QoS Packet-Matching Statistics Configuration

The QoS Packet-Matching Statistics feature comprises the following subfeatures:

  • The QoS Packet-Matching Statistics: Per Filter feature allows users to count and display the number of packets and bytes matching individual filters (match statements) within a QoS class-map.

  • The QoS Packet-Matching Statistics: Per ACE feature allows users to count and display the number of packets and bytes matching the individual access control entries (ACEs) in the filter.

Prerequisites for QoS Packet-Matching Statistics Feature

You cannot enable or disable the QoS Packet-Matching Statistics: Per Filter feature if a policy-map is associated with any interface on the system.

The QoS Packet-Matching Statistics: Per ACE feature is dependent on the QoS Packet Matching Statistics feature. Therefore, the following prerequisites apply:

  • If the QoS Packet-Matching Statistics: Per Filter is not enabled and a user tries to enable the QoS Packet-Matching Statistics: Per ACE feature, the command to enable this feature will be rejected by the CLI. An informational message will be displayed to let the user know why the command was rejected.

  • If the QoS Packet-Matching Statistics: Per ACE feature is enabled and a user tries to disable this feature, the command to disable this feature will be rejected by the CLI. An informational message will be displayed to let the user know why the command was rejected.

Restrictions for QoS Packet-Matching Statistics Feature

Enabling the Qos: Packet Matching Statistics feature may increase CPU utilization on a scaled configuration. Before enabling the Qos: Packet Matching Statistics feature, weigh the benefits of the statistics information against the increased CPU utilization for your system.

This section provides information about the restrictions pertaining to the QoS Packet-Matching Statistics: Per Filter feature and the QoS Packet-Matching Statistics: Per ACE feature.

The followings are the restrictions for the QoS Packet Matching Statistics feature:

  • Enabling the QoS Packet-Matching Statistics: Per Filter feature may increase CPU utilization on a scaled configuration. Before enabling the QoS Packet-Matching Statistics: Per Filter feature, weigh the benefits of the statistics information against the increase in CPU utilization for your system.

  • QoS Packet-Matching Statistics: Per Filter is not supported for the match-all class-maps. However, QoS Packet-Matching Statistics: Per ACE is supported for the match-all class-maps.

The following table provides information about the QoS Packet-Matching Statistics: Per ACE scaling limitations:

Table 1. QoS Packet-Matching Statistics: Per ACE Scaling Limitations
Platform ACEs (IPv4 or IPv6)
ASR1000-ESP5, ASR1001, ASR1002-F, ASR1002-X 25,000
ASR1000-ESP10 30,000
ASR1000-ESP20/ESP40/ESP100 30,000
ISR4400 20,000
CSR1000V 1,000

Information About QoS Packet-Matching Statistics

This section provides an overview of the QoS Packet-Matching Statistics: Per Filter feature and the QoS Packet-Matching Statistics: Per ACE feature.

QoS Packet-Matching Statistics: Per Filter Feature Overview

The QoS Packet-Matching Statistics: Per Filter feature allows you to count and display the number of packets and bytes matching a filter.

To define a filter, use the class-map command with the match-any keyword, for example:


class-map match-any my_class
   match ip precedence 4 <-------- User-defined filter
   match qos-group 10 <-------- User-defined filter

Using this information, you can perform the following tasks:

  • Compare the amount of voice traffic with the amount of data traffic on a segment of your network

  • Adjust bandwidth availability

  • Accurately determine billing

  • Troubleshoot service problems

The system collects packet matching statistics in 10-second cycles. If there are many interfaces or sessions, the system collects statistics for about 8000 of them during each cycle. In a scaled configuration, several 10-second cycles may be required to gather all the statistics.

QoS Packet-Matching Statistics: Per ACE Feature Overview

The QoS Packet-Matching Statistics: Per ACE feature allows you to track and display the number of packets and bytes matching individual ACEs that are used in QoS policies (access groups used in class maps).

