Configuring Classification
This chapter contains the following sections:
- Information About Classification
- Ingress Classification Policies
- Licensing Requirements for Classification
- Configuring Classification
- QoS ACL Per-Entry Statistics
- Verifying the Classification Configuration
Information About Classification
Classification is the separation of packets into traffic classes. You configure the device to take a specific action on the specified classified traffic, such as policing or marking down, or other actions.
You can create class maps to represent each traffic class by matching packet characteristics with classification criteria.
Classification Criteria |
Description |
|---|---|
Class map |
Criteria specified in a named class-map object. |
Precedence |
Precedence value within the Type of Service (ToS) byte of the IP Header. |
Differentiated Services Code Point (DSCP) |
DSCP value within the DIffServ field of the IP Header. |
Protocol |
Selected set of protocols, including Address Resolution Protocol (ARP) and Connectionless Network Service (CLNS). |
IP RTP |
Identify applications using Real-time Transport Protocol (RTP) by UDP port number range. |
ACL |
Traffic is classified by the criteria defined in the access control list (ACL). |
| RFC | Title |
|---|---|
| RFC 2474 | Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers |
Ingress Classification Policies
You use classification to partition traffic into classes. You classify the traffic based on the packet property (CoS field) or the packet header fields that include IP precedence, Differentiated Services Code Point (DSCP), and Layer 2 to Layer 4 parameters. The values used to classify traffic are called match criteria.
Traffic that fails to match any class is assigned to a default class of traffic called class-default.
Licensing Requirements for Classification
This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
Configuring Classification
Configuring Class Maps
You can create or modify a class map with the class-map command. The class map is a named object that represents a class of traffic. In the class map, you specify a set of match criteria for classifying the packets. You can then reference class maps in policy maps.
 Note | The class map type default is type qos and its match criteria default is match-all. |
Configuring CoS Classification
You can classify traffic based on the class of service (CoS) in the IEEE 802.1Q header. This 3-bit field is defined in IEEE 802.1p to support QoS traffic classes. CoS is encoded in the high order 3 bits of the VLAN ID Tag field and is referred to as user_priority.
Note | The Cisco Nexus 2148 Fabric Extender does not support frames with the dot1p vlan 0 tag. |
If a system class is configured with a no-drop function, the match cos command serves an additional purpose. The switch sends the CoS value to the adapter so that the adapter will apply a PFC pause for this CoS value.
The FCoE system class has a default CoS value of 3. You can add a match cos configuration to the FCoE system class to set a different CoS value. A PFC pause will be applied to traffic that matches the new value.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch#
configure terminal
|
Enters global configuration mode. | ||
| Step 2 |
switch(config)#
class-map type qos
class-name
|
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. | ||
| Step 3 |
switch(config-cmap-qos)#
match cos
cos-value
|
Specifies the CoS value to match for classifying packets into this class. You can configure a CoS value in the range of 0 to 7.
| ||
| Step 4 |
switch(config-cmap-qos)#
no match cos
cos-value
| (Optional)
Removes the match from the traffic class. |
This example shows how to classify traffic by matching packets based on a defined CoS value:
switch# configure terminal switch(config)# class-map type qos match-any class_cos switch(config-cmap-qos)# match cos 4, 5-6
Use the show class-map command to display the CoS value class-map configuration:
switch# show class-map class_cos
Configuring Precedence Classification
You can classify traffic based on the precedence value in the type of service (ToS) byte field of the IP header (either IPv4 or IPv6). The following table shows the precedence values:
|
Value |
List of Precedence Values |
|---|---|
<0-7> |
IP precedence value |
|
critical |
Critical precedence (5) |
|
flash |
Flash precedence (3) |
|
flash-override |
Flash override precedence (4) |
|
immediate |
Immediate precedence (2) |
|
internet |
Internetwork control precedence (6) |
|
network |
Network control precedence (7) |
|
priority |
Priority precedence (1) |
|
routine |
Routine precedence (0) |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | switch# configure terminal |
Enters global configuration mode. |
