Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS

The Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature enables you to shape PPP over Ethernet over VLAN sessions to a user-specified rate. The router shapes the sum of all of the traffic to the PPPoE session so that the subscriber’s connection to the digital subscriber line access multiplexer (DSLAM) does not become congested. Queueing-related functionality provides different levels of service to the various applications that execute over the PPPoE session.

A nested, two-level hierarchical service policy is used to configure session shaping directly on the router using the modular quality of service command-line interface (MQC). The RADIUS server applies the service policy to a particular PPPoE session by downloading a RADIUS attribute to the router. This attribute specifies the policy map name to apply to the session. RADIUS notifies the router to apply the specified policy to the session. Because the service policy contains queueing-related actions, the router sets up the appropriate class queues and creates a separate versatile traffic management and shaping (VTMS) system link dedicated to the PPPoE session.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS

  • Each PPPoE over VLAN session for which per session queueing and shaping is configured has its own set of queues and its own VTMS link. Therefore, these PPPoE sessions do not inherit policies unless you remove the service policy applied to the session or you do not configure a policy for the session.

  • The router supports per session queueing and shaping on PPPoE terminated sessions and on an IEEE 802.1Q VLAN tagged subinterfaces for outbound traffic only.

  • The router does not support per session queueing and shaping for PPPoE over VLAN sessions using RADIUS on inbound interfaces.

  • The router does not support per session queueing and shaping for layer 2 access concentrator (LAC) sessions.

  • The statistics related to quality of service (QoS) that are available using the show policy-map interface command are not available using RADIUS.

  • The router does not support using a virtual template interface to apply a service policy to a session.

  • You can apply per session queueing and shaping policies only as output service policies. The router supports input service policies on sessions for other existing features, but not for per session queueing and shaping for PPPoE over VLAN using RADIUS.

  • During periods of congestion, the router does not provide specific scheduling between the various PPPoE sessions. If the entire port becomes congested, the scheduling that results has the following effects:
    • The amount of bandwidth that each session receives of the entire port’s capacity is not typically proportionally fair share.
    • The contribution of each class queue to the session’s total bandwidth might not degrade proportionally.
  • The PRE2 does not support ATM overhead accounting for egress packets with Ethernet encapsulations. Therefore, the router does not consider ATM overhead calculations when determining that the shaping rate conforms to contracted subscriber rates.

  • The router does not support the configuration of the policy map using RADIUS. You must use the MQC to configure the policy map on the router.

Information About Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS

The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC.

How Routers Apply QoS Policy to Sessions

The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:

  • User Profile--The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.

  • Service Profile--The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.

The following AV-pairs define the QoS policy to be applied dynamically to the session:

"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"

"ip:sub-qos-policy-out=<name of egress policy>"

When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.

If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.


Note


Although the router also supports the RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.


How RADIUS Uses VSA 38 in User Profiles

The RADIUS VSA 38 is used for downstream traffic going toward a subscriber. The service (policy map name) to which the user session belongs resides on the RADIUS server. The router downloads the name of the policy map from RADIUS using VSA 38 in the user profile and then applies the policy to the session.

To set up RADIUS for per session queueing and shaping for PPPoE over VLAN support, enter the following VSA in the user profile on the RADIUS server:

Cisco:Cisco-Policy-Down = <service policy name>

The actual configuration of the policy map occurs on the router. The user profile on the RADIUS service contains an entry that identifies the policy map name applicable to the user. This policy map name is the service RADIUS downloads to the router using VSA 38.


Note


Although the router also supports RADIUS VSA 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the attributes described in the How Routers Apply QoS Policy to Sessions for QoS policy definitions.


Commands Used to Define QoS Actions

When you configure queueing and shaping for PPPoE over VLAN sessions, the child policy of a nested hierarchical service policy defines QoS actions using any of the following QoS commands:

  • priority command--Assigns priority to a traffic class and gives preferential treatment to the class.

  • bandwidth command--Enables class-based fair queueing and creates multiple class queues based on bandwidth.

  • queue-limit command--Specifies the maximum number of packets that a particular class queue can hold.

  • police command--Regulates traffic based on bits per second (bps), using the committed information rate (CIR) and the peak information rate, or on the basis of a percentage of bandwidth available on an interface.

  • random-detect command--Drops packets based on a specified value to control congestion before a queue reaches its queue limit. The drop policy is based on IP precedence, differentiated services code point (DSCP), or the discard-class.

  • set ip precedence command--Marks a packet with the IP precedence level you specify.