This feature provides hit counters for ACEs used in QoS policies. When this feature is enabled, it will add QoS hit counters for the ACEs used in a QoS policy to the existing security access list counters for that particular ACE. The access list counters can be seen in the following command output:

Router# show ip access-lists

Extended IP access list A1
    10 permit ip 32.1.1.0 0.0.0.255 any (129580275 matches)
Extended IP access list A6and7
    10 permit ip 32.1.6.0 0.0.0.255 any (341426749 matches)
    20 permit ip 32.1.7.0 0.0.0.255 any (398245767 matches)
Extended IP access list source
    10 permit ip any host 16.1.1.5 (16147976 matches)

The QoS hit counters (for the ACEs used in QoS policies) will be added to the access list counters. We recommend that you pay attention to the following points when you enable this feature:

  • Access list counts are not interface specific, as can be seen in the output of the show ip access-lists command (there is no mention of interface). They are aggregate counters of all the hits, for all the features that use the ACEs and support the counts, across all interfaces and directions.

  • Interface-specific counts are provided in the existing QoS command(show policy-map interface) if the QoS Packet-Matching Statistics: Per Filter feature is enabled. However, the command specified previously shows only the counts per filter (ACL or access group), not per ACE, as can be seen in the following sample output:

Router# show access-lists  
       
Extended IP access list A1
    10 permit ip 32.1.1.0 0.0.0.255 any (2000 matches)

Router# show policy-map interface GigabitEthernet0/0/2

  Service-policy input: simple

    Class-map: A1-class (match-all)
      1000 packets, 124000 bytes
      5 minute offered rate 4000 bps
      Match: access-group name A1

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 261000 bps, drop rate 0 bps
      Match: any 
  • If an ACE is present in a QoS filter (match statement within a class map), but the packet does not match the statement, the ACE counter will not be incremented for that packet. This can happen if:
    • The ACE is used in a deny statement.

    • Other matching criteria in a match-all class map definition (such as match ip prec 1) prevent the packet from matching the class.

    • Other matching criteria in a match-any class map definition (such as match ip prec 1) match the packet and keep it from matching the ACE match criteria. (This filter precedes the ACE filter and the packet matches both the statements).

  • Access list counts are an aggregate (for a particular ACE) of the hit counts for all the features using that ACE, and support the per ACE counts. (In Cisco IOS XE3.10, only Security and QoS ACLs support per ACE counts, but that may change in future releases). Therefore, it is possible that a single packet will hit (and be counted by) multiple features using the same ACE and hence result in multiple counts for the same packet (as it traverses each feature). The following is an example of this:

ip access-list extended A1
  permit ip 32.1.1.0 0.0.0.255 any
class-map match-all A1-class
  match access-group name A1

interface GigabitEthernet0/0/2
 ip address 32.0.0.1 240.0.0.0
 ip access-group A1 in
 duplex auto
 speed auto
 media-type rj45
 no negotiation auto
 service-policy input simple


Router# show access-lists         

Extended IP access list A1
    10 permit ip 32.1.1.0 0.0.0.255 any (2000 matches)

Router# show policy-map interface GigabitEthernet0/0/2 

  Service-policy input: simple

    Class-map: A1-class (match-all)
      1000 packets, 124000 bytes
      5 minute offered rate 4000 bps
      Match: access-group name A1

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 261000 bps, drop rate 0 bps
      Match: any 

How to Configure QoS Packet-Matching Statistics

This section provides information about how to configure QoS Packet-Matching Statistics.

Configuring QoS Packet-Matching Statistics: Per Filter

Before you begin

  • Before enabling the QoS Packet-Matching Statistics: Per Filter feature, ensure that no policy-maps are associated with the interfaces on the system. If they are, the system returns the following message:


Either a) A system RELOAD or
       b) Remove all service-policies, re-apply the change
            to the statistics, re-apply all service-policies
			is required before this command will be activated.

  • Before enabling the QoS Packet-Matching Statistics: Per Filter feature, ensure that you have defined a filter that is using the class-map command with the match-any keyword.


