10-4.
MQCTraffic Shaping Overhead Accounting for ATMSee the Traffic Shaping Overhead
Accounting for ATM section on page 10-4.
MQC Support for IP SessionsSee the MQC Support for IP Sessions section on page 18-18.
Per-Session Shaping for ATM InterfacesSee the Per-Session Shaping for ATM Interfaces
section on page 18-45.
Policy Map Scaling Phase 2See the System Limits for Policy Maps section on page 3-2.
Simultaneous QoS Policy Map on Interface and PPP Session A-DSLAM caseSee Chapter 14,
Simultaneous Policy Maps.
Traffic Shaping Overhead Accounting for ATMSee the Traffic Shaping Overhead Accounting
for ATM section on page 10-4.
Set Layer 2 CoS as a Policer ActionSee the Set Layer 2 CoS as a Policer Action section on
page 6-15.
Part Number
Publication Date
Release 12.2(31)SB6
OL-7433-05
July, 2007
Description
Added the following new features:
QoS: Per-Session Shaping and Queuing on LNSSee the Shaping and Queuing Per-Session
Traffic on LNS section on page 17-44.
PPP Session Queuing on ATM Virtual CircuitsSee the Queuing PPP Sessions on ATM VCs
section on page 17-50.
qos match statistics CommandSee the qos match statistics Command section on page 2-4.
Part Number
Publication Date
Release 12.2(31)SB5
OL-7433-04
April, 2007
Description
Added the following new feature:
Per Session Queuing and Shaping for PPPoE Over VLAN Using RADIUSSee the ATM
Overhead Accounting section on page 10-2.
xxxvi
OL-7433-09
Part Number
Publication Date
Release 12.2(31)SB3
OL-7433-03
February, 2007
Description
Added the following new feature:
The show pxf cpu queue atm command now displays dropped and dequeued packets for classes
associated with sessions that inherit queues from VCsSee the Verifying Traffic Shaping section
on page 9-17.
Part Number
Publication Date
Release 12.2(31)SB2
OL-7433-02
December, 2006
Description
Updated the valid multilink interface values. These values changed from 1 to 9999 (Release 12.2(28)SB
and later) to from 1 to 9999 and 65,536 to 2,147,483,647. See Multilink PPP-Based Link Fragmentation
and Interleaving section on page 16-11.
Added the following new features:
Child Service Policy Allowed Under Priority ClassSee the Applying Child Policies Under
Priority Classes section on page 13-12.
Class-Based Ethernet Class of Service Matching and MarkingSee the Defining Match Criteria
Using the match Commands section on page 2-5 and the Class of Service Marking section on
page 7-10.
Class-Based Weighted Fair Queuing (PRE3)See the Class-Based Weighted Fair Queuing
section on page 12-1.
Classification, Policing, and Marking on the L2TP Access Concentrator (LAC)See Classifying
Traffic Policing Traffic and Marking Traffic
Control Plane PolicingSee the Control Plane Policing section on page 6-13.
Hierarchical Scheduling and QueuingSee Chapter 22, Hierarchical Scheduling and Queuing
Multi-Level Priority QueuesSee the Multi-Level Priority Queues section on page 8-3.
Policing Support for GRE TunnelsSee the Policing Support for GRE Tunnels section on
page 6-17.
PXF-Based Frame Relay DE Bit MarkingSee Class-Based Frame Relay DE Bit Marking
section on page 7-17.
QoS CLI Migration from PRE2 to PRE3See the QoS CLI Migration from PRE2 to PRE3
section on page 1-3.
xxxvii
Tunnel Header MarkingSee the Tunnel Header Marking section on page 7-18.
Traffic Shaping Overhead Accounting for ATMSee the Traffic Shaping Overhead Accounting
for ATM section on page 10-4.
VLAN Tag-Based Quality of ServiceSee Chapter 21, VLAN Tag-Based Quality of Service.
Weighted RED support for the PRE3See Chapter 11, Managing Packet Queue Congestion.
Part Number
Publication Date
Release 12.2(28)SB2
OL-7433-01
July, 2006
Description
Changed the part number and added the following new QoS features:
Hierarchical Input PolicingSee the Hierarchical Input Policing Policies section on page 13-10.
Link fragmentation and interleaving (LFI) for Multilink PPP over ATM and Frame RelaySee
Chapter 16, Fragmenting and Interleaving Real-Time and Nonreal-Time Packets.
Two-Rate Three-Color Marker for traffic policingSee the Two-Rate Three-Color Marker for
Traffic Policing section on page 6-8.
For information about non-QoS features introduced in Cisco IOS Release 12.2(28)SB and existing
features integrated in the release, see the Cross-Platform Release Notes for Cisco IOS
Release 12.2(28)SB.
Cisco IOS Release
Part Number
Publication Date
Release 12.3(7)XI7
OL-4388-06
September, 2005
Description
Added the following new features:
DBS ExtensionsVC Weight and WatermarksSee the Dynamically Changing VC Weight and
Watermark Values section on page 17-18.
Per Session Queuing and Shaping for PPPoE Over VLAN Using RADIUSSee the ATM
Overhead Accounting section on page 10-2.
Added the following features from the Cisco 10000 Series Router Broadband Aggregation, Leased-Line,
and MPLS Configuration Guide:
PVC BundlesSee Chapter 19, Configuring Quality of Service for PVC Bundles.
MPLS QoSSee Chapter 20, Configuring Quality of Service for MPLS Traffic.
MPLS Traffic EngineeringDiffServ AwareSee Chapter 20, Configuring Quality of Service for
MPLS Traffic.
xxxviii
OL-7433-09
Part Number
Publication Date
Release 12.2
OL-4388-05
July, 2005
Added the following features from the Cisco 10000 Series Router Broadband Aggregation, Leased-Line,
and MPLS Configuration Guide:
Define Interface Policy-Map AV Pairs AAASee the Applying QoS Parameters Dynamically to
Sessions section on page 17-24.
Dynamic Bandwidth SelectionSee the Applying Traffic Shaping Parameters Using RADIUS
Profiles section on page 17-2.
Per Session Rate LimitingSee the Per Session Rate Limiting section on page 18-3.
Per User Multiservice Rate LimitingSee the Per User Multiservice Rate Limiting section on
page 18-4.
Per Session Service Policy Using RADIUSSee the Per Session Service Policy Using RADIUS
section on page 18-5.
Class-Based Weighted Fair QueuingSee Chapter 12, Sharing Bandwidth Fairly During
Congestion.
Part Number
Publication Date
Release 12.3(7)XI3
OL-4388-04
March, 2005
Description
Added the following new feature:
LAC QoS on VCsSee the Attaching Layer 2 Access Concentrator QoS Service Policies section
on page 4-30.
Added the following features from the Cisco 10000 Series Router Broadband Aggregation, Leased-Line,
and MPLS Configuration Guide:
Nested and 3-level hierarchical policiesSee Chapter 13, Defining QoS for Multiple Policy
Levels.
Changed the title of Chapter 9 to Managing Packet Queue Congestion (formerly, Managing Packet
Queues).
Cisco IOS Release
Part Number
Publication Date
Release 12.0(25)SX
Release 12.3(7)XI
OL-4388-03
December, 2004
Description
Revised and reorganized the QoS Configuration Guide. Expanded both technical and configuration
information.
Added some of the QoS features currently in the Cisco 10000 Series Broadband and Leased-Line
Configuration Guide.
xxxix
Part Number
Publication Date
Release 12.0(23)SX1
Release 12.0(25)S
OL-4388-02
April, 2004
Description
Added strict priority queuing. Removed the ability to specify a rate using the priority command.
Cisco IOS Release
Part Number
Publication Date
Release 12.0(25)SX
OL-4388-01
June, 2003
Description
Created the Cisco 10000 Series Router Quality of Service Configuration Guide.
Audience
This guide is designed for system and network managers who are responsible for integrating quality of
service features into their networks. These managers should be experienced using Cisco IOS software
and should be familiar with the operation of the Cisco 10000 series router.
Document Organization
This guide contains the following chapters:
Chapter
Title
Description
Chapter 1
Chapter 2
Classifying Traffic
Chapter 3
Describes how to create QoS policies using policy maps and the
types of policy actions supported.
Chapter 4
Chapter 5
Distributing Bandwidth Between Queues Describes bandwidth allocation and how to use the bandwidth
command to distribute bandwidth between traffic queues.
Chapter 6
Policing Traffic
Chapter 7
Marking Traffic
Chapter 8
Prioritizing Services
Chapter 9
Shaping Traffic
xl
OL-7433-09
Chapter
Title
Description
Chapter 10
Overhead Accounting
Chapter 11
Chapter 12
Chapter 13
Defining QoS for Multiple Policy Levels Describes the types of hierarchical policies supported and how
to configure them.
Chapter 14
Chapter 15
Chapter 16
Fragmenting and Interleaving Real-Time Describes fragmentation and interleaving on the router and how
and Nonreal-Time Packets
to configure it.
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Configuring Quality of Service for MPLS Describes the MPLS QoS feature and the MPLS Traffic
Traffic
EngineeringDiffServ Aware feature and how to configure
them.
Chapter 21
xli
Chapter
Title
Description
Chapter 22
Appendix A
Appendix B
Document Conventions
This guide uses the following conventions:
Note
Caution
Warning
Italics are used for command input for which you supply values.
Screen font is used for examples of information that are displayed on the screen.
Bold screen font is used for examples of information that you enter.
Braces within square brackets ( [{}] ) indicate a required choice within an optional element.
Means reader take note. Notes contain helpful suggestions or references to material not covered in the
guide.
Means reader be careful. In this situation, you might do something that could result in equipment
damage or loss of data.
xlii
OL-7433-09
Related Documentation
Each chapter of this guide provides additional documentation you can reference for more information
about specific features.
The Cisco 10000 Series Router Quality of Service Configuration Guide is one of the documents available
for the Cisco series router. Each Cisco 10000 series router document provides specific hardware and
software information to help you integrate and use the router in your network configuration. For a list of
available Cisco 10000 series router documentation, see the following URL:
http://www.cisco.com/en/US/products/hw/routers/ps133/tsd_products_support_series_home.html
xliii
xliv
OL-7433-09
CH A P T E R
Congestion management
Congestion control
Traffic policing
Traffic shaping
This chapter provides an overview of QoS on the Cisco 10000 series router and includes the following
topics:
1-1
Chapter 1
Classify traffic so that different applications or traffic classes receive treatment in accordance with
defined requirements
Ensure adequate resources are allocated so that the network delivers the performance the customer
requires
The ability to apply a QoS feature to an interface does not imply support for all QoS features on the
interface.
The router does not have a limit on the number of interfaces that can have a QoS policy.
Trunk interfaces require multiple flows to achieve line-rate performance at packet sizes smaller than
250 bytes.
Note
A flow consists of IP packets with the same source and destination addresses.
Note
The router does not support interface-based, legacy QoS commands such as the rate-limit and
traffic-shape interface configuration commands. For information on these commands, see Appendix A,
Configuring Frame Relay QoS Using Frame Relay Legacy Commands
The following apply when you configure QoS on Frame Relay:
When you apply a service policy on the physical interface instead of on the individual subinterfaces,
the aggregate traffic from all PVCs is subject to the service policy. This allows you to apply QoS
policies independently of PVCs.
When you apply a service policy on a Frame Relay point-to-point subinterface, only the subinterface
traffic is subject to the service policy.
1-2
OL-7433-09
Chapter 1
Using the legacy Frame Relay QoS CLI, you can enable Weighted Random Early Detection
(WRED), traffic shaping, fair queuing, and low-latency queuing on a PVC basis.
Policy mapDefines the actions to be taken on the traffic matching the class map criteria.
Service policyAttaches the service policy to an interface and specifies if the policy is to be applied
to inbound or outbound traffic.
For more information about class maps, policy maps, and service policies, see the following chapters in
this guide:
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.2(15)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
This feature was introduced on the PRE3 and included the PRE3
new qos match statistics command.
Enhancements to the MQC allow you to classify packets
on the L2TP access concentrator (LAC) based upon the IP
type of service (ToS) bits in an embedded IP packet. When
a policer is configured, the router uses the packet
classification to police ingress traffic according to the
DSCP value.
Release 12.2(33)SB
PRE4
1-3
Chapter 1
Description
Required PRE
Release 12.2(31)SB2
PRE3
Release 12.2(33)SB
PRE4
Provide preferential service to customers or applications that cannot tolerate dropped packets during
periods of congestion.
Provide dedicated bandwidth and low-latency queuing to privileged data that cannot tolerate delay.
Share the bandwidth fairly among competing traffic. For example, allocate percentages of a link
bandwidth to the various applications.
Prevent congestion by using congestion control algorithms such as random early detection (RED)
and weighted random early detection (WRED), instead of using the default tail drop mode of
operation.
Police and shape transmission rates to limit and control traffic that exceeds predefined transmission
rate limits.
Fragment reassembly
2.
3.
Input classification
4.
Input marking
1-4
OL-7433-09
Chapter 1
5.
6.
Output classification
7.
Output marking
8.
9.
Bandwidth distribution, priority service, traffic shaping, random early detection (RED), and tail
drop
10. Fragmentation
Classification criteriaDefined in class maps and tell the router how to classify packets received on
the interface.
ActionsDefined in policy maps and tell the router the actions and rules to apply to the packets.
Step 2
Create a policy map. (See Chapter 3, Configuring QoS Policy Actions and Rules.)
Step 3
Attach the service policy to an interface. (See Chapter 4, Attaching Service Policies.)
Class-map commands
tell the router how to
recognize a packet
that is subject to QoS.
Interface
Packet
Line
Card
Backplane
Packet
Performance
Routing
Engine
Packet
Backplane
Packet
Interface
Line
Card
Policy-map commands
tell the router what
to do with a packet.
For example , drop the
packet or let it through.
Packet
126558
Figure 1-1
1-5
Chapter 1
QoS Models
QoS Models
This section defines two QoS models with respect to Ether-DSL aggregation, supported on the Cisco
10000 series router. It includes the following topics:
Ability for one service or class of a particular subscriber to re-use unused bandwidth from another
service or class for the same subscriber.
Enforce a sub modem train rate max (shaped) aggregate rate per subscriber line
Support multiple points of traffic injection into the Layer 2 access network
The two DSLAM model configurations that are supported on Cisco 10000 series router for business and
residential services are:
Note
1-6
OL-7433-09
Chapter 1
No QOS supported
BRAS
PE-AGG / UPE
E-DSLAM
270995
Downstream per
subscriber line:
shape/min bw
per class PQ +
CBQ+ WRED
CPE
bw = bandwidth
PQ = Priority Queue
CBQ = Class Based Queue
WRED = Weighted Random Early Detection
Model F Definition
This model is functionally equivalent to the ATM model with shaped virtual paths (VPs) and shaped
virtual circuits (VCs). Similar to the Model D.2, this model has all QOS control at the broadband remote
access server or network processing engine (BRAS / NPE) and none at the DSLAM.
The traffic to a group of subscriber lines is shaped to a defined rate, equivalent to a virtual path in ATM.
In the case of residential services, a group of subscribers is represented by a VLAN, and for business
services a group of subscribers is represented by the outer 802.1q tag.
The traffic to individual subscriber lines is shaped to less than or equal to the DSLAM modem train rate.
The subscriber line for business services is identified by the inner and outer 802.1q tag. The subscriber
line is represented by individual or groups of IP or PPP sessions.
QoS Model F requires 3 levels of shaping, queuing and scheduling Subinterface / Session / Class
queues.
The key components of Model F are shown in Figure 1-3.
1-7
Chapter 1
QoS Models
Figure 1-3
ISP aggregate:
shape/min bw
Downstream per
subscriber line:
shape/min bw
per class PQ+CBQ
Upstream and
downstream per ISP
aggregate per class:
police
No QOS supported
270996
BRAS/NPE
PE-AGG/UPE
E-DSLAM
CPE
Configuration Tasks
Model D.2 supports two types of configurations:
Step 2
Step 3
Step 4
Step 2
Step 3
Step 4
1-8
OL-7433-09
Chapter 1
Model F supports multiple IP and/or PPP sessions per subscriber line with shaping occurring at the
subscriber line level, by using the line ID information present in DHCP option 82 and the PPP tag.
Shaping sessions with a common line ID effects traffic shaping for a particular subscriber line. See
Example 1-3 for more configuration information.
Model F configuration requires three levels of shaping/queuing hierarchy on the BRAS or NPE at the
Subinterface, Session and Class levels.
Step 2
Step 3
Step 4
Step 5
Configuration Examples
An example of Model D.2 subinterface configuration is described in Example 1-1.
Example 1-1
Policy business-A-child
class voip
priority level 1
police <rate> <nb>
set cos <cos>
class video
priority level 2
police <rate> <nb>
set cos <cos>
class gaming
bandwidth remaining ratio <i> [account qinq aalx xxx]
set cos <cos>
class class-default
bandwidth remaining ratio <j> [account qinq aalx xxx]
set cos <cos>
Policy company-A-parent
class class-default
bandwidth remaining ratio <number> [account qinq aalx xxx]
shape average <cir> <nb> [account qinq aalx xxx]
service policy business-A-child
interface GigabitEthernet1/0/0.n
description Company A
encapsulation dot1q 1 second-dot1q n
service-policy output company-A-parent
interface GigabitEthernet1/0/0.m
description Company B
encapsulation dot1q 1 second-dot1q m
service-policy output company-B-parent
1-9
Chapter 1
QoS Models
Policy session-A-child
class voip
priority level 1
police <rate> <nb>
set cos <cos>
class video
priority level 2
police <rate> <nb>
set cos <cos>
class gaming
bandwidth remaining ratio <i> [account xxx aalx xxx]
set cos <cos>
class class-default
bandwidth remaining ratio <j> [account xxx aalx xxx]
set cos <cos>
Policy session-A-parent
bandwidth remaining ratio <number> [account xxx aalx xxx]
shape average <cir> <nb> [account xxx aalx xxx]
service policy session-A-child
Session-N-parent policy-maps attached to PPP/IP sessions via Radius or via a
Virtual-Template
Policy session-N-child
class voip
priority level 1
police <rate> <nb>
set cos <cos>
class video
priority level 2
police <rate> <nb>
set cos <cos>
class gaming
bandwidth remaining ratio <i> [account xxx aalx xxx]
set cos <cos>
class class-default
bandwidth remaining ratio <j> [account xxx aalx xxx]
set cos <cos>
Policy session-N-parent
class class-default
bandwidth remaining ratio <number> [account xxx aalx xxx]
shape average <cir> <nb> [account xxx aalx xxx]
service-policy session-N-child
Policy isp_A
class class-default
shape average
interface GigabitEthernet1/0/0.1
encapsulation dot1q 1
service-policy output isp_A
1-10
OL-7433-09
Chapter 1
Or
interface GigabitEthernet1/0/0.1
encapsulation dot1q 1 second-dot1q any
service-policy output isp_A
Session-N-parent policy-maps attached to PPP/IP sessions via Radius or via
Virtual-Templates.
Qos Policy Propagation through the Border Gateway Protocol, page 1-55
1-11
Chapter 1
1-12
OL-7433-09
Chapter 1
service-policy Command
Cisco IOS Release: Release 12.0(17)SL
Description: The service-policy command was introduced on the PRE1 to attach a policy map that the
router can use to apply QoS services to inbound and outbound packets.
Cisco IOS Release: Release 12.2(15)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.3(7)XI2
Description: This command was enhanced on the PRE2 to allow you to attach a policy map to a range
of PVCs, and to a specific PVC within the PVC range.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
1-13
Chapter 1
1-14
OL-7433-09
Chapter 1
Classifying Traffic
Documentation Reference: Chapter 2, Classifying Traffic
class-map Command
Cisco IOS Release: Release 12.0(17)SL
Description: The class-map command was introduced on the PRE1 to enable you to configure a
classification policy for traffic classes.
Cisco IOS Release: Release 12.2(15)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
1-15
Chapter 1
match Commands
Cisco IOS Release: Release 12.0(17)SL
Description: The match command was introduced on the PRE1 to enable you to define the following
match criteria for a class map:
match-all CommandIndicates that a packet must match all of the match criteria specified.
match-any CommandIndicates that a packet must match only one of the match criteria specified.
match access-group CommandIndicates that a packet must match one of the predefined access
control list (ACL) statements.
match input-interface CommandIndicates that the input interface on which the packet arrives
must match the value you set using the set input-interface command.
match ip dscp CommandIndicates that the IP DSCP value of the packet must match the value you
set using the set ip dscp command.
match ip precedence CommandIndicates that the IP precedence value of the packet must match
the value you set using the set ip precedence command.
match ip rtp CommandIndicates that the IP Real-Time Transport Protocol (RTP) value of the
packet must match the value you set using the set ip rtp command.
match qos-group CommandIndicates that the QoS group value of the packet must match the
value you set using the set qos-group command.
match not CommandIndicates that the packet must not match the criteria you set. You can use
the match not command with any match criteria.
For example, to classify packets that do not have a specific class of service value, enter the
match not cos command in the appropriate class map as a match criterion. The router classifies a
packet when the CoS value of the packet does not match the value you set using the set cos
command.
1-16
OL-7433-09
Chapter 1
Note
The router does not support the set mpls experimental topmost command.
1-17
Chapter 1
1-18
OL-7433-09
Chapter 1
1-19
Chapter 1
Configurable Rate and Burst Size for the Divert Cause Policer, page 1-20
Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer, page 1-20
Configurable Rate and Burst Size for the Divert Cause Policer
Cisco IOS Release: Release 12.2(33)SB
Description: The Configurable Rate and Burst Size for the Divert Cause Policer feature was introduced
on the PRE3 and PRE4 to configure the rate and burst size of the divert cause policer.
Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer
Cisco IOS Release: Release 12.2(33)SB
Description: The Drop Alarms for Packet Drops by the To-RP Queues and Divert Cause Policer feature
was introduced on the PRE3 and PRE4 to monitor possible DoS attacks by sending warning messages
(alarms) to the console and the syslog log file to alert you when a change in drop activities occurs, such
as packet drops due to congestion in the To-RP queues or due to aggregated traffic that violates the divert
cause policer.
1-20
OL-7433-09
Chapter 1
queue-limit Command
Cisco IOS Release: Release 12.0(17)SL
Description: The queue-limit command was introduced on the PRE1 to allow you to specify or modify
the maximum number of packets that a particular class queue can hold.
Cisco IOS Release: Release 12.0(25)SX
Description: This command was enhanced on the PRE1 to allow you to simultaneously configure both
the queue-limit and random-detect commands in the same class of a policy map.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2 without the ability to simultaneously
configure the random-detect command and the queue-limit command for the same class queue.
Cisco IOS Release: Release 12.3(7)XI
Description: This command was enhanced on the PRE2 to allow you to simultaneously configure both
the queue-limit and random-detect commands in the same class of a policy map.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
1-21
Chapter 1
random-detect Command
Cisco IOS Release: Release 12.0(17)SL
Description: The random-detect command was introduced on the PRE1 to configure a random early
detection drop policy for a traffic class that includes a bandwidth guarantee. The command allows you
to configure a drop policy based on IP precedence. An exponential-weight-constant option allows you
to change the default method random-detect uses to calculate the average queue size.
Cisco IOS Release: Release 12.0(21)ST
Description: This command was enhanced to support the MPLS experimental (EXP) field.
Cisco IOS Release: Release 12.0(22)S
Description: This command was enhanced to allow you to configure a drop policy based on a
differentiated services code point (DSCP).
Cisco IOS Release: Release 12.0(25)SX
Description: This command was enhanced to allow you to simultaneously configure the random-detect
command and the queue-limit command for the same class queue.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.3(7)XI
Description: This command was enhanced on the PRE2 to:
Enable the configuration of eight unique drop precedence levels for one queue instead of four levels
Allow the simultaneous configuration of both the random-detect and queue-limit commands for a
class queue
Maintain separate WRED drop statistics for each IP precedence, discard-class, and DSCP value
1-22
OL-7433-09
Chapter 1
1-23
Chapter 1
1-24
OL-7433-09
Chapter 1
Enable the configuration of eight unique drop precedence levels for one queue instead of four levels
Allow the simultaneous configuration of both the random-detect and queue-limit commands for a
class queue
Maintain separate WRED drop statistics for each IP precedence, discard-class, and DSCP value
bandwidth Command
Cisco IOS Release: Release 12.0(17)SL
Description: The bandwidth command was introduced on the PRE1 to enable bandwidth fair queuing
and to create multiple class queues based on bandwidth.
Cisco IOS Release: Release 12.0(22)S
Description: This command was enhanced to include the percent option.
Cisco IOS Release: Release 12.0(23)SX
Description: This command was enhanced to include the remaining percent option.
1-25
Chapter 1
1-26
OL-7433-09
Chapter 1
, page 1-27
Hierarchical Policies
Documentation Reference: Chapter 13, Defining QoS for Multiple Policy Levels
1-27
Chapter 1
1-28
OL-7433-09
Chapter 1
1-29
Chapter 1
LAC QoS
Cisco IOS Release: Release 12.2(31)SB3
Description: The show pxf cpu queue atm command displays dropped and dequeued packets for
classes associated with sessions that inherit queues from VCs.
Cisco IOS Release: Release 12.3(7)XI3
Description: The LAC QoS feature was introduced on the PRE2 to allow you to attach QoS service
policies to ATM VCs on the on the Layer 2 Access Concentrator (LAC).
1-30
OL-7433-09
Chapter 1
1-31
Chapter 1
1-32
OL-7433-09
Chapter 1
1-33
Chapter 1
1-34
OL-7433-09
Chapter 1
1-35
Chapter 1
Marking Traffic
Documentation Reference: Chapter 7, Marking Traffic
1-36
OL-7433-09
Chapter 1
1-37
Chapter 1
Marking Feature
Cisco IOS Release: Release 12.0(17)SL
Description: The marking feature was introduced on the PRE1 to enable you to differentiate packets
based on designated markings. Other devices can examine the marked bits and classify traffic based on
the marked values.
Cisco IOS Release: Release 12.0(22)S
Description: This feature was enhanced to support MPLS experimental (EXP) marking.
Cisco IOS Release: Release 12.2(16)BX
Description: This feature was introduced on the PRE2 and was enhanced to support 802.1Q class of
service (CoS) marking. This enhancement is available only on the PRE2.
Cisco IOS Release: Release 12.3(7)XI
Description: This feature was enhanced on the PRE2 to support MPLS experimental (EXP) and
discard-class marking. The discard-class enhancement is available only on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This feature was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.
Cisco IOS Release: Release 12.2(31)SB2
Description: This feature was introduced on the PRE3 to allow you to mark the IP DSCP bits of traffic
on the L2TP access concentrator (LAC). Frame Relay DE bit marking and tunnel header marking were
also introduced on the PRE3.
1-38
OL-7433-09
Chapter 1
MQC Feature
Cisco IOS Release: Release 12.0(17)SL
Description: The MQC feature was introduced on the PRE1 to enable you to configure QoS services on
the Cisco 10000 series router.
Cisco IOS Release: Release 12.2(15)BX
Description: This feature was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This feature was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.
Cisco IOS Release: Release 12.2(31)SB2
Description: This feature was introduced on the PRE3. Enhancements to the MQC allow you to classify
packets on the L2TP access concentrator (LAC) based upon the IP type of service (ToS) bits in an
embedded IP packet. When a policer is configured, the router uses packet classification to police ingress
traffic according to the DSCP value.
Overhead Accounting
Documentation Reference: Chapter 10, Overhead Accounting
1-39
Chapter 1
1-40
OL-7433-09
Chapter 1
1-41
Chapter 1
1-42
OL-7433-09
Chapter 1
queue-depth Command
Cisco IOS Release: Release 12.3(7)XI1
Description: The queue-depth command was introduced on the PRE2 to allow you to configure the
segmentation and reassembly (SAR) line card queue depth for each VC interface queue.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
weight Command
Cisco IOS Release: Release 12.3(7)XI1
Description: The weight command was introduced on the PRE2 to allow you to control virtual circuit
(VC) bandwidth when the virtual path (VP) is congested.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
1-43
Chapter 1
Weighting Feature
Cisco IOS Release: Release 12.3(7)XI1
Description: The VC weighting feature was introduced on the PRE2 to control the number of cells for
each VC that is sent into the virtual path (VP).
Cisco IOS Release: Release 12.2(28)SB
Description: This feature was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This feature was introduced on the PRE3.
Policing Traffic
Documentation Reference: Chapter 6, Policing Traffic
1-44
OL-7433-09
Chapter 1
set-atm-clp-transmit to set the ATM cell loss priority (CLP) bit value.
set-frde-transmit to set the Frame Relay discard eligibility (DE) bit value.
1-45
Chapter 1
Policing Feature
Cisco IOS Release: Release 12.0(17)SL
Description: The policing feature was introduced on the PRE1 to allow you to control the maximum rate
of traffic sent or received on an interface. This feature included a single-rate two-color policer.
Cisco IOS Release: Release 12.0(25)S
Description: This feature was enhanced on the PRE1 to include a three-color marker.
Cisco IOS Release: Release 12.2(16)BX
Description: This feature was introduced on the PRE2 and included a single-rate two-color marker.
Cisco IOS Release: Release 12.3(7)XI
Description: This feature was enhanced on the PRE2 to include a three-color marker.
1-46
OL-7433-09
Chapter 1
1-47
Chapter 1
Prioritizing Traffic
Documentation Reference: Chapter 8, Prioritizing Services
priority Command
Cisco IOS Release: Release 12.0(17)SL
Description: The priority command was introduced on the PRE1 to give priority to a traffic class in a
policy map and to set the bandwidth rate for the queue in kilobits per second.
Cisco IOS Release: Release 12.0(20)ST
Description: This command was enhanced on the PRE1 to include a percent-based bandwidth rate.
Cisco IOS Release: Release 12.0(25)S
Description: This command was modified on the PRE1 to provide strict priority queuing. Strict priority
queuing guarantees low-latency for any packet that enters a priority queue, regardless of the current
congestion level on the link. To specify a bandwidth rate for a strict priority queue, you must specify the
police command.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2 to allow you to set the bandwidth rate for a
queue in kilobits per second or as a percentage.
Cisco IOS Release: Release 12.3(7)XI
Description: This command was modified to provide strict priority queuing on the PRE2. To specify a
bandwidth rate for a strict priority queue, you must specify the police command.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
1-48
OL-7433-09
Chapter 1
1-49
Chapter 1
PVC Bundles
Documentation Reference: Chapter 19, Configuring Quality of Service for PVC Bundles
PVC Bundles Over ATM and Frame Relay Feature, page 1-53
ATM PVC Bundle EnhancementMPLS EXP-Based PVC Selection Feature, page 1-53
Frame Relay PVC Bundles with QoS Support for IP and MPLS Feature, page 1-53
bump Command
Cisco IOS Release: Release 12.0(26)S
Description: The bump command was introduced on the PRE1 to configure the bumping rules for an
ATM PVC bundle or a specific ATM PVC bundle member.
1-50
OL-7433-09
Chapter 1
bundle Command
Cisco IOS Release: Release 12.0(26)S
Description: The bundle command was introduced on the PRE1 to create an ATM bundle or modify an
existing ATM bundle.
class-bundle Command
Cisco IOS Release: Release 12.0(26)S
Description: The class-bundle command was introduced on the PRE1 to configure an ATM virtual
circuit (VC) bundle with the bundle-level commands contained in the specified VC class.
class-vc Command
Cisco IOS Release: Release 12.0(26)S
Description: The class-vc command was introduced on the PRE1 to assign a virtual circuit (VC) class
to an ATM permanent virtual circuit (PVC) or PVC bundle member.
exp Command
Cisco IOS Release: Release 12.0(26)S
Description: The exp command was introduced on the PRE1 to configure Multiprotocol Label
Switching (MPLS) experimental (EXP) levels for a Frame Relay permanent virtual circuit (PVC) bundle
member.
1-51
Chapter 1
oam-bundle Command
Cisco IOS Release: Release 12.0(26)S
Description: The oam-bundle command was introduced on the PRE1 to enable end-to-end F5
Operation, Administration, and Maintenance (OAM) loopback cell generation and OAM management
for all permanent virtual circuit (PVC) members of a bundle or a VC class that can be applied to a PVC
bundle.
precedence Command
Cisco IOS Release: Release 12.0(26)S
Description: The precedence command was introduced on the PRE1 to configure precedence levels for
a virtual circuit (VC) class, VC, or permanent virtual circuit (PVC) member of a bundle. The VC class
is assigned to a PVC bundle and thus applied to all PVC members of that bundle.
protect Command
Cisco IOS Release: Release 12.0(26)S
Description: The protect command was introduced on the PRE1 to configure a virtual circuit (VC) class
with protected group or protected VC status for application to a PVC bundle member and to configure a
specific VC or permanent virtual circuit (PVC) as part of a protected group of the bundle or to configure
it as an individually protected VC or PVC bundle member.
1-52
OL-7433-09
Chapter 1
pvc-bundle Command
Cisco IOS Release: Release 12.0(26)S
Description: The pvc-bundle command was introduced on the PRE1 to add a permanent virtual circuit
(PVC) to a bundle as a member of the bundle and enter bundle-vc configuration mode in order to
configure that PVC bundle member,
Frame Relay PVC Bundles with QoS Support for IP and MPLS Feature
Cisco IOS Release: Release 12.0(26)S
Description: The Frame Relay PVC Bundles with QoS Support for IP and MPLS feature was introduced
on the PRE1 to provide Frame Relay PVC selection based on the precedence, DSCP, or MPLS EXP level
of a packet.
1-53
Chapter 1
policy-map Command
Cisco IOS Release: Release 12.0(17)SL
Description: This command was introduced on the PRE1 to configure a QoS policy map.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB for the PRE2.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
Cisco IOS Release: Release 12.2(33)SB
Description: This command was introduced on the PRE4.
1-54
OL-7433-09
Chapter 1
Per Session Queuing and Shaping for PPPoE Over VLAN Support Using RADIUS Feature,
page 1-55
Per Session Queuing and Shaping for PPPoE Over VLAN Support Using RADIUS Feature
Cisco IOS Release: Release 12.3(7)XI7
Description: The Per Session Queuing and Shaping for PPPoE over VLAN Support Using RADIUS
feature was introduced on the PRE2 to enable dynamic queuing and shaping policies on PPPoEoVLAN
sessions.
Cisco IOS Release: Release 12.2(31)SB5
Description: This feature was integrated in Cisco IOS Release 12.2(31)SB5 for the PRE2.
Shaping Traffic
Documentation Reference: Chapter 9, Shaping Traffic
1-55
Chapter 1
pvc Command
Cisco IOS Release: Release 12.0(17)SL
Description: This command was introduced on the PRE1.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
shape Command
Cisco IOS Release: Release 12.0(17)SL
Description: This command was introduced on the PRE1.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
1-56
OL-7433-09
Chapter 1
vbr-nrt Command
Cisco IOS Release: Release 12.0(25)SX
Description: This command was introduced on the PRE1.
Cisco IOS Release: Release 12.2(16)BX
Description: This command was introduced on the PRE2.
Cisco IOS Release: Release 12.2(28)SB
Description: This command was integrated in Cisco IOS Release 12.2(28)SB.
Cisco IOS Release: Release 12.2(31)SB2
Description: This command was introduced on the PRE3.
1-57
Chapter 1
1-58
OL-7433-09
Chapter 1
Class-Based Weighted Fair Queuing for Virtual Access Interfaces Feature, page 1-60
1-59
Chapter 1
Simultaneous QoS Policy Map on Interface and PPP SessionA-DSLAM Case, page 1-60
1-60
OL-7433-09
Chapter 1
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
CISCO-CLASS-BASED-QOS-MIB and
CISCO-CLASS-BASED-QOS-CAPABILITY-MIB
Line cards
1-61
Chapter 1
Related Documentation
1-62
OL-7433-09
CH A P T E R
Classifying Traffic
This chapter describes how to create traffic classification rules that the Cisco 10000 series router can use
to classify inbound and outbound traffic.
Even with fast interfaces, most networks require a strong quality of service (QoS) management model
to effectively manage the congestion points that occur due to speed-mismatch or diverse traffic patterns.
Real world networks have limited resources and resource bottlenecks, and need QoS policies to ensure
proper resource allocation.
The first step in creating a QoS service policy is to define how you want the router to classify traffic.
The traffic that matches the classification criteria is then subject to the QoS policy you create and apply
to the interface.
This chapter includes the following topics:
2-1
Chapter 2
Classifying Traffic
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.2(15)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
This feature was enhanced to support matching on the Frame PRE2, PRE3,
Relay Discard Eligibility (DE) bit.
PRE4
Number of Class
Maps per System
Number of Match
Statements per
Number of Classes
Class Map
per Policy Map
Processor
PRE1
16
16
Release 12.0(17)SL
and later releases
256
16
256
Release 12.0(25)SX
and later releases
256
16
32
Release 12.2(15)BX
and later releases
262,000
16
64
Release 12.3(7)XI
and later releases
262,000
16
127
PRE2
2-2
OL-7433-09
Chapter 2
Classifying Traffic
Traffic Classification Using Class Maps
Table 2-1
Processor
Number of Class
Maps per System
PRE3
Release 12.2(31)SB2
and later releases
262,144
(per-match mode)
Number of Match
Statements per
Number of Classes
Class Map
per Policy Map
16
64
16
64
4,194,304
(per-class mode)
PRE4
262,144
(per-match mode)
4,194,304
(per-class mode)
Per-match mode (default mode)The router counts matches for each match statement and class,
and supports 262,144 unique class maps per system.
Per-class modeThe router counts matches for the entire class and supports 4,194,304 unique class
maps. This mode provides greater scalability.
To configure per-match or per-class QoS match statistics, use the qos match statistics command. For
more information, see the qos match statistics Command section on page 2-4.
Note
The qos match statistics command is not available on the PRE2. Due to memory limitations, the PRE2
cannot exceed 262,000 class maps.
When using the show commands in per-class mode, the per-match statistics display a value of zero. In
per-class mode, the per-match statistics are zero in the MIB.
class-map Command
To create or modify a class map, use the class-map command in global configuration mode. To remove
a class map, use the no form of this command. By default, the router uses match-all.
class-map [match-any | match-all] class-map-name
no class-map [match-any | match-all] class-map-name
2-3
Chapter 2
Classifying Traffic
Syntax Description
match-any
(Optional) Indicates that a packet must meet at least one of the match
criteria to be considered a member of the class.
match-all
(Optional) Indicates that a packet must meet all of the match criteria to be
considered a member of the class.
class-map-name
Description
Release 12.0(17)SL
Release 12.0(15)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
This command was integrated in Cisco IOS Release 12.2(31)SB2 for the
PRE3.
Syntax Description
per-class
Specifies to count QoS matches for the entire class. This mode provides
greater scalability.
per-match
Specifies to count matches for each match statement and class. This mode
provides PRE2 backward compatibility.
2-4
OL-7433-09
Chapter 2
Classifying Traffic
Traffic Classification Using Class Maps
Command Default
Per-match is the default mode.
Description
Release 12.2(31)SB2
This command was introduced and implemented on the Cisco 10000 series
router for the PRE3.
Purpose
Router(config-cmap)# match-all
Specifies that the packet must match all of the matching criteria
defined for a class map.
Router(config-cmap)# match-any
Specifies that the packet must match at least one of the matching
criteria defined for a class map.
2-5
Chapter 2
Classifying Traffic
Command
Purpose
Specifies that the packet must not match this particular matching
criterion value.
criteria specifies the match criterion value that is an unsuccessful
match criterion. All other values of the specified match criterion
are considered successful match criteria.
Specifies that the packet class of service (CoS) bit value must
match the specified CoS value.
value is a number from 0 to 7. You can specify up to four CoS
values, separated by a space.
Note
Specifies that the router is to look for the Frame Relay discard
eligibility (DE) bit in the packets.
Specifies that the packet input interface must match the interface
name.
2-6
OL-7433-09
Chapter 2
Classifying Traffic
Traffic Classification Using Class Maps
Command
Purpose
Specifies that the packet even UDP port value must be within the
specified range of port numbers. Only even-numbered ports are
matched because they carry the real-time data streams.
Odd-numbered ports are not matched because they only carry
control information.
lowest-udp-port is a number from 0 to 65535 and is the lowest
number in the range.
range specifies a number from 0 to 65535 and is the highest
number in the range.
2-7
Chapter 2
Classifying Traffic
Command
Purpose
Specifies that the experimental (EXP) bit value of the packet must
match the MPLS EXP value that you specify.
mpls-exp-value specifies the value to which you want to set the
MPLS EXP bits. Valid values are from 0 to 7. You can specify up
to 8 MPLS EXP values.
Note
Specifies that the packet QoS group number value must match the
specified QoS group number.
number is a group number from 0 to 99.
2-8
OL-7433-09
Chapter 2
Classifying Traffic
Traffic Classification Using Class Maps
Command
Description
Release 12.0(17)SL
match
match access-group
match-all
match-any
match input-interface
match ip dscp
match ip precedence
match ip rtp
match qos-group
Release 12.0(17)SL
match not
Release 12.0(22)S
Release 12.2(15)BX
match cos
Release 12.2(16)BX
Release 12.3(7)XI
match discard-class
match
Release 12.2(28)SB
2-9
Chapter 2
Classifying Traffic
Command
Description
Release 12.2(31)SB2
match cos
match ip dscp
match vlan
match fr-de
Release 12.2(33)SB
You must use the ip keyword to match DSCP values for IPv4 packets. The router supports only
DSCP matching of IPv4 packets.
match ip precedence
You must use the ip keyword to match precedence values for IPv4 packets. The router supports only
precedence matching of IPv4 packets.
match ip rtp
Use this command to match IP RTP packets destined to all even-numbered user datagram port (UDP)
port numbers in the range you specify.
Matching on the RTP port range is particularly effective for applications that use RTP, such as voice
or video.
match mpls-experimental-topmost
Use this command to include matching on the EXP bit value on the topmost label entry of the packet.
match not
Use this command to specify a QoS policy value that is not used as a match criterion. When you use
the match not command, all other values of that QoS policy become successful match criteria.
For example, if you enter the match not qos-group 4 command in class-map configuration mode,
the specified class accepts all QoS group values except 4 as successful match criteria.
2-10
OL-7433-09
Chapter 2
Classifying Traffic
Restrictions and Limitations for Traffic Classification
match qos-group
Use this command to identify a specific QoS group number marking on a packet. You can also use
this command to convey the received MPLS experimental (EXP) field value to the output interface.
The router only uses the QoS group number as an identifying mark. The QoS group numbers have
no mathematical significance. For example, qos-group 2 is not greater than 1. The value simply
indicates that a packet marked with qos-group 2 is different than a packet marked with qos-group 1.
You define the treatment of these packets by defining QoS policies in a policy map.
The QoS group number is local to the router. The QoS group number that is marked on a packet does
not leave the router when the packet leaves the router. To mark the packet with a value that resides
in the packet, use an IP precedence setting, an IP DSCP setting, or another method of packet
marking.
match vlan
Do not use this command with any other match command in a class map.
Class-Default Class
The class named class-default is a predefined traffic class that the router uses to classify traffic that does
match one of the defined classes in a policy map. Although class-default is predefined, you can configure
policy actions for it in the policy map. If you do not configure policy actions, by default the router
classifies class-default traffic as first in, first out (FIFO) and gives the traffic best-effort treatment.
For more information on policy actions, see Chapter 3, Configuring QoS Policy Actions and Rules.
The Cisco 10000 series router does not have a predefined scaling limit for classification.
A policy map with a traffic class based on the match fr-de command can be applied only on an
inbound Frame Relay interface.
2-11
Chapter 2
Classifying Traffic
Step 1
Command
Purpose
Step 2
Router(config-class-map)# match
match_statement
Example 2-2 creates a class map named class1 that tells the router to look for packets that belong to
access list 1 or that have an IP precedence value of 3 or 7.
Example 2-2
2-12
OL-7433-09
Chapter 2
Classifying Traffic
Classifying Traffic Using a Class Map
Purpose
Verification Example
Example 2-3 shows configuration information about the class map named class1.
Example 2-3
2-13
Chapter 2
Classifying Traffic
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
document. To display the documentation, click the document title or a section of the document
highlighted in blue. When appropriate, paths to applicable sections are listed below the documentation
title.
Feature
Related Documentation
Classification
Class maps
match commands
2-14
OL-7433-09
CH A P T E R
QoS Policies
After the Cisco 10000 series router classifies traffic based on the classification rules applied on an
inbound or outbound interface, the router needs to know how to handle the traffic that meets the
matching criteria. A modular quality of service command-line interface (MQC) element called a policy
map enables you to create QoS policies that tell the router the QoS actions and rules to apply to packets
belonging to a particular traffic class.
The following sections describe policy maps and QoS actions:
3-1
Chapter 3
QoS Policies
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.2(15)BX
PRE2
Release 12.2(28)SB
Release 12.2(31)SB
PRE2, PRE3
Release 12.2(33)SB
PRE3, PRE4
Processor
PRE1
256
16
Release 12.0(17)SL
and later releases
PRE1
256
256
Release 12.0(25)SX
and later releases
PRE1
4096
32
Release 12.2(15)BX
and later releases
PRE2
256
64
Release 12.3(7)XI
and later releases
PRE2
4096
127
3-2
OL-7433-09
Chapter 3
Table 3-1
Processor
Release 12.2(27)SBB
PRE2
4096
64
Release 12.2(31)SB2
and later releases
PRE3
4096
64
8192
64
4096
64
8K Policy Maps
The 8K Policy Maps feature enables the router to support a maximum of 8192 unique policy maps for
the PRE3 and PRE4, doubling the number supported in previous releases. The router supports up to 4096
policy maps for the PRE2. To configure 8192 policy maps, the router must be running Cisco IOS
Release 12.2(33)SB. The router supports a maximum of 64 classes per policy map.
Note
The numbers above include both configured and attached policies. Each policy-map command counts
as one policy map, which counts against the system limit.
In releases through Cisco IOS Release 12.2(31)SB, the router supports a maximum of 4096 unique
policy maps for the PRE2 and PRE3.
For every additional policy map you create, approximately 2385 + (number of classes x 188) bytes of
memory are used. For example, 8192 policy maps with 64 classes in each uses approximately 118 MB
of memory. This is subtracted from memory that is available for such things as PPP sessions.
If you attempt to create 8193 policy maps, the following error message displays:
No more than 8192 policy maps can be defined.
The number of policy map instances supported on the router depends on the number of interfaces
(VCCIs) configured. The maximum number of interfaces allowed is 61,500. Therefore, the theoretical
maximum number of policy instances equals 2 x 61,500.
The router supports 512,000 policer instances and 4095 class maps.
policy-map Command
To create or modify a policy map, use the policy-map command in global configuration mode. Use the
no form of the command to remove a policy map. This command has no default behavior or values.
policy-map policy-map-name
no policy-map policy-map-name
3-3
Chapter 3
Syntax Description
policy-map-name
Policy Map ActionsReleases Prior to Cisco IOS Release 12.0(17)SL, page 3-7
Policy Map ActionsCisco IOS Release 12.0(17)SL and Later Releases, page 3-10
Policy Map ActionsCisco IOS Release 12.0(20)ST and Later Releases, page 3-10
Policy Map ActionsCisco IOS Release 12.0(22)S and Later Releases, page 3-11
Normal interface, including variable bit rate (VBR) virtual circuits (VCs) on ports configured in pxf
queuing mode
ATM unspecified bit rate (UBR) VCs and VCs configured on ports in no atm pxf queuing mode
3-4
OL-7433-09
Chapter 3
Table 3-2 lists the input policy actions that you can define in a policy map for specific interface types.
Table 3-2
Note
Interface Type
Policy Map
Actions
Normal
Virtual Access
bandwidth
Not Applicable
Not Applicable
Not Applicable
Not Applicable
queue-limit
Not Applicable
Not Applicable
Not Applicable
Not Applicable
priority
Not Applicable
Not Applicable
Not Applicable
Not Applicable
shape
Not Available
Not Available
Not Available
Not Available
random-detect
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set ip prec/dscp
Valid
Not Applicable
Valid
Valid
set qos-group
Valid
Valid
Valid
Valid
set atm-clp
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set cos
Not Applicable
Not Applicable
Not Applicable
Not Applicable
police
Valid
Valid
Valid
Valid
set mpls
experimental
Not Available
Not Available
Not Available
Not Available
In Table 3-2 and Table 3-3, Not Applicable indicates that you cannot perform the action on a Cisco
product or that it has no meaning in the context indicated. Not Available means the action is not
supported. When configuring an input policy map for a virtual access interface (VAI), be careful that you
do not include the Not Applicable or Not Available policy actions indicated. If you do, an error
message appears.
3-5
Chapter 3
Table 3-3 lists the output policy actions that you can define in a policy map for specific interface types.
Table 3-3
Interface Type
Policy Map
Actions
Normal
Virtual Access
bandwidth
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
queue-limit
Valid
Valid
Not Available
Not Available
priority
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
shape
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
random-detect
Valid
Valid
Not Available
Not Available
set ip prec/dscp
Valid
Not Applicable
Valid
Valid
set qos-group
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set atm-clp
Valid
Not Available
Not Available
Not Available
set cos
Valid
police
set mpls
experimental
Not Available
Valid
Not Applicable
Valid
Valid
Valid
Valid
Not Applicable
Not Available
Not Applicable
Not Applicable
1. The interface must be an Ethernet interface that is configured for 802.1Q VLAN.
2. The virtual access interface must be using an 802.1Q VLAN interface.
3-6
OL-7433-09
Chapter 3
Action
Description
3-7
Chapter 3
Table 3-4
Action
Description
random-detect exponential-weight-constant
value
Note
3-8
OL-7433-09
Chapter 3
Table 3-4
Action
Description
set atm-clp
3-9
Chapter 3
Action
Description
shape rate
1. In Cisco IOS Release 12.0(23)SX1, Release 12.0(25)S, and Release 12.3(7)XI, and later releases, the syntax of the priority
command changed to priority (without any arguments). For these later releases, use the priority command with the police
command so that the priority class does not starve other traffic on a link. For more information, see the Avoiding Bandwidth
Starvation Due to Priority Services section on page 6-25 and the Bandwidth Starvation section on page 8-3.
Action
Description
3-10
OL-7433-09
Chapter 3
Action
Description
Action
Description
1high priority
2low priority
Policing Actions
The police command allows you to specify what you want the router to do when traffic meets, exceeds,
or violates the policing parameters you specified. Table 3-9 describes the policing actions the router
supports and the minimum Cisco IOS release required.
3-11
Chapter 3
QoS Inheritance
Table 3-9
Policing Actions
Action
Description
drop
Release 12.0(9)SL
Release 12.3(7)XI
set-discard-class-transmit
Release 12.3(7)XI
set-dscp-transmit value
set-mpls-exp-transmit value
set-mpls-exp-imposition-transmit
value
set-prec-transmit value
set-qos-transmit value
Sets the qos-group value and transmits the packet Release 12.0(9)SL
with the new qos-group value setting. Valid values
are from 0 to 99.
transmit
Release 12.0(22)S
Release 12.0(9)SL
Release 12.0(9)SL
QoS Inheritance
The Cisco 10000 series router applies service policies using the following QoS inheritance rules:
ATM portA service policy configured on an ATM port applies to all unspecified bit rate (UBR)
PVCs configured on the port without a service policy. Only unshaped UBR PVCs inherit the service
policy of the port. Variable bit rate (VBR), constant bit rate (CBR), and shaped UBR PVCs
configured on the port do not inherit the service policy of the port.
For more information about the ATM service classes, see the ATM Service Categories section on
page 3-13.
3-12
OL-7433-09
Chapter 3
Frame Relay physical interfaceA service policy configured on a Frame Relay physical interface
applies to the traffic of all PVCs configured on the port without a service policy.
Ethernet portA service policy configured on an Ethernet port applies to the traffic of all VLANs
configured on the port without a service policy.
SessionIf a service policy is not configured, the session inherits the service policy applied to the
virtual circuit (VC) or the inherited policy of the VC. If a session inherits a policy, the show policy
interface virtual access command does not display the state of the inherited policy. You can display
the state of the policy only on the interface where you configured the policy.
When operating in no atm pxf queuing mode, the router supports unshaped UBR PVCs, which do not
specify a peak cell rate (PCR). The router can support a high number of VCs when you configure the no
atm pxf queuing command on each port of the router. Point-to-Point Protocol over ATM (PPPoA)
supports one session per VC and requires that you enable no atm pxf queuing to support 32,000 PPPoA
sessions. Layer 2 Tunnel Protocol (L2TP) does not require that you enable no atm pxf queuing and
Point-to-Point Protocol over Ethernet (PPPoE) sessions do not require that you enable this queuing mode
because you can have 32,000 sessions on a single VC.
When operating in atm pxf queuing mode, the router supports the following ATM service classes:
VBR-nrtNon-real-time VBR
If you specify a PCR value for UBR+, the router accepts the value, but does not use it, and it does not
notify you when this occurs.
For information about how the ATM service classes inherit QoS service policies, see the QoS
Inheritance section on page 3-12.
3-13
Chapter 3
QoS Inheritance
An ATM VC configured as CBR can transmit cells at peak cell rate (PCR) at any time and for any
duration. It can also transmit cells at a rate less than the PCR or even emit no cells. CBR is characterized
by PCR.
Shaped UBR
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the
speed of the remote target interface and to ensure that the traffic conforms to policies contracted for it.
Traffic that adheres to a particular profile can be shaped to meet downstream requirements, thereby
eliminating bottlenecks in topologies with data-rate mismatches.
The Cisco 10000 series router supports traffic shaping for unspecified bit rate (UBR) traffic. Traffic
shaping is performed on a per-port basis and involves passing UBR traffic streams through VC queues
for scheduled rate shaping. When traffic shaping is enabled, all traffic exiting the port out to the network
is subject to VC scheduling based on the parameters you configure for the connection.
3-14
OL-7433-09
Chapter 3
Configuring UBRs
To configure a UBR, enter the following commands in ATM VC configuration mode:
Command
Purpose
Step 1
Step 2
or
Note
Router(config-if)# no atm pxf queuing
Step 3
Step 4
Creates a UBR.
output-pcr is the output peak cell rate. The router configures
a shaped UBR when you specify the output PCR. Otherwise,
the router configures unshaped UBR.
Real time (VBR-rt)Used for connections that transmit at a rate varying with time and that can be
described as bursty, often requiring large amounts of bandwidth when active. The VBR-rt class is
intended for applications that require tightly constrained delay and delay variation such as
compressed voice video conferencingfor example, video conferencing requires real-time data
transfer with bandwidth requirements that can vary in proportion to the dynamics of the video image
at any given time. The VBR-rt category is characterized in terms of peak cell rate (PCR), sustained
cell rate (SCR), and maximum burst size (MBS).
Nonreal time (VBR-nrt)Used for connections that are bursty but are not constrained by delay and
delay variation boundaries. For those cells in compliance with the traffic contract, a low cell loss is
expected. Non-time critical data file transfers are an example of a VBR-nrt connection. A VBR-nrt
connection is characterized by PCR, SCR, and MBS.
3-15
Chapter 3
QoS Inheritance
Configuring VBRs
To configure VBR-nrt, enter the following commands in ATM VC configuration mode:
Command
Purpose
Step 1
Step 2
or
Note
Router(config-if)# no atm pxf queuing
Step 3
Step 4
Creates a VBR-nrt.
output-pcr is the output peak cell rate (PCR).
output-scr is the output sustained cell rate (SCR).
output-mbs is the output maximum burst cell size (MBS).
Note
If the PCR and SCR values are equal, the MBS value
is 1.
3-16
OL-7433-09
Chapter 3
QoS Applicability
Traffic Types
Subject to QoS
In-transit IP packets
Yes
No
Yes
No
No1
Yes
1. IP precedence 6 and 7 are not subject to QoS in all releases prior to Cisco IOS Release 12.0(22)S and in Cisco IOS
Release 12.3(7)XI2.
If you apply the shaped service policy to a single VC that is not an unshaped UBR VC, the router
applies the specified bandwidth to only that specific VC.
By default, the router first allocates bandwidth to the VBR VCs and then allocates any bandwidth
leftover to unshaped UBR VCs. To override this default behavior, apply a service policy to the
unshaped UBR VC using an hierarchical shaping policy. For more information, see Chapter 13,
Defining QoS for Multiple Policy Levels.
If you apply the policy to an interface, the router applies the specified bandwidth to all of the VCs
on the interface that do not have their own service policies.
3-17
Chapter 3
QoS Performance
QoS Performance
The parallel express forwarding (PXF) engine processes QoS traffic. Sometimes the PXF engine cannot
finish processing a packet before the packet completes a single pass through the PXF; the packet requires
additional processing. As a result, the packet is fed back through the PXF and processing continues. This
is referred to as a feedback operation.
Packets that are subject to both inbound and outbound QoS policies require additional PXF processing,
resulting in a feedback. However, packets subject to only one QoS policy (either inbound or outbound)
require only one pass through the PXF; a feedback is not needed.
Extra PXF passes reduce the system forwarding capacity. For example, if x packets per second require y
extra passes, the system forwarding capacity diminishes by xythe system has xy fewer packets per
second forwarding capacity than before. Although the forwarding capacity diminishes, system
performance is not affected. Packet classification processing affects only the forwarding capacity of the
system, not the speed. Packet delay due to additional PXF passes is negligible. Therefore, system
performance degradation occurs only at high system utilization.
The following describes PXF requirements:
All releases prior to Cisco IOS Release 12.0(17)SLFor each packet, the PXF requires one pass per
class-map match statement.
Cisco IOS Release 12.0(17)SLFor each packet, the PXF requires one pass for every four
non-access control list (ACL) class-map match statements. For each packet, the PXF requires one
pass for one ACL class-map match statement.
Cisco IOS Release 12.0(19)SL and later releasesFor each packet, the PXF requires one pass per
policy, regardless of the sum of the match statements in each class of the policy.
Attaching Service Policies, page 3-20 (See Chapter 4, Attaching Service Policies.)
3-18
OL-7433-09
Chapter 3
Step 1
Command
Purpose
Step 2
Example 3-2 shows how to configure the class-default class in the policy map named mypolicy. In this
example, class-default has a bandwidth configuration of 128 kbps:
Example 3-2
Note
For more information about defining QoS actions in a policy map, see the Input and Output Policy
Actions section on page 3-4.
3-19
Chapter 3
Physical interfaces
ATM constant bit rate (CBR) and variable bit rate (VBR) PVCs and point-to-point subinterfaces
Ethernet VLANs
IP tunnel interfaces
Purpose
3-20
OL-7433-09
Chapter 3
Command
Purpose
3-21
Chapter 3
3-22
OL-7433-09
Chapter 3
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class maps
Policy maps
Release Notes for the Cisco 10000 Series Internet Router for
Cisco IOS Release 12.0(25)SX
New Features in Cisco IOS Release 12.0(25)SX > Policy
Map Scaling
3-23
Chapter 3
Related Documentation
Feature
Related Documentation
3-24
OL-7433-09
CH A P T E R
Physical interfaces
Multilink Point-to-Point Protocol (MLPPP) and Multilink Frame Relay (MFR) interfaces
ATM unspecified bit rate (UBR) permanent virtual circuits (PVCs) and point-to-point subinterfaces
ATM shaped (peak cell rate is specified) UBR PVCs and point-to-point subinterfaces
IP tunnel interfaces
4-1
Chapter 4
Each interface, subinterface, or PVC can have no more than two policy maps attached: one for inbound
traffic and one for outbound traffic. The router does not require that the inbound and outbound policies
be the same; you can attach different input and output policies.
Note
In a Cisco 10000 series router, we recommend that you do not attach a service-policy to an interface that
has an IP interface session.
Restrictions and Limitations for Attaching ATM Service Policies, page 4-5
Attaching ATM QoS Service Policies to ATM Interfaces, Subinterfaces, and PVCs, page 4-5
Description
Required PRE
12.0(17)SL
PRE1
12.2(15)BX
PRE2
12.3(7)XI2
This feature was modified to allow you to attach ATM QoS PRE2
service policies to a range of PVCs and to a specific PVC
within the PVC range.
12.2(28)SB
PRE2
12.2(31)SB2
PRE2
PRE3
For all releases earlier than Cisco IOS Release 12.3(7)XI2, if you attach a service policy only to the
physical interface, the aggregate of all unspecified bit rate (UBR) PVCs is subject to the physical
interfaces service policy.
For Cisco IOS Release 12.3(7)XI2 and later releases, if you attach a service policy only to the
physical interface, the aggregate of all unshaped UBR PVCs is subject to the physical interfaces
service policy. In Cisco IOS Release 12.3(7)XI2 and later releases, the router treats shaped UBR
PVCs like variable bit rate (VBR) and constant bit rate (CBR) PVCs.
4-2
OL-7433-09
Chapter 4
If you attach a service policy only to individual PVCs and not to the physical interface, only the
individual PVC is subject to its attached service policy.
If you attach service policies to both the physical interface and individual PVCs, the aggregate of
all UBR PVCs that do not have a service policy is subject to the physical interfaces service policy.
All PVCs that do have a service policy are individually subject to their attached service policies.
The router can operate in one of two ATM queueing modes: atm pxf queuing or no atm pxf queuing. The
router supports:
Unshaped UBR and nonreal-time VBR (VBR-nrt) PVCs when you configure the atm pxf queuing
command on the ATM interfaces
Unshaped UBR, shaped UBR, and VBR-nrt PVCs when you configure the no atm pxf queuing
command on the ATM interfaces
For more information about ATM service classes, see the ATM Service Categories section on
page 3-13.
The router allocates bandwidth to VBR, CBR, and shaped UBR PVCs before allocating bandwidth to
unshaped UBR PVCs. As a result, a diminished amount of bandwidth is available to allocate to unshaped
UBR PVCs. To override this behavior, create an hierarchical policy with the bandwidth specified and
attach the policy to the ATM port or physical interface. For more information, see Chapter 13, Defining
QoS for Multiple Policy Levels.
service-policy Command
To attach a policy map that the router can use to apply QoS services to inbound and outbound packets,
use the service-policy command in interface or map class configuration mode. Use the no form of the
command to remove a service policy. This command has no default value or behavior.
service-policy {input | output} policy-map-name
no service-policy {input | output} policy-map-name
Syntax Description
input
output
policy-map-name
The name of the policy map (created using the policy-map command) you
want to attach. The policy-map-name can be a maximum of
40 alphanumeric characters.
Description
12.0(17)SL
12.2(15)BX
12.3(7)XI2
This command was enhanced on the PRE2 to allow you to attach a policy
map to a range of PVCs, and to a specific PVC within the PVC range.
4-3
Chapter 4
Description
12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
12.2(31)SB2
Interface
When you enter the command as service-, the router accepts the command as shown in the following
example:
Router(config-if)# service- ?
input Assign policy-map to the input of an interface
output Assign policy-map to the output of an interface
type
Configure CPL Service Policy
In releases earlier than Cisco IOS Release 12.2(33)SB, the router accepts the abbreviated form of the
service-policy command. For example, the router accepts the following commands:
Router(config)# interface gigabit1/1/0
Router(config-if)# ser out test
4-4
OL-7433-09
Chapter 4
On ATM line cards, you can apply a policy map to the physical interface, point-to-point
subinterfaces, and to individual PVCs. The router does not support applying QoS service policies to
point-to-multipoint subinterfaces. However, you can apply service policies to VCs that are on
multipoint interfaces.
The policy map you assign to a PVC takes precedence over the policy map you assign to the main
interface.
You must first configure the atm pxf queuing command on the interface and then attach the policy
map.
Note
Do not change the queuing mode while VCs are configured on the interface. To change the mode,
first delete the VCs and then change the mode. Changing the mode while VCs are configured
can produce undesired results, and the change does not take effect until the router reloads.
For a policy map to be successfully attached to an interface or ATM VC, the aggregate of the
configured minimum bandwidths of the policy map classes is limited to the speed of the interface,
unless you use the atm over-subscription-factor command to oversubscribe the interface.
The router does not support a service policy based on queuing for unshaped UBR PVCs.
Attaching QoS Service Policies to an ATM PVC Range and an ATM PVC in a Range, page 4-9
4-5
Chapter 4
Purpose
Step 1
Step 2
4-6
OL-7433-09
Chapter 4
Note
The router does not support QoS service policies on ATM point-to-multipoint subinterfaces. However,
you can apply service policies to VCs that are configured on multipoint interfaces.
Command
Purpose
Step 1
Step 2
Step 3
Step 4
Router(config-subif)# service-policy
{input | output} policy-map-name
4-7
Chapter 4
Configuration Example for Attaching QoS Service Policies to an ATM Point-to-Point Subinterface
Example 4-2 attaches a QoS service policy named myQoS to ATM point-to-point subinterface 3/0/0.1
for inbound traffic.
Example 4-2
Purpose
Step 1
Step 2
Step 3
Step 4
4-8
OL-7433-09
Chapter 4
Step 5
Command
Purpose
Router(config-if-atm-vc)# service-policy
[input | output] policy-map-name
Attaching QoS Service Policies to an ATM PVC Range and an ATM PVC in a Range
To attach a QoS service policy to a range of ATM PVCs or to a specific ATM PVC in a range of PVCs,
enter the following commands beginning in global configuration mode:
Step 1
Command
Purpose
4-9
Chapter 4
Step 2
Command
Purpose
Step 3
Router(config-if-atm-range)#
service-policy [input | output]
policy-map-name
Attaches the service policy you specify to the specified ATM PVC
range.
input indicates to apply the service policy to inbound traffic on
the interface.
output indicates to apply the service policy to outbound traffic on
the interface.
Note
Router(config-if-atm-range)# pvc-in-range
[pvc-name] vpi/vci
4-10
OL-7433-09
Chapter 4
Step 5
Command
Purpose
Router(config-if-atm-range-pvc)#
service-policy [input | output]
policy-map-name
Attaching Policy Maps to ATM PVC Ranges and PVCs in PVC Ranges
Restrictions and Limitations for Frame Relay QoS Service Policies, page 4-13
Creating and Attaching QoS Policies to Frame Relay Interfaces, Subinterfaces, and Data-Link
Connection Identifiers, page 4-14
4-11
Chapter 4
Description
Required PRE
12.0(23)SX
PRE1
12.0(25)S
PRE1
If you attach a service policy only to the physical interface, the aggregate of all PVCs is subject to
the physical interfaces service policy.
If you attach a service policy only to individual PVCs and not to the physical interface, only the
individual PVC is subject to its attached service policy.
If you attach service policies to both the physical interface and individual PVCs, the aggregate of
all PVCs that do not have a service policy is subject to the physical interfaces service policy. All
PVCs that do have a service policy are individually subject to their attached service policies.
If you attach a service policy to a Frame Relay point-to-point subinterface (either directly or using
a map class), the router applies the QoS service policy to the aggregate of all of the DLCIs
configured on the subinterface.
If you attach a service policy to an individual DLCI (either directly or using a map class), the router
only applies the QoS service policy to the individual DLCI.
Syntax Description
map-class-name
4-12
OL-7433-09
Chapter 4
Description
12.0(23)SX
12.0(25)S
Do not configure Frame Relay services using both the modular QoS command-line interface (MQC)
and the Frame Relay legacy commands.
For Cisco IOS Release 12.0(22)S and later releases, use the MQC to configure QoS services for
Frame Relay interfaces.
For all releases earlier than Cisco IOS Release 12.0(22)S, use the Frame Relay commands to
configure Frame Relay QoS services. For more information, see Appendix A, Configuring Frame
Relay QoS Using Frame Relay Legacy Commands.
The router has no preset scaling limit for Frame Relay QoS services. You can apply any number of
Frame Relay QoS services.
The router does not support attaching QoS service policies to Frame Relay point-to-multipoint
subinterfaces.
You cannot attach a policy map and a map class to the same subinterface. For Cisco IOS
Release 12.0(22)S and later releases, use the MQC to create and attach a policy map as described in
this chapter. For all releases earlier than Cisco IOS Release 12.0(22)S, use the Frame Relay legacy
commands to create and attach a Frame Relay QoS policy as described in Appendix A, Configuring
Frame Relay QoS Using Frame Relay Legacy Commands.
Output QoS policies that contain queuing actions must be nested service policies.
4-13
Chapter 4
Note
The router does not support attaching a QoS service policy to a Frame Relay point-to-multipoint
subinterface. You can attach a QoS service policy to either a Frame Relay subinterface, a Frame Relay
DLCI, but not to both.
To attach a QoS service policy to a Frame Relay link, perform any of the following tasks:
Attaching a QoS Service Policy to a Frame Relay Interface or Point-to-Point Subinterface Using a
Map Class, page 4-16
Note
You cannot attach a QoS policy to the same Frame Relay interface or subinterface by using both
the MQC and a map class. For releases earlier than Cisco IOS Release 12.0(22)S, use the Frame
Relay commands to attach QoS policies (see Appendix A, Configuring Frame Relay QoS Using
Frame Relay Legacy Commands). For Cisco IOS Release 12.0(22)S and later releases, use the
MQC.
4-14
OL-7433-09
Chapter 4
Purpose
Step 1
Step 2
Configuration Examples for Attaching QoS Policies Directly to a Frame Relay Interface or Point-to-Point Subinterface
Example 4-5 shows how to attach the service policy named mypolicy2 to serial subinterface 1/0/0.1 in
the inbound direction.
Example 4-5
Example 4-6 shows how to attach the service policy named silver to serial interface 4/0/0 in the inbound
direction.
Example 4-6
4-15
Chapter 4
Attaching a QoS Service Policy to a Frame Relay Interface or Point-to-Point Subinterface Using a Map Class
To attach a QoS service policy to a Frame Relay interface or point-to-point subinterface using a Frame
Relay map class, enter the following commands beginning in global configuration mode:
Step 1
Command
Purpose
Step 2
Router(config-map-c)# service-policy
[input | output] policy-map-name
Router(config-map-c)# exit
Step 4
Step 5
Configuration Examples for Attaching a QoS Policy to a Frame Relay Interface or Point-to-Point Subinterface Using a Map Class
Example 4-7 shows how to configure a policy map named policy1 within a Frame Relay map class
named VCs_slow and attach the map class to serial subinterface 1/0/0.1.
Example 4-7
Configuring a QoS Service Policy on a Frame Relay Subinterface Using a Map Class
4-16
OL-7433-09
Chapter 4
Example 4-8 shows how to configure a policy map named bronze within a Frame Relay map class named
slow-VCs and attach the map class to serial interface 2/0/0.
Example 4-8
Configuring a QoS Service Policy on a Frame Relay Interface Using a Map Class
Note
Attaching a QoS Service Policy Directly to a Frame Relay DLCI, page 4-17
Attaching a QoS Service Policy to a Frame Relay DLCI Using a Map Class, page 4-19
You cannot attach a QoS policy to the same Frame Relay interface or subinterface by using both the
MQC and a map class. For releases earlier than Cisco IOS Release 12.0(22)S, use the Frame Relay
commands to attach QoS policies (see Appendix A, Configuring Frame Relay QoS Using Frame Relay
Legacy Commands). For Cisco IOS Release 12.0(22)S and later releases, use the MQC.
Purpose
Step 1
Step 2
Router(config-if)# frame-relay
interface-dlci dlci
4-17
Chapter 4
Step 3
Command
Purpose
Router(config-fr-dlci)# service-policy
[input | output] policy-map-name
Configuration Examples for Attaching a QoS Service Policy Directly to a Frame Relay DLCI
Example 4-9 shows how to attach the service policy named user_policy to the data link connection
identifier (DLCI) 100 on serial subinterface 1/0/0.1 for outbound packets.
Example 4-9
Example 4-10 shows how to attach the service policy named voice to DLCI 201 on serial interface 4/0/0
for outbound packets.
Example 4-10 Attaching a QoS Service Policy Directly to a DLCI Configured on an Interface
Router(config)# interface serial 4/0/0
Router(config-if)# frame-relay interface-dlci 201
Router(config-fr-dlci)# service-policy output voice
4-18
OL-7433-09
Chapter 4
Attaching a QoS Service Policy to a Frame Relay DLCI Using a Map Class
You can attach a map class with a QoS policy to a Frame Relay DLCI that is configured on an interface
or subinterface.
To attach a QoS service policy to a Frame Relay DLCI using a map class, enter the following commands
beginning in global configuration mode:
Command
Purpose
Step 1
Step 2
Router(config-map-c)# service-policy
[input | output] policy-map-name
Router(config-map-c)# exit
Step 4
Step 5
Router(config-if)# frame-relay
interface-dlci dlci
Step 6
4-19
Chapter 4
Configuration Examples for Attaching a QoS Service Policy to a Frame Relay DLCI Using a Map Class
Example 4-11 shows how to configure a policy map named gold within a Frame Relay map class named
group1, and attach the map class to DLCI 101 configured on the serial subinterface 1/0/0.2.
Example 4-11 Attaching a QoS Service Policy to a Frame Relay Subinterface DLCI Using a Map Class
Router(config)# map-class frame-relay group1
Router(config-map-class)# service-policy gold
Router(config-map-class)# exit
Router(config)# interface serial 1/0/0.2 point-to-point
Router(config-if)# frame-relay interface-dlci 101
Router(config-fr-dlci)# frame-relay class group1
Example 4-12 shows how to configure a policy map named Premium within a Frame Relay map class
named voice, and attach the map class to DLCI 200 configured on the serial interface 3/0/0.
Example 4-12 Attaching a QoS Service Policy to a Frame Relay Interface DLCI Using a Map Class
Router(config)# map-class frame-relay voice
Router(config-map-class)# service-policy Premium
Router(config-map-class)# exit
Router(config)# interface serial 3/0/0
Router(config-if)# frame-relay interface-dlci 200
Router(config-fr-dlci)# frame-relay class voice
Restrictions and Limitations for Attaching QoS Services to VLAN Subinterfaces, page 4-21
Description
Required PRE
12.0(25)SX
PRE1
12.2(15)BX
PRE2
12.2(28)SB
PRE2
4-20
OL-7433-09
Chapter 4
If you attach a service policy only to the physical interface, the aggregate of all of the VLAN
subinterfaces is subject to the physical interfaces service policy.
If you attach a service policy only to individual VLAN subinterfaces and not to the physical
interface, only the individual VLAN subinterfaces are subject to the attached service policies.