  • set dscp command--Marks a packet with the DSCP you specify.

  • set cos command--Sets the IEEE 802.1Q class of service bits in the user priority field.

The parent policy contains only the class-default class with the shape command configured. This command shapes traffic to the specified bit rate, according to a specific algorithm.

The router allows you to apply QoS policy maps using RADIUS. The actual configuration of the policy map occurs on the router using the MQC. The router can apply the QoS policy to sessions using attributes defined in one of the following RADIUS profiles:

  • User Profile--The user profile on the RADIUS server contains an entry that identifies the policy map name applicable to the user. The policy map name is the service that RADIUS downloads to the router after a session is authorized.

  • Service Profile--The service profile on the RADIUS server specifies a session identifier and an attribute-value (AV) pair. The session identifier might be, for example, the IP address of the session. The AV-pair defines the service (policy map name) to which the user belongs.

The following AV-pairs define the QoS policy to be applied dynamically to the session:

"ip:sub-qos-policy-in=<name of the QoS policy in ingress direction>"

"ip:sub-qos-policy-out=<name of egress policy>"

When RADIUS gets a service-logon request from the policy server, it sends a change of authorization (CoA) request to the router to activate the service for the subscriber, who is already logged in.

If the authorization succeeds, the router downloads the name of the policy map from RADIUS using the above attribute and applies the QoS policy to the session.


Note


Although the router also supports the RADIUS vendor specific attribute (VSA) 38, Cisco-Policy-Down and Cisco-Policy-Up, we recommend that you use the above attributes for QoS policy definitions.


How to Use the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS Feature

Configuring a Per Session Queueing and Shaping Policy on the Router

To configure a per session queueing and shaping policy on the router for PPPoE over VLAN sessions using RADIUS, you must complete the following steps.

SUMMARY STEPS

    1.    policy-map policy-map-name

    2.    class

    3.    bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account{{qinq| dot1q} {aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

    4.    exit

    5.    policy-map policy-map-name

    6.    class class-default

    7.    shape rate account {{{qinq| dot1q}{aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}

    8.    service-policy policy-map-name


DETAILED STEPS
     Command or ActionPurpose
    Step 1 policy-map policy-map-name


    Example:
    Router(config)# policy-map policy-map-name
     

    Creates or modifies the bottom-level child policy.

    • policy-map-name is the name of the child policy map. The name can be a maximum of 40 alphanumeric characters.

     
    Step 2 class


    Example:
    Router(config-pmap)# class class-map-name 
     

    Assigns the traffic class you specify to the policy map. Enters policy-map class configuration mode.

    • class-map-name is the name of a previously configured class map and is the traffic class for which you want to define QoS actions.

    • Repeat Steps 2 and 3 for each traffic class you want to include in the policy map.

     
    Step 3 bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account{{qinq| dot1q} {aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}


    Example:
    Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percentage | remaining percent percentage} account {{qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | user-defined offset [atm]} 
     

    Enables class-based fair queueing.

    • bandwidth-kbps specifies or modifies the minimum bandwidth allocated for a class belonging to a policy map. Valid values are from 8 to 2488320, which represents from 1 to 99 percent of the link bandwidth.

    • percent percentage specifies or modifies the minimum percentage of the link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

    • remaining percent percentage specifies or modifies the minimum percentage of unused link bandwidth allocated for a class belonging to a policy map. Valid values are from 1 to 99.

    • account enables ATM overhead accounting. For more information, see the " ATM Overhead Accounting " section of the "Configuring Dynamic Subscriber Services" chapter of the Cisco 10000 Series Router Quality of Service Configuration Guide.

    • qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

    • dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

    • aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented variable bit rate (VBR) services. You must specify either aal5 or aal3.

    • aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

    • subscriber-encapsulation specifies the encapsulation type at the subscriber line.

    • user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

    • offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

    Note   

    The router configures the offset size if you do not specify the offset option.

    • atm applies ATM cell tax in the ATM overhead calculation.

     
    Step 4 exit

    Example:
    Router(config-pmap-c)# exit
     

    Exits policy-map class configuration mode.

     
    Step 5 policy-map policy-map-name


    Example:
    Router(config-pmap)# policy-map policy-map-name
     

    Creates or modifies the parent policy.

    • policy-map-name is the name of the parent policy map. The name can be a maximum of 40 alphanumeric characters.

     
    Step 6 class class-default


    Example:
    Router(config-pmap)# class class-default 
     

    Configures or modifies the parent class-default class.

    Note   

    You can configure only the class-default class in a parent policy. Do not configure any other traffic class.

