Per-Tunnel QoS Support for Multiple Policy Maps (MPOL)

The documcnt explains the support for Per-Tunnel QoS configurations using port-channels (referred to as multiple policy maps (MPOL)) on the Cisco 4000 Series Integrated Services Routers and Cisco ASR 1000 Series Aggregation Routers.

Prerequisites Per-Tunnel QoS Support for Multiple Policy Maps (MPOL)

The following command must be configured before Per-Tunnel QoS is applied on a port-channel interface as the tunnel source:

platform qos port-channel-aggregate port-channel-interface-number

If a port-channel is already configured, the above command will fail. This command must be defined before configuring the port-channel, else, the following error occurs:


Port-channel 1 has been configured with non-aggregate mode already, please use different interface number that port-channel interface hasn't been configured

If you encounter the above error you must delete the port-channel and reconfigure the port-channel by using this command.

Information About Per-Tunnel QoS Support for Multiple Policy Maps (MPOL)

Per-Tunnel QoS and Multiple Policy Maps (MPOL)

Per-Tunnel QoS offers the ability to police traffic in a hub-and-spoke environment on a per-spoke basis. Per-Tunnel QoS is configured on a hub router to ensure that the circuit bandwidth in the download direction at the spoke does not go beyond the circuit bandwidth. This is because the aggregate bandwidth on the hub router is significantly higher than the spoke.

However, there are various network designs or configurations that may be considered in the context of the Per-Tunnel QoS feature. One design, which is becoming more prevalent in today’s networks, is sourcing tunnels on these hub routers from port-channel main or subinterfaces.

Supported Configurations

The following table lists MPOL configurations and the releases in which the support is available:

MPOL Configurations

On Cisco ASR 1000 Series

On Cisco 4000 Series

MPOL with tunnel sourced from port-channel main interface

Cisco IOS XE Everest16.5.1

Cisco IOS XE Everest 16.6.1

MPOL with tunnel sourced from port-channel sub-interface

Cisco IOS XE 3.16.4S/Cisco IOS XE Everest16.4.1

Cisco IOS XE Everest16.6.1

MPOL with tunnels sourced from different port-channel sub-interfaces of the same port-channel main interface

Cisco IOS XE Denali 16.3.6/Cisco IOS XE Everest16.6.3/Cisco IOS XE Fuji 16.8.1

Cisco IOS XE Everest16.6.1

MPOL with two tunnels in different VRF’s sourced from the same port-channel sub-interface in a third VRF

Cisco IOS XE 3.16.4S/Cisco IOS XE Everest16.4.1

Cisco IOS XE Everest16.6.1

Components in MPOL

Before configuring MPOL, it is important to understand each component in reference to the broader solution thereby helping in understanding the supported and recommended configurations in each component.

Class Maps

Class maps segment traffic to match the Differentiated Services Code Point (DSCP) profile supported by the service provider. You mark traffic on ingress to any number of DSCP that are supported in your enterprise network. Alternatively, these markings could be available from a LAN device, which handles the marking for the site. However, on egress of the tunnel, the markings must be grouped into a set of DSCP supported by the class model defined by the ISP for the customer (4-class, 8-class, etc.).

Policy Maps

Child policy map provide a common queuing policy to each spoke. This policy map groups the DSCP into a smaller subset of classes and provide queuing definition as well as sets the tunnel DSCP for egress marking.

Per-Spoke Policy Maps

Policy maps are applied to each spoke based on NHRP group registration. These policy maps are defined according to the download speeds at the spokes. Typically, the policy maps may be grouped into a select number of values and a policy map exists for each value. It is within these values that a child policy map is nested to provide queuing in the context of the policed rate.

Traffic Shaping

A Flat policy map is used for shaping traffic that is applied on the parent WAN interface. This WAN interface acts as the tunnel source (in our case, a port-channel interface of some type). This shaper ensures that the egress shaped rate outbound from the hub router does not exceed the specified upload speed.

How to Configure Per-Tunnel QoS Support for Multiple Policy Maps (MPOL)

Setting Up MPOL Components

Configuring Policy Maps


policy-map WAN
 class INTERACTIVE-VIDEO
  bandwidth remaining percent 30
  random-detect dscp-based
  set dscp tunnel af41
 class STREAMING-VIDEO
  bandwidth remaining percent 10
  random-detect dscp-based
  set dscp tunnel af31
 class NET-CTRL
  bandwidth remaining percent 5
  set dscp tunnel cs6
 class CALL-SIGNALING
  bandwidth remaining percent 4
  set dscp tunnel af21
 class CRITICAL-DATA
  bandwidth remaining percent 25
  random-detect dscp-based
  set dscp tunnel af21
 class SCAVENGER
  bandwidth remaining percent 1
  set dscp tunnel af11
 class VOICE
  priority level 1
  police cir percent 10
  set dscp tunnel ef
 class class-default
  bandwidth remaining percent 25
  random-detect

Applying Policy Maps to Spoke


policy-map RS-GROUP-300MBPS-POLICY
 class class-default
  shape average 300000000
  bandwidth remaining ratio 300
   service-policy WAN 

Applying Shaping


policy-map TRANSPORT-1-SHAPE-ONLY
 class class-default
  shape average 600000000

Enabling MPOL

The recommended configuration order for enabling MPOL is as follows:

  1. Define the routers to use QoS on the port-channel interface that will be configured
  2. Define policy shaper.
  3. Define the port-channel interface and subinterface and apply the policy shaper.
  4. Define class maps to match the ingress traffic or DSCP for egress marking.
  5. Define the child policy map for queuing definition and setting the tunnel DSCP.
  6. Define the per-spoke policy maps to shape traffic on each spoke based on NHRP group registration and nest the child policy map in each spoke
  7. Apply the per-spoke policy-maps to the tunnel interfaces and define the tunnel source to be the port-channel main or subinterface.

platform qos port-channel-aggregate <#> 
policy-map TRANSPORT-1-SHAPE-ONLY
 class class-default
  shape average 600000000 
interface Port-channel1
!
interface Port-channel1.10
 ...
 service-policy output TRANSPORT-1-SHAPE-ONLY 
interface Tunnel100
 nhrp map group SPOKE-10MBPS service-policy output SPOKE-POLICE-10MBPS
...
 tunnel source Port-channel1.10

Verifying MPOL Configuration

After configuring MPOL, use the following commands to verify that the NHRP group is attached to the respective peer and to display the active policy:

  • show dmvpn detail
  • show policy-map

Router# show dmvpn detail
 
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
	N - NATed, L - Local, X - No Socket
	T1 - Route Installed, T2 - Nexthop-override
	C - CTS Capable, I2 - Temporary
	# Ent --> Number of NHRP entries with same NBMA peer
	NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
	UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface Tunnel10 is up/up, Addr. is 172.17.10.1, VRF "" 
   Tunnel Src./Dest. addr: 192.168.10.1/MGRE, Tunnel VRF "IWAN-TRANSPORT-MPLS"
   Protocol/Transport: "multi-GRE/IP", Protect "IWAN-TRANSPORT-MPLS" 
   Interface State Control: Disabled
   nhrp event-publisher : Disabled
Type:Hub, Total NBMA Peers (v4/v6): 2
# Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
----- --------------- --------------- ----- -------- ----- -----------------
    1 192.168.10.3        172.17.10.3    UP 00:00:08     D     172.17.10.3/32
NHRP group: RS-GROUP-30MBPS
 Output QoS service-policy applied: RS-GROUP-30MBPS-POLICY
Router# show policy-map multipoint tunnel 10
 
 
Interface Tunnel10 <--> 192.168.10.3 
  Service-policy output: RS-GROUP-30MBPS-POLICY
    Class-map: class-default (match-any)  
      122 packets, 14444 bytes
      30 second offered rate 1000 bps, drop rate 0000 bps
      Match: any 
      Queueing
      queue limit 124 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 117/21166
      shape (average) cir 30000000, bc 120000, be 120000
      target shape rate 30000000
      bandwidth remaining ratio 300 
      Service-policy : WAN
        Class-map: INTERACTIVE-VIDEO (match-all)  
          0 packets, 0 bytes
          30 second offered rate 0000 bps, drop rate 0000 bps
          Match:  dscp af41 (34)
          Queueing
          queue limit 124 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 0/0
          bandwidth remaining 30%
            Exp-weight-constant: 4 (1/16)
            Mean queue depth: 0 packets
            dscp       Transmitted         Random drop      Tail drop          Minimum        Maximum     Mark
                    pkts/bytes            pkts/bytes       pkts/bytes          thresh         thresh     prob
            
          QoS Set
            dscp tunnel af41
              Marker statistics: Disabled

Additional References for Per-Tunnel QoS Support for Multiple Policy Maps (MPOL)

Related Documents

Related Topic Document Title

Security commands

Per-Tunnel QoS

Per-Tunnel QoS for DMVPN

Cisco Intelligent WAN Deployment Guide

Cisco Validated Design Intelligent WAN Deployment Guide

Technical Assistance

Description Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html