Cisco ME3x00 – QoS for layer 2 trunks

ciscolayer2qosswitchtrunk

I have some ME3800's running 15.3(3)S which aggregate layer 2 circuits from customers. They all have a similar configuration of an incoming trunk on Gi0/1 and then Gi0/23 & Gi0/24 are layer 3 p-t-p links to neighbouring ME3x00 switches;

gi0/23--SW1---gi0/23     gi0/24---SW2---gi0/23     gi0/24---SW3---gi0/23     
         |                         |                         |
         |                         |                         |
       gi0/1                    gi0/1                      gi0/1

I am trying to apply some QoS on this network. I can apply my policies to the L3 interfacings linking the switches together but I can't apply the same QoS policy to the L2 trunks.

SW1#show run int gi0/1
Building configuration...

Current configuration : 93 bytes
!
interface GigabitEthernet0/1
 description ****ACCESS-UPLINK****
 switchport mode trunk
end

The reason is because the QoS policies are written for layer 3 interfaces, when I try to apply them to this trunk interface I get the following error;

SW1(config-if)#service-policy input PE-QOS-OUT 
QoS: Configuration failed. 'match qos-group' not allowed in an input policy-map
QoS: Configuration failed. 'match qos-group' not allowed in an input policy-map
QoS: Configuration errors for policymap PE-QOS-OUT

I am wondering how I can write a policy for layer 2 trunk interfaces; I could apply the layer 3 policy map to each SVI on this switch that terminates each VLAN being trunked up but surely the QoS policy on an SVI doesn't look at the ingress/egress interface of a frame and examine the congestion for that interface? How coule the SVI policy manage the layer 2 turnk?

Short question:
To QoS a layer 2 interface is the only (best?) way to break it down into service instances?

Long question:
Would I have to convert those interfaces to use service instances and then add a service instance for each VLAN being trunked in; Then I could apply a parent policy to the interface which has various classes defined, each class matches one of the VLANs/service instances being trunked in and then apply the same child policy to each VLAN/service instace which would be the layer 3 one I originally tied to apply?

A snippest of the layer 3 policy I am using;

class-map match-any NC
 match mpls experimental topmost 6
 match mpls experimental topmost 7
 match dscp cs6
 match dscp cs7
 match cos 6
 match cos 7
class-map match-any REALTIME
 match mpls experimental topmost 5
 match dscp ef
 match dscp cs5
 match cos 5

class-map match-any NC-QG
 match qos-group 6
 match dscp cs6
 match dscp cs7
class-map match-any REALTIME-QG
 match qos-group 5

policy-map PE-QOS-IN
 class NC
  set qos-group 6
 class REALTIME
  set qos-group 5

policy-map PE-QOS-OUT
 class NC-QG
  bandwidth percent 2
  queue-limit 1024000 bytes
 class REALTIME-QG
  police cir percent 10
   conform-action transmit
   exceed-action drop
  priority
  queue-limit 1024000 bytes

Best Answer

It seems I knew the answer to my own question already essentially;

To aggregate layer 2 links and QoS them I must define the service insances to match each VLAN (rather than one VLAN per cusomer the same set of VLANs are being trunked down to all customers so they all fall under one class-map);

class-map match-any tripple-play
 match service instance ethernet  10
 match service instance ethernet  20
 match service instance ethernet  30


policy-map PE-QOS-CPE-OUT-PARENT
 class tripple-play
 service-policy PE-QOS-CPE-OUT



interface gi0/1
 switchport trunk allowed vlan none
 switchport mode trunk
 service-policy input PE-QOS-CPE-IN
 service-policy output PE-QOS-CPE-OUT-PARENT

 service instance 10 ethernet
   description voice
   encapsulation dot1q 10
   rewrite ingress tag pop 1 symmetric
   bridge-domain 10

 service instance 20 ethernet
   description video
   encapsulation dot1q 20
   rewrite ingress tag pop 1 symmetric
   bridge-domain 20

 service instance 30 ethernet
   description data
   encapsulation dot1q 30
   rewrite ingress tag pop 1 symmetric
   bridge-domain 30

Related Solutions

Cisco – Enabling MLS QoS on a production 7600

You definitely should enable MLS QoS. It is also prerequisite for CoPP, which you should add in your TODO list to implement.

Enabling 'mls qos' without other config is extremely bad idea in low-end cats, like 3560/3750, due to unexpected default scheduling and due to heavily reduced buffers causing more microbursting.

On 7600/6500 it's comparatively safe to enable, but of course you can crash your router with 'show run'. I would feel comfortable enough to enable it during production hours.

You should monitor 'show queueing interface X' after enabling to see that you're not dropping anything. Long term, you should design QoS policy and implement it, I recommend using as few queues as possible (and assign 100% of buffer to those few queues). Example of possible QoS policy in WS-X6704-10GE:

interface TenGigabitEthernet4/1
 wrr-queue bandwidth percent 30 40 30 0 0 0 0  ## allocate 3 queues (+implied strictpriority) share buffer 30% 40% 30% on thos three queues
 wrr-queue cos-map 1 1 0 7 # map cos values to queues
 wrr-queue cos-map 2 2 3 
 wrr-queue cos-map 3 1 4 
 wrr-queue cos-map 3 2 6

For advanced config, you may want to supplement that with 'wrr-queue random-detect' with RED curve per queue+threshold. Be sure to mark your traffic correctly when it enters your network.

Cisco – QoS, Marking map not marking properly

I overlooked the match-all statement in class-map ef. In my case it meant that packet that reach LAN interface has to match both statements access-group name ef and protocol rtp. Problem was packet not match the second conditions protocol rtp.

class-map match-all ef
 match access-group name ef
 match protocol rtp

So I changed it to match-any.

class-map match-any ef
 match access-group name ef
 match protocol rtp

Best Answer

Related Solutions

Cisco – Enabling MLS QoS on a production 7600

Cisco – QoS, Marking map not marking properly

Related Topic