| Step 2 | switch(config)# class-map type qos match-any class-name |
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. |
| Step 3 | switch(config-cmap-qos)#match precedence precedence-values |
Configures the traffic class by matching packets based on precedence values. For a list of precedence values, see the Precedence Values table. |
| Step 4 | switch((config-cmap-qos)# no match precedence precedence-values | (Optional)
Removes the match from the traffic class. For a list of precedence values, see the Precedence Values table. |
This example shows how to classify traffic by matching packets based on the precedence value in the ToS byte field of the IP header:
switch# configure terminal switch(config)# class-map type qos match-any class_precedence switch(config-cmap-qos)# match precedence 1-2, critical
Use the show class-map command to display the IP precedence value class-map configuration:
switch# show class-map class_precedence
Configuring DSCP Classification
|
Value |
List of DSCP Values |
|---|---|
|
af11 |
AF11 dscp (001010)—decimal value 10 |
|
af12 |
AF12 dscp (001100)—decimal value 12 |
|
af13 |
AF13 dscp (001110)—decimal value 14 |
|
af21 |
AF21 dscp (010010)—decimal value 18 |
|
af22 |
AF22 dscp (010100)—decimal value 20 |
|
af23 |
AF23 dscp (010110)—decimal value 22 |
|
af31 |
AF31 dscp (011010)—decimal value 26 |
|
af32 |
AF32 dscp (011100)—decimal value 28 |
|
af33 |
AF33 dscp (011110)—decimal value 30 |
|
af41 |
AF41 dscp (100010)—decimal value 34 |
|
af42 |
AF42 dscp (100100)—decimal value 36 |
|
af43 |
AF43 dscp (100110)—decimal value 38 |
|
cs1 |
CS1 (precedence 1) dscp (001000)—decimal value 8 |
|
cs2 |
CS2 (precedence 2) dscp (010000)—decimal value 16 |
|
cs3 |
CS3 (precedence 3) dscp (011000)—decimal value 24 |
|
cs4 |
CS4 (precedence 4) dscp (100000)—decimal value 32 |
|
cs5 |
CS5 (precedence 5) dscp (101000)—decimal value 40 |
|
cs6 |
CS6 (precedence 6) dscp (110000)—decimal value 48 |
|
cs7 |
CS7 (precedence 7) dscp (111000)—decimal value 56 |
|
default |
Default dscp (000000)—decimal value 0 |
|
ef |
EF dscp (101110)—decimal value 46 |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)#
class-map type qos
class-name
|
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-cmap-qos)#
match dscp
dscp-list
|
Configures the traffic class by matching packets based on the values in the dscp-list variable. For a list of DSCP values, see the Standard DSCP Values table. |
| Step 4 |
switch(config-cmap-qos)#
no match dscp
dscp-list
| (Optional)
Removes the match from the traffic class. For a list of DSCP values, see the Standard DSCP Values table. |
This example shows how to classify traffic by matching packets based on the DSCP value in the DiffServ field of the IP header:
switch# configure terminal switch(config)# class-map type qos match-any class_dscp switch(config-cmap-qos)# match dscp af21, af32Use the show class-map command to display the DSCP class-map configuration:
switch# show class-map class_dscp
Configuring Protocol Classification
You can classify traffic based on the IPv4 Protocol field or the IPv6 Next Header field in the IP header. The following table shows the protocol arguments:
|
Argument |
Description |
|---|---|
|
arp |
Address Resolution Protocol (ARP) |
|
clns_es |
CLNS End Systems |
|
clns_is |
CLNS Intermediate System |
|
dhcp |
Dynamic Host Configuration (DHCP) |
|
ldp |
Label Distribution Protocol (LDP) |
|
netbios |
NetBIOS Extended User Interface (NetBEUI) |
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch#
configure terminal
|
Enters configuration mode. |
| Step 2 |
switch(config)#
class-map type qos
class-name
|
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-cmap-qos)#
match protocol {arp |
clns_es |
clns_is |
dhcp |
ldp |
netbios}
|
Configures the traffic class by matching packets based on the specified protocol. |
| Step 4 |
switch(config-cmap-qos)#
no match protocol
{arp |
clns_es |
clns_is |
dhcp |
ldp |
netbios}
| (Optional)
Removes the match from the traffic class. |
This example shows how to classify traffic by matching packets based on the protocol field:
switch# configure terminal
switch(config)# class-map type qos class_protocol
switch(config-cmap-qos)# match protocol arp
Use the show class-map command to display the protocol class-map configuration:
switch# show class-map class_protocol
Configuring IP RTP Classification
The IP Real-time Transport Protocol (RTP) is a transport protocol for real-time applications that transmits data such as audio or video and is defined by RFC 3550. Although RTP does not use a common TCP or UDP port, you typically configure RTP to use ports 16384 to 32767. UDP communications use an even port and the next higher odd port is used for RTP Control Protocol (RTCP) communications.
You can classify based on UDP port ranges, which are likely to target applications using RTP.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch#
configure terminal
|
Enters global configuration mode. |
| Step 2 |
switch(config)#
class-map type qos
class-name
|
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. |
| Step 3 |
switch(config-cmap-qos)#
match ip rtp
port-number
|
Configures the traffic class by matching packets based on a range of lower and upper UDP port numbers, which is likely to target applications using RTP. Values can range from 2000 to 65535. |
| Step 4 |
switch(config-cmap-qos)#
no match ip rtp
port-number
| (Optional)
Removes the match from the traffic class. |
switch# configure terminal switch(config)# class-map type qos match-any class_rtp switch(config-cmap-qos)# match ip rtp 2000-2100, 4000-4100
Use the show class-map command to display the RTP class-map configuration:
switch# show class-map class_rtp
Configuring ACL Classification
You can classify traffic by matching packets based on an existing access control list (ACL). Traffic is classified by the criteria defined in the ACL. The permit and deny ACL keywords are ignored in the matching; even if a match criteria in the access-list has a deny action, it is still used for matching for this class.
| Command or Action | Purpose | |||
|---|---|---|---|---|
| Step 1 |
switch#
configure terminal
|
Enters global configuration mode. | ||
| Step 2 |
switch(config)#
class-map type qos
class-name
|
Creates a named object that represents a class of traffic. Class-map names can contain alphabetic, hyphen, or underscore characters, are case sensitive, and can be up to 40 characters. | ||
| Step 3 |
switch(config-cmap-qos)#
match access-group
name
acl-name
|
Configures a traffic class by matching packets based on the acl-name. The permit and deny ACL keywords are ignored in the matching.
| ||
| Step 4 |
switch(config-cmap-qos)#
no match access-group
name
acl-name
| (Optional)
Removes the match from the traffic class. |
This example shows how to classify traffic by matching packets based on existing ACLs:
switch# configure terminal
switch(config)# class-map type qos class_acl
switch(config-cmap-qos)# match access-group name acl-01
Use the show class-map command to display the ACL class-map configuration:
switch# show class-map class_acl
QoS ACL Per-Entry Statistics
Starting with Cisco NX-OS Release 7.2(0)N1(1), for ACLs associated with QoS Policy, statistics are shown per ACE.
Due to the way statistics and policers are attached to the TCAM entries, there are certain limitations to viewing the statistics:
- Statistics per ACE in an ACL cannot be viewed if there is more than one ACE in the ACL and a policer is attached to the QoS policy.
- The above limitation applies to qos-based matches as well (for example, match dscp value, match precedence value, and so on).
Example: Enabling QoS Policy Statistics
Statistics will be enabled if the user provides statistics per-entry in the ACL, which is used in QoS Policies.
Switch(config-acl)# show ip access-lists test_ACL1
IPV4 ACL test_ACL1
statistics per-entry
10 permit ip 10.10.10.1/24 20.2.2.2/24 ------>//Operation when a policer is attached//
20 deny ip 40.4.4.4/24 any
30 permit ip 30.3.3.3/24 11.11.11.1/24
Switch(config-acl)#
Switch(config-acl)# class-map type qos test_map
Switch(config-cmap-qos)# match access-group name test_ACL1
Switch(config-cmap-qos)# exit
Switch(config)# policy-map type qos test_pmap
Switch(config-pmap-qos)# class test_map
Switch(config-pmap-c-qos)# set qos-group 4
Switch(config-pmap-c-qos)# conf
Switch(config)# int e1/26
Switch(config-if)# service-policy type qos input test_pmap
Switch(config-if)# conf
Switch(config)# show ip access-lists test_ACL1
IPV4 ACL test_ACL1
statistics per-entry
10 permit ip 10.10.10.1/24 20.2.2.2/24 [match=0]--->//Operation with no policer attached or ACL having only one entry//
20 deny ip 40.4.4.4/24 any [match=0]
30 permit ip 30.3.3.3/24 11.11.11.1/24 [match=0]
Verifying the Classification Configuration
Use one of the following commands to verify the configuration:
Command |
Purpose |
|---|---|
show class-map |
Displays the class maps defined on the switch. |
show policy-map [name] |
Displays the policy maps defined on the switch. Optionally, you can display the named policy only. |
running-config ipqos |
Displays information about the running configuration for QoS. |
startup-config ipqos |
Displays information about the startup configuration for QoS. |
Feedback