     
    Step 7 shape rate account {{{qinq| dot1q}{aal5| aal3} {subscriber-encapsulation}} | {user-defined offset [atm]}}


    Example:
    Router(config-pmap-c)# shape rate account {qinq | dot1q} {aal5 | aal3} subscriber-encapsulation | {user-defined offset [atm]} 
     

    Shapes traffic to the indicated bit rate and enables ATM overhead accounting.

    • rate is the bit-rate used to shape the traffic, expressed in kilobits per second.

    • account enables ATM overhead accounting.

    • qinq specifies queue-in-queue encapsulation as the broadband aggregation system-DSLAM encapsulation type.

    • dot1q specifies IEEE 802.1Q VLAN encapsulation as the broadband aggregation system-DSLAM encapsulation type.

    • aal5 specifies the ATM Adaptation Layer 5 that supports connection-oriented VBR services. You must specify either aal5 or aal3.

    • aal3 specifies the ATM Adaptation Layer 5 that supports both connectionless and connection-oriented links. You must specify either aal3 or aal5.

    • subscriber-encapsulation specifies the encapsulation type at the subscriber line.

    • user-defined indicates that the router is to use the offset you specify when calculating ATM overhead.

    • offset specifies the offset size the router is to use when calculating ATM overhead. Valid values are from -63 to 63 bytes.

    Note   

    The router configures the offset size if you do not specify the user-defined offset option.

    • atm applies ATM cell tax in the ATM overhead calculation.

     
    Step 8 service-policy policy-map-name


    Example:
    Router(config-pmap-c)# service-policy policy-map-name
     

    Applies a bottom-level child policy to the top-level parent class-default class.

    • policy-map-name is the name of the previously configured child policy map.

     

    Verifying Per Session Queueing

    To display the configuration of per session queueing and shaping policies for PPPoE over VLAN, enter any of the following commands in privileged EXEC mode:

    Command

    Purpose

    Router# show policy-map interface interface

    Displays information about the policy map attached to the interface you specify. If you do not specify an interface, it displays information about all of the policy maps configured on the router.

    • interface specifies the virtual-access interface and number the router created for the session (for example, virtual-access 1).

    Router# show policy-map session uid uid-number

    Displays the session QoS counters for the subscriber session you specify.

    • uid uid-number defines a unique session ID. Valid values for uid-number are from 1 to 65535.

    Router# show running-config

    Displays the running configuration on the router. The output shows the AAA setup and the configuration of the policy map, ATM VC, PPPoA, dynamic bandwidth selection, virtual template, and RADIUS server.

    Configuration Examples for Per Session Queueing and Shaping Policies

    Configuring a Per Session Queueing and Shaping Policy on the Router Example

    The following example shows

    The example creates two traffic classes: Voice and Video. The router classifies traffic that matches IP precedence 5 as Voice traffic and traffic that matches IP precedence 3 as Video traffic. The Child policy map gives priority to Voice traffic and polices traffic at 2400 kbps. The Video class is allocated 80 percent of the remaining bandwidth and has ATM overhead accounting enabled. The Child policy is applied to the class-default class of the Parent policy map, which receives 20 percent of the remaining bandwidth and shapes traffic to 10,000 bps, and has ATM overhead accounting enabled.

    Router(config)# class-map Voice
    Router(config-cmap)# match ip precedence 5
    Router(config-cmap)# class-map Video
    Router(config-cmap)# match ip precedence 3
    !
    Router(config)# policy-map Child
    Router(config-pmap)# class Voice
    Router(config-pmap-c)# priority
    Router(config-pmap-c)# police 2400 9216 0 conform-action transmit exceed-action drop violate-action drop
    Router(config-pmap-c)# class video
    Router(config-pmap-c)# bandwidth remaining percent 80 account aal5 snap-dot1q-rbe
    Router(config-pmap-c)# exit
    Router(config-pmap)# exit
    Router(config)# policy-map Parent
    Router(config-pmap)# class class-default
    Router(config-pmap-c)# shape 10000 account dot1q snap-dot1q-rbe
    Router(config-pmap-c)# service-policy Child
    

    Setting Up RADIUS for Per Session Queueing and Shaping Example

    The following are example configurations for the Merit RADIUS server and the associated Layer 2 network server (LNS). In the example, the Cisco-Policy-Down attribute indicates the name of the policy map to be downloaded, which in this example is rad-output-policy. The RADIUS dictionary file includes an entry for Cisco VSA 38.

