Re: 6500 QOS

From: Darby Weaver (ccie.weaver@gmail.com)
Date: Mon Dec 01 2008 - 19:31:30 ARST

• Next message: Darby Weaver: "Re: Priority command"
• Previous message: Jason Madsen: "Re: dhcp client-identifier"
• Maybe in reply to: Rookie Ccie: "6500 QOS"
• Next in thread: Darby Weaver: "Re: 6500 QOS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here are some excerpts from CCO.

Actually if you use the examples from CCO as a template and as a baseline,
you can always modify your classes or queues if you should still feel the
need to.

Catalyst 6500 Global AutoQoS Generated Configuration

set qos autoqos

---------------

set qos enable

set qos policy-source local

set qos ipprec-dscp-map 0 10 18 26 34 46 48 56

set qos cos-dscp-map 0 10 18 26 34 46 48 56

set qos dscp-cos-map 0-7:0 8-15:1 16-23:2 24-31:3 32-39:4 40-47:5
48-55:6 56-63:7

set qos acl default-action ip dscp 0

set qos map 2q2t tx queue 2 2 cos 5,6,7

set qos map 2q2t tx queue 2 1 cos 1,2,3,4

set qos map 2q2t tx queue 1 1 cos 0

set qos drop-threshold 2q2t tx queue 1 100 100

set qos drop-threshold 2q2t tx queue 2 80 100

set qos drop-threshold 1q4t rx queue 1 50 60 80 100

set qos txq-ratio 2q2t 80 20

set qos wrr 2q2t 100 255

set qos map 1p3q1t tx 1 1 cos 0

set qos map 1p3q1t tx 2 1 cos 1,2

set qos map 1p3q1t tx 3 1 cos 3,4

set qos map 1p3q1t tx 3 0 cos 6,7

set qos map 1p3q1t tx 4 cos 5

set qos wrr 1p3q1t 20 100 200

set qos wred 1p3q1t queue 1 70:100

set qos wred 1p3q1t queue 2 70:100

set qos wred 1p3q1t queue 3 70:90

set qos map 1p1q0t rx 1 cos 0,1,2,3,4

set qos map 1p1q0t rx 2 cos 5,6,7

set qos rxq-ratio 1p1q0t 80 20

set qos map 1p2q2t tx 1 2 cos 0

set qos map 1p2q2t tx 2 1 cos 1,2,3,4

set qos map 1p2q2t tx 2 2 cos 6,7

set qos map 1p2q2t tx 3 cos 5

set qos txq-ratio 1p2q2t 75 15 15

set qos wrr 1p2q2t 50 255

set qos wred 1p2q2t queue 1 1 40:70

set qos wred 1p2q2t queue 1 2 70:100

set qos wred 1p2q2t queue 2 1 40:70

set qos wred 1p2q2t queue 2 2 70:100

set qos map 1p1q4t rx 1 1 cos 0

set qos map 1p1q4t rx 1 3 cos 1,2,3,4

set qos map 1p1q4t rx 1 4 cos 6,7

set qos map 1p1q4t rx 2 cos 5

set qos drop-threshold 1p1q4t rx queue 1 50 60 80 100

set qos map 1p2q1t tx 1 1 cos 0

set qos map 1p2q1t tx 2 1 cos 1,2,3,4

set qos map 1p2q1t tx 2 cos 6,7

set qos map 1p2q1t tx 3 cos 5

set qos txq-ratio 1p2q1t 75 15 15

set qos wrr 1p2q1t 50 255

set qos wred 1p2q1t queue 1 70:100

set qos wred 1p2q1t queue 2 70:100

set qos map 1p1q8t rx 1 1 cos 0

set qos map 1p1q8t rx 1 5 cos 1,2

set qos map 1p1q8t rx 1 8 cos 3,4

set qos map 1p1q8t rx 2 cos 5,6,7

set qos wred 1p1q8t queue 1 1 40:70

set qos wred 1p1q8t queue 1 5 60:90

set qos wred 1p1q8t queue 1 8 70:100

set qos rxq-ratio 1p1q8t 80 20

set qos policed-dscp-map 0:0

set qos policed-dscp-map 1:1

set qos policed-dscp-map 2:2

<repetitive output truncated>

set qos policed-dscp-map 61:61

set qos policed-dscp-map 62:62

set qos policed-dscp-map 63:63

set qos policed-dscp-map excess-rate 0:0

set qos policed-dscp-map excess-rate 1:1

set qos policed-dscp-map excess-rate 2:2

set qos policed-dscp-map excess-rate 61:61

set qos policed-dscp-map excess-rate 62:62

set qos policed-dscp-map excess-rate 63:63

====================================
Catalyst 6500 Port-Specific AutoQoS VoIP Trust CoS Generated Configuration

set port qos mod/port autoqos trust cos

---------------

set port qos mod/port policy-source local

set port qos mod/port port-based

set port qos mod/port cos 0

set port qos mod/port cos-ext 0

set port qos mod/port trust-ext untrusted

set port qos mod/port trust-device none

If the port is on a 2Q2T-Tx/1Q4T-Rx (non-GigabitEthernet) linecard, the
configuration is as follows:

set qos acl ip ACL_IP-TRUSTCOS trust-cos any

commit qos acl ACL_IP-TRUSTCOS

set qos acl map ACL_IP-TRUSTCOS mode/port

set port qos mod/port trust trust-cos

If the port type is another port type, the configuration is as follows:

set port qos mod/port trust trust-cos

=========================================

Show QoS Maps Verification for Catalyst 6500 SwitchCatOS

CAT6500-PFC2-CATOS> (enable) show qos maps runtime

CoS - DSCP map:

CoS DSCP

--- ----

  0 0

  1 8

  2 16

  3 24

  4 32

  5 40

  6 48

  7 56

IP-Precedence - DSCP map:

IP-Prec DSCP

------- ----

      0 0

      1 8

      2 16

      3 24

      4 32

      5 40

      6 48

      7 56

DSCP - CoS map:

DSCP CoS

-------------------------------- ---

                             0-7 0

                            8-15 1

                           16-23 2

                           24-31 3

                           32-39 4

                           40-47 5

                           48-55 6

                           56-63 7

DSCP - Policed DSCP map normal-rate:

DSCP Policed DSCP

-------------------------------- ------------

                               1 1

                               2 2

                               3 3

                               4 4

                               5 5

                               6 6

                               7 7

                       0,8,24,46 8

                               9 9

                              10 10

<output truncated>

                              63 63

DSCP - Policed DSCP map excess-rate:

DSCP Policed DSCP

-------------------------------- ------------

                               0 0

                               1 1

                               2 2

                               3 3

                               4 4

                               5 5

<output truncated>

                              63 63
======================================================

Catalyst 6500 Transmit Queuing and Dropping Linecard Options

There are currently six main transmit queuing/dropping options for
Catalyst 6500 linecards:

2Q2TIndicates two standard queues, each with two configurable
tail-drop thresholds.

1P2Q1TIndicates one strict-priority queue and two standard queues,
each with one configurable WRED-drop threshold (however, each standard
queue also has one nonconfigurable tail-drop threshold).

1P2Q2TIndicates one strict-priority queue and two standard queues,
each with two configurable WRED-drop thresholds.

1P3Q1TIndicates one strict-priority queue and three standard queues,
each with one configurable WRED-drop threshold (however, each standard
queue also has one nonconfigurable tail-drop threshold).

1P3Q8TIndicates one strict-priority queue and three standard queues,
each with eight configurable WRED-drop thresholds (however, each
standard queue also has one nonconfigurable tail-drop threshold).

1P7Q8TIndicates one strict-priority queue and seven standard queues,
each with eight configurable WRED-drop thresholds (on 1p7q8t ports,
each standard queue also has one nonconfigurable tail-drop threshold).

Almost all Catalyst 6500 linecards support a strict-priority queue and
when supported, the switch services traffic in the strict-priority
transmit queue before servicing the standard queues. When the switch
is servicing a standard queue, after transmitting a packet, it checks
for traffic in the strict-priority queue. If the switch detects
traffic in the strict-priority queue, it suspends its service of the
standard queue and completes service of all traffic in the
strict-priority queue before returning to the standard queue.

Additionally, Catalyst 6500 linecards implement CoS-value-based
transmit-queue drop thresholds to avoid congestion in transmitted
traffic. WRED thresholds can also be defined on certain linecards,
where the CoS value of the packet (not the IP Precedence value,
although they likely match) determines the WRED weight. WRED
parameters include a lower and upper threshold: the low WRED threshold
is the queue level where (assigned) traffic begins to be
selectively-dropped and the high WRED threshold is the queue level
above which all (assigned) traffic is dropped. Furthermore, packets in
the queue between the low and high WRED thresholds have an increasing
chance of being dropped as the queue fills.

The Transmit Queuing/Dropping capabilities can be returned by using
the following commands.

CatOS:

show port capabilities

show port qos

show qos info

IOS:

show queueing interface

=============================================
Configuration

The Catalyst 6500 (PFC3) CatOS configurations to configure 1P7Q8T
queuing recommendations are shown below.