Note


Enabling the QoS Packet-Matching Statistics: Per Filter feature may increase CPU utilization on a scaled configuration. Before enabling the QoS Packet-Matching Statistics: Per Filter feature, weigh the benefits of the statistics information against an increase in CPU utilization for your system.


To configure the QoS Packet-Matching Statistics: Per Filter feature, perform the following procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. platform qos match-statistics per-filter
  4. interface interface -name
  5. service-policy {input | output} policy-map-name
  6. end
  7. show policy-map interface interface-name
  8. configure terminal
  9. interface interface-name
  10. no service-policy {input | output} policy-map-name
  11. exit
  12. no platform qos match-statistics per-filter
  13. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables the privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters the global configuration mode.

Step 3

platform qos match-statistics per-filter

Example:


Router(config)# platform qos match-statistics per-filter

Enables the QoS Packet-Matching Statistics: Per Filter feature.

Step 4

interface interface -name

Example:

Router(config)# interface GigabitEthernet0/0/0

Specifies the interface for attaching the policy-map.

Step 5

service-policy {input | output} policy-map-name

Example:

Router(config-if)# service-policy input pol1

Attaches a QoS policy-map to the interface. The QoS Packet Matching Statistics feature should be enabled before attaching any QoS policies.

Step 6

end

Example:


Router# end

Exits the configuration mode.

Step 7

show policy-map interface interface-name

Example:


Router# show policy-map interface serial4/0/0

Displays the packet statistics of all the classes that are configured for all the service policies that are present on the specified interface, subinterface, or a specific permanent virtual circuit (PVC) on the interface.

Step 8

configure terminal

Example:


Router# configure terminal

Enters the global configuration mode.

Step 9

interface interface-name

Example:

Router(config)# interface GigabitEthernet0/0/0

Specifies the interface for removing the policy-map.

Step 10

no service-policy {input | output} policy-map-name

Example:

Router(config-if)# no service-policy input pol1

Removes a QoS policy-map from an interface. All the QoS policies should be removed from the interfaces before the QoS Packet Matching Statistics feature can be disabled.

Step 11

exit

Example:

Router(config-if)# exit

Exits the interface configuration mode.

Step 12

no platform qos match-statistics per-filter

Example:


Router(config)# no platform qos match-statistics per-filter

Disables the QoS Packet-Matching Statistics: Per Filter feature.

Step 13

end

Example:


Router# end

Exits the configuration mode.

Examples

Use the show policy-map interface command to display the packet statistics of all the classes that are configured for all the service policies that are present on the specified interface, subinterface, or a specific PVC on the interface:


Router# show policy-map interface gig1/1/0

 GigabitEthernet1/1/0 
  Service-policy input: pol1					! target = gig1/1/0,input 
    Class-map: class1 (match-any)  
      1000 packets, 40000 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: ip precedence 1 <-------- User-defined filter
        800 packets, 32000 bytes <-------- Filter matching results
      Match: ip precedence 2 <-------- User-defined filter
        200 packets, 8000 bytes <-------- Filter matching results
      QoS Set
        ip precedence 7
          No packet marking statistics available
    Class-map: class-default (match-any)  
      500 packets, 20000 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any <-------- User-defined filter
        500 packets, 20000 bytes <-------- Filter matching results

Configuring QoS Packet-Matching Statistics: Per ACE

Before you begin

Before enabling the QoS Packet-Matching Statistics: Per ACE feature, ensure that the QoS Packet-Matching Statistics: Per Filter feature has been enabled.

The following example shows how to check the feature status by using the show platform hardware qfp active feature qos configuration global command:

Router# show platform hardware qfp active feature qos configuration global
Marker statistics are: disabled
Match per-filter statistics are: enabled <<<<<<<
Match per-ace statistics are: enabled <<<<<<
Performance-Monitor statistics are: disabled

To configure the QoS Packet-Matching Statistics: Per ACE feature, perform the following procedure:

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. platform qos match-statistics per-filter
  4. platform qos match-statistics per-ace
  5. interface interface-name
  6. service-policy{input|output}policy-map-name
  7. end
  8. show policy-map interface interface-name
  9. show access-lists
  10. configure terminal
  11. interface interface-name
  12. no service-policy{input|output}policy-map-name
  13. exit
  14. no platform qos match-stat per-ace
  15. no platform qos match-statistics per-filter
  16. end

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Router> enable

Enables the privileged EXEC mode.

Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters the global configuration mode.

Step 3

platform qos match-statistics per-filter

Example:

Router(config)# platform qos match-statistics per-filter

Enables the QoS Packet-Matching Statistics: Per Filter feature.

Step 4

platform qos match-statistics per-ace

Example:

Router(config)# platform qos match-statistics per-ace

Enables the QoS Packet-Matching Statistics: Per ACE feature.

Step 5

interface interface-name

Example:

Router(config)# interface GigabitEthernet0/0/0

Specifies the interface for attaching the policy-map.

Step 6

service-policy{input|output}policy-map-name

Example:

Router(config-if)# service-policy input pol1

Attaches a QoS policy-map to an interface. The QoS Matching Statistics feature should be enabled before attaching QoS policies.

Step 7

end

Example:


Router# end

Exits the configuration mode.

Step 8

show policy-map interface interface-name

Example:


Router# show policy-map interface serial4/0/0

Displays the packet statistics pertaining to all the classes that are configured for all the service policies either on the specified interface, subinterface, or on a specific PVC on the interface.

Step 9

show access-lists

Example:

Router# show access-lists

Displays the contents of current access lists, including the QoS Packet-Matching Statistics: Per ACE.

Step 10

configure terminal

Example:


Router# configure terminal

Enters the global configuration mode.

Step 11

interface interface-name

Example:

Router(config)# interface GigabitEthernet0/0/0

Specifies the interface for removing the policy-map.

Step 12

no service-policy{input|output}policy-map-name

Example:

Router(config-if)# no service-policy input pol1

Removes a QoS policy-map from an interface. All the QoS policies should be removed from the interfaces before the QoS Matching Statistics feature can be disabled.

Step 13

exit

Example:

Router(config-if)# exit

Exits the interface configuration mode.

Step 14

no platform qos match-stat per-ace

Example:


Router(config)# no platform qos match-stat per-ace

Disables the QoS Packet-Matching Statistics: Per ACE feature.

Step 15

no platform qos match-statistics per-filter

Example:

Router(config)# no platform qos match-statistics per-filter

Disables the QoS Packet-Matching Statistics: Per Filter feature.

Step 16

end

Example:


Router# end

Exits the configuration mode.

Example

Use the show policy-map interface command to display the per-filter statistics of all the classes that are configured for all the service policies on the specified interface, subinterface, or on a specific PVC on the interface:


Router# show policy-map interface GigabitEthernet0/0/2

 
  Service-policy input: test-match-types

    Class-map: A1orA2-class (match-any)
      482103366 packets, 59780817384 bytes
      5 minute offered rate 6702000 bps
      Match: access-group name A1
        62125633 packets, 7703578368 bytes
        5 minute rate 837000 bps
      Match: access-group name A2
        419977732 packets, 52077238892 bytes
        5 minute rate 5865000 bps

    Class-map: A3andprec1-class (match-all)
      5673520 packets, 703516480 bytes
      5 minute offered rate 837000 bps
      Match: access-group name A3
      Match: ip precedence 1 

    Class-map: A5-class (match-all)
      227101820 packets, 28160625680 bytes
      5 minute offered rate 3351000 bps
      Match: access-group name A5

    Class-map: A6and7-class (match-all)
      627615840 packets, 77824340228 bytes
      5 minute offered rate 9215000 bps
      Match: access-group name A6and7

    Class-map: A3-class (match-all)
      111548288 packets, 13831987712 bytes
      5 minute offered rate 1675000 bps
      Match: access-group name A3

    Class-map: A4andsource (match-all)
      16115590 packets, 1998333160 bytes
      5 minute offered rate 2513000 bps
      Match: access-group name A4
      Match: access-group name source