If you attach service policies to both the physical interface and to individual VLAN subinterfaces,
the aggregate of all VLAN subinterfaces without a service policy is subject to the physical
interfaces service policy, and all of the VLAN subinterfaces with a service policy are individually
subject to their attached service policies.
The Cisco 10000 series router currently supports PPPoE over IEEE 802.1Q VLAN on Gigabit
Ethernet and Fast Ethernet 8-port half-height line cards. The Fast Ethernet port (fe0/0/0) of the
performance routing engine (PRE) does not support this feature. This port is for management traffic
only.
For PRE1 and PRE2, output QoS policies that contain queueing actions must be nested service
policies. However, for PRE3 and PRE4, there is no such restriction and thereby a flat queueing
policy can be directly attached to a VLAN subinterface.
Attaching QoS Service Policies to Physical Interfaces with VLAN Subinterfaces, page 4-22
4-21
Chapter 4
Purpose
Step 1
Step 2
Step 4
Configuration Example for Attaching QoS Policies to Physical Interfaces with VLAN Subinterfaces
Example 4-13 shows how to attach a service policy named myQoS to the physical Gigabit Ethernet
interface 1/0/0 for inbound traffic. VLAN 4, configured on the GigabitEthernet subinterface 1/0/0.3,
inherits the service policy of the physical Gigabit Ethernet interface 1/0/0.
Example 4-13 Attaching a QoS Policy to a VLAN Interface
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# service-policy input myQoS
Router(config-if)# interface GigabitEthernet 1/0/0.3
Router(config-subif)# encapsulation dot1q 4
4-22
OL-7433-09
Chapter 4
Purpose
Step 1
Step 2
Step 3
Router(config-subif)# service-policy
[input | output] policy-map-name
The router uses a template of operational parameters called a virtual template interface to create and
configure the VAI.
2.
When the user connection terminates, the router deletes the VAI and frees the resources for other
client uses.
4-23
Chapter 4
The virtual template interface is a logical entity that the router applies dynamically as needed to a
connection. It is a configuration for an interface, but it is not tied to the physical interface. The VAI uses
the attributes of the virtual template to create the session, which results in a VAI that is uniquely
configured for a specific user.
After you configure a virtual template, configure the virtual connection that will use the template and
then apply the template to the virtual connection. The order in which you create virtual templates and
configure the virtual connections that use the templates is not important. However, before a remote user
initiates a session to the router, both the virtual templates and connections must exist.
If you use a RADIUS server, the RADIUS configuration takes precedence over the virtual template
configuration. For example, the RADIUS configuration might override some parameters and the virtual
template provides the remainder of the configuration.
Note
Virtual template interfaces and VAIs do not apply to routed bridge encapsulation (RBE) over ATM.
For more information about virtual templates and VAIs, see the Cisco 10000 Series Broadband
Aggregation and Leased-Line Configuration Guide at:
http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_book0918
6a00804d45ca.html
This section describes the following topics:
Restrictions and Limitations for Attaching QoS Services to a VAI, page 4-25
Attaching QoS Policies to VAIs Using Virtual Template Interfaces, page 4-25
Description
Required PRE
12.0(25)SX
PRE1
12.2(15)BX
PRE2
12.2(28)SB
PRE2
12.2(31)SB2
PRE2
PRE3
4-24
OL-7433-09
Chapter 4
Virtual template interfaces and VAIs do not apply to routed bridge encapsulation (RBE) over ATM.
Before a remote user initiates a session to the router, both the virtual template and virtual connection
must exist.
Cisco IOS Release 12.2(25)SX does not support the configuration of broadband aggregation (BBA)
groups using RADIUS. You must configure BBA groups manually.
You can only apply a QoS policy with queueing-related actions to a VC. Do not apply service
policies with class-based weighted fair queueing (CBWFQ) actions to a VAI using a virtual
template. The router supports queueing only when you apply the QoS policy to a VC.
You can apply a QoS policy without queueing-related actions to either a VC or a VAI, but not to both
at the same time.
If you configure a QoS policy on a VC, the show policy interface VAI command does not display
information to indicate that the VAI is subject to the VC service policy. However, if you apply a
policy directly to a VAI, the show policy interface VAI command displays information about the
policy on the VAI.
Attaching a BBA Group to an Interface or Subinterface for PPPoE Sessions, page 4-28
4-25
Chapter 4
Step 1
Command
Purpose
Step 2
4-26
OL-7433-09
Chapter 4
Step 1
Command
Purpose
Step 2
Router(config-bba)# virtual-template
template-number
Note
You cannot simultaneously configure a BBA group for PPPoE and a VPDN group for PPPoE. If you
configure a BBA group and then you configure a VPDN group, the protocol command in VPDN
accept-dialin configuration mode does not include an option for PPPoE (for example, you cannot specify
the protocol pppoe command). Use the no bba-group pppoe command to re-enable the pppoe option
for the protocol command.
4-27
Chapter 4
Purpose
Step 1
Step 2
Example 4-18 shows how to attach a BBA group named bba-voice to ATM subinterface 4/0/0.10 for
PPPoE sessions. The example also assigns VLAN 4 to the subinterface.
Example 4-18 Attaching a BBA Group to a VLAN Subinterface
Router(config)# interface atm 4/0/0.10
Router(config-subif)# protocol pppoe group bba-voice
Router(config-subif)# encapsulation dot1q 4
Router(config-subif)# pppoe enable
4-28
OL-7433-09
Chapter 4
Example 4-19 shows how to use a virtual template interface to apply a QoS policy to PPPoE sessions.
The example configuration shows how to create a virtual template interface, apply the virtual template
to a BBA group, and apply the BBA group to an interface or subinterface. The QoS policy named policy1
is applied to the virtual template interface named Virtual-Template1; Virtual-Template1 is applied to the
BBA group named VPN_1; and VPN_1 is applied to the ATM interface 5/0, which is configured for
aalsnap encapsulation. The QoS policy named voice1 is applied to the virtual template interface named
Virtual-Template2; Virtual-Template2 is applied to the BBA group named VPN_2; and VPN_2 is applied
to the FastEthernet subinterface 3/0/0.33, which is configured as a VLAN subinterface.
Example 4-19 Applying a QoS Policy to PPPoE Sessions Using a Virtual Template on a VLAN
Subinterface
Router(config)# interface Virtual-Template1
Router(config-if)# ip unnumbered Loopback0
Router(config-if)# mtu 1492
Router(config-if)# peer default ip address pool pool1
Router(config-if)# ppp authentication chap
Router(config-if)# service-policy input policy1
Router(config)# interface Virtual-Template2
Router(config-if)# ip unnumbered Loopback1
Router(config-if)# no peer default ip address
Router(config-if)# ppp authentication chap
Router(config-if)# ppp authorization
Router(config-if)# service-policy input voice1
Router(config)# bba-group pppoe VPN_1
Router(config-bba)# virtual-template 1
Router(config-bba)# sessions per-vc limit 5
Router(config-bba)# sessions per-mac limit 10
Router(config-bba)# sessions per-vlan limit 5
!
!
Router(config)# bba-group pppoe VPN_2
Router(config-bba)# virtual-template 2
Router(config-bba)# sessions per-vc limit 5
Router(config-bba)# sessions per-mac limit 10
Router(config-bba)# sessions per-vlan limit 5
!
!
Router(config)# interface atm 5/0
Router(config-if)# protocol pppoe group VPN_1
Router(config-if)# encapsulation aalsnap
!
Router(config)# interface FastEthernet 3/0/0.33
Router(config-subif)# protocol pppoe group VPN_2
Router(config-subif)# encapsulation dot.1q 5
!
!
4-29
Chapter 4
Description
Required PRE
12.3(7)XI3
PRE2
12.2(28)SB
PRE2
If you attach a service policy only to the physical ATM interface, the aggregate of all unshaped UBR
PVCs is subject to the physical interfaces service policy. The router treats shaped UBR PVCs like
variable bit rate (VBR) and constant bit rate (CBR) PVCs.
If you attach a service policy only to individual ATM PVCs and not to the physical ATM interface,
only the individual PVC is subject to its attached service policy.
If you attach service policies to both the physical ATM interface and individual ATM PVCs, the
aggregate of all UBR PVCs without an attached service policy is subject to the physical interfaces
service policy. All PVCs with an attached service policy are individually subject to their attached
service policies.
When a service policy is attached to an individual ATM PVC, sessions that use that PVC inherit the
service policy applied to the PVC or the inherited policy of the PVC. If a session inherits a policy, the
show policy interface virtual access command does not display the state of the inherited policy. You
can display the state of the policy only on the interface where you configured the policy. If you attach a
service policy only to:
The physical Ethernet interface, the aggregate of all of the VLAN subinterfaces is subject to the
physical interfaces service policy.
Individual VLAN subinterfaces, and not to the physical Ethernet interface, only the individual
VLAN subinterfaces are subject to the attached service policies.
4-30
OL-7433-09
Chapter 4
If you attach service policies to both the Ethernet physical interface and to individual VLAN
subinterfaces, the aggregate of all VLAN subinterfaces without a service policy is subject to the
physical interfaces service policy, and all of the VLAN subinterfaces with a service policy are
individually subject to their attached service policies.
Cisco IOS Release 12.3(7)XI3 does not support the attachment of LAC QoS directly to sessions by
attaching QoS services to a virtual access interface (VAI) using a virtual template. If you apply LAC
QoS to a virtual template, the router ignores it.
On ATM line cards, you can apply a policy map to the physical interface, point-to-point
subinterfaces, and to individual PVCs. The router does not support applying QoS service policies to
point-to-multipoint interfaces. However, you can apply service policies to VCs that are on
multipoint interfaces.
The policy map you assign to an ATM PVC takes precedence over the policy map you assign to the
main interface.
You must first configure the atm pxf queuing command on the ATM interface and then attach the
policy map.
Note
Do not change the queuing mode while VCs are configured on the interface. If you must change
the mode, first delete the VCs and then change the mode. Changing the mode while VCs are
configured can produce undesired results, and the change does not take effect until the router
reloads.
The aggregate bandwidth of the classes configured in a policy map is limited to the speed of the
interface or subinterface to which it is applied. The aggregate bandwidth of a policy applied to a VC
is limited to the capacity of the port, unless you configure oversubscription by using the
atm over-subscription-factor command.
The router does not support a service policy based on queueing for unshaped UBR PVCs.
The Cisco 10000 series router currently supports PPPoE over IEEE 802.1Q VLAN on Gigabit
Ethernet and Fast Ethernet 8-port half-height line cards. In a PPPoE over Ethernet configuration,
you cannot attach a service policy to a subinterface if another service policy is already attached to
its main interface.
The Fast Ethernet port (fe0/0/0) of the performance routing engine (PRE) does not support PPPoE
over Ethernet. This port is for management traffic only.
Output QoS policies that contain queueing actions must be hierarchical service policies. For more
information, see Chapter 13, Defining QoS for Multiple Policy Levels.
4-31
Chapter 4
When a packet arrives on a physical interface, the router applies the input QoS policy (if one exists)
of the physical interface.
2.
The router then applies the input QoS policy of the packets tunnel interface.
When a packet leaves the router, it applies the output QoS policy (if one exists) of the outbound
tunnel interface.
2.
The router then applies the output QoS policy of the outbound physical interface.
When applying the QoS policy, the physical interface uses the tunnel outer IP header; the tunnel interface
uses the inner IP header.
When an IP packet is encapsulated in a tunnel, the router copies the packets original IP type of service
(ToS) value into the tunnel header.
Purpose
4-32
OL-7433-09
Chapter 4
Command
Purpose
Displays the packet statistics of all classes that are configured for
all service policies either on the specified interface or subinterface
or on a specific PVC on the interface.
The following information displays for each policy:
Queue statistics
Number of errors
4-33
Chapter 4
Note
The show pxf commands are entered as show hardware pxf on the PRE1. For example, to
view a statistical summary of PXF column 0 for the specified interface, enter the
show hardware pxf interface command.
prec_0_0
100
prec_0_1
101
class-default
precedence-based
exponential-weighting-constant3
precedence 0 10 20 10
precedence-based
exponential-weighting-constant 3
precedence 1 10 20 10
4-34
OL-7433-09
Chapter 4
Example 4-21 shows another example of the information that appears when you enter the
show policy-map interface command. The sample output in Example 4-21 is based on a broadband
configuration with the following class map and policy map configurations:
class-map
match ip
match ip
class-map
match ip
match-any VoIP
dscp ef
precedence 5
match-any VoD
precedence 3
policy-map QOS-Policy1
class VoIP
police 64000 8000 0 conform-action transmit exceed-action drop violate-action drop
priority
class VoD
bandwidth 1500
4-35
Chapter 4
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features described in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
BBA Groups
4-36
OL-7433-09
CH A P T E R
5-1
Chapter 5
The router can commit up to 99 percent of the interface bandwidth to one or more class queues. If you
attempt to attach a policy map to an interface when the sum of the bandwidth assigned to classes is
greater than 99 percent of the available bandwidth, the router logs a warning message and does not
allocate the requested bandwidth to all of the classes. If the policy map is already attached to other
interfaces, it is removed from them.
Bandwidth includes the Layer 2 header, Layer 2 payload, and two bytes of trailer.
On ATM networks, the bandwidth is cell-based and includes Layer 2 overhead and cell overhead
(for example, cell overhead for SNAP and AAL5, the cell header, the AAL5 trailer, and AAL5
padding).
On Frame Relay networks with link fragmentation and interleaving (LFI) enabled, bandwidth is
based on fragments with Layer 2 overhead included.
The router converts the specified bandwidth to the nearest multiple of 1/255 (PRE1) or 1/65535 (PRE2)
of the interface speed. Use the show policy-map interface command to display the actual bandwidth.
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.2(15)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
Physical
ATM shaped (peak cell rate is specified) unspecified bit rate (UBR) PVCs and point-to-point
subinterfaces
Ethernet VLANs *
* Requires a specific type of hierarchical policy. For more information, see the Chapter 13, Defining
QoS for Multiple Policy Levels.
5-2
OL-7433-09
Chapter 5
Note
Note
ATM unshaped (no peak cell rate specified) UBR PVCs and point-to-point subinterfaces
IP tunnel
The router does not support the bandwidth command on inbound interfaces.
For all releases prior to Cisco IOS Release 12.0(19)SL, the router divides the unused bandwidth
equally among the class queues with outstanding packets.
For Cisco IOS Release 12.0(19)SL and later releases, the router divides unused bandwidth
proportional to the class bandwidth guarantee. You can override this proportional distribution by
using the bandwidth remaining percent command. The router distributes unused bandwidth only
to non-priority queues; a priority queue never receives more than its guaranteed bandwidth.
In Example 5-1, the policy-map named VLAN guarantees 30 percent of the bandwidth to the class
named Customer1 and 60 percent of the bandwidth to the class named Customer2. If you apply the
VLAN policy map to a 1-Mbps link, 300 kbps is guaranteed to class Customer1 and 600 kbps is
guaranteed to class Customer2, with 100 kbps remaining for the class-default class. If the class-default
class does not need additional bandwidth, the unused 100 kbps is available for use by class Customer1
and class Customer2. If both classes need the bandwidth, they share it in proportion to the configured
rates. In this example, the sharing ratio is 30:60 or 1:2.
Example 5-1
5-3
Chapter 5
Table 5-1 describes when a class configured with the bandwidth or priority command can use excess
bandwidth.
Table 5-1
Comparing When a Bandwidth and Priority Class Can Use Excess Bandwidth
Command
Congestion
Non-Congestion
bandwidth
priority
Bandwidth Calculations
The Cisco 10000 series router can commit up to 99 percent of the interface bandwidth to one or more
class queues. If you attempt to attach a policy map to an interface when the sum of the bandwidth
assigned to classes is greater than 99 percent of the available bandwidth, the router logs a warning
message and does not allocate the requested bandwidth to all of the classes. If the policy map is already
attached to other interfaces, it is removed from them.
For a physical interface, the total bandwidth is the bandwidth of the physical interface. The router
converts the minimum bandwidth that you specify to the nearest multiple of 1/255 (PRE1) or 1/65535
(PRE2) of the interface speed. When you request a value that is not a multiple of 1/255 or 1/65535, the
router chooses the nearest multiple.
The bandwidth percentage is based on the interface bandwidth. In a hierarchical policy, the bandwidth
percentage is based on the nearest parent shape rate.
By default, a minimum bandwidth guaranteed queue has buffers for up to 50 milliseconds of 256-byte
packets at line rate, but not less than 32 packets.
5-4
OL-7433-09
Chapter 5
Table 5-2 describes the data included and excluded in the committed rate when a traffic shaper and
policer are configured on the interface.
Table 5-2
Action
Frame Relay
Ethernet
Policing
No bit or byte
stuffing
No 7E flags
No Frame Check
Sequence (FCS)
No Inter-Frame Gap
(IFG)
No Preamble
No Start of Frame
Delimiter (SFD)
ATM
ADSL
SDSL
Class-Based Shaping
Class-Based Shaping
No ATM cell
No AAL Common
overhead
Part Convergence
Sublayer (CPCS) pad No AAL Common
Part Convergence
No ATM trailer
Sublayer (CPCS) pad
No ATM cell
overhead
No AAL Common
Part Convergence
Sublayer (CPCS) pad
No ATM trailer
No ATM trailer
Class-Based Shaping
Class-Based Shaping
No Frame Check
Sequence (FCS)
Shaping
4 bytes of Frame
Check Sequence
(FCS)
No bit or byte
stuffing
No 7E flags
No Inter-Frame Gap
(IFG)
No Preamble
No Start of Frame
Delimiter (SFD)
No ATM cell
overhead
No AAL Common
Part Convergence
Sublayer (CPCS) pad
Frame Check
Sequence (FCS)
1. The router does not account for flags or Frame Check Sequence (FCS) that the hardware adds or removes.
Table 5-3 describes what bandwidth is based on for each media type.
Table 5-3
Media
Bandwidth Based On
Frame Relay
Fragments1
Ethernet
Bits
1. For Frame Relay networks with link fragmentation and interleaving (LFI) enabled.
5-5
Chapter 5
Note
For all releases prior to Cisco IOS Release 12.0(19)SL, when other classes are present, the
class-default class receives no bandwidth guarantee unless it has a bandwidth command configured.
Cisco IOS Release 12.0(19)SL adds support for an implicit bandwidth guarantee. In
Release 12.0(19)SL and later releases, the class-default class receives a bandwidth guarantee of any
uncommitted interface bandwidth plus one percent. You can decrease this guarantee by using the
bandwidth command in the class-default class.
You can decrease the class-default bandwidth guarantee, but you cannot increase it.
Configuring the bandwidth-remaining percent command for the class-default class can lead to
unexpected behavior such as a drop in link throughput or unfair bandwidth sharing between queues. This
occurs because the router allocates 1 percent of the interface bandwidth to the default class, regardless
of the value you specify in the bandwidth-remaining percent command. The router does this so that
the class-default queue has at least a minimum amount of the committed rate to guarantee bandwidth to
any control traffic flowing over the default class. This behavior is unique to the class-default class only
and the PRE2. To workaround this problem, you can:
Configure the bandwidth percent or bandwidth rate command in the policy map instead of the
bandwidth-remaining percent command.
Limit the traffic that flows over the class-default queue by configuring another class queue with the
bandwidth-remaining percent command specified and ensuring that the traffic that would have
flowed over the class-default queue now flows over the newly created queue, leaving the
class-default queue for control traffic.
A similar setup on ATM would require 848 kbps because each 64-byte packet requires two cells of
53 bytes:
1000 * 2 * 53 * 8 / 1000 = 848
5-6
OL-7433-09
Chapter 5
In releases prior to Cisco IOS Release 12.3(7)XI, specify a minimum bandwidth rate using the
priority command.
In Cisco IOS Release 12.3(7)XI and later releases, specify a minimum bandwidth rate using the
police command. The router no longer supports the percent and bandwidth-kbps options for the
priority command.
When you create a priority queue using the priority command, the router sets the committed information
rate (CIR) of the queue to near link bandwidth. Therefore, the priority queue can consume almost all of
the link bandwidth when packets are transmitted from it. As a result, there is no way to guarantee
bandwidth to the other queues on the link. To resolve this, configure the other queues using the
bandwidth remaining command. This command enables the router to allocate relative amounts of
bandwidth, eliminating the need to constantly change the class bandwidth.
Table 5-4 lists the functional differences between the bandwidth and priority commands:
Table 5-4
Function
bandwidth Command
priority Command
Yes
Yes
No
Yes
Built-in policer
No
No
Provides low-latency
No
Yes
The bandwidth and priority commands are also designed to meet different QoS policy objectives.
Table 5-5 lists those differing objectives:
Table 5-5
Application
bandwidth Command
priority Command
Yes
Somewhat
No
Yes
No
Yes
5-7
Chapter 5
Queuing Modes
The Cisco 10000 series router supports the following queuing modes:
Note
For releases prior to Cisco IOS Release 12.3(7)XI2, the OC-3 and OC-12 line cards support a maximum
of 14,336 VCs when configured for hierarchical shaping. The DS3/E3 line card supports a maximum of
8,192 VCs when configured for shaping. You can configure the maximum number of VCs across the
ports in any fashion, provided that you do not exceed the per-port maximum. The OC-3 line card is
limited to 8,192 VCs per port and the DS3 is limited to 4,096 VCs per port.
The Cisco 10000 series router supports the following ATM traffic classes when you configure the atm
pxf queuing command:
Note
If you use the ubr+ command to configure shaped UBR, the router accepts the PCR value you specify,
but it does not use it. The router does not notify you of this behavior.
5-8
OL-7433-09
Chapter 5
Note
Cisco recommends that you do not configure no atm pxf queuing mode for QoS-sensitive deployments.
The no atm pxf queuing mode supports high VC counts. Before you configure VCs on an interface,
configure the queuing mode for the port (atm pxf queuing or no atm pxf queuing). After you configure
the mode, then configure the VCs. Do not change the mode while VCs are configured on the interface.
If you need to change the mode, delete the VCs first and then change the mode. Changing the mode while
VCs are configured can produce undesired results.
To support a high number of virtual circuits (VCs), configure the no atm pxf queuing command on each
port of the Cisco 10000 series router. PPPoA supports one session per VC and requires that you enable
no atm pxf queuing mode to support up to 64,000 PPPoA sessions. Enabling no atm pxf queuing mode
is not required for L2TP and might not be required for PPPoE because you can have 64,000 sessions on
a single VC.
The Cisco 10000 series router supports the following ATM traffic classes when you configure the no atm
pxf queuing command:
Note
If you use the ubr+ command to configure shaped UBR, the router accepts the PCR value you specify,
but it does not use it. The router does not notify you of this behavior.
You cannot configure the bandwidth command on a class with priority service configured.
In a policy map, you can configure the bandwidth, priority, or shape command for a maximum of
14 (PRE1) or 30 (PRE2) non-class-default classes.
The router supports a maximum of 32,767 (PRE1) or 128,000 (PRE2) output packet queues.
5-9
Chapter 5
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
For information about classifying traffic and creating QoS service policies, see Chapter 2, Classifying
Traffic and Chapter 3, Configuring QoS Policy Actions and Rules.
5-10
OL-7433-09
Chapter 5
5-11
Chapter 5
Purpose
5-12
OL-7433-09
Chapter 5
Example 5-6 shows the bandwidth that the router allocated to the traffic classes in the Gold policy map.
Example 5-6
5-13
Chapter 5
Uses the minimum bandwidth-remaining ratio allowed (currently 1 on the PRE3)Other interfaces
such as VLANs and Frame Relay DLCIs
With bandwidth-remaining ratios, service providers have more flexibility in assigning priority to
subinterfaces and queues during congestion. In addition to speed, you can base the bandwidth-remaining
ratio on alternative factors, such as a service product or subscription rate. In this way, for example, you
can give higher weight to subinterfaces carrying business services and lower weight to subinterfaces
carrying residential services. The bandwidth-remaining ratio enables the HQF scheduler to service a
subinterface with a low SCR but a high bandwidth-remaining ratio more frequently than servicing a
subinterface with a high SCR but a low bandwidth-remaining ratio.
The Distribution of Remaining Bandwidth Using Ratio feature is available on outbound interfaces only.
Modification
Release 12.2(31)SB22
This feature was introduced and implemented on the Cisco 10000 series
router for the PRE3.
Bandwidth-Remaining Ratio
A bandwidth-remaining ratio is a value from 1 to 1000 that is used to determine the amount of unused
(excess) bandwidth to allocate to a class queue or subinterface-level queue during congestion. The router
allocates excess bandwidth relative to the other class queues and subinterface-level queues configured
on the physical interface. The bandwidth-remaining ratio value does not indicate a percentage. For
example, a subinterface with a bandwidth-remaining ratio of 100 receives 10 times the unused (excess)
bandwidth during congestion than a subinterface with a bandwidth-remaining ratio of 10.
Without bandwidth-remaining ratios, the router allocates excess bandwidth based on the following:
With bandwidth-remaining ratios, excess bandwidth allocation can be based on factors other than the
bandwidth rate (for example, service product or subscription rate).
5-14
OL-7433-09
Chapter 5
The bandwidth remaining ratio command cannot coexist with another bandwidth command in
different traffic classes of the same policy map. For example, the following configuration is not valid
and causes an error message to display:
policy-map Prec1
class precedence_0
bandwidth remaining ratio 10
class precedence_2
bandwidth 1000
The bandwidth remaining ratio command cannot coexist with another bandwidth command in the
same class. For example, the following configuration is not valid and causes an error message to
display:
policy-map Prec1
class precedence_0
bandwidth 1000
bandwidth remaining ratio 10
In a hierarchical policy map in which the parent policy has only the class-default class defined with
a child queuing policy applied, the router accepts only the bandwidth remaining ratio form of the
bandwidth command in the class-default class of the parent policy.
The bandwidth remaining ratio command cannot coexist with the priority command in the same
class. For example, the following configuration is not valid and causes an error message to display:
policy-map Prec1
class precedence_1
priority percent 10
bandwidth remaining ratio 10
5-15
Chapter 5
Note
Step 1
Command or Action
Purpose
policy-map child-policy-name
Step 2
class class-map-name
Step 3
bandwidth bandwidth-kbps
Step 4
exit
Step 5
exit
Step 6
policy-map parent-policy-name
Step 7
class class-default
Step 8
5-16
OL-7433-09
Chapter 5
Step 9
Command or Action
Purpose
Step 10
service-policy child-policy-name
Applies the child policy map you specify to the traffic class.
The router applies the QoS actions specified in the child
policy to the traffic class.
child-policy-name is the name of the child policy.
Note
Step 11
exit
Step 12
exit
Step 13
5-17
Chapter 5
Step 14
Command or Action
Purpose
Step 1
Command or Action
Purpose
policy-map child-policy-name
Step 2
class class-map-name
Step 3
5-18
OL-7433-09
Chapter 5
Step 4
Command or Action
Purpose
Step 5
exit
Step 6
exit
Step 7
policy-map parent-policy-name
Step 8
class class-default
Step 9
Step 10
5-19
Chapter 5
Step 11
Command or Action
Purpose
service-policy child-policy-name
Applies the child policy map you specify to the traffic class.
The router applies the QoS actions specified in the child
policy to the traffic class.
child-policy-name is the name of the child policy.
Note
Step 12
exit
Step 13
exit
Step 14
Step 15
5-20
OL-7433-09
Chapter 5
Note
If PVC 98/204 is configured on the same interface as PVC 0/200 and with a bandwidth-remaining ratio
of 1, during times of congestion PVC 0/200 would have 10 times more bandwidth available to it for
non-priority traffic than PVC 98/204 would have.
5-21
Chapter 5
5-22
OL-7433-09
Chapter 5
5-23
Chapter 5
The following sample output from the show policy-map interface command indicates that
bandwidth-remaining ratios are configured on class-level queues in the policy maps named
vlan20_policy and child_policy, which are attached to the Gigabit Ethernet subinterface 1/0/0.20.
Router# show policy-map interface GigabitEthernet1/0/0.20
Service-policy output: vlan20_policy
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 250 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1000000, bc 4000, be 4000
target shape rate 1000000
bandwidth remaining ratio 100
Service-policy : child_policy
Class-map: precedence_0 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 0
Queueing
queue limit 62 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 500000, bc 2000, be 2000
target shape rate 500000
bandwidth remaining ratio 20
Class-map: precedence_1 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 1
Queueing
queue limit 62 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 500000, bc 2000, be 2000
target shape rate 500000
bandwidth remaining ratio 40
Class-map: precedence_2 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
queue limit 62 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 500000, bc 2000, be 2000
target shape rate 500000
bandwidth remaining ratio 60
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
5-24
OL-7433-09
Chapter 5
0 packets, 0 bytes
30 second rate 0 bps
queue limit 62 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
The following sample output from the show policy-map command indicates that a bandwidth-remaining
ratio of 10 is configured on the parent class-default class of the policy map named vlan10_policy.
Router# show policy-map vlan10_policy
Policy Map vlan10_policy
Class class-default
Average Rate Traffic Shaping
cir 1000000 (bps)
bandwidth remaining ratio 10
service-policy child_policy
The following sample output from the show policy-map command indicates that a bandwidth-remaining
ratio of 100 is configured on the parent class-default class of the policy map named vlan20_policy.
During congestion, the scheduler allocates the subinterface Gigabit Ethernet 1/0/0.20 10 times the
bandwidth that it allocates subinterface Gigabit Ethernet 1/0/0.10.
Router# show policy-map vlan20_policy
Policy Map vlan20_policy
Class class-default
Average Rate Traffic Shaping
cir 1000000 (bps)
bandwidth remaining ratio 100
service-policy child_policy
The following sample output from the show policy-map command indicates that a bandwidth-remaining
ratio of 20, 40, and 60 is configured on the class queues precedence_0, precedence_1, and precedence_2,
respectively.
Router# show policy-map child_policy
Policy Map child_policy
Class precedence_0
Average Rate Traffic Shaping
cir 500000 (bps)
bandwidth remaining ratio 20
Class precedence_1
Average Rate Traffic Shaping
cir 500000 (bps)
bandwidth remaining ratio 40
Class precedence_2
Average Rate Traffic Shaping
cir 500000 (bps)
bandwidth remaining ratio 60
5-25
Chapter 5
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
bandwidth command
Class maps
Policing
Policy maps
Shaping
Three-level scheduler
5-26
OL-7433-09
CH A P T E R
Policing Traffic
It is critical that network resources are available to customers. When network resources are overloaded
due to inadequate traffic management, you lose the benefits that a network provides. Controlling the flow
of data across your network helps to ensure the efficiency of the network.
Policing is an important traffic regulation mechanism. Using policing, you can configure your system to
more effectively handle traffic issues before they overload your network. Policing enables you to
determine how traffic is managed by the network to avoid congestion and system inefficiencies, thereby
increasing network availability and maximizing the use of bandwidth.
This chapter describes the policing capabilities of the Cisco 10000 series router. It includes the following
topics:
6-1
Chapter 6
Policing Traffic
Traffic Policing
Traffic Policing
Traffic policing is a traffic regulation mechanism that is used to limit the rate of traffic streams. Policing
allows you to control the maximum rate of traffic sent or received on an interface. Policing propagates
bursts of traffic and is applied to the inbound or outbound traffic on an interface. When the traffic rate
exceeds the configured maximum rate, policing drops or remarks the excess traffic. Although policing
does not buffer excess traffic, a configured queuing mechanism applies to conforming packets that might
need to be queued while waiting to be serialized at the physical interface.
Traffic policing uses a token bucket algorithm to manage the maximum rate of traffic. This algorithm is
used to define the maximum rate of traffic allowed on an interface at a given moment in time. The token
bucket algorithm is especially useful in managing network bandwidth in cases where several large
packets are sent in the same traffic stream. The algorithm puts tokens into the bucket at a certain rate.
Each token is permission for the source to send a specific number of bits into the network. With policing,
the token bucket determines whether a packet exceeds or conforms to the applied rate. In either case,
policing implements the action you configure such as setting the IP precedence or differentiated services
code point (DSCP). For more information about the token bucket, see the Metering Traffic and Token
Buckets section on page 6-18.
Policing restricts the output rate to a maximum kilobits per second (kbps) value or to a percentage of the
available or unused bandwidth. Policing does not provide a minimum bandwidth guarantee during
periods of congestion; to provide these guarantees, you must use the bandwidth or priority command.
Policing is class-based in that the policer is applied to a specific class of traffic within a policy map by
using the police command. When you attach the service policy to an interface, the router applies the
policing action to the packets that match that class.
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.0(25)S
Release 12.2(16)BX
PRE2
Release 12.3(7)XI
PRE2
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
Release 12.2(33)SB
This feature was introduced on the PRE4 and enhanced to PRE2, PRE3,
support marking of the ATM CLP bit, Frame Relay DE bit, PRE4
and CoS bit using a police action for the PRE2, PRE3, and
PRE4.
6-2
OL-7433-09
Chapter 6
Policing Traffic
Traffic Policing
Policing Actions
Table 6-1 lists the actions the router can take on packets. These are the actions you specify in the police
command.
Note
Table 6-1
In Table 6-1, the term transmit means that the packet is passed through the policer for further processing.
The policer acts as a filter before the packet is passed on to the next event to happen.
Policing Actions
Action
Description
drop
Release 12.0(17)SL
Release 12.3(7)XI
PRE2
Release 12.2(33)SB
PRE2, PRE3, PRE4
set-cos-transmit value
Sets the class of service (CoS) bits of a packet and Release 12.2(33)SB
transmits the packet with the new CoS setting.
PRE2, PRE3, PRE4
Valid values are 0 to 7.
set-cos-inner-transmit value
set-discard-class-transmit
set-dscp-tunnel-transmit value
set-dscp-transmit value
Release 12.3(7)XI
PRE2
Sets the DSCP bits in the packet headers of traffic Release 12.2(31)SB2
streams aggregated into the same tunnel. This
PRE3
enables the streams to receive a different level of
QoS processing at the outer ToS fields QoS
domain. Valid values are from 0 to 63 or one of the
following reserved keywords:
EF (expedited forwarding)
6-3
Chapter 6
Policing Traffic
Table 6-1
Action
Description
set-frde-transmit
Release 12.2(33)SB
Release 12.0(22)S
Release 12.3(7)XI
set-mpls-exp-transmit value
set-mpls-exp-imposition-transmit
value
PRE2
set-prec-transmit value
Release 12.0(17)SL
PRE1
set-qos-transmit value
Sets the QoS group value and transmits the packet Release 12.0(17) SL
with the new QoS group value setting. Valid values
PRE1
are from 0 to 99.
transmit
Release 12.0(17)SL
PRE1
In all releases prior to Cisco IOS Release 12.0(25)S and Release 12.3(7)XI, the router provides a
two-color marker. A two-color marker classifies traffic into two groups: traffic that conforms to the
specified committed information rate (CIR) and burst sizes, and traffic that exceeds either the CIR
or the burst sizes.
6-4
OL-7433-09
Chapter 6
Policing Traffic
Single-Rate Color Marker for Traffic Policing
In Cisco IOS Release 12.0(25)S and Release 12.3(7)XI, and later releases, the router adds support
for an IETF-defined, RFC 2697-based, single rate, three-color marker by adding the ability to
classify nonconforming traffic into a third group: traffic that violates the CIR. The three-color
marker distinguishes between the nonconforming traffic that occasionally bursts a certain number
of bytes more than the CIR and the traffic that continually violates the CIR allowance. Applications
can utilize the three-color marker to provide three service levels: guaranteed, best effort, and deny.
The router maintains the behavior of the two-color marker by automatically setting the violate action
to be the same as the exceed action (unless you configure the violate action). Therefore, you can
continue to use the two-color marker. However, it is important to note that the router collects
statistics for conforming, exceeding, and violating packets. Therefore, when verifying packet counts
be sure to observe all three statistical categories to ensure an accurate count.
Description
Required PRE
Release 12.0(17)SL
Release 12.0(25)S
PRE1
Release 12.2(16)BX
PRE2
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
6-5
Chapter 6
Policing Traffic
Syntax Description
cir
bps
Specifies the average rate in bits per second (bps). Valid values are from
8,000 to 2,488,320,000 bps. If you only specify police bps, the router
transmits the traffic that conforms to the bps value and drops the traffic that
exceeds the bps value. For information on how the router calculates the
policing rate, see the Policing Rate Granularity section on page 6-25.)
bc burst-normal
(Optional) Normal or committed burst (bc) size used by the first token
bucket for policing. The burst-normal specifies the bc value in bytes. Valid
values are from 1 to 512,000,000. The default is 9,216 bytes. For more
information, see the Committed Bursts and Excess Bursts section on
page 6-21.
be burst-excess
(Optional) Excess burst (be) size used by the second token bucket for
policing. The burst-excess specifies the excess burst in bytes. Valid values
are from 0 to 1,024,000,000 bytes. The default is 0. You must specify
burst-normal before you specify burst-excess. For more information, see
the Committed Bursts and Excess Bursts section on page 6-21.
Note
When the be value equals 0, we recommend that you set the egress
bc value to be greater than or equal to the ingress bc value plus 1.
Otherwise, packet loss can occur. For example:
be = 0
egress bc >= ingress bc + 1
conform-action action
Specifies the action to take on packets that conform to the rate limit. The
default action is transmit. You must specify burst-excess before you specify
the conform-action.
exceed-action action
Specifies the action to take on packets that exceed the rate limit, but not the
PIR. The default action is drop. You must specify the conform-action
before you specify the exceed-action.
violate-action action
See Table 6-1 on page 6-3 for a description of each action you can specify in the police command.
For information about conforming, exceeding, and violating traffic, see the Usage Guidelines for the
police Command section on page 6-7
6-6
OL-7433-09
Chapter 6
Policing Traffic
Single-Rate Color Marker for Traffic Policing
Description
Release 12.0(17)SL
Release 12.0(22)S
Release 12.0(25)S
Release 12.2(16)BX
Release 12.3(7)XI
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
This command was introduced on the PRE3 to allow you to police traffic on
the L2TP access concentrator (LAC) based on the value of a packets IP
DSCP bits. The set-frde-transmit policing action was also added for the
PRE3.
6-7
Chapter 6
Policing Traffic
Note
For information about the single-rate color marker, see the Single-Rate Color Marker for Traffic
Policing section on page 6-4.
The two-rate policer is often configured on interfaces at the edge of a network to limit the rate of traffic
entering or leaving the network. In addition to rate-limiting traffic, the policers three-color marker can
mark packets according to whether the packet conforms (green), exceeds (yellow), or violates (red) a
specified rate. You decide the actions you want the router to take for conforming, exceeding, and
violating traffic. For example, you can configure conforming packets to be sent, exceeding packets to be
sent with a decreased priority, and violating packets to be dropped. In most common configurations,
traffic that conforms is sent and traffic that exceeds is sent with decreased priority or is dropped. You
can change these actions according to your network needs.
With packet marking, you can partition your network into multiple priority levels or classes of service
(CoS). For example, you can configure the two-rate three-color marker to do the following:
Assign packets to a QoS group, which the router then uses to determine how to prioritize packets
within the router.
Set the IP precedence level, IP DSCP value, or the MPLS experimental value of packets entering the
network. Networking devices within your network can then use this setting to determine how to treat
the traffic. For example, a weighted random early detection (WRED) drop policy can use the IP
precedence value to determine the drop probability of a packet.
Set the ATM cell loss priority (CLP) bit in ATM cells. The ATM CLP bit is used to prioritize packets
in ATM networks and is set to either 0 or 1. During congestion, the router discards cells with a CLP
bit setting of 1 before it discards cells with a CLP bit setting of 0.
The three-color marker distinguishes between the nonconforming traffic that occasionally bursts a
certain number of bytes more than the CIR and violating traffic that continually violates the PIR
allowance. Applications can utilize the three-color marker to provide three service levels: guaranteed,
best effort, and deny. The three-color marker is useful in marking packets in a packet stream with
different, decreasing levels of assurances (either absolute or relative). For example, a service might
discard all red packets because they exceed both the committed and excess burst sizes, forward yellow
packets as best effort, and forward green packets with a low drop probability.
Note
The router maintains the behavior of the two-color marker by automatically setting the violate action to
be the same as the exceed action (unless you configure the violate action). Therefore, you can continue
to use the two-color marker. However, it is important to note that the router collects statistics for
conforming, exceeding, and violating packets. Therefore, when verifying packet counts be sure to
observe all three statistical categories to ensure an accurate count.
6-8
OL-7433-09
Chapter 6
Policing Traffic
Two-Rate Three-Color Marker for Traffic Policing
The two-rate three-color marker uses a token bucket algorithm to manage the maximum rate of traffic.
The token bucket algorithm can use the values you specify to determine the maximum rate of traffic
allowed on an interface at a given moment in time. All traffic entering or leaving an interface affects the
token bucket algorithm, depending on whether the two-rate policer is configured on an inbound or
outbound interface. The token bucket algorithm is useful in managing network bandwidth when large
packets are sent in the same traffic stream. For more information about the token bucket algorithm, see
the Metering Traffic and Token Buckets section on page 6-18.
To mark traffic without using a policer, see Chapter 7, Marking Traffic.
Description
Required PRE
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
Syntax Description
cir cir
bc burst-normal
(Optional) Specifies the normal or committed burst (bc) size used by the
first token bucket for policing. The burst-normal specifies the bc value in
bytes. Valid values are from 1 to 512,000,000. The default is 9,216 bytes.
For more information, see the Committed Bursts and Excess Bursts
section on page 6-21.
6-9
Chapter 6
Policing Traffic
pir pir
Peak information rate (PIR). Indicates the rate at which the second token
bucket is updated. The pir specifies the PIR value in bits per second. Valid
values are from 8000 to 2,488,320,000.
be peak-burst
(Optional) Specifies the peak burst (be) size used by the second token
bucket for policing. The peak-burst specifies the be value in bytes. The size
depends on the interface used. Valid values are 0 to 1,024,000,000.
Note
When the be value equals 0, we recommend that you set the egress
bc value to be greater than or equal to the ingress bc value plus 1.
Otherwise, packet loss can occur. For example:
be = 0
egress bc >= ingress bc + 1
conform-action action
(Optional) Specifies the action to take on packets that conform to the rate
limit. The default action is transmit. You must specify burst-excess before
you specify the conform-action.
exceed-action action
(Optional) Specifies the action to take on packets that exceed the rate limit,
but not the PIR. The default action is drop. You must specify the
conform-action before you specify the exceed-action.
violate-action action
See Table 6-1 on page 6-3 for a description of each action you can specify.
For information about conforming, exceeding, and violating traffic, see the Usage Guidelines for the
police Command section on page 6-7.
Description
Release 12.2(27)SBB
The single-rate police command was enhanced on the PRE2 to allow you to
configure two traffic policing rates: the committed information rate (CIR)
and the peak information rate (PIR).
Release 12.2(31)SB2
This command was introduced on the PRE3 to allow you to police traffic on
the L2TP access concentrator (LAC) based on the value of a packets IP
DSCP bits.
6-10
OL-7433-09
Chapter 6
Policing Traffic
Percent-Based Policing
Percent-Based Policing
Percent-based policing enables you to configure traffic policing as a percentage of the bandwidth of the
network interface on which policing is applied. Configuring traffic policing based on bandwidth
percentage enables you to use the same policy map for multiple interfaces with differing amounts of
bandwidth.
Percent-based policing also allows you to specify burst sizes in milliseconds (ms). The router calculates
the burst value in milliseconds based on the policing rate.
When you use a percent-based police command within a nested policy, the police percent is based on
the nearest parent shape rate. If no parent shaping exists, the police percent is based on the link
bandwidth. The router calculates the burst value in milliseconds (ms) based on the policing rate.
Percent-based policing supports two traffic policing rates if the parent policy map has only one class
defined: the class-default class. The parent policy does only match-any matching when applying the
class-default shaping rate.
Description
Required PRE
Release 12.0(25)SX
PRE1
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
Release 12.2(31)SB2
6-11
Chapter 6
Policing Traffic
Percent-Based Policing
Syntax Description
cir
percent percent
bc normal-burst-in-msec (Optional) Specifies the normal or committed burst size (CBS) that the
first token bucket uses for policing traffic. Specify the CBS value in
milliseconds (ms). Valid values are from 1 to 2000. The default value is
the greater of 2 ms worth of bytes at the police rate or the network
minimum transmission unit (MTU).
pir pir
be excess-burst-in-msec
(Optional) Specifies the excess burst size (EBS) that the second token
bucket uses for policing traffic. Specify the EBS value in milliseconds
(ms). Valid values are from 0 to 2000. The default value is zero (0). You
must specify normal-burst-in msec before you specify
excess-burst-in-msec.
Note
conform-action action
(Optional) Specifies the action to take on packets that conform to the rate
limit. The default action is transmit. You must specify a value for
excess-burst-in-msec before you specify the conform-action.
exceed-action action
(Optional) Specifies the action to take on packets that exceed the rate limit,
but not the PIR. The default action is drop. You must specify the
conform-action before you specify the exceed-action.
violate-action action
See Table 6-1 on page 6-3 for a description of each action you can specify.
For information about conforming, exceeding, and violating traffic, see the Usage Guidelines for the
police Command section on page 6-7.
Description
Release 12.0(25)SX
Release 12.3(7)XI
6-12
OL-7433-09
Chapter 6
Policing Traffic
Control Plane Policing
Description
Release 12.2(28)SB
This command was enhanced on the PRE2 to allow you to configure two
traffic policing rates as a percentage: the committed information rate (CIR)
and the peak information rate (PIR)
Release 12.2(31)SB2
This command was introduced on the PRE3 to allow you to police traffic on
the L2TP access concentrator (LAC) based on the value of a packets IP
DSCP bits.
Example
The following configuration polices Data traffic at 20 percent and sets the PIR to 25 percent.
Router(config)# policy-map Business
Router(config-pmap)# class Data
Router(config-pmap-c)# police percent 20 3 ms pir 25 10 ms
6-13
Chapter 6
Policing Traffic
The Set ATM CLP Bit Using a Policer feature polices the traffic on the inbound interface of the provider
edge (PE) router where the attachment VC terminates. Marking of the ATM cells using the
set-clp-transmit policing action occurs on the outbound interface. Therefore, when configuring this
feature for AToM, you must attach a policy map that includes the set-clp-transmit action to the interface
upon which the ATM VC terminates or, in other words, attach the policy map to the input interface of
the PE.
The router supports the set-clp-transmit policing action in single-rate and dual-rate policing policies, and
in hierarchical policies.
The router allows you to simultaneously configure the policing actions set-clp-transmit and
set-mpls-exp-imposition-transmit in a single police command on the Layer 2 VPN inbound interface.
Feature History for Set ATM CLP Bit Marking As a Police Action
Cisco IOS Release
Description
Required PRE
Release 12.3(7)XI
PRE2
Release 12.2(33)SB
PRE3, PRE4
Description
Required PRE
Release 12.2(33)SB
This feature was introduced on the PRE2, PRE3, and PRE4. PRE2, PRE3,
PRE4
6-14
OL-7433-09
Chapter 6
Policing Traffic
Set Layer 2 CoS as a Policer Action
Description
Required PRE
Release 12.2(33)SB
PRE2, PRE3,
PRE4
Description
Required PRE
Release 12.2(33)SB
PRE2, PRE3,
PRE4
6-15
Chapter 6
Policing Traffic
Feature History for Set Inner and Outer CoS as a Policer Action
Cisco IOS Release
Description
Required PRE
Release 12.2(33)SB
PRE2, PRE3,
PRE4
Note
The router allows only the dual action combinations listed above and does not do error checking for these
actions.
For example, you can specify the first conform-action as set-frde-transmit and the second
conform-action as set-mpls-exp-imposition-transmit. If desired, you can then specify these same two
actions as the action for the first and second exceed actions and for the two violate actions.
6-16
OL-7433-09
Chapter 6
Policing Traffic
Policing Support for GRE Tunnels
If you upgrade from a Cisco IOS software release that does not support dual police actions to a
Cisco IOS release that supports dual police actions, the police command displays on a single line. If you
configure each police action on a separate line and then downgrade to a Cisco IOS release that does not
support dual actions, the router rejects the policer.
For backward compatibility, the router accepts the police command on a single line, but after entering
the police command, the router enters policy-map-class-police configuration mode.
Description
Required PRE
Release 12.2(33)SB
This feature was introduced on the router for the PRE3 and PRE3, PRE4
PRE4.
Physical
ATM variable bit rate (VBR) and constant bit rate (CBR) PVCs, and point-to-point subinterfaces
Frame Relay permanent virtual circuits (PVCs), point-to-point subinterfaces, and map classes
Ethernet VLANs
IP tunnel
6-17
Chapter 6
Policing Traffic
Note
The router supports the police command on inbound and outbound interfaces.
Interfaces Not Supporting the police Command
The router updates the tokens in the conforming bucket. If the previous arrival of the packet was at
the rate of T1 (1.544 Mbps) and the current arrival of the packet is at T, the router updates the bucket
with T minus T1 worth of bits based on the token arrival rate. The router places refill tokens in the
conforming bucket. If the tokens overflow the conforming bucket, the router places the overflow
tokens in the exceeding bucket.
The router calculates the token arrival rate in the following way:
(time between packets * policer rate) / 8 bytes
where time between packets equals T T1
If the number of bytes in the conforming bucket is greater than or equal to 0, the packet conforms.
The router removes the number of bytes of the packet from the conforming bucket and takes the
conform action on the packet. In this scenario, the exceeding bucket is unaffected.
If the number of bytes in the conforming bucket is less than 0, the router checks the exceeding bucket
for bytes. If the number of bytes in the exceeding bucket is greater than or equal to 0, the router
removes the number of bytes of the packet from the exceeding token bucket and takes the exceed
action. The router does not remove bytes from the conforming bucket.
6-18
OL-7433-09
Chapter 6
Policing Traffic
Metering Traffic and Token Buckets
If the number of bytes in the exceeding bucket is less than 0, the packet violates the rate and the
router takes the violate action.
A traffic stream is conforming when the average number of bytes over time does not cause the
committed token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic
stream green.
A traffic stream is exceeding when it causes the committed token bucket to overflow into the peak
token bucket. When this occurs, the token bucket algorithm marks the traffic stream yellow. The
peak token bucket is filled as long as the traffic exceeds the police rate.
The peak token bucket can hold bytes up to the size of the peak burst (be) before overflowing. This token
bucket holds the tokens that determine whether a packet violates the PIR. A traffic stream is violating
when it causes the peak token bucket to overflow. When this occurs, the token bucket algorithm marks
the traffic stream red.
The dual-token bucket algorithm provides users with three actions for each packeta conform action,
an exceed action, and an optional violate action. Traffic entering a queue with the two-rate policer
configured is placed into one of these categories. Within these three categories, users can decide packet
treatments. For instance, packets that conform can be configured to be sent; packets that exceed can be
configured to be sent with a decreased priority; and packets that violate can be configured to be dropped.
Figure 6-1 shows how the two-rate policer marks a packet and assigns a corresponding action to the
packet.
6-19
Chapter 6
Policing Traffic
Figure 6-1
CIR
PIR
Bc
Be
B > Tp
No
B > Tc
No
Packet of size B
Yes
Violate
Exceed
Conform
Action
Action
Action
60515
Yes
For example, if a data stream with a rate of 250 kbps arrives at the two-rate policer, and the CIR is
100 kbps and the PIR is 200 kbps, the policer marks the packet in the following way:
The router updates the tokens for both the committed and peak token buckets in the following way:
The router updates the committed token bucket at the CIR value each time a packet arrives at the
interface. The committed token bucket can contain up to the committed burst (bc) value.
The router updates the peak token bucket at the PIR value each time a packet arrives at the interface.
The peak token bucket can contain up to the peak burst (be) value.
When an arriving packet conforms to the CIR, the router takes the conform action on the packet and
decrements both the committed and peak token buckets by the number of bytes of the packet.
When an arriving packet exceeds the CIR, the router takes the exceed action on the packet,
decrements the committed token bucket by the number of bytes of the packet, and decrements the
peak token bucket by the number of overflow bytes of the packet.
When an arriving packet exceeds the PIR, the router takes the violate action on the packet, but does
not decrement the peak token bucket.
6-20
OL-7433-09
Chapter 6
Policing Traffic
Committed Bursts and Excess Bursts
Committed Bursts
The committed burst (bc) parameter of the police command implements the first, conforming (green)
token bucket that the router uses to meter traffic. The bc parameter sets the size of this token bucket.
Initially, the token bucket is full and the token count is equal to the committed burst size (CBS).
Thereafter, the meter updates the token counts the number of times per second indicated by the
committed information rate (CIR).
The following describes how the meter uses the conforming token bucket to send packets:
If sufficient tokens are in the conforming token bucket when a packet arrives, the meter marks the
packet green and decrements the conforming token count by the number of bytes of the packet.
If there are insufficient tokens available in the conforming token bucket, the meter allows the traffic
flow to borrow the tokens needed to send the packet. The meter checks the exceeding token bucket
for the number of bytes of the packet. If the exceeding token bucket has a sufficient number of tokens
available, the meter marks the packet:
a. Green and decrements the conforming token count down to the minimum value of 0.
b. Yellow, borrows the remaining tokens needed from the exceeding token bucket, and decrements
the exceeding token count by the number of tokens borrowed down to the minimum value of 0.
Note
If an insufficient number of tokens is available, the meter marks the packet red and does not
decrement either of the conforming or exceeding token counts.
When the meter marks a packet with a specific color, there must be a sufficient number of tokens of that
color to accommodate the entire packet. Therefore, the volume of green packets is never smaller than the
committed information rate (CIR) and committed burst size (CBS). Tokens of a given color are always
used on packets of that color.
The default committed burst size is the greater of 2 milliseconds of bytes at the police rate or the network
maximum transmission unit (MTU).
6-21
Chapter 6
Policing Traffic
Note
Note
When the be value equals 0, we recommend that you set the egress bc value to be greater than or equal
to the ingress bc value plus 1. Otherwise, packet loss can occur. For example:
be = 0
egress bc >= ingress bc + 1
Excess Bursts
The excess burst (be) parameter of the police command implements the second, exceeding (yellow)
token bucket that the router uses to meter traffic. The exceeding token bucket is initially full and the
token count is equal to the excess burst size (EBS). Thereafter, the meter updates the token counts the
number of times per second indicated by the committed information rate (CIR).
The following describes how the meter uses the exceeding token bucket to send packets:
When the first token bucket (the conforming bucket) meets the committed burst size (CBS), the
meter allows the traffic flow to borrow the tokens needed from the exceeding token bucket. The
meter marks the packet yellow and then decrements the exceeding token bucket by the number of
bytes of the packet.
If the exceeding token bucket does not have the required tokens to borrow, the meter marks the
packet red and does not decrement the conforming or the exceeding token bucket. Instead, the meter
performs the exceed-action configured in the police command (for example, the policer drops the
packets).
6-22
OL-7433-09
Chapter 6
Policing Traffic
Data Included in the Policing Rate
Low burst valuesIf you configure burst values too low, the achieved rate might be much lower than
the configured rate.
Temporary burstsThese bursts can have a strong adverse impact on throughput of Transmission
Control Protocol (TCP) traffic.
It is important that you set the burst values high enough to ensure good throughput. If your router drops
packets and reports an exceeded rate even though the conformed rate is less than the configured CIR, use
the show interface command to monitor the current burst, determine whether the displayed value is
consistently close to the committed burst (bc) and excess burst (be) values, and if the actual rates (the
committed rate and exceeded rate) are close to the configured committed rate. If not, the burst values
might be too low. Try reconfiguring the burst rates using the suggested calculations in the Committed
Burst Calculation section on page 6-22 and the Excess Burst Calculation section on page 6-22.
Media
Data Included
Data Excluded
Frame Relay
Layer 2 framing
Ethernet
Layer 2 framing
Layer 2 framing
No cell header
Cell overhead
6-23
Chapter 6
Policing Traffic
Table 6-2
Media
Data Included
Data Excluded
ATM
(UBR)
Layer 2 framing
Class-Based Shaping
Cell overhead
ATM
(CBR)
Layer 2 framing
Class-Based Shaping
Cell overhead
1. The router does not account for flags or Frame Check Sequence (FCS) that the hardware adds or removes.
Table 6-3 describes what bandwidth is based on for each media type.
Table 6-3
Media
Bandwidth Based On
Frame Relay
Fragments1
Ethernet
Bits
1. For Frame Relay networks with link fragmentation and interleaving (LFI) enabled.
Be sure to take into account the framing and cell overhead when specifying a minimum bandwidth for a
class. For example, if you need to commit a rate of 1000 64-byte packets per second and each packet has
4 bytes of framing overhead, instead of using 512 kbps in the bandwidth or police command, use
544 kbps, calculated as follows:
1000 * (64 + 4) * 8 /1000 = 544
A similar scenario for ATM requires 848 kbps because each 64-byte packet requires two cells of
53 bytes.
1000 * 2 * 53 * 8 / 1000 = 848
6-24
OL-7433-09
Chapter 6
Policing Traffic
Policing Rate Granularity
The router converts the policing rate you specify in bits per second to 8,000-byte increments. When
you specify a policing rate, the router rounds the rate up or down to the nearest multiple of 8000.
For example, if you request 127,000 bps, the router rounds up to 128,000 bps; for 124,000 bps, the
router rounds up to 128,000 bps; and for 123,999 bps the router rounds down to 120,000 bps.
Percent-Based Policing
The committed information rate (CIR) is based on a percentage of the maximum amount of
bandwidth available on the interface.
For percent-based policing, the burst value in milliseconds is based on the policing rate.
Within a nested policy, the police percentage is based on the nearest parent shape rate. If no parent
shaping exists, the police percentage is based on the link bandwidth.
Example 6-2 shows how to configure the priority and police percent commands for a priority class:
Example 6-2
6-25
Chapter 6
Policing Traffic
You can configure a maximum of 131,072 (PRE1) or 262,144 (PRE2) policing instances.
The router supports only the policing actions listed in Table 6-1 on page 6-3.
You cannot specify multiple conform or exceed actions for a specific class in a policy map.
In releases prior to Cisco IOS Release 12.2(33)SB, the router supports up to 16 police action types.
In Cisco IOS Release 12.2(33)SB and later releases, the router supports up to 32 police action types.
The router does not allow you to attach a policy map to the inbound interface when the policy map
contains a set-cos-transmit or set-cos-inner-transmit policing action.
The router supports only the following combinations of dual actions on the output interface:
set-cos-transmit and set-cos-inner-transmit
The router allows the set-cos-transmit police action only when it is applied to an output policy.
The set-cos-transmit police action sets only the outer CoS bits.
The router allows the set-cos-inner-transmit police action only when it is applied to an output policy.
6-26
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
The set-cos-inner-transmit police action sets only the inner CoS bits.
The router supports the set-cos-inner-transmit policing action only on QinQ subinterfaces. If you
configure this policing action in a flat policy map or a 2-level hierarchical policy and attach the
policy to an interface that is not a QinQ subinterface, the router displays an error message. However,
if you configure the set-cos-inner--transmit action in a 3-level policy map and attach the policy to a
non-QinQ subinterface, no error message displays and the router appears to accept the policy.
Therefore, we recommend that you do not use the set-cos-inner-transmit policing action in a 3-level
policy map attached to non-QinQ subinterfaces.
The router supports the set-clp-transmit and set frde-transmit police actions on the ingress for an
Any Transport over MPLS (AToM) Layer 2 VPN (L2VPN) configuration only.
The router supports only the following combinations of dual actions on the AToM L2VPN ingress:
set-clp-transmit and set-mpls-exp-imposition-transmit
set-frde-transmit and set-mpls-exp-imposition-transmit
The router does not perform extensive error checking to reject invalid combinations of dual actions.
If you provide unsupported combinations, the results may be unpredictable.
On the PRE3 and PRE4, the router enters policy-map-class-police configuration mode after you
enter the police command, regardless of whether the command specifies a single action or dual
actions.
On the PRE3 and PRE4, when specifying multiple actions, the router displays each action on a
separate line.
Configuring Single-Rate Traffic Policing Based on Bits per Second, page 6-28
For more information about classifying traffic and creating QoS service policies, see Chapter 2,
Classifying Traffic and Chapter 3, Configuring QoS Policy Actions and Rules.
6-27
Chapter 6
Policing Traffic
Step 1
Command
Purpose
Step 2
Step 3
Configuration Examples for Configuring Single-Rate Traffic Policing Based on Bits per Second
This section provides the following configuration examples:
Configuration Example for Configuring a Single Policing Rate and Burst Sizes, page 6-28
Configuration Example for Configuring Single-Rate Policing in a Hierarchical Policy, page 6-30
Configuration Example for Policing PPPoE over ATM Sessions, page 6-31
Configuration Example for Configuring a Single Policing Rate and Burst Sizes
Example 6-3 shows how to configure a policing rate for the class named group1 in the policy map named
police. In the example, the router polices group1 traffic at 8000 bits per second and allows committed
bursts of 2000 bytes and excess bursts of 4000 bytes.
Example 6-3
6-28
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
6-29
Chapter 6
Policing Traffic
6-30
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
6-31
Chapter 6
Policing Traffic
Step 1
Command
Purpose
Step 2
Step 3
Configuration Example for Configuring Percent-Based Policing in a Hierarchical Policy, page 6-34
6-32
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
6-33
Chapter 6
Policing Traffic
6-34
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
6-35
Chapter 6
Policing Traffic
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
6-36
OL-7433-09
Chapter 6
Policing Traffic
Configuring Traffic Policing
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
Step 4
Router(config-pmap-c-police)#
conform-action action
Step 5
Router(config-pmap-c-police)#
exceed-action action
Step 6
Router(config-pmap-c-police)#
exceed-action action
Step 7
Router(config-pmap-c-police)#
violate-action action
Step 8
Router(config-pmap-c-police)#
violate-action action
6-37
Chapter 6
Policing Traffic
Configuration Examples
Configuration Examples
This section provides the following configuration examples:
The following shows sample output from the show policy-map command:
Router# show policy-map clp
Policy Map clp
Class class-default
police 104000 100 10
conform-action set-clp-transmit
conform-action set-mpls-exp-transmit 1
exceed-action set-clp-transmit
exceed-action set-mpls-exp-transmit 2
violate-action set-clp-transmit
violate-action set-mpls-exp-transmit 3
The following shows sample output from the show running-config command beginning at the point
where clp is specified:
Router# show running-config | begin clp
|show running-config begin clp
class class-default
police 104000 100 10
conform-action set-clp-transmit
conform-action set-mpls-exp-transmit 1
exceed-action set-clp-transmit
exceed-action set-mpls-exp-transmit 2
violate-action set-clp-transmit
violate-action set-mpls-exp-transmit 3
If the policy map is attached to an ATM PVC that is configured for Layer 2 VPN, the output from the
show policy-map interface command displays the following information:
Router# show policy-map interface atm4/0/0.1
ATM4/0/0.1: VC 1/100 Service-policy input: clp
6-38
OL-7433-09
Chapter 6
Policing Traffic
Configuration Examples
The following shows sample output from the show policy-map command:
Router# show policy-map frde
Policy Map frde
Class class-default
police 104000 100 10
conform-action set-frde-transmit
conform-action set-mpls-exp-imposition-transmit 1
exceed-action set-frde-transmit
exceed-action set-mpls-exp-imposition-transmit 2
violate-action set-frde-transmit
violate-action set-mpls-exp-imposition-transmit 3
The following shows sample output from the show running-config command:
Router# show running-config | begin frde
|show running-config begin frde
class class-default
police 104000 100 10
conform-action set-frde-transmit
conform-action set-mpls-exp-imposition-transmit 1
exceed-action set-frde-transmit
exceed-action set-mpls-exp-imposition-transmit 2
violate-action set-frde-transmit
violate-action set-mpls-exp-imposition-transmit 3
6-39
Chapter 6
Policing Traffic
Configuration Examples
If the policy map is attached to Frame Relay DLCI 101 that is configured for Layer 2 VPN, the output
from the show policy-map interface command displays the following information:
Router# show policy-map serial4/0/0.1
Serial4/0/0.1: DLCI 101 Service-policy input: frde
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Police:
104000 bps, 100 limit, 10 extended limit
conformed 0 packets, 0 bytes; action:
set-frde-transmit
set-mpls-exp-imposition-transmit 1
exceeded 0 packets, 0 bytes; action:
set-frde-transmit
set-mpls-exp-imposition-transmit 2
violated 0 packets, 0 bytes; action:
set-frde-transmit
set-mpls-exp-imposition-transmit 3
The following example shows sample output from the show running-config command for a 2-level
hierarchical policy that is configured with the set-cos-transmit action on the PRE2:
policy-map in-parent
class class-default
police percent 85 1000 ms 2000 ms conform-action transmit exceed-action drop
violate-action drop
service-policy in-child
policy-map in-child
class c0
priority
police 1000000 20000 30000 conform-action set-cos-transmit
set-cos-transmit 0 violate-action set-cos-transmit 0
class c1
police 1000000 20000 30000 conform-action set-cos-transmit
set-cos-transmit 1 violate-action set-cos-transmit 1
class c2
police 1000000 20000 30000 conform-action set-cos-transmit
set-cos-transmit 2 violate-action set-cos-transmit 2
class c3
police 1000000 20000 30000 conform-action set-cos-transmit
set-cos-transmit 3 violate-action set-cos-transmit 3
0 exceed-action
1 exceed-action
2 exceed-action
3 exceed-action
6-40
OL-7433-09
Chapter 6
Policing Traffic
Verifying and Monitoring Traffic Policing
class c4
police 1000000 20000 30000 conform-action set-cos-transmit 4 exceed-action
set-cos-transmit 4 violate-action set-cos-transmit 4
class class-default
police 1000000 20000 30000 conform-action set-cos-transmit 5 exceed-action
set-cos-transmit 5 violate-action set-cos-transmit 5
On the PRE3, output from the show running-config command is the same as the above sample output,
except that the priority command configured in class c0 displays as priority level level-number.
On the PRE2 and PRE3, the show policy-map interface commands displays the set-cos-transmit action
and corresponding value when configured as a police action in a policy map.
Purpose
6-41
Chapter 6
Policing Traffic
6-42
OL-7433-09
Chapter 6
Policing Traffic
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
DiffServ
Policing
Single-rate policer
Release Notes for the Cisco 10000 Series ESR for Cisco IOS
Release 12.0(23)SX
New Features in Cisco IOS Release 12.0(23)SX > Single-Rate
3-Color Marker for Traffic Policing
RFC 2697, A Single Rate Three Color Marker
6-43
Chapter 6
Policing Traffic
Related Documentation
Feature
Related Documentation
Token bucket
6-44
OL-7433-09
CH A P T E R
Marking Traffic
To service the growing numbers of customers and their needs, service provider networks have become
more complex and often include both Layer 2 and Layer 3 network devices. With this continued growth,
service providers must quickly identify the packets streaming across the network and apply the
appropriate service behavior before sending them to their destinations.
A differentiated service (DiffServ) model enables you to classify packets based on traffic classes. In this
model, traffic marking allows you to partition your network into multiple priority levels or classes of
service. By marking traffic, other network devices along the forwarding path can quickly determine the
proper class of service (CoS) to apply to a traffic flow.
An important aspect of DiffServ is that the markings must be consistently interpreted from end-to-end.
All devices in the network path must understand the per-hop behavior to apply to a specific class of
traffic. If one of the routers in the path does not act appropriately, the overall service for a particular
packet might not be as desired.
This chapter describes the marking capabilities of the Cisco 10000 series router. It includes the following
topics:
7-1
Chapter 7
Marking Traffic
Action
Description
Layer
Section Reference
atm-clp
cos
discard-class
Internal
Discard-Class Marking,
page 7-16
dscp
IP Differentiated Services
Code Point Marking,
page 7-6
mpls experimental
imposition
MPLS Experimental
Marking, page 7-14
ip precedence
IP Precedence Marking,
page 7-4
qos-group
Internal
7-2
OL-7433-09
Chapter 7
Marking Traffic
QoS Packet Marking
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.0(22)S
Release 12.2(16)BX
Release 12.3(7)XI1
Release 12.2(28)SB
Release 12.2(31)SB2
Release 12.2(33)SB
PRE2
PRE3, PRE4
Packet marking allows you to partition your network into multiple priority levels or classes of service.
Layer 2 to Layer 3 Mapping
If a packet that needs to be marked to differentiate user-defined QoS services is leaving the router and
entering a switch, the router can set the class of service (CoS) value of the packet because the switch can
process the Layer 2 CoS header marking.
Weighted Random Early Detection Configuration
Weighted random early detection (WRED) uses IP precedence values or IP DSCP values to determine
the drop probability of a packet. Therefore, you can use the IP precedence and IP DSCP markings with
the WRED feature.
Improved Bandwidth Management in ATM Networks
The ability to set the ATM CLP bit allows you to extend your IP QoS policies into an ATM network. As
congestion occurs in the ATM network, cells with the CLP bit set are more likely to be dropped, resulting
in improved network performance for higher priority traffic and applications.
7-3
Chapter 7
Marking Traffic
IP Precedence Marking
IP Precedence Marking
You can mark the importance of a packet by using the IP precedence marking mechanism. IP precedence
marking helps to do the following:
Avoid congestionIP precedence field is used to determine how to handle packets when
packet-dropping mechanisms, such as weighted random early detection (WRED), are configured.
Police trafficNetworking devices within the network can use IP precedence values to determine
how to handle inbound traffic based on the transmission rate.
Layer 2 media often changes as packets traverse from source to destination. A more ubiquitous marking
can occur at Layer 3, using the IP type of service (ToS) byte. The ToS byte is the second byte in an IPv4
packet. The first three bits of the ToS byte are the IP precedence bits, which enable you to set eight IP
precedence markings (0 through 7).
Table 7-2 lists the 8 different IP precedence markings defined in RFC 791. Notice that IP precedence 6
and 7 are used for network control. Do not use IP precedence 6 or 7 to mark packets, unless you are
marking control packets.
Table 7-2
IP Precedence Values
Precedence Value
Precedence Name
Binary Value
Recommended Use
Routine
000
Priority
001
Data applications
Immediate
010
Flash
011
Call signaling
Flash Override
100
Critic
101
Voice
Internetwork Control
110
Network Control
111
You can configure a QoS policy to include IP precedence marking for packets entering the network.
Devices within your network can then use the newly marked IP precedence values to determine how to
treat the packets. For example, class-based weighted random early detection (WRED) uses IP
precedence values to determine the probability that a packet is dropped. You can also mark voice packets
with a particular precedence. You can then configure low-latency queuing (LLQ) to place all packets of
that precedence into the priority queue.
7-4
OL-7433-09
Chapter 7
Marking Traffic
IP Precedence Marking
Syntax Description
ip
Specifies that the match is for IPv4 packets only. You must specify this
keyword.
precedence prec-value
Description
Release 12.0(17)SL
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
Release 12.2(33)SB
After the precedence bits are set, other quality of service (QoS) features such as weighted fair queuing
(WFQ) and weighted random early detection (WRED) can then operate on the bit settings.
Precedence Value
The network can give priority (or some type of expedited handling) to marked traffic through the
application of weighted fair queuing (WFQ) or weighted random early detection (WRED) at points
downstream in the network. Typically, you set the precedence value at the edge of the network (or
administrative domain); data then is queued according to the specified precedence. WFQ can speed up
handling for certain precedence traffic at congestion points. WRED can ensure that certain precedence
traffic has lower loss rates than other traffic during times of congestion.
In Cisco IOS Release 12.3(7)XI, the router accepts the set precedence command without specifying the
ip keyword. However, you must specify the set ip precedence command to set the precedence value in
a packet header.
7-5
Chapter 7
Marking Traffic
RFC-2474
RFC-2475
RFC-2597
RFC-2598
The router leverages the IETF definition of the IPv4 1-byte type of service (ToS) field in the IP packet
header by using the six most significant bits of this field (the DSCP bits) to classify traffic into any of
the 64 possible classes. After the router classifies packets, you can use the modular QoS CLI to
implement IETF-defined per-hop behaviors (PHBs), including assured forwarding (AF) and expedited
forwarding (EF).
The router also uses bits in the ToS field to prioritize packets using an IP precedence value. Because the
IP precedence value is actually part of the DSCP value, you cannot simultaneously set both the IP
precedence and DSCP values. If you attempt to, an error message displays.
Figure 7-1 shows the DSCP bits in the ToS field.
Figure 7-1
VER
HL
TOS
LEN
ID
FLAG
OFFSET
TTL
PROTO
CS
SIP
DIP
DSCP
87065
7 6 5 4 3 2 1 0 1-Byte TOS
7-6
OL-7433-09
Chapter 7
Marking Traffic
IP Differentiated Services Code Point Marking
Again, vendor-specific mechanisms need to be configured to implement these PHBs. For more
information about EF PHB, see RFC-2598. To implement the PHBs, you must configure vendor-specific
mechanisms. For more information, see the appropriate RFC as indicated in Table 7-4 on page 7-8.
Assured Forwarding
There are four assured forwarding (AF) classes, AF1x through AF4x. The first number corresponds to
the AF class and the second number (x) refers to the level of drop preference within each AF class. There
are three drop probabilities, ranging from 1 (low drop) through 3 (high drop). Depending on a network
policy, packets can be selected for a PHB based on required throughput, delay, jitter, loss, or according
to the priority of access to network services. AF allows for a committed information rate between
multiple classes in a network according to desired policies.
Table 7-3 provides the DSCP coding and drop probability for AF classes 1 through 4. Bits 0, 1, and 2
define the class; bits 3 and 4 specify the drop probability; bit 5 is always 0.
Table 7-3
Drop Probability
Class 1
Class 2
Class 3
Class4
Low Drop
001010
010010
011010
100010
AF11
AF21
AF31
AF41
DSCP 10
DSCP 18
DSCP 26
DSCP 34
001100
010100
011100
100100
AF12
AF 22
AF32
AF42
DSCP 12
DSCP 20
DSCP 28
DSCP 36
001110
010110
011110
100110
AF13
AF23
AF33
AF43
DSCP 14
DSCP 22
DSCP 30
DSCP 38
Medium Drop
High Drop
Expedited Forwarding
The expedited forwarding (EF) PHB is used to build a low-loss, low-latency, low-jitter, assured
bandwidth, end-to-end service through differentiated services (DiffServ) domains. This PHB appears to
the endpoints like a point-to-point connection or a virtual leased line. EF PHB, also referred to as a
premium service, is suitable for applications such as Voice over IP (VoIP).
