- Index
- Preface
- Product Overview
- Virtual Switching Systems (VSS)
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- Virtual Private LAN Services (VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Overview
- PFC QoS Guidelines and Restrictions
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Migrating From a 12.2SX QoS Configuration
Restrictions for PFC QoS
- General Guidelines
- PFC and DFC Guidelines
- Class Map Command Restrictions
- Policy Map Class Command Restrictions
- Supported Granularity for CIR and PIR Rate Values
- Supported Granularity for CIR and PIR Token Bucket Sizes
- IP Precedence and DSCP Values
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11845/prod_command_reference_list.html
- Cisco IOS Release 15.0SY supports only Ethernet interfaces. Cisco IOS Release 15.0SY does not support any WAN features or commands.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
General Guidelines
- With Release 15.0(1)SY1 and later releases, you can increase the supported number of QoS TCAM entries:
Changes to the supported number of QoS TCAM entries take effect after a reload. Enter the show platform hardware acl global-config command to display the QoS TCAM entry configuration:
Enter the show platform hardware pfc mode command to display the PFC mode.
- PFC QoS supports IGMP, MLD, and PIM traffic.
- The match ip precedence and match ip dscp commands filter only IPv4 traffic.
- The match precedence and match dscp commands filter IPv4 and IPv6 traffic.
- The set ip dscp and set ip precedence commands are saved in the configuration file as set dscp and set precedence commands.
- PFC QoS supports the set dscp and set precedence policy map class commands for IPv4 and IPv6 traffic.
- The flowmask requirements of QoS, NetFlow, and NetFlow data export (NDE) might conflict, especially if you configure microflow policing.
- With egress ACL support for remarked DSCP and VACL capture both configured on an interface, VACL capture might capture two copies of each packet, and the second copy might be corrupt.
- You cannot configure egress ACL support for remarked DSCP on tunnel interfaces.
- Egress ACL support for remarked DSCP supports IP unicast traffic.
- Egress ACL support for remarked DSCP is not relevant to multicast traffic. PFC QoS applies ingress QoS changes to multicast traffic before applying egress QoS.
- NetFlow and NetFlow data export (NDE) do not support interfaces where egress ACL support for remarked DSCP is configured.
- When egress ACL support for remarked DSCP is configured on any interface, you must configure an interface-specific flowmask to enable NetFlow and NDE support on interfaces where egress ACL support for remarked DSCP is not configured. Enter either the platform flow ip interface-destination-source or the platform flow ip interface-full global configuration mode command.
- Interface counters are not accurate on interfaces where egress ACL support for remarked DSCP is configured.
- You cannot apply microflow policing to traffic that has been permitted by egress ACL support for remarked DSCP.
- Traffic that has been permitted by egress ACL support for remarked DSCP cannot be tagged as MPLS traffic. (The traffic can be tagged as MPLS traffic on another network device.)
- When you apply both ingress policing and egress policing to the same traffic, both the input policy and the output policy must either mark down traffic or drop traffic. PFC QoS does not support ingress markdown with egress drop or ingress drop with egress markdown. (CSCea23571)
- If traffic is both aggregate and microflow policed, then the aggregate and microflow policers must both be in the same policy-map class and each must use the same conform-action and exceed-action keyword option: drop, set-dscp-transmit, set-prec-transmit, or transmit.
- You cannot configure PFC QoS features on tunnel interfaces.
- PFC QoS does not rewrite the payload ToS byte in tunnel traffic.
- PFC QoS filters only by ACLs, dscp values, or IP precedence values.
- For these commands, PFC QoS applies identical configuration to all LAN ports controlled by the same application-specific integrated circuit (ASIC):
- Except for WS-X6904-40G-2T, WS-X6908-10GE, WS-X6816-10T-2T, WS-X6716-10T, WS-X6816-10G-2T, WS-X6716-10GE, WS-X6704-10GE, WS-X6848-SFP-2T, WS-X6748-SFP, WS-X6824-SFP-2T, WS-X6724-SFP, WS-X6848-TX-2T, WS-X6748-GE-TX modules, PFC QoS applies identical configuration to all LAN ports controlled by the same application-specific integrated circuit (ASIC) for these commands:
– wrr-queue random-detect min-threshold
– wrr-queue random-detect max-threshold
- Configure these commands only on physical ports. Do not configure these commands on logical interfaces:
– wrr-queue random-detect max-threshold
– wrr-queue random-detect min-threshold
– rcv-queue random-detect max-threshold
– rcv-queue random-detect min-threshold
Note IP multicast switching using egress packet replication is not compatible with QoS. In some cases, egress replication can result in the incorrect COS or DSCP marking of packets. If you are using QoS and your switching modules are capable of egress replication, enter the platform ip multicast replication-mode ingress command to force ingress replication.
PFC and DFC Guidelines
- The PFC and DFCs support QoS for IPv6 unicast and multicast traffic.
- To display information about IPv6 PFC QoS, enter the show platform qos ipv6 command.
- The QoS features implemented in the port ASICs (queue architecture and dequeuing algorithms) support IPv4 and IPv6 traffic.
- The PFC and DFCs support IPv6 named extended ACLs and named standard ACLs.
- The PFC and DFCs support the match protocol ipv6 command.
- With egress ACL support for remarked DSCP configured, the PFC and DFCs do not provide hardware-assistance for these features:
– Network Address Translation (NAT)
- You cannot apply microflow policing to ARP traffic.
- The PFC and DFCs do not apply egress policing to traffic that is being bridged to the RP.
- The PFC and DFCs do not apply egress policing or egress DSCP mutation to multicast traffic from the RP.
- PFC QoS does not rewrite the ToS byte in bridged multicast traffic.
- The PFC and DFCs support up to 1022 aggregate policers, but some PFC QoS commands other than the police command will be included in this count. By default, any policy using a set or trust command will be included in the aggregate policer count. You can disable the addition of the set or trust commands to the aggregate policer count by entering the no platform qos marking statistics command, but you will then be unable to collect statistics for the classmaps associated with these commands. You can view the aggregate policer count in the QoS Policer Resources section of the output of the show platform hardware capacity qos command.
Class Map Command Restrictions
- PFC QoS supports a single match command in class-map match-all class maps, except that the match protocol command can be configured in a class map with the match dscp or match precedence command.
- PFC QoS supports multiple match commands in class-map match-any class maps.
Note PFC QoS supports a maximum of 9 commands that match DSCP or IP precedence values in class maps and ACLs.
Policy Map Class Command Restrictions
Supported Granularity for CIR and PIR Rate Values
|
|
---|---|
Within each range, PFC QoS programs the PFC with rate values that are multiples of the granularity values.
Supported Granularity for CIR and PIR Token Bucket Sizes
|
|
---|---|
Within each range, PFC QoS programs the PFC with token bucket sizes that are multiples of the granularity values.
IP Precedence and DSCP Values
Precedence |
|
DSCP |
|
Precedence |
|
DSCP |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|||||
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum