Configuring Marking
About Marking
- Trust Boundaries
  - Class of Behavior
Prerequisites for Marking
Guidelines and Limitations for Marking
Configuring Marking
Verifying the Marking Configuration
Configuration Examples for Marking

Configuring Marking

About Marking

Marking is a method that you use to modify the QoS fields of the incoming and outgoing packets. The QoS fields that you can mark are IP precedence and differentiated services code point (DSCP) in Layer 3. The QoS group is a label local to the system to which you can assign intermediate marking values. You can use the QoS group label to determine the egress scheduling.

You can use marking commands in traffic classes that are referenced in a policy map. The marking features that you can configure are listed in the following table:

Table 1. Configurable Marking Features

Marking Feature

Description

DSCP

Layer 3 DSCP.

IP precedence

Layer 3 IP precedence.

Note

IP precedence uses only the lower three bits of the type of service (ToS) field. The device overwrites the first three bits of the ToS field to 0.

QoS group

Locally significant QoS values that can be manipulated and matched within the system. The range is from 0 to 3.

Ingress

Status of the marking applies to incoming packets.

CoS

Layer 2 VLAN ID

Trust Boundaries

The trust boundary forms a perimeter on your network. Your network trusts (and does not override) the markings on your switch.

The incoming interface enforces the trust boundary as follows:

All Fibre Channel and virtual Fibre Channel interfaces are automatically classified into the FCoE system class.
By default, all Ethernet interfaces are trusted interfaces. A packet tagged with an 802.1p class of service (CoS) value is classified into a system class using the value in the packet.
Any packet not tagged with an 802.1p CoS value is classified into the default drop system class. If the untagged packet is sent over a trunk, it is tagged with the default untagged CoS value, which is zero.
You can override the default untagged CoS value for an Ethernet interface or port channel.

After the system applies the correct CoS value to an untagged packet, QoS treats the packet according to the newly defined class.

Class of Behavior

For routed unicast traffic, the CoS value is not available and the packet has the Differentiated Services Code Point (DSCP) value only. For bridged unicast traffic, the CoS value is copied from the CoS value received in the 802.1q header. Note that on Layer 2 access links there is no trunk header. Therefore, if traffic is received on an access port and bridged, it will egress the switch with CoS 0. The DSCP value does not change, but the packet may not get the desired priority. You can manually set the CoS value in a policy-map via any QoS policy that manually sets the CoS or DSCP value.

Routed multicast traffic derives its CoS value similar to routed unicast traffic. For bridged multicast traffic, the behavior depends on the Layer 3 state. If there is no Layer 3 state for the multicast group, the CoS is derived similar to the bridged unicast traffic. If there is a Layer 3 state for the multicast group, the CoS is derived similar to routed unicast traffic.

Note

When you enable Protocol Independent Multicast (PIM) in sparse mode on the switch virtual interface (SVI) for the VLAN in which traffic is received, PIM creates an S,G entry for any multicast traffic.

Table 2. CoS Behavior per Traffic Type
Traffic Type	CoS Behavior
Routed unicast	Unchanged
Bridged unicast	Unchanged
Routed multicast	Copied from 3 MSB of ToS
Bridged multicast with Layer 3 state for group	Copied from 3 MSB of ToS
Bridged multicast with no Layer 3 state for group	Unchanged

Note

CoS behavior per traffic type is not supported on the Cisco Nexus 9508 switch (NX-OS 7.0(3)F3(3)).

Prerequisites for Marking

Classification has the following prerequisites:

You must be familiar with using modular QoS CLI.
You are logged on to the device.

Guidelines and Limitations for Marking

Marking has the following configuration guidelines and limitations:

PVLANs do not provide support for PVLAN QoS.
show commands with the internal keyword are not supported.
Egress QoS policies are not supported on subinterfaces.

The set qos-group command can only be used in ingress policies.

Note

You can apply the marking instructions in a QoS policy map to ingress packets by attaching that QoS policy map to an interface. To select ingress, you specify the input keyword in the service-policy command.

For more information, see the “Attaching and Detaching a QoS Policy Action” section.

The FEX QoS policy supports FEX host interfaces (HIF).

Note

FEX host interfaces are not supported on the Cisco Nexus 9508 switch.

QoS TCAM carving is supported on ALE (Application Leaf Engine) enabled switches.

The FEX QoS policy supports only the set qos-group command. Other marking commands are not supported.

Note

set qos-group 0 is reserved for class default. It cannot be configured in user-defined classes.

Match on QoS-group is supported.

Interface level egress QoS policies must be applied on 100G ports for egress packet scheduling. When egress QoS policies are not configured for a 100G port, all egress packet traffic goes through the default queue (Qos-group 0).

Note

Egress QoS policy for 100G ports is applicable only for Cisco Nexus 9300 platform switches with the N9K-M4PC-CFP2 GEM or for Cisco Nexus 9500 platform switches with the Cisco Nexus 9408PC-CFP2 line cards. In all other 100G Cisco Nexus series switches, egress QoS policy is not a must.

Control traffic, such as BPDUs, routing protocol packets, LACP/CDP/BFD, GOLD packets, glean traffic, and management traffic, are automatically classified into a control group, based on a criteria. These packets are classified into qos-group 8 and have a strict absolute priority over other traffic. These packets are also given a dedicated buffer pool so that any congestion of data traffic does not affect control traffic. The control qos-group traffic classification cannot be modified.
Span traffic automatically gets classified into qos-group 9 and is scheduled at absolute low priority.
Egress QoS policies are not supported on Cisco Nexus 9200 platform switches.
QoS marking policies can be enabled on subinterfaces
Beginning with Cisco NX-OS Release 10.1(2), Marking is supported on the N9K-X9624D-R2 and N9K-C9508-FM-R2 platform switches.

Configuring Marking

You can combine one or more of the marking features in a policy map to control the setting of QoS values. You can then apply policies to either incoming or outgoing packets on an interface.

Note

Do not press Enter after you use the set command and before you add the rest of the command. If you press Enter directly after entering the set keyword, you will be unable to continue to configure with the QoS configuration.

Configuring DSCP Marking

You can set the DSCP value in the six most significant bits of the DiffServ field of the IP header to a specified value. You can enter numeric values from 0 to 63, in addition to the standard DSCP values shown in the following table.

Table 3. Standard DSCP Values
Value	List of DSCP Values
af11	AF11 dscp (001010)—decimal value 10
af12	AF12 dscp (001100)—decimal value 12
af13	AF13 dscp (001110)—decimal value 14
af21	AF21 dscp (010010)—decimal value 18
af22	AF22 dscp (010100)—decimal value 20
af23	AF23 dscp (010110)—decimal value 22
af31	AF31 dscp (011010)—decimal value 26
af32	AF40 dscp (011100)—decimal value 28
af33	AF33 dscp (011110)—decimal value 30
af41	AF41 dscp (100010)—decimal value 34
af42	AF42 dscp (100100)—decimal value 36
af43	AF43 dscp (100110)—decimal value 38
cs1	CS1 (precedence 1) dscp (001000)—decimal value 8
cs2	CS2 (precedence 2) dscp (010000)—decimal value 16
cs3	CS3 (precedence 3) dscp (011000)—decimal value 24
cs4	CS4 (precedence 4) dscp (100000)—decimal value 32
cs5	CS5 (precedence 5) dscp (101000)—decimal value 40
cs6	CS6 (precedence 6) dscp (110000)—decimal value 48
cs7	CS7 (precedence 7) dscp (111000)—decimal value 56
default	Default dscp (000000)—decimal value 0
ef	EF dscp (101110)—decimal value 46

Note

For more information about DSCP, see RFC 2475.

SUMMARY STEPS

configure terminal
policy-map [type qos] [match-first] policy-map-name
class [type qos] {class-name | class-default} [insert-before before-class-name]
set dscp dscp-value

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	policy-map [type qos] [match-first] `policy-map-name` Example: `switch(config)# policy-map policy1 switch(config-pmap-qos)#`	Creates or accesses the policy map named `policy-map-name` and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3	class [type qos] {`class-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)#`	Creates a reference to `class-name` and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.
Step 4	set dscp `dscp-value` Example: `switch(config-pmap-c-qos)# set dscp af31`	Sets the DSCP value to `dscp-value` . Standard values are shown in the previous Standard DSCP Values table. When the QoS policy is applied on the VLAN configuration level, the DSCP value derives the CoS value for bridged and routed traffic from the 3 most significant DSCP bits.

