Posted on March 5, 2020 9:07 pm
 |  Asked by François Lieuze
 |  66 views
Tags:
0
0
Print Friendly, PDF & Email

Hi Guys,

I need to prepare a QoS configuration on a 7504R with 7500R and 7500R2 linecards (Jericho and Jericho+) and I don’t have access to the switches, so I would like to clarify a couple of points.

First of all, most of the time, classification will be done by an ACL. Do you know if the following limitations still apply to 7500R ? :

Layer 4 port ranges are not supported for ACL based QoS. The ranges will be expanded into multiple TCAM rules and programmed in the hardware

User cannot apply more than 31 QoS service policies per chip on L3 interfaces

Then, the documentation states that, for Jericho platforms  : “The port-trust default for switched ports is CoS. The port-trust default for routed ports is DSCP.”

Let say I have a policy map which call classes which use ACL and then set a DSCP (pretty basic).

What will happen if I receive a traffic without any QoS tag on a L2 802.1Q interface where this policy-map is applied ? The switch will use the Cos to traffic class map or the DSCP to traffic class map (I guess the first one)  ?  Should I apply the policy map on the physical L2 interface or the SVI interface ?

Globally, the policy-map will be used to set the values and the trust mode will determine which one I use to derive the traffic-class if I’m not mistaken.

Finally, when leaving the egress interface, the CoS will be rewritten according to the Traffic Class to CoS Rewrite map and the DSCP will not be rewritten, right ?

Thanks for your help.

BR,

François

0
Posted by Kenneth Finnegan
Answered on March 10, 2020 10:15 pm

François,

I poked at this a little bit.

Layer 4 port ranges are not supported for ACL based QoS. The ranges will be expanded into multiple TCAM rules and programmed in the hardware

This doesn't seem to apply to the 7500R. I tried it on one of the devices in our lab:
System has 12 card slots
Module Model HW Version Serial Number Mfg Date Epoch
----------------- --------------------- ---------------- ------------------- ---------------- -----
Supervisor1 DCS-7500-SUP2-D 14.10 SSJ16332327 2016-10-12 01.00
Supervisor2 DCS-7500-SUP2 04.10 JPE16181470 2016-05-14 00.00
Linecard3 7500R2M-36CQ-LC 21.01 SSJ17332910 2017-12-20 02.00
Linecard4 7500R-48S2CQ-LC 11.01 SSJ16491858 2017-01-31 01.00
Linecard5 7500E-48S-LC 02.00 JPE15252683 2015-06-26 00.00
Linecard6 Not Inserted
Fabric1 7504R-FM 11.01 SSJ16462728 2016-12-02 01.00
Fabric2 7504R-FM 11.01 SSJ16462653 2017-01-13 01.00
Fabric3 7504R-FM 11.01 SSJ17094315 2017-03-13 01.00
Fabric4 7504R-FM 11.01 SSJ16311890 2016-08-22 01.00
Fabric5 7504R-FM 11.01 SSJ16350132 2017-03-07 01.00
Fabric6 7504R-FM 11.01 SSJ17094535 2017-03-13 01.00

With this config to classify flows from Et 3/2/1 towards 3/3/1:

SW2(s1)...21:25:06#show run
! Command: show running-config
! device: SW2 (DCS-7504N, EOS-4.23.0F)
!
! boot system flash:/EOS-4.23.0F.swi
!
[....SNIP....]
!
qos profile qprof-test1
service-policy type qos input pm-test1
!
vlan 10,20
!
interface Ethernet3/2/1
load-interval 5
switchport access vlan 10
service-profile qprof-test1
qos trust dscp
!
interface Ethernet3/3/1
switchport access vlan 20
!
interface Vlan10
ip address 10.1.10.1/24
!
interface Vlan20
ip address 10.1.20.1/24
!
ip access-list test1
10 permit tcp any any range 4000 4040
30 permit tcp any host 10.1.20.10 range 49000 50010
!
ip routing
!
class-map type qos match-any cm-test1
match ip access-group test1
!
policy-map type quality-of-service pm-test1
class cm-test1
set dscp 34
set traffic-class 3
!
class class-default
!
end

And after applying that QoS profile, I see the TCAM using l4port ranges:

SW2(s1)...21:39:09#show platform jericho acl tcam hw
================================================================================
Jericho3/0 Bank 0 Type: dbIpQos
================================================================================
-----------------------------------------------------------------------
|Offs|X|L4OPS |VQ|DPRT|SPRT|CL|TC|PP|PR|F|V4_DIP |V4_SIP |V|ACT |H|
-----------------------------------------------------------------------
|0 |0|800000| | | | | |04|06|0| | |3|800007|0|
| |0|ffffff| | | | | |04|06|0| | |3|000088|0|
|1 |0|400000| | | | | |04|06|0|0a01140a| |3|800007|0|
| |0|ffffff| | | | | |04|06|0|0a01140a| |3|000088|0|
|2 |0| | | | | | |04| | | | |3|000000|0|
| |0| | | | | | |04| | | | |3|000000|0|
-----------------------------------------------------------------------
SW2(s1)...21:39:28#show platform jericho acl l4ops hw
========================================
L4OPS Table : Jericho3/0
========================================
------------------------------------
|Offset|SrcMin|SrcMax|DstMin|DstMax|
------------------------------------
|0 |0400 |ffff |0000 |ffff |
|1 |0000 |ffff |0400 |ffff |
|2 |0000 |ffff |0000 |ffff |
|3 |0000 |ffff |0000 |ffff |
|4 |0000 |ffff |0000 |ffff |
|5 |0000 |ffff |0000 |ffff |
|6 |0000 |ffff |0000 |ffff |
|7 |0000 |ffff |0000 |ffff |
|8 |0000 |ffff |0000 |ffff |
|9 |0000 |ffff |0000 |ffff |
|10 |0000 |ffff |0000 |ffff |
|11 |0000 |ffff |0000 |ffff |
|12 |0000 |ffff |0000 |ffff |
|13 |0000 |ffff |0000 |ffff |
|14 |0000 |ffff |0000 |ffff |
|15 |0000 |ffff |0000 |ffff |
|16 |0000 |ffff |0000 |ffff |
|17 |0000 |ffff |0000 |ffff |
|18 |0000 |ffff |0000 |ffff |
|19 |0000 |ffff |0000 |ffff |
|20 |0000 |ffff |0000 |ffff |
|21 |0000 |ffff |0000 |ffff |
|22 |0000 |ffff |bf68 |c35a |
|23 |0000 |ffff |0fa0 |0fc8 |
------------------------------------

Next question:

Let say I have a policy map which call classes which use ACL and then set a DSCP (pretty basic).

What will happen if I receive a traffic without any QoS tag on a L2 802.1Q interface where this policy-map is applied ? The switch will use the Cos to traffic class map or the DSCP to traffic class map (I guess the first one) ?

When you use a QoS service profile to remark, I believe it will skip the ingress traffic class maps, so when you set the new DSCP, you'll also want to set the traffic class. If none of your service profile ACLs match a packet, it will slide down to the "class class-default", which will apply the trust map, so since it's a .1q trunk, it will apply the CoS map. If you'd like to instead have the default behavior be to classify traffic classes based on the dscp, you can apply "qos trust dscp" on the trunk, and it will apply the dscp-to-tc map, despite it being a .1q trunk.

Should I apply the policy map on the physical L2 interface or the SVI interface ?

I'd personally apply everything on the physical interfaces, but the trade-offs for that vs applying to the SVIs will depend on the details of your deployment and design.

Globally, the policy-map will be used to set the values and the trust mode will determine which one I use to derive the traffic-class if I’m not mistaken.

If you use a policy-map to remark values, you'll also need to use it to apply traffic classes. The DSCP/COS-to-TC maps can be used on subsequent switches with trust enabled on their ingress interfaces instead of relying on them using the same policy-maps as your edge.

Finally, when leaving the egress interface, the CoS will be rewritten according to the Traffic Class to CoS Rewrite map and the DSCP will not be rewritten, right ?

I believe cos rewrite on egress is not supported on Jericho either. dscp rewrite is disabled by default, but can be enabled on an interface by "qos rewrite traffic-class to dscp"

Granted, I haven't answered all of your questions, so if I have time, I'll try and get you some more answers internally.

Post your Answer

You must be logged in to post an answer.