- Read Me First
- Congestion Management Overview
- IPv6 QoS: Queueing
- Low Latency Queueing with Priority Percentage Support
- Low Latency Queueing for IPsec Encryption Engines
- Configurable Queue Depth
- Multi-Level Priority Queues
- Configuring Custom Queueing
- QoS Hierarchical Queueing for Ethernet DSLAMs
- QoS Hierarchical Queueing for ATM DSLAMs
- Per-Flow Admission
- Finding Feature Information
- Prerequisites for Per-Flow Admission
- Restrictions for Per-Flow Admission
- Information About Per-Flow Admission
- How to Configure Per-Flow Admission
- Configuration Examples for Per-Flow Admission
- Additional References for Per-Flow Admission
- Feature Information for Per-Flow Admission
Per-Flow Admission
The Per-Flow Admission feature provides explicit controls to limit packet flow into a WAN edge in order to protect already admitted flows on the routing/WAN edge.
- Finding Feature Information
- Prerequisites for Per-Flow Admission
- Restrictions for Per-Flow Admission
- Information About Per-Flow Admission
- How to Configure Per-Flow Admission
- Configuration Examples for Per-Flow Admission
- Additional References for Per-Flow Admission
- Feature Information for Per-Flow Admission
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Per-Flow Admission
A class must have bandwidth or priority defined before configuring the Per-Flow Admission feature.
Restrictions for Per-Flow Admission
Per-flow admission is currently supported only on Ethernet and serial interfaces, and Dynamic Multipoint Virtual Private Network (DMVPN) tunnels.
Information About Per-Flow Admission
Overview of Per-Flow Admission
Application (mainly voice and video) quality drops when they are connected from a branch to head quarters and data centers over a WAN because the WAN interface bandwidth is limited and always comes at a premium cost. There are no well-defined controls to restrict flows through a WAN link and no explicit controls to limit the flows to protect already admitted flows. This limitation leads to quality degradation of already admitted flows.
The Per-Flow Admission feature allows operators to understand the number of flows that can be accommodated into an interface without quality degradation. In most deployments, the N+1st flow affects the quality of all existing valid first N flows. The Per-Flow Admission feature enables nodes to automatically learn about flows and their bandwidth as they get accommodated into the interface where bandwidth is at a premium. The network node accommodates only flows that the interface can handle, and it drops flows thereafter.
Benefits of Per-Flow Admission
The following are benefits of integrating the Per-Flow Admission feature to Quality of Service (QoS):
- Makes QoS networks more predictable and robust.
- Requires no end-to-end coordination because per-flow admission is a per-hop decision and each hop makes decision independently.
- Does not require the source to predict the flow rate.
- Ensures a higher probability of getting a reservation in the network.
- Works well with rate adaption because certain parts of the flow may be elastic.
- Promotes better selection of admitted traffic.
- Works at the IP layer.
- Works transparently with other network technologies such as Network Address Translation (NAT).
- Does not allow the source to hog the network.
- Provides benefits for certain endpoints by selecting only certain parts of the flow as admitted.
How to Configure Per-Flow Admission
Configuring a Class Map
1.
enable
2.
configure
terminal
3.
metadata
flow
4.
class-map [match-all
|
match-any]
class-map-name
5.
match cac status {admitted |
un-admitted}
6.
exit
7.
class-map [match-all
|
match-any]
class-map-name
8.
match
dscp
dscp-value
9.
end
DETAILED STEPS
Configuring a Child Policy Map
1.
enable
2.
configure
terminal
3.
policy-map
policy-map-name
4.
class {class-name
|
class-default}
5.
set
dscp
dscp-value
6.
class {class-name
|
class-default}
7.
set
dscp
dscp-value
8.
end
DETAILED STEPS
Configuring Per-Flow Admission for a Class
A class must have bandwidth or priority defined before configuring per-flow admission.
1.
enable
2.
configure
terminal
3.
policy-map
policy-map-name
4.
class {class-name
|
class-default}
5.
bandwidth {kilobits
|
percent
percentage}
6.
admit
cac
local
7. rate {kbps | percent percentage}
8.
flow rate fixed
kbps
flow-bit-rate
9.
end
DETAILED STEPS
Attaching a Per-Flow Admission Policy to an Interface
1.
enable
2.
configure
terminal
3.
policy-map
policy-map-name
4.
class {class-name
|
class-default}
5.
service-policy
policy-map
6.
end
7.
configure
terminal
8.
interface
type
number
9.
ip
address
ip-address
mask
10.
load-interval
seconds
11.
service-policy
output
policy-map-name
12.
no
shutdown
13.
end
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 | enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2 |
configure
terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 3 |
policy-map
policy-map-name
Example: Device(config)# policy-map test |
Creates a policy map using the specified name and enters policy-map configuration mode. |
Step 4 |
class {class-name
|
class-default}
Example: Device(config-pmap)# class af4 |
Specifies the name of the class whose policy you want to create and enters policy-map class configuration mode. |
Step 5 | service-policy
policy-map
Example: Device(config-pmap-c)# service-policy child | Attaches the policy map to a class. |
Step 6 |
end
Example: Device(config-pmap-c)# end |
Exits policy-map class configuration mode and returns to privileged EXEC mode. |
Step 7 |
configure
terminal
Example: Device# configure terminal |
Enters global configuration mode. |
Step 8 |
interface
type
number
Example: Device(config)# interface Serial2/0 |
Configures the specified interface and enters interface configuration mode. |
Step 9 |
ip
address
ip-address
mask
Example: Device(config-if)# ip address 10.10.100.1 255.255.255.0 |
Sets an IP address for an interface. |
Step 10 |
load-interval
seconds
Example: Device(config-if)# load-interval 30 |
Specifies the interval for load calculation of an interface. |
Step 11 |
service-policy
output
policy-map-name
Example: Device(config-if)# service-policy output test |
Attaches a policy map to an interface. |
Step 12 |
no
shutdown
Example: Device(config-if)# no shutdown |
Enables the interface. |
Step 13 | end
Example: Device(config-if)# end |
Exits interface configuration mode and returns to privileged EXEC mode. |
Verifying Per-flow Admission
1.
enable
2.
show
policy-map
interface
interface-name
3.
show
policy-map
multipoint
[tunnel
tunnel-interface-number]
DETAILED STEPS
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example: Device> enable |
Enables privileged EXEC mode. |
Step 2 |
show
policy-map
interface
interface-name
Example: Device# show policy-map interface serial2/0 |
Displays the configuration of all classes configured for all service policies on the specified interface. |
Step 3 |
show
policy-map
multipoint
[tunnel
tunnel-interface-number]
Example: Device# show policy-map multipoint tunnel 1 |
Displays QoS policy details applied to multipoint tunnels. |
Configuration Examples for Per-Flow Admission
Example: Configuring a Class Map
Device> enable Device# configure terminal Device(config)# metadata flow Device(config)# class-map match-all admitted Device(config-cmap)# match metadata cac status admitted Device(config-cmap)# class-map match-all af4 Device(config-cmap)# match dscp af41 af42 af43 Device(config-cmap)# end
Example: Configuring a Policy Map
Device> enable Device# configure terminal Device(config)# policy-map child Device(config-pmap)# class admitted Device(config-pmap-c)# set dscp af41 Device(config-pmap-c)# class class-default Device(config-pmap-c)# set dscp af42 Device(config-pmap-c)# end
Example: Configuring Per-Flow Admission for a Class
Device> enable Device# configure terminal Device(config)# policy-map test Device(config-pmap)# class af4 Device(config-pmap-c)# bandwidth 200 Device(config-pmap-c)# admit cac local Device(config-pmap-admit-cac)# rate percent 80 Device(config-pmap-admit-cac)# flow rate fixed 100 Device(config-pmap-c)# exit
Example: Attaching a Per-Flow Admission Policy to an Interface
Device> enable Device# configure terminal Device(config-pmap-c)# service-policy child Device(config-pmap-c)# end Device# configure terminal Device(config)# interface Serial2/0 Device(config-if)# bandwidth 384 Device(config-if)# ip address 10.10.100.1 255.255.255.0 Device(config-if)# load-interval 30 Device(config-if)# service-policy output test Device(config-if)# no shutdown Device(config-if)# end
Example: Verifying Per-Flow Admission
Device# show policy-map interface
GigabitEthernet0/0/3
Service-policy output: test
Class-map: af4 (match-all)
269 packets, 336250 bytes
30 second offered rate 90000 bps, drop rate 13000 bps
Match: dscp af41 (34) af42 (36) af43 (38)
Queueing
queue limit 100 ms/ 2500 bytes
(queue depth/total drops/no-buffer drops) 2500/39/0
(pkts output/bytes output) 230/287500
bandwidth 200 kbps
cac local rate 200 kbps, reserved 200 kbps
flow rate fixed 100 kbps
All flows:
Number of admitted flows: [2]
Number of non-admitted flows: [1]
Service-policy : child
Class-map: admitted (match-all)
178 packets, 222500 bytes
30 second offered rate 60000 bps, drop rate 0000 bps
Match: metadata cac status admitted
QoS Set
dscp af41
Packets marked 194
Class-map: unadmitted (match-all)
88 packets, 110000 bytes
30 second offered rate 30000 bps, drop rate 0000 bps
Match: metadata cac status un-admitted
QoS Set
dscp af42
Packets marked 96
Class-map: class-default (match-any)
3 packets, 3750 bytes
30 second offered rate 1000 bps, drop rate 0000 bps
Match: any
Class-map: class-default (match-any)
181 packets, 115396 bytes
30 second offered rate 31000 bps, drop rate 0000 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 181/115396
Additional References for Per-Flow Admission
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples. |
Cisco IOS Quality of Service Solutions Command Reference |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
Feature Information for Per-Flow Admission
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
Per-Flow Admission |
Cisco IOS XE Release 3.17 S |
The Per-Flow Admission feature provides explicit controls to limit flows in order to protect already admitted flows on the routing/WAN edge. The following commands were introduced by this feature: admit cac local, flow rate fixed, rate. |