Example

This example shows how to display the policy-map configuration:

switch# show policy-map policy1

Configuring IP Precedence Marking

You can set the value of the IP precedence field in bits 0–2 of the IPv4 type of service (ToS) field of the IP header.

Note

The device rewrites the last 3 bits of the ToS field to 0 for packets that match this class.

Table 4. Precedence Values
Value	List of Precedence Values
0-7	IP precedence value
critical	Critical precedence (5)
flash	Flash precedence (3)
flash-override	Flash override precedence (4)
immediate	Immediate precedence (2)
internet	Internetwork control precedence (6)
network	Network control precedence (7)
priority	Priority precedence (1)
routine	Routine precedence (0)

SUMMARY STEPS

configure terminal
policy-map [type qos] [match-first] policy-map-name
class [type qos] {class-name | class-default} [insert-before before-class-name]
set precedence precedence-value

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	policy-map [type qos] [match-first] `policy-map-name` Example: `switch(config)# policy-map policy1 switch(config-pmap-qos)#`	Creates or accesses the policy map named `policy-map-name` and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3	class [type qos] {`class-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)#`	Creates a reference to `class-name` and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before.
Step 4	set precedence `precedence-value` Example: `switch(config-pmap-c-qos)# set precedence 3`	Sets the IP precedence value to `precedence-value` . The value can range from 0 to 7. You can enter one of the values shown in the above Precedence Values table.

Example

This example shows how to display the policy-map configuration:

switch# show policy-map policy1

Configuring CoS Marking

You can set the value of the CoS field in the high-order three bits of the VLAN ID Tag field in the IEEE 802.1Q header.

SUMMARY STEPS

configure terminal
policy-map [type qos] [match-first] [qos-policy-map-name | qos-dynamic]
class [type qos] {class-map-name | class-default} [insert-before before-class-name]
set cos cos-value

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	policy-map [type qos] [match-first] [`qos-policy-map-name` \| qos-dynamic] Example: `switch(config)# policy-map policy1 switch(config-pmap-qos)#`	Creates or accesses the policy map named `qos-policy-map-name` , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3	class [type qos] {`class-map-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)#`	Creates a reference to `class-map-name` , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.
Step 4	set cos `cos-value` Example: `switch(config-pmap-c-qos)# set cos 3 switch(config-pmap-c-qos)#`	Sets the CoS value to `cos-value` . The value can range from 0 to 7.

Example

This example shows how to display the policy-map configuration:

switch# show policy-map policy1

Configuring CoS Marking for FEX

Note

The CoS Marking for FEX feature is not supported on the Cisco Nexus 9508 switch (NX-OS 7.0(3)F3(3)).

You can mark traffic based on the class of service (CoS) for a FEX.

Before you begin

Before configuring the FEX, enable feature-set fex .

SUMMARY STEPS

configure terminal
policy-map [type qos] [match-first] [qos-policy-map-name | qos-dynamic]
class [type qos] {class-map-name | class-default} [insert-before before-class-name]

DETAILED STEPS

Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

policy-map [type qos] [match-first] [qos-policy-map-name | qos-dynamic]

Example:

switch(config)# policy-map policy1
switch(config-pmap-qos)#

Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.

Step 3

class [type qos] {class-map-name | class-default} [insert-before before-class-name]

Example:

switch(config-pmap-qos)# class class1
switch(config-pmap-c-qos)#

Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.

Example

This example shows how to configure the CoS class-map configuration:


switch# conf t
switch(config)# policy-map type qos setpol
switch(config-pmap-qos)# class  cos6
switch(config-pmap-c-qos)# set qos-group 3
switch(config-pmap-qos)# class  cos3
switch(config-pmap-c-qos)# set qos-group 2
switch(config-pmap-qos)# class  cos1
switch(config-pmap-c-qos)# set qos-group 1
switch(config-pmap-qos)# class class-default

Configuring DSCP Port Marking

You can set the DSCP value for each class of traffic defined in a specified ingress policy map.

The default behavior of the device is to preserve the DSCP value or to trust DSCP. To make the port untrusted, change the DSCP value. Unless you configure a QoS policy and attach that policy to specified interfaces, the DSCP value is preserved.