The recommended code point for the EF PHB is 101110.
7-7
Chapter 7
Marking Traffic
DSCP Values
The following differentiated services (DiffServ) RFCs define DSCP values:
RFC-2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
The RFCs do not dictate the way to implement PHBs; this is the responsibility of the vendor. Cisco
implements queuing techniques that can base their PHB on the IP precedence or DSCP value in the IP
header of a packet. Based on DSCP or IP precedence, traffic can be put into a particular service class.
Packets within a service class are treated the same way.
Table 7-4 lists only the DSCP values suggested by the DiffServ RFCs.
Table 7-4
DSCP Values
DSCP Value
DSCP Name
Binary Value
Defined in RFC
000000
2475
CS1
001000
16
CS2
010000
24
CS3
011000
32
CS4
100000
40
CS5
101000
48
CS6
110000
56
CS7
111000
10
AF11
001010
12
AF12
001100
14
AF13
001110
18
AF21
010010
20
AF22
010100
22
AF23
010110
26
AF31
011010
28
AF32
011100
30
AF33
011110
34
AF41
100010
36
AF42
100100
38
AF43
100110
46
EF
101110
2597
2598
7-8
OL-7433-09
Chapter 7
Marking Traffic
IP Differentiated Services Code Point Marking
You can configure a QoS policy to include an IP DSCP marking for packets entering the network.
Devices within your network can then use the newly marked IP DSCP values to determine how to treat
the packets. For example, class-based weighted random early detection (WRED) uses IP DSCP values
to determine the probability that a packet is dropped. You can also mark voice packets with a particular
DSCP value. You can then configure low-latency queuing (LLQ) to place all packets of that DSCP value
into the priority queue.
Syntax Description
ip
Specifies that the match is for IPv4 packets only. You must specify this
keyword.
dscp dscp-value
7-9
Chapter 7
Marking Traffic
Description
Release 12.0(17)SL
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
This command was introduced on the PRE3 to allow you to mark the IP
DSCP bits of traffic on the L2TP access concentrator (LAC).
Release 12.2(33)SB
After the DSCP bit is set, other quality of service (QoS) features can then operate on the bit settings.
You cannot use the set ip dscp command with the set ip precedence command to mark the same
packet. DSCP and precedence values are mutually exclusive. A packet can have one value or the
other, but not both.
The network can give priority (or some type of expedited handling) to marked traffic. Typically, you
set the precedence value at the edge of the network (or administrative domain); data is then queued
according to the precedence. Weighted fair queuing (WFQ) can speed up handling for
high-precedence traffic at congestion points. Weighted random early detection (WRED) can ensure
that high-precedence traffic has lower loss rates than other traffic during times of congestion.
In Cisco IOS Release 12.3(7)XI, the router accepts the set dscp command without specifying the
ip keyword. However, you must specify the set ip dscp command to set the DSCP value in a packet
header. The ip keyword is required.
Classify inbound Ethernet packets based on the value in the CoS field
For Layer 2 devices, you can assign priority-indexed IEEE 802.1p CoS values to Ethernet frames.
Layer 2 IEEE 802.1Q frame headers have a 2-byte Tag Control Information field in the 802.1p portion
of the header. The three most-significant bits of this field (the User Priority bits) make up the Layer 2
CoS field. This 3-bit field allows you to mark eight classes of service (0 through 7) on Layer 2 Ethernet
frames. Other QoS tools can then use the CoS marking to classify traffic. For IEEE 802.1Q, the User
Priority bits are set to zero (0) in the Ethernet header.
Figure 7-2 shows the PRI field containing the 3-bit User Priority field.
7-10
OL-7433-09
Chapter 7
Marking Traffic
Class of Service Marking
Figure 7-2
4 bytes
DA
SA
EtherType/Tag header
CFI
LEN/TYPE
VLAN ID
87064
PRE
COS
For CoS-based QoS, the Cisco 10000 series router uses the IP precedence bits in the IP header to give
preference to higher-priority traffic. Layer 3 IP headers have a 1-byte Type of Service (ToS) field. The
router uses the six most significant bits of this field (the differentiated services code point (DSCP) bits)
to prioritize traffic. Figure 5-3 shows the DSCP bits in the TOS field.
Figure 7-3
VER
HL
TOS
LEN
ID
FLAG
OFFSET
TTL
PROTO
CS
SIP
DIP
DSCP
87065
7 6 5 4 3 2 1 0 1-Byte TOS
The router uses the CoS value to determine how to prioritize packets for transmission and can also use
CoS marking to perform Layer 2 to Layer 3 mapping. Using the CoS field, you can differentiate
user-defined QoS services for packets leaving a router and entering a switch. Switches already have the
ability to match and set CoS values; therefore, a router can set the CoS value of a packet to enable
Layer 2 to Layer 3 mapping. The switch can then process the Layer 2 CoS header marking.
To allow the Cisco 10000 series router to interoperate with Layer 2 devices, CoS-based QoS on the router
allows the 802.1p User Priority bits to be mapped to the IP DSCP bits for packets received on inbound
interfaces. The DSCP bits are mapped to the User Priority bits for packets forwarded from outbound
interfaces.
In the inbound direction, you can configure the router to match on the CoS bits and then perform an
action (such as setting the IP precedence or DSCP bits). By default, the router ignores the CoS field of
inbound packets.
In the outbound direction, you can configure the router to set the CoS bits of outbound packets to a value
that you specify. If you do not do this, by default, the router ignores the CoS field and leaves it set to a
default value.
7-11
Chapter 7
Marking Traffic
Syntax Description
cos-value
Description
Release 12.0(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
This command was integrated in Cisco IOS Release 12.2(31)SB2 for the
PRE3.
Release 12.2(33)SB
7-12
OL-7433-09
Chapter 7
Marking Traffic
QoS Group Marking
Syntax Description
group-id
Description
Release 12.0(17)SL
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
7-13
Chapter 7
Marking Traffic
Description
Release 12.0(17)SL
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
Release 12.2(33)SB
7-14
OL-7433-09
Chapter 7
Marking Traffic
MPLS Experimental Marking
The value of the EXP bits determines the per-hop behavior (PHB) for MPLS nodes and is also used as
transparency mechanisms when used with MPLS DiffServ tunneling modes such as pipe and uniform
modes. IP marking does not modify an MPLS packet carrying IP data. You must configure MPLS
marking on an input interface. MPLS marking takes effect only during label imposition. You can
combine marking and policing to change the DSCP and MPLS EXP values of an IP packet during MPLS
label imposition.
A provider edge (PE) router at the edge of the MPLS network can be configured to map the DSCP or IP
precedence field to the MPLS EXP field. The router uses the value of the EXP field as the basis for IP
QoS. As a result, MPLS routers can perform QoS features indirectly, based on the original IP precedence
field inside the MPLS-encapsulated IP packet. The IP packet does not need to be opened to examine the
IP precedence field. When a packet leaves the MPLS network, IP QoS is still based on the DSCP or IP
precedence value in the IP header.
Syntax Description
mpls-exp-value
Specifies the value used to set the MPLS EXP bits. Valid values are from 0
to 7.
Description
Release 12.0(22)S
Release 12.3(7)XI1
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
7-15
Chapter 7
Marking Traffic
Discard-Class Marking
Note
Cisco IOS software replaced the set mpls experimental command with the set mpls experimental
imposition command. However, the Cisco 10000 series router continues to use the set mpls
experimental command for PRE1. For PRE2, the command is set mpls experimental imposition.
Note
The Cisco 10000 series router does not support the set mpls experimental topmost command.
Discard-Class Marking
The discard-class is a 3-bit field that is used to set the per-hop behavior (PHB) for dropping traffic. The
discard-class indicates the drop portion of the PHB. You can set the discard-class on the input interface
to use as a matching criterion and to affect how packets are dropped on the output interface. You can use
the discard-class with weighted random early detection (WRED) on the output interface to classify
packets and determine packet drop probability. You can set up to eight discard-class values (0 through 7).
Syntax Description
value
Description
Release 12.3(7)XI
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
7-16
OL-7433-09
Chapter 7
Marking Traffic
Class-Based Frame Relay DE Bit Marking
The set-frde-transmit command is a policing action for conforming traffic and is used with the police
command. When using the conforming-action set-frde-transmit command, the router sends the frames
through the policers token bucket mechanism for processing and sets the DE bit for all frames that
conform to the committed rate.
The PRE3 and PRE4 support Frame Relay DE bit marking across packet fragments.
Description
Required PRE
Release 12.2(31)SB22
PRE2, PRE3
Release 12.2(33)SB
PRE2, PRE3,
PRE4
7-17
Chapter 7
Marking Traffic
QoS group
Discard-class
7-18
OL-7433-09
Chapter 7
Marking Traffic
Restrictions and Limitations for Marking
Figure 7-4
P2
Packet
headers marked
Tunnel
Outbound
Interface
Tos=xyz
Tos=abc
191282
Tos=abc
Description
Required PRE
Release 12.2(31)SB2
PRE2
You cannot simultaneously configure both the set ip dscp command and the set ip precedence
command in a policy map.
Because IP precedence is actually part of the DSCP value, you cannot simultaneously set both the
IP precedence and DSCP values for a traffic class. A packet can have one value or the other, but not
both. If you do configure both values, the router marks the packet with the DSCP value.
Because the router copies the IP precedence value to the MPLS EXP bits during label imposition,
you cannot simultaneously set both IP precedence and MPLS experimental marking for a class.
In Cisco IOS Release 12.3(7)XI, the router accepts the set precedence and set dscp commands
without specifying the ip keyword. However, you must specify the set ip precedence command to
set the precedence value in a packet header and the set ip dscp command to set the DSCP value. The
ip keyword is required.
In Cisco IOS Release 12.3(7)XI, when you enter the set ? command, the context-sensitive help lists
the fr-de keyword to allow you to set the Frame Relay discard eligibility (DE) bit. However, the
router does not support setting the DE bit in Cisco IOS Release 12.3(7)XI and later releases.
7-19
Chapter 7
Marking Traffic
The router supports the set discard-class command only on the PRE2.
When you use the input per-hop behavior (PHB) marking to classify packets on the output interface,
you must configure the set discard-class command in the input policy.
The router supports CoS-based QoS only on Ethernet interfaces or PPPoE sessions associated with
Ethernet interfaces.
The router supports matching and marking for physical Ethernet interfaces and subinterfaces. The
router supports CoS-based QoS for virtual access interfaces (VAIs) associated with PPPoE
interfaces and it supports classification on the input policy and marking on the output policy.
If the outbound interface is not a tunnel, a policy map with tunnel header marking has no effect on
the packet headers.
The router accepts only input service policies for tunnel header marking. You must apply a policy
map with tunnel header marking to inbound interfaces. If you attempt to apply a service policy with
tunnel header marking to an outbound interface, an error message displays.
You may use the [no] set ip [dscp | precedence] tunnel value command in conjunction with other
input set actions. However, if you specify tunnel header marking as a policer action, using the
set-dscp-tunnel-transmit or set-prec-tunnel-transmit command, then you cannot specify any other
policer action. The router only supports a single police action.
The marking statistics for tunnel header marking are included in the statistical information for the
class map.
Note
Physical
ATM variable bit rate (VBR) and constant bit rate (CBR) PVCs, and point-to-point subinterfaces
Frame Relay permanent virtual circuits (PVCs), point-to-point subinterfaces, and map classes
Ethernet VLANs
IP tunnel
The router supports the set command on inbound and outbound interfaces.
7-20
OL-7433-09
Chapter 7
Marking Traffic
Classification and Marking Design Guidelines
Consider the trust boundary in the network, making sure to mark or remark traffic after it reaches a
trusted device in the network.
Because the IP precedence and DSCP marking fields are part of the IP header and, therefore, are
carried end-to-end, mark one of these fields to maximize the benefits of reducing classification
overhead by the other QoS tools enabled in the network.
If LAN switches connected to the router support only Layer 2 QoS (for example, the switch reacts
to marked CoS bits, but not to marked IP precedence or DSCP bits), mark the CoS bits on the router
before sending the frames onto the Ethernet.
We suggest that you use the values indicated in Table 7-5 on page 7-21 for DSCP settings for voice
and video payload, voice and video signaling, and data. Otherwise, follow the differentiated services
(DiffServ) per-hop behavior (PHB) RFCs for DSCP settings as indicated in Table 7-4 on page 7-8.
Traffic Type
IP Precedence
IP DSCP
Class of Service
Voice payload
EF
Video payload
AF41
AF31
AF21
AF22
AF23
Medium priority data
AF11
AF12
AF13
All other traffic
Default
7-21
Chapter 7
Marking Traffic
Configuring Tunnel Header Marking Using the set Command, page 7-35
Configuring Tunnel Header Marking Using the police Command, page 7-36
For more information about classifying traffic and creating QoS service policies, see Chapter 2,
Classifying Traffic and Chapter 3, Configuring QoS Policy Actions and Rules.
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
7-22
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Command
Purpose
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
Example 7-2 shows how to configure IP precedence-based classification. In the example, a policy map
named Second is created and the class map named ip-prec is associated with the Second policy. For all
outbound packets on Gigabit Ethernet interface 2/0/1, the router classifies packets based on the setting
of their IP precedence bits. If the bits are set to 3, the router assigns the packets to the ip-prec class and
polices the traffic as indicated in the Second policy map.
Example 7-2
7-23
Chapter 7
Marking Traffic
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
7-24
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Command
Purpose
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
Example 7-4 shows how to configure IP DSCP-based classification. In the example, the router checks
the DSCP bits of outbound packets on the GigabitEthernet interface 1/0/0. If the packet DSCP bits are
set to 5, the router assigns the packet to the Voice class and gives the packet priority handling as indicated
in the policy map named Platinum. All intermediate routers provide low-latency treatment to the Voice
packets.
Example 7-4
7-25
Chapter 7
Marking Traffic
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
7-26
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Example 7-6 shows how to configure CoS-based classification on outbound packets. In the example, the
router checks the class of service bits of packets leaving on Gigabit Ethernet interface 4/0/0. If the bits
are set to 3, the router assigns the packet to the class named Voice and marks the packet by setting the
IP DSCP bits to 8 as indicated in the policy map named Policy1.
Note
By default, the router maps the CoS field to the IP DSCP bits for packets received on inbound interfaces.
The router maps IP precedence bits to the user priority bits for packets forwarded in the outbound
direction. You can override this default behavior by creating a QoS policy that specifies the desired
action.
Example 7-6
7-27
Chapter 7
Marking Traffic
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
7-28
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# service-policy input Policy1
Example 7-8 shows how to configure the router to classify packets based on the QoS group ID of the
packet. In this example, the router checks outbound packets on Ethernet interface 1/0/0 for QoS group
ID 5, assigns the matching packets to the traffic class named QoSGroup, defined in the policy map
named Gold, and sets the packet DSCP bits to DSCP 0 (best effort).
Example 7-8
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Sets the cell loss priority bit to 1. The router discards packets
with the CLP bit set to 1 before it discards packets with the
CLP bit set to 0.
Note
7-29
Chapter 7
Marking Traffic
Command
Purpose
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
7-30
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
7-31
Chapter 7
Marking Traffic
Example 7-11 shows how to configure MPLS EXP-based classification. In the example, the router
checks the MPLS EXP bits of the packets arriving on the Gigabit Ethernet interface 1/0/0. The router
assigns the packets whose bits have a setting of 5 to the mpls-exp class. As indicated in the policy map,
the router provides low-latency priority handling of MPLS experimental traffic.
Example 7-11 Configuring MPLS EXP-Based Classification
Router(config)# class-map mpls-exp
Router(config-cmap)# match mpls experimental 5
Router(config-cmap)# exit
Router(config)# policy-map Platinum
Router(config-pmap)# class mpls-exp
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 30 4000 2000 conform-action transmit exceed-action
drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface GigabitEthernet 1/0/0
Router(config-if)# mpls ip
Router(config-if)# service-policy output Platinum
7-32
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
7-33
Chapter 7
Marking Traffic
Example 7-13 shows how to configure discard-class-based classification. In the example, the router
classifies outbound traffic on Gigabit Ethernet interface 2/0/1 based on the discard-class setting of the
packets. If the discard-class value matches 3, the router assigns the matching packets to the class named
Group1 and provides a minimum bandwidth guarantee of 8000 kbps to Group1 traffic, as defined in the
policy map named Manhattan.
Example 7-13 Configuring Discard-Class-Based Classification
Router(config)# class-map Group1
Router(config-cmap)# match discard-class 3
Router(config-cmap)# exit
Router(config)# policy-map Manhattan
Router(config-pmap)# class Group1
Router(config-pmap-c)# police 8000 600 400 conform-action transmit exceed-action drop
Router(config-pmap-c)# exit
Router (config-pmap)# exit
Router(config)# interface GigabitEthernet 2/0/1
Router(config-if)# service-policy output Manhattan
7-34
OL-7433-09
Chapter 7
Marking Traffic
Configuring Traffic Marking
Step 1
Command
Purpose
Step 2
Step 3
EF (expedited forwarding)
Configuration Example for Tunnel Header Marking Using the set Command
The following example configuration shows how to configure tunnel header marking using the set
command. In the example, marking is configured for the match_ip traffic class. For all packets belonging
to that class, the router sets the DSCP bits to 3.
class-map match_ip
match protocol ip
policy-map Tunnel_Marking
class match_ip
set ip dscp tunnel 3
class class-default
shape 64000
7-35
Chapter 7
Marking Traffic
Step 1
Command
Purpose
Step 2
Step 3
EF (expedited forwarding)
Example Configuration for Tunnel Header Marking Using the police Command
The following example configuration shows how to mark the tunnel header of a packet using the police
command. In the example, the policer sets the DSCP bits to 4 for all conforming traffic belonging to the
match_ip class.
class-map match_ip
match protocol ip
policy-map Tunnel_Marking
class match_ip
police 8000 conform-action set-dscp-tunnel-transmit 4
class class-default
shape 64000
7-36
OL-7433-09
Chapter 7
Marking Traffic
Verifying Traffic Marking
Purpose
Displays the configuration of the class you specify for the policy
map you specify.
policy-map-name is the name of the policy map that contains the
class configuration you want to display.
class-name is the name of the class whose configuration you want
to display.
7-37
Chapter 7
Marking Traffic
Example 7-15 shows how to verify marking on a specific interface. In this example, the QoS policy is a
hierarchical policy that is attached to PVC 5/101 on the ATM 3/0/0.3 subinterface. In the Child policy,
the Bronze class indicates to set the DSCP bits of Bronze packets to 3. The Gold class indicates to set
the IP precedence bits of Gold packets to 5.
Example 7-15 Verifying Marking in a Hierarchical Policy
Router# show policy-map interface atm 3/0/0.3
ATM3/0/0.3: VC 5/101 Service-policy output: Parent
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Output queue: 0/64; 0/0 packets/bytes output, 0/0 drops
Shape : 2000 kbps
Service-policy : Child
Class-map: Bronze (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3 5
Police:
600000 bps, 1536 limit, 1000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-prec-transmit 2
violated 0 packets, 0 bytes; action: drop
QoS Set
dscp 3
Packets marked 0
Class-map: Gold (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Police:
8000 bps, 2000 limit, 4000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: set-qos-transmit 4
violated 0 packets, 0 bytes; action: drop
QoS Set
precedence 5
7-38
OL-7433-09
Chapter 7
Marking Traffic
Related Documentation
Packets marked 0
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Output queue: 0/64; 0/0 packets/bytes output, 0/0 drops
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Release Notes for the Cisco 10000 Series ESR for Cisco IOS
Release 12.0(23)SX
New Features in Cisco IOS Release 12.0(23)SX > Single Rate
3-Color Marker for Traffic Policing
DSCP Marking
7-39
Chapter 7
Marking Traffic
Related Documentation
Feature
Related Documentation
IP Precedence Marking
7-40
OL-7433-09
CH A P T E R
Prioritizing Services
Voice, video, and data applications have differing quality of service needs. Voice applications, for
example, require a small but guaranteed amount of bandwidth, are less tolerant of packet delay or loss,
and require low jitter. A data application such as File Transfer Protocol (FTP) needs more bandwidth
than voice and can tolerate packet delay and jitter. To provide end-to-end differentiated services, QoS
policies must allow critical applications to receive the resources required while ensuring that other
applications are not neglected.
Priority queuing offers the ability to deliver assured bandwidth, low latency, low jitter, and low packet
loss for voice applications while simultaneously ensuring that other applications receive portions of the
available bandwidth.
This chapter describes low-latency priority queuing and includes the following topics:
8-1
Chapter 8
Prioritizing Services
Priority queuing overcomes the shortcomings of single queuing by allowing the router to dequeue and
transmit delay-sensitive data such as voice before it dequeues and sends packets in other queues. Using
priority queuing, delay-sensitive data receives preferential treatment over other traffic.
In all releases prior to Cisco IOS Release 12.0(25)S and Release 12.3(7)XI, low-latency priority queuing
(LL/PQ) and bandwidth reservation together enabled you to provide differentiated services (DiffServ).
Priority queuing lets you assign a guaranteed minimum bandwidth to one queue to minimize packet
delay. Bandwidth reservation divides the link bandwidth among the different traffic streams into multiple
queues, with each queue receiving its fair share of the link bandwidth divided among all non-empty
queues. By dividing the unused bandwidth among the queues with packets to send, multiple queuing has
the same average delay per packet as the single queue scheme, with the advantage of each queue
receiving its fair share of the bandwidth.
In Cisco IOS Release 12.0(25)S and Release 12.3(7)XI, and later releases, strict priority queuing
guarantees low-latency for any packet that enters a priority queue, regardless of the current congestion
level on the link. With strict priority queuing, the router gives the traffic full priority and services it at
line rate, which can cause bandwidth starvation of other traffic queues. To avoid this, use the police
command to restrict the amount of bandwidth the priority queue can use. When you specify the police
command, the router sets the committed information rate (CIR) for the priority queue to the bandwidth
you specify in the police command. The router must drop packets that exceed the committed rate.
Note
The actual throughput of a priority queue does not exceed its configured value even if other queues on
the link are empty.
For multilink PPP (MLPPP) bundling, the router restricts the priority queue bandwidth to the bandwidth
of one of the bundle members.
Note
The router supports multilink PPP (MLPPP) for Cisco IOS Release 12.3(7)XI2 and later releases. For
Cisco IOS Release 12.2(16)BX3 and Release 12.3(7)XI1, the router does not support MLPPP.
Description
Required PRE
Release 12.0(17)SL
Release 12.0(20)ST
PRE1
Release 12.0(25)S
PRE1
Release 12.2(16)BX
PRE2
Release 12.3(7)XI1
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
8-2
OL-7433-09
Chapter 8
Prioritizing Services
Multi-Level Priority Queues
Bandwidth Starvation
In Cisco IOS Release 12.3(7)XI and later releases, to prevent the priority queue from starving other
queues, specify a guaranteed bandwidth using the police command.
Note
In Cisco IOS Release 12.0(25)S and Release 12.3(7)XI, and later releases, the priority command no
longer allows you to specify a priority rate in kbps or as a percentage of the available bandwidth.
In Cisco IOS Release 12.3(7)XI and later releases, the router allocates the bandwidth you specify in the
police command to the priority queue before it allocates bandwidth to the other queues on the link. As
a result, the amount of bandwidth allocated to the other queues is based on the bandwidth remaining after
the priority queue receives its bandwidth allocation. In a policy map, if you configure a traffic class as a
priority queue and you specify a guaranteed bandwidth, you must use the bandwidth remaining
command to configure bandwidth for other traffic classes in the policy map.
8-3
Chapter 8
Prioritizing Services
You cannot configure the priority command and the priority level command on different classes in the
same policy map.
Description
Required PRE
Release 12.2(31)SB2
PRE3
Physical
ATM shaped (peak cell rate is specified) unspecified bit rate (UBR) PVCs and point-to-point
subinterfaces
Ethernet VLANs *
* Requires a specific type of hierarchical policy. For more information, see Chapter 13, Defining QoS
for Multiple Policy Levels.
Note
ATM unshaped (no peak cell rate specified) UBR PVCs and point-to-point subinterfaces
IP tunnel
8-4
OL-7433-09
Chapter 8
Prioritizing Services
Queues per Policy Map
Note
The router does not support the priority command on inbound interfaces.
PRE
PRE2
31 class queues
PRE3
You cannot configure the random-detect or bandwidth commands with a priority service.
You cannot configure both the priority command and the priority level command for two different
classes in the same policy map.
You cannot specify the same priority level for two different classes in the same policy map.
You cannot configure the default queue as a priority queue at any level. For example, the router
rejects the following configuration:
policy-map P1
class class-default
priority level 1
You cannot configure the bandwidth command and multi-level priority queuing on the same class.
For example, the router rejects the following configuration:
policy-map P1
class C1
priority level 1
bandwidth 200
You cannot configure the shape command and multi-level priority queuing on the same class. For
example, the router rejects the following configuration:
policy-map P1
class C1
priority level 1
shape average 56000
8-5
Chapter 8
Prioritizing Services
To convert a one-level (flat) service policy with multiple priority queuing configured to a
hierarchical multi-level priority queuing service policy, you must first detach the flat service policy
from the interface using the no service-policy command, and then add a child policy map to it.
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Router(config-pmap-c)# priority
Step 4
8-6
OL-7433-09
Chapter 8
Prioritizing Services
Configuring Multi-Level Priority Queues
Step 1
Command or Action
Purpose
policy-map policy-name
Step 2
class class-name
Step 3
8-7
Chapter 8
Prioritizing Services
Step 4
Command or Action
Purpose
Step 5
8-8
OL-7433-09
Chapter 8
Prioritizing Services
Configuration Examples for Configuring Priority Queues
Configuring a Priority Queue with a Guaranteed Bandwidth Based on Kilobits per Second:
Example, page 8-9
Configuring a Priority Queue with a Percent-Based Bandwidth Guarantee: Example, page 8-9
8-9
Chapter 8
Prioritizing Services
Router(config-pmap-c)# bandwidth 48
Router(config)# interface atm 1/0/0
Router(config-subif)# service-policy output Premium
Note
Although a policer is not required, we recommend that you configure policing for priority traffic to
prevent bandwidth starvation of low priority traffic. When policing is configured, the traffic rate is
policed to the police rate for each of the priority queues.
You cannot specify the same priority level for two different classes in the same policy map. For example,
the router does not accept the following configuration:
Router(config)# policy-map Map1
Router(config-pmap)# class Bronze
Router(config-pmap-c)# priority level 1
Router(config-pmap-c)# police percent 30
Router(config-pmap-c)# exit
Router(config-pmap)# class Gold
Router(config-pmap-c)# priority level 1
Router(config-pmap-c)# police 10000
8-10
OL-7433-09
Chapter 8
Prioritizing Services
Verifying and Monitoring Priority Queues
Purpose
Displays the contents of the policy map you specify, including the
priority class.
8-11
Chapter 8
Prioritizing Services
8-12
OL-7433-09
Chapter 8
Prioritizing Services
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Bandwidth starvation
Congestion management
Priority Queuing
priority command
8-13
Chapter 8
Prioritizing Services
Related Documentation
8-14
OL-7433-09
CH A P T E R
Shaping Traffic
Managing the flow of data across your network helps to ensure network efficiency by maximizing
bandwidth and avoiding congestion. Manage network traffic using traffic policing and traffic shaping.
Using these tools, you can configure your system to effectively manage issues before an overload on the
network. Traffic policing uses rate-limiting to regulate traffic and traffic shaping regulates traffic by
shaping it to a specified rate. Deploying policing and shaping throughout your network helps to ensure
that a packet, or data source, conforms to the QoS policies contracted for it.
The Cisco 10000 series router supports traffic policing and shaping. This chapter describes traffic
shaping and includes the following topics:
Advantages and Disadvantages of Shaping and Policing for Bandwidth Limiting, page 9-11
9-1
Chapter 9
Shaping Traffic
Traffic Shaping
Traffic Shaping
Traffic shaping is a tool used to manage network traffic by shaping the traffic to a specified rate. Traffic
shaping enables you to control access to available bandwidth, to ensure that traffic conforms to the
policies established for it, and to regulate the flow of traffic to avoid congestion that can occur when the
transmitted traffic exceeds the access speed of its remote target interface.
Traffic shaping uses a traffic descriptor for a packetindicated by the classification of the packetto
ensure that a packet, or data source, adheres to the policies contracted for it and to determine the QoS to
apply to the packet. Traffic shaping enables you to control the traffic leaving an interface, matching its
packet flow to the speed of a particular remote interface. By shaping a class of traffic to conform to
downstream requirements, you can eliminate bottlenecks in topologies with data-rate mismatches.
The Cisco 10000 series routers traffic shaping algorithm is not based on the token bucket model.
Therefore, the concepts of committed burst (Bc) and excess burst (Be) are not applicable. Because
shaping does not use token buckets, the router cannot gather shaping statistics. As a result, you cannot
display the amount of shaped traffic in relation to the amount of traffic forwarded unshaped.
Unlike traffic policing, shaping does not propagate bursts and is applied to only outbound traffic on an
interface. When congestion occurs, policing drops traffic whereas traffic shaping delays the excess
traffic using a buffer or queuing mechanism and then schedules the excess packets for later transmission
over increments of time. This results in a smooth packet output rate. Shaping requires a queue and
sufficient memory to buffer delayed packets. Since queuing is an outbound function, only packets
leaving an interface can be queued and shaped.
When configuring shaping, you must ensure that the following exists:
The Cisco 10000 series router supports the following types of traffic shaping:
Class-Based ShapingEnables you to shape a class of traffic to control the flow of traffic on an
interface. A service policy that defines shaping for a particular traffic class is attached to an
interface. Shaping is applied on a per-class basis. For more information, see the Class-Based
Traffic Shaping section on page 9-3.
Frame Relay Traffic Shaping (FRTS)Shapes traffic on Frame Relay interfaces. Using FRTS,
service providers can organize traffic into per-data-link connection identifier (DLCI) queues, and
shape each DLCI separately. For more information, see the Frame Relay Traffic Shaping section
on page 9-8.
Note
9-2
OL-7433-09
Chapter 9
Shaping Traffic
Traffic Shaping
Description
Required PRE
Release 12.0(17)SL
Release 12.0(25)SX
PRE1
Release 12.2(16)BX
PRE2
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE2, PRE3
Release 12.2(33)SB
PRE2, PRE3,
PRE4
Configure generic traffic shaping on a traffic classConfiguring generic traffic shaping on traffic
classes provides greater flexibility for configuring traffic shaping. Previously, this ability was
limited to the use of ACLs.
Specify average rate traffic shapingSpecifying average rate shaping allows you to make better use
of available bandwidth by allowing the maximum number of bits to be sent out in each interval. This
option is only supported on the PRE3.
CBWFQ allows you to define what constitutes a class based on criteria that exceed the confines of
flow. CBWFQ allows you to use ACLs and protocols or input interface names to define how traffic
is classified, thereby providing coarser granularity. You do not need to maintain traffic classification
on a flow basis. Moreover, you can configure up to 64 discrete classes in a service policy.
Configure class-based weighted fair queueing (CBWFQ) inside generic traffic shapingCBWFQ
allows you to specify the exact amount of bandwidth to be allocated for a specific class of traffic.
9-3
Chapter 9
Shaping Traffic
Traffic Shaping
Description
Required PRE
Release 12.0(25)SX
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
A single policy map can be attached to multiple interfaces concurrently. If you attempt to attach a
policy map to an interface when the sum of the bandwidth assigned to classes is greater than 99
percent of the available bandwidth, the router logs a warning message and does not allocate the
requested bandwidth to all of the classes. If the policy map is already attached to other interfaces, it
is removed from them.
Whenever you modify a class policy in an attached policy map, class-based weighted fair queuing
(CBWFQ) is notified and the new classes are installed as part of the policy map in the CBWFQ
system.
Hierarchical Shaping
Hierarchical shaping provides two levels of shapingper-VC ATM-level shaping and per-VC
packet-level shapingand provides per-VC and per-VP traffic shaping to control or modify the flow of
traffic on an interface. Traffic shaping limits throughput by buffering excess traffic instead of dropping
packets. The shaping function also ensures that traffic from one VC does not adversely impact another
VC, resulting in loss of data.
The Cisco 10000 series router supports hierarchical shaping for the following ATM line cards:
OC-12
4-port OC-3
8-port E3/DS3
The router supports hierarchical shaping when operating as a Layer 2 Access Concentrator (LAC) and
in the following modes:
RFC 1483
Hierarchical shaping does not require that you configure policy maps. You can use hierarchical shaping
with non-queuing related policy maps configured in a virtual template or configured directly on the VC.
Apply queuing-related policy maps directly to the VC.
9-4
OL-7433-09
Chapter 9
Shaping Traffic
Traffic Shaping
Hierarchical shaping supports the range pvc command to define shaping for a range of PVCs and the
vc-class atm command to create a VC class with shaping defined for a PVC.
Description
Required PRE
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
VP-Level Shaping
The segmentation and reassembly (SAR) mechanism of the Cisco 10000 series router handles VP-level
shaping functions, based on the aggregate VP traffic. VP shaping regulates the output rate of the VP
tunnel, rather than the output rate of the individual VCs. The SAR limits the rate of the overall output of
the VP tunnel to the constant bit rate (CBR) with a peak cell rate (PCR) specified for the tunnel that is
compliant with VP-level shaping requirements.
The SAR sends the cells (from the VCs in the VP tunnel) into the tunnel based on a weighted round robin
format. The weight indicates the number of cells a VC can send into the tunnel before the SAR processes
the next VC. The line card software programs a weight that is proportional to the VCs rate. Only
variable bit rate (VBR) VCs are allowed in the tunnel.
VC-Level Shaping
The parallel express forwarding (PXF) engine of the Cisco 10000 series router handles the VC-level
shaping functions. The PXF shapes the VCs at the packet level, including all ATM overheads based on
the sustained cell rate (SCR). VC-level shaping ensures that the VC traffic stream averages to be no
greater than the SCR, but is not compliant with ATM level instantaneous shaping requirements.
9-5
Chapter 9
Shaping Traffic
Traffic Shaping
The number of VCs the OC-12 line card supports is up to one-half of the VC scaling limit of 16,384
VCs. Cisco IOS software counts each UBR-PVC above 299,520 as two VCs. Therefore, the active
VC count must be maintained at the following:
16,384 > (number of VCs at 299,520 and above * 2) + (number of VCs below 299,520)
At any time, if more VCs are active than the allowed number above, the SAR on the line card leaks
buffers, which results in a reduced buffer pool for active VCs and the SAR might fail if enough
buffers are lost. To recover the lost buffers, reboot the system.
The router allows you to enter shaping values between 299,520 and 599,040, which the SAR does
not support. The SAR performs shaping in the range of 599,040 and 299,520 to 299,538. If you
configure a shaping value between 299,528 and 399,032, the shape rate the SAR returns is unclear.
If you initially set a shaping rate of 599,040 and then change to another rate, or you initially
configure a shape rate and change to a rate of 599,040, the router accepts the command and the show
commands display the new rate. However, the SAR does not perform shaping correctly until the next
reload.
If you change the shaping rate from 599,040 to a lower rate, the LP shaper in VTMS allows the
average rate to be met. However, during traffic bursts, ATM-level shaping is not accurate.
9-6
OL-7433-09
Chapter 9
Shaping Traffic
Traffic Shaping
The SAR uses weighted round-robin scheduling to schedule the PVP VCs onto the wire. The SAR also
does the following:
Ensures that cells are scheduled in accordance with the configured rate of the PVP
Ensures that transmitted cells conform to ATM transmission standards, including cell delay
variation tolerance (CDVT)
The priority of the PVP is the same as the priority of CBR VCs on an interface. If the physical interface
experiences congestion, the PVPs and any CBR VC have priority over VBR-nrt VCs and unspecified bit
rate (UBR) VCs.
Line Card
E3/DS3
4,096
32,768
28,672
OC-3
8,192
32,768
28,672
OC-12
16,384
16,384
16,384
9-7
Chapter 9
Shaping Traffic
Traffic Shaping
The Cisco 10000 series router supports a maximum of 31,500 VCs when hierarchical shaping is
enabled.
You can configure a maximum of 127 VP tunnels for each ATM line card, configured across the
ports in any fashion.
You can configure the maximum number of VCs across the ports in any fashion, provided that you
do not exceed the per-port maximum.
You must have the atm pxf queuing command configured on the port. If not, the SAR still does VP
shaping and the VCs are sent to the tunnel based on a weighted round robin format; however, the
PXF does not shape the VCs. The default queuing mode for a port is atm pxf queuing.
Only variable bit rate (VBR) VCs are allowed in the VP tunnel. You cannot configure unspecified
bit rate (UBR) VCs or constant bit rate (CBR) VCs in the tunnels.
Congestion is not handled at the VP tunnel or at the port. During congestion, shaping is degraded.
During congestion at the port-level, shaping degrades to simple round robin for all VPs contending
for the ports capacity; shaping is not weighted based on the rate of the VPs.
Description
PRE Required
PRE3
9-8
OL-7433-09
Chapter 9
Shaping Traffic
Traffic Shaping
Using information contained in the BECN-tagged packets received from the network, FRTS can
dynamically throttle (decrease) traffic. When an interface configured with FRTS receives a BECN, it
immediately decreases its maximum rate and holds the packets in the buffers of the router to reduce the
data flow from the router into the Frame Relay network. If, after several intervals, the interface has not
received another BECN and traffic is waiting in the queue, the maximum rate increases slightly. FRTS
decreases traffic on a per-VC basis and adjusts the transmission rate based on the number of
BECN-tagged packets received. The dynamically adjusted maximum rate is called the derived rate.
The derived rate is always between the upper bound and the lower bound rate configured on the interface.
For more information, see the Configuring Frame Relay Traffic Shaping section on page A-5.
Description
Required PRE
Release 12.0(17)SL
PRE1
shape
shape percent
atm pvp
pvc
vbr-nrt
For information about configuring Frame Relay and Generic Traffic Shaping using Frame Relay legacy
commands, see the Configuring Frame Relay Traffic Shaping section on page A-5.
9-9
Chapter 9
Shaping Traffic
Shaping Type
Shaping Queue
Applies Parameters
Class-Based Shaping
Not Applicable
Hierarchical Shaping
Frame Relay Traffic Shaping (FRTS)
Weighted fair queue (WFQ), strict priority queue All virtual circuits (VCs) on an
with WFQ, custom queue (CQ), priority queue
interface through the inheritance
(PQ), or First-In-First-Out (FIFO) per VC
mechanism or per DLCI
On ATM networks, the bandwidth is cell-based and includes Layer 2 overhead and cell overhead
(for example, it includes the cell overhead for SNAP and AAL5, the cell header, the AAL5 trailer,
and AAL5 padding).
On Frame Relay networks with link fragmentation and interleaving (LFI) enabled, bandwidth is
based on fragments with Layer 2 overhead included.
For a physical interface, the total bandwidth is the bandwidth of the physical interface. The router
converts the minimum bandwidth that you specify to the nearest multiple of 1/255 (PRE1) or 1/65535
(PRE2) of the interface speed. When you request a value that is not a multiple of 1/255 or 1/65535, the
router chooses the nearest multiple. Use the show policy-map interface command to display the actual
bandwidth.
The bandwidth percentage is based on the interface bandwidth. In a hierarchical policy, the bandwidth
percentage is based on the nearest parent shape rate.
9-10
OL-7433-09
Chapter 9
Shaping Traffic
Differences Between Shaping and Policing
Criteria
Shaping
Policing
Primary Function
Token Value
Bytes
Applicable on Inbound
No
Yes
Applicable on Outbound
Yes
Yes
Bursts
Propagates bursts.
No
Shaping
Buffers excess packets, therefore, less likely to drop excess packets.
Buffers packets up to the length of the queue. Drops may occur if excess traffic is sustained at
a high rate.
Typically avoids retransmissions due to dropped packets.
Policing
Controls the output rate through packet drops.
Avoids delays resulting from queuing.
Disadvantages
Shaping
Can introduce delay resulting from queuing (especially when deep queues are used).
Policing
Drops excess packets (when configured), throttles TCP window sizes, and reduces the overall
9-11
Chapter 9
Shaping Traffic
Overly aggressive burst sizes can lead to excess packet drops and throttle the overall output rate
ATM VP parameters such as peak cell rate (PCR) and cell delay variation tolerance (CDVT)
VC parameters such as weight, PCR, sustained cell rate (SCR), maximum burst size (MBS), and
CDVT
If VC members of a VP do not have a configured weight and you dynamically modify the VP rate, the
router dynamically adjusts the weight of the member VCs based on the associated tunnels new rate. The
member VCs remain up as their weights are dynamically modified.
If you dynamically modify the tunnel VCs shaping parameters (for example, the PCR or SCR), the
router adjusts the weight of the tunnel VC based on the VC speed if no weight is configured for the VC.
If a VC weight is configured, the router adjusts the weight of the tunnel VC based on the configured
weight.
Controlling access to bandwidthA policy stipulates that the rate of a given interface should not,
on the average, exceed a certain rate, even though the access rate exceeds the speed.
Differing access rates defined in a networkOne end of a link in a Frame Relay network runs at
256 kbps and the other end of the link runs at 128 kbps. Sending packets at 256 kbps could cause
failure of the applications using the link.
Differing access rates defined on different DTEsA link-layer network is giving indications of
congestion. The network has differing access rates defined on different DTEs attached to the
network. The network might be able to deliver more transit speed to a given DTE device at one time
than another. (This scenario warrants that the token bucket be derived and then its rate maintained.)
Offering subrate servicesIf you offer a subrate service, traffic shaping enables you to partition T1
or T3 links into smaller channels.
Preventing packet lossTraffic shaping prevents packet loss. Using traffic shaping is especially
important in Frame Relay networks because the switch cannot determine which packets take
precedence. As a result, the switch cannot determine which packets to drop when congestion occurs.
It is critically important for real-time traffic that latency be bounded, thereby bounding the amount
of traffic and traffic loss in the data link network at any given time by keeping the data in the router
9-12
OL-7433-09
Chapter 9
Shaping Traffic
Interfaces Supporting Traffic Shaping
that is making the guarantees. Retaining the data in the router allows the router to prioritize traffic
according to the guarantees it is making. (Packet loss can result in detrimental consequences for
real-time and interactive applications.)
Physical
ATM variable bit rate (VBR) and constant bit rate (CBR) PVCs, and point-to-point subinterfaces
Frame Relay permanent virtual circuits (PVCs), point-to-point subinterfaces, and map classes **
Ethernet VLANs **
* Requires a specific type of hierarchical policy or a policy map with only the class-default class defined.
The class-default class must have the shape command configured.
** Requires a specific type of hierarchical policy. For more information, see Chapter 13, Defining QoS
for Multiple Policy Levels.
Note
Note
IP tunnel
9-13
Chapter 9
Shaping Traffic
Note
Step 1
These steps configure class-based traffic shaping, which can be applied to interfaces, subinterfaces, VCs,
and DLCIs.
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class you want to shape.
Step 3
Step 4
Step 5
Router(config-pmap-c)# service-policy
policy-map-name
9-14
OL-7433-09
Chapter 9
Shaping Traffic
Configuring Traffic Shaping
Note
Step 1
These steps configure hierarchical shaping. Use these commands to shape an individual VC and then
shape the aggregate VCs into a VP.
Command
Purpose
Step 2
Router(config-if)# atm
over-subscription-factor factor
Step 3
The number specified for the vpi must not already exist. If
the number specified is already being used by an existing
VC, the router rejects this command.
Step 5
9-15
Chapter 9
Shaping Traffic
Step 6
Command
Purpose
Router(config-if-atm-vc)# vbr-nrt
output-pcr output-scr output-mbs
Step 7
Router(config-if-atm-vc)# encapsulation
{aal5mux ppp virtual-template number |
aal5ciscoppp virtual-template number |
aal5snap}
Step 8
9-16
OL-7433-09
Chapter 9
Shaping Traffic
Verifying Traffic Shaping
Configuration Example for Traffic Shaping at the VC-Level and the VP-Level
Example 9-1 configures hierarchical shaping and shapes traffic at the VC-level and the VP-level. In the
example, shaping is enabled on PVC 1/36 on ATM interface 5/0/0.
Example 9-1
Purpose
9-17
Chapter 9
Shaping Traffic
Command
Purpose
9-18
OL-7433-09
Chapter 9
Shaping Traffic
Verifying Traffic Shaping
Example 9-3 shows sample output from the show atm vp command. The output displays the
configuration of the virtual path (VP) with an identifier of 10.
Example 9-3
Example 9-4 shows sample output from the show pxf cpu queue atm command. The output indicates
the number of packets dropped and dequeued for VC 1/229 and VC 1/233.
Example 9-4
ClassName
class-default
pak-priority
QID
269
268
Length/Max
0/4096
0/32
Res
11
11
Dequeues
3
4
Drops
0
0
ClassName
class-default
pak-priority
QID
275
268
Length/Max
0/32
0/32
Res
11
11
Dequeues
100
4
Drops
0
0
ClassName
class-default
QID
269
Length/Max
0/4096
Res
11
Dequeues
3
Drops
0
9-19
Chapter 9
Shaping Traffic
0 2517/31
pak-priority
268
0/32
11
Dequeues
0
4
Drops
0
0
ClassName
class-default
pak-priority
QID
274
268
Length/Max
0/32
0/32
Res
11
11
Example 9-5 shows sample output from the show controllers atm command. The output indicates that
no output packets were discarded due to internal buffer exhaustion.
Example 9-5
Card Statistics:
Input Packets Discarded, queue exhaustion
Input Packets Discarded, no host buffers
Output Packets Discarded, no channel
Output Packets Discarded, MRED
Output Packets Discarded, internal buffer exhaustion
Output Packets Discarded, Utopia RX errors
Output Packets Discarded, EPD
9-20
OL-7433-09
Chapter 9
Shaping Traffic
Configuration Examples for Traffic Shaping
policy-map shape
class c1
shape average 38400 15440
!
interface serial 3/3/0
service-policy output shape
Note
The shape average command is available only on the PRE3. The PRE2 supports the shape cir command.
interface ATM5/0/0
no ip address
no ip mroute-cache
atm over-subscription-factor 50
atm pvp 1 1000 cdvt 600
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
!
interface ATM5/0/0.1 point-to-point
pvc 1/33
vbr-nrt 1000 256
encapsulation aal5mux ppp Virtual-Template1
queue-depth 288 256
!
!
interface ATM5/0/0.2 point-to-point
pvc 1/34
vbr-nrt 1000 256
encapsulation aal5mux ppp Virtual-Template1
queue-depth 288 256
9-21
Chapter 9
Shaping Traffic
Related Documentation
!
!
interface ATM5/0/0.3 point-to-point
pvc 1/35
vbr-nrt 1000 512
encapsulation aal5mux ppp Virtual-Template1
queue-depth 288 256
!
!
interface ATM5/0/0.4 point-to-point
pvc 1/36
vbr-nrt 1000 512
encapsulation aal5mux ppp Virtual-Template1
queue-depth 288 256
!
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class-based shaping
Class maps
Policing
Policy maps
Traffic shaping
9-22
OL-7433-09
CH A P T E R
10
Overhead Accounting
This chapter describes overhead accounting on the Cisco 10000 series router and contains the following
topics:
MLP on LNS with HQoS and ATM Overhead Accounting, page 10-3
10-1
Chapter 10
Overhead Accounting
Description
Release 12.3(7)XI7
Release 12.2(28)SB
Release 12.2(31)SB2
Release 12.2(33)SB
Release 12.2(33)SB2
PRE3
PRE3
PRE4
IEEE 802.1Q and qinq encapsulation are typically used between the router and DSLAM. Because
the DSLAM removes the encapsulation, the router does not account for this encapsulation in the
calculation.
The encapsulation used between the DSLAM and the CPE is based on the Subnetwork Access
Protocol (SNAP) and multiplexer (MUX) formats of ATM Adaptation Layer 5 (AAL5) and AAL3.
These encapsulation types can be routed bridge encapsulation (RBE), PPP over Ethernet (PPPoE),
or PPP over ATM (PPPoA), and IP. Because the DSLAM treats IP and PPPoE packets as payload,
the router does not account for IP and PPPoE encapsulation in the calculation.
AAL5 segmentation processing adds the additional overhead of the 5-byte cell headers, the AAL5
Common Part Convergence Sublayer (CPCS) padding, and the AAL5 trailer. For more information, see
the Overhead Calculation on the Router section on page 10-5.
10-2
OL-7433-09
Chapter 10
Overhead Accounting
Overhead Accounting Features
Enabling ATM Overhead Accounting on the PRE3 and PRE4 for MLPoLNS, page 10-11
HQoS
The HQoS bandwidth from the parent policy overrides the default bandwidth (based on the rate received
on the line) of the bundle. When the parent policy is removed, the default value is restored.
The users RADIUS environment is responsible for providing the HQoS policy after determining the rate
from the connect speed AVP and PPPoE downstream rate tag. The changes assume that platform will be
presented the service policies (after the algorithm has run) through the existing API.
Overhead Accounting
With overhead accounting, the downstream transmission rate from the LNS is adjusted to meet the
LAC-to-CPE bandwidth. This adjustment accounts account for the difference between the LNS-to-LAC
overhead versus the LAC-to-CPE overhead to achieve optimal link utilization for the LAC-to-CPE
interface. The overhead differences include IP/UDP/L2TP headers over the L2TP tunnel, as well as the
header size and segmentation overhead when the physical interface from the LNS is Gigabit Ethernet
and the LAC-to-CPE interface is ATM. Proper accounting can also avoid loss of data from any overruns
between the LAC and the CPE.
10-3
Chapter 10
Overhead Accounting
10-4
OL-7433-09
Chapter 10
Overhead Accounting
Configuration Commands for Overhead Accounting
Note
The options {{qinq | dot1q} {aal5 | aal3} {subscriber-encap}} and {user-defined offset [atm]} are
mutually exclusive.
snap-1483routed
mux-1483routed
snap-dot1q-rbe
mux-dot1q-rbe
snap-pppoa
mux-pppoa
snap-rbe
mux-rbe
Overhead Calculation
Encapsulation Type
Number of Bytes
Description
802.1Q
18
802.3
14
10-5
Chapter 10
Overhead Accounting
Table 10-1
Encapsulation Type
Number of Bytes
Description
10
18
12
PPPoE
qinq
22
Parent class-default class, you are not required to enable accounting on a child traffic class that does
not contain the bandwidth or shape command.
Child policy, then you must enable overhead accounting on the parent policy.
The parent and child classes must specify the same encapsulation type when enabling overhead
accounting and configuring an offset using the user-defined offset [atm] command option.
Table 10-2 summarizes the configuration requirements for overhead accounting. For example, if
overhead accounting is currently enabled for a parent policy, then accounting can be disabled or enabled
on a child policy.
Table 10-2
Current Configuration
Configuration Requirement
Parent
Enabled
Child
Enabled
Child class
Enabled
Disabled
Disabled
10-6
OL-7433-09
Chapter 10
Overhead Accounting
Restrictions and Limitations for Overhead Accounting
You can enable overhead accounting for shaping and bandwidth on top-level parent policies,
middle-level child policies, and bottom-level child policies.
If you enable overhead accounting on a parent policy, you are required to enable accounting on a
child policy that is configured with the shape or bandwidth command. You are not required to
enable accounting on a child policy that does not have the shape or bandwidth command
configured.
If you enable overhead accounting on a child policy, then you must enable overhead accounting on
the parent policy.
In a policy map, you must either enable overhead accounting for all classes in the policy or disable
overhead accounting for all classes in the policy. You cannot enable overhead accounting for some
classes and disable overhead accounting for other classes in the same policy.
The router supports overhead accounting only for the shape and bandwidth commands.
When you enter the show policy-map interface command, the resulting classification byte counts
and the queuing feature byte counts do not match. This mismatch occurs because the classification
byte count does not consider overhead, whereas the queuing features do consider overhead.
Ethernet overhead accounting allows the automatic inclusion of downstream Ethernet frame headers
in the shaped rate. However, policing is not supported for Ethernet overhead accounting.
For MLPoLNS, HQoS with overhead accounting is supported only on single-member bundles and
not on multimember bundles.
QoS restriction on the main interface also apply to single-member MLPoLNS virtual-access bundles
(for example, oversubscription of the bundle bandwidth with a parent shaper).
For MLPoLNS single-member bundles with HQoS, 100 Mbps is the default bundle bandwidth. The
bandwidth received on the line (Connect speed of AVP pairs or PPPoE tags) at the LNS overrides
this bandwidth. If the connection speed of an AV pair of the MLP bundle is arbitrarily low,
overriding with shaper is not possible.
For the MLPoLNS feature, applying service policies on physical interfaces is not supported. Service
policies must be applied on the virtual template of the MLP bundle or from the RADIUS server.
Step 1
Command
Purpose
10-7
Chapter 10
Overhead Accounting
Step 2
Command
Purpose
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} [account {{qinq
| dot1q} {aal5} {subscriber-encap}} |
{user-defined offset [atm]}]
Step 4
Router(config-pmap-c)# exit
Step 5
Step 6
10-8
OL-7433-09
Chapter 10
Overhead Accounting
Configuring Overhead Accounting in a Hierarchical Policy
Step 7
Command
Purpose
Step 8
Router(config-pmap-c)# service-policy
policy-map-name
10-9
Chapter 10
Overhead Accounting
Enabling ATM Overhead Accounting on the PRE3 and PRE4 for MLPoLNS, page 10-11
Enabling Ethernet Overhead Accounting on the PRE3 and PRE4, page 10-12
In the following configuration example, overhead accounting is enabled for bandwidth on the gaming
and class-default classes of the child policy map named subscriber_classes, and on the class-default class
of the parent policy map named subscriber_line. The voip and video classes do not have accounting
explicitly enabled; these classes have ATM overhead accounting implicitly enabled because the parent
policy has overhead accounting enabled. Notice that the features in the parent and child policies use the
same encapsulation type.
policy-map subscriber_classes
class voip
priority level 1
police 8000
class video
priority level 2
police 20
class gaming
bandwidth remaining percent 80 account dot1q aal5 snap-rbe-dot1q
class class-default
bandwidth remaining percent 20 account dot1q aal5 snap-rbe-dot1q
policy-map subscriber_line
class class-default
10-10
OL-7433-09
Chapter 10
Overhead Accounting
Configuration Examples for Overhead Accounting
Note
The shape average rate command is available only on the PRE3 and PRE4. The PRE2 supports the
shape rate command.
Example 10-1 shows that the Child policy map has two classes: Business and Nonbusiness. The Business
class has priority and is policed at 128,000 kbps. The Nonbusiness class has ATM overhead accounting
enabled and has a bandwidth of 20 percent of the available bandwidth. The Parent policy map shapes the
aggregate traffic to 256,000 kbps and enables ATM overhead accounting. Notice that Layer 2 overhead
accounting does not occur for the Business traffic class.
Example 10-1 Enabling ATM Overhead Accounting
Router(config)# policy-map Child
Router(config-pmap)# class Business
Router(config-pmap-c)# priority
Router(config-pmap-c)# police 128000 //*No Layer 2 overhead accounted*/
Router(config-pmap-c)# class Nonbusiness
Router(config-pmap-c)# bandwidth percent 20 account dot1q aal5 snap-rbe-dot1q
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 256000 account dot1q snap-rbe-dot1q
Router(config-pmap-c)# service-policy Child
Enabling ATM Overhead Accounting on the PRE3 and PRE4 for MLPoLNS
Example 10-2 shows how to enable ATM overhead accounting using the hierarchical service policy
where there is a parent with a child policy. In the example, the child policy map has a predefined class
prec2 that shapes the aggregate traffic to 10,000 kbps and enables ATM overhead accounting.
Example 10-2 Enabling ATM Overhead AccountingMLPoLNS
Router(config)# policy-map child
Router(config-pmap)# class prec2
Router(config-pmap-c)# shape average 10000 account user-defined 63 atm
Router(config-pmap-c)# exit
Router(config)# policy-map parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape average 256000 account user-defined 63 atm
Router(config-pmap-c)# service-policy child
10-11
Chapter 10
Overhead Accounting
Purpose
10-12
OL-7433-09
Chapter 10
Overhead Accounting
Verification Examples for Overhead Accounting
Command
Purpose
The following sample output from the show policy-map command indicates that ATM overhead
accounting is enabled for the class-default class for shaping. The BRAS-DSLAM encapsulation is dot1q
and the subscriber line encapsulation is snap-rbe based on the AAL3 service.
Policy Map unit-test
Class class-default
Average Rate Traffic Shaping
cir 10% account dot1q aal3 snap-rbe
The following sample output from the show policy-map interface command indicates that ATM
overhead accounting is enabled for shaping and disabled for bandwidth:
Service-policy output:unit-test
Class-map: class-default (match-any)
100 packets, 1000 bytes
30 second offered rate 800 bps, drop rate 0 bps
Match: any
shape (average) cir 154400, bc 7720, be 7720
target shape rate 154400
overhead accounting: enabled
10-13
Chapter 10
Overhead Accounting
Note
The shape average rate command is available only on the PRE3 and PRE4. The PRE2 supports the
shape rate command.
10-14
OL-7433-09
Chapter 10
Overhead Accounting
Related Documentation
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 8 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 200000, bc 800, be 800
target shape rate 200000
Overhead Accounting Enabled
Related Documentation
This section lists additional Cisco documentation for the features discussed in this chapter. When
appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class-based shaping
Class maps
Policing
Policy maps
Traffic shaping
MLP on LNS
10-15
Chapter 10
Overhead Accounting
Related Documentation
10-16
OL-7433-09
CH A P T E R
11
11-1
Chapter 11
Queue Limit
In Cisco IOS Release 12.3(7)XI2, the subinterfaces on a given main interface share the single system
queue of the main interface. This allows for 32,000 subinterfaces with a three-queue model that supports
assured forwarding (AF) queues, expedited forwarding (EF) queues, and the default best effort (BE)
queues. Because a system queue is not allocated for every subinterface, queues are freed up for a
four-queue model.
Table 11-1 lists the scaling limits for class queues.
Table 11-1
Queue Criteria
PRE3
Release 12.2(31)SB2 or later
PRE2
Release 12.3(7)XI or later
PRE2
Release 12.2(16)BX or later
PRE1
256,000
131,070
65,534
32,766
15
322
32
163
Not Applicable5
4,194,304
4,194,304
1,048,576
Queue Limit
Each queue has a limit on the number of packets that the router can place onto the queue. This limit,
referred to as the depth, is a user-configurable limit. During periods of high traffic, a queue fills with
packets waiting for transmission. When a queue reaches its queue limit and becomes full, by default the
router drops packets until the queue is no longer full.
Table 11-2 describes the queuing limits for the various processor cards.
11-2
OL-7433-09
Chapter 11
Table 11-2
Processor
PRE1
All releases
32 to 16,384
If you do not specify a value that is a power of 2,
the router uses the nearest power of 2.
PRE2
PRE2
32 to 16,384
When a packet queue temporarily experiences congestion, increasing the depth of the queue using the
queue-limit command reduces the number of packets dropped. However, setting the queue limit to a
high value might reduce the number of packet buffers available to other interfaces.
The queue limit applies to each buddy queue on links with:
Note
1 Gbps (PRE2)
Note
Class queues with weighted random early detection (WRED)The router uses the default queue
limit of two times the largest WRED maximum threshold value, rounded to the nearest power of 2.
For Cisco IOS Release 12.2(15)BX and Release 12.2(16)BX, the router does not round the value
to the nearest power of 2.
Class queues without WREDThe router has buffers for up to 50 milliseconds of 256-byte packets
(PRE2) or 250-byte packets (PRE3) at line rate, but not less than 32 packets (PRE2) or 16 packets
(PRE3).
Priority queues without WREDThe router has buffers for up to 25 milliseconds of 80-byte packets
at line rate, but not less than 32 packets (PRE2) or 16 packets (PRE3).
11-3
Chapter 11
Queue Limit
Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, and later releasesConfigure the
queue-limit command with RED.
For more information, see the queue-limit Command section on page 11-4, the Random Early
Detection and Queue Limit section on page 11-10, and the WRED and Queue Limit section on
page 11-20.
Releases prior to Cisco IOS Release 12.0(25)SX and Release 12.3(7)XIRED with queue-limit is
not supported. As a workaround, configure RED with an unused IP precedence or DSCP level and
define a maximum threshold that is larger than the default size the router calculated. By doing this,
you force the router to increase the queue size to accommodate the larger threshold.
With 131,070 queues configured, the average queue limit across all of the configured queues is less than
or equal to 32 packets per queue:
Total number of packet buffers / Total number of queues
4,194,304 / 131,070 = 32
If you change the queue size several times for 131,070 queues, the queue packet buffers can become
fragmented or might still be in use. For more information, see the Restrictions and Limitations for
Controlling Layer 3 Congestion section on page 11-22.
For more information, see the Average Queue Size and the Exponential Weight Constant section on
page 11-21.
queue-limit Command
To specify or modify the maximum number of packets that a particular class queue can hold, use the
queue-limit command in policy-map class configuration mode. To remove the queue packet limit from
a class, use the no form of this command.
queue-limit number-of-packets
no queue-limit number-of-packets
11-4
OL-7433-09
Chapter 11
Syntax Description
number-of-packets
Description
Release 12.0(17)SL
Release 12.0(25)SX
Release 12.2(16)BX
Release 12.3(7)XI
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
Note
Class queues with weighted random early detection (WRED)The router uses the default queue
limit of two times the largest WRED maximum threshold value, rounded to the nearest power of 2.
For Cisco IOS Release 12.2(15)BX and Release 12.2(16)BX using the PRE2, and for Cisco IOS
Release 12.2(31)SB2 and later releases using the PRE3, the router does not round the value to
the nearest power of 2.
Priority queues and class queues without WREDThe router has buffers for up to 50 milliseconds
of 256-byte packets at line rate, but not less than 32 packets.
11-5
Chapter 11
Processor
Interface Bandwidth
QIDs Allocated
Queues Supported
PRE1
130,816
2541
Not applicable 2
256,000
PRE2
PRE3
1. QID 0 and QID 1 are not legal values. Therefore, instead of supporting 256 QIDs, the router supports 254.
2. The PRE3 does not support buddy queues.
Note
The PRE2 has buddy queues only for the OC-48 line card. All other interfaces have 1 queue. The PRE1
requires a buddy queue for the full-height Gigabit Ethernet line card.
Reserved QIDs
On the PRE2, if no more QIDs are left (all of them are used) and you attempt to modify the queue limit
in a policy map that is attached to one or more interfaces, the operation fails and an out of resource
message displays. To avoid this, you can do the following:
Remove the policy map from the interface first, modify the queue limit, and then attach the new
policy map to the interface
You might desire to reserve a pool of unused queues just in case a service policy is applied on a live
production network and someone attempts to change the queue parameters. By using the show ha pxf
cpu queue summary command, you can learn how many available queues are in the pool and plan
accordingly.
11-6
OL-7433-09
Chapter 11
One default queue for all unshaped (no PCR specified) UBR PVCs
One default queue for each VBR and shaped (PCR is specified) UBR PVCs
Using a policy map, you can optionally create additional class-based queues for UBR PVCs and each
VBR PVC, and attach the policy map to the physical interface for UBR PVCs or to a VBR PVC.
Unshaped UBR PVCs that have their own service policy use the physical interfaces default queue only.
These PVCs cannot use any user-defined, class-based queue defined on the physical interface.
11-7
Chapter 11
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE2
PRE3
11-8
OL-7433-09
Chapter 11
DSCP-based REDConfigures a drop policy for RED based on a differentiated services code point
(DSCP) value. When configured, the router randomly drops packets with the specified DSCP value,
according to the RED thresholds you configure. For the PRE1, DSCP-based RED supports one
default drop profile per class, three assured forwarding (AF) drop profiles per class, and four
non-AF drop profiles per policy map.
Description
Required PRE
Release 12.0(17)SL
Release 12.0(22)S
Release 12.0(25)SX
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
11-9
Chapter 11
Note
To simultaneously configure RED and queue limit for a class in a policy map, the router must be running
Cisco IOS Release 12.0(25)SX or later releases. In releases prior to Cisco IOS Release 12.0(25)SX, you
can configure either the random-detect command or the queue-limit command, but not both commands
at the same time.
RED begins dropping packets when the average queue size is equal to the value of the minimum
threshold.
RED continues dropping packets when the average queue size is between the minimum and
maximum threshold values.
As the average queue size approaches the maximum threshold, RED uses the mark probability
denominator value to determine the slope (the increase in drop rate). For example, if the
denominator is 512, RED drops one out of every 512 packets when the average queue limit reaches
the maximum threshold.
RED drops all packets when the average queue size is greater than the maximum threshold value.
100%
Drop
probability
mark
Minimum
threshold
Maximum
threshold
126557
Slope
11-10
OL-7433-09
Chapter 11
Set the minimum threshold value high enough to utilize the transmission link to the maximum
capability. If you set the minimum threshold too low, RED can drop packets unnecessarily and the
transmission link is not fully used.
Set the maximum threshold value and the minimum threshold value so that the difference between
the two values is large enough to avoid global synchronization. If the difference is too small, RED
drops many packets at one time, which results in global synchronization.
Note
When you configure IP precedence-based WRED on an output policy map and the outgoing
packets are MPLS packets, instead of using the 3-bit IP precedence field in the underlying IP
packets, the router drops the MPLS packets based on the three experimental (EXP) bits in the
MPLS label.
DSCP-based WREDConfigures a drop policy for WRED based on a DSCP value. When
configured, the router randomly drops packets with the specified DSCP value, according to the
WRED thresholds you configure.
ATM cell loss priority-based WREDConfigures a drop policy for WRED based on a cell loss
priority (CLP) value. Valid values are 0 or 1. When configured, the router uses the value of the CLP
bit to randomly drop packets leaving the Pseudowire and going out an ATM interface. The router
also supports ATM CLP-based WRED on non-Layer2 VPN outbound ATM interfaces.
CoS-based WREDConfigures a drop policy for WRED based on the specified class of service
(CoS) bit associated with the packet. Valid values are from 0 to 7.
11-11
Chapter 11
Frame Relay DE WREDThe discard eligibility (DE) bit in the address field of a frame relay frame
is used to prioritize the discarding of frames in congested frame relay networks. The frame relay DE
bit has only one bit and therefore only has two settings, 0 or 1. If congestion occurs in a frame relay
network, frames with the DE bit set at 1 are discarded before frames with the DE bit set at 0.
Therefore, important traffic should have the DE bit set at 0 while less important traffic should be
forwarded with the DE bit set at 1.
You can also configure WRED to ignore the IP precedence, DSCP, or discard-class when making drop
decisions. As a result, the router implements non-weighted random early detection (RED) behavior when
deciding which packets to drop.
Note
The PRE2 uses sampled RED and the PRE3 uses per-packet RED.
Description
Required PRE
Release 12.0(17)SL
PRE1
Release 12.0(22)S
PRE1
Release 12.0(25)SX
Release 12.2(16)BX
This feature was introduced on the PRE2 and uses sampled PRE2
RED.
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
Release 12.2(33)SB
PRE2, PRE3,
PRE4
11-12
OL-7433-09
Chapter 11
WRED provides early detection of congestion for one or multiple traffic classes. It also protects
against global synchronization. For these reasons, WRED is useful on any outbound interface where
you expect congestion to occur.
WRED provides separate thresholds and weights for different IP precedence levels, which allows
you to provide different qualities of service for packet dropping for different traffic types. For
example, during congestion WRED can drop standard traffic more frequently than premium traffic.
Note
If you do not specify any arguments, WRED uses the default IP precedence in the WRED calculations.
11-13
Chapter 11
Table 11-4
Command
Description
max-thresh-value
mark-probability-denominator-value
random-detect discard-class-based
min-thresh-value max-thresh-value
mark-probability-denominator-value
The minimum threshold indicates the minimum number of packets allowed in the queue. When the
average queue length reaches the minimum threshold, WRED randomly drops some packets with the
specified DSCP, IP precedence, or discard-class value. Valid minimum threshold values are from 1 to
16,384. This option is not available on the PRE3 for the random detect discard-class command.
The maximum threshold indicates the maximum number of packets allowed in the queue. When the
average queue length exceeds the maximum threshold, WRED drops all packets with the specified
DSCP, IP precedence, or discard-class value. Valid maximum threshold values are from the value of the
min-threshold to 1.
The maximum probability denominator is the drop rate. It specifies the denominator for the fraction of
packets dropped when the average queue depth is at the maximum threshold. For example, if the
denominator is 512, 1 out of every 512 packets is dropped when the average queue is at the maximum
threshold. Valid values are from 1 to 65,535. The default value is 10.
For information about the behavior of the random-detect command on the various PRE processor cards,
see the WRED Drop Profiles section on page 11-14 and the WRED Aggregate Drop Profiles section
on page 11-17.
On the PRE2, the random-detect command specifies the default profile for the queue.
11-14
OL-7433-09
Chapter 11
Note
On the PRE3 and PRE4, the supported random-detect commands specify the aggregate profile for
the queue. To configure a default drop profile for a queue, the random-detect basis command is
used (for example, random-detect dscp-based aggregate command). The random-detect
discard-class-based, random-detect atm-clp-based and random-detect atm-clp-based
commands do not have an aggregate form of the command on the PRE3 and PRE4.
If you do not specify any arguments, WRED uses the default IP precedence in the WRED calculations.
Table 11-5
Command
Description
min-thresh-value max-thresh-value
mark-probability-denominator-value
11-15
Chapter 11
Table 11-5
Command
Description
min-thresh-value max-thresh-value
mark-probability-denominator-value
On the PRE3, the number of WRED profiles supported per policy map depends on the number of
interfaces with attached service policies:
When less than 32,000 interfaces have service policies, the PRE3 supports 21 non-default WRED
profiles and 16 default profiles per policy map. The 16 default profiles includes profiles for the
class-default queue, net-control, and two priority queues. However, you cannot configure the default
profiles for net-control and priority queues. Therefore, the PRE3 allows default profiles for 12
non-default (user) queues and one class-default queue per policy map.
When 32,000 to 64,000 interfaces have service policies, the PRE3 supports any combination of
non-default WRED and default profiles. The maximum total number of profiles (non-default and
default) supported in a policy map is 21.
When less than 32,000 interfaces have service policies, the PRE3 supports up to 21 non-default
WRED profiles and up to 16 default profiles per policy map. The 16 default profiles include the
class-default, net-control, and two priority queues. However, the default profiles for net-control and
priority queues are not user-configurable; therefore the actual number of default profiles for
user-configured queues is 12 with one class-default class per policy map.
Performance
Routing Engine
PRE1
No hard limit
Varies1
PRE2
No hard limit
Varies2
PRE3
32,000 to 64,000
1. Depends on a combination of factors, such as the number of queues on the router and packet heaps. Changes in the queue
length and the number of classes per policy map also affect the number of interfaces on which policy maps can be applied.
11-16
OL-7433-09
Chapter 11
2. See footnote 1.
3. Includes profiles for class-default, net-control, and two priority queues.
Note
If you enter the random detect command without the aggregate profile, the PRE3 and PRE4 accept the
command, but the default action is to tail drop. For example:
random-detect {precedence-based | dscp-based}
The PRE3 and PRE4 also supports drop profiles based on discard class and cell loss priority (CLP), but
do not use the aggregate form of the command. Instead, the PRE3 and PRE4 support the PRE2 form of
the commands:
random-detect {discard-class-based | atm-clp-based}
random-detect {discard-class discard-class-value | clp clp-value} [min-thresh-value]
[max-thresh-value] [mark-probability-denominator-value]
For example, to configure a WRED DSCP profile, the following command creates drop profiles for
DSCP value 1, DSCP value 2, and so on. Each profile has the same specified drop threshold and
mark-probability denominator. The router aggregates these drop profiles, that is statistics are counted for
the group of all of the DSCP values together.
random-detect dscp values [dscp-val1 [...dscp-val8] [minimum-thresh min-thresh-value
maximum-thresh max-thresh-value mark-prob mark-prob-value]
To have the statistics counted for each DSCP separately, enter the random-detect command once for
each DSCP value, using the same threshold values and mark-probability denominator.
Statistics displayed for the subclasses are aggregated and shown in one line. If some subclasses do not
have a user-defined WRED profile, the router collects the statistics as an aggregate for the unconfigured
subclasses and displays the statistics in one line. The router maintains separate statistics for each
random-detect command with a group of subclasses.
11-17
Chapter 11
On the PRE3 and PRE4, the random-detect command is used to configure a default drop profile for a
queue and has the following syntax:
random-detect {precedence-based | dscp-based} aggregate [minimum-thresh min-thresh-value
maximum-thresh max-thresh-value mark-prob mark-prob-value]
If you enter the random-detect command without the aggregate profile (the equivalent of the PRE2
command), the PRE3 and PRE4 accept the command, but the default action is to tail drop.
random-detect {precedence-based | dscp-based}
The PRE3 and PRE4 support drop profiles based on discard class, ATM CLP and CoS bit, but do not use
the aggregate form of the command. Instead, the PRE3 and PRE4 support the PRE2 form of the
commands:
random-detect discard-class-based
random-detect discard-class discard-class-value min-thresh-value max-thresh-value
mark-probability-denominator-value
random-detect atm-clp-based
random-detect clp clp-value min-thresh-value max-thresh-value
mark-probability-denominator-value
random-detect cos cos-value min-thresh-value max-thresh-value mark-probability-denominator
If you do not specify any arguments, WRED uses the default IP precedence value to calculate the drop
probability.
When specifying class policy within a policy map, you can use the random-detect command with the
bandwidth command.
To modify the queue length, always use the queue-limit command instead of the max-threshold
parameter of the random-detect command. Modifying the max-threshold parameter does not
necessarily change the queue limit. When you increase the max-threshold parameter, WRED adjusts the
queue length to be no less than the max-threshold value. However, when you reduce the max-threshold
parameter, WRED does not change the queue length.
exponential-weight-constant
The router calculates the average queue size based on the previous average and the current size of the
queue, using the following formula:
Average = (old-average * (1 2 n)) + (current-queue-size * 2 n)
where n is the exponential weight constant
For MPLS packets, when you use precedence-based WRED, the router calculates the average queue size
using the MPLS experimental (EXP) bits.
random-detect dscp
You must first enable the drop mode by using the random-detect dscp-based command. You can then
set the drop probability profile by using the random-detect dscp command.