    example.com Password = "cisco123"
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Cisco:Cisco-Policy-Down = rad-output-policy
    

    Cisco.attr Cisco-Policy-Up 37 string (*, *)

    Cisco.attr Cisco-Policy-Down 38 string (*, *)

    Verifying Per Session Queueing and Shaping Policies Examples

    This example shows sample output for the show policy-map interface command

    Router# show policy-map interface virtual-access 1
    !
    !
    Service-policy output: TEST
    Class-map: class-default (match-any)
    100 packets, 1000 bytes
    30 second offered rate 800 bps, drop rate 0 bps
    Match: any
    shape (average) cir 154400, bc 7720, be 7720
    target shape rate 154400
    overhead accounting: enabled
    bandwidth 30% (463 kbps)
    overhead accounting: disabled
    queue limit 64 packets
    (queue depth/total drops/no-buffer drops) 0/0/0
    (pkts output/bytes output) 100/1000
    

    This example shows sample output from the show policy-map session command and show policy-map session uid command, based on a nested hierarchical policy.

    Router# show subscriber session
    Current Subscriber Information: Total sessions 1
    Uniq ID Interface  State         Service      Identifier           Up-time
    36      Vi2.1      authen        Local Term   peapen@cisco.com     00:01:36
    Router# show policy-map parent
      Policy Map parent
        Class class-default
          Average Rate Traffic Shaping
          cir 10000000 (bps)
          service-policy child
    Router# show policy-map child
     
      Policy Map child
        Class voice
          priority
          police 8000 9216 0 
           conform-action transmit
           exceed-action drop
           violate-action drop
        Class video
          bandwidth remaining 80 (%)
    Router# show policy-map session uid 36
     SSS session identifier 36 -
     SSS session identifier 36 -
      Service-policy output: parent
        Class-map: class-default (match-any)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any 
            0 packets, 0 bytes
            30 second rate 0 bps
          Queueing
          queue limit 250 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          shape (average) cir 10000000, bc 40000, be 40000
          target shape rate 10000000
          Service-policy : child
            queue stats for all priority classes:
              Queueing
              queue limit 16 packets
              (queue depth/total drops/no-buffer drops) 0/0/0
              (pkts output/bytes output) 0/0
            Class-map: voice (match-all)
              0 packets, 0 bytes
              30 second offered rate 0 bps, drop rate 0 bps
              Match: ip precedence 5 
              Priority: Strict, burst bytes 1500, b/w exceed drops: 0
              
              Police:
                8000 bps, 9216 limit, 0 extended limit
                conformed 0 packets, 0 bytes; action: 
                transmit
                exceeded 0 packets, 0 bytes; action: 
                drop
                violated 0 packets, 0 bytes; action: 
                drop
            Class-map: video (match-all)
              0 packets, 0 bytes
              30 second offered rate 0 bps, drop rate 0 bps
              Match: ip precedence 3 
              Queueing
              queue limit 250 packets
              (queue depth/total drops/no-buffer drops) 0/0/0
              (pkts output/bytes output) 0/0
              bandwidth remaining 80% (7993 kbps)
            Class-map: class-default (match-any)
              0 packets, 0 bytes
              30 second offered rate 0 bps, drop rate 0 bps
              Match: any 
                0 packets, 0 bytes
                30 second rate 0 bps
              queue limit 250 packets
              (queue depth/total drops/no-buffer drops) 0/0/0
              (pkts output/bytes output) 2/136

    Additional References

    The following sections provide references related to the Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS feature.

    Standards

    Standard

    Title

    No new or modified standards are supported, and support for existing standards has not been modified.

    --

    MIBs

    MIB

    MIBs Link

    No new or modified MIBs are supported, and support for existing MIBs has not been modified.

    To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    RFCs

    RFC

    Title

    No new or modified RFCs are supported, and support for existing RFCs has not been modified.

    --

    Technical Assistance

    Description

    Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​techsupport

    Feature Information for Per Session Queueing and Shaping for PPPoEoVLAN Using RADIUS

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
    Table 1 Feature Information for Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS

    Feature Name

    Releases

    Feature Information

    Per Session Queueing and Shaping for PPPoE over VLAN Using RADIUS

    Cisco IOS XE Release 2.1

    This feature enables you to shape PPPoE over VLAN sessions to a user-specified rate. The Per Session Queueing and Shaping for PPPoE over VLAN Support Using RADIUS feature was introduced on the PRE2 to enable dynamic queueing and shaping policies on PPPoEoVLAN session.

    This feature was integrated into Cisco IOS XE Release 2.1.