Note

You can attach only one policy type qos map to each interface in each direction.
The DSCP value is trust on the Layer 3 port of a Cisco NX-OS device.

SUMMARY STEPS

configure terminal
policy-map [type qos] [match-first] [policy-map-name]
class [type qos] {class-name | class-default} [insert-before before-class-name]
set dscp-value
exit
class [type qos] {class-name | class-default} [insert-before before-class-name]
set dscp-value
exit
class [type qos] {class-name | class-default} [insert-before before-class-name]
set dscp-value
exit
interface ethernet slot/port
service-policy [type qos] {input | output} {policy-map-name} [no-stats]

DETAILED STEPS

	Command or Action	Purpose
Step 1	configure terminal Example: `switch# configure terminal switch(config)#`	Enters global configuration mode.
Step 2	policy-map [type qos] [match-first] [`policy-map-name`] Example: `switch(config)# policy-map policy1 switch(config-pmap-qos)#`	Creates or accesses the policy map named `policy-map-name` and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3	class [type qos] {`class-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class1 switch(config-pmap-c-qos)#`	Creates a reference to `class-name` and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.
Step 4	set `dscp-value` Example: `switch(config-pmap-c-qos)# set dscp af31`	Sets the DSCP value to dscp-value. Valid values are listed in the Standard DSCP Values table in the Configuring DSCP Marking section.
Step 5	exit Example: `switch(config-pmap-c-qos)# exit switch(config-pmap-qos)#`	Returns to policy-map configuration mode.
Step 6	class [type qos] {`class-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class2 switch(config-pmap-c-qos)#`	Creates a reference to `class-name` and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.
Step 7	set `dscp-value` Example: `switch(config-pmap-c-qos)# set dscp af1`	Sets the DSCP value to dscp-value. Valid values are listed in the Standard DSCP Values table in the Configuring DSCP Marking section.
Step 8	exit Example: `switch(config-pmap-c-qos)# exit switch(config-pmap-qos)#`	Returns to policy-map configuration mode.
Step 9	class [type qos] {`class-name` \| class-default} [insert-before `before-class-name`] Example: `switch(config-pmap-qos)# class class-default switch(config-pmap-c-qos)#`	Creates a reference to `class-name` and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.
Step 10	set `dscp-value` Example: `switch(config-pmap-c-qos)# set dscp af22 switch(config-pmap-c-qos)#`	Sets the DSCP value to dscp-value. Valid values are listed in the Standard DSCP Values table in the Configuring DSCP Marking section.
Step 11	exit Example: `switch(config-pmap-c-qos)# exit switch(config-pmap-qos)#`	Returns to policy-map configuration mode.
Step 12	interface ethernet `slot/port` Example: `switch(config)# interface ethernet 1/1 switch(config-if)#`	Enters interface mode to configure the Ethernet interface.
Step 13	service-policy [type qos] {input \| output} {`policy-map-name`} [no-stats] Example: `switch(config-if)# service-policy input policy1`	Adds `policy-map-name` to the input packets of the interface. You can attach only one input policy and one output policy to an interface.

Example

This example shows how to display the policy-map configuration:

switch# show policy-map policy1

Verifying the Marking Configuration

To display the marking configuration information, perform one of the following tasks:


Command	Purpose
show policy-map	Displays all policy maps.

Configuration Examples for Marking

The following example shows how to configure marking:

configure terminal
policy-map type qos untrust_dcsp
class class-default
set precedence 3
set qos-qroup 3
set dscp 0

Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide, Release 10.2(x)

Bias-Free Language

Results

Chapter: Configuring Marking

Configuring Marking

About Marking

Trust Boundaries

Class of Behavior

Prerequisites for Marking

Guidelines and Limitations for Marking

Configuring Marking

Configuring DSCP Marking

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example

Configuring IP Precedence Marking

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example

Configuring CoS Marking

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example

Configuring CoS Marking for FEX

Before you begin

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example

Configuring DSCP Port Marking

SUMMARY STEPS

DETAILED STEPS

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example:

Example

Verifying the Marking Configuration

Configuration Examples for Marking

Was this Document Helpful?

Contact Cisco