    Class-map: class-default (match-any)
      164881212 packets, 20445270288 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 

Use the show ip access-lists command to display the contents of current access lists (which includes the QoS Packet-Matching Statistics: Per ACE):

Router# show ip access-lists

Extended IP access list A1
    10 permit ip 32.1.1.0 0.0.0.255 any (129580275 matches)
Extended IP access list A2
    10 permit ip 32.1.2.0 0.0.0.255 any (486342300 matches)
Extended IP access list A3
    10 permit ip 32.1.3.0 0.0.0.255 any (306738457 matches)
Extended IP access list A4
    10 permit ip 32.1.4.0 0.0.0.255 any (16147975 matches)
Extended IP access list A5
    10 permit ip 32.1.5.0 0.0.0.255 any (294357455 matches)
Extended IP access list A6and7
    10 permit ip 32.1.6.0 0.0.0.255 any (341426749 matches)
    20 permit ip 32.1.7.0 0.0.0.255 any (398245767 matches)
Extended IP access list source
    10 permit ip any host 16.1.1.5 (16147976 matches)

Troubleshooting Tips

To confirm that the QoS: Packet Matching Statistics feature is enabled, use the show platform hardware qfp active feature qos config global command. If the feature is disabled, you should see a message similar to the following:

Router# show platform hardware qfp active feature qos config global


Marker statistics are: enabled
Match per filter statistics are: enabled

Example: Configuring a QoS Packet-Matching Statistics: Per Filter

The following example shows how to configure a QoS Packet-Matching Statistics: Per Filter, perform the following tasks:

  • Define a QoS packet matching filter

  • Display the show policy-map interface command output


Router# show policy-map interface Tunnel1 

  Service-policy output: DATA-OUT-PARENT
    Class-map: class-default (match-any)
      4469 packets, 4495814 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any <-------- User-defined filter
      Queueing
      queue limit 416 packets 
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 4469/4558380
      shape (average) cir 100000000, bc 400000, be 400000
      target shape rate 100000000
      Service-policy : DATA-OUT
        queue stats for all priority classes:
          Queueing
          queue limit 200 packets
          (queue depth/total drops/no-buffer drops) 0/0/0
          (pkts output/bytes output) 4469/4558380
        Class-map: ATM-VTI-RIP-SPK1-DATA (match-any)
          4469 packets, 4495814 bytes <-------- Filter matching results
          5 minute offered rate 0000 bps, drop rate 0000 bps
          Match: access-group 121 <-------- User-defined filter
            4469 packets, 4495814 bytes <-------- Filter matching results 
            5 minute rate 0 bps
          QoS Set
            ip precedence 3
              Packets marked 4469
          Priority: 100 kbps, burst bytes 2500, b/w exceed drops: 0

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

Quality of service commands

Cisco IOS Quality of Service Command Reference

Standards

Standard

Title

No new or modified standards are supported, and support for existing standards has not been modified.

--

MIBs

MIB

MIBs Link

CISCO-CLASS-BASED-QOS-MIB

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

No new or modified RFCs are supported, and support for existing RFCs has not been modified.

--

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for QoS Packet-Matching Statistics

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 2. Feature Information for QoS Packet-Matching Statistics

Feature Name

Releases

Feature Information

QoS Packet-Matching Statistics: Per Filter

Cisco IOS XE Release 3.3S

The QoS Packet-Matching Statistics: Per Filter feature allows you to count and display the number of packets matching individual filters (match statements) used in class-maps within QoS service policies that have.

The following commands were introduced or modified:
  • platform qos match-statistics per-filter

  • no platform qos match-statistics per-filter

  • show platform hardware qfp active feature qos config global

QoS Packet-Matching Statistics: Per ACE

Cisco IOS XE Release 3.10S

The QoS Packet-Matching Statistics: Per ACE feature allows you to track and display the number of packets and bytes matching individual ACEs that are used in QoS policies (access groups used in class maps).

The following command was introduced:

platform qos match-statistics per-ace