With the dscp-based keyword, WRED uses the DSCP value (that is, the first six bits of the IP type of
service (ToS) byte) to calculate the drop probability.
11-18
OL-7433-09
Chapter 11
random-detect ip precedence
You must first enable the drop mode by using the random-detect prec-based command. You can then
set the drop probability profile by using the random-detect ip precedence command.
With the prec-based keyword, WRED uses the IP precedence value to calculate the drop probability.
For all precedence levels, the mark-probability-denominator default value is 10, and the max-threshold
is based on the output buffering capacity and the transmission speed for the interface.
If you want weighted random early detection (WRED) to ignore the precedence level when determining
which packets to drop, enter this command with the same parameters for each precedence level.
Remember to use reasonable values for the minimum and maximum thresholds.
random-detect discard-class
You must first enable the drop mode by using the random-detect discard-class-based command. You
can then set the drop probability profile by using the random-detect discard-class command.
With the discard-class-based keyword, WRED uses the discard-class value to calculate the drop
probability.
random-detect cos
You must first enable the drop mode by using the random-detect cos-based command. You can then set
the drop probability profile by using the random-detect cos command.
With the cos-based keyword, WRED uses the cos bit value to calculate the drop probability.
Minimum thresholdThe minimum number of packets allowed in the queue. When the average
queue length reaches the minimum threshold, weighted random early detection (WRED) randomly
drops some packets with the specified DSCP, IP precedence, discard-class, or atm-clp value. Valid
minimum threshold values are from 1 to 16,384.
Maximum thresholdThe maximum number of packets allowed in the queue. When the average
queue length exceeds the maximum threshold, WRED drops all packets with the specified DSCP, IP
precedence, discard-class, or atm-clp value. Valid maximum threshold values are from the value of
the minimum threshold to 16,384.
Table 11-7 lists the default drop thresholds for weighted random early detection (WRED) based on
DSCP, IP precedence, and discard-class. For example, if a user-defined drop profile is not available, for
discard-class 3, the router calculates the minimum and maximum thresholds as follows:
Minimum threshold = 11/32 * queue size
Maximum threshold = 1/2 * queue size
The drop probability indicates that the router drops one packet for every 10 packets.
Note
Table 11-7 applies to the PRE2. On the PRE3, when you specify a WRED default drop profile for a
queue, the same profile applies to all DSCP or precedence values. If you do not configure the default
profile, the behavior is to tail drop.
11-19
Chapter 11
Table 11-7
Minimum Threshold
(times the queue size)
Maximum Threshold
(times the queue size)
Drop Probability
All DSCPs
1/4
1/2
1/10
1/4
1/2
1/10
9/32
1/2
1/10
5/16
1/2
1/10
11/32
1/2
1/10
3/8
1/2
1/10
13/32
1/2
1/10
7/16
1/2
1/10
15/32
1/2
1/10
For more information about how WRED uses the minimum and maximum thresholds, and the drop
probability parameters, see the Determining Packet Drop Probability section on page 11-10.
Note
To simultaneously configure WRED and queue limit for a class in a policy map, the router must be
running Cisco IOS Release 12.3(7)XI or later releases. In releases prior to Cisco IOS Release 12.3(7)XI,
you can configure either the random-detect command or the queue-limit command, but not both
commands at the same time.
If you do not specify a queue limit, the router uses the default queue limit of two times the largest
maximum threshold, rounded to the nearest power of 2.
Note
To modify the queue length, always use the queue-limit command instead of the max-threshold
parameter of the random-detect command. Modifying the max-threshold parameter does not
necessarily change the queue limit. When you increase the max-threshold parameter, WRED adjusts the
queue length to be no less than the max-threshold value. However, when you reduce the max-threshold
parameter, WRED does not change the queue length.
11-20
OL-7433-09
Chapter 11
A high exponential weight constant smooths out the peaks and lows in queue length. The average
queue size is unlikely to change very quickly, avoiding drastic swings in size. WRED might be slow
to start dropping packets and can continue dropping packets for a time after the actual queue size
has fallen below the minimum threshold. The slow-moving average accommodates temporary bursts
in traffic.
If the exponential weight constant is too high, WRED does not react to congestion and packets are
transmitted or dropped as if WRED were not in effect.
If the exponential weight constant is too low, the average queue size might fluctuate with changes
in the traffic levels. As a result, WRED responds quickly to long queues, overreacts to temporary
traffic bursts, and drops traffic unnecessarily. After the queue falls below the minimum threshold,
WRED stops dropping packets.
Physical
ATM shaped (peak cell rate is specified) unspecified bit rate (UBR) PVCs and point-to-point
subinterfaces *
Ethernet VLANs **
* The PRE3 does not support the queue-limit and random-detect commands on ATM subinterfaces
because the PRE3 only supports MQC policy maps on ATM PVCs.
** Requires a specific type of hierarchical policy. For more information, see the Chapter 13, Defining
QoS for Multiple Policy Levels.
Note
The router supports the queue-limit and random-detect commands on outbound interfaces only.
11-21
Chapter 11
Note
ATM unshaped (no peak cell rate specified) UBR PVCs and point-to-point subinterfaces
IP tunnel
The router does not support the queue-limit and random-detect commands on inbound interfaces.
You cannot apply queue limits to ATM unshaped unspecified bit rate (UBR) PVCs. Unshaped UBR
PVCs do not have a peak cell rate (PCR) specified.
For classes other than class-default, when you configure a queue limit, you must also configure one
of the following commands for the class:
bandwidth
bandwidth remaining (PRE2), bandwidth remaining ratio (PRE3), or bandwidth remaining
percent (PRE3)
priority
shape
For releases prior to Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, you cannot combine the
queue-limit command with the random-detect command.
The router restricts the aggregate sum of queue limits to 1,048,576 (PRE1) or 4,194,304 (PRE2)
packets.
If you attempt to change the queue size when packets are in the queue, the router does not change
the queue size. However, changing the queue size several times can cause the buffers to become
fragmented or the buffers can still be in use. When you attempt to change the queue size again (with
or without traffic running), a traceback message or an out of resources message might appear, or
both messages might appear. The workaround for this is to execute the same queue-limit command
again. Use the show pxf cpu queue summary command to determine if traffic is being properly
distributed. (See CSCed81996.)
Note
In Cisco IOS Release 12.2(33)SB and later releases, the show pxf cpu queue interface
summary command displays the physical interface and the number of logical links. It no longer
displays the number of priority queues, class queues and so on.
The following are examples of the messages that appear:
Without traffic running:
-Traceback= 604D58EC 604C00C0 604C0288 604C43C4 604C43E4 604C254C 604C260C
604C478C 60D4B868 603AC304 6013B410 603C6270 604569C0 604569A4
!
11-22
OL-7433-09
Chapter 11
For classes other than class-default, you must use random early detection (RED) with the
bandwidth, bandwidth remaining, or shape command.
You cannot use DSCP-based WRED with Multiprotocol Label Switching (MPLS) encapsulated
packets. The router supports this feature for use with IP packets only.
You must configure the bandwidth command before you configure the random-detect dscp-based,
random-detect prec-based, or random-detect discard-class-based command to enable WRED.
class (PRE2)
On the PRE3, when you configure multiple WRED profiles for a specific traffic class in a policy
map, each WRED profile within the same class must be based on the same drop type: DSCP-based,
precedence-based, or discard-class-based. You cannot mix drop types within a class in a policy map.
For example, the following example configuration shows how to configure WRED for the Bronze
class. Notice that each of the WRED profiles is based on a DSCP.
class-map Bronze
match ip dscp 1 2 3
policy-map Business
class Bronze
random-detect dscp 1 100 200 1
random-detect dscp default 200 400 1
On the PRE2, DSCP-based WRED enables you to configure eight unique drop precedence levels for
one queue. Each of the 64 (0 to 63) DSCP values correspond to one of the eight drop levels. The
default setting applies to any DSCP-based WRED without a specified minimum and maximum
threshold value.
On the PRE1, DSCP-based WRED enables you to configure four unique drop precedence levels for
one queue. Each of the 64 DSCP values correspond to one of the four drop levels. When you
configure the four unique drop precedence levels, all of the queues configured on an interface share
the different levels.
11-23
Chapter 11
For PRE1, you cannot use DSCP-based and IP precedence-based WRED together in the same policy
map.
Controlling Packet Dropping by Setting the Size of a Class Queue, page 11-24
Dropping Packets Based on the ATM Cell Loss Priority, page 11-31
Step 1
Command
Purpose
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class
map and is the traffic class for which you want to define QoS
actions.
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percent}
11-24
OL-7433-09
Chapter 11
Step 4
Command
Purpose
The following describes the default behavior of the queue-limit command for class queues with and
without weighted random early detection (WRED):
Note
Class queues with weighted random early detection (WRED)The router uses the default queue
limit of two times the largest WRED maximum threshold value, rounded to the nearest power of 2.
For Cisco IOS Release 12.2(15)BX and Release 12.2(16)BX, the router does not round the value
to the nearest power of 2.
Priority queues and class queues without WREDThe router has buffers for up to 50 milliseconds
of 256-byte packets at line rate, but not less than 32 packets.
11-25
Chapter 11
Router(config-pmap-c)# queue-limit 32
Router(config-pmap-c)# exit
Router(config-pmap)# class Class2
Router(config-pmap-c)# bandwidth 2000
Router(config-pmap-c)# exit
Router(config)# interface atm 1/0/0
Router(config-if)# atm pxf queuing
Router(config-if)# interface atm 1/0/0.1 point-to-point
Router(config-subif)# pvc 1/32
Router(config-subif-atm-vc)# ubr 10000
Router(config-subif-atm-vc)# service-policy output Policy1
Step 1
Command
Purpose
Router(config-if)# class-map
class-map-name
Step 2
Router(config-cmap)# match
match-criterion
Step 3
Router(config-cmap)# exit
Step 4
Router(config)# policy-map
policy-map-name
Step 5
Specifies the name of the traffic class for which you want to
define QoS actions. Enters policy map class configuration mode.
class-map-name identifies the traffic class. It is the name of the
class-map you configured in Step 1.
Step 6
PRE2
Router(config-pmap-c)# random-detect
dscp-based
PRE3
Router(config-pmap-c)# random-detect
dscp-based aggregate [minimum-thresh
min-thresh maximum-thresh max-thresh
mark-prob mark-prob]
11-26
OL-7433-09
Chapter 11
Step 7
Command
Purpose
PRE2
Router(config-pmap-c)# random-detect dscp
dscp-value min-thresh-value
max-thresh-value
mark-probability-denominator-value
PRE3
Router(config-pmap-c)# random-detect
dscp values sub-class-val1
[...[sub-class-val8]] minimum-thresh
min-thresh maximum-thresh max-thresh
mark-prob mark-prob
Step 8
Router(config-pmap-c)# exit
Step 9
Router(config-pmap)# exit
Step 10
Step 11
11-27
Chapter 11
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
PRE2
Router(config-pmap-c)# random-detect
precedence-based
PRE3
Router(config-pmap-c)# random-detect
precedence-based aggregate
[minimum-thresh min-thresh maximum-thresh
max-thresh mark-prob mark-prob]
Step 4
Router(config-pmap-c)# random-detect
precedence prec-value min-thresh-value
max-thresh-value
mark-probability-denominator-value
PRE3
Router(config-pmap-c)# random-detect
precedence values sub-class-val1
[...[sub-class-val8]] minimum-thresh
min-thresh maximum-thresh max-thresh
mark-prob mark-prob
11-28
OL-7433-09
Chapter 11
Note
Step 1
Dropping packets based on the discard class requires Cisco IOS Release 12.3(7)XI or later releases
(PRE2), or Cisco IOS Release 12.2(31)SB2 or later releases (PRE3).
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
PRE2, PRE3
Router(config-pmap-c)# random-detect
discard-class-based
11-29
Chapter 11
Step 4
Command
Purpose
PRE2, PRE3
Router(config-pmap-c)# random-detect
discard-class discard-class-value
min-thresh-value max-thresh-value
mark-probability-denominator-value
11-30
OL-7433-09
Chapter 11
Note
Step 1
Dropping packets based on the CLP requires the PRE3 and Cisco IOS Release 12.2(33)SB, or a later
release.
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
Router(config-pmap-c)# random-detect
atm-clp-based
Step 4
Configuration Example for Dropping Packets Based on the Cell Loss Priority
Example 11-5 shows how to configure ATM CLP-based WRED. In the example, traffic that matches
CLP 1 is classified as belonging to class1. In the policy map named policymap1, the class1 configuration
enables the ATM CLP-based WRED feature and configures WRED to randomly drop traffic with the
CLP bit set to 1 when traffic exceeds the minimum threshold of 12 and the maximum threshold of 25.
WRED uses a mark-probability-denominator of 10.
Example 11-5 Configuring CLP-Based WRED
Router(config)# class-map class1
Router(config-cmap)# match clp 1
Router(config-cmap)# exit
Router(config)# policy-map policymap1
11-31
Chapter 11
To verify and monitor packet dropping, use any of the following commands in privileged EXEC mode:
Command
Purpose
11-32
OL-7433-09
Chapter 11
For diagnostic purposes, use any of the following commands in privileged EXEC mode:
Command
Purpose
Note
Note
Displays the rates at which each interface gets packets from the
forwarding engine.
The show pxf commands are entered as show hardware pxf on the PRE1.
11-33
Chapter 11
11-34
OL-7433-09
Chapter 11
11-35
Chapter 11
Example 11-8 shows sample output for the show class-map command. The show class-map command
output indicates that the router classifies traffic based on the default DSCP 0 and DSCP 1, 2, 3, and 5.
Traffic must match all of these DSCP values before the router can assign the traffic to the per_dscp_class
traffic class.
Example 11-8 Displaying Sample Output from the show class-map Command
Router# show class-map per_dscp_class
Class Map match-all per_dscp_class (id 11)
Match ip dscp default 1 2 3 5
Example 11-9 shows sample output for the show policy-map command. The show policy-map
command output indicates that the drop policy for the class named per_dscp_class is based on DSCP 1,
2, 3, and 5.
Example 11-9 Displaying Sample Output from the show policy-map Command
Router# show policy-map per_dscp_policy
Policy Map per_dscp_policy
Class per_dscp_class
priority
random-detect dscp-based
random-detect dscp 1 10 20 50
random-detect dscp 2 10 40 20
random-detect dscp 3 100 400 20
random-detect dscp 5 22 60 30
11-36
OL-7433-09
Chapter 11
3
4
5
6
7
2816
3072
3328
3584
3840
4096
4096
4096
4096
4096
1/10
1/10
1/10
1/10
1/10
0
5
0
2
0
0
1
0
0
0
11-37
Chapter 11
Minimum
thresh
0
12
Maximum
thresh
0
25
Mark
prob
1/0
1/10
Example 11-7 shows sample output for the show policy-map command when ATM CLP-based WRED
is configured on a Cisco 10000 series router with a PRE2. The output shows the threshold values
configured for CLP 1.
Example 11-13 Displaying ATM CLP-Based WRED Statistics (PRE2)
Router# show policy-map policymap1
Service-policy output: policymap1
Class-map: class1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: none
Output queue: 0/16384; 0/0 packets/bytes output, 0/0 drops
Bandwidth : 200000 kbps (Weight 20)
Random-detect (clp-based) :
Exponential weight: 9 (1/512)
Current average queue length: 0 packets
------------------------------------------------------------------------ATM
Min
Max
Mark
Rand-Drop
Tail-Drop
CLP
thres
thres
probability Pkts Bytes Pkts Bytes
---------------------------------------------------------------0
4097
8192
1/10
0
0
0
0
1
12
25
1/10
0
0
0
0
11-38
OL-7433-09
Chapter 11
Number of queues on a VC
Bandwidth of the VC
Because so many variables influence watermark threshold values, you might need to experiment with
different values to determine the optimum high and low watermark values for your configuration. In
general, the following guidelines apply:
Set the low watermark equal to the VC weight. If the low watermark is less than the VC weight, a
full weight worth of cells might not be enqueued in the SAR mechanism when the scheduler
round-robin gets to the VC. As a result, the VC might not get its fair share.
For more information about the high and low watermarks, see the High Watermark and Low Watermark
Default Values section on page 15-25 in Chapter 15, Oversubscribing Physical and Virtual Links.
Table 11-8 lists the default minimum and maximum threshold values for ATM variable bit rate (VBR)
and unspecified bit rate (UBR) virtual circuits.
Table 11-8
Type of ATM
Virtual Circuit
Minimum
Threshold
Maximum
Threshold
0 to 18999
48
56
19000 to 40999
64
72
41000 to 99999
128
144
100000 to 622000
224
240
Not Applicable
224
240
When changing the minimum and maximum threshold values, consider the following guidelines:
To enhance virtual circuit utilization accuracy, increase the minimum threshold and possibly the
maximum threshold.
To enhance per-queue accuracy, increase the spread between the thresholds. For example, if the
minimum threshold is 66 and the maximum threshold is 70, increase the maximum threshold to 72
to increase the spread.
11-39
Chapter 11
Related Documentation
For more information, see the Configuring VC Weighting section on page 15-28 in Chapter 15,
Oversubscribing Physical and Virtual Links.
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
DiffServ-Compliant WRED
DSCP-Based Weighted Random Early Detection (WRED) DiffServ Compliant Weighted Random Early Detection,
Release 12.1(5)T feature module
Implementing Quality of Service Policies with DSCP tech notes
DSCP-Compliant WRED
Low-Latency Priority Queuing
11-40
OL-7433-09
Chapter 11
Feature
Related Documentation
Release Notes for the Cisco 10000 Series Internet Router for
Cisco IOS Release 12.0(25)SX
New Features in Cisco IOS Release 12.0(25)SX > Random
Early Detection with Queue-Limit
11-41
Chapter 11
Related Documentation
11-42
OL-7433-09
CH A P T E R
12
Class-Based Weighted Fair Queuing for Virtual Access Interfaces, page 12-4
12-1
Chapter 12
After defining a class according to its match criteria, you can assign it characteristics by assigning it
bandwidth, weight, and maximum packet limit. The bandwidth you assign to a class is the guaranteed
bandwidth delivered to the class during congestion. You can also specify the maximum number of
packets allowed to accumulate in the queue for a class, referred to as the queue limit for the class. Packets
belonging to a class are subject to the bandwidth and queue limits that characterize the class.
After a queue reaches its configured queue limit, enqueueing of additional packets to the class causes
packet drop to occur. The router drops packets using one of the following methods, depending on how
you configured the traffic class:
Note
Tail dropThe default congestion avoidance mechanism for Layer 3 queues. Tail drop activates
when a queue becomes full. After being activated, no packets make it to the queue. Tail drop treats
all traffic equally and does not differentiate between classes of service.
Weighted Random Early Detection (WRED)A mechanism for avoiding congestion of Layer 3
queues. WRED combines the capabilities of the random early detection (RED) mechanism with IP
precedence, differential services code point (DSCP), and discard-class to provide preferential
handling of higher priority packets. WRED attempts to anticipate and avoid congestion. WRED
implements a proactive queuing strategy that manages congestion before a queue reaches its queue
depth. By selectively dropping packets, WRED prevents packets from enqueuing to the Layer 3
queue.
If you use WRED packet drop instead of tail drop for one or more traffic classes in a policy map, the
interface to which you attach that policy map cannot have WRED configured.
If you configure the class-default class using the bandwidth command, the router places all unclassified
traffic into a single FIFO queue and allocates bandwidth according to the configured bandwidth. If you
do not configure the class-default class, then by default the router gives best-effort treatment to the traffic
that does not match any of the configured classes. After the router classifies a packet, all of the standard
mechanisms that you can use to differentiate service among the classes apply.
For CBWFQ, the weight specified for the class becomes the weight of each packet that meets the match
criteria of the class. The router classifies packets that arrive at the output interface according to the match
criteria filters you define. The router then assigns each one the appropriate weight. The router derives
the weight for a packet belonging to a specific class from the bandwidth you assign to the class when
you configure it. In this sense the weight for a class is user-configurable.
After the router assigns the weight for a packet, the router enqueues the packet in the appropriate class
queue. CBWFQ uses the weights assigned to the queued packets to ensure that the router services the
class queue fairly.
You can configure CBWFQ on a physical interface only if the interface is in the default queuing mode.
Serial interfaces at E1 (2.048 Mbps) and below use WFQ by default; other interfaces use FIFO by
default. Enabling CBWFQ on a physical interface overrides the default interface queuing method.
Enabling CBWFQ on an ATM permanent virtual circuit (PVC) does not override the default queuing
method.
12-2
OL-7433-09
Chapter 12
Classifying trafficThis process uses class maps to define the classification criteria the router uses
to differentiate one traffic class from another.
Associating class characteristics with each traffic classThis process uses policy maps to define the
class characteristics (policy actions) the router applies to packets belonging to one of the traffic
classes.
Description
Required PRE
Release 12.0(19)SL
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
Class-Default Class
The class-default class is used to classify traffic that does not fall into one of the defined classes in a
policy map. After the router classifies a packet, the router applies all the standard mechanisms that are
used to differentiate service among the classes. The class-default class is predefined when you create the
policy map, but you must configure it. If you do not configure the default class, then by default the traffic
that does not match any of the configured classes in a policy map is FIFO-classified and given best-effort
treatment.
12-3
Chapter 12
If you configure a policy map class to use weighted random early detection (WRED), the interface
to which you attach the service policy cannot have WRED configured.
The router does not support traffic shaping and policing with CBWFQ.
The router supports CBWFQ on variable bit rate (VBR) ATM connections.
Use access control lists (ACLs), protocols, or input interface names to define how to classify traffic
Specify the exact amount of bandwidth to be allocated for a specific class of traffic
To use CBWFQ, you define traffic classes based on match criteria. Packets satisfying the match criteria
for a class constitute the traffic for that class. CBWFQ reserves a FIFO for each class and directs traffic
belonging to a class to the queue for that class.
After you define the match criteria for a traffic class, you can assign the class characteristics. To
characterize a class, you create a policy map and assign each class such parameters as bandwidth and
queue limit. The bandwidth is the guaranteed bandwidth delivered to the class during congestion. The
bandwidth assigned to a class is used to derive a weight for the class. Each packet that meets the match
criteria of the class is assigned the weight of the class and is then enqueued in the appropriate class
queue. CBWFQ uses the weights assigned to the queued packets to ensure that the class queue is serviced
fairly.
You can also specify the queue limit for a class to indicate the maximum number of packets allowed to
accumulate in the queue for the class. Packets belonging to a class are subject to the queue limits that
characterize the class.
12-4
OL-7433-09
Chapter 12
The definition and application of policies in a policy map are in a single direction, either input or
output.
The first policy defined is the one applied for a given VAI.
For more information about CBWFQ, see the Class-Based Weighted Fair Queuing section on
page 12-1.
Description
Required PRE
Release 12.0(25)SX
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Note
You can apply a service policy without queuing-related actions to either a VC or a VAI, but not to both
at the same time.
12-5
Chapter 12
Virtual template interfaces and VAIs do not apply to routed bridge encapsulation (RBE) over ATM.
Both the virtual template and virtual connection must exist before a remote user initiates a session
to the router.
Cisco IOS Release 12.2(25)SX does not support the configuration of broadband aggregation (BBA)
groups using RADIUS. You must configure BBA groups manually.
You can only apply a QoS policy with queuing-related actions to a VC. Do not apply service policies
with class-based weighted fair queuing (CBWFQ) actions to a VAI using a virtual template. The
router supports queuing only when you apply the QoS policy to a VC.
You can apply a QoS policy without queuing-related actions to either a VC or a VAI, but not to both
at the same time.
If you configure a QoS policy on a VC, the show policy interface vai command does not display
information to indicate that the VAI is subject to the VC service policy. However, if you apply a
policy directly to a VAI, the show policy interface vai command displays information about the
policy on the VAI.
You cannot configure a service policy on a VC and on a session at the same time.
12-6
OL-7433-09
Chapter 12
Physical
ATM shaped (peak cell rate is specified) unspecified bit rate (UBR) PVCs and point-to-point
subinterfaces
Ethernet VLANs *
* Requires a specific type of hierarchical policy. For more information, see Chapter 13, Defining QoS
for Multiple Policy Levels.
Note
Note
ATM unshaped (no peak cell rate specified) UBR PVCs and point-to-point subinterfaces
IP tunnel
Configuring Policy Actions for Traffic Classes Using Policy Maps, page 12-9
Modifying the Bandwidth for an Existing Policy Map Class, page 12-16
Modifying the Queue Limit for an Existing Policy Map Class, page 12-17
12-7
Chapter 12
Step 1
Command
Purpose
Step 2
Specifies the name of the access control list (ACL) against whose
contents packets are checked to determine if they belong to the
class. CBWFQ supports numbered and named ACLs.
or
Router(config-cmap)# match
input-interface interface-name
or
12-8
OL-7433-09
Chapter 12
Configuring a Class Policy and Dropping Packets Using Tail Drop, page 12-11
Configuring a Class Policy and Dropping Packets Using WRED, page 12-12
For more information about QoS policies, see Chapter 3, Configuring QoS Policy Actions and Rules.
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Specifies the default class so that you can configure or modify its
policy. Enters policy-map class configuration mode.
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
12-9
Chapter 12
Step 4
Command
Purpose
Router(config-pmap-c)# queue-limit
number-of-packets
Step 5
Router(config-pmap-c)# random-detect
Step 6
Router(config-pmap-c)# random-detect
exponential-weighting-constant exponent
or
Router(config-pmap-c)# random-detect
precedence precedence min-threshold
max-threshold mark-prob-denominator
12-10
OL-7433-09
Chapter 12
Note
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
Router(config-pmap-c)# queue-limit
number-of-packets
12-11
Chapter 12
Configuration Example for Configuring a Class Policy and Dropping Packets Using Tail Drop
Example 12-2 creates a policy map named policy1 that contains two classes (class1 and class2) whose
match criteria were previously defined (see Example 12-1 on page 12-8). The class1 configuration
requests a specific bandwidth allocation and specifies the maximum number of packets that can be
queued for the class. Because the class1 configuration specifies the queue-limit command, the router
uses tail drop to drop packets. The class2 configuration specifies only the bandwidth allocation request;
therefore, the policy map assumes a default queue limit based on the configured bandwidth rate. The
policy1 service policy is applied to PVC 1/32 for outbound packets.
Example 12-2 Configuring a Class Policy and Dropping Packets Using Tail Drop
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 3000
Router(config-pmap-c)# queue-limit 32
Router(config-pmap-c)# class class2
Router(config-pmap-c)# bandwidth 2000
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface atm 1/0/0
Router(config-if)# atm pxf queuing
Router(config-if)# interface atm 1/0/0.1 point-to-point
Router(config-subif)# pvc 1/32
Router(config-subif-atm-vc)# service-policy output policy1
Note
Step 1
Repeat Steps 2 through 5 to assign additional traffic classes to the policy map and to configure a class
policy for the traffic classes.
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
12-12
OL-7433-09
Chapter 12
Step 3
Command
Purpose
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
Router(config-pmap-c)# random-detect
12-13
Chapter 12
Step 5
Command
Purpose
Router(config-pmap-c)# random-detect
exponential-weighting-constant exponent
or
Router(config-pmap-c)# random-detect
precedence precedence min-threshold
max-threshold mark-prob-denominator
Configuration Example for Configuring a Class Policy and Dropping Packets Using WRED
Example 12-3 creates the class map named class1 and defines the match criteria used to determine if
packets belong to the class. The policy map named policy1 contains the class characteristics for class1.
Because the class1 configuration specifies the random-detect command, the policy map uses WRED
packet drop to drop packets. The service policy for policy1 is applied to the PVC range 1/32 to 1/81 for
outbound packets.
Example 12-3 Configuring a Class Policy and Dropping Packets Using WRED
Router(config)# class-map class1
Router(config-cmap)# match input-interface Ethernet0/1
Router(config-cmap)# exit
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth 1000
Router(config-pmap-c)# random-detect
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface atm 1/0/0
Router(config-if)# atm pxf queuing
Router(config-if)# interface atm 1/0/0.1 point-to-point
Router(config-subif)# range pvc 1/32 1/81
Router(config-subif-range-vc)# service-policy output policy1
!
12-14
OL-7433-09
Chapter 12
Purpose
12-15
Chapter 12
Note
To configure class-based WFQ (CBWFQ) for VAIs, you must specify the bandwidth command for the
traffic classes configured in the policy map and attach the policy map to either a VC or to a virtual
template interface (requires Cisco IOS Release 12.2(16)BX and later releases).
Purpose
Step 1
Specifies the name of the policy map containing the class you
want to modify. Enters policy-map configuration mode.
Step 2
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
12-16
OL-7433-09
Chapter 12
Step 1
Command
Purpose
Step 2
Step 3
Router(config-pmap-c)# queue-limit
number-of-packets
Deleting Classes
To delete one or more classes from a policy map, enter the following commands beginning in global
configuration mode:
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Router(config-pmap)# no class
class-map-name
12-17
Chapter 12
Purpose
Configuration Example for Configuring CBWFQ and Attaching a Policy to an ATM Subinterface,
page 12-19
Configuration Example for Configuring CBWFQ and Attaching a Policy to an RBE Subinterface,
page 12-19
12-18
OL-7433-09
Chapter 12
12-19
Chapter 12
Purpose
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
12-20
OL-7433-09
Chapter 12
Feature
Related Documentation
Class maps
Policy maps
12-21
Chapter 12
Related Documentation
12-22
OL-7433-09
CH A P T E R
13
13-1
Chapter 13
Hierarchical Policies
Hierarchical Policies
A hierarchical policy is a QoS model that enables you to specify QoS behavior at multiple levels of
hierarchy. The router supports three types of hierarchical policies: nested, three-level, and input policing
policies. Depending on the type of hierarchical policy you configure, you can use hierarchical policies
to:
Note
Restrict the maximum bandwidth of a virtual circuit (VC) while allowing policing and marking of
traffic classes within the VC
For more information about the types of hierarchical policies, see the Nested Hierarchical Policies
section on page 13-6, Three-Level Hierarchical Policies section on page 13-8, and the Hierarchical
Input Policing Policies section on page 13-10).
All hierarchical policy types consist of a top-level parent policy and one or more child policies. The
service-policy command is used to apply a policy to another policy, and a policy to an interface,
subinterface, virtual circuit (VC), or virtual LAN (VLAN). For example, in a three-level hierarchical
policy, you use the service-policy command to apply a:
Note
For more information, see the Child Policy section on page 13-4, the Parent Policy section on
page 13-4, and the service-policy Command section on page 13-5.
When you use hierarchical policies, the router allocates the physical pipe into smaller pipes. Instead of
creating a single versatile time management scheduler (VTMS) link for the physical interface, each
parent policy map has a VTMS link. The router uses this QoS link to service the associated traffic
independently of other traffic.
For releases prior to Cisco IOS Release 12.0(25)SX, the router uses 128 discrete values between 64 kbps
and 1 Gbps as multiqueue shape rates. Therefore, the sum of the nested policy shape rates you specify
for an interface must be 64 kbps less than the total bandwidth of the interface. For example, on a DS1
Frame Relay interface with a total bandwidth of 1536 kbps, the combined shape rate of the hierarchical
policy must be 1472 kbps or less:
1536 kbps 64 kbps = 1472 kbps
If you specify a non-supported rate, the router uses the next lower supported rate instead.
For Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, and later releases, the router allows interface
oversubscription. For more information, see Chapter 15, Oversubscribing Physical and Virtual Links.
13-2
OL-7433-09
Chapter 13
Description
Required PRE
Release 12.0(22)S
PRE1
Release 12.0(25)SX
PRE1
Release 12.2(16)BX
PRE2
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
Release 12.2(31)SB2
PRE3
Specify the maximum transmission rate of a set of traffic classes that are queued separately, which
is essential for virtual interfaces such as Frame Relay PVCs and IEEE 802.1Q virtual LANs
(VLANs)
Shape the aggregate traffic of queues on a physical interface (for example, provide a 10-megabits
per second (Mbps) service on a 100-Mbps physical interface)
Restrict the maximum bandwidth of a VC while allowing policing and marking of classes within the
VC
13-3
Chapter 13
Child Policy
A child policy is a policy map in a hierarchical QoS policy that defines QoS behavior for individual
streams of traffic. A child policy defines one or more classes of traffic and the actions you want the router
to take on the traffic, just as non-hierarchical policy maps do. However, in a hierarchical policy, a child
policy map is applied to a parent policy map and can be applied to another child policy, depending on
the type of hierarchical policy it is (see the Types of Hierarchical Policies section on page 13-6).
The following describes the ways in which you can apply child policies for the various types of
hierarchical policies:
Nested hierarchical policiesApply a bottom-level child policy to a top-level parent policy only.
Hierarchical input policing policiesApply a bottom-level child policy to a top-level parent policy.
When applying child policies to other child policies or to a parent policy, use the service-policy
command and specify the name of the child policy you are applying as the policy-map-name. Do not
specify the input or output keyword.
If you specify the bandwidth percent command or the police percent command in a child policy, the
percentage you indicate is the percentage of the total shape rate and not the percentage of the interface
bandwidth. The router uses the bandwidth of the nearest parent policy (configured using the shape or
police command) command to calculate the bandwidth percentage for the child policy. The router always
looks to the nearest parent for the bandwidth reference point.
The router executes the child policy and then the parent policy. However, if the child policy contains
policing with a specified drop policy, the router polices and drops the appropriate traffic at the child
level, but does not execute the parent policy on the dropped packets.
The router executes the child policy and then the parent policy. As the packets pass through the routers
forwarding engine, the router applies the QoS actions specified in the child policy. After child processing
completes, the packets are fed back through the forwarding engine and the router applies the parent
policy actions to the aggregate traffic. The router executes the parent policy only on the packets that are
fed back. If the router dropped some packets during child processing (the child policy contained a drop
policy), the router does not execute the parent policy on those dropped packets.
Parent Policy
A parent policy contains only the class-default class; it can contain no other classes. The parent policy
defines the shape rate (nested and three-level hierarchical policies) or the policing rate (hierarchical
input policing policies) for the aggregate traffic on an interface with a service policy applied.
The parent policy class-default class can contain only the following commands. Do not configure any
other commands in the class-default class. Configure the service-policy command last.
shape command(Nested or three-Level Hierarchical Policies) Specifies a single shape rate for all
of the traffic classes defined in the child policies. The router does not allocate unused (or excess)
bandwidth for other traffic. You must configure the shape command when creating nested
hierarchical policies and three-level hierarchical policies; do not configure the police command.
or
police command(Hierarchical Input Policing Policies) Configures traffic policing for the
aggregate traffic of all of the classes defined in the child policies. You must configure the police
command when creating hierarchical input policing policies; do not configure the shape command.
13-4
OL-7433-09
Chapter 13
Note
service-policy commandApplies a child policy to the parent policy to create a single hierarchical
QoS policy. Specify the name of the child policy map as the policy-map-name. Do not specify the
input or output keyword.
For more information about hierarchical policies, see the Types of Hierarchical Policies section on
page 13-6.
Table 13-1 summarizes the commands configured in the parent class-default class for the different types
of hierarchical policies.
Table 13-1
Type of Policy
shape Command
police Command
service-policy Command
Nested Hierarchical
Yes
No
Yes
Three-Level Hierarchical
Yes
No
Yes
No
Yes
Yes
The router reserves the bandwidth you specify in the parent policy shape or police command for the
exclusive use of the PVC or VLANs to which the policy is applicable. The router does not share unused
bandwidth with other PVCs or VLANs. However, the actual shape rate the router applies to the child
traffic classes might differ from the rate you specify in the parent policy. For example, the router might
map a specified shape rate of 10.5 Mbps to 11 Mbps. Use the show policy-map interface command to
determine the actual shape rate applied.
service-policy Command
For hierarchical policies, the service-policy command is used to attach:
When attaching child policies to child or parent policies, do not specify the output or input keyword
when you enter the service-policy command. For example, enter the following command:
Router(config-if)# service-policy policy-map-name
When attaching parent policies to interfaces, subinterfaces, or virtual circuits, enter the service-policy
command and specify the output or input keyword as described below:
Note
Nested hierarchical policies and three-level hierarchical policiesSpecify the output keyword to
tell the router to apply the policy to outbound traffic. For more information, see the Nested
Hierarchical Policies section on page 13-6 and the Three-Level Hierarchical Policies section on
page 13-8.
Hierarchical input policing policiesSpecify the input keyword to apply the policy to inbound
traffic. For more information, see the Hierarchical Input Policing Policies section on page 13-10.
The router does not support nested and three-level hierarchical policies on inbound interfaces, and it
does not support hierarchical input policing on outbound interfaces.
13-5
Chapter 13
T1
126793
13-6
OL-7433-09
Chapter 13
Nested policy maps specify QoS policies at the following two levels of hierarchy:
Child policy (bottom-level)Identifies one or more classes of traffic and defines QoS behavior for
the individual traffic streams. If you specify a class bandwidth in a child policy as a percentage, the
router uses the top-level parent shape rate as the bandwidth reference (100 percent) rather than the
bandwidth of the network interface. For example, in a nested policy shaped at 2 Mbps with a
bottom-level child policy configured for 50 percent bandwidth, the router allocates 1 Mbps of
bandwidth to the child policy (50 percent of the parent shape rate).
Parent policy (top-level)Shapes the output of the traffic classes into a single shape rate. The parent
policy can contain only the class-default class with only the shape command specified.
For releases prior to Cisco IOS Release 12.0(25)SX, the sum of the nested policy shape rates you specify
can be no more than 64 kbps less than the physical interface bandwidth. For example, the sum of the
nested policy shape rates for a DS1 Frame Relay interface must be no more than 1472 kbps, calculated
as follows:
1536 kbps 64 kbps = 1472 kbps
If you specify a non-supported rate, the router uses the next lower supported rate instead.
Note
The above restriction does not apply to Cisco IOS Release 12.0(25)SX and later releases.
For releases prior to Cisco IOS Release 12.0(25)SX and Release 12.3(7)XI, the router does not limit the
number of nested policies you can configure on a physical network interface as long as the sum of the
nested policy shape rates is 64 kbps less than the total bandwidth of the interface. In Cisco IOS Release
12.0(25)SX and Release 12.3(7)XI, and later releases, the router allows oversubscription. For more
information, see Chapter 15, Oversubscribing Physical and Virtual Links.
The router reserves the shape rate you specify in the parent policy for the child traffic classes. The router
does not allocate unused (or excess) bandwidth to other traffic. For example, consider a nested policy
with a shape rate of 64 kbps. If the nested policy traffic rate is 32 kbps, the router does not allocate the
remaining 32 kbps to the other traffic on the network interface.
In some cases, the nested policy shape rate that the system uses might be lower than the shape rate you
specify. Use the show policy-map interface command to verify the actual shape rate.
For Frame Relay PVCs, instead of using a nested policy map to specify the multiqueue shape rate, you
can use the frame-relay traffic-shape command to specify a fair queue policy map.
This section lists restrictions for nested hierarchical policies. These restrictions might not apply to other
types of hierarchical policies.
Nested hierarchical policies can have no more than two levels of hierarchy.
Only the top-level parent policy can have the class-default class defined.
The parent class-default class can have only the shape command configured; you cannot specify any
other policy action. The class-default class can also have the service-policy command configured to
attach a child policy to the parent policy. You must specify the shape command before you specify
the service-policy command.
Queuing services must exist at a single hierarchy level, except for the shape command, which is
defined in the parent policys class-default class.
13-7
Chapter 13
You cannot apply a child policy to a traffic class that contains the set or police command.
For the PRE1, the router does not support DotP marking and 802.1P for nested hierarchical policies,
including matching and marking of the 802.1P header.
Define a single shaping rate for multiple classes and subclasses of IP traffic
Apply specific actions on the aggregate traffic of multiple classes and execute class-specific actions
Selectively police a subclass of each guaranteed class and place a maximum transmission limit on
the aggregate traffic
For example, you can use a three-level hierarchical policy to define a minimum bandwidth and a
combined maximum bandwidth for two classes. Similarly, you can also define a minimum bandwidth
for each type of traffic on a virtual circuit and a maximum bandwidth for the virtual circuits total traffic.
A three-level policy specifies the following three levels of hierarchy:
Child policy (bottom-level)Specifies marking and metering actions for one or more classes of
traffic using the set and police commands. You cannot apply a child policy to a traffic class that
contains the set or police command.
Child policy (middle-level)Defines class-based queuing actions for one or more classes of traffic.
You must configure all queuing actions (such as the bandwidth and priority commands) at a single
hierarchical level. The exception to this rule is the shape command, which is also configured in the
class-default class of a parent policy.
Parent policy (top-level)Defines the transmission capacity of a physical or virtual link to shape
the output of the traffic classes into a single shape rate. The shape rate you specify in the parent
policy is reserved for the traffic classes you specify in the child policies. The router does not allocate
unused (excess) bandwidth for other traffic.
Note
The actual shape rate the router applies to the child traffic classes might differ from the rate you
specify in the hierarchical policy. Use the show policy-map interface command to determine
the actual shape rate applied.
13-8
OL-7433-09
Chapter 13
This section lists restrictions for three-level hierarchical policies. These restrictions might not apply to
other types of hierarchical policies.
A top-level parent policy can have only the class-default class. Do not configure any other traffic
class.
The parent class-default class can have only the shape and service-policy commands configured.
Specify the shape command first and then the service-policy command to apply a child policy to
the parent policy.
A middle-level child policy cannot have the police and set commands configured. If you use these
commands in a middle-level policy, you cannot apply a bottom-level child policy to it using the
service-policy command.
A bottom-level child policy can have only the police and set commands configured for a class.
Each bottom-level class map must match only those packets that also match its parent class map. For
example, the union of the set of packets of a bottom-level class and that of its parent class must be
equal to the set of packets that match the parent class.
Note
If a policy does not adhere to the above restriction, the router might incorrectly classify the
traffic affected by the policy.
Example 13-1 shows a configuration that violates the requirement that the bottom-level class map match
only those packets that also match its parent class map. In the example, the class map named Child
matches any packet that is not IP precedence 1 (for example, IP precedence 5). The class map named
Parent matches only IP precedence 1, 2, and 3. As a result, no packets from the Child and Parent classes
intersect.
Example 13-1 Improperly Defining Bottom-Level Child and Top-Level Parent Class Maps
Router(config)# class-map Parent
Router(config-cmap)# math ip precedence 1 2 3
!
Router(config)# class-map Child
Router(config-cmap)# match not ip precedence 1
Example 13-2 modifies the configuration in Example 13-1 to ensure the union of Child and Parent
packets, which in Example 13-2 is IP precedence 2 and 3.
Example 13-2 Properly Defining Bottom-Level Child and Top-Level Parent Class Maps
Router(config)# class-map Parent
Router(config-cmap)# math ip precedence 1 2 3
!
Router(config)# class-map Child
Router(config-cmap)# match ip precedence 2 3
13-9
Chapter 13
Define a policing rate for the traffic that the router accepts on an inbound interface (with a service
policy applied)
A hierarchical input policing policy specifies the following two levels of hierarchy:
Child policy (bottom-level)Specifies policing actions for individual IP traffic streams by using a
two-rate three-color policer (see the Two-Rate Three-Color Marker for Traffic Policing section on
page 6-8).
Parent policy (top-level)Defines a policing rate for all inbound traffic on the interface,
subinterface, VC, or VLAN on which the service policy is applied.
During hierarchical input policing, the bottom-level policer acts on all of the traffic arriving at the
interface, subinterface, VC, or VLAN on which the hierarchical policer is applied. As the traffic passes
through the forwarding engine of the router for the first time, the bottom-level policer limits the rate of
the individual streams of IP traffic before passing the traffic back through the forwarding engine again.
During this feedback operation, the top-level traffic policer limits the rate of all of the traffic passed to
it. The top-level policer acts only on the packets sent by the bottom-level policer. If the outbound
interface has policing configured, a second feedback occurs during which the outbound policer limits
the rate of the traffic.
Note
Packets dropped during bottom-level child processing are not passed to the top-level parent policer.
Figure 13-2 shows how packets flow between policy maps in a hierarchical input policing policy. In the
figure, 500 packets arrive at the interface with the policy_map_level1 policy attached. Because of the
way in which the policer is configured in policy_map_level1, the policer drops 100 packets and passes
400 packets. The traffic policer in the policy_map_level2 policy then evaluates the 400 packets it
receives, drops 200, and transmits the remaining 200 packets.
13-10
OL-7433-09
Chapter 13
Figure 13-2
126794
Packet classification for the bottom-level child policy map occurs before the top-level policer acts
on the traffic classes.
Traffic policing at the top-level parent does not guarantee fairness in sharing bandwidth among the
child classes. If packets from two different traffic classes arrive at the same rate and then go through
a traffic policer, the output rates of the two classes might be different because the hierarchical input
policer acts as an aggregate policer. The parent policer might drop packets in one class in favor of
the other class. This situation can happen when the top-level policer has enough tokens when the
packets for one class arrive, but does not have enough tokens left for the other class. Based on the
arrival pattern of the packets, this pattern could continue indefinitely.
13-11
Chapter 13
Note
Physical
ATM shaped (peak cell rate is specified) unspecified bit rate (UBR) PVCs and point-to-point
subinterfaces
Ethernet VLANs
The router only supports nested and three-level hierarchical policies on outbound interfaces.
Interfaces Supporting Hierarchical Policies (Inbound only)
Note
Physical
Ethernet VLANs
The router only supports hierarchical input policing policies on inbound interfaces.
Interfaces Not Supporting Hierarchical Policies
ATM unshaped (no peak cell rate specified) UBR PVCs and point-to-point subinterfaces
IP tunnel
13-12
OL-7433-09
Chapter 13
Define child policies before you define the parent policy. For example, for a nested policy, define
the bottom-level policy and then the top-level parent policy. For a three-level policy, define the
bottom-level policy, the middle-level policy, and then the top-level parent policy.
Do not specify the input or output keyword in the service-policy command when configuring a
child policy within another child policy or within a parent policy.
Do not configure a child policy in a traffic class of a bottom-level policy. Configure child policies
only in middle-level and top-level parent policies.
Note
Step 1
Use the following commands to configure both the child and parent policies. Configure the bottom-level
child policy first and then the top-level parent policy. For information about additional actions you can
specify in child policies, see the Types of QoS Actions section on page 3-4.
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
13-13
Chapter 13
Step 3
Command
Purpose
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# policy-map
policy-map-name
Step 6
Step 7
Step 8
Router(config-pmap-c)# service-policy
policy-map-name
Example 13-3 shows how to create a nested hierarchical policy that creates two fair queues: one queue
for the Bronze traffic and one queue for all other traffic. The top-level policy named Top-Parent shapes
the total output rate of both queues to 1 Mbps. The bottom-level policy named Bottom-Child shapes
Bronze traffic to 50 percent of the total output rate, or 500 kbps. The router allocates the remaining
500 kbps to all other traffic.
Example 13-3 Creating Fair Queues at Two Levels of Hierarchy
Router(config)# policy-map Bottom-Child
Router(config-pmap)# class Bronze
Router(config-pmap-c)# bandwidth percent 50
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map Top-Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 1000
Router(config-pmap-c)# service-policy Bottom-Child
13-14
OL-7433-09
Chapter 13
Note
Step 1
The bottom-level child policy of a three-level hierarchical policy typically contains only metering or
marking actions. Therefore, configure only the police and set commands in the bottom-level policy.
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Step 3
Step 4
Step 5
Action
Description
atm-clp
cos
Sets the IEEE 802.1P class of service bits in the user priority field.
13-15
Chapter 13
Table 13-2
Action
Description
discard-class
Marks a packet with the discard-class value that you specify, indicating the
drop eligibility of a packet.
dscp
Marks a packet with the differentiated services code point (DSCP) you
specify.
mpls experimental
imposition
Sets the value of the MPLS experimental (EXP) field on all imposed label
entries.
ip precedence
qos-group
Example 13-4 shows how to configure the bottom-level child policy of a three-level hierarchy.
Remember, the bottom-level policy typically defines marking and metering actions. In this example, the
policy map named Gold-Meter defines the policing rate and actions for Business class traffic; the policy
map named Default-Meter defines the default policing rate and actions.
Example 13-4 Configuring a Bottom-Level Child Policy of a Three-Level Hierarchy
Router(config)# policy-map Gold-Meter
Router(config-pmap)# class Business
Router(config-pmap-c)# police 15000 10000 6000 conform-action transmit exceed-action
set-prec-transmit 1
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map Default-Meter
Router(config-pmap)# class Business
Router(config-pmap-c)# police percent 10 1500 0 conform-action transmit exceed-action
set-prec-transmit 4
Router(config-pmap-c)# exit
Router(config-pmap)#
Note
Step 1
For information about additional actions you can specify in child policies, see the Types of QoS
Actions section on page 3-4.
Command
Purpose
Router(config-pmap)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
13-16
OL-7433-09
Chapter 13
Step 3
Command
Purpose
Router(config-pmap-c)# priority
Step 4
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
Step 5
Router(config-pmap-c)# random-detect
dscp-based
Step 6
Note
Router(config-pmap-c)# service-policy
policy-map-name
Example 13-5 shows how to configure a middle-level child policy using the bottom-level child policy
configured in Example 13-4. In this middle-level policy, the policy map named Southwest defines three
traffic classes: Premium, Gold, and class-default. The configuration of these classes provides the
following QoS behavior:
Premium Traffic
Gold Traffic
Uses the Gold-Meter policy to police all Gold traffic (see Example 13-4 on page 13-16)
Guarantees Gold packets a minimum of 15,000 kbps of transmission capacity
Marks any traffic that exceeds 15,000 kbps with IP precedence 1 and then transmits the packet
During congestion, discards Gold packets with IP precedence level 2 or 3 before discarding other
packets
Default Traffic
Uses the Default-Meter policy to police default traffic (see Example 13-4 on page 13-16)
Guarantees default traffic a minimum of 10 percent of the total transmission capacity
Marks any traffic that exceeds 10 percent with IP precedence 4 and then transmits the packet
During congestion, discards default packets with IP precedence level 1 before discarding other
packets
13-17
Chapter 13
Note
Step 1
In a top-level parent policy, define only the class-default class and specify the shape command and then
the service-policy command in the class configuration. Do not specify any other commands.
Command
Purpose
Router(config-pmap)# policy-map
policy-map-name
Step 2
Step 3
Step 4
Router(config-pmap-c)# service-policy
policy-map-name
13-18
OL-7433-09
Chapter 13
Example 13-6 shows how to configure a top-level parent policy using the middle-level child policy
configured in Example 13-5. In this top-level policy, the shape command indicates a total transmission
capacity of 64,000 kbps for the combined queues. The service-policy command applies the middle-level
policy named Southwest to the parent class-default class.
Example 13-6 Configuring a Top-Level Parent Policy of a Three-Level Hierarchy
Router(config-pmap)# policy-map Region1
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 64000
Router(config-pmap-c)# service-policy Southwest
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#
Note
Step 1
Use the following commands to configure both the child and parent policies. Configure the bottom-level
child policy first and then the top-level parent policy. For information about additional actions you can
specify, see the Types of QoS Actions section on page 3-4.
Command
Purpose
Router(config-pmap)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
13-19
Chapter 13
Step 3
Command
Purpose
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# policy-map
policy-map-name
Step 6
Step 7
Router(config-pmap-c)# service-policy
policy-map-name
Step 8
13-20
OL-7433-09
Chapter 13
Example 13-7 shows how to configure a hierarchical input policing policy to police the traffic that enters
the router on a specific interface. In the example, the two class maps named class-default and Gold define
the criteria the router uses to classify traffic. The bottom-level child policy map named Business defines
the policing actions for traffic classified as Gold; the top-level parent policy map named All_Traffic
defines the policing actions for default traffic. The Business policy map is applied to the All_Traffic
policy, creating a two-level hierarchical input policing policy.
Example 13-7 Policing Inbound Traffic at Two Levels of Hierarchy
Router(config)# class-map class-default
Router(config-cmap)# match any
Router(config-cmap)# class-map Gold
Router(config-cmap)# match ip precedence 3
Router(config-cmap)# exit
Router(config)# policy-map Business
Router(config-pmap)# class Gold
Router(config-pmap-c)# police 20000 200 pir 40000 300 conform-action set-qos-transmit 80
exceed-action set-qos-transmit 35 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map All_Traffic
Router(config-pmap)# class class-default
Router(config-pmap-c)# police 6400 200 pir 12800 400 conform-action transmit exceed-action
transmit violate-action drop
Router(config-pmap-c)# service-policy Business
Purpose
13-21
Chapter 13
Configuration Examples
Configuration Examples
This section provides the following configuration examples:
A bottom-level Child-Policy that defines two traffic classes: NewUsers and Bronze-Users.
A top-level Parent-Policy that defines the class-default class, which is shaped to a rate of 512 kbps.
The Child-Policy is applied to the class-default class.
Example 13-9 shows how to configure another nested hierarchical policy. In the example, the
bottom-level child policy named Bottom consists of two traffic classes named Group1 and Group2. The
traffic matching Group1 has a minimum bandwidth guarantee of 5000 kbps; Group2 has a minimum
bandwidth guarantee of 2000 kbps and also has a DSCP-based weighted random early detection
(WRED) packet drop policy defined. The bottom-level child policy is applied to the class-default class
in the top-level Parent policy map. The router shapes the aggregate of all of the Group1 and Group2
traffic to 8000 kbps as specified by the shape command in the Parent class-default class. The
hierarchical policy is attached to outbound ATM interface 1/0/0 using the service-policy command.
13-22
OL-7433-09
Chapter 13
A bottom-level child policy contains two policy maps named DefaultMeter and BusinessMeter.
These policy maps define marking and policing for the associated traffic classes.
A Middle-Level policy defines queuing services for the classes. In the Middle-Level policy map, the
bottom-level BusinessMeter policy is applied to the Business class and the bottom-level
DefaultMeter policy is applied to the Non-Business class.
The Middle-Level policy is applied to the class-default class in the parent policy map named
Top-Level, which shapes the traffic to 8000 kbps.
The hierarchical policy is attached to PVC 1/32 on the point-to-point ATM subinterface 1/0/0.1 in
the outbound direction.
13-23
Chapter 13
Configuration Examples
Example 13-11 shows how to configure another three-level hierarchical policy. This example
configuration includes the following:
Bottom-level child policies named Business-Meter and Default-Meter that define a policing rate.
named Business-Meter is applied to the Business traffic. The Business-Meter policy indicates
to police traffic at 40 percent of available bandwidth, mark traffic that exceeds 40 percent with
DSCP 40, and during congestion, discard Business class traffic marked with DSCP 40 (the
traffic that exceeds the policing rate) before it discards Business traffic at or below the policing
rate.
Defines a Non-Essential class with a DSCP-based traffic drop policy. Notice that the
bottom-level child policy named Default-Meter is applied to the Non-Essential traffic. The
Default-Meter indicates to police traffic at 10 percent of the available bandwidth, mark
exceeding traffic with DSCP 20, and during congestion, discard Non-Essential traffic marked
with DSCP 20 (the traffic that exceeds the policing rate) before it discards Non-Essential traffic
at or below the policing rate.
A top-level parent policy named Region1 that contains the class-default class, shapes the total
bandwidth rate to 20 kbps. Notice that the Southwest policy is applied to the class-default class,
which enables the router to shape the aggregate of all of the traffic to the shape rate defined in the
Region1 class-default class, in this case 20 kbps.
The three-level hierarchical policy attaches to the point-to-point serial subinterface 5/0/0.1 in the
outbound direction.
13-24
OL-7433-09
Chapter 13
Class maps named class-default and Click that define the classification criteria the router uses to
classify packets.
A bottom-level child policy map named Policy2 that defines a two-rate three-color policer for the
Click traffic class.
A top-level parent policy named Parentbps1 that contains the class-default class, which defines a
two-rate three-color policer for default traffic. The bottom-level child policy named Policy2 is
applied to the Parentbps1 class-default class.
The top-level parent policy is attached to PVC 101/102 on the ATM point-to-point
subinterface 1/0/0.10.
13-25
Chapter 13
Configuration Examples
Note
If PVC 98/204 is configured on the same interface as PVC 0/200 and with a bandwidth-remaining ratio
of 1, during times of congestion PVC 0/200 would have 10 times more bandwidth available to it for
non-priority traffic than PVC 98/204 would have.
For information on bandwidth-remaining ratios, see Distribution of Remaining Bandwidth Using
Ratio section on page 5-14 or the Distribution of Remaining Bandwidth Using Ratio,
Release 12.2(31)SB2 feature module.
13-26
OL-7433-09
Chapter 13
class precedence_2
shape average 500000
bandwidth remaining ratio 60 <---- Class-level ratio
!
policy-map vlan10_policy
class class-default
shape average 1000000
bandwidth remaining ratio 10 <---- Subinterface-level ratio
service-policy child-policy
!
policy-map vlan20_policy
class class-default
shape average 1000000
bandwidth remaining ratio 100 <---- Subinterface-level ratio
service-policy child_policy
!
!
interface GigabitEthernet 1/0/0.10
encapsulation dot1q 10
service-policy output vlan10_policy
!
interface GigabitEthernet 1/0/0.20
encapsulation dot1q 20
service-policy output vlan20_policy
Purpose
13-27
Chapter 13
Command
Purpose
13-28
OL-7433-09
Chapter 13
13-29
Chapter 13
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class maps
Oversubscription
Policing
13-30
OL-7433-09
Chapter 13
Feature
Related Documentation
Policy maps
13-31
Chapter 13
Related Documentation
13-32
OL-7433-09
CH A P T E R
14
Simultaneous QoS Policy Map on an Interface and PPP Session, page 14-1
14-1
Chapter 14
Session-level policyYou associate this service policy with a PPP session on the VAI or LAC. This
policy must contain only non-queuing QoS actions such as policing and set actions. You can
statically configure this policy under a virtual template or use RADIUS Attributes 37 and 39 to
dynamically associate the policy with the PPP session. The BRAS applies this policy only at the PPP
session level.
Interface-level policyYou apply this service policy to a main interface, an ATM PVC, or an
Ethernet-based subinterface such as a VLAN subinterface. This policy can contain queuing-related
features, but it cannot have hierarchical policing policies. The BRAS applies this policy to the
aggregate traffic associated with a specific interface.
The BRAS recognizes that simultaneous policy maps exist and applies the appropriate QoS services to
the packets that are subject to both policies. The BRAS aggregates all of the packets of sessions at the
interface level. For example, if policing is applied on a traffic class in an interface policy, the BRAS
polices the aggregate of all of the packets on any of the sessions that match that class.
Description
Required PRE
Release 12.2(33)SB
PRE2, PRE3,
PRE4
QoS Actions
Table 14-1 lists the types of QoS actions allowed in simultaneous policy maps.
Table 14-1
Policy Type
14-2
OL-7433-09
Chapter 14
Table 14-2
match cos
match ip precedence
match dscp
match discard-class
match qos-group
match interface
match exp
match acl
match protocol
14-3
Chapter 14
Table 14-2
police
set
The router does not support hierarchical queuing policies when implementing simultaneous policy
maps. However, you can have nested policy maps.
You cannot configure a hierarchical policing policy as the session policy when a policy is present
on the interface.
The session-level policy must contain only non-queueing actions such as police or set actions.
Queueing and shaping actions can be done in user-defined classes on VLAN subinterface.
Note
The Hierarchical Queueing for Ethernet DSLAMS feature allows a parent shaping and child
queueing policy attached to the session while shaping the VLAN subinterface (in
class-default class only). The VLAN subinterface can aggregate multiple sessions. The
Hierarchical Queueing for Ethernet DSLAMs feature allows a flat shaping policy on the
VLAN subinterface where the flat shaping policy must contain class-default class only. For
more information on the Hierarchical Queueing for Ethernet DSLAM feature, see the
QoS---Hierarchical Queueing for Ethernet DSLAMS guide.
14-4
OL-7433-09
Chapter 14
The simultaneous policy maps feature does not support LNS sessions, multilink PPP (MLPPP)
sessions, or IP sessions.
The simultaneous policy maps feature does not support a policy on an ATM main interface and a
policy on an ATM PVC at the same time. If this occurs, the PVC does not inherit the policy of the
main interface.
You cannot use RADIUS Attributes 37 and 39 to dynamically associate a QoS policy to a VLAN
subinterface.
The show policy-map command does not display the relationship of the two simultaneous policies.
Instead, use the show pxf statistics qos policy-map interface command and the show pxf statistics
qos policy-map session sid commands.
You cannot display the statistical information applicable to the two policies by issuing one CLI
command. Instead, to display the actions taken on the packets traversing the session, you must issue
two separate commands: show pxf statistics qos policy-map interface and show pxf statistics qos
policy-map session sid.
Attaching Simultaneous Policies to PPPoE Sessions Traversing an Ethernet Interface, page 14-6
Attaching Simultaneous Policies to PPPoA Sessions Traversing an ATM VC, page 14-8
Attaching Simultaneous Policies to PPPoE Sessions Traversing an ATM VC, page 14-11
Step 1
Command
Purpose
Step 2
14-5
Chapter 14
Step 3
Command
Purpose
Step 4
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
Step 1
Command
Purpose
Step 2
Step 3
Router(config-subif)# exit
14-6
OL-7433-09
Chapter 14
Step 4
Command
Purpose
Step 5
Step 6
Configuration Example of Attaching the Interface Policy for Simultaneous Policy Maps
The following example configuration shows how to attach the interface policy for simultaneous policy
maps. In this example, the policy named pppoe_sess_output_policy is attached to the virtual template
interface named Virtual-Template1, which the BRAS uses when creating a virtual access interface (VAI)
for a session.
interface GigabitEthernet3/0/0.10
protocol pppoe
!
interface Virtual-Template1
ip unnumbered Loopback1
service-policy output pppoe_sess_output_policy
Step 1
Command
Purpose
Step 2
Step 3
14-7
Chapter 14
Step 1
Command
Purpose
Step 2
14-8
OL-7433-09
Chapter 14
Step 3
Command
Purpose
Router(config-subif-atm-vc)# encapsulation
aal5mux ppp virtual-template number
Step 4
Router(config-subif-atm-vc)# exit
Step 5
Router(config-subif)# exit
Step 6
Step 7
14-9
Chapter 14
Step 1
Command
Purpose
Step 2
Step 3
Router(config-subif-atm-vc)# vbr-nrt
output-pcr output-scr output-mbs
Step 4
Router(config-subif-atm-vc)# encapsulation
aal5mux ppp virtual-template number
Step 5
Router(config-atm-vc)# service-policy
output policy-map-name
14-10
OL-7433-09
Chapter 14
Step 1
Command
Purpose
Step 2
Step 3
Router(config-subif-atm-vc)# encapsulation
aal5snap
Step 4
Router(config-subif-atm-vc)# protocol
pppoe
Step 5
Router(config-subif-atm-vc)# exit
Step 6
Router(config-subif)# exit
14-11
Chapter 14
Step 7
Command
Purpose
Step 8
Step 9
14-12
OL-7433-09
Chapter 14
Step 1
Command
Purpose
Step 2
Step 3
Router(config-subif-atm-vc)# vbr-nrt
output-pcr output-scr output-mbs
Step 4
Router(config-subif-atm-vc)# encapsulation
aal5snap
Step 5
Router(config-subif-atm-vc)# protocol
pppoe
14-13
Chapter 14
Virtual-Template 1
sessions per-vc limit 1000
!
interface Virtual-Template1
ip unnumbered Loopback1
service-policy output pppoe_sess_output_policy
Configuration Example for Applying Simultaneous Policy Maps on Ethernet Interfaces and PPPoE
Sessions, page 14-14
Configuration Example for Applying Simultaneous Policies on 802.1Q Interfaces and PPPoE
Sessions, page 14-16
Configuration Example for Applying Simultaneous Policies on 802.1Q QinQ Interfaces and PPPoE
Sessions, page 14-17
Configuration Example for Applying Simultaneous Policies on ATM VCs and PPPoA Sessions,
page 14-17
Configuration Example for Applying Simultaneous Policies on ATM VCs and PPPoE Sessions,
page 14-18
14-14
OL-7433-09
Chapter 14
PTA Configuration
aaa new-model
!
Username gomer1@domain1.com password 0 gomer
aaa authentication ppp default local
aaa authentication login mylist enable line aaa authentication ppp
vpdn enable
ppp hold-queue 80000
no mpls ldp logging neighbor-changes
no virtual-template snmp
!
buffers small permanent 15000
buffers middle permanent 12000
buffers big permanent 8000
bba-group pppoe VRF_1
virtual-template 1
sessions per-vc limit 1000
sessions per-mac limit 1000
sessions per-vlan limit 1000
!
class-map match-any voip
match ip precedence 5
!
class-map match-any all_pkts
match any
!
class-map match-any video
match ip precedence 4
!
! The policy map named cbwfq_out_policy is the interface policy that is inherited by all sessions.
policy-map cbwfq_out_policy
class voip
police 24000 9216 0 conform-action transmit exceed-action drop violate-action drop
priority
class video
bandwidth 20
class class-default
!
policy-map in_pmap
class all_pkts
police 64000 9216 0 conform-action transmit exceed-action drop violate-action drop
!
! The policy map named police_out_policy is the session policy that is owned by each session.
policy-map police_out_policy
class voip
police 12000 4000 0 conform-action transmit exceed-action drop violate-action drop
class video
police 10000 4000 0 con conform-action transmit exceed-action drop violate-action drop
class class-default
class all_pkts
police 32000 4000 0 conform-action transmit exceed-action drop violate-action drop
!
interface GigabitEthernet6/0/0
no ip address
!
14-15
Chapter 14
Interface
interface GigabitEthernet3/0/0.10
encapsulation dot1Q 10
pppoe enable
service-policy output pppoe_int_output_policy
14-16
OL-7433-09
Chapter 14
Interface
interface GigabitEthernet3/0/0.10
encapsulation dot1Q 10 second-dot1q 19
pppoe enable
service-policy output pppoe_int_output_policy
service-policy input pppoe_int_input_policy
VC
interface ATM3/0/0.42101 multipoint
range pvc 42/101 42/110
vbr-nrt 2000 2000 1
encapsulation aal5mux ppp Virtual-Template1
service-policy output pppoa_int_output_policy
14-17
Chapter 14
VC
interface ATM2/0/0.81801 multipoint
range pvc 81/801 81/810
vbr-nrt 2000 2000 1
encapsulation aal5snap
service-policy output pppoa_int_output_policy
service-policy input pppoa_int_input_policy
protocol pppoe
Session levelEach unique session owns each policy. Therefore, the information that displays
represents the statistics of the session.
Interface levelThe information that displays represents the aggregate statistics of all of the
sessions passing over the ATM PVC or Ethernet-based subinterface (the sessions inherited policy).
To verify and monitor simultaneous policy maps, enter any of the following commands in privileged
EXEC mode:
Command
Purpose
14-18
OL-7433-09
Chapter 14
Command
Purpose
Note
The router does not support displaying relationships between the two simultaneous policies.
Displaying Simultaneous Policy Map Information for PTA Virtual Interfaces, page 14-21
Displaying Simultaneous Policy Map Information for Virtual Access Interfaces, page 14-21
Displaying Simultaneous Policy Map Information for a LAC Session, page 14-22
14-19
Chapter 14
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------1000
66000
0
0
0
0
0
0
0
0
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------500
33000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------500
33000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
14-20
OL-7433-09
Chapter 14
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
---------------- ----------- ------------ --------------- ----------- ----------prec5
500
33000
0
0
0
prec3
0
0
0
0
0
prec2
0
0
0
0
0
class-default
0
0
0
0
0
Input Policy inherited from GigabitEthernet6/0/0.2 [VCCI 2524] - 'parent1':
Class
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
---------------- ----------- ------------ --------------- ----------- ----------prec5
1000
66000
0
0
0
class-default
0
0
0
0
0
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------500
33000
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------1000
33000
0
0
0
0
0
0
0
0
14-21
Chapter 14
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------332
21912
332
0
0
668
44088
668
0
0
Input Policy owned by LAC Session traversing GigabitEthernet6/0/0.2 [VCCI 2529] 'prec-only':
Class
---------------prec5
prec3
prec2
class-default
Pkts
Bytes
Pkts
Pkts
Pkts
Matched
Matched
Conformed
Exceeded
Violated
----------- ------------ --------------- ----------- ----------332
21978
333
0
0
0
0
0
0
0
0
0
0
0
0
667
44022
0
0
0
14-22
OL-7433-09
CH A P T E R
15
15-1
Chapter 15
Interface Oversubscription
Interface Oversubscription
Interface oversubscription enables service providers to assign a total committed information rate (CIR)
to a given port that is greater than the speed of the port. In this way, instead of supporting only
unconditional reservation of network bandwidth to VCs, the Cisco 10000 series router can statistically
guarantee bandwidth to the VCs, thus improving network utilization.
While interface oversubscription offers distinct advantages, it has the potential of degrading system
performance during congestion. The packet scheduler directs traffic to a physical port. Without
oversubscription, the packet scheduler reserves scheduling resources for each VC so that the total
amount is less than or equal to the capacity of the network. With oversubscription, the scheduler assigns
its resources at a rate higher than the transmission capacity of the network. This mismatch of rates
between the scheduler and the network results in reduced scheduling efficiency such as the following:
The scheduling resources that are in excess of the physical capacity fail to perform productively
because of the networks refusal to accept new packets during congestion.
Congestion at the physical layer causes the scheduler to retry packet transmissions until accepted by
the network, which further reduces the schedulers productivity. Prolonged congestion also
interferes with the schedulers operations to serve each traffic class according to its bandwidth
commitment.
With oversubscription, network congestion can occur if all of the network capacity is used concurrently.
However, the risk is low if you avoid oversubscribing a network that is likely to congest and if you do
not oversubscribe a service too much. Without oversubscription, you loose the benefits of
oversubscription such as the following:
The statistical multiplexing that is used with oversubscription saves money because data traffic
tends to be bursty
The statistical multiplexer assigns bandwidth on a circuit as needed, thus saving bandwidth
Description
Required PRE
Release 12.0(25)SX
PRE1
Release 12.3(7)XI
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
15-2
OL-7433-09
Chapter 15
Interface oversubscription can potentially degrade system performance during congestion due to a
mismatch of rates between the packet scheduler and the network.
With oversubscription, network congestion can occur if all of the network capacity is used
concurrently. However, the risk is low if you avoid oversubscribing a network that is likely to
congest and if you do not oversubscribe a service too much.
For more information, see the Interface Oversubscription section on page 15-2.
Note
In releases prior to Cisco IOS Release 12.3(7)XI3, virtual path (VP) tunnel oversubscription does not
behave as intended. Instead, oversubscription of VP tunnels (the number and bandwidth of VCs that can
be in a tunnel) is on by default and is not subject to any oversubscription factor. Oversubscription of VP
tunnels cannot be adjusted or turned off. However, in Cisco IOS Release 12.3(7)XI3 and later releases,
VP tunnel oversubscription is subject to call admission checks and is off by default. The CAC
mechanism checks all of the VCs and VP tunnels going to an interface, and all of the VCs going into a
VP tunnel. You can also specify the amount of oversubscription to allow.
The PRE3 allows the aggregate rate of ATM VCs to exceed the bandwidth of the interface or VP on
which the VCs were created based on the configured oversubscription factor on the ATM interface.
15-3
Chapter 15
For optimal performance, configure the oversubscription factor as closely as possible to the sum of all
VCs. The system allows VCs to be added, provided the total subscribed rate is less than or equal to the
port speed times the over-subscription-factor. The CAC is based on the oversubscription factor you
specify and evaluated separately for both VCs and VP tunnels into the port, and VCs into VP tunnels.
Whenever you reduce the oversubscription factor, less bandwidth is available for VC creation. As a
result, a warning message appears indicating that some VCs might not be created. The router does not
explicitly remove the VCs from the configuration; the VCs remain up and functional until you reboot the
router or reset the slot. At this point, the VCs remain in the configuration but they are not up.
When the no atm pxf queuing command is configured on an interface for the PRE1 or PRE2, the router
allows unlimited oversubscription. The ATM oversubscription commands have no effect. For the PRE3,
the no atm pxf queuing command is not supported.
Description
Required PRE
Release 12.2(16)BX
Release 12.3(7)XI3
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
Note
You can apply a hierarchical policy map to the main ATM interface to override this default equation and
set a specific bandwidth for the aggregate UBR queues. For more information about hierarchical
policies, see Chapter 13, Defining QoS for Multiple Policy Levels.
15-4
OL-7433-09
Chapter 15
Line Card
28,6722
E3/DS3
4,096
32,768
OC-3
8,191
32,7643
28,6724
OC-12
16,384
16,384
1. For 32,768 VCs per module, 4096 of them must be unshaped UBR VCs.
2. For 28,672 VBR, CBR, and shaped UBR VCs, no VCs can be in shaped VP tunnels. If VCs are in shaped VPs, the number of VBR, CBR, and shaped
UBR VCs is 22,204.
3. For 32,764 VCs per module, 4096 of them must be unshaped UBR VCs.
4. For 28,672 VBR, CBR, and shaped UBR VCs, no VCs can be in shaped VP tunnels. If VCs are in shaped VPs, the number of VBR, CBR, and shaped
UBR VCs is 22,204.
You can configure the maximum number of VCs across the ports in any fashion, provided that you do
not exceed the per-port maximum.
Although the maximum number of VBR, CBR, and shaped UBR VCs per E3/DS3 and OC-3 ATM line
card is 28,672 VCs, the router supports a maximum of 22,204 VBR, CBR, and shaped UBR VCs per line
card that you can place within virtual path (VP) tunnels. If you attempt to bring up more than 22,204
VCs in a configuration that includes VP tunnels and VCs (hierarchical traffic shaping configuration), the
VCs might not assign traffic correctly or the VCs might not come up at all. Be sure to limit the number
of configured VBR, CBR, and shaped UBR VCs on an ATM card to less than 22,204 VCs if you place
the VCs in VP tunnels.
For the OC-12 ATM line card, the router supports 16,384 VCs in VP tunnels.
15-5
Chapter 15
Syntax Description
factor
Description
Release 12.2(16)BX
Release 12.3(7)XI3
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
15-6
OL-7433-09
Chapter 15
To prevent oversubscription of the interface, enter the no atm oversubscribe command. For example,
the following configuration disables oversubscription of the ATM 4/0/0 interface. The previously
configured factor of 500 is configured on the interface, but the router does not allow the
oversubscription.