Example 2-77 Catalyst 6500 (PFC3) CatOS1P7Q8T Queuing Example

CAT6500-PFC3-CATOS> (enable) set qos txq-ratio 1p7q8t 5 25 10 10 10 5 5 30

        ! Allocates 5% to Q1, 25% to Q2, 10% to Q3, 10% to Q4,

        ! Allocates 10% to Q5, 5% to Q6, 5% to Q7 and 30% to the PQ (Q8)

CAT6500-PFC3-CATOS> (enable) set qos wrr 1p7q8t 5 25 20 20 20 5 5

! Sets the WRR weights for 5:25:20:20:20:5:5 (Q1 through Q7)

CAT6500-PFC3-CATOS> (enable)

CAT6500-PFC3-CATOS> (enable)

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 1 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q1 WRED T1 to 80:100 and all other Q1 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 2 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q2 WRED T1 to 80:100 and all other Q2 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 3 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q3 WRED T1 to 80:100 and all other Q3 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 4 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q4 WRED T1 to 80:100 and all other Q4 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 5 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q5 WRED T1 to 80:100 and all other Q5 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 6 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q6 WRED T1 to 80:100 and all other Q6 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable) set qos wred 1p7q8t tx queue 7 80:100 100:100

100:100 100:100 100:100 100:100 100:100 100:100

! Sets Q7 WRED T1 to 80:100 and all other Q7 WRED Thresholds to 100:100

CAT6500-PFC3-CATOS> (enable)

CAT6500-PFC3-CATOS> (enable)

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 1 1 cos 1

! Assigns Scavenger/Bulk to Q1 WRED Threshold 1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 2 1 cos 0

! Assigns Best Effort to Q2 WRED Threshold 1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 3 1 cos 4

        ! Assigns Video to Q3 WRED Threshold 1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 4 1 cos 2

        ! Assigns Net-Mgmt and Transactional Data to Q4 WRED T1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 5 1 cos 3

! Assigns call signaling and Mission-Critical Data to Q5 WRED T1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 6 1 cos 6

! Assigns Internetwork-Control (IP Routing) to Q6 WRED T1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 7 1 cos 7

! Assigns Network-Control (Spanning Tree) to Q7 WRED T1

CAT6500-PFC3-CATOS> (enable) set qos map 1p7q8t tx 8 cos 5

        ! Assigns VoIP to the PQ (Q4)

CAT6500-PFC3-CATOS> (enable)

Catalyst 6500 (PFC3) CatOS QoS Verification Commands:

show qos info config 1p7q8t tx

show qos info runtime

show qos statistics

The Catalyst 6500 (PFC3) IOS configurations to configure 1P7Q8T queuing
recommendations are shown below.

Example 2-78 Catalyst 6500 (PFC3) IOS1P7Q8T Queuing Example

CAT6500-PFC3-IOS(config)#interface range TenGigabitEthernet4/1 - 4

CAT6500-PFC3(config-if-range)# wrr-queue queue-limit 5 25 10 10 10 5 5

        ! Allocates 5% to Q1, 25% to Q2, 10% to Q3, 10% to Q4,

        ! Allocates 10% to Q5, 5% to Q6 and 5% to Q7

CAT6500-PFC3(config-if-range)# wrr-queue bandwidth 5 25 20 20 20 5 5

! Sets the WRR weights for 5:25:20:20:20:5:5 (Q1 through Q7)

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 1

        ! Enables WRED on Q1

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 2

! Enables WRED on Q2

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 3

! Enables WRED on Q3

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 4

        ! Enables WRED on Q4

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 5

! Enables WRED on Q5

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 6

! Enables WRED on Q6

CAT6500-PFC3(config-if-range)# wrr-queue random-detect 7

! Enables WRED on Q7

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 1 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q1T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 1 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q1T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 2 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q2T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 2 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q2T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 3 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q3T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 3 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q3T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 4 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q4T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 4 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q4T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 5 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q5T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 5 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q5T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 6 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q6T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 6 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q6T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue random-detect min-threshold 7 80

100 100 100 100 100 100 100

! Sets Min WRED Threshold for Q7T1 to 80% and all others to 100%

CAT6500-PFC3(config-if-range)# wrr-queue random-detect max-threshold 7 100

100 100 100 100 100 100 100

! Sets Max WRED Threshold for Q7T1 to 100% and all others to 100%

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)#

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 1 1 1

! Assigns Scavenger/Bulk to Q1 WRED Threshold 1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 2 1 0

! Assigns Best Effort to Q2 WRED Threshold 1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 3 1 4

        ! Assigns Video to Q3 WRED Threshold 1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 4 1 2

        ! Assigns Net-Mgmt and Transactional Data to Q4 WRED T1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 5 1 3

! Assigns call signaling and Mission-Critical Data to Q5 WRED T1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 6 1 6

! Assigns Internetwork-Control (IP Routing) to Q6 WRED T1

CAT6500-PFC3(config-if-range)# wrr-queue cos-map 7 1 7

! Assigns Network-Control (Spanning Tree) to Q7 WRED T1

CAT6500-PFC3(config-if-range)# priority-queue cos-map 1 5

! Assigns VoIP to the PQ (Q4)

CAT6500-PFC3(config-if-range)#end

CAT6500-PFC3-IOS#

Catalyst 6500 MLS QoS Verification Commands:

show queueing interface
Catalyst 6500PFC3 Distribution-Layer (IOS) Per-User Microflow Policing

In general, superior defense strategies have multiple lines of defense. In
the context of the campus designs that have been considered, there is a main
line of defense against DoS/worm attack traffic at the access layer edges.
This line of defense can be bolstered at the distribution layer whenever
Catalyst 6500 Sup720s (PFC3s) are deployed there. This can be done by
leveraging the PFC3 feature of Per-User Microflow Policing.