Router(config)# interface atm 4/0/0
Router(config-if)# no atm oversubscribe
Router(config-if)# end
To enable the oversubscription feature with the previously configured factor 500, enter the
atm oversubscribe command. For example:
Router(config)# interface atm 4/0/0
Router(config-if)# atm oversubscribe
Router(config-if)# end
To oversubscribe ATM VCs requires resources from the entire line card (for example, the 4-port
OC-3 ATM line card). If you configure oversubscription on only one port, the other ports can use
more resources than they were configured to use. As a result, some ports do not receive adequate
resources, which results in VC creation failures. Therefore, apply the atm over-subscription-factor
command on all ports of the ATM card.
Due to congestion on the physical interface, the accuracy of the bandwidth distribution between the
class queues degrades. For example, if you configure each of three queues at a distribution of 50,
30, and 20 percent, the actual distribution might be 45, 40, and 15 percent.
The distribution of bandwidth for each VC might be less than expected based on the speed of the
VC. Typically, low-speed VCs are allocated the expected bandwidth while high-speed VCs share the
remaining bandwidth equally.
The amount of bandwidth allocated for the priority queue or latency might be less than expected.
15-7
Chapter 15
Figure 15-1 shows a Frame Relay network that is oversubscribed. In the figure, the Central Site has a
1.544-Mbps Frame Relay circuit. The network has 18 remote sites with 128-kbps Frame Relay circuits.
The aggregate bandwidth is 2.3 Mbps:
128 kbps * 18 sites = 2.3 Mbps
The Central Site is oversubscribed by 50 percent. However, this configuration is valid because:
The remote users require only e-mail access and the ability to transfer small files using File Transfer
Protocol (FTP).
All of the remote sites are unlikely to try to use all of the available bandwidth at the same time.
All of the remote sites are unlikely to simultaneously access the network.
Figure 15-1
18 Frame Relay
Access Devices
(FRAD)
Aggregate bandwidth
of remotes exceed egress
128 kbps
1.544 Mbps
Frame Relay
Network
126832
Central site
Description
Required PRE
Release 12.3(7)XI1
PRE2
Release 12.2(28)SB
PRE2
15-8
OL-7433-09
Chapter 15
Description
Release 12.3(7)XI1
Required PRE
Release 12.2(28)SB
Release 12.2(31)SB2
PRE2
15-9
Chapter 15
For more information about hierarchical policies, see Chapter 13, Defining QoS for Multiple Policy
Levels.
Configuring Oversubscription
To configure oversubscription on ATM, Frame Relay, and 802.1Q VLAN virtual circuits, perform any
of the following configuration tasks:
15-10
OL-7433-09
Chapter 15
Purpose
Step 1
Step 2
Note
Note
You do not need to use the service-policy command to specify the ATM VC oversubscription because a
variable bit rate (VBR) ATM VC uses sustained cell rate (SCR) to define the VCs average transmission
rate.
Example 15-2 oversubscribes an ATM interface by five times the physical transmission capacity.
Example 15-2 Oversubscribing an ATM VC
Router(config)# interface serial 1
Router(config-if)# atm over-subscription-factor 5
15-11
Chapter 15
Configuring Oversubscription
Step 1
Command
Purpose
Step 2
Step 3
Router(config-pmap-c)# priority
15-12
OL-7433-09
Chapter 15
Step 4
Command
Purpose
Step 5
Router(config-pmap-c)# exit
15-13
Chapter 15
Configuring Oversubscription
Step 6
Command
Purpose
Step 7
Step 8
Step 9
Router(config-pmap-c)# service-policy
policy-map-name
Step 10
Router(config-pmap-c)# exit
Step 11
Router(config-pmap)# exit
Step 12
Step 13
Step 14
Step 15
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
15-14
OL-7433-09
Chapter 15
Configuration Example for Oversubscribing Frame Relay PVCs Using Hierarchical Policies
Example 15-3 shows how to oversubscribe a Frame Relay T1 network using a hierarchical policy to
define QoS behavior. In the example, the traffic class named Gold is policed at 60 percent of the total
transmission capacity and the class named Bronze requests 30 percent of the total bandwidth. The child
policy named dlci50 that contains the Gold and Bronze classes is applied to the parent policy named
shape-rate. The parent policy applied to DLCI 50 and DLCI 100 on serial subinterface 5/0/0.1 shapes
each DLCI with a bandwidth of 1024 kbps or a total of 2048 kbps, which exceeds the transmission
capacity of the T1 network (1536 kbps).
Example 15-3 Configuring Frame Relay Oversubscription Using Hierarchical Policies
Router(config)# policy-map dlci50 [child policy]
Router(config-pmap)# class Gold
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 60
Router(config-pmap-c)# class Bronze
Router(config-pmap-c)# bandwidth percent 30
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map shape-rate [parent policy]
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 1024
Router(config-pmap-c)# service-policy dlci50 [child policy]
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface serial 5/0/0.1 point-to-point
Router(config-subif)# ip address 10.1.0.2 255.255.255.252
Router(config-subif)# frame-relay interface-dlci 50
Router(config-if-dlci)# service-policy output shape-rate [attaches parent policy]
Router(config-if-dlci)# frame-relay interface-dlci 100
Router(config-if-dlci)# service-policy output shape-rate [attaches parent policy]
Step 1
Command
Purpose
Step 2
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
15-15
Chapter 15
Configuring Oversubscription
Step 6
Command
Purpose
Step 7
Applies the policy map you specify to the Frame Relay map
class. This is the same policy map that you created in Step 1.
input indicates to apply the QoS policy to inbound packets.
output indicates to apply the QoS policy to outbound
packets.
policy-map-name is the name of the policy map you want to
apply to the Frame Relay map class.
Step 8
Router(config-fr-mc)# exit
Step 9
Step 10
Step 11
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
Step 12
15-16
OL-7433-09
Chapter 15
Configuration Example for Oversubscribing Frame Relay PVCs Using a Map Class
Example 15-4 shows how to oversubscribe a T1 network with a capacity of 1536 kbps. In the example,
the policy map named Business shapes traffic to 1024 kbps. This QoS policy is applied to both PVCs
(100 and 101) configured on serial interface 1/0/0/1:0. Each PVC has 1024 kbps of bandwidth or a total
of 2048 kbps, which exceeds the capacity of the T1 network. Therefore, the PVCs are oversubscribed.
Alternatively, if each PVC had a bandwidth of 768 kbps or less, they would not be oversubscribed.
Example 15-4 Oversubscription of Frame Relay PVCs
Router(config)# policy-map Business
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 1024
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# frame-relay map-class Bronze
Router(config-map-c)# service-policy output Business
Router(config-map-c)# exit
Router(config)# interface serial 1/0/0/1:0
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay interface-dlci 100
Router(config-if-dlci)# frame-relay class Bronze
Router(config-if-dlci)# frame-relay interface-dlci 101
Router(config-if-dlci)# frame-relay class Bronze
Step 1
Command
Purpose
Step 2
Step 3
Router(config-pmap-c)# priority
15-17
Chapter 15
Configuring Oversubscription
Step 4
Command
Purpose
Step 5
Router(config-pmap-c)# exit
Step 6
15-18
OL-7433-09
Chapter 15
Command
Purpose
Step 7
Step 8
Step 9
Router(config-pmap-c)# service-policy
policy-map-name
Step 10
Router(config-pmap-c)# exit
Step 11
Router(config-pmap)# exit
Step 12
Step 13
Step 14
Step 15
15-19
Chapter 15
User Configurable
VC Weight
No
Yes
15-20
OL-7433-09
Chapter 15
Table 15-2
User Configurable
VC Weight
Yes
Yes
For information about VC weighting for a specific release, see the following sections:
Determining VC WeightingCisco IOS Release 12.3(7)XI1 and Later Releases, page 15-22
Determining VC WeightingCisco IOS Release 12.2(31)SB2 and Later Releases, page 15-22
Description
Required PRE
Release 12.3(7)XI1
PRE2
Release 12.2(28)SB
PRE2
Release 12.2(31)SB2
PRE3
If all of the competing VCs have the same traffic class, the router calculates bandwidth by dividing
the line rate by the number of VCs.
If the competing VCs have differing SCR values, the router either allocates the same bandwidth to
each VC or it allocates more bandwidth to VCs with a higher SCR, depending on the load at a certain
point in time. Because of this, it is difficult to predict the exact bandwidth percentage each VC has.
The SAR mechanism does not drop any cells on the router after a packet is scheduled to it. If the
rate at which VCs send cells to the SAR mechanism exceeds the SAR mechanisms capability to
transmit, the queuing system stores and subsequently drops any excess packets and the ATM
interface driver controls the rate at which it sends packets to the SAR mechanism to avoid starving
the SAR mechanism of its internal buffers.
15-21
Chapter 15
Number of queues on a VC
Bandwidth of the VC
Because so many variables influence watermark threshold values, you might need to experiment with
different values to determine the optimum high and low watermark values for your configuration. In
general, the following guidelines apply:
Set the low watermark equal to the VC weight. If the low watermark is less than the VC weight, a
full weight worth of cells might not be enqueued in the SAR mechanism when the scheduler
round-robin gets to the VC. As a result, the VC might not get its fair share.
For more information about the high and low watermarks, see the High Watermark and Low Watermark
Default Values section on page 15-25.
15-22
OL-7433-09
Chapter 15
VC Speed
Weight Formula
5 MB or less
Weight = 255
Greater than 5 MB
Note
Because it is not practical to configure weights on some ATM VCs and not on others, either all of the
VCs have VC weights configured or none of them do.
A default weight of 1 is given to non-ATM subinterfaces with no weight assigned to them.
15-23
Chapter 15
queue-depth Command
To configure the segmentation and reassembly (SAR) line card queue depth for each VC interface queue,
use the queue-depth command in ATM PVC configuration mode. To remove a queue-depth setting, use
the no form of the command. By default, no line card queue depth is set.
queue-depth hwm lwm
no queue-depth hwm lwm
Syntax Description
hwm
lwm
Description
Release 12.3(7)XI1
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
weight Command
To control virtual circuit (VC) bandwidth when the virtual path (VP) is congested, use the weight
command in PVC, PVC range, or ATM VC-class configuration mode. This command defines the weight
of a VC or changes the default weight. To restore the default weight, use the no form of the command.
weight weight_value
no weight weight_value
Syntax Description
weight_value
The number of cells that a VC can send to the VP tunnel before the SAR
mechanism moves on to the next VC. A high value has a high VC priority
in the VP scheduler. Valid values are from 1 to 255 (PRE2) and 1 to 1000
(PRE3).
Note
15-24
OL-7433-09
Chapter 15
Description
Release 12.3(7)XI1
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
VC Rate (bps)
Low Watermark
High Watermark
0 to 18,999
48
56
19,000 to 40,999
64
72
41,000 to 99,999
128
144
100,000 to 622,000
224
240
Table 15-4 lists the default high and low watermark values for ATM unspecified bit rate (UBR) VCs,
based on the ATM VC rate.
Table 15-4
VC Rate (bps)
Low Watermark
High Watermark
0 to 18,999
224
240
The behavior of the high watermark threshold and the low watermark threshold depends on whether the
atm pxf queuing mode or the no atm pxf queuing mode is configured. In atm pxf queuing mode, the high
watermark is a threshold that triggers a flow-off signal and the low watermark is a threshold that triggers
a flow-on signal. The high watermark is the maximum number of cells that can be in the PVC queue for
the ATM SAR mechanism before a flow-off signal is sent to the PXF. With the exception of priority
15-25
Chapter 15
queue packets and system queue packets, the flow-off signal stops packets for this PVC from being sent
to the ATM SAR mechanism. Priority queue packets and system queue packets continue to be sent to the
line card. Packets for other classes are queued at the PXF.
If packets are being queued at the PXF because the flow-off signal has been sent, when the number of
cells in the PVC queue reaches the low watermark threshold, a flow-on signal is sent to the PXF. The
flow-on signal restarts the packet flow (for packets of all classes) from this PVC to the ATM SAR
mechanism.
For example, after router startup the flow signal defaults to on. If the number of cells in the PVC queue
for the ATM SAR mechanism is 50, the high watermark is 56, and the low watermark is 48, and packets
of all classes flow from the PVC to the ATM SAR mechanism. If the number of cells increases to 56, the
high watermark triggers the flow-off signal, which stops packet flow for all packets, except the priority
queue and system queue packets. Packet flow for all other packets is not restarted until the number of
cells decreases to 48 (for example, when the low watermark triggers the flow-on signal).
In no atm pxf queuing mode, the high watermark is the maximum number of cells that can be in the PVC
queue for the ATM SAR mechanism before packet drops occur. The low watermark does not apply in no
atm pxf queuing mode.
Note
While the high watermark threshold and low watermark threshold are defined by the numbers of cells,
the crossing of the high watermark is evaluated on a packet boundary. This means that only whole
packets are placed in the PVC queue for the ATM SAR mechanism.
When you want to better control priority queuing latency or for better TCP performance, modify the
watermark values for each ATM variable bit rate (VBR) VC by using the queue-depth command. For
more information, see the Configuring VC Queue Depth section on page 15-38.
For better VC utilization and accuracy, raise the low watermark value (and possibly the high
watermark value).
For better per-queue accuracy, increase the spread between the watermark values.
For a higher number of cells in the queue or for better TCP performance, increase the high
watermark value.
The high watermark can be calculated based on the worst-case latency, VC traffic speed, IP packet size,
and ATM encapsulation type used (PPPoE, PPPoA, RBE). The low watermark is typically 80 percent of
the high watermark. The following formula is used to calculate the high watermark:
High_water = ((max latency (ms) (max_pktsize / VC_speed) ms) * VC_speed) / (53 * 8)
where:
High_water is the high watermark.
max latency is the maximum latency in milliseconds (ms).
max_pktsize is the maximum packets size.
VC_speed is the VC rate.
The maximum packet size is calculated using the following formula:
15-26
OL-7433-09
Chapter 15
ATM VP parameters such as peak cell rate (PCR) and cell delay variation tolerance (CDVT)
VC parameters such as weight, PCR, sustained cell rate (SCR), maximum burst size (MBS), and
CDVT
If VC members of a VP do not have a configured weight and you dynamically modify the VP rate, the
router dynamically adjusts the weight of the member VCs based on the associated tunnels new rate. The
member VCs remain up as their weights are dynamically modified.
If you dynamically modify the tunnel VCs shaping parameters (for example, the PCR or SCR), the
router adjusts the tunnel VCs weight based on the VC speed, if no weight is configured for the VC. If
a VC weight is configured, the router adjusts the tunnel VCs weight based on the configured weight.
(PRE2 only) A weight of less than 10 can adversely affect the performance of the ATM port. We
recommend that you do not use a weight that is less than 10.
When you change VC parameters or the VP rate, the VP tunnels effective shape rate can
momentarily fluctuate and cause the router to send cells at a rate that is over or under the configured
rates. The session stays up and no data is lost.
When dynamically modifying an ATM VP or VC configuration, you cannot dynamically change the
queue depth or the type of VC. For example, you cannot dynamically change a constant bit rate
(CBR) VC to a variable bit rate-nonreal time (VBR-nrt) VC.
15-27
Chapter 15
Configuring VC Weighting
Configuring VC Weighting
To configure VC weighting, perform the following configuration tasks:
Configuring VC Weighting on Class Queues Using Bandwidth Remaining Ratio, page 15-34
Purpose
Step 1
Step 2
Step 3
15-28
OL-7433-09
Chapter 15
Step 1
Command
Purpose
Defines a VC class.
name is the name of the VC class.
Step 2
Step 3
Router(config-atm-vcc)# exit
Step 4
Step 5
Step 6
15-29
Chapter 15
Configuring VC Weighting
Purpose
Step 1
Step 2
Step 3
Router(config-if-atm-range)# weight
weight-value
15-30
OL-7433-09
Chapter 15
Note
Step 1
Command or Action
Purpose
Step 2
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# exit
Step 6
Step 7
15-31
Chapter 15
Configuring VC Weighting
Step 8
Command or Action
Purpose
Step 9
Step 10
Router(config-pmap-c)# service-policy
child-policy-name
Applies the child policy map you specify to the traffic class.
The router applies the QoS actions specified in the child
policy to the traffic class.
child-policy-name is the name of the child policy.
Note
Step 11
Router(config-pmap-c)# exit
Step 12
Router(config-pmap)# exit
15-32
OL-7433-09
Chapter 15
Step 13
Command or Action
Purpose
Step 14
15-33
Chapter 15
Configuring VC Weighting
protocol ip 10.20.1.2
vbr-nrt 50000
encapsulation aal5snap
service-policy output Parent
Note
If PVC 98/204 is configured on the same interface as PVC 0/200 and with a bandwidth-remaining ratio
of 1, during times of congestion PVC 0/200 would have 10 times more bandwidth available to it for
non-priority traffic than PVC 98/204 would have.
The following example shows how to configure bandwidth-remaining ratios on an Ethernet subinterface
using a hierarchical policy. In the example, Gigabit Ethernet subinterface 1/0/0.1 is shaped to 100 Mbps.
During congestion, the router uses the bandwidth-remaining ratio of 10 to determine the amount of
excess bandwidth (unused by priority traffic) to allocate to the non-priority traffic on
subinterface 1/0/0.1, relative to the other subinterface-level and class-level queues on the interface.
policy-map Child
class precedence_0
bandwidth 10000
class precedence_1
shape average 100000
bandwidth 100
!
policy-map Parent
class class-default
bandwidth remaining ratio 10
shape average 100000000
service-policy Child
!
interface GigabitEthernet1/0/0.1
encapsulation dot1Q 100
ip address 10.1.0.1 255.255.255.0
service-policy output Parent
Step 1
Command or Action
Purpose
Step 2
15-34
OL-7433-09
Chapter 15
Step 3
Command or Action
Purpose
Step 4
Step 5
Router(config-pmap-c)# exit
Step 6
Router(config-pmap)# exit
Step 7
Step 8
Step 9
15-35
Chapter 15
Configuring VC Weighting
Step 10
Command or Action
Purpose
Step 11
Router(config-pmap-c)# service-policy
child-policy-name
Applies the child policy map you specify to the traffic class.
The router applies the QoS actions specified in the child
policy to the traffic class.
child-policy-name is the name of the child policy.
Note
Step 12
Router(config-pmap-c)# exit
Step 13
Router(config-pmap)# exit
Step 14
Step 15
15-36
OL-7433-09
Chapter 15
Configuration Example for VC Weighting on a Class Queue Using Bandwidth Remaining Ratio
In the following sample configuration, the vlan10_policy is applied on the subinterface Gigabit
Ethernet 1/0/0.10 and the vlan20_policy is applied on the subinterface Gigabit Ethernet 1/0/0.20. During
congestion on the interface, subinterface GE 1/0/0.20 has 10 times more available bandwidth than
subinterface GE1/0/0.10 because the bandwidth-remaining ratio for subinterface GE 1/0/0.20 is 10 times
more than the bandwidth-remaining ratio for subinterface 1/0/0.10: 100 on subinterface 1/0/0.20 and 10
on subinterface 1/0/0.10.
When congestion occurs within a subinterface level, the class queues receive bandwidth according to the
class-level bandwidth-remaining ratios. In the example, the bandwidth for classes precedence_0,
precedence_1, and precedence_2 is allocated based on the bandwidth-remaining ratios of the classes: 20,
40, and 60, respectively.
policy-map child-policy
class precedence_0
shape average 500000
bandwidth remaining ratio 20 <---- Class-level ratio
class precedence_1
shape average 500000
bandwidth remaining ratio 40 <---- Class-level ratio
class precedence_2
shape average 500000
bandwidth remaining ratio 60 <---- Class-level ratio
!
policy-map vlan10_policy
class class-default
shape average 1000000
bandwidth remaining ratio 10 <---- Subinterface-level ratio
service-policy child-policy
!
policy-map vlan20_policy
class class-default
shape average 1000000
bandwidth remaining ratio 100 <---- Subinterface-level ratio
service-policy child_policy
!
!
interface GigabitEthernet 1/0/0.10
encapsulation dot1q 10
service-policy output vlan10_policy
!
interface GigabitEthernet 1/0/0.20
encapsulation dot1q 20
service-policy output vlan20_policy
15-37
Chapter 15
Configuration Examples
Purpose
Step 1
Step 2
Step 3
Configuration Examples
This section provides the following configuration examples:
Configuration Example for Oversubscribing a Shaped ATM VC and VP, page 15-39
Configuration Example for Configuring the Weight of Multiple VCs, page 15-40
Configuration Example for Setting High and Low Watermark Thresholds, page 15-41
15-38
OL-7433-09
Chapter 15
(The following command sets up the flow bits to optimize latency and per-VC utilization factors. Also sets the system
up for Call Admission Control.)
Router(config-if)# atm over-subscription-factor 10
Router(config-if)# atm sonet stm-4
!
(The following command sets up the permanent virtual path (PVP). This is ALWAYS done at the main interface level.
It is important to note the PVP number as this is used to determine which VCs will be mapped into this PVP. The PVP
number translates to a VPI value at the VC level.)
Router(config-if)# atm pvp 68 1000 no-f4-oam
!
Router(config)# interface atm 5/0/0.68 multipoint
Router(config-subif)# atm pppatm passive
(The following VPI value of 68 ensures that these VCs will be associated with PVP 68.)
Router(config-subif)# range pvc 68/101 68/451
(The following command sets up VTMS scheduling on PXF. Packets are sent down a 512-kbps VC to the SAR
mechanism. Remember this is SHAPING (not policing) the VC. Note that the modular CLI shape command is not
used.)
Router(config-if-atm-range)# vbr-nrt 512 38 150
!
Router(config-if-atm-range)# encapsulation aal5autoppp Virtual-Template1
!
Router(config)# interface Virtual-Template1
Router(config-if)# ip unnumbered Loopback0
Router(config-if)# no ip directed-broadcast
Router(config-if)# no logging event link-status
Router(config-if)# keepalive 120
Router(config-if)# peer default ip address pool adsl
Router(config-if)# ppp authentication chap callin
15-39
Chapter 15
Configuration Examples
15-40
OL-7433-09
Chapter 15
ratio 10
ratio 20
Purpose
Displays the high and low watermarks for the individual PVC
that you specify.
vpi/ is the virtual path identifier. If you do not specify a VPI
value and the slash character (/), the VPI value defaults to 0.
vci is the virtual channel identifier.
15-41
Chapter 15
Command
Purpose
15-42
OL-7433-09
Chapter 15
15-43
Chapter 15
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Documentation
Hierarchical policies
PVC autoprovisioning
15-44
OL-7433-09
CH A P T E R
16
16-1
Chapter 16
An important part of delay is the time it takes to actually place the bits onto an interface, referred to as
serialization delay. We recommend that serialization delay not exceed 20 ms. Serialization delay is
calculated using the following formula:
Serialization Delay = Frame Size (bits) / Link Bandwidth (bps)
As shown in Figure 16-1, a nonreal-time data packet of 1500 bytes takes 214 ms to leave the router over
a 56-kbps link. While waiting for the large data packet to transmit, the router queues real-time packets.
However, real-time traffic cannot tolerate delay. For example, good voice quality requires delay to be
less than 150 ms. By fragmenting the nonreal-time large data packet into smaller frames and interleaving
real-time packets between the fragments, both real-time packets and data frames can be carried together
on low-speed links, without causing excessive delay to the real-time traffic.
Figure 16-1
Before
Voice
Data
214-ms serialization delay
for 1500-byte frame at 56 kbps
Data
Data
Voice
Data
40822
After
The Cisco 10000 series router supports the following types of link fragmentation and interleaving (LFI):
MLP over Serial-based LFIUses the fragmentation and interleaving capability of MLP to
integrate real-time packets (such as voice packets) and nonreal-time packets (such as data transfers)
on the same link while reducing real-time packet latency. MLP defines the mechanisms to fragment,
reassemble, and sequence large datagrams across multiple logical data links. MLP over serial-based
LFI supports up to 10 member links per MLP bundle, one of which is LFI-enabled. You can
terminate the serial links on multiple line cards in the router chassis if all of the links are the same
type, such as T1 or E1. The router supports subrate T1 interfaces as member links. The link speeds
must be the same for all of the links in the bundle.
Single-VC MLP over ATM-based LFIUses the fragmentation and interleaving capability of MLP
to integrate real-time and nonreal-time packets together on the same link. MLP defines the
mechanisms to fragment, reassemble, and sequence large datagrams across multiple logical data
links. MLP uses the fragmentation and packet sequencing specifications defined in RFC 1990 to
implement link fragmentation and interleaving at the bundle level. Single-VC MLP over ATM-based
LFI supports only one member link per MLP bundle and the link is LFI-enabled.
Multi-VC MLP over ATM-based LFIUses the fragmentation and interleaving capability of MLP
to integrate real-time packets and nonreal-time packets on the same link while reducing real-time
packet latency. MLP implements link fragmentation and interleaving at the bundle level. Multi-VC
MLP over ATM-based LFI supports up to 10 member links, one of which is LFI-enabled.
16-2
OL-7433-09
Chapter 16
MLP over Frame Relay-based LFIUses the fragmentation and interleaving capability of MLP to
transport real-time traffic (for example, voice) and nonreal-time traffic (for example, data transfers)
together on low-speed Frame Relay permanent virtual circuits (PVCs) without causing excessive
delay to the real-time traffic. MLP uses the fragmentation and packet sequencing specifications
defined in RFC 1990 to implement link fragmentation and interleaving at the bundle level.
MLP over Frame Relay-based LFI supports only one member link per MLP bundle and the link is
LFI-enabled.
Description
Required PRE
Release 12.0(23)SX
Release 12.0(27)S
Release 12.2(27)SBB
Release 12.2(31)SB2
16-3
Chapter 16
Maximum No.
of Members
Per Bundle
10
1250
2500
1 to 9999
Yes
(Release12.2(28)SB and
Interleaving on 1
later)
member link
1 to 9999 and 65,536 to
2,147,483,647 (Release
12.2(31)SB2 and later)
8192
8192
10
1250
2500
1 to 9999
Yes
(Release12.2(28)SB and
Interleaving on 1
later)
member link
1 to 9999 and 65,536 to
2,147,483,647
(Release 12.2(31)SB2
and later)
2048
2048
FRF.12 Fragmentation
NA
Feature
Note
Multilink Interface
Range
LFI
Supported
Yes
Interleaving on 1
member link
Yes
Interleaving on 1
member link
NA
4096
NA
Yes
The multilink interface ranges described in Table 16-1 require Cisco IOS Release 12.2(28)SB and later
releases. For releases prior to Cisco IOS Release 12.2(28)SB, the valid multilink interface range is
1 to 2,147,483,647.
16-4
OL-7433-09
Chapter 16
Syntax Description
multilink-bundle-number
Description
Release 12.0
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
The range of valid values for multilink interfaces was changed from 1 to
9999 (Release 12.2(28)SB and later) to from 1 to 9999 and 65,536 to
2,147,483,647 for MLP over serial and multi-VC MLP over ATM.
16-5
Chapter 16
For releases prior to Cisco IOS Release 12.2(28)SB, the valid multilink interface range is 1 to
2,147,483,647.
Description
Release 12.0(23)SX
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
16-6
OL-7433-09
Chapter 16
Syntax Description
delay-max
Description
Release 12.0(23)SX
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
16-7
Chapter 16
Description
Release 12.0(23)SX
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
Description
Release 12.0(23)SX
Release 12.2(16)BX
Release 12.2
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
16-8
OL-7433-09
Chapter 16
Description
Release 11.3
Release 12.2
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
16-9
Chapter 16
Syntax Description
group-number
Description
Release 12.0
Release 12.2
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Release 12.2(31)SB2
16-10
OL-7433-09
Chapter 16
Voice
Data
Voice
Without LFI, data can
overwhelm voice
Voice
Data
Data
With LFI, bandwidth
is equitably shared
to reduce voice jitter
132419
Figure 16-2
MLP fragmentation allows large packets to be multilink encapsulated and fragmented into a small
enough size to satisfy the delay requirements of real-time traffic. MLP fragmentation is enabled by
default. To disable fragmentation, use the no ppp multilink fragmentation or ppp multilink fragment
disable command.
Small real-time packets are not multilink encapsulated. MLP interleaving provides a special transmit
queue (priority queue) for delay-sensitive packets to allow the packets to be sent earlier than other packet
flows. Real-time packets remain intact and are sent (interleaved) between the fragments of the larger
packets.
16-11
Chapter 16
The router supports MLP-based fragmentation and interleaving on serial, Frame Relay, and ATM links.
For information on how MLP works and MLP-based LFI, see the following sections:
16-12
OL-7433-09
Chapter 16
MLP Bundle
T1 T1
T1
T1 T1
T1 T1
T1
T1
T1
T1
T1 T1
T1
T1
T1
T1
T1 T1
T1
T1
T1
T1
T1
T1
T1 T1
T1
T1 T1
T1
T1 T1
T1
T1
T1
T1 T1
T1
T1 T1
T1
T1
T1
T1 T1
T1
T1
T1
T1
T1
T1
T1
T1 T1
T1 T1
T1
T1
T1
T1
T1
T1 T1
T1
T1
T1
T1 T1
T1
T1
T1 T1
T1
T1
T1 T1
T1
T1 T1
T1
T1
38545
T1
T1
Description
Required PRE
Release 12.0(23)SX
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
PRE3
For more information, see the Scalability and Performance chapter in the Cisco 10000 Series Router
Broadband Aggregation, Leased-Line, and MPLS Configuration Guide.
16-13
Chapter 16
A multilink bundle can have up to 10 member links. The router supports subrate T1 interfaces as
member links. The link speeds must be the same for all of the links in the bundle.
The router supports a maximum of 1250 bundles per system and a maximum of 2500 member links
per system.
The valid multilink interface values are from 1 to 9999 (Release 12.2(28)SB and later), or from 1 to
9999 and 65,536 to 2,147,483,647 (Release 12.2(31)SB2 and later). For example:
Router(config)# interface multilink 8
Interleaving is supported on one member link. MLP over Serial-based LFI must be enabled on an
interface that has interleaving turned on.
All member links in a MLP bundle must have the same encapsulation type and bandwidth.
Performance is not guaranteed when member links have different bandwidths.
We strongly recommend that you use only strict priority queues when configuring MLP over
Serial-based LFI. For more information, see Chapter 8, Prioritizing Services.
6-port Channelized T3
16-14
OL-7433-09
Chapter 16
Delay-Sensitive, Real-Time PacketsOn transmit, MLP encapsulates the packets as PPP over ATM
(PPPoA) and sends the packets to a special transmit queue to enable the router to transmit the
real-time packets earlier than other packet flows. The router interleaves the real-time packets
between the fragments of the larger, nonreal-time packet over a single point-to-point link to the
remote address. Upon receipt, the receiving fragmentation peer processes the real-time packets as
PPPoA packets.
Delay-Insensitive, Nonreal-Time PacketsOn transmit, MLP fragments the large data packets to a
size small enough to satisfy the delay requirements of real-time traffic. MLP encapsulates the
packets as MLP packets and sends the packets to a transmit queue to enable the router to transmit
the fragments at the same time over multiple point-to-point links to the same remote address. The
receiving fragmentation peer reassembles the fragments to the original packet and then processes it
as Point-to-Point Protocol over ATM (PPPoA). The underlying PPP encapsulation conforms to
RFC 1661. All outbound MLP packets with a payload larger than the specified fragment size are
fragmented. The minimum fragment size depends on the AAL5 encapsulation type and whether or
not protocol compression is enabled (see Table 16-2 on page 16-15).
When configuring single-VC MLP over ATM-based LFI, you must configure a virtual template interface
for the MLP bundle. However, the virtual template does not need to be unique for each bundlemultiple
MLP bundles can share the same virtual template.
For more information about MLP, see the Multilink PPP-Based Link Fragmentation and Interleaving
section on page 16-11 and the Cisco 10000 Series Router Broadband Aggregation, Leased-Line, and
MPLS Configuration Guide.
Description
Required PRE
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
PRE3
Protocol Compression
AAL5 MUX
OFF
82 Bytes
AAL5 SNAP
OFF
78 Bytes
AAL5 Cisco
OFF
80 Bytes
AAL5 MUX
ON
83 Bytes
AAL5 SNAP
ON
79 Bytes
AAL5 Cisco
ON
81 Bytes
16-15
Chapter 16
Calculate the nominal fragment size (link weight) by using the following formula:
(Link Bandwidth * Fragment-Delay) / 8
Step 2
Determine the number of whole ATM cells the nominal fragment size represents.
If the number of ATM cells is less than two, then use two ATM cells in Step 3. The minimum number of
ATM cells you can have is 2.
Step 3
Calculate the total bytes per fragment, including the MLP header bytes and AAL5 trailer bytes, by
multiplying the number of ATM cells you calculated in Step 2 by 48:
Number of Cells * 48
Step 4
Table 16-3 lists the number of bytes in the MLP header, depending on the AAL5 encapsulation type and
whether or not protocol compression is used.
Table 16-3
AAL5 Encapsulation
Type
Protocol
Compression
AAL5 MUX
OFF
6 Bytes
8 Bytes
AAL5 SNAP
OFF
10 Bytes
8 Bytes
AAL5 Cisco
OFF
8 Bytes
8 Bytes
AAL5 MUX
ON
5 Bytes
8 Bytes
AAL5 SNAP
ON
9 Bytes
8 Bytes
AAL5 Cisco
ON
7 Bytes
8 Bytes
16-16
OL-7433-09
Chapter 16
Transmit Processing
The purpose of MLP over ATM-based LFI transmit processing is to fragment large nonreal-time
delay-insensitive packets and interleave smaller real-time delay-sensitive packets between the
fragments. Each MLP bundle has multiple transmit packet queues. MLP does not interleave packet
fragments from different packet queues associated with a given MLP bundle. Instead, MLP transmits all
of the fragments associated with a nonreal-time packet in order before transmitting fragments from
another nonreal-time packet. MLP posts all of the packets from the various nonreal-time packet queues
to a single bundle first-in first-out (FIFO) queue. It is from this single bundle queue that MLP does the
following:
Real-time traffic, such as voice, are queued intact to a priority (low-latency) queue. It is from this queue
that MLP transmits the real-time packets and interleaves them between the nonreal-time fragments.
Because real-time packets are not MLP encapsulated or fragmented, MLP can safely interleave these
packets as needed. Traffic transmitted from the priority queue takes precedence over the MLP
encapsulated traffic that is transmitted from the related bundle queue.
Figure 16-4 shows an example of the packet flow of real-time and nonreal-time packets.
Figure 16-4
Delay Insensitive
Packet Queues
Bundle FIFO
Queue
Delay Sensitive
Packet Queues
132278
Link
Receive Processing
The purpose of MLP over ATM-based LFI receive processing is to reassemble MLP over ATM
encapsulated packet fragments into PPP over ATM packets. During receive processing, the fragments
that arrive out of order and the packets with missing fragments are discarded. Valid fragments are merged
in memory until the entire packet is reassembled.
16-17
Chapter 16
Configure the following commands and recommended values on the virtual template interface:
ppp max-configure 110
ppp max-failure 100
ppp timeout retry 5
keepalive 30
Configure the hold-queue command in interface configuration mode for all physical interfaces,
except when configuring the ATM OC-12 line card. The OC-12 does not require the hold-queue
command.
For more information, see the Scalability and Performance chapter in the Cisco 10000 Series Router
Broadband Aggregation, Leased-Line, and MPLS Configuration Guide.
Single-VC MLP over ATM member links are restricted to non-aggregated PVCs (for example,
variable bit rate-nonreal-time (VBR-nrt) and constant bit rate (CBR) ATM traffic classes only).
The multilink interface can have only one PPP link that is between 64 and 2048 kbps. The router
supports a maximum of one member link per bundle.
The router supports a maximum of 8192 bundles per system and a maximum of 8192 member links
per system.
Associating MLP over ATM VCs with ATM virtual paths (VPs) is discouraged, though not
prevented.
Cisco IOS software supports a maximum of 4096 total virtual template interfaces.
We strongly recommend that you use only strict priority queues when configuring MLP over
ATM-based LFI. For more information, see Chapter 8, Prioritizing Services.
16-18
OL-7433-09
Chapter 16
Description
Required PRE
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
PRE3
16-19
Chapter 16
Configure the following commands and recommended values on the virtual template interface:
ppp max-configure 110
ppp max-failure 100
ppp timeout retry 5
keepalive 30
Configure the hold-queue command in interface configuration mode for all physical interfaces,
except when configuring the ATM OC-12 line card. The OC-12 does not require the hold-queue
command.
For more information, see the Scalability and Performance chapter in the Cisco 10000 Series Router
Broadband Aggregation, Leased-Line, and MPLS Configuration Guide.
Multi-VC MLP over ATM member links are restricted to non-aggregated PVCs (for example,
variable bit rate-nonreal-time (VBR-nrt) and constant bit rate (CBR) ATM traffic classes only).
The router supports a maximum of 10 member links (ATM PVCs) per bundle.
The router supports a maximum of 1250 bundles per system and a maximum of 2500 member links
per system.
For Cisco IOS Release 12.2(28)SB and later releases, the valid multilink interface values are from
1 to 9999. For Cisco IOS Release 12.2(31)SB2 and later releases, valid values are from 1 to 9999
and 65,536 to 2,147,483,647.
All member links in a MLP bundle must have the same encapsulation type and bandwidth.
Performance is not guaranteed when member links have different bandwidths.
Associating MLP over ATM VCs with ATM virtual paths (VPs) is discouraged, though not
prevented.
Cisco IOS software supports a maximum of 4096 total virtual template interfaces.
We strongly recommend that you use only strict priority queues when configuring Multi-VC MLP
over ATM-based LFI. For more information, see Chapter 8, Prioritizing Services.
16-20
OL-7433-09
Chapter 16
Description
Required PRE
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
PRE3
16-21
Chapter 16
Transmit Processing
The purpose of MLP over Frame Relay-based LFI transmit processing is to fragment large nonreal-time
delay-insensitive packets and interleave smaller real-time delay-sensitive packets between the
fragments. Each MLP bundle has multiple transmit packet queues. MLP does not interleave packet
fragments from different packet queues associated with a given MLP bundle. Instead, MLP transmits all
of the fragments associated with a nonreal-time packet in order before transmitting fragments from
another nonreal-time packet. MLP posts all of the packets from the various nonreal-time packet queues
to a single bundle first-in first-out (FIFO) queue.
It is from this single bundle queue that MLP does the following:
Real-time traffic, such as voice, are queued intact to a priority (low-latency) queue. It is from this queue
that MLP transmits the real-time packets and interleaves them between the nonreal-time fragments.
Because real-time packets are not MLP encapsulated or fragmented, MLP can safely interleave these
packets as needed. Traffic transmitted from the priority queue takes precedence over the MLP
encapsulated traffic that is transmitted from the related bundle queue.
Figure 16-4 shows an example of the packet flow of real-time and nonreal-time packets.
Figure 16-5
Delay Insensitive
Packet Queues
Bundle FIFO
Queue
Delay Sensitive
Packet Queues
132278
Link
Receive Processing
The purpose of MLP over Frame Relay-based LFI receive processing is to reassemble MLP over Frame
Relay encapsulated packet fragments into PPP over ATM packets. During receive processing, the
fragments that arrive out of order and the packets with missing fragments are discarded. Valid fragments
are merged in memory until the entire packet is reassembled.
16-22
OL-7433-09
Chapter 16
Calculate the nominal fragment size (link weight) by using the following formula:
(Link Bandwidth * Fragment-Delay) / 8
Step 2
Subtract the Frame Relay encapsulation bytes and the MLP header bytes by using the following formula:
Nominal Fragment Size (Frame Relay Encap. Bytes + MLP Header Bytes + Cells Checksum)
where:
Frame Relay Encapsulation Bytes is 4.
MLP Header Bytes is 4.
Cells Checksum is 2.
Step 3
For MLP over Frame Relay-based LFI, the minimum fragment size is 56, calculated as follows:
(MLP Min. Weight) (PPP Encapsulation Bytes) (MLP Header Bytes) = Min. Fragment Size
where:
MLP Minimum Weight is 64
PPP Encapsulation Bytes is 4.
MLP Header Bytes is 4.
Configure the following commands and recommended values on the virtual template interface:
ppp max-configure 110
ppp max-failure 100
ppp timeout retry 5
keepalive 30
Configure the hold-queue command in interface configuration mode for all Frame Relay physical
interfaces.
For more information, see the Performance and Scalability chapter in the Cisco 10000 Series Router
Broadband Aggregation, Leased-Line, and MPLS Configuration Guide.
16-23
Chapter 16
The router supports a maximum of one member link per bundle. The member link can be up to
2048 kbps.
The router supports a maximum of 2048 bundles per system and a maximum of 2048 member links
per system.
Interface fragmentation and Frame Relay traffic shaping cannot be configured at the same time on
an interface. Do not configure the frame-relay traffic-shaping command on an interface with
Frame Relay interface fragmentation configured.
The frame-relay fair-dlci queuing command cannot be configured on an interface with Frame
Relay interface fragmentation configured. To specify QoS on LFI-enabled interfaces, use service
policies (see Chapter 13, Defining QoS for Multiple Policy Levels).
Cisco IOS software supports a maximum of 4096 total virtual template interfaces.
We strongly recommend that you use only strict priority queues when configuring MLP over Frame
Relay-based LFI. For more information, see Chapter 8, Prioritizing Services.
LFI Type
MLP Bundle
Member Links
Virtual Template
Service Policy
Required
Required
Not Required
Not Required
Required
Required
Required
Required1
Required
Required
Required
Required
Required
Required
Required
Required2
1. A service policy with a priority queue defined must be attached to the multilink interface. The VC does not require a service
policy.
2. A service policy with the shape command defined must be attached to the VC. A service policy with a priority queue defined
must be attached to the multilink interface.
16-24
OL-7433-09
Chapter 16
To configure MLP-based fragmentation and interleaving, perform the following configuration tasks:
Configuring a Shaping Policy for MLP Over Frame Relay-Based LFI, page 16-29
Configuring a Shaping Policy for MLP Over Frame Relay-Based LFI, page 16-29
Step 1
Command
Purpose
releases)
1 to 9999 and 65,536 to 2,147,483,647 (Cisco IOS
releases)
1 to 9999 and 65,536 to 2,147,483,647 (Cisco IOS
Note
Step 2
16-25
Chapter 16
Step 3
Command
Purpose
Step 4
Step 6
Step 7
Step 8
16-26
OL-7433-09
Chapter 16
Step 1
Command
Purpose
Step 2
Step 3
16-27
Chapter 16
Step 4
Command
Purpose
Step 5
Step 6
Router(config-if)# no ip address
Removes an IP address.
Step 7
Step 8
16-28
OL-7433-09
Chapter 16
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Step 3
Step 1
Command
Purpose
Step 2
16-29
Chapter 16
Step 3
Command
Purpose
Step 4
Step 5
Router(config-if)# no ip address
Step 6
Step 7
Purpose
Step 1
Step 2
Step 3
16-30
OL-7433-09
Chapter 16
Step 4
Command
Purpose
Step 5
Router(config-subif)# no ip address
Step 6
Step 7
Step 8
Router(config-if-atm-vc)# encapsulation
{aal5mux ppp virtual-template number |
aal5ciscoppp virtual-template number |
aal5snap}
16-31
Chapter 16
Step 9
Command
Purpose
Step 10
releases)
1 to 9999 and 65,536 to 2,147,483,647 (Cisco IOS
16-32
OL-7433-09
Chapter 16
Purpose
Step 1
Step 2
Step 3
16-33
Chapter 16
Step 4
Command
Purpose
Step 5
Step 6
Router(config-subif)# frame-relay
interface-dlci dlci ppp virtual-template-name
Step 7
16-34
OL-7433-09
Chapter 16
Purpose
Step 1
Step 2
16-35
Chapter 16
Step 3
Command
Purpose
releases)
1 to 9999 and 65,536 to 2,147,483,647 (Cisco IOS
releases)
1 to 9999 and 65,536 to 2,147,483,647 (Cisco IOS
Purpose
Step 1
Specifies the member link that you want to remove from the MLP
bundle. Enters interface configuration mode.
Step 2
Step 3
Step 4
16-36
OL-7433-09
Chapter 16
FRF.12 Fragmentation
FRF.12 Fragmentation uses Frame Relay Forum FRF.12-based fragmentation on Frame Relay
permanent virtual circuits (PVCs) to allow long, nonreal-time data packets to be broken into smaller
frames and shorter real-time packets to be interleaved between the fragments. In this way, real-time and
nonreal-time packets can be carried together on low-speed links without causing excessive delay to the
real-time traffic. The real-time packets remain intact and are less likely to experience long queuing
delays.
FRF.12 fragmentation is defined by the FRF.12 Implementation Agreement. The router implements the
end-to-end application of the FRF.12 standard. This application specifies fragmentation between two
Frame Relay data terminal equipment (DTE) devices that are interconnected by one or more Frame
Relay networks.
The following describes how FRF.12 mechanisms fragment and reassemble packets:
Real-Time TransmitThe DTE encapsulates real-time packets as Frame Relay packets and
interleaves the real-time packets between the nonreal-time fragments.
Real-Time ReceiveBecause real-time packets are whole packets and not fragments, reassembly is
not required. Instead, the receiving DTE simply processes and forwards the Frame Relay packets.
FRF.12 fragmentation transmits in order all fragments associated with a nonreal-time packet before
transmitting fragments from another nonreal-time packet associated with the same PVC. When
fragments arrive out of order, the receiving DTE detects and discards any packets that are missing
fragments.
Figure 16-6 shows an example configuration of end-to-end fragmentation. When FRF.12 fragmentation
is used between two peer DTEs, the fragmentation procedure is transparent to the Frame Relay networks
between the transmitting and receiving DTEs.
Figure 16-6
Frame Relay
DTE
Cisco 10008
Router
DLCI 100
Frame Relay
Network
Frame Relay
DCE
Frame Relay
DTE
DLCI 100
DCE
Interface
DCE
Interface
132277
Fragmentation Peers
You can configure FRF.12 Fragmentation at the PVC or interface level. For more information, see the
PVC-Based FRF.12 Fragmentation section on page 16-40 and the Interface-Based FRF.12
Fragmentation section on page 16-40.
16-37
Chapter 16
FRF.12 Fragmentation
Description
Required PRE
Release 12.0(23)SX
PRE1
Release 12.0(27)S
PRE1
Release 12.2(27)SBB
PRE2
Release 12.2(31)SB2
PRE3
When traffic is stopped, you can remove and re-attach service policies using Example 16-6 and
Example 16-7.
Example 16-6 Removing and Re-attaching the Service Policy
int mfr2001.1
no service-policy out mfr1
int mfr2001.1
service-policy out mfr1
Example 16-7 Remove the Service Policy Before Removing the Map-Class.
int mfr2001.1
no service-policy out mfr1
no frame-relay class mfr
int mfr2001.1
frame-relay class mfr
service-policy out mfr1
16-38
OL-7433-09
Chapter 16
LFI Enabled
Interface
Subinterface
DLCI
DLCI only
Fragmentation is enabled only when a hierarchical service policy is attached. The hierarchical service
policy you define must identify and allocate queues for real-time (priority) traffic and nonreal-time
traffic.
Example 16-8 creates a serial T1 interface and defines a service policy for both real-time and
nonreal-time traffic. You can create the T1 interface under any higher level channelized interface that
supports T1 tributaries or the T1/E1 line card interface. In the example, the child policy map named
policy_12_p0 defines QoS actions for three traffic classes: prec_q0 for priority traffic, prec_q1 for
non-priority traffic, and prec_q2 for non-priority traffic. The parent policy map named policy_13 shapes
traffic for all of the traffic classes to 256 kbps. The service-policy command is used to apply the child
policy to the parent policy. When applying the service policy to an interface, subinterface, or DLCI, use
the service-policy command and specify the output keyword for FRF.12 Fragmentation.
Example 16-8 Defining a Hierarchical Service Policy
Router(config)# t1 1 channel-group 1 timeslot 1-24 speed 56
!
Router(config)# class-map match-all prec_q2
Router(config-cmap)# match ip precedence 2
Router(config-cmap)# class-map match-all prec_q0
Router(config-cmap)# match ip precedence 0
Router(config-cmap)# class-map match-all prec_q1
Router(config-cmap)# match ip precedence 1
!
Router(config)# policy-map policy_12_p0
Router(config-pmap)# class prec_q0
Router(config-pmap-c)# priority
Router(config-pmap-c)# police 64000
Router(config-pmap-c)# class prec_q1
Router(config-pmap-c)# bandwidth percent 39
Router(config-pmap-c)# class prec_q2
Router(config-pmap-c)# bandwidth percent 4
!
Router(config)# policy-map policy_13
16-39
Chapter 16
FRF.12 Fragmentation
For more information, see the Configuring Interface-Based FRF.12 Fragmentation section on
page 16-57 and Chapter 13, Defining QoS for Multiple Policy Levels.
16-40
OL-7433-09
Chapter 16
Syntax Description
fragment_size
Specifies the number of payload bytes from the original Frame Relay frame
that go into each fragment. This number excludes the Frame Relay header
of the original frame. Valid values are from 16 to 1600 bytes. However, the
minimum supported fragment size is 44 bytes. The default is 53 bytes.
Description
Release 12.0(23)SX
Release 12.2(27)SBB
Release 12.2(31)SB2
Syntax Description
fragment_size
Specifies the number of payload bytes from the original Frame Relay frame
that go into each fragment. This number excludes the Frame Relay header
of the original frame. Valid values are from 16 to 1600 bytes. There is no
default fragment size.
Note
16-41
Chapter 16
FRF.12 Fragmentation
Description
Release 12.0(27)S
Release 12.2(27)SBB
Release 12.2(31)SB2
A hierarchical service policy must be configured and applied to a Frame Relay interface,
subinterface, or DLCI either directly using the service-policy command or using a map class. For
more information, see the FRF.12 Fragmentation and Hierarchical Policies section on page 16-39.
The router must be running Cisco IOS Release 12.0(27)S or Release 12.2(27)SBB, or later releases,
and the appropriate processor card must be installed in the router chassis. Cisco IOS
Release 12.0(27)S and later releases require the PRE1 processor card. Cisco IOS Release 12.2SBB
and later releases require the PRE2.
Frame Relay traffic shaping must be disabled on the interface for PVC-based and interface-based
fragmentation.
Note
The PRE2 does not support Frame Relay traffic shaping. However, for FRF.12 to function
properly, a service policy that shapes traffic is required.
16-42
OL-7433-09
Chapter 16
Note
The Cisco 10000 series router does not require that you configure priority (low-latency) queuing to use
interface-based fragmentation. However, the purpose of LFI is to reduce delay for priority traffic;
therefore, the benefit of LFI is realized when you do configure priority queuing. The class of
delay-sensitive traffic is mapped through a service policy to the priority queue.
The show frame-relay fragment command does not provide information about the number of
fragments received, dropped, and transmitted.
The show frame-relay fragment interface command does not provide information about the
number of:
Fragmented packets and bytes received
Packets dropped while being reassembled
Received packets in timeouts
Interleaved packets transmitted
Fragmented packets and bytes transmitted
Fragmented packets dropped when transmitted
We strongly recommend that you use only strict priority queues when configuring PVC-based
FRF.12 fragmentation. For more information, see Chapter 8, Prioritizing Services.
Interface-Based Fragmentation
The rate of the interface or subinterface must be between 64 and 2048 kbps.
Interface fragmentation and Frame Relay traffic shaping cannot be configured at the same time on
an interface. Do not configure the frame-relay traffic-shaping command on an interface with
Frame Relay interface fragmentation configured.
The frame-relay fair-dlci queuing command cannot be configured on an interface with Frame
Relay interface fragmentation configured. To specify QoS on FRF.12-enabled interfaces, use service
policies (see Chapter 13, Defining QoS for Multiple Policy Levels.).
We strongly recommend that you use only strict priority queues when configuring interface-based
FRF.12 fragmentation. For more information, see Chapter 8, Prioritizing Services.
16-43
Chapter 16
FRF.12 Fragmentation
Purpose
Step 1
Step 2
Step 3
Router(config-map-c)# service-policy
{input | output} policy-map-name
Router(config-map-c)# no frame-relay
adaptive-shaping
16-44
OL-7433-09
Chapter 16
Attaching a Map Class to a Frame Relay Interface and a Service Policy to a Subinterface, page 16-50
Purpose
Step 1
Step 2
Step 3
Router(config-if)# no ip address
Step 4
Router(config-if)# no ip
directed-broadcast
Step 5
Router(config-if)# encapsulation
frame-relay [ietf | cisco]
Step 6
16-45
Chapter 16
FRF.12 Fragmentation
Step 7
Command
Purpose
Step 8
Step 9
Router(config-subif)# no ip
directed-broadcast
Step 10
Step 11
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
16-46
OL-7433-09
Chapter 16
Configuration Examples for Attaching a Map Class to a Frame Relay Interface and Subinterface
Example 16-9 shows how to attach a map class with fragmentation enabled to a Frame Relay interface.
In the example, fragmentation is enabled in the map class named lfi_map_class and the fragment size is
set at 300 bytes. The QoS service policy named policy_13 is also applied to the map class for outbound
traffic. The map class is applied to the serial interface 5/0/0/1:0, which has two subinterfaces configured.
Serial subinterface 5/0/0/1:0.1 has DLCI 17 and subinterface 5/0/0/1:0.2 has DLCI 18. Because the map
class with fragmentation enabled is applied to the main interface, traffic on DLCI 17 and DLCI 18 is
subject to fragmentation and interleaving.
Example 16-9 Attaching a Map Class to a Frame Relay Interface
Router(config)# map-class frame-relay lfi_map_class
Router(config-map-c)# frame-relay fragment 300
Router(config-map-c)# service-policy output policy_13
Router(config-map-c)# no frame-relay adaptive-shaping
!
Router(config)# interface serial 5/0/0/1:0
Router(config-if)# hold-queue 4096 in
Router(config-if)# no ip address
Router(config-if)# no ip directed-broadcast
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay class lfi_map_class
!
Router(config)# interface serial 5/0/0/1:0.1 point-to-point
Router(config-subif)# ip address 192.168.1.1 255.255.255.0
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# frame-relay interface-dlci 17
!
Router(config)# interface serial 5/0/0/1:0.2 point-to-point
Router(config-subif)# ip address 192.168.2.1 255.255.255.0
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# frame-relay interface-dlci 18
Example 16-10 shows how to attach a map class with fragmentation enabled to a subinterface. In the
example, fragmentation is enabled in the map class named lfi_map_class and the fragment size is set at
300 bytes. The QoS service policy named policy_13 is also applied to the map class for outbound traffic.
The map class is applied to the serial subinterface 5/0/0/1:0.1 on which DLCI 17 is configured.
Therefore, Frame Relay traffic on DLCI 17 is subject to fragmentation and interleaving. Because the
lfi_map_class is also attached to serial subinterface 5/0/0/1:0.2, traffic on DLCI 18 is also subject to
fragmentation and interleaving.
Note
If the configuration example specified to apply another map class to subinterface 5/0/0/1:0.2, and that
map class did not enable fragmentation, then DLCI 18 traffic would not be subject to LFIonly
DLCI 17 traffic would be fragmented and interleaved.
Example 16-10 Attaching a Map Class to a Frame Relay Subinterface
Router(config)# map-class frame-relay lfi_map_class
Router(config-map-c)# service-policy output policy_13
Router(config-map-c)# frame-relay fragment 300
Router(config-map-c)# no frame-relay adaptive-shaping
!
Router(config)# interface serial 5/0/0/1:0
Router(config-if)# hold-queue 4096 in
Router(config-if)# no ip address
Router(config-if)# no ip directed-broadcast
16-47
Chapter 16
FRF.12 Fragmentation
Purpose
Step 1
Step 2
Step 3
Router(config-if)# no ip address
Step 4
Router(config-if)# no ip
directed-broadcast
Step 5
Router(config-if)# encapsulation
frame-relay [ietf | cisco]
Step 6
16-48
OL-7433-09
Chapter 16
Step 7
Command
Purpose
Step 8
Router(config-subif)# no ip
directed-broadcast
Step 9
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
Step 10
16-49
Chapter 16
FRF.12 Fragmentation
Attaching a Map Class to a Frame Relay Interface and a Service Policy to a Subinterface
To attach a map class to a Frame Relay interface and a service policy to a subinterface, enter the
following commands beginning in global configuration mode:
Command
Purpose
Step 1
Step 2
Step 3
Router(config-if)# no ip address
Step 4
Router(config-if)# no ip
directed-broadcast
Step 5
Router(config-if)# encapsulation
frame-relay [ietf | cisco]
Step 6
Step 7
16-50
OL-7433-09
Chapter 16
Step 8
Command
Purpose
Step 9
Router(config-subif)# no ip
directed-broadcast
Step 10
Router(config-subif)# service-policy
{input | output} policy-map-name
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
Configuration Example for Attaching a Map Class to a Frame Relay Interface and a Service Policy to a DLCI
Example 16-12 shows how to attach a map class with fragmentation enabled to a Frame Relay interface
and attach a service policy to a DLCI. In the example, fragmentation is enabled in the map class named
lfi_map_class and the fragment size is set at 300 bytes. The map class is applied to the serial
interface 5/0/0/1:0, which has two subinterfaces configured. DLCI 17 is configured on
subinterface 5/0/0/1:0.1 and DLCI 18 is configured on subinterface 5/0/0/1:0.2. Because the map class
with fragmentation enabled is applied to the main interface, all of the traffic on the main interface, the
two subinterfaces, and the DLCIs is fragmented. However, because the service policy is applied directly
on DLCI 17 and DLCI 18, only the traffic on those DLCIs is subject to the QoS actions defined in the
service policy.
16-51
Chapter 16
FRF.12 Fragmentation
Example 16-12 Attaching a Map Class to a Frame Relay Interface and a Service Policy to a DLCI
Router(config)# map-class frame-relay lfi_map_class_one
Router(config-map-c)# frame-relay fragment 300
Router(config-map-c)# no frame-relay adaptive-shaping
!
Router(config)# interface serial 5/0/0/1:0
Router(config-if)# hold-queue 4096 in
Router(config-if)# no ip address
Router(config-if)# no ip directed-broadcast
Router(config-if)# encapsulation frame-relay
Router(config-if)# frame-relay class lfi_map_class
!
Router(config)# interface serial 5/0/0/1:0.1 point-to-point
Router(config-subif)# ip address 192.168.1.1 255.255.255.0
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# frame-relay interface-dlci 17
Router(config-fr-dlci)# service-policy output policy_13
!
Router(config)# interface serial 5/0/0/1:0.2 point-to-point
Router(config-subif)# ip address 192.168.2.1 255.255.255.0
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# frame-relay interface-dlci 18
Router(config-fr-dlci)# service-policy output policy_13
Purpose
Step 1
Router(config)# policy-map
policy-map-name
Step 2
16-52
OL-7433-09
Chapter 16
Step 3
Command
Purpose
Router(config-pmap-c)# priority
Step 4
or
Purpose
Step 1
Router(config)# policy-map
policy-map-name
Step 2
16-53
Chapter 16
FRF.12 Fragmentation
Step 3
Command
Purpose
Step 4
Router(config-pmap-c)# service-policy
policy-map-name
Purpose
Step 1
Step 2
Router(config-map-c)# service-policy
{input | output} policy-map-name
Router(config-map-c)# frame-relay
fragment fragment_size
16-54
OL-7433-09
Chapter 16
Purpose
Step 1
Step 2
Step 3
Router(config-if)# no ip address
Step 4
Router(config-if)# no ip directed
broadcast
Step 5
Router(config-if)# encapsulation
frame-relay [ietf | cisco]
Step 6
16-55
Chapter 16
FRF.12 Fragmentation
Step 7
Command
Purpose
Router(config-subif)# frame-relay
interface-dlci dlci [ietf | cisco]
Step 8
Configuration Example for Configuring a Hierarchical Policy and PVC-Based FRF.12 Fragmentation
Example 16-13 shows how use a hierarchical policy when fragmenting packets on a Frame Relay DLCI.
In the example, access control lists (ACLs) 101 and 102 are defined and used as match criteria in two
class maps to classify traffic. The child policy map named qos_pq_cbwfq_0 defines the traffic class
named acl_101 as priority traffic and polices the traffic at 10 percent of the parent shape rate. The traffic
class named acl_102 requests 30 percent of the bandwidth. The parent policy map named outer_policy
shapes traffic at 768 kbps. The child policy is applied to the parent class-default class. The parent policy
is applied to the map class named PQ_FR_CLASS_0. This map class sets the fragment size at 768 bytes.
The map class is applied to DLCI 27 on serial interface 5/0/0/1:0.1.
Example 16-13 Configuring a Hierarchical Policy and PVC-Based FRF.12 Fragmentation
Router(config)# access-list 101 permit udp any eq 16384 any eq 16384
Router(config)# access-list 102 permit udp any eq 3000 any eq 3000
Router(config)# class-map match-all acl_101
Router(config-cmap)# match access-group 101
Router(config-cmap)# class-map match-all acl_102
Router(config-cmap)# match access-group 102
!
Router(config)# policy-map qos_pq_cbwfq_0
Router(config-pmap)# class acl_101
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 10
Router(config-pmap-c)# class acl_102
Router(config-pmap-c)# bandwidth percent 30
!
Router(config-pmap)# policy-map outer_policy
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 768
Router(config-pmap-c)# service-policy qos_pq_cbwfq_0
!
Router(config)# map-class frame-relay PQ_FR_CLASS_0
16-56
OL-7433-09
Chapter 16
Purpose
Step 1
Step 2
Step 3
Router(config-if)# no ip address
Step 4
Router(config-if)# no ip directed
broadcast
Step 5
Router(config-if)# encapsulation
frame-relay [ietf | cisco]
16-57
Chapter 16
FRF.12 Fragmentation
Step 6
Command
Purpose
Step 7
16-58
OL-7433-09
Chapter 16
Configuration Example for Single-VC MLP Over ATM-Based LFI, page 16-60
Configuration Example for Multi-VC MLP Over ATM-Based LFI, page 16-61
16-59
Chapter 16
Router(config-subif)# no fair-queue
Router(config-subif)# no keepalive
Router(config-subif)# ppp chap hostname group2
Router(config-subif)# ppp multilink
Router(config-subif)# ppp multilink group 2
!
Router(config)# interface serial 8/0/0.2/8:0
Router(config-subif)# no ip address
Router(config-subif)# encapsulation ppp
Router(config-subif)# load-interval 30
Router(config-subif)# no fair-queue
Router(config-subif)# no keepalive
Router(config-subif)# ppp chap hostname group2
Router(config-subif)# ppp multilink
Router(config-subif)# ppp multilink group 2
!
Router(config)# interface serial 8/0/0.2/9:0
Router(config-subif)# no ip address
Router(config-subif)# encapsulation ppp
Router(config-subif)# load-interval 30
Router(config-subif)# no fair-queue
Router(config-subif)# no keepalive
Router(config-subif)# ppp chap hostname group2
Router(config-subif)# ppp multilink
Router(config-subif)# ppp multilink group 2
16-60
OL-7433-09
Chapter 16
16-61
Chapter 16
16-62
OL-7433-09
Chapter 16
Example 16-20 shows how to use a map class to configure FRF.12 Fragmentation and attach the map
class to a subinterface. In the example, the fragmentation is enabled on the map class named lfi-class1
and the map class is attached to serial subinterface 5/0/0/1:0.1. The QoS service policy named Business
is also attached to subinterface 5/0/0/1:0.1. In this configuration, all of the traffic on
subinterface 5/0/0/1:0.1 and all of the DLCIs configured on the subinterface are subject to fragmentation
and interleaving.
Example 16-20 Configuring PVC-Based FRF.12 Fragmentation on a Subinterface Using a Map Class
Router(config)# map-class frame-relay lfi-class1
Router(config-map-c)# frame-relay fragment 300
Router(config-map-c)# no frame-relay adaptive-shaping
!
Router(config)# interface serial 5/0/0/1:0
Router(config-if)# hold-queue 4096 in
Router(config-if)# no ip address
Router(config-if)# no ip directed-broadcast
Router(config-if)# encapsulation frame-relay
!
Router(config)# interface serial 5/0/0/1:0.1 point-to-point
Router(config-subif)# ip address 192.168.10.1 255.255.255.0
16-63
Chapter 16
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# service-policy Business
Router(config-subif)# frame-relay class lfi-class1
Router(config-subif)# frame-relay interface-dlci 101
!
Router(config)# interface serial 5/0/0/1:0.2 point-to-point
Router(config-subif)# ip address 192.168.10.2 255.255.255.0
Router(config-subif)# no ip directed-broadcast
Router(config-subif)# frame-relay interface-dlci 102
Example 16-21 shows how to use a map class to configure FRF.12 Fragmentation and attach the map
class to a Frame Relay DLCI. In the example, fragmentation is enabled in the Frame Relay map class
named Voice and the fragment size is set at 320 bytes. The Voice map class also enables priority queuing.
The policy map named Business is also applied to the Voice map class. The map class is attached to
DLCI 20 configured on the point-to-point serial subinterface 7/0/0/1:0.1.
Example 16-21 Configuring PVC-Based FRF.12 Fragmentation on a DLCI Using a Map Class
Router(config)# map-class frame-relay Voice
Router(config-map-c)# frame-relay fragment 320
Router(config-map-c)# frame-relay ip rtp priority 16384 16383 25
Router(config-map-c)# service-policy output Business
Router(config-map-c)# exit
Router(config)# interface serial 7/0/0/1:0
Router(config-if)# hold-queue 4096 in
Router(config-if)# no ip address
Router(config-if)# encapsulation frame-relay ietf
Router(config-if)# frame-relay intf-type dce
Router(config-if)# interface serial 7/0/0/1:0.1 point-to-point
Router(config-subif)# ip address 10.32.0.1 255.255.255.0
Router(config-subif)# frame-relay interface-dlci 20
Router(config-fr-dlci)# frame-relay class Voice
16-64
OL-7433-09
Chapter 16
Received fragments and bytes dropped due to excessive size of coalesced packets, out-of-sequence
arrival, duplicate sequence numbers, unexpected begin fragment, or arrival without a begin fragment
The PRE1 counts only output fragments while the PRE2 counts both fragments and packets.
To verify and monitor the configuration of link fragmentation and interleaving, enter the following
commands in privileged EXEC mode:
Command
Purpose
16-65
Chapter 16
Command
Purpose
Note
16-66
OL-7433-09
Chapter 16
Command
Purpose
Displays bundle information for all of the MLP bundles and their
PPP links configured on the router.
If you specify bundle-interface, the command displays
information for only that specific bundle.
(Optional) bundle-interface specifies the multilink interface (for
example, Multilink 5).
16-67
Chapter 16
Example 16-25 shows sample output from the show frame-relay fragment command when a specific
interface is specified. The output displays fragmentation information for only the specified subinterface
and DLCI (serial subinterface 3/0/0.1/1:0.1, DLCI 109).
Example 16-25 show frame-relay fragment Command Sample OutputSpecific Subinterface and DLCI
Router# show frame-relay fragment interface serial 3/0/0.1/1:0.1 109
fragment size 300 fragment type end-to-end
in fragmented pkts 0 out fragmented pkts 1320
in fragmented bytes 0 out fragmented bytes 331760
in un-fragmented pkts 0 out un-fragmented pkts 0
in un-fragmented bytes 0 out un-fragmented bytes 0
in assembled pkts 0 out pre-fragmented pkts 0
in assembled bytes 0 out pre-fragmented bytes 0
in dropped reassembling pkts 0 out dropped fragmenting pkts 0
in DE fragmented pkts 0 out DE fragmented pkts 0
in DE un-fragmented pkts 0 out DE un-fragmented pkts 0
in timeouts 0
in out-of-sequence fragments 0
in fragments with unexpected B bit set 0
in fragments with skipped sequence
16-68
OL-7433-09
Chapter 16
Example 16-26 shows sample output from the debug frame-relay fragment command for the specified
interface and DLCI (serial interface 0/0, DLCI 109).
Example 16-26 debug frame-relay fragment Command Sample OutputSpecific Interface and DLCI
Router# debug frame-relay fragment interface serial 0/0 109
This may severely impact network performance.
You are advised to enable 'no logging console debug'. Continue?[confirm]
Frame Relay fragment/packet debugging is on
Displaying fragments/packets on interface Serial0/0 dlci 109 only
Serial0/0(i): dlci 109, rx-seq-num 126, exp_seq-num 126, BE bits set, frag_hdr 04 C0 7E
Serial0/0(o): dlci 109, tx-seq-num 82, BE bits set, frag_hdr 04 C0 52
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Documentation
16-69
Chapter 16
Related Documentation
Feature
Documentation
Policy Maps
PPP Encapsulation
Release Notes for the Cisco 10000 Series for Cisco IOS
Release 12.0(23)SX
16-70
OL-7433-09
CH A P T E R
17
17-1
Chapter 17
The Cisco 10000 series router supports DBS for the unspecified bit rate (UBR) and variable bit
rate-nonreal time (VBR-nrt) categories of the ATM traffic management class:
UBR service classThe router applies only the PCR parameter to a UBR configured VC, depending
on the port configuration.
VBR-nrt service classThe router applies the PCR and SCR parameters to the VBR-nrt VC.
As shown in Figure 17-1, when a subscriber initiates a Point-to-Point Protocol (PPP) over ATM (PPPoA)
or PPP over Ethernet (PPPoE) session to the Cisco 10000 series router, DBS retrieves the RADIUS user
profile and sets the QoS parameters to the shaping parameters specified in the user profile. The profile
might contain PCR and SCR values for DBS configuration. If the profile specifies both values, DBS
configures the ATM VC service class as VBR-nrt. Otherwise, DBS configures the service class as UBR.
Figure 17-1 Dynamic Bandwidth Selection Flow
ATM VC connection
Subscriber
1
2
AAA Server
1. PPPOA/PPPOX session begins.
3. DBS software applies the ATM VC parameters from the profile
to the VC connection.
87060
Description
Required PRE
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
17-2
OL-7433-09
Chapter 17
Description
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Configuration Modes
You can configure the dbs enable command in the following configuration modes:
ATM VC class
ATM VC
ATM PVC-in-range
17-3
Chapter 17
When you enter the dbs enable or no dbs enable commands, existing sessions are not disconnected. If
you have a session that has been configured for DBS and you configure the no dbs enable command on
a VC, additional sessions that are configured display DBS-configured QoS values until the first new
session is up. After the first session is brought up, the VC has default and locally configured values. If
you configure the dbs enable command after multiple sessions are already up on the VC, all sessions on
that VC have DBS QoS parameters.
RADIUS QoS attributes are applied to PVCs when a new PPPoE session has PCR and SCR values that
are higher than existing PPPoE sessions. If a new PPPoE session with lower PCR and SCR values is
added to a PVC, the RADIUS QoS attributes are not applied to the new session. If the user with the
PPPoE session with the higher PCR and SCR values logs out, the QoS attributes are set to those of the
lower bandwidth user.
RADIUS QoS attributes override attributes on a PVC configured in ATM PVC-in-range or ATM PVC
range configuration mode. If the RADIUS QoS attributes cannot be applied to a PVC, PPPoE and PPPoA
sessions cannot be established.
When DBS is configured, normal ATM precedences apply. PVC configurations take precedence over VC
class configurations. Thus, if DBS QoS parameters are applied on a VC class and disabled on one PVC
in that VC class, DBS QoS parameters are not applied on the PVC. ATM PVC-in-range configurations
take precedence over PVC range configurations.
When you configure DBS on a PVC, existing sessions on that PVC remain connected.
Description
Release 12.2(16)BX
Release 12.2(28)SB
This command was integrated in Cisco IOS Release 12.2(28)SB for the
PRE2.
Configuration Modes
You can configure the default dbs enable command in the following configuration modes:
ATM VC class
ATM VC
ATM PVC-in-range
17-4
OL-7433-09
Chapter 17
We later decide to change the PVC configuration so that a VC class is applied to the PVC. The
configuration of the VC class, named vc-test, includes the dbs enable command. Therefore, we must
remove the dbs enable command from the PVC configuration by using the default dbs enable
command.
The default dbs enable command removes the dbs enable command from the PVC configuration, as
shown in the following configuration, but it does not remove the ability to do DBS under the VC class.
Notice that the default dbs enable command also does not appear in the PVC configuration.
vc-class atm vc-test
vbr-nrt 505 505
dbs enable
encapsulation aal5mux ppp Virtual-Template1
!
interface ATM6/0/0.600 point-to-point
pvc 1/55
class-vc vc-test
17-5
Chapter 17
If multiple sessions are already up on a VC and you then enable DBS on the VC, when the next
session comes up (the first session after enabling DBS on the VC), that session and all other sessions
on the VC have DBS configured QoS values.
If you enable or disable DBS on a VC, none of the already established sessions on the VC
disconnect.
If a session comes up on a VC that has DBS enabled and then you disable DBS on the VC, that
session and all other sessions that came up before you disabled DBS display the default or
configured VC values. The first session that comes up after you disabled DBS on the VC displays
the default and locally configured QoS values on the VC.
Changing VC QoS traffic parameters as a result of new simultaneous sessions on the same VC does
not cause already established sessions to disconnect.
Changing RADIUS domain service profile QoS parameters does not cause the QoS traffic
parameters to change automatically for VCs with existing sessions to the domain.
17-6
OL-7433-09
Chapter 17
Accounting Updates
When dynamic bandwidth selection applies QoS values for a user, it sends an accounting record to the
RADIUS server. The accounting records contain accounting attributes such as the following:
Cisco-Avpair = peak-cell-rate=155000 [flags = 0x00014000]
Cisco-Avpair = sustainable-cell-rate=145000 [flags = 0x00014000]
To Service Category
Transition
Any
UBR-unshaped
Reject
UBR-unshaped
Any
Reject
UBR-PCR (shaped)
VBR-nrt
Reject
VBR-nrt
UBR-PCR
Reject
UBR-PCR
UBR-PCR
Accept
VBR-nrt
VBR-nrt
Accept
In DBS, the router does not allow you to change a VC traffic class, regardless of the atm pxf queuing
mode of the router. For example, if you have a shaped UBR and DBS downloads peak cell rate (PCR)
and sustained cell rate (SCR) values from RADIUS, the router does not convert the VC to VBR-nrt.
Instead, the VC remains shaped UBR with the PCR configured. The router accepts or rejects the session
on the VC as described below:
If the downloaded PCR and SCR parameters are defined as mandatory attributes in RADIUS, the
router rejects the session.
If the downloaded PCR and SCR parameters are defined as non-mandatory attributes in RADIUS,
the router accepts the session on the VC without changing the VCs traffic class or parameters.
17-7
Chapter 17
The input and output policy map is then applied to the PVC 1/101 as shown in the following sample
debug output:
Nov 25 09:49:23.244: Service policy input Ingress policy output Egress applied on 1/101
Nov 25 09:49:23.244: %c10k_atm_modify_vc_policy(ATM5/0/0): 1/101, vcd 1
Nov 25 09:49:23:244: %c10k_atm_modify_vc_policy(ATM5/0/0): Service policy output Egress
applied on 1/101, vcd 1
Nov 25 09:49:23:252: %c10k_atm_modify_vc_policy(ATM5/0/0): Service policy input Ingress
applied on 1/101, vcd 1
Dynamic bandwidth selection (DBS) applies the dynamically updated bandwidth to the ATM VC or
permanent VC (PVC). DBS does not support applying the bandwidth to individual sessions.
The Cisco 10000 series router supports DBS for only ATM interface protocols, such as PPPoA and
PPPoEoA. The router does not support DBS for PPPoE natively over Ethernet or over VLAN.
DBS does not allow all QoS class of service category changes due to segmentation and reassembly
(SAR) firmware limitations. For example, if you have VBR-nrt VCs configured, you can modify the
VCs shaping parameters (PCR and SCR) using DBS, but you cannot change VBR VCs to shaped
UBR VCs by downloading only the PCR from RADIUS. This behavior also applies to shaped UBR
VCs. Currently, you can change the ATM VC traffic class only by using the modular QoS command
line interface (CLI). For more information, see the Service Category Transitions section on
page 17-7.
DBS does not allow unspecified bit rate (UBR) unshaped transitions. The Cisco 10000 series router
does not allow all transitions to and from UBR unshaped PVCs. An unshaped UBR PVC is a PVC
that does not have a rate specified or the rate specified is greater than or equal to the actual
bandwidth. In pxf queuing mode, the router treats all UBRs as unshaped. UBR unshaped is not a
unique service category, but rather a pseudo service category based on the local or RADIUS user
configuration.
17-8
OL-7433-09
Chapter 17
DBS does not support constant bit rate (CBR) PVCs. The Cisco 10000 series router supports only
UBR and variable bit rate (VBR) PVCs for DBS.
DBS is supported only on VBR-nrt VCs under virtual path (VP) tunnels in pxf queuing mode.
Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range, page 17-12
Step 1
Command
Purpose
Step 2
17-9
Chapter 17
Purpose
Step 1
Step 2
The VCI is a 16-bit field in the header of the ATM cell and
because the value has local significance only, it is unique
only on a single link, not throughout the ATM network.
Step 3
Step 4
17-10
OL-7433-09
Chapter 17
Purpose
Step 1
Step 2
Step 3
Note
When downloading a service policy dynamically from RADIUS, the router applies the service policy to
a range of PVCs, one PVC at a time. At this point, the PVC range is meaningless. The PVC on which
the router is operating could have been created by any means (for example, individually, in PVC range
mode, VC class mode, PVC-in-range mode, or automatically created on-demand).
Configuration Example for Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs
Example 17-3 shows how to enable dynamic bandwidth selection on a range of PVCs. In the example,
dynamic bandwidth selection is enabled on a range of PVCs named cisco (PVC 0/50 to PVC 0/70) on
the ATM multipoint subinterface 0/0/0.1.
Example 17-3 Enabling Dynamic Bandwidth Selection on a Range of ATM PVCs
Router(config)# interface atm0/0/0.1 multipoint
Router(config-subif)# ip address 10.16.0.0 255.255.255.0
Router(config-subif)# range cisco pvc 0/50 0/70
Router(config-subif-atm-range)# dbs enable
17-11
Chapter 17
Purpose
Step 1
Step 2
Step 3
Router(config-if-atm-range)# pvc-in-range
[pvc-name] [vpi/vci]
Step 4
17-12
OL-7433-09
Chapter 17
Configuration Example for Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range
Example 17-4 shows how to enable dynamic bandwidth selection on a PVC within a PVC range. In the
example, dynamic bandwidth selection (DBS) is enabled on PVC 60 in the PVC range named cisco
(PVC 0/50 to PVC 0/70).
Example 17-4 Enabling Dynamic Bandwidth Selection on a PVC Within a PVC Range
Router(config)# interface atm0/0/0.1 multipoint
Router(config-subif)# range cisco pvc 0/50 0/70
Router(config-if-atm-range)# pvc-in-range 60
Router(config-if-atm-range-pvc)# dbs enable
You must configure the peak cell rate (PCR) parameter and you can optionally configure the sustained
cell rate (SCR) parameter. The following configuration rules apply:
If you configure only PCR, the ATM service type is unspecified bit rate (UBR).
If you specify both SCR and PCR, the ATM service type is variable bit rate-nonreal-time (VBR-nrt).
If the PCR value is greater than the maximum rate allowed on the ATM physical interface, the PCR
value applied on the VC is the maximum rate allowed on the interface.
If the PCR value is less than the minimum rate allowed on the physical interface, the PCR value
applied on the VC is the minimum rate allowed on the interface.
If the SCR value exceeds the maximum for the interface, the session is rejected.
Configuration Examples for Configuring RADIUS Profiles for Dynamic Bandwidth Selection
Example 17-5 shows how to configure RADIUS attributes in a domain service profile for dynamic
bandwidth selection.
Example 17-5 Configuring a RADIUS Domain Service Profile for Dynamic Bandwidth Selection
cisco.comPassword
Service-Type=
Cisco-Avpair=
Cisco-Avpair=
Cisco-Avpair=
Cisco-Avpair=
Cisco-Avpair=
Cisco-Avpair=
= cisco,Service-Type = Outbound
Outbound,
vpdn:tunnel-id=shiva,
vpdn:tunnel-type=12tp,
vpdn:12tp-tunnel-password=password2,
vpdn:ip-addresses=172.16.0.0,
atm:peak-cell-rate=155000,
atm:sustainable-cell-rate=155000
17-13
Chapter 17
Example 17-6 shows how to configure RADIUS attributes in a user profile for dynamic bandwidth
selection.
Example 17-6 Configuring a RADIUS User Profile for Dynamic Bandwidth Selection
user1@cisco.comPassword = userpassword1,Service-Type = Outbound
Service-Type= Outbound,
Cisco-Avpair= vpdn:tunnel-id=shiva,
Cisco-Avpair= vpdn:tunnel-type=12tp,
Cisco-Avpair= vpdn:12tp-tunnel-password=password2,
Cisco-Avpair= vpdn:ip-addresses=172.16.0.0,
Cisco-Avpair= atm:peak-cell-rate=155000,
Cisco-Avpair= atm:sustainable-cell-rate=155000
Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class and a PVC,
page 17-14
Configuration Example for Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth
Selection, page 17-16
Configuration Example for Enabling a RADIUS User Profile for Dynamic Bandwidth Selection,
page 17-16
Configuration Example for Enabling Dynamic Bandwidth Selection on a VC Class and a PVC
Example 17-7 shows how to enable dynamic bandwidth selection on a VC class and a PVC.
Example 17-7 Enabling Dynamic Bandwidth Selection on a VC Class and a PVC
!
aaa new-model
!
!aaa authentication ppp default group radius
aaa authorization network default local
aaa session-id common
ip subnet-zero
ip ftp source-interface FastEthernet0/0/0
ip ftp username siv
ip ftp password dev1sit
ip host hardhead 10.10.0.4
ip host balloon 10.10.0.3
ip host seabass 10.10.0.2
!
vpdn enable
vpdn authen-before-forward
!
vpdn-group 2
request-dialin
protocol l2tp
domain cisco.com
initiate-to ip 192.168.1.2
local name c10k-lac
l2tp tunnel password 7 13061E010803
!
mpls ldp log-neighbor-changes
17-14
OL-7433-09
Chapter 17
!
!
controller SONET 2/0/0
no framing
shutdown
!
!
vc-class atm pppoa
vbr-nrt 60 60
dbs enable/* Enables dynamic bandwidth selection on VC class.*/
encapsulation aal5mux ppp Virtual-Template1
!
vc-class atm pppoaRange
vbr-nrt 50 50
dbs enable/* Enables dynamic bandwidth selection on VC class.*/
encapsulation aal5mux ppp Virtual-Template1
!
interface FastEthernet0/0/0
ip address 10.14.0.25 255.255.0.0
no ip proxy-arp
full-duplex
!
interface POS1/0/0
no ip address
crc 32
!
interface ATM3/0/0
no ip address
atm flag s1s0 0
atm sonet stm-4
no atm ilmi-keepalive
pvc 0/16 ilmi
!
!
interface Serial4/0/0
no ip address
!
interface GigabitEthernet5/0/0
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface POS6/0/0
no ip address
crc 32
!
interface ATM8/0/0
atm pppatm passive
no ip address
no atm pxf queuing
atm sonet stm-4
no atm ilmi-keepalive
!
interface ATM8/0/0.1 point-to-point
atm pppatm passive
pvc 10/100
vbr-nrt 40 40
dbs enable/* Enables dynamic bandwidth selection on PVC.*/
encapsulation aal5mux ppp Virtual-Template1
!
!
interface ATM8/0/0.2 point-to-point
atm pppatm passive
pvc 22/222
class-vc pppoa
17-15
Chapter 17
!
!
interface ATM8/0/0.3 point-to-point
atm pppatm passive
range pvc 33/333 33/344
class-range pppoaRange
!
!
interface Virtual-Template1
ip address negotiated
peer default ip address pool pppoa-pool
ppp authentication pap callin
ppp direction callin
!
ip default-gateway 24.1.0.4
ip classless
ip route 10.10.0.0 255.255.0.0 10.14.0.200
no ip http server
ip pim bidir-enable
!
!
radius-server host 10.14.0.210 auth-port 1645 acct-port 1646
radius-server key cisco
radius-server authorization permit missing Service-Type
!
Configuration Example for Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth
Selection
Example 17-8 shows how to enable a RADIUS domain service profile for dynamic bandwidth selection.
Example 17-8 Enabling a RADIUS Domain Service Profile for Dynamic Bandwidth Selection
cisco.com
Configuration Example for Enabling a RADIUS User Profile for Dynamic Bandwidth Selection
Example 17-9 shows how to enable a RADIUS user profile for dynamic bandwidth selection.
Example 17-9 Enabling a RADIUS User Profile for Dynamic Bandwidth Selection
L2TP
user1@cisco.com
Password = cisco, Service-Type = Outbound
cisco-avpair = vpdn:tunnel-id=shiva,
cisco-avpair = vpdn:tunnel-type=l2tp,
cisco-avpair = vpdn:l2tp-tunnel-password=password2,
cisco-avpair = vpdn:ip-addresses=172.16.1.1,
cisco-avpair = atm:peak-cell-rate=155000,
cisco-avpair = atm:sustainable-cell-rate=155000
17-16
OL-7433-09
Chapter 17
PPPoA or PPPoE
johndoe
Password = cisco
Service-Type = Frame-User,
Framed-Protocol = PPP,
cisco-avpair = atm:peak-cell-rate=155000,
cisco-avpair = atm:sustainable-cell-rate=155000
Purpose
17-17
Chapter 17
Command
Purpose
Displays L2TP errors and events that are a part of normal tunnel
establishment or shutdown for VPDNs.
Note
Valid VC weight values are from 1 to 255. However, we recommend that you do not configure the value
below 5.
17-18
OL-7433-09
Chapter 17
For more information abut VC weight and watermarks, see Chapter 15, Oversubscribing Physical and
Virtual Links. The How the Router Determines VC Weights section on page 15-20 and the High
Watermark and Low Watermark Default Values section on page 15-25 describe VC weights and
watermarks.
To pull (download) dynamic VC weights and watermarks from a RADIUS server, you must enable
dynamic bandwidth selection (DBS) on the VC using the dbs enable command. To remove dynamically
modified VC parameters, enter the no dbs enable command. For more information, see the Configuring
Dynamic Bandwidth Selection section on page 17-9.
After the router pulls VC weight and watermark parameters from the RADIUS server and successfully
installs or updates the parameters on the VC, any changes to these VC parameters that you configure
using the modular QoS command line interface (MQC) affect only the nvgen values and not the
RADIUS-pulled values.
The VC weight and watermark parameters pulled from the RADIUS server have precedence over the VC
parameters that you configure on the PVC using the MQC. As a result, the show atm vc detail command
displays the dynamically modified VC weight and watermark values pulled from RADIUS; it does not
display the nvgen values configured using CLI commands.
Description
Required PRE
Release 12.3(7)XI7
PRE2
Release 12.2(28)SB
Note
Valid VC weight values are from 1 to 255. However, we recommend that you do not configure the value
below 5.
For more information, see the Setting Up RADIUS for Dynamic VC Weights and Watermarks section
on page 17-22.
17-19
Chapter 17
You must configure the AV pairs for both the high and low watermarks. Configuring only one of the
AV pairs results in the watermark not being configured.
The router does not support RADIUS Pull for automatically provisioned VCs and virtual path (VP)
tunnels.
Configuring the Router for Dynamic VC Weights and Watermarks, page 17-21
17-20
OL-7433-09
Chapter 17
Step 1
Command
Purpose
Step 2
Step 3
The VCI is a 16-bit field in the header of the ATM cell and
because the value has local significance only, it is unique
only on a single link, not throughout the ATM network.
Configuration Example for Configuring the Router for Dynamic VC Weights and Watermarks
Example 17-14 shows how to configure the router for dynamic VC weights and watermarks. In the
example, dynamic bandwidth selection is enabled on PVC 1/101 on the ATM subinterface 4/0/0.1.
Example 17-10 Configuring the Router for Dynamic VC Weights and Watermarks
Router(config)# interface
Router(config-subif)# pvc
Router(config-if-atm-vc)#
Router(config-if-atm-vc)#
atm 4/0/0.1
1/101
dbs enable
encapsulation aal5mux ppp Virtual-Template 1
17-21
Chapter 17
Note
You can configure the VC weight value from 1 to 255. However, we recommend that you do not
configure the value below 5.
Example 17-11 shows how to configure the RADIUS server for dynamic VC weights and watermarks.
In the example, the VC weight is set to 100.
Example 17-11 Setting Up RADIUS for Dynamic VC Weights and Watermarks
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
cisco-avpair
=
=
=
=
=
=
=
=
=
=
"vpdn:tunnel-id = slow,
"vpdn-tunnel-type = l2tp,
"vpdn:ip-addresses = 10.1.1.22,
"vpdn:nas-password = Tortoise,
"vpdn:gw-password = Hare,
"atm:sustainable-cell-rate = 512,
"atm:maximum-burst-rate = 0,
"atm:vc-weight = 100,
"atm:vc-watermark-min = n,
"atm:vc-watermark-max = n,
When the router requests the policy name, the information in the user file is pulled. A RADIUS users
file contains an entry for each user that the RADIUS server authenticates. Each entry, which is also
referred to as a user profile, establishes an attribute the user can access.
When looking at a user file, the data to the left of the equal (=) character is an attribute defined in the
dictionary file and the data to the right of the equal character is the configuration data.
Purpose
17-22
OL-7433-09
Chapter 17
Command
Purpose
17-23
Chapter 17
Example 17-13 shows sample output for the show atm pvc command, which enables you to display
information about a particular PVC. As indicated in the example, the high watermark for PVC 1/100 is
set to 56 and the low watermark is set to 48. The weight is set to 12.
Example 17-13 Sample Output for the show atm pvc Command
Router# show atm pvc 1/100
ATM7/0/0: VCD: 2, VPI: 1, VCI: 100
UBR, PeakRate: 599040 (1412831 cps)
CDVT: 178.5 Usecs, High Watermark: 56, Low Watermark: 48
AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0, Encapsize: 12
Channel Weight: 12
OAM frequency: 0 second(s), OAM retry frequency: 1 second(s)
OAM up retry count: 3, OAM down retry count: 5
OAM Loopback status: OAM Disabled
OAM VC Status: Not Managed
ILMI VC status: Not Managed
InARP frequency: 15 minutes(s)
High Watermark: 56, Low Watermark: 48
InPkts: 355, OutPkts: 353, InBytes: 7001, OutBytes: 6648
InPRoc: 93, OutPRoc: 357, Broadcasts: 0
InFast: 268, OutFast: 0
InPktDrops: 0, OutPktDrops: 0
Out CLP=1 Pkts: 0
OAM cells received: 0
F5 InEndloop: 0, F5 InSegloop: 0, F5 InAIS: 0, F5 InRDI: 0
F4 InEndloop: 0, F4 InSegloop: 0, F4 InAIS: 0, F4 InRDI: 0
OAM cells sent: 0
F5 OutEndloop: 0, F5 OutSegloop: 0, F5 OutRDI: 0
F4 OutEndloop: 0, F4 OutSegloop: 0, F4 OutRDI: 0
OAM cell drops: 0
Status: UP
DBS enabled.
PPPoA Current State = LCP_NEGOTIATION
PPPoA Latest Event = PPP Msg
PPPoA Latest Error = None
PPPoA Session ID = 14
PPPoA Handle = 0x9300000D, SSS Handle = 0x00000000
Switch Handle = 0x5400000D, PPP Handle = 0x4B00000F
AAA Unique ID = 0x0000000F, AIE Handle = 0x3700000D
The Define Interface Policy-Map AV Pairs AAA feature allows the two new Cisco VSAs to be installed
on an ATM VC after a PPPoA or PPPoEoA session establishment. Using RADIUS, this feature allows
a policy map to be applied (pulled) and then modified by specific events (pushed by the Policy
Server) while that session remains active.
17-24
OL-7433-09
Chapter 17
The push functionality of the feature allows you to modify an existing QoS profile (a policy map) applied
to a session while that session remains active, thus allowing QoS policies to be applied as required
without session re-authentication disruption. Specific events including time-of-day, byte count, and user
request, can signal the policy server to push a policy map onto a specific VC.
In addition, two existing Cisco Generic RADIUS VSAs replace and deprecate two VSAs that do not
correctly follow the Cisco VSA naming guidelines. Table 17-2 lists the replaced VSAs and the VSAs
that replace them. The router supports the old attributes, but you should avoid using them and use the
new VSAs instead.
Table 17-2 Replaced and Deprecated Cisco AV-Pairs
The Cisco VSA (attribute 26) communicates vendor-specific information between the network access
server (NAS) and the RADIUS server. Attribute 26 encapsulates vendor specific attributes that allow
vendors such as Cisco to support their own extended attributes.
In releases prior to Cisco IOS Release 12.3(7)XI2, you can configure a policy map only on a VC or ATM
point-to-point subinterface by using the service-policy command. The service policy is applied to the
sessions on these VCs using RADIUS or manually using a virtual template interface.
In Cisco IOS Release 12.3(7)XI2 and later releases, you can apply a service policy on the VC using
RADIUS for a PPPoA or PPPoEoA session. However, configuring a service policy on the ATM
subinterface still requires that you configure the service-policy command.
When you configure a service policy on the VC (or ATM point-to-point subinterface), the router applies
the service policy to all sessions that use that VC. This allows the router to apply class-based weighted
fair queuing (CBWFQ) to sessions. You can configure a service policy either on a VC or on a session,
but not on both at the same time.
Note
A policy map defines QoS actions and rules for the traffic classes that you define in class maps. In a
policy map, you can define QoS actions for such things as policing and class-based weighted fair
queuing (CBWFQ). When you attach a policy map to an interface, you must specify whether the policy
is to be applied to inbound or outbound traffic. For more information, see Chapter 2, Classifying
Traffic, Chapter 3, Configuring QoS Policy Actions and Rules, or Chapter 4, Attaching Service
Policies.
The Define Interface Policy-Map AV Pairs AAA feature supports all Cisco 10000 series line cards. For
more information, see the Define Interface Policy-Map AV Pairs AAA feature module for Cisco IOS
Release 12.2(28)SB.
17-25
Chapter 17
Description
Required PRE
Release 12.3(7)XI2
Release 12.2(28)SB
When the router establishes a PPP over Ethernet over ATM (PPPoEoA) session, the router downloads or
pulls the policy maps set up on the RADIUS server to the VC. The following sample output from the
show policy-map interface command shows that the RADIUS policy maps (test_vc and dyn_out) are
now attached to PVC 4/103.
Router# show policy-map interface atm 4/0/0.3
ATM4/0/0.3: PVC 4/103 Service-policy input: test_vc
Class-map: class-default (match-any)
0 packets, 0 bytes
17-26
OL-7433-09
Chapter 17
After a policy map is successfully pulled on the VC, any configuration changes you make using the
[no] service-policy input/output <name> command do not affect the policy map used by the VC.
Entering the show policy-map command displays the pulled policy map. Entering the
show running-config command displays the current user configuration on the router.
To remove the dynamic policy that is pulled from the RADIUS server, use the no dbs enable command
or clear the PPPoA or PPPoEoA session associated with the VC.
Authentication, authorization, and accounting (AAA) must be enabled and already set up to use
RADIUS.
When dynamically configuring a service policy on the ATM subinterface, dynamic bandwidth
selection (DBS) must be enabled on the VC using the dbs enable command. For more information
about DBS, see the Applying Traffic Shaping Parameters Using RADIUS Profiles section on
page 17-2.
Configuring the Router for Dynamic QoS Policies at the Session Level, page 17-28
Setting Up RADIUS for Dynamic QoS Policies at the Session Level, page 17-29
Authentication, Authorization, and Accounting (AAA) must be enabled and already set up to use
RADIUS.
PPP over Ethernet over ATM (PPPoEoA) or PPP over ATM (PPPoA) session is established.
Prerequisites
17-27
Chapter 17
Configuring the Router for Dynamic QoS Policies at the Session Level
To configure the router for dynamic QoS policies at the session level, enter the following commands
beginning in global configuration mode:
Command
Purpose
Step 1
Step 2
The VCI is a 16-bit field in the header of the ATM cell and
because the value has local significance only, it is unique
only on a single link, not throughout the ATM network.
Step 3
Step 4
Router(config-if-atm-vc)# exit
Step 5
Router(config-subif)# exit
Step 6
Router(config)# policy-map
policy-map-name
Configuration Example for Configuring the Router for Dynamic QoS Policies at the Session Level
Example 17-14 shows how to configure the router for dynamic QoS policies at the session level. In the
example, dynamic bandwidth selection is enabled on PVC 1/101 on the ATM subinterface 4/0/0.1.
Example 17-14 Configuring the Router for Dynamic QoS Policies at the Session Level
Router(config)# interface
Router(config-subif)# pvc
Router(config-if-atm-vc)#
Router(config-if-atm-vc)#
atm 4/0/0.1
1/101
dbs enable
encapsulation aal5mux ppp Virtual-Template 1
17-28
OL-7433-09
Chapter 17
Example 17-15 shows how to configure the Cisco AV pairs in the RADIUS user profile. In the example,
the policy map named dyn_out is configured for outbound traffic and the policy map named test_vc is
configured for inbound traffic.
Example 17-15 Setting Up RADIUS for Dynamic QoS Policies at the Session Level
Service-Type = Framed,
Framed-Protocol = PPP,
cisco-avpair = "atm:vc-qos-policy-out=dyn_out",
cisco-avpair = "atm:vc-qos-policy-in=test_vc"
When the router requests the policy name, the information in the user file is pulled. A RADIUS users
file contains an entry for each user that the RADIUS server authenticates. Each entry, which is also
referred to as a user profile, establishes an attribute the user can access.
When looking at a user file, the data to the left of the equal (=) character is an attribute defined in the
dictionary file, and the data to the right of the equal character is the configuration data.
Configure the server-key by using the client server-key string subcommand to configure at the client
level, or use the server-key string subcommand to configure at the global level. Configuring at the
client level overrides the global level.
For security purposes, we recommend configuring each client and using different server-keys for each
client.
The port, auth-type, ignore session-key, and ignore server-key commands are optional.
The following example sets up the local AAA server:
aaa server radius dynamic-author
client 192.168.0.5 vrf coa server-key cisco1
client 192.168.1.5 vrf coa server-key cisco2
17-29
Chapter 17
Configuration Examples for Existing Service Policies and Pulled Policies, page 17-30
Configuration Examples for Pulled Policies and a Router Without Existing Policies, page 17-32
17-30
OL-7433-09
Chapter 17
Example 17-17 shows a sample configuration that includes the dbs enable command to enable dynamic
QoS updates using RADIUS. When the router establishes a PPPoEoA session, the router downloads or
pulls the service policy names test_vc and dyn_out from the RADIUS server to the VC. The policy maps
downloaded from the RADIUS server have higher precedence than the policy maps (voice and outname)
configured directly on the PVC. The sample output from the show policy-map interface command
indicates that the RADIUS policies have been downloaded.
Example 17-17 Pulling QoS Parameters from RADIUS to Existing Policies
Router# show policy-map
!
interface ATM4/0/0.3 multipoint
no atm enable-ilmi-trap
pvc 4/103
dbs enable
encapsulation aal5autoppp Virtual-Template1
service-policy input voice
service-policy output outname
!
end
Router# show policy-map interface atm 4/0/0.3
ATM4/0/0.3: PVC 4/103 Service-policy input: test_vc
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
5 minute rate 0 bps
Service-policy output: dyn_out
Class-map: class-default (match-any)
5 packets, 370 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
5 packets, 370 bytes
5 minute rate 0 bps
Router# show pppoe session
PPPoE Session Information
Unique ID PPPoE RemMAC
SID LocMAC VA-st
2
2 0010.1436.bc70
0010.1436.b070
Port VT
ATM4/0.31
VC:4/103
VA
State
Vi3.1
PTA
UP
17-31
Chapter 17
Configuration Examples for Pulled Policies and a Router Without Existing Policies
Example 17-18 shows sample output from the show policy-map interface command after a service
policy has been downloaded from RADIUS. In this example, the service policy named voice is
configured on the RADIUS server. The voice policy map is not configured on the router. The router,
however, is configured for Point-to-Point Protocol over ATM (PPPoA) and authentication, authorization,
and accounting (AAA). When a PPPoA session is established, the router pulls the service policy name
(voice) from the RADIUS server. However, as shown in the sample output from the
show running-config interface command, the currently running configuration displays, but information
about the pulled service policy does not display.
Example 17-18 Pulling QoS Parameters from RADIUS to a Router Without Existing Policies
Router# show policy-map interface atm 4/0.1
ATM4/0: VC 1/101 Service-policy input: voice
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
!
Router# show running-config interface atm 4/0.1
!
Building configuration...
Current configuration : 107 bytes
!
interface ATM 4/0.1
pvc 1/101
dbs enable
encapsulation aal5mux ppp Virtual-Template 1
!
Purpose
17-32
OL-7433-09
Chapter 17
Example 17-20 shows sample output for the show running-config command on the router. This
command displays the routers running-configuration file and displays the following types of
information:
AAA set up
Policy map
ATM VC
PPPoA
DBS enabled
Virtual template
RADIUS server
Example 17-20 Verifying Dynamic Policies on the Router Using the show running-config Command
Router# show running-config
aaa new-model
!
aaa user profile TEST
!
aaa authentication ppp default group radius
aaa authorization network default group radius
!
aaa session-id common
ip subnet-zero
!
policy-map voice
class Class-Default
fair-queue
!
interface ATM4/0.1 point-to-point
pvc 1/101
dbs enable
encapsulation aal5mux ppp Virtual-Template1
!
interface Virtual-Template1
ip address negotiated
peer default ip address pool POOL1
ppp authentication chap
!
radius-server host 172.16.197.225 auth-port 1890 acct-port 1891
17-33
Chapter 17
radius-server
radius-server
radius-server
radius-server
!
timeout 15
key 7 060506324F41
vsa send accounting
vsa send authentication
priority commandAssigns priority to a traffic class and gives preferential treatment to the class.
(See Chapter 8, Prioritizing Services.)
bandwidth commandEnables class-based fair queuing and creates multiple class queues based on
bandwidth. (See Chapter 5, Distributing Bandwidth Between Queues.)
queue-limit commandSpecifies the maximum number of packets that a particular class queue can
hold. (See Chapter 11, Managing Packet Queue Congestion.)
police commandRegulates traffic based on bits per second (bps), using the committed information
rate (CIR) and the peak information rate, or on the basis of a percentage of bandwidth available on
an interface. (See Chapter 6, Policing Traffic.)
17-34
OL-7433-09
Chapter 17
set ip precedence commandMarks a packet with the IP precedence level you specify. (See
Chapter 7, Marking Traffic.)
set dscp commandMarks a packet with the differentiated services code point (DSCP) you specify.
(See Chapter 7, Marking Traffic.)
set cos commandSets the IEEE 802.1Q class of service bits in the user priority field. (See
Chapter 7, Marking Traffic.)
The parent policy contains only the class-default class with the shape command configured. This
command shapes traffic to the specified bit rate, according to a specific algorithm. (See Chapter 9,
Shaping Traffic.) For more information about nested hierarchical policies, see the Nested
Hierarchical Policies section on page 13-6.
The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy
map occurs on the router using the modular QoS CLI (MQC). The router can apply the QoS policy to
sessions using attributes defined in one of the following RADIUS profiles:
User ProfileThe user profile on the RADIUS server contains an entry that identifies the policy
map name applicable to the user. The policy map name is the service that RADIUS downloads to
the router after a session is authorized.
Service ProfileThe service profile on the RADIUS server specifies a session identifier and an
attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session.
The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
After receiving a service-logon request from the policy server, RADIUS sends a change of authorization
(CoA) request to the router to activate the service for the subscriber, who is already logged in. If the
authorization succeeds, the router downloads the name of the policy map from RADIUS using the above
attribute and applies the QoS policy to the session.
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
Feature History for Per Session Queuing and Shaping for PPPoE Over VLANs
Cisco IOS Release
Description
Required PRE
Release 12.3(7)XI7
PRE2
Release 12.2(31)SB5
PRE2
17-35
Chapter 17
Interfaces Supporting Per Session Queuing and Shaping for PPPoE Over VLANs
The router supports per session queuing and shaping on PPPoE terminated sessions and on an
IEEE 802.1Q VLAN tagged subinterfaces for outbound traffic only.
The router does not support per session queuing and shaping for PPPoE over VLAN sessions using
RADIUS on inbound interfaces.
Restrictions and Limitations for Per Session Queuing and Shaping for PPPoE
Over VLANs
The router does not support per session queuing and shaping for Layer 2 Access Concentrator (LAC)
sessions.
The QoS-related statistics available using the show policy-map interface command are not
available using RADIUS.
The router does not support using a virtual template interface to apply a service policy to a session.
You can only apply per session queuing and shaping policies as output service policies. The router
supports input service policies on sessions for other existing features, but not for per session queuing
and shaping for PPPoE over VLAN using RADIUS. For more information, see Chapter 18,
Regulating and Shaping Subscriber Traffic.
During periods of congestion, the router does not provide specific scheduling between the various
PPPoE sessions. If the entire port becomes congested, the scheduling that results has the following
effects:
The amount of bandwidth that each session receives of the entire ports capacity is not typically
proportionally.
The PRE2 does not support ATM overhead accounting for egress packets with Ethernet
encapsulations. Therefore, the router does not consider ATM overhead calculations when
determining that the shaping rate conforms to contracted subscriber rates.
The router does not support the configuration of the policy map using RADIUS. You must use the
modular QoS command line interface (MQC) to configure the policy map on the router.
17-36
OL-7433-09
Chapter 17
Configuring Per Session Queuing and Shaping for PPPoE Over VLANs Using
RADIUS
To configure per session queuing and shaping, perform the following required configuration tasks:
Configuring a Per Session Queuing and Shaping Policy on the Router, page 17-37
Setting Up RADIUS for Per Session Queuing and Shaping, page 17-40
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Note
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} account
{{{qinq | dot1q} {aal5 | aal3}
{subscriber-encapsulation}} |
{user-defined offset [atm]}}
17-37
Chapter 17
Step 3
(cont.)
Command
Purpose
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} account
{{{qinq | dot1q} {aal5 | aal3}
{subscriber-encapsulation}} |
{user-defined offset [atm]}}
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# policy-map
policy-map-name
Step 6
17-38
OL-7433-09
Chapter 17
Step 7
Command
Purpose
Shapes traffic to the indicated bit rate and enables ATM overhead
accounting.
rate is the bit-rate used to shape the traffic, expressed in kilobits
per second.
account enables ATM overhead accounting. For more
information, see Chapter 10, Overhead Accounting.
qinq specifies queue-in-queue encapsulation as the broadband
aggregation system-DSLAM encapsulation type.
dot1q specifies IEEE 802.1Q VLAN encapsulation as the
broadband aggregation system-DSLAM encapsulation type.
aal5 specifies the ATM Adaptation Layer 5 that supports
connection-oriented variable bit rate (VBR) services. You must
specify either aal5 or aal3.
aal3 specifies the ATM Adaptation Layer 5 that supports both
connectionless and connection-oriented links. You must specify
either aal3 or aal5.
subscriber-encapsulation specifies the encapsulation type at the
subscriber line.
user-defined indicates that the router is to use the offset you
specify when calculating ATM overhead.
offset specifies the offset size the router is to use when calculating
ATM overhead. Valid values are from -63 to 63 bytes.
Note
Router(config-pmap-c)# service-policy
policy-map-name
17-39
Chapter 17
Configuration Example for Configuring a Per Session Queuing and Shaping Policy on the Router
Example 17-22 shows how to configure a per session queuing and shaping policy on the router for
PPPoE over VLAN sessions using RADIUS. The example creates two traffic classes: Voice and Video.
The router classifies traffic that matches IP precedence 5 as Voice traffic and traffic that matches IP
precedence 3 as Video traffic. The Child policy map gives priority to Voice traffic and polices traffic at
2400 kbps. The Video class is allocated 80 percent of the remaining bandwidth and has ATM overhead
accounting enabled. The Child policy is applied to the class-default class of the Parent policy map, which
receives 20 percent of the remaining bandwidth and shapes traffic to 10000 bps, and enables ATM
overhead accounting.
Example 17-22 Configuring a Per Session Queuing and Shaping Policy on the Router
Router(config)# class-map Voice
Router(config-cmap)# match ip precedence 5
Router(config-cmap)# class-map Video
Router(config-cmap)# match ip precedence 3
!
Router(config)# policy-map Child
Router(config-pmap)# class Voice
Router(config-pmap-c)# priority
Router(config-pmap-c)# police 2400 9216 0 conform-action transmit exceed-action drop
violate-action drop
Router(config-pmap-c)# class video
Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-dot1q-rbe
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 10000 account dot1q snap-dot1q-rbe
Router(config-pmap-c)# service-policy Child
User ProfileThe user profile on the RADIUS server contains an entry that identifies the policy
map name applicable to the user. The policy map name is the service that RADIUS downloads to
the router after a session is authorized.
Service ProfileThe service profile on the RADIUS server specifies a session identifier and an
attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session.
The AV-pair defines the service (policy map name) to which the user belongs.
The following AV-pairs define the QoS policy to be applied dynamically to the session:
"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"
"ip:sub-qos-policy-out=<name of egress policy>"
After receiving a service-logon request from the policy server, RADIUS sends a change of authorization
(CoA) request to the router to activate the service for the subscriber, who is already logged in. If the
authorization succeeds, the router downloads the name of the policy map from RADIUS using the above
attribute and applies the QoS policy to the session.
17-40
OL-7433-09
Chapter 17
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.
The actual configuration of the policy map occurs on the router. The user profile on the RADIUS service
contains an entry that identifies the policy map name applicable to the user. This policy map name is the
service RADIUS downloads to the router using VSA 38.
Note
Although the router also supports RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we
recommend that you use the attributes described in the Setting Up RADIUS for Per Session Queuing
and Shaping section on page 17-40 for QoS policy definitions.
Configuration Example for Setting Up RADIUS for Per Session Queuing and Shaping
Example 17-23 and Example 17-24 are example configurations for the Merit RADIUS server and the
associated Layer 2 network server (LNS). In the example, the Cisco-Policy-Down attribute indicates the
name of the policy map to be downloaded, which in this example is rad_output_policy. The RADIUS
dictionary file includes an entry for Cisco VSA 38.
Example 17-23
17-41
Chapter 17
Purpose
Displays the session QoS counters for the subscriber session you
specify.
uid uid-number defines a unique session ID. Valid values for
uid-number are from 1 to 65535.
17-42
OL-7433-09
Chapter 17
Example 17-26 shows sample output for the show policy-map session command and show policy-map
session uid command, based on a nested hierarchical policy.
Example 17-26 Sample Output of a Hierarchical Policy
Router# show subscriber session
Current Subscriber Information: Total sessions 1
Uniq ID Interface
State
Service
Identifier
Up-time
36
authen
Local Term
peapen@cisco.com
00:01:36
Vi2.1
17-43
Chapter 17
Police:
8000 bps, 9216 limit, 0 extended limit
conformed 0 packets, 0 bytes; action:
transmit
exceeded 0 packets, 0 bytes; action:
drop
violated 0 packets, 0 bytes; action:
drop
Class-map: video (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3
Queueing
queue limit 250 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
bandwidth remaining 80% (7993 kbps)
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
queue limit 250 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 2/136
Helps to avoid traffic congestion and allows the ISP to adhere to the Service Level Agreement (SLA)
established for managing traffic.
Provides a high degree of granularity for managing traffic on the network. Figure 17-2 is a sample
topology for per-session shaping and queuing on an LNS.
Figure 17-2
Downstream traffic
ISP
Subscriber
LAC
L2TP tunnel
PPP session
127500
LNS
17-44
OL-7433-09
Chapter 17
Downstream traffic is forwarded from the ISP (the source) to an ISP subscriber (the destination)
during a PPP session.
2.
From an LNS at the ISP, the traffic is transmitted over an L2TP tunnel to an L2TP Access
Concentrator (LAC) and then to the subscriber.
3.
A user-defined offset size shapes and queues the per session traffic on an LNS. This offset applies
overhead bytes to outgoing traffic and the router uses the offset when calculating ATM overhead.
4.
To specify the overhead offset in child and parent policies, use the bandwidth and shape
commands. The offset values and encapsulation types must match in the child and parent policies.
Description
Release 12.2(31)SB6
The Per Session Shaping and Queuing on LNS feature was PRE3
introduced on the Cisco 10000 series router.
Required PRE
This feature uses policy maps in which queuing mechanisms (such as class-based weighted fair
queuing [CBWFQ]) are configured.
Restrictions and Limitations for Per Session Shaping and Queuing on LNS
Cisco IOS Release 12.2(31)SB8 does not support load balancing when per session shaping and
queuing is configured. However, this release does support load balancing if no output QoS is applied
to the session. Cisco IOS Release 12.2(31)SB6 does not support load balancing at all on the LNS.
Cisco IOS Release 12.2(31)SB10 supports load balancing for all QoS configurations, except those
containing a queuing action that is applied to a session. For example, the router does not support
load balancing for a session if the policy map applied to the session contains the shape, bandwidth,
or priority command.
This feature only applies when the LAC and LNS are connected by Ethernet.
Configuring a Per Session Shaping and Queuing on LNS Policy, page 17-46
17-45
Chapter 17
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
17-46
OL-7433-09
Chapter 17
Step 3
Command
Purpose
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} account
{{{qinq | dot1q} {aal5 | aal3}
{subscriber-encapsulation}} |
{user-defined offset [atm]}}
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# policy-map
policy-map-name
Step 6
17-47
Chapter 17
Step 7
Command
Purpose
Shapes traffic to the indicated bit rate and enables ATM overhead
accounting.
rate is the bit-rate used to shape the traffic, expressed in kilobits
per second.
account enables ATM overhead accounting. For more
information, see Chapter 10, Overhead Accounting.
qinq specifies queue-in-queue encapsulation as the broadband
aggregation system-DSLAM encapsulation type.
dot1q specifies IEEE 802.1Q VLAN encapsulation as the
broadband aggregation system-DSLAM encapsulation type.
aal5 specifies the ATM Adaptation Layer 5 that supports
connection-oriented variable bit rate (VBR) services. You must
specify either aal5 or aal3.
aal3 specifies the ATM Adaptation Layer 5 that supports both
connectionless and connection-oriented links. You must specify
either aal3 or aal5.
subscriber-encapsulation specifies the encapsulation type at the
subscriber line.
user-defined indicates that the router is to use the offset you
specify when calculating ATM overhead.
offset specifies the offset size the router is to use when calculating
ATM overhead. Valid values are from -63 to 63 bytes.
Note
Router(config-pmap-c)# service-policy
policy-map-name
Step 9
Router(config-pmap-c)# exit
Step 10
Router(config)# interface
virtual-template number
Step 11
Router(config-if)# service-policy
policy-map-name
17-48
OL-7433-09
Chapter 17
Configuration Example for Configuring a Per Session Shaping and Queuing on LNS Policy
Example 17-27 shows how to configure a per session shaping and queuing on LNS policy. In this
example, the router uses 20 overhead bytes and ATM cell tax in calculating ATM overhead. The child
and parent policies contain the required matching offset values. The parent policy is attached to virtual
template 1.
Example 17-27 Configuring Per Session Shaping and Queuing on LNS Policy on the Router
policy-map child
class class1
bandwidth 500 account user-defined 20 atm
class class2
shape average 30000 account user-defined 20 atm
policy-map parent
class class-default
shape average 30000 account user-defined 20 atm
service-policy child
interface virtual-template 1
service-policy output parent
Purpose
17-49
Chapter 17
Verification Examples for Per Session Shaping and Queuing on LNS Policies
Example 17-28 shows sample output for the show policy-map command. In the example, the router uses
20 overhead bytes in calculating ATM overhead.
Example 17-28 Sample Outputshow policy-map Command
Router# show policy-map child
Policy Map child
Class Class1
Average Rate Traffic Shaping
cir 20% account user-defined 20
Example 17-29 shows sample output for the show running-config command. In the example, the output
modifier starts the display at the Parent policy map line.
Example 17-29 Sample Outputshow running-config Command
Router# show running-config | begin Parent
Policy Map Parent
class class1
shape average percent 20 account user-defined 20 atm
policy-map child
class class2
shape average percent 20 account user-defined 20 atm
!
Child policy [of the hierarchical service policy]Defines QoS actions using QoS commands such
as the priority, bandwidth, and police commands.
Parent policyContains only the class-default class with the shape or bandwidth remaining ratio
command configured, or with both commands configured:
shape commandShapes the session traffic to the specified bit rate, according to a specific
algorithm.
bandwidth remaining ratio commandSpecifies a ratio value that the router uses to
determine how much unused bandwidth to allocate to the session during congestion.
For more information about nested hierarchical policies, see the Nested Hierarchical Policies section
on page 13-6.
17-50
OL-7433-09
Chapter 17
Note
The PPP Session Queuing on ATM VCs feature applies to both PPP terminated aggregation (PTA) and
L2TP access concentrator (LAC) configurations.
Figure 17-3 illustrates PPP session queuing on ATM VCs.
Figure 17-3
PPPoE Session
Interface with shaper
Voice
ATM VC
Session #1
with QoS
Video
pppoe-Session
Data-premium
HW Interface
Class-default
Session #2
without QoS
191919
pppoe-Session
Description
Required PRE
Release 12.2(31)SB6
PRE3
User ProfileThe user profile on the RADIUS server contains an entry that identifies the policy
map name applicable to the user. The policy map name is the service that RADIUS downloads to
the router after a session is authorized.
17-51
Chapter 17
Service ProfileThe service profile on the RADIUS server specifies a session identifier and an
attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session.
The AV-pair defines the service (policy map name) to which the user belongs.
After receiving a service-logon request from the policy server, RADIUS sends a change of authorization
(CoA) request to the router to activate the service for the subscriber, who is already logged in. If the
authorization succeeds, the router downloads the name of the policy map from RADIUS using the
ip:sub-qos-policy-in[out]= AV-pair and applies the QoS policy to the PPPoA or PPPoEoA
session. Because the service policy contains queuing-related actions, the router sets up the appropriate
class queues.
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the ip:sub-qos-policy-in[out]= AV-pairs for QoS
policy definitions.
Queue Inheritance
Queuing Policy
No policy
VC default queue
Applied to the VC
VC queues
Session queues
If no queuing policy is applied at the VC or session level, the router sends all traffic on the VC to
the default queue, including traffic from sessions on the VC that have a policing-only policy applied
or no policy applied.
If a queuing policy is applied at the VC level, but not at the session level, the router sends traffic to
the queues associated with the queuing policy on the VC.
17-52
OL-7433-09
Chapter 17
If queuing policies are applied to some sessions on a VC but not to other sessions, the router sends
the traffic with a policing-only policy or with no policy applied to the VCs default queue. The router
sends traffic with queuing policies to the queues associated with the queuing policy applied to the
session.
Create traffic classes using the class-map command and specify the match criteria used to classify
traffic.
For dynamic PPPoA or PPPoEoA session queuing using RADIUS, you must:
Enable authentication, authorization, and accounting (AAA) on the router
Configure the RADIUS server for dynamic QoS
Create the subscribers user profile on the RADIUS server
You cannot configure PPP session queuing on unshaped VCsVCs without a specified peak cell
rate (PCR) or sustained cell rate (SCR).
Although you can configure oversubscription at the VC level, the router does not guarantee priority
queuing (PQ) and fair treatment among VCs during congestion.
VCs with session queuing polices cannot be part of a shaped virtual path (VP).
17-53
Chapter 17
PPP session queuing does not allow you to simultaneously configure queuing policies on a VC and
on a session of that VC, although the router permits the configuration.
The maximum number of VCs with PPP session queuing policies cannot exceed 16,000 VCs system
wide.
If the same ATM category (for example, shaped unspecified bit rate (UBR)) contains both high and
low bandwidth VCs, the SAR mechanism can cause low throughput for high bandwidth VCs. The
workaround for this issue is to use different ATM classes for low and high bandwidth VCs. For
example, configure low bandwidth VCs as shaped UBR and high bandwidth VCs as variable bit
rate-nonreal-time (VBR-nrt) or constant bit rate (CBR).
When you apply queuing policies to sessions, do not apply a policy at the VC level on the same VC.
The CLASS-BASED QOS MIB does not include statistics for service policies applied to sessions.
The router ignores the VC weight when it is configured on a VC with PPP session queuing
configured.
Associating the Hierarchical Policy Map with a Virtual Template, page 17-57
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
17-54
OL-7433-09
Chapter 17
Step 2
Command
Purpose
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Note
Step 3
Step 4
Step 5
Step 6
Router(config-pmap-c)# bandwidth
remaining ratio
Step 7
Router(config-pmap-c)# exit
17-55
Chapter 17
Step 8
Command
Purpose
Router(config-pmap)# policy-map
policy-map-name
Step 9
Step 10
Router(config-pmap-c)# bandwidth
remaining ratio
Step 11
Shapes traffic to the indicated bit rate and enables ATM overhead
accounting.
(Optional) average is the committed burst (Bc) that specifies the
maximum number of bits sent out in each interval. This option is
only supported on the PRE3.
mean-rate is also called committed information rate (CIR).
Indicates the bit rate used to shape the traffic, in bits per second.
When this command is used with backward explicit congestion
notification (BECN) approximation, the bit rate is the upper
bound of the range of bit rates that are permitted.
(Optional) burst-size is the number of bits in a measurement
interval (Bc).
(Optional) excess-burst-size is the acceptable number of bits
permitted to go over the Be.
account enables ATM overhead accounting.
qinq specifies queue-in-queue encapsulation as the
BRAS-DSLAM encapsulation type.
dot1q specifies IEEE 802.1Q VLAN encapsulation as the
BRAS-DSLAM encapsulation type.
aal5 is the ATM Adaptation Layer 5 that supports
connection-oriented variable bit rate (VBR) services.
subscriber-encaps specifies the encapsulation type at the
subscriber line. For more information, see the Subscriber Line
Encapsulation Types section on page 10-5.
Step 12
Router(config-pmap-c)# service-policy
policy-map-name
17-56
OL-7433-09
Chapter 17
The following example shows how to configure a hierarchical QoS policy. In the example, the
child-policy configures QoS features for two traffic classes: Premium and Silver. Premium traffic has
priority and is policed at 40 percent. The router sets the IP precedence of Premium traffic to precedence
level 3. Silver traffic is policed at 80000 bps and IP precedence level 3 is set. The child-policy is applied
to the Parent policy class-default class, which shapes traffic to 200,000 Kbps.
Router(config)# policy-map child-policy
Router(config-pmap)# class Premium
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 40
Router(config-pmap-c)# set ip precedence 3
Router(config-pmap-c)# class Silver
Router(config-pmap-c)# police 80000 10000 conform-action transmit exceed-action drop
Router(config-pmap-c)# set ip precedence 5
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 200000
Router(config-pmap-c)# service-policy output child-policy
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)#
Step 1
Command
Purpose
Router(config)# interface
virtual-template template-number
Step 2
Step 3
Router(config-if)# exit
17-57
Chapter 17
The following example shows how to associate a policy map with a virtual template. In this example, the
policy map named Parent is associated with the virtual template named VirtualTemplate1.
Router(config)# interface virtual-template1
Router(config-if)# service-policy output Parent
Router(config-if)# exit
Router(config)#
Step 1
Command
Purpose
Step 2
Router(config-bba-grp)# virtual-template
template-number
Step 3
Router(config-bba-grp)# exit
Step 4
17-58
OL-7433-09
Chapter 17
Step 5
Command
Purpose
vci specifies the ATM network virtual channel identifier (VCI) for
this PVC. Valid values are from 0 to 1 less than the maximum
value set for this interface by the atm vc-per-vp command. A
value that is out of range causes an "unrecognized command"
error message.
Note
Step 6
Step 7
Router(config-atm-vc)# exit
Step 8
Router(config-subif)# exit
The following example shows how to associate a virtual template interface with an ATM interface and
apply the policies in the virtual template to the sessions on the interface. In the example, the service
policy named Parent is applied to the Virtual-Template 8, which is associated with the bba-group named
pppoeoa-group. The bba-group is applied to PVC 101/210 on ATM subinterface 4/0/1.10.
bba-group pppoe pppoeoa-group
Virtual-Template 8
interface ATM4/0/1.10 point-to-point
pvc 101/210
vbr-nrt 4000 2000 50
no dbs enable
encapsulation aal5snap
protocol pppoe group pppoeoa-group
!
interface Virtual-Template8
ip unnumbered Loopback5555
17-59
Chapter 17
Adding the Cisco QoS AV Pairs to the RADIUS Profile, page 17-60
The Cisco AV-pair identifies the policy map the router is to use when applying QoS features to a PPPoA
or PPPoEoA session. After receiving a service-logon request from the policy server, RADIUS sends a
change of authorization (CoA) request to the router to activate the service for the user, who is already
logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS
using the Cisco AV-pair and applies the QoS policy to the session.
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the above attribute for QoS policy definitions. For
more information about attribute 38, see the Setting Up RADIUS Using VSA 38 section on
page 17-41.
Example of Setting Up RADIUS for PPP Session Queuing on ATM VCs, page 17-62
17-60
OL-7433-09
Chapter 17
17-61
Chapter 17
Purpose
17-62
OL-7433-09
Chapter 17
Command
Purpose
17-63
Chapter 17
Example 17-33 Displaying PPP Session Informationshow pxf cpu queue session Command
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
1 session total
Uniq ID
14
PPPoE
SID
6
RemMAC
LocMAC
0009.b68d.bb37
0009.b68d.bc37
Port
ATM2/0/7.5555
VC: 1/5555
VT
VA
VA-st
Vi3.1
555
State
Type
PTA
UP
Router#
Router#
Router# show pxf cpu queue session sid 6
ATM2/0/7.5555: PVC 1/5555
VCCI/ClassID
ClassName
2623/0
class-default
$1
2623/1
cm_0
2623/2
cm_1
2623/31
net-control
QID Length/Avg
1858
0/0
1856
0/0
1859
0/0
591
0/1
Max
77
77
40
1105
Dequeues
0
0
0
335137
Drops(Tail/Random)
0/0
0/0
0/0
0/0
Legend:
$x: Priority Queue level x
b: PQ Activation and Dequeue Blocked
~: RED Queue
P: MLP Pkt Queue
F: MFR Pkt Queue
M1:MLP , M5:MLPFR , MA:MLPOA , M6:FRF12 , M7:MLFR, M8:FRF12_16
Example 17-34 uses the show policy-map session command to display QoS policy map statistics for
traffic in the downstream direction. The example also shows the policy map configurations.
Example 17-34 Displaying PPP Session Informationshow policy-map session Command
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
1 session total
Uniq ID
14
PPPoE
SID
6
RemMAC
Port
LocMAC
0009.b68d.bb37
ATM2/0/7.5555555
0009.b68d.bc37 VC: 1/5555
VT
VA
VA-st
Vi3.1
UP
State
Type
PTA
Router#
Router#
Router# show policy-map session uid 14
SSS session identifier 14 Service-policy output: pm_hier2_0_2
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 50 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
17-64
OL-7433-09
Chapter 17
17-65
Chapter 17
Related Documentation
1
5 2 ms 0 ms conform-action transmit exceed-action drop
drop
packets
Class cm_1
Average Rate Traffic Shaping
cir 80%
bandwidth remaining ratio 80
Class class-default
Average Rate Traffic Shaping
cir 50%
bandwidth remaining ratio 20
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
RADIUS
17-66
OL-7433-09
CH A P T E R
18
18-1
Chapter 18
Differential marking of the IP ToS bits (see the IP Differentiated Services Code Point Marking
section on page 7-6)
Per User QoS Selection (see the Applying Traffic Shaping Parameters Using RADIUS Profiles
section on page 17-2 in Chapter 17, Configuring Dynamic Subscriber Services.)
18-2
OL-7433-09
Chapter 18
PPPoA
PPPoE
RBE
The configuration of per session rate limiting involves the following components:
Class mapClassifies the traffic on an interface. The class map uses the match statements that you
define to classify subscriber traffic.
Policy mapDefines QoS actions and rules and associates these to a class map. The policy map
specifies the class map for a session and also indicates the policing actions to perform.
Service policyAttaches a policy map to an interface and specifies the direction (inbound or
outbound) that the policy should be applied.
QoS configuration typically involves applying the service policies to interfaces. For PPPoA, PPPoE, and
PPP in L2TP sessions, however, you apply the service policy to a predefined configuration template
known as the virtual template interface. The virtual template interface is a logical entity that is applied
dynamically as needed to a connection. It is used to create and configure a virtual access interface (VAI).
The VAI uses the virtual template interface to create a session, which results in a VAI that is uniquely
configured for a specific user. All of the VAIs that use the virtual template interface inherit the service
policy applied to the template.
Note
Not all of the QoS actions available through the modular QoS CLI are available to the virtual access
interface. For information about the available actions, see the Input and Output Policy Actions section
on page 18-7.
For CBWFQ on the Cisco 10000 series router, when you apply a service policy to a virtual circuit (VC),
the VAIs that use that VC inherit the service policy of the VC. Any VAI that uses that VC is subject to
the queuing, policing, and marking actions defined in the VC service policy.
Note
Do not apply service policies with CBWFQ actions to a VAI using a virtual template. The Cisco 10000
series router supports queuing only when you apply the service policy to a VC.
You can also configure per session rate limiting using a Cisco vendor specific attribute (VSA) in a
RADIUS user profile. For more information, see the Per Session Service Policy Using RADIUS
section on page 18-5.
For RBE sessions, apply the service policy to the ATM VC or subinterface.
18-3
Chapter 18
Description
Required PRE
Release 12.2(16)BX
The per session rate limiting feature was introduced on the PRE2
PRE2.
Release 12.2(28)SB
PRE2
Access Control Lists (ACLs)Create a unique ACL for each user behind the subscriber. The criteria
you specify, such as a user IP address, is used to filter the traffic coming into or leaving the
Cisco 10000 series router interface.
Class mapClassifies the traffic on an inbound or outbound interface. The class map uses the match
statements that you define to classify subscriber traffic.
Policy mapDefines QoS actions and rules and associates these to a class map. The policy map
specifies the class map for a session and also indicates the policing actions to perform.
Service policyAttaches a policy map to an interface and specifies the direction (inbound or
outbound) that the policy should be applied.
For PPPoA, PPPoE, and PPP in L2TP sessions, apply the service policy to a virtual template interface,
which is used to create and configure a VAI. The VAI uses the virtual template interface to create a
uniquely configured user session. All of the VAIs that use the virtual template interface inherit the
service policy applied to it.
For RBE sessions, apply the service policy to the ATM virtual circuit (VC) or subinterface.
Note
Do not apply service policies with CBWFQ actions to a VAI using a virtual template. The Cisco 10000
series router supports queuing only when you apply the service policy to a VC.
18-4
OL-7433-09
Chapter 18
Description
Required PRE
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
Component
Access Lists
Class Maps
Policy Maps
Classes
Match Statements
Depending on the complexity of your configuration, the Cisco 10000 series router supports up to 4,096
policy maps. In complex configurations the maximum number of policy maps can be as small as a few
hundred. Additionally, when you use percent-based policing in a service policy, the system may convert
a single customer-configured service to multiple service policies (which count against the 4096 limit).
The system uses one such service policy for each different speed interface that uses a service policy with
percent-based policing
Each policy-map command counts as one policy map and applying the same policy map on different
speed interfaces also counts as an extra policy map. The policy-map command syntax is unchanged.
18-5
Chapter 18
Note
The RADIUS server authenticates a user before the server downloads the VSA that is in the user profile.
The RADIUS server does not communicate changes to the Cisco 10000 series router until user
authentication occurs.
The configuration of per session service policy involves the following:
1.
2.
3.
Download the name of the service policy from the RADIUS server.
You can use a VSA to make the configuration scalable. The service to which the user belongs (the
policy map name) resides on the RADIUS server. The Cisco 10000 series router downloads the
name of the policy map from the RADIUS server using the VSA in the user profile. The
Cisco-Policy-Up VSA 37 is used for upstream traffic coming from a subscriber and the
Cisco-Policy-Down VSA 38 is used for downstream traffic going toward a subscriber. The
PPP/VPDN client processes these VSA attributes.
4.
Description
Required PRE
Release 12.2(15)BX
The per session service policy using RADIUS feature was PRE2
introduced on the PRE2.
Release 12.2(28)SB
PRE2
Restrictions and Limitations for per Session Service Policy Using RADIUS
The Cisco 10000 series router routes IP packets for PPPoA, PPPoE, and RBE sessions. Apply input
rate limiting to the packets coming from the client device to the Cisco 10000 series router. Apply
output rate limiting to the packets going to the client device from the Cisco 10000 series router.
You can also apply IP QoS to the PPP tunneled sessions at the L2TP network server (LNS). Apply
input rate limiting to the packets coming out of the L2TP tunnel and output rate limiting to the
packets going into the tunnel.
For PPPoA, PPPoE, PPP in L2TP, and RBE sessions, the Cisco 10000 series router supports the
following QoS features when no atm pxf queuing is enabled or the virtual circuit (VC) is a UBR
VC:
Rate limiting on each session in the input, output, or both input and output directions
18-6
OL-7433-09
Chapter 18
The set qos-group (input only), set ip precedence, and set ip dscp policy map actions
The Cisco 10000 series router does not support the following QoS features when no atm pxf
queuing is enabled or the VC is a UBR VC:
Weighted fair queuing (WFQ)
Weighted random early detection (WRED)
Class-based weighted fair queuing (CBWFQ)
Traffic shaping for IP and PPP
For RBE sessions and VAIs that inherit the service policy of the VC, the Cisco 10000 series router
supports the following QoS features when atm pxf queuing is enabled and the VC is a VBR VC:
Rate limiting on each session in the input, output, or in both the input and output directions
The set qos-group (input only), set ip precedence, and set ip dscp policy map actions
Weighted fair queuing (WFQ)
Weighted random early detection (WRED)
Class-based weighted fair queuing (CBWFQ)
Traffic shaping
Note
The Cisco 10000 series router has been verified to support a VC count up to 8000 VCs when
atm pxf queuing is enabled. The router supports ATM level QoS, affecting traffic on the ATM
VCs. Both UBR (PCR specified) and VBR (PCR and SCR specified) VCs are available.
The Cisco 10000 series router does not impose any restrictions on the classification definitions you
include in the class map. However, it does limit the input and output policy actions that you can
define in a policy map. These limitations are based on the type of interface on which you apply the
service policy. As indicated in Table 18-2 and Table 18-3, the interface types are:
Normal interface, including VBR VCs on ports configured in pxf queuing mode
Tag interface (MPLS VPN)
Virtual access interface (VAI)
ATM UBR VCs and VCs configured on ports in no atm pxf queuing mode
18-7
Chapter 18
Note
Interface Type
Policy Map
Actions
Normal
Virtual Access
bandwidth
Not Applicable
Not Applicable
Not Applicable
Not Applicable
queue-limit
Not Applicable
Not Applicable
Not Applicable
Not Applicable
priority
Not Applicable
Not Applicable
Not Applicable
Not Applicable
shape
Not Available
Not Available
Not Available
Not Available
random-detect
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set ip prec/dscp
Valid
Not Applicable
Valid
Valid
set qos-group
Valid
Valid
Valid
Valid
set atm-clp
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set cos
Not Applicable
Not Applicable
Not Applicable
Not Applicable
police
Valid
Valid
Valid
Valid
set mpls-exp
Not Available
Not Available
Not Available
Not Available
In Table 18-2 and Table 18-3, Not Applicable indicates that you cannot do the action on a Cisco
product or that it has no meaning in the context indicated. Not Available means the action is not
supported. When configuring an input policy map for a VAI, be careful that you do not include the Not
Applicable or Not Available policy actions indicated. If you do, an error message appears.
Table 18-3 lists the output policy actions that you can define in a policy map for specific interface types.
Table 18-3 Output Policy Map Actions
Interface Type
Policy Map
Actions
Normal
Virtual Access
bandwidth
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
queue-limit
Valid
Valid
Not Available
Not Available
priority
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
shape
Valid
Valid
Valid
Not Applicable
(Applied to the
VC, not the VAI)
random-detect
Valid
Valid
Not Available
Not Available
18-8
OL-7433-09
Chapter 18
Interface Type
Policy Map
Actions
Normal
Virtual Access
set ip prec/dscp
Valid
Not Applicable
Valid
Valid
set qos-group
Not Applicable
Not Applicable
Not Applicable
Not Applicable
set atm-clp
Valid
Not Available
Not Available
Not Available
set cos
Valid
Not Available
Valid
Not Applicable
police
Valid
Valid
Valid
Valid
set mpls-exp
Not Applicable
Not Available
Not Applicable
Not Applicable
Note
If the policing action applies to all traffic through the interface, you can use the predefined class named
class-default. Using one class in the policy map requires less process memory in the Cisco 10000 series
router.
Purpose
Step 1
Creates a class map with the name you specify and enters
class-map configuration mode.
Step 2
Router(config-cmap)# exit
Step 4
Router(config)# policy-map
policy-map-name
Creates a policy map with the name you specify and enters
policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 5
18-9
Chapter 18
Step 6
Command
Purpose
Step 7
Router(config)# interface
virtual-template number
Step 8
Attaches the policy map to the virtual template interface. All VAIs
using the virtual template interface inherit the IP QoS parameters
defined in the policy map.
policy-map-name is the name of the policy map you want to apply
to the virtual template.
Note
Do not apply service policies with Class-Based Weighted Fair Queuing (CBWFQ) actions to a virtual
access interface (VAI) using a virtual template. The Cisco 10000 series router supports queuing only
when you apply the service policy to a VC. For RBE sessions, apply the service policy to the ATM VC
or subinterface.
Purpose
Router(config)# access-list
access-list-number {permit | deny}
protocol [source-address]
[destination-address] port
Step 2
Step 3
Step 1
Note
Router(config-cmap)# exit
Step 5
Router(config)# policy-map
policy-map-name
Creates a policy map with the name you specify and enters
policy-map configuration mode.
Step 6
18-10
OL-7433-09
Chapter 18
Step 7
Command
Purpose
Step 8
Router(config)# interface
virtual-template number
Step 9
Attaches the policy map to the virtual template. All VAIs using
the virtual template interface inherit the IP QoS parameters
defined in the policy map.
policy-map-name is the name of a previously configured policy
map. In this case, it is the name of the policy map you specified
in Step 5.
Note
Do not apply service policies with CBWFQ actions to a VAI using a virtual template. The Cisco 10000
series router supports queuing only when you apply the service policy to a VC. For RBE sessions, apply
the service policy to the ATM VC or ATM subinterface.
Note
For information on creating a class map and policy map, see the Configuring per Session Rate
Limiting section on page 18-9.
You must configure the RADIUS server on the Cisco 10000 series router. The Configuring RADIUS
chapter in the Cisco IOS Security Configuration Guide, Release 12.2 describes how to set up RADIUS
for authentication, authorization, and accounting (AAA). It includes the following sections that are
relevant to configuring RADIUS on the Cisco 10000 series router:
Configuring the Router to Query RADIUS Server for Static Routes and IP Addresses (Optional)
Configuring the Router to Expand Network Access Server Port Information (Optional)
18-11
Chapter 18
Configuration Example for Per User Multiservice Rate Limiting, page 18-13
Configuration Example for Per Session Service Policy Using RADIUS, page 18-13
Note
Use access control lists (ACLs), protocols, or input interface names to define how to classify traffic.
If the policing action applies to all traffic through the interface, use the predefined class named
class-default. Using one class in the policy map requires less process memory in the Cisco 10000
series router.
The preceding configuration example defines an output policing policy. You can also define an input
policy in a similar way.
18-12
OL-7433-09
Chapter 18
Configure the RADIUS server on the Cisco 10000 series router as described in the Configuring
RADIUS chapter in the Cisco IOS Security Configuration Guide, Release 12.2.
Create the class map and policy map as described in the Configuring per Session Rate Limiting
section on page 18-9.
18-13
Chapter 18
In the RADIUS AAA user profile, the lcp:interface-config AV-pair is used to configure class-based
policing or marking. In Example 18-3, the service policy named rad_input_policy is applied to the users
virtual access interface. You create the service policy on the router.
Note
Using the lcp:interface-config AV-pair forces the Cisco 10000 series router to use full access virtual
interfaces, which decreases scaling. We recommend that you do not use this configuration. In
Release 12.2(15)BZ and later releases, you can use a VSA to make the configuration scalable. The router
downloads the name of the policy map to which the user belongs from the RADIUS server using the VSA
in the user profile. The Cisco-Policy-Up VSA 37 is used for upstream traffic coming from a subscriber
(input service policy) and the Cisco-Policy-Down VSA 38 is used for downstream traffic going toward
a subscriber (output service policy). The PPP/VPDN client processes these VSA attributes.
Example 18-3 Sample RADIUS User Profile for Configuring Per Session Service Policy
!Creates the RADIUS user profile.
user1005 Password = user1
Service-Type = Framed-User,
Framed-Protocol = PPP
av-pair = ip:addr-pool=pool4,
cisco-av-pair = lcp:interface-config=service-policy input rad_input_policy
........
virtual-profile aaa
!Creates the service policy on the Cisco 10000 series router.
policy-map rad_input_policy
class class-default
priority
police 256000 1500 1500 conform-action transmit exceed-action drop
vpdn enable
.....
interface Virtual-Template 1
ppp authentication chap
........
To use the Cisco-Policy-Up VSA to download the name of the policy from RADIUS and apply the QoS
policy to an interface, configure the following in the user profile on the RADIUS server:
Cisco:Cisco-Policy-Up=rad_input_policy
Example 18-4, Example 18-5, and Example 18-6 are sample configurations for the Merit RADIUS
server and the associated LNS device.
Example 18-4 Merit RADIUS User File
18-14
OL-7433-09
Chapter 18
Cisco-Policy-Up
Cisco-Policy-Down
37
38
string
string
(*, *)
(*, *)
VSA
aaa new-model
!
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization configuration default group radius
aaa session-id common
!
policy-map rad_input_policy
class class-default
priority
police 8000 8000 16000 conform-action transmit exceed-action drop
!
policy-map rad_output_policy
class class-default
priority
police 8000 8000 16000 conform-action transmit exceed-action drop
!
radius-server host 100.1.1.2 auth-port 1645 acct-port 1646
radius-server key cisco
radius-server authorization permit missing Service-Type
AV-Pair
aaa new-model
!
aaa authentication ppp default group radius
aaa authorization exec default group radius
aaa authorization network default group radius
aaa authorization configuration default group radius
aaa session-id common
!
policy-map rad_input_policy
class class-default
priority
police 8000 8000 16000 conform-action transmit exceed-action drop
!
radius-server host 100.1.1.2 auth-port 1645 acct-port 1646 non-standard
radius-server key cisco
radius-server authorization permit missing Service-Type
18-15
Chapter 18
Purpose
18-16
OL-7433-09
Chapter 18
Verification Example for the show policy-map interface Command, page 18-17
User
abc@hello1
abc@hello1
abc@hello1
abc@hello1
Service
TTY
VTY
PPPoE
PPPoE
PPPoE
PPPoE
Active Time
00:14:31
00:16:45
00:12:10
00:12:10
00:12:10
00:12:10
Idle Time
00:12:14
00:00:00
18-17
Chapter 18
IP single-host sessionAn IP session that represents a single host. This session is based on an IP
source address.
IP subnet sessionAn IP session that represents a set of end users. This session is based on an IP
subnet.
IP interface sessionA single session that is created for one subscriber interface. The router applies
all MQC features attached to the interface to all traffic arriving and leaving through that interface.
MQC for IP sessions supports policing on an IP session, whether the policing action is configured on
one or more traffic classes of the session or directly on the session. For example, you can configure
shaping on an IP session and configure policing on one or more traffic classes of the IP session. You can
also configure policing statically on an IP session.
MQC for IP sessions supports the dynamic configuration of IP sessions using a RADIUS user or service
profile. The router applies the incoming dynamic policy to the IP session if no policy map exists on the
IP session or the existing policy map is configured from a lower priority source.
Note
The router removes the existing, lower-priority sourced policy map before adding the incoming
dynamic policy.
The router ignores the incoming dynamic policy if a policy map exists on the IP session and it is
configured from a higher priority source.
The following sections describe MQC on IP sessions:
Restrictions and Limitations for MQC Support for IP Sessions, page 18-20
For more information, see the ISG: Flow Control: QoS Control: MQC Support for IP Sessions,
Release 12.2(33)SB feature guide.
18-18
OL-7433-09
Chapter 18
Description
Required PRE
Release 12.2(33)SB
PRE2, PRE3,
PRE4
Marking
Policing
Queuing
Policing
Marking
Physical Ethernet
When a sessions that does not have a policy map starts, it inherits the policy and queues from the
immediate parent that has a policy (for example, a subinterface or main interface).
When a session with an inherited policy receives a policy from the RADIUS server, it first removes
the inherited policy and then applies the policy from the RADIUS server.
When a session without a policy starts and its parent interfaces also do not have a policy, but a policy
is later attached to the parent, one of the following actions occurs:
The policy is attached to the main interface and sessions directly on that interface inherit it.
Sessions on subinterfaces under the main interface that do not have a policy of their own also
inherit it.
The policy is attached to the subinterface and sessions under that subinterface inherit it.
18-19
Chapter 18
When you remove a policy from the parent interface, one of the following actions occurs:
The policy is removed from a subinterface and is uninherited from any sessions on the
subinterface that inherited the policy from it. If the main interface has a policy, sessions on the
subinterface from which the policy was removed inherit that.
The policy is removed from the main interface and is uninherited from the main interface and
also from any sessions under its subinterfaces that inherited this policy.
When a session without a policy receives one from the RADIUS server, you only need to install the
new policy. However, when a session with an inherited policy from the parent receives a new policy
from the RADIUS server, you must first uninherit the parent policy and then install the new one.
When a session policy is removed, the session inherits the policy from its nearest parent,
subinterface, or main interface that has a policy.
IP session QoS and PPP session QoS are two separate features. IP session QoS does not include PPP
session QoS.
Only the marking and policing features work in upstream traffic. All queuing, policing, and marking
MQC features work in downstream traffic.
The behavior of session and interface oversubscription for the PRE2 and PRE3 is unchanged from
the usual QoS oversubscription behavior on the PRE2 and PRE3.
The PRE2 does not support three-level hierarchical MQC policies. Therefore, MQC policies applied
to IP sessions on PRE2-based routers must conform to this PRE2 limitation. For example, a shaping
policy that is applied to a session can have just two levels, where one level has all class queues and
the next level is the default queue that does aggregate shaping.
The PRE3 supports three levels of hierarchies. Any limitations of PRE3 hierarchies also apply to the
MQC policies on IP sessions.
The router cannot map IP sessions to an interface. However, the router can map LNS and LAC
sessions to an interface.
18-20
OL-7433-09
Chapter 18
The router does not support QoS on IP sessions over other sessions. For example, consider a
configuration in which a virtual template terminates a PPP session and routes IP traffic, and the
router creates an IP session from the traffic flow. In this case, the router does not support the
configuration because policy maps are attached to the virtual template and applied to the IP session,
too.
Currently, the router allows class-level queues only at the top level in session policy maps. All other
levels must have a single-level policy and use the default queues.
The router does not support MQC on IP sessions over the following interfaces:
Bridge-Group Virtual Interface (BVI)
Gigabit EtherChannel (GEC)
PPP sessions (PPPoE and PPPoA)
L2TP sessions on the LNS
Ethernet over MPLS (EoMPLS) termination
MQC on IP sessions does not provide full high availability (HA) functionality. After a switchover
operation, the router recreates the sessions and reapplies the configurations.
Per use ACL is not supported for traffic class on IP sessions on the Cisco 10000 series router.
Configuring QoS on Service Policy Maps Without Traffic Classes, page 18-21
Configuring QoS on Service Policy Maps With Traffic Classes, page 18-22
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Creates a policy map with the name you specify and enters
policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 2
18-21
Chapter 18
Step 3
Command
Purpose
Step 4
Router(config-pmap-c)# exit
Step 1
Step 2
Router(config-pmap)# service-policy
{input | output} policy-map-name
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Creates a policy map with the name you specify and enters
policy-map configuration mode.
policy-map-name is the name of the policy map.
Step 2
Step 3
Step 4
Router(config-pmap-c)# exit
Step 5
18-22
OL-7433-09
Chapter 18
Step 6
Command
Purpose
Step 7
Router(config-pmap-c)# service-policy
{input | output} policy-map-name
The following example shows how to configure a service policy named Unauthorized_Redirect_PVC.
This service policy redirects Unauthorized_Traffic to IP address 10.0.0.148 using port 8080.
class-map type traffic Unauthorized_Traffic
match access-group input 100
!
policy-map type service Unauthorized_Redirect_PVC
class type traffic Unauthorized_Traffic
redirect to ip 10.0.0.148 port 8080
The following example shows how to configure a service policy named Service1. This policy has two
traffic classes configured: class1 and the default traffic class. Default traffic is dropped for both inbound
and outbound traffic.
policy-map type service Service1
class type traffic class1
prepaid-config PREPAID
class type traffic default in-out
drop
18-23
Chapter 18
Purpose
Helps to avoid traffic congestion and allows the ISP to adhere to the Service Level Agreement (SLA)
established for managing traffic.
Provides a high degree of granularity for managing traffic on the network. Figure 18-1 is a sample
topology for per-session shaping and queuing on an LNS.
Figure 18-1
Downstream traffic
ISP
Subscriber
LAC
L2TP tunnel
PPP session
127500
LNS
Downstream traffic is forwarded from the ISP (the source) to an ISP subscriber (the destination)
during a PPP session.
2.
From an LNS at the ISP, the traffic is transmitted over an L2TP tunnel to an L2TP Access
Concentrator (LAC) and then to the subscriber.
3.
Shaping and queuing the per-session traffic on an LNS can take into account the overhead between
the LNS, LAC, or E-DSLAM-to-CPE by using the user-defined overhead in the shape or bandwidth
command.
4.
To specify the overhead offset in child and parent policies, use the bandwidth and shape
commands. The offset values and encapsulation types must match in the child and parent policies.
18-24
OL-7433-09
Chapter 18
Description
Required PRE
Release 12.2(31)SB6
The Per Session Shaping and Queuing on LNS feature was PRE3
introduced on the PRE3.
This feature uses policy maps in which queuing mechanisms (such as class-based weighted fair
queuing [CBWFQ]) are configured.
Restrictions and Limitations for Per Session Shaping and Queuing on LNS
Cisco IOS Release 12.2(31)SB8 does not support load balancing when per session shaping and
queuing is configured. However, this release does support load balancing if no output QoS is applied
to the session. Cisco IOS Release 12.2(31)SB6 does not support load balancing at all on the LNS.
Cisco IOS Release 12.2(31)SB10 supports load balancing for all QoS configurations, except those
containing a queuing action that is applied to a session. For example, the router does not support
load balancing for a session if the policy map applied to the session contains the shape, bandwidth,
or priority command.
This feature only applies when the LAC and LNS are connected by Ethernet and ATM point-to-point
subinterfaces.
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
Step 2
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
18-25
Chapter 18
Step 3
Command
Purpose
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} account
{{{qinq | dot1q} {aal5 | aal3}
{subscriber-encap}} | {user-defined
offset [atm]}}
Step 3
(cont.)
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage} account
{{{qinq | dot1q} {aal5 | aal3}
{subscriber-encap}} | {user-defined
offset [atm]}}
Step 4
Router(config-pmap-c)# exit
Step 5
Router(config-pmap)# policy-map
policy-map-name
Step 6
18-26
OL-7433-09
Chapter 18
Step 7
Command
Purpose
Shapes traffic to the indicated bit rate and enables ATM overhead
accounting.
rate is the bit-rate used to shape the traffic, expressed in kilobits
per second.
account enables ATM overhead accounting. For more
information, see the ATM Overhead Accounting section on
page 10-2.
qinq specifies queue-in-queue encapsulation as the broadband
aggregation system-DSLAM encapsulation type.
dot1q specifies IEEE 802.1Q VLAN encapsulation as the
broadband aggregation system-DSLAM encapsulation type.
aal5 specifies the ATM Adaptation Layer 5 that supports
connection-oriented variable bit rate (VBR) services. You must
specify either aal5 or aal3.
aal3 specifies the ATM Adaptation Layer 5 that supports both
connectionless and connection-oriented links. You must specify
either aal3 or aal5.
subscriber-encap specifies the encapsulation type at the
subscriber line. For more information, see the Overhead
Accounting and Hierarchical Policies section on page 10-6.
Step 7
(cont.)
Router(config-pmap-c)# service-policy
policy-map-name
Step 9
Router(config-pmap-c)# exit
Step 10
Router(config)# interface
virtual-template number
Step 11
Router(config-if)# service-policy
policy-map-name
18-27
Chapter 18
Configuration Example for Configuring a Per Session Shaping and Queuing on LNS Policy
Example 18-9 shows how to configure a per session shaping and queuing on LNS policy. In this example,
the router uses 20 overhead bytes and ATM cell tax in calculating ATM overhead. The child and parent
policies contain the required matching offset values. The parent policy is attached to virtual template 1.
Example 18-9 Configuring Per Session Shaping and Queuing on LNS Policy on the Router
policy-map child
class class1
bandwidth 500 account user-defined 20 atm
class class2
shape average 30000 account user-defined 20 atm
policy-map parent
class class-default
shape average 30000 account user-defined 20 atm
service-policy child
interface virtual-template 1
service-policy output parent
Purpose
Verification Examples for Per Session Shaping and Queuing on LNS Policies
Example 18-10 shows sample output for the show policy-map command. In the example, the router uses
20 overhead bytes in calculating ATM overhead.
Example 18-10 Sample Outputshow policy-map Command
Router# show policy-map child
Policy Map child
Class Class1
Average Rate Traffic Shaping
cir 20% account user-defined 20
Example 18-11 shows sample output for the show running-config command. In the example, the output
modifier starts the display at the Parent policy map line.
Example 18-11 Sample Outputshow running-config Command
Router# show running-config | begin Parent
Policy Map Parent
class class1
18-28
OL-7433-09
Chapter 18
Child policyDefines QoS actions using QoS commands such as the priority, bandwidth, and
police commands.
Parent policyContains only the class-default class with the shape or bandwidth remaining ratio
command configured, or with both commands configured:
shape commandShapes the session traffic to the specified bit rate, according to a specific
algorithm.
bandwidth remaining ratio commandSpecifies a ratio value that the router uses to
determine how much unused bandwidth to allocate to the session during congestion.
For more information about nested hierarchical policies, see the Nested Hierarchical Policies section
on page 13-6.
Note
The PPP Session Queuing on ATM VCs feature applies to both PPP terminated aggregation (PTA) and
L2TP access concentrator (LAC) configurations.
18-29
Chapter 18
PPPoE Session
Interface with shaper
Voice
ATM VC
Session #1
with QoS
Video
pppoe-Session
Data-premium
HW Interface
Class-default
Session #2
without QoS
191919
pppoe-Session
Description
Required PRE
Release 12.2(31)SB6
PRE3
User ProfileThe user profile on the RADIUS server contains an entry that identifies the policy
map name applicable to the user. The policy map name is the service that RADIUS downloads to
the router after a session is authorized.
Service ProfileThe service profile on the RADIUS server specifies a session identifier and an
attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session.
The AV-pair defines the service (policy map name) to which the user belongs.
18-30
OL-7433-09
Chapter 18
After receiving a service-logon request from the policy server, RADIUS sends a change of authorization
(CoA) request to the router to activate the service for the subscriber, who is already logged in. If the
authorization succeeds, the router downloads the name of the policy map from RADIUS using the
ip:sub-qos-policy-in[out]= AV-pair and applies the QoS policy to the PPPoA or PPPoEoA
session. Because the service policy contains queuing-related actions, the router sets up the appropriate
class queues.
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the ip:sub-qos-policy-in[out]= AV-pairs for QoS
policy definitions.
Queue Inheritance
Queuing Policy
No policy
VC default queue
Applied to the VC
VC queues
Session queues
If no queuing policy is applied at the VC or session level, the router sends all traffic on the VC to
the default queue, including traffic from sessions on the VC that have a policing-only policy applied
or no policy applied.
If a queuing policy is applied at the VC level, but not at the session level, the router sends traffic to
the queues associated with the queuing policy on the VC.
If queuing policies are applied to some sessions on a VC but not to other sessions, the router sends
the traffic with a policing-only policy or with no policy applied to the VCs default queue. The router
sends traffic with queuing policies to the queues associated with the queuing policy applied to the
session.
18-31
Chapter 18
Create traffic classes using the class-map command and specify the match criteria used to classify
traffic.
For dynamic PPPoA or PPPoEoA session queuing using RADIUS, you must:
Enable authentication, authorization, and accounting (AAA) on the router
Configure the RADIUS server for dynamic QoS
Create the subscribers user profile on the RADIUS server
You cannot configure PPP session queuing on unshaped VCsVCs without a specified peak cell
rate (PCR) or sustained cell rate (SCR).
Although you can configure oversubscription at the VC level, the router does not guarantee priority
queuing (PQ) and fair treatment among VCs during congestion.
VCs with session queuing polices cannot be part of a shaped virtual path (VP).
PPP session queuing does not allow you to simultaneously configure queuing policies on a VC and
on a session of that VC, although the router permits the configuration.
The maximum number of VCs with PPP session queuing policies cannot exceed 16,000 VCs system
wide.
18-32
OL-7433-09
Chapter 18
If the same ATM category (for example, shaped unspecified bit rate (UBR)) contains both high and
low bandwidth VCs, the SAR mechanism can cause low throughput for high bandwidth VCs. The
workaround for this issue is to use different ATM classes for low and high bandwidth VCs. For
example, configure low bandwidth VCs as shaped UBR and high bandwidth VCs as variable bit
rate-nonreal-time (VBR-nrt) or constant bit rate (CBR).
When you apply queuing policies to sessions, do not apply a policy at the VC level on the same VC.
The CLASS-BASED QOS MIB does not include statistics for service policies applied to sessions.
The router ignores the VC weight when it is configured on a VC with PPP session queuing
configured.
Associating the Hierarchical Policy Map with a Virtual Template, page 18-36
Step 1
Command
Purpose
Router(config)# policy-map
policy-map-name
18-33
Chapter 18
Step 2
Command
Purpose
Assigns the traffic class you specify to the policy map. Enters
policy-map class configuration mode.
class-map-name is the name of a previously configured class map
and is the traffic class for which you want to define QoS actions.
Note
Step 3
Step 4
Step 5
Step 6
Router(config-pmap-c)# bandwidth
remaining ratio
Step 7
Router(config-pmap-c)# exit
18-34
OL-7433-09
Chapter 18
Step 8
Command
Purpose
Router(config-pmap)# policy-map
policy-map-name
Step 9
Step 10
Router(config-pmap-c)# bandwidth
remaining ratio
Step 11
Shapes traffic to the indicated bit rate and enables ATM overhead
accounting.
(Optional) average is the committed burst (Bc) that specifies the
maximum number of bits sent out in each interval. This option is
only supported on the PRE3.
mean-rate is also called committed information rate (CIR).
Indicates the bit rate used to shape the traffic, in bits per second.
When this command is used with backward explicit congestion
notification (BECN) approximation, the bit rate is the upper
bound of the range of bit rates that are permitted.
(Optional) burst-size is the number of bits in a measurement
interval (Bc).
(Optional) excess-burst-size is the acceptable number of bits
permitted to go over the Be.
Step 12
Router(config-pmap-c)# service-policy
policy-map-name
The following example shows how to configure a hierarchical QoS policy. In the example, the
child-policy configures QoS features for two traffic classes: Premium and Silver. Premium traffic has
priority and is policed at 40 percent. The router sets the IP precedence of Premium traffic to precedence
level 3. Silver traffic is policed at 80000 bps and IP precedence level 3 is set. The child-policy is applied
to the Parent policy class-default class, which shapes traffic to 200,000 Kbps.
Router(config)# policy-map child-policy
Router(config-pmap)# class Premium
Router(config-pmap-c)# priority
Router(config-pmap-c)# police percent 40
Router(config-pmap-c)# set ip precedence 3
Router(config-pmap-c)# class Silver
Router(config-pmap-c)# police 80000 10000 conform-action transmit exceed-action drop
Router(config-pmap-c)# set ip precedence 5
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map Parent
Router(config-pmap)# class class-default
Router(config-pmap-c)# shape 200000
18-35
Chapter 18
Step 1
Command
Purpose
Router(config)# interface
virtual-template template-number
Step 2
Step 3
Router(config-if)# exit
The following example shows how to associate a policy map with a virtual template. In this example, the
policy map named Parent is associated with the virtual template named VirtualTemplate1.
Router(config)# interface virtual-template1
Router(config-if)# service-policy output Parent
Router(config-if)# exit
Router(config)#
18-36
OL-7433-09
Chapter 18
Step 1
Command
Purpose
Step 2
Router(config-bba-grp)# virtual-template
template-number
Step 3
Router(config-bba-grp)# exit
Step 4
Step 5
vci specifies the ATM network virtual channel identifier (VCI) for
this PVC. Valid values are from 0 to 1 less than the maximum
value set for this interface by the atm vc-per-vp command. A
value that is out of range causes an "unrecognized command"
error message.
Note
18-37
Chapter 18
Step 6
Command
Purpose
Step 7
Router(config-atm-vc)# exit
Step 8
Router(config-subif)# exit
The following example shows how to associate a virtual template interface with an ATM interface and
apply the policies in the virtual template to the sessions on the interface. In the example, the service
policy named Parent is applied to the Virtual-Template 8, which is associated with the bba-group named
pppoeoa-group. The bba-group is applied to PVC 101/210 on ATM subinterface 4/0/1.10.
bba-group pppoe pppoeoa-group
Virtual-Template 8
interface ATM4/0/1.10 point-to-point
pvc 101/210
vbr-nrt 4000 2000 50
no dbs enable
encapsulation aal5snap
protocol pppoe group pppoeoa-group
!
interface Virtual-Template8
ip unnumbered Loopback5555
no logging event link-status
peer default ip address pool pool-1
ppp authentication chap
service-policy output Parent
Adding the Cisco QoS AV Pairs to the RADIUS Profile, page 18-39
18-38
OL-7433-09
Chapter 18
The Cisco AV-pair identifies the policy map the router is to use when applying QoS features to a PPPoA
or PPPoEoA session. After receiving a service-logon request from the policy server, RADIUS sends a
change of authorization (CoA) request to the router to activate the service for the user, who is already
logged in. If the authorization succeeds, the router downloads the name of the policy map from RADIUS
using the Cisco AV-pair and applies the QoS policy to the session.
Note
Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down
and Cisco-Policy-Up, we recommend that you use the above attribute for QoS policy definitions.
Example of Setting Up RADIUS for PPP Session Queuing on ATM VCs, page 18-41
18-39
Chapter 18
class class-default
shape average percent 100
bandwidth remaining ratio 100
service-policy pm_hier_child_0_2
interface ATM2/0/7.5555 point-to-point
pvc 1/5555
vbr-nrt 4000 2000 50
no dbs enable
encapsulation aal5snap
protocol pppoe group pppoeoa-group
!
!
interface Virtual-Template555
ip unnumbered Loopback5555
no logging event link-status
peer default ip address pool pool-1
ppp authentication chap
service-policy output pm_hier2_0_2
18-40
OL-7433-09
Chapter 18
Purpose
18-41
Chapter 18
Command
Purpose
Note
PPPoE
SID
6
RemMAC
LocMAC
0009.b68d.bb37
0009.b68d.bc37
Port
VA-st
ATM2/0/7.5555
VC: 1/5555
VT
VA
555
Vi3.1
State
Type
PTA
UP
18-42
OL-7433-09
Chapter 18
Router#
Router#
Router# show pxf cpu queue session sid 6
ATM2/0/7.5555: PVC 1/5555
VCCI/ClassID ClassName
2623/0
class-default
2623/1
cm_0
2623/2
cm_1
2623/31
net-control
QID
1858
1856
1859
591
Length/Avg
0/0
0/0
0/0
0/1
Max Dequeues
77
0
77
0
40
0
1105
335137
Drops(Tail/Random)
0/0
0/0
0/0
0/0
Legend:
$x: Priority Queue level x
b: PQ Activation and Dequeue Blocked
~: RED Queue
P: MLP Pkt Queue
F: MFR Pkt Queue
M1:MLP , M5:MLPFR , MA:MLPOA , M6:FRF12 , M7:MLFR, M8:FRF12_16
Example 18-16 uses the show policy-map session command to display QoS policy map statistics for
traffic in the downstream direction. The example also shows the policy map configurations.
Example 18-16 Displaying PPP Session Informationshow policy-map session Command
Router# show pppoe session
1 session in LOCALLY_TERMINATED (PTA) State
1 session total
Uniq ID
14
PPPoE
SID
6
RemMAC
Port
LocMAC
VA-st
0009.b68d.bb37
ATM2/0/7.5555
0009.b68d.bc37 VC: 1/5555
VT
VA
555
Vi3.1
State
Type
PTA
UP
Router#
Router#
Router# show policy-map session uid 14
SSS session identifier 14 Service-policy output: pm_hier2_0_2
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps
Queueing
queue limit 50 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 2000000, bc 8000, be 8000
target shape rate 2000000
bandwidth remaining ratio 100
Service-policy : pm_hier2_child_0_2
queue stats for all priority classes:
Queueing
priority level 1
queue limit 77 packets
(queue depth/total drops/no-buffer drops) 0/0/0
18-43
Chapter 18
1
5 2 ms 0 ms conform-action transmit exceed-action drop
drop
packets
Class cm_1
18-44
OL-7433-09
Chapter 18
18-45
Chapter 18
Description
Required PRE
Release 12.2(33)SB
If you configure child classes with a guaranteed bandwidth, do not oversubscribe the sessions. If you
do oversubscribe the sessions and the hierarchical policy shapes session traffic, any bandwidth
guarantees configured for the child policies might not be guaranteed. Oversubscription occurs when
the aggregate configured shape rate for all active sessions exceeds the bandwidth of the physical link
through which the session traffic passes when leaving the router.
Per-session shaping for ATM interfaces does not support load-balancing on an L2TP tunnel (for
example, on the LNS). Therefore, if you enable per-session shaping in a service policy, do not
configure load-balancing on the tunnel.
Step 1
Command
Purpose
Step 2
Step 3
Router(config-pmap-c)# bandwidth
{bandwidth-kbps | percent percentage |
remaining percent percentage}
18-46
OL-7433-09
Chapter 18
Step 4
Command
Purpose
Step 5
Router(config-pmap-c)# exit
Step 7
Step 8
Step 9
Step 10
Router(config-pmap-c)# service-policy
policy-map-name
Step 11
Router(config-pmap-c)# exit
Step 12
Router(config-pmap)# exit
Step 13
18-47
Chapter 18
Step 14
Command
Purpose
Step 15
Router(config-if)# exit
Step 16
Step 17
Router(config-bba-grp)# virtual-template
template-number
Step 18
Router(config-bba-grp)# exit
Step 19
18-48
OL-7433-09
Chapter 18
Step 20
Command
Purpose
Step 21
Step 22
Router(config-atm-vc)# exit
Step 23
Router(config-subif)# exit
18-49
Chapter 18
Purpose
18-50
OL-7433-09
Chapter 18
Command
Purpose
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class maps
ISG commands
Policing
18-51
Chapter 18
Related Documentation
Feature
Related Documentation
Policy maps
18-52
OL-7433-09
CH A P T E R
19
PVC Bundles
A PVC bundle is a group of permanent virtual circuits (PVCs) combined into a logical group with a
single, virtual interface that connects to a peer system. PVC bundles enable service providers to offer
different levels of service through the use of IP precedence, differentiated services code point (DSCP),
and Multiprotocol Label Switching (MPLS) experimental (EXP) levels, and QoS features. Using the
PVC bundle management software, you can create a bundle of PVCs between a pair of connected routers
and assign different QoS characteristics to individual PVCs in the bundle. Each PVC in a bundle has its
own traffic class and traffic parameters, and is configured to carry packets whose priority matches the
configured range.
Using PVC bundles, you can do the following:
Create differentiated service by distributing IP precedence, DSCP, or MPLS EXP levels over
different PVCs in the bundle.
Map a single precedence, DSCP, or MPLS EXP level or a range of levels to each discrete PVC in
the bundle, thereby enabling individual PVCs in the bundle to carry packets marked with different
levels.
19-1
Chapter 19
PVC Bundles
Use Weighted Random Early Detection (WRED) to further differentiate service across traffic that
has different precedence, DSCP, or MPLS EXP levels.
To determine which PVC in the bundle to use to forward an IP or MPLS packet, the router examines the
packets priority bits or Type of Service (ToS) field, or the packets EXP bits. Each PVC in the bundle
is configured to carry packets whose priority matches the configured precedence, DSCP, or MPLS EXP
level. Combined with a queuing mechanism at the output interface, this offers a complete QoS solution
for both data and voice, and allows for further granularization of data types to differentiate data
priorities.
The router supports both ATM and Frame Relay PVC bundles.
Figure 19-1 shows a PVC bundle.
PVC Bundle
132316
Figure 19-1
Point-to-Point
Description
Required PRE
Release 12.0(26)S
PVC bundles over ATM and Frame Relay were introduced PRE1
on the PRE1 and included support for IP precedence and
DSCP-based PVC selection. The ATM PVC Bundle
EnhancementMPLS EXP-Based PVC Selection feature
and the Frame Relay PVC Bundles with QoS Support for
IP and MPLS feature were also introduced.
Bundle
Type
ATM
16,000
Frame Relay
16,000
19-2
OL-7433-09
Chapter 19
Note
IP precedence and MPLS EXP have eight levels that you can assign and DSCP has 64 levels. To include
all DSCP values, you can assign a range of DSCP values (for example, 9-16) to a particular DLCI and
assign the remaining DSCP values to another DLCI using the dscp other command.
Traffic Bumping
Traffic bumping provides a way to keep a PVC bundle up and traffic flowing even though some
individual PVCs might be down. You can configure each PVC bundle member to bump traffic to another
PVC in the bundle when the bundle member does down. You can also specify that a particular PVC can
never accept bumped traffic from another PVC. The default is to accept bumped traffic.
You can specify traffic bumping as either implicit or explicit bumping. Implicit bumping diverts the
traffic from a failed PVC to the PVC having the next lower service level. Explicit bumping forces the
traffic to a specific PVC rather than allowing it to find a PVC carrying traffic of the next lower service
level. The default is to perform implicit traffic bumping.
For example, consider a sample configuration with two PVCs: PVC1 and PVC2. You configure PVC1
to carry precedence level 3 traffic, PVC2 to accept bumped traffic and to carry precedence level 6 traffic,
and PVC1 to bump its traffic to PVC2. If PVC1 goes down, the following occurs:
If PVC2 is already down or goes down later, the router selects an alternate PVC based on the
bumping rule for PVC2.
If the router cannot find an alternate PVC for the bumped traffic, the entire PVC bundle goes down.
If a bundle member allows PVC bumping, the router selects the next lower precedence level PVC when
a PVC goes down. You can specify only one precedence level for bumping. If the PVC that carries the
bumped traffic fails, the router applies the bumping rules specified for the failed PVC to the traffic. When
the original PVC is up again, the router restores traffic to the original PVC.
If you do not specify a protection rule, the PVC bundle goes down only when all of the PVCs go down.
However, if a PVC that has no place to bump its traffic goes down, the router brings down the entire
bundle despite any protection rules that have been set up.
19-3
Chapter 19
Map a single precedence level or MPLS EXP level, or a range of precedence or MPLS EXP levels,
to each PVC in the bundle. This enables you to limit an individual PVC to carry only packets marked
with a specific precedence or MPLS EXP level, or packets marked with different precedence or
MPLS EXP levels. For unlabeled packets that do not specify a selection criteria, the router uses IP
precedence level as the default selection criteria for packet forwarding.
Configure a PVC to support unmapped traffic. If the PVC fails, the router attempts to identify an
alternate PVC. If the router cannot locate an alternate PVC, the router stops the PVC bundle.
Create differentiated service using PVC bundles by distributing MPLS EXP levels over the different
PVC bundle members.
Use Weighted Random Early Detection (WRED) to further differentiate service across traffic that
has different MPLS EXP levels.
The Cisco 10000 series router forwards non-IP packets using the PVC that is responsible for carrying
precedence level 6 traffic. The router uses process-switching to forward locally generated packets as
follows:
1.
To determine which PVC in a bundle is used to forward a specific type of traffic, the
ATM VC bundle management software matches MPLS EXP levels between packets and PVCs.
Because all PVCs in a bundle share the same destination, the router forwards IP traffic to the next
hop address for the bundle, but the PVC used to carry a packet depends on the value set for that
packet in the MPLS EXP level of the type of service (ToS) byte of its header.
2.
The ATM PVC bundle management software matches the MPLS EXP level of the packet to the
MPLS EXP levels assigned to a PVC and sends the packet out on the appropriate PVC. The
ATM PVC bundle management software also allows you to configure how traffic is redirected if a
PVC goes down.
3.
MPLS EXP-based PVC selection maps the IP precedence level in the IPv4 header to a PVC
configured with the same value. The three precedence bits in the type of service (ToS) byte of the
IP header defines the precedence levels for IP traffic. You can use a default PVC for all unspecified
precedence levels.
4.
After you define an ATM bundle and add PVCs to it, you can configure attributes and characteristics
to discrete PVC bundle members, or you can apply them collectively at the bundle level. You can
apply ATM traffic shaping to each PVC within a bundle.
19-4
OL-7433-09
Chapter 19
Description
Required PRE
Release 12.0(26)S
bump Command
To configure the bumping rules for a PVC bundle or a specific PVC bundle member, use the bump
command in VC class or bundle member configuration mode. To remove the explicit bumping rules and
return to the default condition of implicit bumping, use the no form of the command.
bump {explicit precedence-level | implicit | traffic}
no bump {explicit precedence-level | implicit | traffic}
Syntax Description
explicit
precedence-level
implicit
traffic
19-5
Chapter 19
Description
Release 12.0(26)S
Defaults
Implicit bumping
Permit bumping (VCs accept bumped traffic)
Configuration Mode
VC-class configuration (for a VC class)
Bundle-vc configuration (for an ATM VC bundle member)
bundle Command
To create a bundle or modify an existing bundle, use the bundle command in subinterface configuration
mode. To remove the specified bundle, use the no form of the command. By default, no bundle is
specified.
bundle bundle-name
no bundle bundle-name
Syntax Description
bundle-name
19-6
OL-7433-09
Chapter 19
Description
Release 12.0(26)S
To display the status of bundles, use the show atm bundle and show atm bundle statistics commands.
class-bundle Command
To configure a virtual circuit (VC) bundle with the bundle-level commands contained in the specified
VC class, use the class-bundle command in bundle configuration mode. To remove the VC class
parameters from a VC bundle, use the no form of the command.
class-bundle vc-class-name
no class-bundle vc-class-name
Syntax Description
vc-class-name
Description
Release 12.0(26)S
Defaults
No VC class is assigned to the VC bundle.
19-7
Chapter 19
You can add the following commands to a VC class to be used to configure a VC bundle: broadcast,
encapsulation, inarp, oam-bundle, oam retry, and protocol.
Bundle-level parameters applied through commands that are configured directly on a bundle supersede
bundle-level parameters applied through a VC class by the class-bundle command. Some bundle-level
parameters applied through a VC class or directly to the bundle can be superseded by commands that
you directly apply to individual VCs in bundle-VC configuration mode.
class-vc Command
To assign a virtual circuit (VC) class to an ATM permanent virtual circuit (PVC) or PVC bundle member,
use the class-vc command in the appropriate configuration mode. To remove a VC class, use the no form
of this command.
class-vc vc-class-name
no class-vc vc-class-name
Syntax Description
vc-class-name
Name of the VC class you are assigning to your ATM PVC, SVC, or VC
bundle member.
Description
Release 12.0(26)S
Configuration Modes
Interface-ATM-VC configuration (for ATM PVCs)
Bundle-vc configuration (for VC bundle members)
PVC-range configuration (for PVC ranges)
19-8
OL-7433-09
Chapter 19
Syntax Description
other
(Optional) Any MPLS EXP levels that are not explicitly configured.
range
Description
Release 12.0(26)S
Defaults
Defaults to other, that is, any MPLS EXP levels that are not explicitly configured.
Configuration Modes
VC-class configuration (for a VC class)
Bundle-vc configuration (for ATM VC bundle members)
19-9
Chapter 19
VCs in a VC bundle are subject to the following configuration inheritance guidelines (listed in order of
next highest MPLS EXP level):
Note
Bundle configuration in bundle mode (with the effect of assigned vc-class configuration)
If you are using an ATM interface, you must configure all MPLS EXP levels (ranging from 0 to 7) for
the bundle. To do this, we recommend configuring one member of the bundle with the mpls
experimental other command. The other keyword defaults to any MPLS EXP levels in the range from
0 to 7 that are not explicitly configured.
oam-bundle Command
To enable end-to-end F5 Operation, Administration, and Maintenance (OAM) loopback cell generation
and OAM management for all permanent virtual circuit (PVC) members of a bundle or a VC class that
can be applied to a PVC bundle, use the oam-bundle command in VC-class configuration mode. To
remove OAM management from the bundle or class configuration, use the no form of the command.
oam-bundle [manage] [frequency]
no oam-bundle [manage] [frequency]
Syntax Description
manage
frequency
Description
Release 12.0(26)S
Defaults
End-to-end F5 OAM loopback cell generation and OAM management are disabled, but if OAM cells are
received, they are looped back.
Configuration Modes
VC-class configuration (for a VC class)
Bundle configuration (for an ATM VC bundle)
19-10
OL-7433-09
Chapter 19
precedence Command
To configure precedence levels for a virtual circuit (VC) class that can be assigned to a VC bundle and
thus applied to all VC members of that bundle, use the precedence command in vc-class configuration
mode. To remove the precedence levels from the VC class, use the no form of the command.
To configure the precedence levels for a VC or permanent virtual circuit (PVC) member of a bundle, use
the precedence command in bundle-vc configuration mode for ATM VC bundle members. To remove
the precedence levels from the VC or PVC, use the no form of the command.
precedence [other | range]
no precedence
Syntax Description
other
(Optional) Any precedence levels in the range from 0 to 7 that are not
explicitly configured.
range
Description
Release 12.0(26)S
Defaults
Defaults to otherthat is, any precedence levels in the range from 0 to 7 that are not explicitly
configured.
19-11
Chapter 19
Configuration Modes
VC-class configuration (for a VC class)
Bundle-vc configuration (for ATM VC bundle members)
protect Command
To configure a virtual circuit (VC) class with protected group or protected VC status for application to
a VC bundle member, use the protect command in vc-class configuration mode. To remove the protected
status from the VC class, use the no form of the command.
To configure a specific VC or permanent virtual circuit (PVC) as part of a protected group of the bundle
or to configure it as an individually protected VC or PVC bundle member, use the protect command in
bundle-vc configuration mode. To remove the protected status from the VC or PVC, use the no form of
the command.
protect {group | vc}
no protect {group | vc}
Syntax Description
group
vc
19-12
OL-7433-09
Chapter 19
Description
Release 12.0(26)S
Defaults
The VC or PVC neither belongs to the protected group nor is it an individually protected VC or PVC.
Configuration Modes
VC-class configuration (for a VC class)
Bundle-vc configuration (for ATM VC bundle members)
pvc-bundle Command
To add a permanent virtual circuit (PVC) to a bundle as a member of the bundle and enter bundle-vc
configuration mode in order to configure that PVC bundle member, use the pvc-bundle command in
bundle configuration mode. To remove the VC from the bundle, use the no form of the command.
pvc-bundle pvc-name [vpi/] [vci]
no pvc-bundle pvc-name [vpi/] [vci]
19-13
Chapter 19
Syntax Description
pvc-name
vpi/
(Optional) ATM network virtual path identifier (VPI) for this PVC. The
absence of the "/" and a vpi value defaults the vpi value to 0.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
vci
(Optional) ATM network virtual channel identifier (VCI) for this PVC. The
value range is from 0 to 1 less than the maximum value set for this interface
by the atm vc-per-vp command. Typically, lower values 0 to 31 are
reserved for specific traffic (F4 Operation, Administration, and
Maintenance (OAM), Integrated Local Management Interface (ILMI), and
so on) and should not be used.
The VCI is a 16-bit field in the header of the ATM cell. The VCI value is
unique only on a single link, not throughout the ATM network, because it
has local significance only.
The vpi and vci arguments cannot both be set to 0; if one is 0, the other
cannot be 0.
Description
Release 12.0(26)S
Defaults
No default behavior or values.
Configuration Modes
Bundle configuration
19-14
OL-7433-09
Chapter 19
Figure 19-2
ATM VC Bundle
IP
Precedence
22313
VC 1
ATM PVC bundle management allows you to define an ATM PVC bundle and add PVCs to it. Each PVC
of a bundle has its own ATM traffic class and ATM traffic parameters. You can apply attributes and
characteristics to discrete PVC bundle members or you can apply them collectively at the bundle level.
Using PVC bundles, you can create differentiated service by flexibly distributing IP precedence levels
or Multiprotocol Label Switching (MPLS) experimental (EXP) levels over the different PVC bundle
members. You can map a single level or a range of levels to each discrete PVC in the bundle, thereby
enabling individual PVCs in the bundle to carry packets marked with different precedence or MPLS EXP
levels. You can use weighted random early detection (WRED) to further differentiate service across
traffic that has different IP precedence or MPLS EXP levels, but that uses the same PVC in a bundle.
To determine which PVC in the bundle to use to forward a packet to its destination, the ATM PVC bundle
management software matches precedence levels or MPLS EXP levels between packets and PVCs (see
Figure 19-3). IP traffic is sent to the next hop address for the bundle because all PVCs in a bundle share
the same destination, but the PVC used to carry a packet depends on the value set for that packet in the
IP precedence bits or the MPLS EXP bits of the type of service (ToS) byte of its header. The ATM PVC
bundle management software matches the IP precedence or MPLS EXP level of the packet to the IP
precedence or MPLS EXP value or range of values assigned to a PVC, sending the packet out on the
appropriate VC.
The ATM PVC bundle management software also allows you to configure how traffic is redirected when
the PVC the packet was matched to goes down. Figure 19-3 shows how the ATM PVC bundle
management software determines which PVC bundle member to use to carry a packet and how WRED
is used to differentiate traffic on the same VC. In the figure PVC selection is based on IP precedence
levels, but it can also be based on MPLS EXP levels.
19-15
Chapter 19
Figure 19-3
VC1
VC2
VC3
VC4
WRED in
per-VC queue
17626
VC selection
based on
precedence
19-16
OL-7433-09
Chapter 19
Figure 19-4
Bump
Failure
IP
Precedence
22314
VC 1
In the event of failure, the router responds with one of two methods:
The first method dynamically assigns the traffic bound on the failed PVC to an alternative PVC,
which is referred to as circuit bumping. Bumped traffic is then shared on an existing in-service PVC.
Although not required, traffic is typically bumped from a higher class to a lower one. For example,
if the premium, or first class, data circuit become unavailable, then all premium users share the
second class or general circuit. Within this shared circuit, preference is given to the premium traffic.
The second method is to declare all circuits of the bundle to be down. In effect, the device is
declaring the routed bundle inactive and asking the routing layer to search for an alternate.
The network configuration determines whether to bump traffic or whether to declare the bundle inactive.
The Cisco 10000 series router must be running Cisco IOS Release 12.0(26)S or later.
To implement ATM PVC bundles between two routers, you must enable IP Cisco Express
Forwarding (CEF) switching on the routers.
In Cisco IOS Release 12.0(26)S, the ATM implementation of VC bundles is restricted to PVCs.
A PVC that is a bundle member cannot be used in any other capacity. For example, you cannot
configure a PVC bundle member in a map statement.
19-17
Chapter 19
The Cisco 10000 router does not support automapping of PVCs or variable bit rate-real-time
(VBR-rt) for PVCs.
The Cisco 10000 router supports aal5snap and aal5mux encapsulation types for PVCs and
multipoint and point-to-point subinterfaces.
VC Selection
You can map one or multiple precedence or MPLS EXP levels to a single PVC; however, you cannot
map multiple PVCs to one precedence or MPLS EXP level.
A PVC bundle does not come up until you configure all of the precedence or MPLS EXP levels in
the bundle.
If you attach a VC class with bundle attributes to a PVC that is not configured as a member of a
PVC bundle, the Cisco 10000 router ignores the bundle attributes.
You can enable or disable inverse ARP for the PVC bundle but not for individual PVCs in the bundle.
ATM inverse ARP for IP uses the PVC configured with precedence level 6.
Inverse ARP for protocols other than IP (for example, IPX) is disabled by default unless you
explicitly configure it in the PVC bundle.
Packet Forwarding
The Cisco 10000 router does not support fast switching of IP packets.
Purpose
Step 1
Step 2
Router(config-subif)# mpls ip
19-18
OL-7433-09
Chapter 19
Step 3
Command
Purpose
Step 4
Step 5
Router(config-atm-vcb)# encapsulation
[aal5snap | aal5mux ip]
Step 6
Router(config-atm-vcb)# encapsulation
{aal5mux protocol | aal5ciscoppp
virtual-template number | aal5snap}
Step 7
Step 8
Step 9
Router(config-atm-vcb)# broadcast
19-19
Chapter 19
Step 10
Command
Purpose
Step 11
Router(config-atm-vcb)# oam-bundle
[manage] [frequency]
Step 12
Step 13
Step 14
19-20
OL-7433-09
Chapter 19
Configuring a VC Class and Specifying the Basis for PVC Selection, page 19-21
Step 1
Command
Purpose
Step 2
Step 3
Step 4
19-21
Chapter 19
Step 5
Command
Purpose
Step 6
Purpose
Step 1
Step 2
Step 3
Router(config-atm-vcb)# class-bundle
vc-class-name
Associates the VC class you specify with the PVC bundle. The
router applies the parameters specified in the VC class to the
bundle.
vc-class-name is the name of the VC class that you are attaching
to the VC bundle.
19-22
OL-7433-09
Chapter 19
Purpose
Step 1
Step 2
Step 3
Router(config-atm-vcb)# pvc-bundle
pvc_name [vpi/]{vci}
Purpose
Step 1
Step 2
19-23
Chapter 19
Step 3
Command
Purpose
Router(config-atm-vcb)# pvc-bundle
pvc_name [vpi/]{vci}
Step 4
Router(config-atm-vcb-vc)# bump
{explicit level | implicit | traffic}
When the PVC goes down, the router directs the traffic to
a PVC mapped with the service level you configure in
explicit level.
Router(config-atm-vcb-vc)# mpls
experimental [other | range]
Step 6
Router(config-atm-vcb-vc)# precedence
[other | range]
Step 7
Router(config-atm-vcb-vc)# class
class-name
19-24
OL-7433-09
Chapter 19
Step 8
Command
Purpose
Step 9
Step 10
Step 11
Purpose
Step 1
Step 2
19-25
Chapter 19
Step 3
Command
Purpose
Step 4
Step 5
Step 6
Step 7
19-26
OL-7433-09
Chapter 19
Step 8
Command
Purpose
Step 9
Purpose
Step 1
Step 1
Step 2
Router(config-atm-vcb)# pvc-bundle
pvc_name [vpi/]{vci}
Adds the specified PVC to the bundle if it does not exist already.
Enters ATM bundle member configuration mode.
pvc-name is a name that you can use to refer to the PVC.
(Optional) vpi/ is the virtual path identifier (VPI). The slash is
required.
(Optional) vci is the virtual channel identifier.
Step 3
Router(config-atm-vcb-vc)# class-vc
vc-class-name
19-27
Chapter 19
Command
Purpose
Step 1
Step 2
Step 3
Router(config-atm-vcb)# pvc-bundle
pvc_name [vpi/]{vci}
Adds the specified PVC to the bundle if it does not exist already.
Enters ATM bundle member configuration mode.
pvc-name is a name that you can use to refer to the PVC.
(Optional) vpi/ is the virtual path identifier (VPI). The slash is
required.
(Optional) vci is the virtual channel identifier.
Step 4
Router(config-atm-vcb-vc)# no bump
traffic
Configures the PVC not to accept any bumped traffic that would
otherwise be redirected to it.
Purpose
19-28
OL-7433-09
Chapter 19
Command
Purpose
Configuration Example for ATM Bundle Configuration Using VC Classes, page 19-29
Configuration Example for MPLS EXP-Based ATM PVC Selection, page 19-31
19-29
Chapter 19
/* The control-class carries precedence 7 traffic and takes the bundle down when it is
down. It uses the implicit bumping rule. The QoS is set to vbr-nrt. */
vc-class atm control-class
precedence 7
protect vc
vbr-nrt 10000 5000 32
/* The premium-class carries precedence 5 and 6 traffic, and does not allow other traffic
to be bumped onto it. The precedence 7 VC is the alternate VC for the premium-class
traffic when it does down. The premium-class belongs to the protected group of the bundle.
The QoS type is vbr-nrt. */
vc-class atm premium-class
precedence 6-5
no bump traffic
protect group
bump explicitly 7
vbr-nrt 20000 10000 32
/* The priority-class carries precedence 4-2 traffic and uses the implicit bumping rule.
It allows bumped traffic and belongs to the protected group of the bundle. The QoS type is
ubr+. */
vc-class atm priority-class
precedence 4-2
protect group
ubr+ 10000 3000
/* The basic-class carries the traffic of the precedence levels that are not specified in
the profile. It is part of the protected group. The QoS type is ubr. */
vc-class atm basic-class
precedence other
protect group
ubr 10000
/* This subinterface has 3 bundles for connecting to its 3 neighbors. Bundle new-york and
bundle san-francisco have 4 members and bundle los-angeles has 3 members. */
interface a1/0.1 multipoint
ip address 10.16.0.1 255.255.255.0
ip router isis
bundle new-york
/* The following protocol commands enable IP and OSI traffic flows in the bundle.
According to the inheritance rule, the protocol ip command takes precedence over the
protocol ip inarp command in bundle-class. The protocol clns command is configured merely
for using it for integrated IP routing. The OSI routing packets go on the highest
precedence VC in the bundle while the OSI data packets, if any, use the lowest precedence
VC in the bundle. Other protocols, such as IPX or AppleTalk, always use the lowest
precedence VC in the bundle when they are configured. */
protocol ip 10.16.1.2 broadcast
protocol clns 49.0000.0000.0000.2222.00 broadcast
class bundle-class
/* The following commands create the PVCs of bundle new-york. */
pvc-bundle ny-control 207
class control-class
pvc-bundle ny-premium 206
class premium-class
pvc-bundle ny-priority 204
class priority-class
pvc-bundle ny-basic 201
class basic-class
bundle san-francisco
protocol clns 40.0000.0000.0000.3333.00 broadcast
19-30
OL-7433-09
Chapter 19
inarp 1
class bundle-class
pvc-bundle sf-control 307
class control-class
pvc-bundle sf-premium 306
class premium-class
pvc-bundle sf-priority 304
class priority-class
pvc-bundle sf-basic 301
class basic-class
bundle los-angeles
protocol ip 10.16.1.4 broadcast
protocol clns 49.0000.0000.0000.4444.000 broadcast
inarp 1
class bundle-class
pvc-bundle la-high 407
precedence 7-5
protect vc
class premium-class
pvc-bundle la-mid 404
precedence 4-2
protect group
class priority-class
pvc-bundle la-low 401
precedence other
protect group
class basic-class
/* PVC la-other is a standalone VC and does not belong to any of the bundles. */
pvc la-other 400
no protocol ip inarp
broadcast
19-31
Chapter 19
The Frame Relay PVC Bundles with QoS Support for IP and MPLS feature allows you to configure
multiple PVCs with different QoS characteristics between any pair of Frame Relay-connected routers
and to configure a group of Frame Relay PVCs with a single next-hop address. Packets are mapped to
specific PVCs in the bundle on the basis of the precedence level, differentiated services code point
(DSCP) level, or MPLS EXP level in the type of service (ToS) field of the IP header. Each packet is
treated differently according to the QoS configured for each PVC.
The Frame Relay PVC bundle management software provides flexible PVC management within a PVC
bundle by allowing traffic assigned to a failed PVC to be redirected to an alternate PVC within the
bundle. It also allows you to configure the bundle to go down when certain PVCs go down. IP packets
carrying different types of traffic can be transported on different PVCs within the same PVC bundle.
To determine which PVC in a bundle is used to forward a specific type of traffic, the Frame
Relay PVC bundle management software matches the IP precedence level, DSCP level, or MPLS EXP
level in the IPv4 header to a PVC configured with the same value. The bundle management software
sends the packet out on the PVC with the same value.
After you define a Frame Relay bundle and add PVCs to it, you can configure attributes and
characteristics to discrete PVC bundle members, or you can apply them collectively at the bundle level.
You can apply Frame Relay traffic shaping to each PVC within a bundle.
You can create differentiated service using PVC bundles by distributing IP precedence levels or DSCP
values over the various bundle members. You can map a single precedence level or DSCP value or a
range of precedence or DSCP levels to each PVC in the bundle. This enables you to either limit an
individual PVC to carry only packets marked with a specific precedence or DSCP level, or enable a PVC
to carry packets marked with different precedence or DSCP levels.
The bundle management software also allows you to configure how traffic is redirected if a PVC goes
down. If this occurs, the router attempts to identify an alternate PVC. If the router cannot locate an
alternate PVC, the router stops the PVC bundle.
The router forwards non-IP packets using the PVC that is responsible for carrying precedence level 6 or
DSCP level 63 traffic. The router uses process-switching to forward locally generated packets.
Description
Required PRE
Release 12.0(26)S
PRE1
19-32
OL-7433-09
Chapter 19
Syntax Description
explicit level
implicit
Applies the implicit bumping rule, which is the default, to a single PVC
bundle member. The implicit bumping rule stipulates that bumped traffic is
to be carried by a PVC that has the lower precedence level.
traffic
Specifies that the PVC accepts bumped traffic (the default condition). The
no form stipulates that the PVC does not accept any bumped traffic.
Description
Release 12.0(26)S
Defaults
Implicit bumping
Bumping permitted (PVCs accept bumped traffic)
Configuration Mode
Frame Relay VC-bundle-member configuration
19-33
Chapter 19
If you configure a PVC with the bump explicit command, you can specify the service level to which
traffic is bumped when that PVC goes down, and the traffic is directed to a PVC mapped with that level.
If the PVC that picks up and carries the traffic goes down, the traffic is subject to the bumping rules for
that PVC. You can specify only one service level for bumping.
The PVC accepts bumped traffic by default. If the PVC has been previously configured to reject bumped
traffic, you must use the bump traffic command to return the PVC to its default condition.
To configure a discrete PVC to reject bumped traffic when the traffic is directed to it, use the no bump
traffic command.
Note
When no alternative PVC can be found to handle bumped traffic, even when there are no packets of that
traffic type present, the bundle is declared down. In the case where default (implicit) bumping is used
for all PVCs, the PVC that is handling the lowest service level can be configured to bump explicitly to
a PVC handling a higher service level.
Syntax Description
level
Specifies the DSCP level or levels for this Frame Relay PVC bundle
member. Valid values are from 0 to 63.
You can configure a PVC bundle member with a single DSCP level (9),
multiple individual DSCP levels (25,35,45), a range of DSCP levels
(25-35), multiple ranges of DSCP levels (25-35,45-55), or a combination of
individual levels and level ranges (10,20,25-35,40,45-55,60).
Note
This command is available when the PVC bundle match type is set
to dscp. By default, the PVC members are configured to reject
bumping when the match-type is dscp.
other
Specifies that this Frame Relay PVC bundle member handles all of the
remaining DSCP levels that are not explicitly configured on any other
bundle members.
Description
Release 12.0(26)S
Defaults
DSCP levels are not configured.
19-34
OL-7433-09
Chapter 19
Configuration Mode
Frame Relay VC-bundle-member configuration
exp Command
To configure Multiprotocol Label Switching (MPLS) experimental (EXP) levels for a Frame Relay
permanent virtual circuit (PVC) bundle member, use the exp command in Frame Relay
VC-bundle-member configuration mode. To remove the EXP level configuration from the PVC, use the
no form of the command.
exp {level | other}
no exp
Syntax Description
level
Specifies the MPLS EXP level or levels for a Frame Relay PVC bundle
member. Valid values are from 0 to 7. You can configure a PVC bundle
member with a single MPLS EXP level (0), multiple individual MPLS EXP
levels (0,2,3), a range of MPLS EXP levels (0-2), multiple ranges of MPLS
EXP levels (0-2,4-5), or a combination of individual levels and level ranges
(0,1,2-4,7).
other
Specifies that the Frame Relay PVC bundle member handles all of the
remaining MPLS EXP levels that are not explicitly configured on any other
bundle member PVCs.
19-35
Chapter 19
Description
Release 12.0(26)S
Defaults
EXP levels are not configured.
Configuration Mode
Frame-Relay VC-bundle-member configuration
Syntax Description
vc-bundle-name
19-36
OL-7433-09
Chapter 19
Description
Release 12.0(26)S
Defaults
A bundle is not created.
Configuration Mode
Interface configuration
Syntax Description
level
Specifies the precedence level or levels for this Frame Relay PVC bundle
member. Valid values are from 0 to 7.
You can configure a PVC bundle member with a single precedence level (0),
multiple individual precedence levels (0,2,3), a range of precedence levels
(0-2), multiple ranges of precedence levels (0-2,4-5), or a combination of
individual levels and level ranges (0,1,2-4,7).
Note
other
This command is available when the PVC bundle match type is set
to precedence.
Specifies that this Frame Relay PVC bundle member handles all of the
remaining precedence levels that are not explicitly configured on any other
bundle members.
Note
Description
Release 12.0(26)S
19-37
Chapter 19
Defaults
Precedence levels are not configured.
Configuration Mode
Frame Relay VC-bundle-member configuration
When tag-switching is enabled on the interface by using the tag-switching ip command, MPLS and IP
packets can flow across the interface, and PVC bundles that are configured for IP precedence mapping
are converted to MPLS EXP mapping. The PVC bundle functionality remains the same with respect to
priority levels, bumping, and so on, but the match precedence command is replaced by the match exp
command, and each precedence command is replaced by the exp command. The result is that a
bundle-member PVC previously configured to carry precedence level 1 IP traffic now carries EXP
level 1 MPLS traffic.
When tag-switching is disabled, the match precedence and match dscp commands are restored, and the
exp commands are replaced by precedence commands.
When tag-switching is enabled or disabled, PVC bundles configured for IP precedence mapping or
MPLS EXP mapping stay up, and traffic is transmitted over the appropriate bundle-member PVCs.
19-38
OL-7433-09
Chapter 19
Syntax Description
group
vc
Configures the PVC member as individually protected and specifies that the
PVC bundle goes down whenever the PVC goes down.
Description
Release 12.0(26)S
Defaults
The PVC neither belongs to the protected group nor is an individually protected PVC.
Configuration Mode
Frame Relay VC-bundle-member configuration
Syntax Description
dlci
vc-name
Description
Release 12.0(26)S
19-39
Chapter 19
Defaults
No PVC is defined.
Configuration Mode
Frame Relay VC-bundle configuration
Dynamic PVCs can be specified as PVC bundle members; however, if a PVC has already been created
by using some other configuration command, you cannot add it to a PVC bundle. If you try to add it to
a bundle, the following message appears on the console:
%DLCI 200 is not a dynamic PVC. Cannot add to VC-Bundle.
If a PVC is already a member of a PVC bundle, any attempt to reuse that same PVC in a command that
creates a PVC (for example, frame-relay interface-dlci, frame-relay local-dlci) results in the
following error message:
%Command is inapplicable to vc-bundle PVCs.
The Cisco 10000 series router must be running Cisco IOS Release 12.0(26)S or later releases.
To implement Frame Relay PVC bundles between two routers, you must enable IP Cisco Express
Forwarding (CEF) switching on the routers.
19-40
OL-7433-09
Chapter 19
In Cisco IOS Release 12.0(26)S, the Frame Relay implementation of VC bundles is restricted to
PVCs.
A PVC that is a bundle member cannot be used in any other capacity. For example, you cannot
configure a PVC bundle member in a map statement.
The Cisco 10000 router does not support variable bit rate-real-time (VBR-rt) for PVCs.
VC Selection
A PVC bundle does not come up until you configure all of the precedence or DSCP levels in the
bundle.
You can map one or multiple precedence or DSCP levels to a single PVC; however, you cannot map
multiple PVCs to one precedence or DSCP level.
The Cisco 10000 router does not support the auto-mapping of PVCs.
Packet Forwarding
The Cisco 10000 router does not support fast switching of IP packets.
19-41
Chapter 19
Step 1
Command
Purpose
Specifies the interface that you want to add to the MLP bundle.
Enters interface configuration mode.
slot/module/port identifies the line card. The slashes are
required.
channel: is the channel group number. The colon is required.
controller-number is the member link controller number.
Step 2
Step 3
Router(config-if)# encapsulation
frame-relay [cisco | ietf]
19-42
OL-7433-09
Chapter 19
Step 4
Command
Purpose
Step 5
19-43
Chapter 19
Step 1
Command
Purpose
Step 2
Step 3
Configuring a Frame Relay Bundle Member Using a Map Class, page 19-48
Note
We recommend that you configure a PVC bundle on the peer router, especially for applications that rely
on communications on the same PVC (for example, TCP header compression).
19-44
OL-7433-09
Chapter 19
To configure an individual Frame Relay bundle member directly, enter the following commands
beginning in global configuration mode:
Step 1
Command
Purpose
Step 2
Step 3
Step 4
Step 5
19-45
Chapter 19
Step 6
Command
Purpose
Router(config-fr-vcb-vc)# precedence
{level | other}
19-46
OL-7433-09
Chapter 19
Step 8
Command
Purpose
Step 9
Router(config-fr-vcb-vc)# bump
{explicit level | implicit | traffic}
When the PVC goes down, the router directs the traffic to
a PVC mapped with the service level you configure in
explicit level.
Router(config-fr-vcb-vc)# protect
{group | vc}
Step 11
Router(config-fr-vcb-vc)# inarp
19-47
Chapter 19
Step 1
Command
Purpose
Step 2
Step 3
Step 4
Configuration Example for Configuring a Frame Relay Bundle Member Using a Map Class
Example 19-6 shows how to configure a bundle member using a map class. In the example, the PVC
bundle named Gold is created. The map class named East is applied to the PVC bundle member named
member1 (DLCI 100).
19-48
OL-7433-09
Chapter 19
Example 19-6 Configuring a Frame Relay Bundle Member Using a Map Class
Router(config-if)# frame-relay vc-bundle Gold
Router(config-fr-vcb)# pvc 100 member1
Router(config-fr-vcb-vc)# class East
Configuration Example for Precedence-Based and DSCP-Based Frame Relay PVC Selection,
page 19-49
Configuration Example for MPLS EXP-Based Frame Relay PVC Selection, page 19-50
Configuration Example for Precedence-Based and DSCP-Based Frame Relay PVC Selection
Example 19-7 shows how to directly configure Frame Relay PVC selection based on the packets
precedence or DSCP level. The sample configuration creates two PVC bundles on a multipoint
subinterface. The PVC bundle named new-york has four members and supports precedence mapping.
The PVC bundle named san-jose has three members and supports DSCP mapping. The example uses
arbitrary DSCP ranges.
Example 19-7 Configuring Precedence-Based and DSCP-Based PVC Selection
interface serial 0.1 multipoint
/* Create a VC bundle map entry for the next hop IP address*/
frame-relay map ip 10.16.0.2 vc-bundle new-york
frame-relay map ip 12.0.0.2 vc-bundle san-jose
frame-relay vc-bundle new-york
match precedence
/* Create the PVCs for VC bundle new-york*/
pvc 100 ny-control
class control
precedence 7
protect vc
pvc 101 ny-premium
class premium
precedence 5-6
protect group
no bump traffic
bump explicit 7
pvc 102 ny-priority
class priority
precedence 2-4
protect group
pvc 103 ny-basic
class basic
precedence other
protect group
frame-relay vc-bundle san-jose
match dscp
pvc 200
class control
dscp 63-60
no bump traffic
protect vc
19-49
Chapter 19
pvc 201
class premium
dscp 31-24
protect group
pvc 202
class basic
dscp other
protect group
19-50
OL-7433-09
Chapter 19
Command
Purpose
19-51
Chapter 19
Command
Purpose
19-52
OL-7433-09
Chapter 19
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
ATM VC Bundle Management on Cisco 12000 Series 8-Port OC-3 STM-1 ATM
Line Cards, Release 12.0(23)S feature module
Understanding and Configuring ATM PVC Bundles sample configurations
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2
Part 7: Quality of Service Solutions > IP to ATM CoS Overview > VC Bundle
Support and Bundle Management
ATM PVC Bundle EnhancementMPLS EXP-Based PVC Selection,
Release 12.2(8)T feature module
ATM VC Bundle Management on Cisco 12000 Series 8-Port OC-3 STM-1 ATM
Line Cards, Release 12.0(23)S feature module
IP to ATM Class of Service, Release 12.0(3)T feature module
Cisco IOS Quality of Service Solutions Command Reference, Release 12.2
Frame Relay PVC Bundles with QoS Support for IP and MPLS, Release 12.2(13)T
feature module
19-53
Chapter 19
Related Documentation
19-54
OL-7433-09
CH A P T E R
20
MPLS QoS
Multiprotocol Label Switching (MPLS) quality of service (QoS) allows you, as the service provider, to
provide varying levels of QoS services for different types of traffic in an MPLS network. MPLS allows
you to "tunnel" the QoS of a packet. You can classify packets according to their type, input interface,
and other factors without changing the IP precedence or DSCP field of the packet.
The IP precedence and DSCP fields allow you to specify the QoS for an IP packet. The MPLS
experimental (EXP) field, consisting of 3 bits in the IP header, allows you to specify the QoS for an
MPLS packet. The EXP field is used to support differentiated services and can carry all of the
information encoded in the IP precedence or DSCP field. In some cases, the EXP bits are used
exclusively to encode the drop precedence within a traffic class.
The router applies QoS services based on the class of service (CoS) set for a packet. If the IP precedence
field specifies the CoS, the router treats the packet based on the IP precedence marking. In an MPLS
network, the router copies the IP precedence bits into the MPLS EXP field at the edge of the network.
However, based on the service offering, you might need to set the MPLS EXP field to a value that is
different from the IP precedence value. In this case, MPLS QoS allows the IP precedence or DSCP
setting of a packet to remain unmodified as the packet passes through the provider network. During
congestion, packets receive the appropriate priority, based on the MPLS EXP setting.
20-1
Chapter 20
MPLS QoS
You can mark the EXP bits independently of the per-hop behavior (PHB). Instead of overwriting the
value in the IP precedence field, you can set the MPLS EXP field, choosing from a variety of criteria
(including those based on IP PHB) to classify a packet and set the MPLS EXP field. For example, you
can classify packets with or without considering the rate of the packets that the PE1 receives. If the rate
is a consideration, you can mark in-rate packets differently from out-of-rate packets.
As the packet travels through the MPLS network, the marking value of an IP packet does not change and
the IP header remains available for use. In some instances, it is desirable to extend the MPLS PHB to
the egress interface between the provider edge (PE) router and customer edge (CE) router. This has the
effect of extending the MPLS QoS tunnel, which allows the MPLS network owner to classify scheduling
and discarding behavior on that final interface.
Description
Required PRE
Release 12.0(19)SL
PRE1
Release 12.0(22)S
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PolicingClassifies packets according to input or output transmission rates. Allows you to set the
MPLS EXP, IP precedence, or DSCP bits (whichever is appropriate). For more information about
policing, see Chapter 6, Policing Traffic.
Class-Based Weighted Fair Queuing (CBWFQ) An automated scheduling system that uses a
queuing algorithm to ensure bandwidth allocation to different classes of network traffic. For more
information about CBWFQ, see Chapter 12, Sharing Bandwidth Fairly During Congestion.
20-2
OL-7433-09
Chapter 20
UniformProvides uniformity in per-hop behavior (PHB) throughout the network. In this mode, all
customers of your MPLS network use the same precedence settings.
Short Pipe(Default) Provides for a distinct MPLS PHB layer (on top of the IP PHB layer) across
the entire MPLS network. In this mode, your customers implement their own IP PHB marking
scheme.
PipeSimilar to short pipe mode, except that at the egress of the provider edge (PE) router the
MPLS PHB layer is used to classify the packet for discard and scheduling behavior at the outbound
interface. In this mode, you schedule and discard packets without needing to know your customer
setting.
Figure 20-1 shows a service provider MPLS network that connects two sites of a customers network. To
use these features in a network, set the MPLS experimental field value at PE1 (the ingress label
switching router) by using the modular QoS CLI. This sets the QoS value in the MPLS packet.
Figure 20-1
IP
network
MPLS
network
MPLS
network
IP
network
Host A
Host B
PE1
P1
P2
PE2
CE2
41867
CE1
Owned by
service provider
Short pipe tunnel mode discards the MPLS EXP value on label disposition. To enable MPLS EXP-based
classification after label disposition, you can map the EXP values to the qos-group values at the inbound
interface and use qos-group to classify packets into different classes at the outbound interface. However,
Weighted Random Early Detection (WRED) on the outbound interface is still based on the IP type of
service (ToS) value rather than the disposed EXP value.
The Cisco 10000 series router does not support the propagate-cos command to enable uniform mode.
The router does not copy the MPLS EXP values on disposition to the packets IP header, unless you map
the EXP value to a qos-group value at the inbound interface and use the qos-group value to set the IP
ToS value on the outbound interface.
20-3
Chapter 20
MPLS QoS
The router supports the match mpls experimental topmost command on both input and output
interfaces on which MPLS is enabled.
The set mpls experimental imposition command and the set mpls experimental command are
supported on the provider edge (PE) router input interface connecting to customer edge (CE) router.
You can also use these commands on input interfaces on the CE, in pipe mode of MPLS QoS
DiffServ tunneling models.
Note
The set mpls experimental imposition command replaces the set mpls experimental
command, which the router supports only for backward compatibility. We recommend that
you use the set mpls experimental imposition command.
The mpls ip encapsulate explicit-null command is supported on the CE router interface that is
connected to the PE. This command is only used in pipe mode of MPLS QoS DiffServ tunneling
models.
20-4
OL-7433-09
Chapter 20
Setting the MPLS EXP Field Using a Policy Map, page 20-7
20-5
Chapter 20
MPLS QoS
Step 1
Command
Purpose
Step 2
Step 3
The following example creates a class map named IP_prec4 with IP precedence 4 defined as the match
criterion. The router classifies all packets that contain IP precedence 4 as belonging to the IP_prec4
traffic class.
Router(config)# class-map match-all IP_prec4
Router(config-cmap)# match ip precedence 4
Router(config-cmap)# end
The following example creates a class map named http with the access control list (ACL) named http
defined as the match criterion. The router classifies all packets that match the http ACL as belonging to
the http traffic class.
Router(config)# class-map match-all http
Router(config-cmap)# match access-group name http
Router(config-cmap)# end
20-6
OL-7433-09
Chapter 20
The following example creates a class map named af41 with DSCP AF41 defined as the match criterion.
The router classifies all packets that contain the IP DSCP binary value 100010 as belonging to the af41
traffic class.
Router(config)# class-map match-all af41
Router(config-cmap)# match ip dscp af41
Router(config-cmap)# end
Note
Step 1
Even though the commands in Steps 3 through 6 are optional, you must configure one of the commands
to set the MPLS EXP field. The router sets the EXP bits when the packet leaves the router using an MPLS
interface. If the packet arrives on an MPLS interface, the router does not set the EXP bits. You can only
set the EXP bits of packets that arrive on a non-MPLS interface and leave on an MPLS interface.
Command
Purpose
Step 2
Step 3
Step 4
Step 5
Step 6
20-7
Chapter 20
MPLS QoS
For more information about other QoS actions you can define in the policy map, see the Types of QoS
Actions section on page 3-4.
Configuration Example for Setting the MPLS EXP Field Using a Policy Map
The following example shows how to set the MPLS EXP field using the set mpls experimental
imposition command. The sample configuration creates a policy map named set_experimental_5 and
defines the traffic class named IP_prec4. The router sets the MPLS EXP bits to 5 for all of the packets
belonging to the IP_prec4 class.
Router(config)# policy-map set_experimental_5
Router(config-pmap)# class IP_prec4
Router(config-pmap-c)# set mpls experimental imposition 5
Router(config-pmap-c)# end
Step 1
Command
Purpose
Step 2
20-8
OL-7433-09
Chapter 20
20-9
Chapter 20
MPLS QoS
1500 1
1500 1
1500 1
remaining percent 12
1500 1
!
interface GigabitEthernet3/0/0.2
encapsulation dot1Q 2
ip vrf on forwarding vrf_2
ip address 220.220.56.6 255.255.255.0
service-policy input set-exp
!
!
interface POS4/0/0
ip address 220.220.46.6 255.255.255.0
load-interval 30
tag-switching ip
crc 32
clock source internal
service-policy output wred
match-all prec0
precedence 0
match-all prec1
precedence 1
match-all prec2
precedence 2
match-all prec3
precedence 3
match-all prec4
precedence 4
match-all prec5
precedence 5
match-all prec6
precedence 6
match-all prec7
precedence 7
20-10
OL-7433-09
Chapter 20
policy-map prec2exp
class prec0
set mpls experimental imposition 1
class prec1
set mpls experimental imposition 2
class prec2
set mpls experimental imposition 3
class prec3
set mpls experimental imposition 4
class prec4
set mpls experimental imposition 5
class prec5
set mpls experimental imposition 6
class prec6
set mpls experimental imposition 7
class prec7
set mpls experimental imposition 0
!
!
interface GigabitEthernet4/0/0
ip address 220.5.1.1 255.255.255.0
service-policy input prec2exp
load-interval 30
no negotiation auto
no keepalive
!
interface GigabitEthernet3/0/0.2
encapsulation dot1Q 2
ip address 220.220.56.5 255.255.255.0
mpls ip encapsulate explicit-null
1
2
3
4
5
6
20-11
Chapter 20
Description
Required PRE
Release 12.0(27)S
PRE1
Release 12.2(16)BX
PRE2
Release 12.2(28)SB
PRE2
20-12
OL-7433-09
Chapter 20
EXP Values
VC Number
VC Name
0, 4
Available
1, 5
Standard
2, 6
Premium
3, 7
Control
You can configure a CoS map to limit the number of LVCs created and to redefine the mapping of the
EXP bits. Table 2 shows a configured CoS map. Based on this map, the binding table will have two VCs
named available and premium.
20-13
Chapter 20
Table 2
EXP Values
VC Number
VC Name
0, 4
Available
1, 5
Available
2, 6
Premium
3, 7
Premium
20-14
OL-7433-09
Chapter 20
The Cisco 10000 series router supports a maximum of 500 LVC service groups.
The Cisco 10000 series router does not support available bit rate (ABR) for ATM VCs. Therefore,
the router also does not support ABR LVCs.
All LVCs and the control-VC share the same QoS policy. Any QoS policy changes are applied to the
subinterface. All LVCs will then automatically share the new policy.
The Cisco 10000 series router must be running Cisco IOS Release 12.0(27)S or later releases.
The performance routing engine (PRE), part number PRE1 must be installed in the routers chassis.
To use MPLS QoS to full advantage in your network, the following functionality must be supported:
Multiprotocol Label Switching (MPLS)The standardized label switching protocol defined by
optimizes performance and scalability in networks that handle large volumes of traffic and
exhibit dynamic traffic patterns.
Asynchronous Transfer Mode (ATM)International standard for cell relay in which multiple
service types (such as voice, video, or data) are conveyed in fixed-length cells. ATM signaling
is required if you use ATM interfaces in your network.
traffic.
Weighted random early detection (WRED) to configure different discard priorities or classes of
service using the MPLS experimental field in the MPLS packet header.
20-15
Chapter 20
Configuring Multi-VC Mode Using the Default CoS Map, page 20-16
Purpose
Step 1
Step 2
Step 3
Step 4
Router(config-if)# mpls ip
Step 5
20-16
OL-7433-09
Chapter 20
Purpose
Step 1
Step 2
Step 3
Router(config-tag-cos-map)# exit
Step 4
Router(config)# access-list
access-list-number permit destination
Step 5
20-17
Chapter 20
Purpose
20-18
OL-7433-09
Chapter 20
MPLS traffic engineering allows constraint-based routing of IP traffic. One of the constraints satisfied
by constraint-based routing is the availability of required bandwidth over a selected path. DS-TE extends
MPLS TE so that constraint-based routing and admission control of special TE tunnels (referred to as
guaranteed bandwidth TE tunnels) are performed over a more restrictive bandwidth constraint than
regular TE tunnels. A more restrictive bandwidth constraint enables you to achieve higher QoS
performance (in terms of delay, jitter, or loss) for the guaranteed traffic.
The more restrictive bandwidth is referred to as a sub-pool, while the regular TE tunnel bandwidth is
called the global pool. The sub-pool is a portion of the global pool and applies to tunnels that carry traffic
requiring strict bandwidth guarantees or delay guarantees. The global pool applies to tunnels that carry
traffic requiring only differentiated service.
Having a separate pool for traffic requiring strict guarantees allows you to limit the amount of such
traffic admitted on any given link. Often, it is possible to achieve strict QoS guarantees only if the
amount of guaranteed traffic is limited to a portion of the total link bandwidth.
Having a separate pool for other traffic (best-effort or DiffServ traffic) allows you to have a separate limit
for the amount of such traffic admitted on any given link. This is useful because it allows you to fill up
links with best-effort and DiffServ traffic, thereby achieving a greater utilization of those links.
The DS-TE feature also extends the Open Shortest Path First (OSPF) routing protocol so that the
available sub-pool bandwidth at each preemption level is advertised in addition to the available global
pool bandwidth at each preemption level. The DS-TE feature also modifies constraint-based routing to
take this more complex advertised information into account during path computation.
For more information, see the MPLS Traffic EngineeringDiffServ Aware, Release 12.2(14)S feature
module.
Description
Required PRE
Release 12.3(7)XI
Release 12.2(28)SB
PRE2
Sub-pool Tunnels
A sub-pool tunnel carries traffic that requires strict bandwidth guarantees or delay guarantees, such as
real-time voice, virtual IP leased line, and bandwidth trading traffic. As traffic enters the sub-pool tunnel,
DS-TE marks the traffic with a unique value in the MPLS EXP field. The router places traffic with this
unique value in the guaranteed bandwidth queue at the outbound interface of every tunnel hop. The strict
guaranteed traffic has exclusive use of the guaranteed bandwidth queue; no other traffic can use this
queue.
DS-TE ensures that the guaranteed bandwidth queue is never oversubscribed and limits the amount of
traffic that enters the queue to a percentage of the total bandwidth of the corresponding outbound link.
Therefore, the amount of traffic sent into the sub-pool is never more than the amount the guaranteed
bandwidth queue can handle.
20-19
Chapter 20
Note
Open Shortest Path First (OSPF) or Intermediate System to Intermediate System (IS-IS) routing
protocols
QoS
IP CEF is enabled by default on the Cisco 10000 series router and it cannot be turned off. If you attempt
to disable IP CEF, an error appears.
Configuring DS-TE
To configure DS-TE, perform the following required configuration tasks:
20-20
OL-7433-09
Chapter 20
Purpose
Step 1
Step 2
or
Step 3
Router(config-router)# network
network-entity-title
Specifies the IS-IS network entity title (NET) for the routing
process.
network-entity-title specifies the area address and the system ID
for an IS-IS routing process. You can specify an address or a name
for network-entity-title.
Step 4
Step 5
Step 6
20-21
Chapter 20
Step 7
Command
Purpose
Router(config-router)# passive-interface
type number
Step 8
Specifies that the traffic engineering router identifier for the node
is the IP address associated with a specific interface.
interface-name specifies the IP address associated with the
loopback0 interface.
Note
Step 9
Note
20-22
OL-7433-09
Chapter 20
Step 1
Command
Purpose
Step 2
Step 3
Step 4
20-23
Chapter 20
Step 1
Command
Purpose
Step 2
Step 3
Step 4
Step 5
20-24
OL-7433-09
Chapter 20
Step 6
Command
Purpose
bandwidth 110000
ip unnumbered loopback0
tunnel destination 10.16.1.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth sub-pool 30000
tunnel mpls traffic-eng priority 0 0
tunnel mpls traffic-eng path-option 1 dynamic
Providing Strict QoS Guarantees Using DS-TE Sub-pool Tunnels, page 20-25
Providing Differentiated Service Using DS-TE Global Pool Tunnels, page 20-26
Providing Strict Guarantees and Differentiated Service in the Same Network, page 20-26
For guaranteed bandwidth service configuration examples, see the MPLS Traffic EngineeringDiffServ
Aware, Release 12.2(14)S feature module.
20-25
Chapter 20
If you only want to provide bandwidth guarantees, use the DiffServ assured forwarding queue (AF
PHB). On the Cisco 10000 series router, use one of the existing class-based weighted fair queuing
(CBWFQ) queues.
2.
Ensure that the router places the guaranteed traffic from the sub-pool tunnel in the guaranteed
bandwidth queue at the outbound interface of every tunnel hop, and that the router does not place
any other traffic in this queue. To do this, mark the traffic entering the tunnel with a unique value in
the MPLS EXP field. The router sends only the marked traffic into the guaranteed bandwidth queue.
3.
Ensure that the router does not oversubscribe the queue and instead sends only the amount of traffic
into the sub-pool tunnel that the guaranteed bandwidth queue can handle. To do this, limit the rate
of the guaranteed traffic before it enters the sub-pool tunnel. The aggregate rate of all traffic entering
the sub-pool tunnel is less than or equal to the bandwidth capacity of the sub-pool tunnel. For delay
or jitter guarantees, excess traffic is dropped. For bandwidth guarantees, excess traffic can be
marked differently for preferential discard.
4.
Ensure that the amount of traffic entering the guaranteed bandwidth queue is limited to an
appropriate percentage of the total bandwidth of the corresponding outbound link. The exact
percentage to use depends on several factors that can contribute to accumulated delay in your
network: your QoS performance objective, the total number of tunnel hops, the number of links
folded in along the tunnel path, the burstiness of the input traffic and so on. To do this, set the
sub-pool bandwidth of each outbound link to the appropriate percentage of the total link bandwidth
by adjusting the sub-pool kbps parameter of the ip rsvp bandwidth command.
2.
Mark each class of traffic using a unique value in the MPLS EXP field.
3.
Ensure that packets marked for a specific traffic class are placed in the queue for that class. The
tunnel bandwidth is set based on the expected aggregate traffic across all classes of service.
To control the amount of DiffServ tunnel traffic you intend to support on a given link, adjust the size of
the global pool on that link.
20-26
OL-7433-09
Chapter 20
Command
Purpose
Displays the tunnels that have been admitted locally and their
parameters such as priority, bandwidth, incoming and outgoing
interface, and state.
(Optional) interface name indicates to display only those tunnels
that are admitted on the interface specified by name (for example,
serial 1/0/0).
20-27
Chapter 20
Command
Purpose
For more information about these commands, see the MPLS Traffic EngineeringDiffServ Aware,
Release 12.2(14)S feature module.
Configuration Examples for Configuring the Tunnel Head Router, page 20-28
Configuration Examples for Configuring DS-TE on the Midpoint Routers, page 20-30
Configuration Example for Configuring DS-TE on the Tunnel Head Router, page 20-29
Configuration Example for Configuring DS-TE on the Tunnel Head Physical Interface, page 20-29
Configuration Example for Configuring DS-TE on the Tunnel Interface, page 20-29
20-28
OL-7433-09
Chapter 20
Configuration Example for Configuring DS-TE on the Tunnel Head Physical Interface
Example 20-5 activates DS-TE on the egress physical interface POS 2/0/0. This physical interface is
configured on the tunnel head router.
Example 20-5 Configuring DS-TE on the Tunnel Head Physical Interface
router-1(config)# interface POS2/0/0
router-1(config-if)# ip address 10.1.1.1 255.255.255.0
router-1(config-if)# mpls traffic-eng tunnels
router-1(config-if)# ip rsvp bandwidth 130000 130000 sub-pool 80000
router-1(config-if)# exit
20-29
Chapter 20
Note
Configuration Example for Configuring DS-TE on the Midpoint Router, page 20-30
Configuration Example for Configuring DS-TE on the Midpoint Network Interfaces, page 20-30
20-30
OL-7433-09
Chapter 20
Note
Configuration Example for Configuring DS-TE on the Tail-End Router, page 20-31
Configuration Example for Configuring DS-TE on the Tail-End Physical Interfaces, page 20-31
20-31
Chapter 20
To support the per VRF AAA feature, AAA must be VRF aware. Define operational parameters for each
VRF and secure them to the VRF partitions, using a virtual template interface. For more information
about setting AAA parameters, see the Configuring RADIUS Attribute Accept or Reject Lists section
on page 6-36.
For more information about the Per VRF AAA feature, see the Cisco 10000 Series Router Broadband
Aggregation, Leased-Line, and MPLS Configuration Guide.
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class maps
MPLS
20-32
OL-7433-09
Chapter 20
Feature
Related Documentation
MPLS QoS Multi-VC Mode for PA-A3, Release 12.2(2)T feature module
MPLS Label Distribution Protocol, Release 12.1(8a)E feature module
Multiprotocol Label Switching on Cisco Routers, Release 12.1(3)T feature module
MPLS Class of Service Enhancements, Release 12.1(5)T feature module
MPLS Virtual Private Networks (VPNs), Release 12.0(22)S feature module
Quality of Service Solutions Configuration Guide, Release 12.2
Policy maps
20-33
Chapter 20
Related Documentation
20-34
OL-7433-09
CH A P T E R
21
21-1
Chapter 21
For hierarchical QoS policies, the router applies the parent shape rate to each group of VLANs. At most,
a single VLAN can have a throughput equal to the parent shape rate. If all of the VLANs within the
VLAN group are active, the aggregate traffic of all active VLAN-group members is limited to the shape
rate.
In an 802.1Q VLAN implementation, the router passes a packet to the dot1q-encapsulated subinterface
only if the VLAN ID of the packet matches the VLAN ID configured for the subinterface. Otherwise,
the router passes the packet to the main interface. Therefore, you must create a subinterface with a
specific VLAN ID before the router can apply QoS on a VLAN ID that is configured as part of a VLAN
group.
Description
Required PRE
Release 12.2(31)SB22
PRE2
PRE3
VLAN-Groups
A VLAN-group is a traffic class that potentially consists of multiple IEEE 802.1Q VLAN subinterfaces.
A class map defines the VLAN group and the match criteria the router uses to classify the traffic as
belonging to a specific VLAN group. All of the subinterfaces belonging to a VLAN group share the
bandwidth allocated to the group and share the same class queue.
The match vlan command allows you to specify the VLANs you want to include in a VLAN group. The
configuration of a VLAN group can include individual VLAN ID values or a range of values. For
example, VLANs with IDs 3, 5-8, and 10 can form a VLAN group. The router treats the VLANs
specified in a VLAN group as an aggregate whole.
Note
If you specify the match vlan command in a class map, you cannot specify other match commands in
the same class map. Use the match vlan command only for VLAN grouping.
Only Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces support VLAN groups. For outbound
VLAN tag-based policies, use a shape command for each VLAN group.
21-2
OL-7433-09
Chapter 21
Addingclass
or removing
VLAN-group classes from a VLAN-group policy only affects QoS on the
vlangrp1
police
percent
subinterfaces
that you
added10or removed from the policy. Adding or removing class-default classes
service-policy
Child1
affects QoS only on the subinterfaces
that do not belong to any VLAN group.
class vlangrp2
Modifying police
a child policy
that30is applied to a VLAN-group class in a VLAN-group policy affects QoS on
percent
class
vlangrp3 that belong to that VLAN group. Modifying a child policy applied to a
all of the
subinterfaces
shape
class-default
class512000
affects QoS on all of the subinterfaces that do not belong to any VLAN group.
service-policy Child2
class
vlangrp4see the VLAN Tag-Based QoS section on page 21-1,
For more
information,
police 8000
service-policy Child3
VLAN ID
The class vlangrp1 is a valid configuration for input traffic because it has a non-queuing action
service-policy
Child3 to the subinterface has a QoS policy (for example, a non-queuing
If the virtual
template applied
class vgrp2
policy shape
that specifies
policing and marking for the PRE2 or all QoS actions for the PRE3), each PPP
512000
sessionservice-policy
traffic is uniquely
influenced by the policy defined at the virtual template. For example,
Child2
suppose
hierarchical QoS policy is configured to police traffic to 2 Mbps. Each PPPoE session
classa class-default
2000000
traffic shape
is uniquely
policed to 2 Mbps. The policy on the subinterface has no affect.
service-policy Child1
For input policies, if you apply a child QoS policy to a VLAN-group traffic class (created using the
Aggregate Session
Traffic
match-vlan
command in a class map), you must first configure a policing action. The router
supports non-queuing actions (policing) for input policies, and both queuing (shaping) and
Younon-queuing
cannot shape
the aggregate
session
trafficpolicies.
by applying a shaping policy to a VLAN group. Instead,
(policing)
actions
for output
when applying queuing policies to sessions, shape the aggregate session traffic by applying a shaping
policy
If you
attach
a VLAN-group
policy
in the outbound
direction,
configure
shaper
each VLAN
to an
802.1Q
VLAN or QinQ
subinterface.
For more
information,
seea the
QoS:forHierarchical
group
so
that
the
group
has
its
own
VTMS
link.
Otherwise,
the
traffic
for
that
VLAN
group
uses the
Queuing for Ethernet DSLAMs feature module for Cisco IOS Release 12.2(31)SB2.
VTMS link and queues of the main interface.
Although you cannot shape PPP sessions, you can police the sessions.
For VLAN-based classes with multiple VLAN match filters defined, traffic accounting is updated
as an aggregate under the first match-VLAN filter for the class in the policy. The router does not
maintain individual match-VLAN filter statistics.
21-3
Chapter 21
Class Maps
per Policy Map1
VLAN Groups
per VLAN-Group Policy
255
255
64
Feature
PRE2
PRE3
Not supported
Supported.
Aggregate priority queues should be well within
90% of the maximum rate to guarantee
performance.
Aggregate WRED
Not supported
Supported
Allows a maximum of 8 profiles per class and a
total of 21 profiles in a policy.
Not supported
VLAN-group policies
Supports simultaneous VLAN-group policy Does not support both VLAN-group policies and
and subinterface policies that are not part of subinterface policies on the same link
the VLAN-group policy.
simultaneously.
21-4
OL-7433-09
Chapter 21
Table 21-2
Feature
PRE2
PRE3
Not supported
Supported
Supported
When configuring a VLAN tag-based QoS policy map, the router applies the policy to one Ethernet
port and only to the VLANs on that particular port.
Class maps that contain the match vlan command cannot contain any other classification criteria.
Currently, the match vlan command is used only to group VLAN subinterfaces. Do not use the
command for any other purpose.
The match vlan counters update only for one-level QoS policies; they do not update for hierarchical
QoS policies.
The router does not support applying a VLAN-group policy to a virtual template.
The router does not support the random-detect and priority commands for traffic classes created
using the match-vlan command in class maps.
When creating a class map with the match vlan command, configure the match-any command as
the match type.
You cannot specify traffic classes created using the match-vlan command in the following policies:
Child policies
Policies attached to an interface other than a Fast Ethernet or Gigabit Ethernet interface
Policies in which a non-VLAN-based traffic class exists. (This does not include the
class-default class.)
VLAN group members across the VLAN groups in a VLAN-group policy are mutually exclusive.
Do not use VLAN ID 1 in a VLAN group unless you create a subinterface with VLAN ID 1.
For the PRE2, if a policy map specifies a particular VLAN ID, you cannot apply any service policy
map to subinterfaces that have that particular VLAN ID (or dot1q ID). However, on the PRE3, you
cannot apply policies to the main interface and to subinterfaces, even if the subinterface does not
have a matching VLAN-group ID.
You can apply a VLAN-group policy map only to the main interface; you cannot apply it to
subinterfaces.
You cannot add VLAN-group traffic classes to a policy that already has QoS services defined for
traffic classes, even if the class configuration is only the class-default class.
In a class map, you can specify only the match vlan command as the classification criteria if QoS
services are defined for the corresponding traffic class in the parent policy (top-level in a three-level
policy) of a hierarchical policy.
21-5
Chapter 21
In a class map, you cannot specify the match-vlan command as the classification criteria if QoS
services are defined for the corresponding traffic class in a child policy of a hierarchical policy.
You can apply a child policy to any traffic class in a VLAN-group policy map. The child policy is
not restricted to being applied only to the class-default class.
In a VLAN-group policy map, if you apply a child service policy to a traffic class of an input parent
policy, you must configure a non-queuing action such as policing before you apply the child policy.
You cannot configure any queuing actions for the parent class, such as shaping, priority, or
class-based weighted fair queuing (CBWFQ).
For example, consider the following sample configuration:
policy-map Input_Parent
class vlangrp1
police percent 10
service-policy Child1
class vlangrp2
police percent 30
class vlangrp3
shape 512000
service-policy Child2
class vlangrp4
police 8000
service-policy Child3
The class vlangrp1 is a valid configuration for input traffic because it has a non-queuing action
policies.
The class vlangrp3 is an invalid configuration for this input parent policy because it contains a
Note
If this was an output parent policy, the class vlangrp3 would be a valid configuration because
queuing actions such as shape are permitted for output policies.
The class vlangrp4 is a valid configuration for an input parent policy because it contains a
For an output parent policy, the PRE2 allows you to configure only the shape command on the
parent class. The PRE3 allows you to configure the shape command and the bandwidth remaining
ratio command on the parent class. The bandwidth remaining ratio command allows you to define
a proportionate share of the bandwidth for allocation to VLAN groups during periods of congestion.
You can configure the shape command and service-policy command for a traffic class of an output
parent policy.
For example, the following sample configuration shows how to configure an output parent policy:
policy-map Egress_Parent
class vgrp1
shape 128000
service-policy Child3
class vgrp2
shape 512000
service-policy Child2
class class-default
shape 2000000
service-policy Child1
21-6
OL-7433-09
Chapter 21
For the input direction, if you apply a QoS policy to a match-vlan traffic class, you must configure
a police action.
If you attach a VLAN-group policy in the outbound direction, configure a shaper for each VLAN
group so that the group has its own VTMS link. Otherwise, the traffic for that VLAN group uses the
VTMS link and queues of the main interface.
For VLAN-based classes with multiple VLAN match filters defined, traffic accounting is updated
as an aggregate under the first match-VLAN filter for the class in the policy. The router does not
maintain individual match-VLAN filter statistics.
You cannot delete a match-VLAN filter from a class map if only a single filter is configured in the
class map. You can modify the class map filters either by deleting the class from the policy or adding
the required VLAN filters to the class before deleting all of the VLAN filters from the class map.
Although the router supports QinQ subinterfaces, the VLAN Tag-Based feature does not support
QinQ subinterfaces under a VLAN group. You can use only 802.1Q subinterfaces for VLAN groups.
These subinterfaces have a single inner VLAN ID.
Configure the match-vlan command as the only filtering criteria for a class map.
If you attempt to apply a policy map that includes a traffic class for which the match-vlan command
and other match commands are configured, the attempt fails and an error message displays.
Configure VLAN-group traffic classes (created using the match-vlan command in a class map) only
in the parent class of hierarchical policy maps. For example, in a three-level hierarchical policy, the
parent class is the topmost level of the policy.
If you attempt to configure a VLAN-group traffic class in a child policy, the attempt fails and an
error message displays.
Attach VLAN-group policies (policies containing match-vlan traffic classes) only to Fast Ethernet
and Gigabit Ethernet interfaces.
Do not attach a policy map to an 802.1Q VLAN subinterface with a VLAN ID if the subinterface is
part of a VLAN-group with a defined policy.
If an 802.1Q VLAN subinterface has a VLAN ID that is specified as part of a VLAN-group and a
VLAN-group policy is attached to an interface, if you attempt to attach a QoS policy to the
subinterface participating in the VLAN group, the attempt fails and an error message displays.
21-7
Chapter 21
For a VLAN-group policy, you are not required to only attach child policies under the class-default
class of a parent policy. You may apply child policies to the class-default class of another child
policy, the class-default class of a parent policy, or to other classes defined in parent and child
policies.
Note
This applies only to VLAN-group policies. For other QoS policies, you must apply child
policies only to the class-default class of a parent policy.
Do not configure any other QoS actions for a parent class if you apply a child policy to that class.
For a VLAN-group policy, if a class of a parent policy map specifies the service-policy command,
do not configure any other QoS actions for that class.
Configure only the shape command in outbound parent classes of a VLAN-group policy if a child
policy is applied to that class.
Step 1
Command
Purpose
Examples
The following example configuration creates a VLAN group named customer1 with VLANs 2, 3, 4, 5,
and 7 as members of the group:
Router> enable
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# class-map match-any customer1
Router(config-cmap)# match vlan 2 3-5 7
Router(config-cmap)# exit
21-8
OL-7433-09
Chapter 21
Configuring QoS Policies for Traffic ClassesInbound VLAN Group and Class-Default Classes,
page 21-9
Configuring QoS Policies for Traffic ClassesOutbound VLAN Group and Class-Default Classes,
page 21-10
Configuring QoS Policies for Traffic ClassesInbound VLAN Group and Class-Default Classes
The class-default class is the only non-VLAN-group class allowed in a VLAN-group policy.
To configure an inbound QoS policy for VLAN-group traffic classes and the class-default class, enter
the following commands beginning in global configuration mode:
Step 1
Command
Purpose
Step 2
Step 3
Router(config-pmap-c)# service-policy
policy-map-name
Step 4
Step 5
Router(config-pmap-c)# service-policy
policy-map-name
21-9
Chapter 21
Example
The following example configuration shows how to configure a VLAN-group policy for inbound traffic.
In the example, QoS policies are created for VLAN traffic (policy1 and policy2) and for default traffic
(policy5). The policy map named input applies QoS services to VLAN groups and to the class-default
class for all of the inbound traffic that does not belong to the VLAN groups classes.
Router(config)# policy-map policy1
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# set cos 2
!
Router(config)# policy-map policy2
Router(config-pmap)# class vgrp1
Router(config-pmap-c)# police 64000
Router(config-pmap-c)# class vgrp2
Router(config-pmap-c)# police 512000
!
Router(config)# policy-map policy5
Router(config-pmap)# class class-default
Router(config-pmap-c)# police 8000
!
Router(config)# policy-map input
Router(config-pmap)# class vgrp-customer1
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# service-policy policy1
Router(config-pmap-c)# class vgrp-customer2
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# service-policy policy2
Router(config-pmap-c)# class class-default
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# service-policy policy5
Configuring QoS Policies for Traffic ClassesOutbound VLAN Group and Class-Default Classes
To configure an outbound QoS policy for VLAN group traffic classes and the class-default class, enter
the following commands beginning in global configuration mode:
Step 1
Command or Action
Purpose
Step 2
21-10
OL-7433-09
Chapter 21
Step 3
Command or Action
Purpose
Step 4
Router(config-pmap-c)# service-policy
policy-map-name
Step 5
Step 6
Step 7
Router(config-pmap-c)# service-policy
policy-map-name
Example
The following example configuration shows how to configure a QoS policy for outbound VLAN-group
traffic. In the example, QoS policies are created for VLAN traffic (policy1 through policy4) and for
default traffic (policy5). The policy map named output applies QoS services to VLAN groups and to the
class-default class for all of the traffic that does not belong to the VLAN groups classes.
Router(config)# policy-map policy1
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# set cos 2
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police percent 20
!
Router(config)# policy-map policy2
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# police 512000
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# police 64000
21-11
Chapter 21
!
Router(config)# policy-map policy3
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# bandwidth 64000
Router(config-pmap-c)# police percent 20
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# random-detect dscp 6
!
Router(config)# policy-map policy4
Router(config-pmap)# class vgrp2
Router(config-pmap-c)# bandwidth 128000
Router(config-pmap-c)# police percent 10
Router(config-pmap-c)# class vgrp1
Router(config-pmap-c)# bandwidth 64000
Router(config-pmap-c)# random-detect dscp 3
!
Router(config)# policy-map policy5
Router(config-pmap)# class class-default
Router(config-pmap-c)# police 32000
!
Router(config)# policy-map output-policy
Router(config-pmap)# class vgrp-customer1
Router(config-pmap-c)# shape 2000000
Router(config-pmap-c)# service-policy policy3
Router(config-pmap-c)# class vgrp-customer2
Router(config-pmap-c)# shape 512000
Router(config-pmap-c)# service-policy policy4
Router(config-pmap-c)# class class-default
Router(config-pmap-c)# shape 128000
Router(config-pmap-c)# service-policy policy5
Step 8
Command or Action
Purpose
21-12
OL-7433-09
Chapter 21
Step 9
Command or Action
Purpose
Step 10
Example
The following example configuration shows how to attach a VLAN tag-based policy named policy1 to
the Gigabit Ethernet main interface 1/0/0 for outbound traffic.
Router(config)# class-map match-any vlan-customer1
Router(config-cmap)# match vlan 10 -20
Router(config-cmap)# class-map child
Router(config-cmap)# match prec 1
Router(config-cmap)# exit
Router(config)# policy-map child-cust1
Router(config-pmap)# class child
Router(config-pmap-c)# bandwidth percent 10
Router(config-pmap-c)# exit
Router(config-pmap)# policy-map policy1
Router(config-pmap)# class vlan-customer1
Router(config-pmap-c)# shape 10000000
Router(config-pmap-c)# service-policy child-cust1
!
Router(config)# interface GigabitEthernet 1/0/0.1
Router(config-subif)# encapsulation dot1q 10
Router(config-subif)# interface GigabitEthernet 1/0/0
Router(config-if)# service-policy output policy1
Configuring a VLAN Tag-Based QoS Policy: Invalid Configuration Example, page 21-14
21-13
Chapter 21
21-14
OL-7433-09
Chapter 21
encapsulation dot1q 5
service-policy output subinterface-shaper
Related Documents
Related Topic
Document Title
802.1Q VLANs
Bandwidth starvation
Congestion management
Priority queues
21-15
Chapter 21
Related Documents
21-16
OL-7433-09
CH A P T E R
22
Physical layerUsed for shaping the physical interface such as the OC-3 port.
Class layerUsed for class queues, defined using the modular QoS command line interface (MQC)
policy map.
The 4-level HQF scheduler uses the same hierarchy as above, except that it splits the logical layer into
an upper logical layer for sessions and a lower logical layer for subinterfaces. For more information, see
the 4-Level Scheduler section on page 22-10.
The parallel express forwarding (PXF) engine performs all packet-level scheduling using the HQF.
Figure 22-1 shows the 3-level HQF hierarchy.
22-1
Chapter 22
Figure 22-1
Pkt queues
Class Layer
Note
153924
The PRE1 and PRE2 use the virtual time management system (VTMS) scheduling algorithm and do not
support the HQF architecture.
Description
Required PRE
Release 12.2(31)SB2
PRE3
Release 12.2(33)SB
PRE3, PRE4
Up to 15 queues per interface (2 priority queues [PQs], 12 nondefault queues, and 1 default queue)
22-2
OL-7433-09
Chapter 22
The HQF algorithm treats ATM virtual paths (VPs) as physical interfaces and uses the peak rate you
specify to shape bandwidth. The ATM segmentation and reassembly (SAR) mechanism is configured the
same as on the PRE2.
The following example shows how to create a PVP with a peak rate of 50,000 kbps:
interface atm 7/0/0
atm pvp 25 50000
22-3
Chapter 22
Note
You cannot simultaneously apply service policies to the physical interface and the subinterface.
For example, to shape the aggregate traffic on a VLAN subinterface, apply a hierarchical policy to the
subinterface as shown in the following configuration. In this example, the VLAN is shaped at 100 kbps.
policy-map child
class precedence0
bandwidth percent 10
class precedence1
shape average percent 50
random-detect
policy-map parent
class class-default
shape average 100000
service-policy child
22-4
OL-7433-09
Chapter 22
Note
At the class level, the router converts the values you specify for the bandwidth bps and bandwidth
remaining percent commands to a bandwidth-remaining ratio value. The router does not allow you to
configure the bandwidth bps and bandwidth remaining percent commands on the physical and logical
layers.
The 3-level scheduler on the PRE3 supports priority propagation by propagating the priority guarantees
you configure for subscriber services down to the logical interface level. Therefore, the priority traffic
is serviced first at the logical and class level. After servicing the priority traffic bandwidth, the 3-level
scheduler allocates unused bandwidth to the logical queues based on the configured
bandwidth-remaining ratio. In the default case, the 3-level scheduler allocates an equal share of the
unused bandwidth to each logical queue.
For ATM VCs, the 3-level scheduler shares bandwidth proportionally to each VCs bandwidth, if no
bandwidth remaining ratio (BRR) or VC weight is configured. For other types of subinterfaces, the
scheduler distributes the bandwidth equally, unless BRR is configured. The scheduler uses a default BRR
value of 1 if BRR is not specified, except for the ATM logical layer as mentioned above. The logical
layer BRR is completely independent from the BRRs configured at the class layer.
The 3-level scheduler supports shaping and scheduling only on the egress interface. The bandwidth
command must be configured as a percentage of the available bandwidth or as an absolute bandwidth.
You cannot concurrently configure the bandwidth and bandwidth remaining commands on the same
class queue or the same policy map.
For more information about the bandwidth-remaining ratio, see the Distribution of Remaining
Bandwidth Using Ratio section on page 5-14.
22-5
Chapter 22
For more information about the 4 level scheduler, see the 4-Level Scheduler section on page 22-10
Description
PRE Required
Release 12.2(31)SB2
PRE3
Release 12.2(33)SB
PRE4
We recommend that the sum of all priority traffic on a given interface not exceed 90 percent of the
physical bandwidth of that interface.
The 3-level scheduler does not support bandwidth propagation. Therefore, you cannot configure a
bandwidth guarantee for any queue other than a priority queue.
The sum of all priority traffic running on a given port must be less than or equal to 90 percent of the
port bandwidth.
Scheduling Hierarchy
As shown in Figure 22-1, the 3-level scheduler uses the following scheduling hierarchy to allocate
bandwidth for subscriber traffic:
Class layerThe 3-level scheduler uses virtual-time calendars to schedule class queues.
Logical layer (subinterface, session, or ATM VC)Virtual-time calendars perform weighted round
robin based on the weight of the logical interface and the number of bytes dequeued.
Physical layer (interface or ATM virtual path)A real-time calendar ensures that the maximum rate
for the class and the logical interface are not exceeded.
By using VP and VC scheduling with existing Cisco 10000 ATM line cards, the scheduler supports
priority propagation: cell-based VP shaping in the segmentation and reassembly (SAR) mechanism with
frame-based VC scheduling in the performance routing engine 3 (PRE3).
22-6
OL-7433-09
Chapter 22
Note
The 3-level scheduler does not support the priority kbps command.
Latency Requirements
Delay-sensitive traffic incurs a maximum of 10 milliseconds (ms) of latency on edge router interfaces
and a maximum of 1 ms of latency on core router interfaces. For interface speeds at T1/E1 and below,
the 3-level scheduler services 2 maximum transmission units (MTUs) of nonpriority traffic before
servicing a priority packet. Requirements for high-speed interfaces are not as strict as 2 MTUs, but are
always bound by 10 ms on edge interfaces and 1 ms on core interfaces.
The 3-level scheduler also supports the minimal latency requirement (2 MTUs of nonpriority traffic in
front of priority traffic) at the physical link rate. However, in some cases, it is impossible for the 3-level
scheduler to service all competing packets with a latency of 2 MTUs. For example, if many priority
packets compete at the same time for bandwidth, the last one serviced may incur latency that is greater
than 2 MTUs.
Table 22-1 lists the maximum latency requirements for various interface speeds.
Table 22-1
Interface Speed
Maximum Latency
2 MTU + 6 ms
2 Mbps to 1 Gbps
2 MTU
1 Gbps or greater
1 ms
22-7
Chapter 22
Note
The VLAN rate is at most 1 to 2 MTUs of nonpriority traffic in front of priority traffic, which would
bound the latency incurred by priority traffic (due to nonpriority traffic) at 1 to 2 MTUs served at the 10
GE rate.
The priority traffic of one logical interface cannot only impose burstiness on other traffic, but also starve
other traffic. The only way to prevent the starvation of other traffic is by configuring a policer on the
priority queue by limiting the percent of priority traffic to less than 90 percent of the parent bandwidth
and the port bandwidth.
Assuming that the traffic flow through each class is enough to require maximum possible bandwidth, the
3-level scheduler allocates bandwidth as described in Table 22-2.
Table 22-2
Traffic Class
Bandwidth Ratio
prec0
666 kbps
prec2
222 kbps
class-default
111 kbps
22-8
OL-7433-09
Chapter 22
Figure 22-2 shows an example of the queuing presentation based on the above configuration and
assuming that the Parent1 policy is enabled on subinterface 1 and the Parent2 policy is enabled on
subinterface 2, and that the interface speed is 2100 kbps.
22-9
Chapter 22
4-Level Scheduler
Figure 22-2
Video
Voice
Min: 100
Priority
Max: 100
Default
Min: 300
Priority
Max: 300
Min: 0
Bandwidth-remaining
ratio: 7
Max: 1000
Subinterface 2
Subinterface 1
Default
Min-rate : 0 kbps
Bandwidth-remaining
ratio: 7
Max-rate : 1000 kbps
Min-rate : 0 kbps
Bandwidth-remaining
ratio: 9
Max-rate : 1000 kbps
Min-rate : 0 kbps
Bandwidth-remaining
ratio: 1
Max-rate : 2100 kbps
Interface with
2100 kbps speed
190035
Interface
Based on the preceding configuration, the 3-level scheduler distributes bandwidth in the following way
(assuming that the voice traffic is active on subinterface 1 only and the video traffic is active on
subinterface 2 only):
A total of 400 kbps of bandwidth is used from the interface: 100 kbps-bandwidth guarantee for voice
traffic on subinterface 1 and 300-kbps bandwidth guarantee for video traffic on subinterface 2.
The remaining 1700-kbps bandwidth is distributed across the subinterface-level queues based on
their bandwidth-remaining ratios:
Subinterface 1 with bandwidth-remaining ratio 9 receives 956 kbps.
Subinterface 2 with bandwidth-remaining ratio 7 receives 743 kbps.
4-Level Scheduler
The 4-Level Scheduler feature enables you to configure per-session QoS and subinterface shaping of the
aggregate session traffic, just as the 3-level scheduler does. However, unlike the 3-level scheduler, the
4-level scheduler uses the following scheduling hierarchy to allocate bandwidth for subscriber traffic:
Class layerThe 4-level scheduler uses virtual-time calendars to schedule class queues and logical
interfaces.
Session layer (upper logical)Virtual-time calendars perform weighted round robin based on the
weight of the logical interface and the number of bytes dequeued.
Subinterface layer (lower logical) (VLAN, QinQ, or ATM VC)Virtual-time calendars ensure that
the maximum rate for the class and the logical interface are not exceeded.
22-10
OL-7433-09
Chapter 22
Note
The subinterface layer (lower logical) supports the bandwidth remaining ratio command for Ethernet
VLANs and ATM VCs, and the weight command for ATM VCs.
Physical layer (Ethernet interface or ATM virtual path)A real-time calendar ensures that the
maximum rate for the class and the logical interface are not exceeded.
The 4-level scheduler provides bandwidth sharing and maximum rate shaping among the sessions at the
session layer (upper logical) and at the same time among the VLANs and VCs at the subinterface layer
(lower logical). The scheduler supports the simultaneous oversubscription of the sessions on a VLAN or
VC and of the VLAN or VC on a physical port.
During congestion, the 4-level scheduler does the following:
1.
2.
Shares the distributed VLAN, QinQ, or VC bandwidth fairly among the sessions of that VLAN,
QinQ, or VC.
3.
Shares the bandwidth distributed to a session fairly among the class queues of that session.
Note
The router does not convert 3-level queuing hierarchies to 4-level hierarchies. Instead, if 3 levels are
needed, then the router uses only 3 levels.
For information about the 3-level scheduler, see the MQC Hierarchical Queuing with 3-Level
Scheduler section on page 22-5.
Description
PRE Required
Release 12.2(33)XNE1
PRE3, PRE4
22-11
Chapter 22
Related Documentation
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
Class-based shaping
Class maps
Policing
Policy maps
Traffic shaping
22-12
OL-7433-09
A P P E N D I X
2.
3.
4.
5.
6.
7.
Purpose
A-1
Appendix A
Purpose
Router(config-map-class)# frame-relay
interface-queue fair
Purpose
Router(config-map-class)# frame-relay
interface-queue fair weight weight
A-2
OL-7433-09
Appendix A
Purpose
Router(config-map-class)# frame-relay
interface-queue fair queue-limit limit
Example A-4 sets the threshold limit for packet drop to 2048.
Example A-4
Purpose
Step 1
Router(config-map-class)# frame-relay
interface-queue fair random-detect
Step 2
Router(config-map-class)# frame-relay
interface-queue fair random-detect
exponential-weight-constant exp
Router(config-map-class)# frame-relay
interface-queue fair random-detect
precedence [precedence min_threshold
max_threshold probability]
Step 3
A-3
Appendix A
Note
You must configure the Frame Relay weighted fair queue interface to use this feature (see Specifying
a DLCI Queue Weight section on page A-2). A priority queue is created for each DLCI that has
frame-relay ip rtp priority configured.
Parameters for Frame Relay IP RTP priority are configured using the map-class frame-relay command
(see the Creating a Map Class section on page A-1). When a map class with IP RTP defined is
associated with a Frame Relay interface, all DLCIs created for that interface are assigned a priority
queue for the RTP packets. A different map class can be associated with a different DLCI, which means
each DLCI is assigned a different RTP port range.
The following are examples of priority queues:
NCQ
A-4
OL-7433-09
Appendix A
To specify the RTP priority policy, enter the following command in map class configuration mode:
Command
Purpose
Example A-7 sets the IP RTP priority parameters for the map class named voice-traffic and applies the
class to serial interface 1/0/0/1:1. The example also assigns DLCI 927 and DLCI 928 to the voice-traffic
class.
Example A-7
A-5
Appendix A
To configure Frame Relay traffic shaping, enter the following commands beginning in interface
configuration mode:
Step 1
Command
Purpose
Creates a Frame Relay map class for Frame Relay traffic shaping.
map-class-name is the name of the map class.
Step 2
Router(config-map-c)# frame-relay
traffic-rate bps
or
Router(config-map-c)# frame-relay cir bps
and
Router(config-map-c)# frame-relay mincir
bps
Step 3
Router(config-map-c)# exit
Step 4
Step 5
Step 6
Router(config-if)# encapsulation
frame-relay
Step 7
Router(config-if)# frame-relay
traffic-shaping
Step 8
Applies the Frame Relay map class to the DLCIs on this interface.
Step 9
Router(config-if)# frame-relay
interface-dlci dlci-number
Creates the DLCIs on this interface. The DLCIs inherit the Frame
Relay map class applied on this interface.
Example A-8 creates a Frame Relay map class named frts with a committed information rate of 64,000
and a minimum rate of 64,000 during congestion. The example enables traffic shaping on serial
interface 1/0/0/1:1. DLCI 27, created on the interface, inherits the frts class applied to the interface.
Example A-8
A-6
OL-7433-09
A P P E N D I X
Create route maps to match BGP community lists, access control lists, and BGP AS paths
2.
2. Route arrives
3. QoS policy applied
Cisco
10000
series
Autonomous
system 60
Router
B
Autonomous
system 30
Autonomous
10737
Figure B-1
system 10
4. Packet sent with QoS policy
B-1
Appendix B
Match community 1, set the IP precedence to priority, and set the QoS group to 1.
Router(config)# route-map precedence-map permit 10
Router(config-route-ma)# match community 1
Router(config-route-ma)# set ip precedence priority
Router(config-route-ma)# set ip qos-group 1
Match IP address access list 69 or match AS path 1, set the IP precedence to critical, and set the QoS
group to 9.
Router(config)# route-map precedence-map permit 75
Router(config-route-ma)# match ip address 69
Router(config-route-ma)# match as-path 1
Router(config-route-ma)# set ip precedence critical
Router(config-route-ma)# set ip qos-group 9
B-2
OL-7433-09
Appendix B
ip
ip
ip
ip
ip
ip
ip
community-list
community-list
community-list
community-list
community-list
community-list
community-list
1
2
3
4
5
6
7
permit
permit
permit
permit
permit
permit
permit
60:1
60:2
60:3
60:4
60:5
60:6
60:7
B-3
Appendix B
Related Documentation
access-list
access-list
access-list
access-list
access-list
access-list
access-list
10
20
30
40
50
60
70
permit
permit
permit
permit
permit
permit
permit
61.0.0.0
62.0.0.0
63.0.0.0
64.0.0.0
65.0.0.0
66.0.0.0
67.0.0.0
The following example shows how to configure several interfaces to classify packets based on the IP
precedence and QoS group ID:
interface serial 5/0/0/1:0
ip address 200.28.38.2 255.255.255.0
bgp-policy source ip-prec-map
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 20 IETF
interface serial 6/0/0/1:0
ip address 200.28.28.2 255.255.255.0
bgp-policy source ip-qos-group
no ip mroute-cache
no cdp enable
frame-relay interface-dlci 20 IETF
Related Documentation
This section provides hyperlinks to additional Cisco documentation for the features discussed in this
chapter. To display the documentation, click the document title or a section of the document highlighted
in blue. When appropriate, paths to applicable sections are listed below the documentation title.
Feature
Related Documentation
B-4
OL-7433-09
GLOSSARY
A
AAA
AAL5
ABR
ADSL
anonymous link
A link that does not provide a PPP username or endpoint. Multilink PPP (MLP) combines all of the
anonymous links into a single bundle called an anonymous bundle or default bundle.
asymmetric digital
subscriber line
A digital subscriber line (DSL) technology in which the transmission of data from server to client is
much faster than the transmission from the client to the server.
Asynchronous
Transfer Mode
International standard for cell relay in which multiple service types (such as voice, video, or data) are
conveyed in fixed-length cells. Fixed-length cells allow cell processing to occur in hardware, thereby
reducing transit delays. ATM is designed to take advantage of high-speed transmission media such as
E3, SONET, and T3.
ATM adaptation
layer 5
This layer maps higher layer user data into ATM cells, making the data suitable for transport through
the ATM network.
QoS class defined by the ATM Forum for ATM networks. ABR is used for connections that do not
require timing relationships between source and destination. ABR provides no guarantees in terms of
cell loss or delay, providing only best-effort service. Traffic sources adjust their transmission rates in
response to information they receive describing the status of the network and its capability to
successfully deliver data.
ATM
B
bandwidth
The range of frequencies a transmission line or channel can carry. The greater the bandwidth, the
greater the information-carrying capacity of a channel. For a digital channel this is defined in bits. For
an analog channel it is dependent on the type and method of modulation used to encode the data.
BGP
Border Gateway
Protocol
Interdomain routing protocol that exchanges reachability information with other BGP systems. It is
defined in RFC 1163.
GL-1
Glossary
bps
bundle
A logical group of permanent virtual circuits (PVCs) with one virtual interface connecting to a peer
system.
C
CAR
CBR
CBWFQ
CEF
child policy
A policy map that defines one or more classes of traffic and the actions you want the router to take on
the traffic, just as non-hierarchical policy maps do. However, in hierarchical policy maps, child policies
are nested within a top-level parent policy, and then the parent policy is attached to the interface.
CIR
Cisco express
forwarding
An advanced Layer 3 IP switching technology. Cisco express forwarding (CEF) optimizes network
performance and scalability for networks with large and dynamic traffic patterns such as the Internet,
on networks characterized by intensive Web-based applications, or interactive sessions.
class-based
weighted fair
queuing
Extends the standard weighted fair queuing (WFQ) functionality to provide support for user-defined
traffic classes. For class-based weighted fair queuing (CBWFQ), you define traffic classes based on
match criteria including protocols, access control lists (ACLs), and input interfaces. Packets satisfying
the match criteria for a class constitute the traffic for that class. A queue is reserved for each class and
traffic belonging to a class is directed to the queue for that class. On the Cisco 10000 series router, the
CBWFQ feature allows a virtual access interface (VAI) to inherit the service policy of the virtual circuit
(VC) that the VAI uses.
class maps
A modular QoS CLI element that you can use to define traffic classification rules or criteria. Class maps
organize data packets into specific categories called classes that can, in turn, receive user-defined QoS
policies. The traffic class defines the classification rules for packets received on an interface.
class of service
The three most significant bits (the User Priority bits) of the 2-byte Tag Control Information field in
the IEEE 802.1p portion of a Layer 2 IEEE 802.1Q frame header. QoS uses the User Priority bits for
Layer 2 CoS information. IEEE 802.1p class of service-based packet matching and marking feature
enables the Cisco 10000 series router to interoperate with switches to deliver end-to-end QoS. The
IEEE 802.1p standard allows QoS to classify inbound Ethernet packets based on the value in the class
of service (CoS) field and to explicitly set the value in the CoS field of outbound packets.
committed
information rate
The reserved bandwidth for the queue. The rate at which a Frame Relay network agrees to transfer
information under normal conditions, averaged over a minimum increment of time. Committed
information rate (CIR), measured in bits per second, is one of the key negotiated tariff metrics.
QoS class defined by the ATM Forum for ATM networks. Constant bit rate (CBR) is used for
connections that depend on precise clocking to ensure undistorted delivery.
CoS
GL-2
OL-7433-09
Glossary
D
data-link connection A value that specifies a PVC in a Frame Relay network. In the basic Frame Relay specification, DLCIs
identifier
are locally significant (connected devices might use different values to specify the same connection).
In the LMI extended specification, DLCIs are globally significant (DLCIs specify individual end
devices).
DLCI
downstream rate
The line rate for return messages or data transfers from the network machine to the users customer
premises machine.
DSCP
DSL
E
encapsulation
The technique used by layered protocols in which a layer adds header information to the protocol data
unit (PDU) from the layer above.
endpoint
discriminator
A value a system uses when negotiating the use of Multilink PPP (MLP) with the peer system. The
default value is the username that is used for authentication.
Ethernet
One of the most common local area network (LAN) wiring schemes, Ethernet has a transmission rate
of 10, 100, or 1000 Mbps.
F
fragmentation
G
GE
Gigabit Ethernet.
GRE
Generic Route Encapsulation. A method of encapsulating any network protocol in another protocol.
H
hierarchical policy
A QoS policy in which multiple policies are configured into a single QoS policy. The hierarchical
policy combines one or more classes to apply specific actions on the aggregate traffic and to execute
class-specific actions. The non-hierarchical policy, on the other hand, defines only class-specific
actions. Hierarchical policies can have up to three levels configured.
GL-3
Glossary
hierarchical input
policing
A QoS model that defines policing policies at multiple levels of hierarchy for inbound packets. See also
hierarchical policies.
HTML
Hypertext Markup Language. The page-coding language for the World Wide Web.
http
Hypertext Transfer Protocol. The protocol used to carry world-wide web (www) traffic between a www
browser computer and the www server being accessed.
I
interleaving
Internet
A collection of networks interconnected by a set of routers that allow them to function as a single, large
virtual network.
Internet Protocol
IP
L
LFI
link fragmentation
and interleaving
The ability to fragment network level datagrams (and possibly interleave them) at the link layer.
Multilink inherently includes link fragmentation and interleaving capabilities, as do some other
technologies such as ATM.
load balancing
In routing, the capability of a router to distribute traffic over all its network ports that are the same
distance from the destination address. Good load-balancing algorithms use both line speed and
reliability information. Load balancing increases the use of network segments, thus increasing effective
network bandwidth.
M
Management
Information Base
Database of network management information that is used and maintained by a network management
protocol, such as SNMP or CMIP (Common Management Information Protocol). The value of a MIB
object can be changed or retrieved using SNMP commands, usually through a Network Management
System (NMS). MIB objects are organized in a tree structure that includes public (standard) and private
(proprietary) branches.
marking
A QoS tool used to differentiate packets based on designated markings. Using marking, you can
partition your network into multiple priority levels or classes of service. Marking simplifies the
network Qos design and QoS tools configuration, and reduces the overhead of packet classification by
other QoS tools.
MIB
MLP
GL-4
OL-7433-09
Glossary
MLP bundle
A virtual interface that connects to a peer system. MLP bundles consist of multiple physical links.
MP
Modular QoS
command-line
interface
Also referred to as modular CLI. A platform-independent CLI for configuring QoS features on Cisco
products.
MPLS
MPLS VPN
MQC
multicast
Single packets copied by the network and sent to a specific subset of network addresses. These
addresses are specified in the Destination Address Field.
Multilink PPP
Multilink Point-to-Point Protocol, RFC 1990. Commonly abbreviated as MLP within Cisco; however,
the correct abbreviation is MP. This protocol is a method of splitting, recombining, and sequencing
datagrams across multiple logical data links.
multipoint
subinterface
Multipoint networks have three or more routers in the same subnet. For Dynamic Bandwidth Selection,
if you put the PVC in a point-to-multipoint subinterface or in the main interface (which is multipoint
by default), you need to either configure a static mapping or enable inverse Address Resolution
Protocol (ARP) for dynamic mapping.
Multiprotocol Label
Switching
Switching method that forwards IP traffic using a label. This label instructs the routers and the switches
in the network where to forward the packets based on preestablished IP routing information.
N
NAS
nested hierarchical
policy
A QoS model that defines policies at two levels of hierarchy. See also hierarchical policies.
NetFlow
network access
server
Cisco platform (or collection of platforms) that interfaces between the packet world (for example, the
Internet) and the circuit world (for example, PSTN).
NVRAM
Non-Volatile
Random Access
Memory
The router uses this memory to store configuration information. The contents of this memory are not
lost after a reboot or power cycle of the unit.
GL-5
Glossary
O
oversubscription
A method of improving network utilization by assigning a committed rate that is greater than the speed
of an interface or subinterface, or greater than the capacity of a VC port.
P
parent policy
A QoS policy that defines the shape rate for the child traffic on an interface. The parent policy contains
only the class-default class; it can contain no other classes.
PCR
permanent virtual
circuit
Virtual circuit that is permanently established. PVCs save bandwidth associated with circuit
establishment and tear down in situations where certain virtual circuits must exist all the time. In ATM
terminology, called a permanent virtual connection. See also virtual circuit (VC).
permanent virtual
path
Point-to-Point
Protocol
The successor to SLIP, Point-to-Point Protocol (PPP) provides router-to-router and host-to-network
connections over both synchronous and asynchronous circuits.
point-to-point
subinterface
With point-to-point subinterfaces, each pair of routers has its own subnet. If you put the PVC on a
point-to-point subinterface, the router assumes that there is only one point-to-point PVC configured on
the subinterface. Therefore, any IP packets with a destination IP address in the same subnet are
forwarded on this VC. This is the simplest way to configure the mapping and is, therefore, the
recommended method.
policing
A traffic regulation mechanism that is used to limit the rate of traffic streams. Policing allows you to
control the maximum rate of traffic sent or received on an interface. Policing propagates bursts of traffic
and is applied to the inbound or outbound traffic on an interface. When the traffic rate exceeds the
configured maximum rate, policing drops or remarks the excess traffic.
policy map
A modular CLI (MQC) element that enables you to create QoS policies to tell the router the QoS actions
and rules to apply to packets belonging to a particular traffic class.
PPP
PPPoA
PPP over ATM. Enables a high-capacity central site router with an Asynchronous Transfer Mode
(ATM) interface to terminate multiple remote PPP connections.
PPPoE
PPP over Ethernet. Allows a PPP session to be initiated on a simple bridging Ethernet connected client.
Refers to a signaling protocol defined within PPPoE as well as the encapsulation method. See also
RFC 2516.
PPPoEoA
PPP over Ethernet over ATM. Allows tunneling and termination of PPP sessions over Ethernet links
and allows for Ethernet PPP connections over ATM links.
PPPoEoE
PPP over Ethernet over on Ethernet. Allows tunneling and termination of PPP sessions over Ethernet
links and allows for Ethernet PPP connections over Ethernet links.
Cisco 10000 Series Router Quality of Service Configuration Guide
GL-6
OL-7433-09
Glossary
PPPoEo802.1Q
VLAN
PPP over Ethernet over IEEE 802.1Q VLANs. Allows tunneling and termination of Ethernet PPP
sessions across VLAN links. IEEE 802.1Q encapsulation is used to interconnect a VLAN-capable
router with another VLAN-capable networking device. The packets on the 802.1Q link contain a
standard Ethernet frame and the VLAN information associated with that frame.
PPPoX
PQ
priority queuing
A class queue that is given priority over other queues. The router dequeues and transmits priority queue
data before it dequeues and sends packets in other queues. Using priority queuing, delay-sensitive data
such as voice receives preferential treatment over other traffic.
PTA
PPP termination aggregation. A method of aggregating IP traffic by terminating PPP sessions and
aggregating the IP traffic into a single routing domain.
PTA-MD
PTA Multi-Domain. A method of aggregating IP traffic by terminating PPP sessions and aggregating
the IP traffic into a VPN or multiple IP routing domains.
PVC
PVP
Q
QoS
QPPB
quality of service
Quality of service (QoS) refers to the ability of a network to provide improved service to selected
network traffic over various underlying technologies including Frame Relay, ATM, Ethernet and
802.1 networks, SONET, and IP-routed networks. Cisco IOS QoS technology lets complex networks
control and predictably service a variety of networked applications and traffic types.
queue depth
A user-configurable limit on the number of packets that the router can place onto a queue. During
periods of high traffic, a queue fills with packets waiting for transmission. When a queue reaches its
queue depth and becomes full, by default the router drops packets until the congestion is eliminated and
the queue is no longer full.
queuing delay
Amount of time that data must wait before it can be transmitted onto a statistically multiplexed physical
circuit.
R
RADIUS
Remote Authentication Dial-In User Service (RADIUS). A client/server security protocol created by
Livingston Enterprises. Security information is stored in a central location, known as the RADIUS
server.
GL-7
Glossary
random early
detection
An alternative mechanism for avoiding congestion of Layer 3 queues. Random early detection (RED)
implements a proactive queuing strategy that manages congestion before a queue reaches its queue
depth or limit.
RIP
Routing Information Protocol. An IGP used to exchange routing information within an autonomous
system, RIP uses hop count as a routing metric.
route
The path that network traffic takes from its source to its destination. The route a datagram follows can
include many gateways and many physical networks. In the Internet, each datagram is routed
separately.
router
A system responsible for making decisions about which of several paths network (or Internet) traffic
will follow. To do this, it uses a routing protocol to gain information about the network and algorithms
to choose the best route based on several criteria known as routing metrics.
routing table
Information stored within a router that contains network path and status information. It is used to select
the most appropriate route to forward information along.
S
See sustainable cell rate.
SCR
sustainable cell rate Parameter defined by the ATM Forum for ATM traffic management. For VBR connnections, SCR
switched virtual
circuit
A virtual circuit that is dynamically established on demand and is torn down when transmission is
complete. SVCs are used in situations where data transmission is sporadic. Called a switched virtual
connection in ATM terminology.
T
tail drop
The default congestion avoidance mechanism for Layer 3 queues. Tail drop activates when a queue
becomes full. After being activated, no packets make it to the queue. Tail drop treats all traffic equally
and does not differentiate between classes of service.
three-level
hierarchical policy
A QoS model that defines policies at three levels of hierarchy. See also hierarchical policies.
token bucket
An algorithm used o manage the maximum rate of traffic. This algorithm defines the maximum rate of
traffic allowed on an interface at a given moment in time. The token bucket algorithm is especially
useful in managing network bandwidth in cases where several large packets are sent in the same traffic
stream. The algorithm puts tokens into the bucket at a certain rate. Each token is permission for the
source to send a specific number of bits into the network.
ToS
GL-8
OL-7433-09
Glossary
U
UBR
A QoS class defined by the ATM Forum for ATM networks. UBR allows any amount of data up to a
specified maximum to be sent across the network, but there are not guarantees in terms of cell loss rate
and delay.
upstream rate
The line rate for message or data transfer from the source machine to a destination machine on the
network.
V
VAI
VBR
VBR-nrt
VBR-rt
VC
VCI
VCL
A QoS class defined by the ATM Forum for ATM networks. Variable bit rate (VBR) is subdivided into
a real time (rt) class and nonreal time (nrt) class. See also variable bit rate-nonreal time and variable
bit rate-real time.
variable bit
rate-nonreal time
A QoS class defined by the ATM Forum for ATM networks. Variable bit rate-nonreal time (VBR-nrt)
is used for connections in which there is no fixed timing relationship between samples, but that still
need a guaranteed QoS.
variable bit rate-real A QoS class defined by the ATM Forum for ATM networks. Variable bit rate-real time (VBR-rt) is used
time
for connections in which there is a fixed timing relationship between samples.
virtual access
interface
An instance of a unique virtual interface that is created dynamically and exists temporarily. Virtual
access interfaces can be created and configured differently by different applications, such as virtual
profiles and virtual private dialup networks (VPDNs).Virtual access interfaces are cloned from virtual
template interfaces.
virtual channel
identifier
A 16-bit field in the header of an ATM cell. The virtual channel identifier (VCI), together with the VPI,
is used to identify the next destination of a cell as it passes through a series of ATM switches on its way
to its destination. ATM switches use the VPI/VCI fields to identify the next network VCL that a cell
needs to transmit on its way to its final destination. The function of the VCI is similar to that of the
DLCI in Frame Relay.
Connection between two ATM devices. A virtual channel connection is made up of one or more VCLs.
GL-9
Glossary
virtual circuit
Logical circuit created to ensure reliable communication between two network devices. A virtual
circuit is defined by a VPI/VCI pair, and can be either permanent (PVC) or switched (SVC). Virtual
circuits are used in Frame Relay and X.25. In ATM, a virtual circuit is called a virtual channel.
Sometimes abbreviated VC.
virtual LAN
A group of devices on one or more local area networks (LANs) that are configured (using management
software) so that they can communicate as if they were attached to the same wire, when in fact they are
located on a number of different LAN segments. Because virtual LANs (VLANs) are based on logical
instead of physical connections, they are extremely flexible.
virtual path
One of two types of ATM circuits identified by a VPI. A virtual path is a bundle of virtual channels,
all of which are switched transparently across an ATM network based on a common VPI.
virtual path
identifier
An 8-bit field in the header of an ATM cell. The VPI, together with the VCI, is used to identify the next
destination of a cell as it passes through a series of ATM switches on its way to its destination. ATM
switches use the VPI/VCI fields to identify the next VCL that a cell needs to transmit on its way to its
final destination. The function of the VPI is similar to that of the DLCI in Frame Relay.
virtual template
interface
A logical interface configured with generic configuration information for a specific purpose or
configuration common to specific users, plus router-dependent information. The template takes the
form of a list of Cisco IOS interface commands that are applied to virtual access interfaces, as needed.
VLAN
VPI
W
WAN
weighted fair
queuing
Congestion management algorithm that identifies conversations (in the form of traffic streams),
separates packets that belong to each conversation, and ensures that capacity is shared fairly between
these individual conversations. WFQ is an automatic way of stabilizing network behavior during
congestion and results in increased performance and reduced retransmission.
weighted random
early detection
A mechanism for avoiding congestion of Layer 3 queues. Weighted random early detection (WRED)
combines the capabilities of the random early detection (RED) mechanism with IP precedence,
differential services code point (DSCP), and discard-class to provide preferential handling of higher
priority packets. WRED attempts to anticipate and avoid congestion. WRED implements a proactive
queuing strategy that manages congestion before a queue reaches its queue depth. By selectively
dropping packets, WRED prevents packets from enqueuing to the Layer 3 queue.
WFQ
A data communications network that spans any distance and is usually provided by a public carrier
(such as a telephone company or service provider).
WRED
X
Cisco 10000 Series Router Quality of Service Configuration Guide
GL-10
OL-7433-09
Glossary
xDSL
Various types of digital subscriber lines. Examples include ADSL, HDLS, and VDSL.
GL-11
Glossary
GL-12
OL-7433-09
INDEX
Numerics
marking
3-level hierarchical policies
parent policies
matching
10
14
14
3, 29
11
12
line cards
aa5snap
16
AAA
user profiles
oversubscription factor
5, 14
10
ACL
queuing modes
9
7
service categories
atm pxf queuing mode
15, 4
4, 10, 12, 13
on interfaces
13
23
13
traffic classes
21
adding
ATM bundle members
23
23
43
48
virtual circuits
unshaped
17
17
5, 6
ATM CLP
in random-detect command
ATM
atm pxf queuing command
atm pxf queuing mode
WRED
31
11
configuration examples
45
VC oversubscription
Frame Relay
attaching policies
26
description
10
IN-1
Index
verification examples
13
minimum percentage
2, 10
15, 8, 7
14
5, 31, 7, 15, 6, 11
1, 4, 10, 3
39
AToM
reservation
restrictions
26
starvation
13
total bandwidth
14
attaching
4, 10
unused bandwidth
bandwidth command
22
2, 7
non-supporting interfaces
20
12
interfaces supporting
27
9, 3
3
4
7, 3
bandwidth-remaining command
10, 3, 8
BBA group
attaching to interfaces
bba-group command
bandwidth
allocating PVC bandwidth share
allocating unused bandwidth
28
27
configuration example
configuring PPPoE
27
27
Bc
25, 2
committed burst
specifying
26, 46
21
Be
metering
2, 4, 10
specifying
10
BECN
2, 10
11
2, 4, 10
22
12, 13
22
calculating
4, 7
bits
14
bottom-level policies
nesting child policies
13
IN-2
OL-7433-09
Index
33
calculating
bandwidth in kilobits per second
bandwidth percentage
bumping
circuit
committed burst
17
27
3, 16
4, 10
excess burst
22
policing rate
25
3
6, 9
cbr command
16
13, 8
adding
ATM PVC members
bundle members
CBWFQ
23
4, 7
23
CDVT
43, 45
48
CEF
VC classes
20
in random-detect command
29
WRED
creating
ATM bundles
configuration guidelines
1
31
traffic bumping
verifying bundles
13
31
description of
16
52
9, 12, 14
40
PVC selection
49
4, 14
protection rules
11
child policies
36, 42
monitoring bundles
31
18, 20
12, 27
22, 27
configuration examples
12, 27
attaching
PVC
4, 10
22
16
bundle command
bundles
10
17
2
circuit bumping
17
class
3
28
class-default
9, 12
burst-excess
burst-normal
17
9
4, 16
IN-3
Index
class-bundle command
class command
description of
19, 3, 5
11
maximum number
classification
classification byte counts
class-vc command
by DSCP
by IP precedence level
creating class maps
commands
access list
1, 11, 12
11
13
bandwidth
12
defining
11
bandwidth remaining
7, 3
bandwidth-remaining
bump
3, 1
3, 4
match statements
bump implicit
class
11
13, 8
19, 9, 10, 21
class-map
class-vc
10
3, 12
9, 10
dbs enable
10
12
21
class policies
configuring in a policy map
class-map match
11
33
6, 9
class-bundle
class of service
recommended values
bump explicit
cbr
27
bundle
5, 7
10, 3
system limits
6, 10, 34
bba-group
example configuration
Frame Relay
14
description of
31, 15, 6, 11
15, 8
bandwidth percent
10
class maps
classifying traffic
atm over-subscription-factor
3, 12
10
atm oversubscribe
creating
by group ID
6, 7
12
classifying packets
marking
scaling limits
12
class queues
19, 5, 9, 10, 21
class-default class
11
encapsulation dot.1q
19
encapsulation dot1.q
22
34
IN-4
OL-7433-09
Index
encapsulation frame-relay
exp other
ppp multilink
16
36
frame-relay class
19, 16, 45
frame-relay interface-dlci
17, 16
frame-relay interface-queue
frame-relay ip rtp priority
precedence
2, 3
precedence other
priority
interface multilink
protect
36
pvc
match-all
12, 13
15
pvc-bundle
match-any
queue-depth
match cos
queue-limit
match discard-class
match fr-de
service-policy
set
match mpls-experimental
set discard-class
15, 9, 6
5, 6, 9
5, 6, 9, 5
11, 35
3, 9, 21
15, 4
16
5, 6, 9, 13
5, 6, 10, 4
police percent
5, 6, 11
shape
11
16
19
set qos-group
10
5, 6, 9
policy-map
5, 6, 9, 14
3, 10, 5
set ip precedence
5, 6, 12
set ip dscp
police
set cos
set fr-de
mpls experimental
oam retry
8, 4
set atm-clp
16
match mpls-experimental-imposition
match qos-group
random-detect precedence
match ip precedence
oam-bundle
5, 6
random-detect exponential-weight-constant
match ip rtp
5, 6, 4
random-detect dscp
match ip dscp
random-detect
match input-interface
match-not
12
39
8, 9, 13
pvc-in-range
10
38
28
1, 5
match access-group
10, 11
26
map-class frame-relay
match
38
interface virtual-template
37
5, 6, 10
propagate-cos
ip rsvp bandwidth
8, 9, 26
16
frame-relay vc-bundle
11
frame-relay map-class
frame-relay traffic-shape
41
41
16
IN-5
Index
show class-map
discard-class marking
13, 16
show controllers
41
percent-based policing
queue size
33
32
33
sub-pool
ubr
33
31
33
42
29
26
26
28
conforming traffic
conform-action
8, 9
7, 6, 10, 20
vbr-nrt
16, 8
vc-class
29
packet sizes
9, 11
virtual-template
27
tail drop
6, 9, 21, 8
management of
queue limit
configuring
ATM cell loss priority marking
25
29
22
13, 8
10
creating
26
34
11
8, 9
6, 23
22
18
controlling
committed burst
calculating
26
congestion
22, 24
burst size
21
vc-class atm
weight
20
zzzz>
15, 8
ubr+
38
28
33
33
11, 26
QoS
8, 33, 27
20
31
12, 18, 28
22
32
5, 6
34, 33
show vlans
IP precedence marking
32, 23, 32
show policy-map
33
ATM bundles
18, 20
24
IN-6
OL-7433-09
Index
class maps
12
36, 39, 42
assured forwarding
binary values
19
bits
DSCP
D
data, policing rate
23
discard-class
marking traffic
17, 16
setting
12
6
16, 33
DLCI
12
assigning
16
default class
bandwidth-remaining command
default traffic class
delay, managing
based on CLP
31
12, 3
assured forwarding
assured forwarding, class drop probability
assured forwarding classes
best effort, DSCP 0
10
22
32
per-hop behavior
17
12
21
9, 11
drop profiles
for WRED
recommended values
21
6, 7
dropping packets
11
reserved keywords
16
differentiated services
DSCP
values
19
description of
DE bit
expedited forwarding
names
40
34
IN-7
Index
policing policies
affect on sessions
bandwidth updates
CBR PVCs
exceeding packets
12
excess burst
17
calculation of
9, 11
default size
22
22
police command
5, 13
protocols supported
size
RADIUS attributes
13
specifying
EXP bit
service category
6, 22
22
12, 13
18, 22
debug commands
transitions
26
10
restrictions
7, 6, 10, 20
excess bandwidth
11
VC classes
enabling
14
PVC ranges
exceeding actions
configuring
PVCs
expedited forwarding
35
exponential-weight-constant
21
random-detect command
exp other command
36
19
22
fair queues
creating at three levels
16
Ethernet
13
4
11, 12
15
13
21, 31
21, 31
18
flow control
on Layer 2 queues
39
IN-8
OL-7433-09
Index
fragmentation
differentiated service
Frame Relay
in DS-TE
16
18
10
child policies
3
oversubscription
15
6, 10
restrictions for
11
attaching
9
13
4
13
4, 7, 8, 10
17, 19, 16
16
2, 3
13
6, 10
36
parent policies
4, 7, 8, 10
6, 8
verifying
29
27
hierarchical shaping
4, 5, 6
configuration examples
21
overview
19
12
11, 10
verification examples
12
6, 7
34
22
2, 4
configuration examples
8, 5, 6
benefits of
child policies
21
traffic shaping
description of
hierarchical policies
priority queues
19
map classes
restrictions
10
configuring
4, 5
FRTS
13
exponential-weight-constant
FRF.12
encapsulation types
PVCs
20
11, 12
drop policy
IP RTP
26
restrictions
4
8
IN-9
Index
bandwidth command
2, 7
hierarchical policies
12
marking
20
24, 38
policing
17
priority queuing
queue-limit
I
IEEE 802.1p, for inbound and outbound packets
IEEE 802.1Q, frame headers
random-detect
21
traffic shaping
13
5, 31, 2, 45
12
10
ATM QoS
QoS inheritance
21
oversubscribing
10
10
21
12
12
30
interleaving
internal marking
interfaces
ATM, queuing outbound traffic
discard-class
qos-group
attaching
ATM QoS policies
LAC QoS
30
policy maps
3
23
hierarchical policies
12
4
9
17
21
12
7, 4
20
22
18
IP Real-Time Protocol
priority queuing
22
random-detect
shaping
VoIP
recommended values
bandwidth command
queue-limit
DSCP value
IP precedence
policing
marking
13
Internet Protocol
12, 32
set qos-group
2, 5, 7, 8
IP RTP
26
4, 5
13
IP sessions
configuration examples for MQC
23
interfaces supporting
Cisco 10000 Series Router Quality of Service Configuration Guide
IN-10
OL-7433-09
Index
configuring MQC
interface support
MQC support
IPv4 packets
45
19
17
18
per-session shaping
21
low watermark
19
20
LSR
lwm
24, 38
J
jitter, managing
21, 31
10
priority queues
map classes
10
16
16
13
class of service
2, 10, 15
class of service
32
30
QoS group
description of
discard-class
DSCP marking
28
2
21
2, 16, 15
2, 15
10
31
24
22
MPLS experimental
26
33
IP precedence
3
29
13
LFI
FRF.12 fragmentation
14
configuring
31
30
31
marking
actions
15
LAC
QoS inheritance
20
20
2, 15
14
IN-11
Index
18
2, 13, 15
MLP
20
2, 15
37
match command
pxf queuing
class map
3, 4
implementing QoS
12, 10
2, 34, 50, 29
3, 4
service-policy
3, 4
monitoring
1, 5, 9
bursts
CE routers
16
MPLS experimental
bits
16
4
8, 12, 31
8, 4
15
14
configuring marking
32
41
QoS policies
23
policing
match-not command
4, 7
policy map
4, 6, 7
2, 15
match-any command
2, 5, 7, 11
15
maximum threshold
default values
39
description of
19
11
match-all command
21
2, 15
39
MPLS QoS
services supported
tunnel modes
11
pipe mode
10
minimum threshold
18
2
default values
39
description of
19
multi-VC MLP
13
IN-12
OL-7433-09
Index
N
NAS
12
configuration commands
5, 7
configuration examples
configuring
13
description of
Ethernet
percent-based policing
parent policies
restrictions for
4
7
26
feature history
features
31
7
hierarchical policies
interfaces supported
PRE requirements
network-forwarding policy
restrictions
20
4, 13, 3, 9, 25, 6, 7
12
shape command
15, 9
13
14
13
11
queuing actions
10, 11, 12
18
user-defined offset
verifying
4, 8, 9
12
oversubscription
ATM line cards
oam-bundle command
oam retry command
10
11
12
22
ATM
benefits of
configuration examples
configuring
38
10
17
bandwidth command
5
4
interface
15, 5
53
calculation
ATM VC
overhead accounting
AAL5
11
7, 11, 12, 15
11, 10
2, 45
IN-13
Index
restrictions
feedbacks
18
parent policies
description of
QoS performance
shaping VCs
53
18
service-policy command
41
shape command
oversubscription factor
15
10
8, 18
PCR
See peak cell rate.
13
packet drops
verifying
multiple sessions
32
packet marking
packets
classifying
23
priority, configuring
per-class mode
20
red packets
10
per-match mode
6, 7
4
3, 9, 12
5, 11, 13
violating packets
45
50
VoIP classification
verifying
50
46
description of
MPLS packets
yellow packets
per-hop behavior
service policy
specifying QoS
IP packets
rate limiting
queue limit
10
per session
matching packets
PAK_Priority
percent-based
policing, configuring
drop policy
Frame Relay
bandwidth, configuring
13
15
percentage-based shaping
IPv4 packets
13
17
4, 10, 13
32
3, 10
police actions
IN-14
OL-7433-09
Index
set-cos-transmit
set-frde-transmit
police command
set-discard-class-transmit
15
set-dscp-transmit
14
12, 3
set-dscp-tunnel-transmit
5, 6, 7, 6, 9
set-frde-transmit
11, 32, 35
12, 3
set-mpls-exp-imposition-transmit
policies
set-mpls-exp-transmit
attaching
set-prec-transmit
14
23
25
class-based policing
conform-action
effects of shaping
violate-action
13
input
output
19
17
18
18
18
7
7
5
6
percent-based policing
11, 34
policing actions
10
10
11
policy map
attaching to interfaces
2, 12, 32, 4
12, 3
6, 7
11
41
6, 12
yellow packets
policy actions
nested policies
violating packets
6, 22
green packets
6, 10, 20
exceeding packets
excess burst
two-color marker
6, 10, 20
conforming packets
6, 9, 20
26
6, 9, 8
12
4, 5, 33
exceed-action
three-color marker
28
26
committed burst
11, 26
31
drop
13
actions
rate granularity
21, 22, 23
12, 4
set-qos-transmit
30, 31
12, 4
set-prec-tunnel-transmit
2, 5
12, 4
set-clp-transmit
12, 3
set-cos-transmit
configuration example
10, 16
17
25, 29, 30, 12, 14
IN-15
Index
3, 19
precedence levels
2, 20
definition of
priority
17
18
1, 2
2, 4
output actions
field
queue
priority queuing
bandwidth command
policy-map command
qos match statistics
configuring
3, 9, 10, 21
2, 4
verifying configuration
Frame Relay
1
4
12, 20
policy maps
25
5
propagate-cos command
protect command
PVC bundles
precedence command
28
8, 9, 13
38
adding
33
28
40
11
12, 13
pvc-bundle command
PPPoE
sessions
8, 9, 26
11
random-detect command
20
PPP
tunneled sessions
3, 19, 5
25
description of
8k
5, 6, 10
policy-map command
21
10
priority command
policy actions
38
description of
40
bundle members
23
23
43
45
48
23
IN-16
OL-7433-09
Index
attaching
VC classes
22, 27
bumping PVCs
configuration examples
benefits of QoS
29
creating
class map
ATM bundles
49
configuring QoS
monitoring bundles
protection rules
PVC selection
31
inheritance
1, 2
12
traffic shaping
17
LAC inheritance
4, 6, 7, 8
30
28
Model D.2
5, 6
15
39
Model F
7
7
12
18
Frame Relay
14
for subscribers
52
31
verifying bundles
features
11
40
traffic bumping
PXF
3, 4
4, 14
mapping
pvc command
20, 36, 42
18
21, 22, 23
16
23
packet marking
per session
rate limiting
service policy
policing traffic
QoS
applying service policies
policy map
3, 5, 31
3, 4
QoS actions
11, 26
definition of
precedence
attaching
ATM QoS policies
QoS policies
11
QoS group
identifier, setting
28
IN-17
Index
maximum number
queue-depth command
13
queue IDs
12
allocating
changing
description of
3
5, 25
2
overriding default
4
17
packet buffers
restrictions
22
QoS models
changing size of
8
8
priority
9, 10
scaling limits
22
maximum number
configure subinterfaces
5, 6, 4, 10, 11, 17
queues
queue-limit command
queue size
calculating the average size
configuring
F configuration tasks
F key components
10
generic requirements
exponential-weight-constant
QoS service
20
18, 21
18, 21
24
F configuration example
22
default behavior
3
12
queuing modes
business
residential
22
configuring
22
definition of
D.2
reserving
as a power of 2
service policies
components
creating
queue limit
31
12
16, 38
changing
3, 5, 31, 8, 25
5, 31
3, 9, 25
15
IN-18
OL-7433-09
Index
red packets
17
RADIUS
AAA user profiles
policy maps
5, 14
RFC 1490
random-detect command
drop rate
RFC 791
13
RTP
minimum threshold
SAR
19
applying
attaching to interfaces
10
components
creating
20
52
IP session support
4, 10
18
53
session queuing
3, 5, 10, 11
session categories
3, 10
12
service-policy command
Real-Time Protocol
5, 2
service profile
definition of
rate limiting
per user multiservice
15
11
23
13
service policies
13
10
9, 34
service categories
8, 19
21
19
queue limit
16
determining VC weights
18
enabling
21
description of
31
11
13
10
54
60
54
IN-19
Index
Frame Relay
53
4, 15
13
VC level
12, 3
14
5, 15
5, 6, 12
12, 3
12, 3
16
13, 16
41
5, 6, 9, 5
show policy-map
15, 4
12, 4
12, 4
12, 4
setting
24
shape command
19
32
33
33
33
20,
21
shaping traffic
atm pxf queuing and shaping
33
percentage
33
33
13, 14, 5
5, 6, 10, 4
8, 33, 27
12
12, 18, 28
32
18, 28
overhead accounting
5, 6, 9, 13, 7
32, 23, 32
12, 4
34, 33
16
5, 6, 11
20
5, 6, 9
41
14
41
19
19
3, 9
16
17
3, 15
13
shaping classes
5, 6, 9, 14
11
hierarchical shaping
62
3, 14
53
52
10
class-based
52
bandwidth
61
21
IN-20
OL-7433-09
Index
system limits
20
class maps
42
policy maps
9, 12
6, 11
configuring
tag interface
tail drop
5, 6
8, 3
three-color policer
13
33
44, 7
child policies
session-level policy
creating
18
10
restrictions
verifying
22
2, 4
configuration examples
10
15
description of
6, 8
parent policies
restrictions for
specifying QoS
statements, match
thresholds
2, 5, 11
statistics
11
12
token bucket
37
policing information
41
traffic
32
classes
25
drop policies
21
Frame Relay
11, 16
congestion
subinterfaces, attaching
31
20
19
marking
26
19
2, 18, 21
marking information
11
bandwidth information
sub-pool tunnels
19
displaying
QoS policies
39
19
802.1p
10
actions
14, 29
10, 26
IN-21
Index
description of
traffic shaping
2, 15
21
bandwidth
16, 33
IP precedence
3, 14
comparing
22
Layer 2 marking
11
shaping mechanisms
10
Frame Relay
MPLS experimental
QoS group
10
class-based
8, 5, 6
hierarchical shaping
31
4, 15
28
21
overview
20
shaping classes
verifying marking
VC level
37
14
traffic bumping
MPLS QoS
pipe
6
17
3, 10
short pipe
uniform
traffic engineering
3, 9
3
activating
interfaces
routers
15
tunneling mode
13
13
14
11, 26
23
24
32
tunnels
21
global pool
configuration examples
midpoint routers
tail-end routers
13
policing
sub-pool
30
19
31
20
description of
28
verifying configurations
DSCP bits
26
traffic marking
class of service
11
20
20
ubr+ command
8, 9
15, 8
15
24
unshaped UBR
3
13
13
14, 15, 8, 9
user-defined offset
IN-22
OL-7433-09
Index
4, 9
12, 27
51
38
VAI
16, 8, 9
15
configuring oversubscription
17
23
encapsulating
interfaces
oversubscribing
vbr-nrt command
16, 8, 9
virtual path
25
9, 19
7
22
9, 11
15, 10, 21
29
virtual-template command
10
20
27, 10, 11
verifying
packet dropping
3, 13
27
50
RADIUS server
27
10, 11
23
32
41
priority queuing
11
2, 10, 22
28
QoS policies
32
5, 6
21
21
6, 10, 12
violating packets
26
24
23
PVC bundles
violate-action
38
19
41
virtual LAN
15
policing
3, 12, 13
VCI
29
12, 27
23
15
virtual circuit
calculating default weight
weight
Cisco 10000 Series Router Quality of Service Configuration Guide
OL-7433-09
IN-23
Index
23
configuring
for ATM virtual circuits
on range of PVCs
28, 31
30
29
determining VC weights
20, 22
27
22, 24
7, 2, 4
17
31
29
based on discard-class
11
based on DSCP
11, 26
based on IP precedence
benefits of
11
9, 11, 28
13
description of
drop modes
13, 14
drop profiles
14
16
13
20
23
18
32
Y
yellow
packets
token bucket
18
IN-24
OL-7433-09