In the example below, traffic has been assumed to be correctly classified.
This may or may not be a valid assumption. If it is suspected to be invalid,
then ACLs should be used to identify the flows (instead of DSCP markings).
In either case, various flow-types can be filtered as they arrive at the
distribution layer to see if they conform to the normal limits that have
been set for the enterprise. Each flow is examined by source IP Address and
if a source is transmitting out-of-profile, the excess traffic can be
dropped or marked-down. In this manner, spurious flows can be contained even
in the case that access layer switches do not support granular policing
(such as the Catalyst 2950, as discussed earlier in this chapter) or in the
case that policing has been mis-configured on an access layer switch.

In this manner, the distribution layer Catalyst 6500 PFC3 can catch any
DoS/worm attack flows that may have slipped through the access layer net.

Example 2-79 Catalyst 6500 (PFC3) IOSDistribution-Layer Per-User Microflow
Policing

CAT6500-PFC3-IOS(config)#mls qos map policed-dscp normal 0 24 26 34 36 to 8

! Excess traffic marked 0,CS3,AF31,AF41 or AF42 will be remarked to CS1

CAT6500-PFC3-IOS(config)#

CAT6500-PFC3-IOS(config)#class-map match-all VOIP

CAT6500-PFC3-IOS(config-cmap)# match ip dscp ef

CAT6500-PFC3-IOS(config-cmap)#class-map match-all INTERACTIVE-VIDEO

CAT6500-PFC3-IOS(config-cmap)# match ip dscp af41 af42

CAT6500-PFC3-IOS(config-cmap)#class-map match-all CALL-SIGNALING

CAT6500-PFC3-IOS(config-cmap)# match ip dscp cs3 af31

CAT6500-PFC3-IOS(config-cmap)#class-map match-all BEST-EFFORT

CAT6500-PFC3-IOS(config-cmap)# match ip dscp 0

CAT6500-PFC3-IOS(config-cmap)#

CAT6500-PFC3-IOS(config-cmap)#policy-map PER-USER-POLICING

CAT6500-PFC3-IOS(config-pmap)# class VOIP

CAT6500-PFC3-I(config-pmap-c)# police flow mask src-only 128000 8000

conform-action transmit exceed-action drop

! No source can send more than 128k worth of DSCP EF traffic

CAT6500-PFC3-I(config-pmap-c)# class INTERACTIVE-VIDEO

CAT6500-PFC3-I(config-pmap-c)# police flow mask src-only 500000 8000

conform-action transmit exceed-action policed-dscp-transmit

! Excess IP/VC traffic from any source is marked down to CS1

CAT6500-PFC3-I(config-pmap-c)# class CALL-SIGNALING

CAT6500-PFC3-I(config-pmap-c)# police flow mask src-only 32000 8000

conform-action transmit exceed-action policed-dscp-transmit

  ! Excess call signaling traffic from any source is marked down to CS1

CAT6500-PFC3-I(config-pmap-c)# class BEST-EFFORT

CAT6500-PFC3-I(config-pmap-c)# police flow mask src-only 5000000 8000

conform-action transmit exceed-action policed-dscp-transmit

! Excess PC Data traffic from any source is marked down to CS1

CAT6500-PFC3-I(config-pmap-c)# exit

CAT6500-PFC3-IOS(config-pmap)#exit

CAT6500-PFC3-IOS(config)#

CAT6500-PFC3-IOS(config)#interface range GigabitEthernet4/1 - 4

CAT6500-PFC3(config-if-range)# mls qos trust dscp

CAT6500-PFC3(config-if-range)# service-policy input PER-USER-POLICING

        ! Attaches Per-User Microflow policing policy to Uplinks from Access

CAT6500-PFC3(config-if-range)#end

CAT6500-PFC3-IOS#

Catalyst 6500 MLS QoS Verification Commands:

show mls qos

show class-map

show policy-map

show policy interface

Blogs and organic groups at http://www.ccie.net

• Next message: Darby Weaver: "Re: Priority command"
• Previous message: Jason Madsen: "Re: dhcp client-identifier"
• Maybe in reply to: Rookie Ccie: "6500 QOS"
• Next in thread: Darby Weaver: "Re: 6500 QOS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST