RE: 3550&3560 QoS

From: Bob Sinclair (bsinclair@netmasterclass.net)
Date: Tue Jan 16 2007 - 09:55:03 ART

Eli,

Thanks for the clarity. I get your same result on the 3550; I had tried on
a 3560. Apparently another difference between the two:

3550: dscp-mutation map is applied per group of 12 ports
3560: dscp-mutation map is applies per interface

Bob Sinclair
CCIE 10427 CCSI 30427
www.netmasterclass.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Eli
Kosharovsky
Sent: Tuesday, January 16, 2007 2:43 AM
To: 'Bob Sinclair'; ccielab@groupstudy.com
Subject: RE: 3550&3560 QoS

Hi Bob,

Thanks for your help.

Here is a quote from the DocCD:

You can apply the map to different Gigabit-capable Ethernet ports. However,
on 10/100 Ethernet ports, you can attach only one DSCP-to-DSCP-mutation map
to a group of twelve ports. For example, Fast Ethernet ports 1 to 12 are a
group, Fast Ethernet ports 13 to 24 are a group, Gigabit Ethernet 1 is a
group, and Gigabit Ethernet 2 is a group. When applying a mutation map to
any port in a group, all ports in the same group are automatically
configured with the same map.

I can confirm that my 3550 running 122-25.SED IOS actually do apply the map
to all the group ports:

Cat1#sh run int fa0/1
Building configuration...

Current configuration : 84 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
end

Cat1#sh run int fa0/2
Building configuration...

Current configuration : 68 bytes
!
interface FastEthernet0/2
 switchport mode dynamic desirable
end

Cat1#sh run int fa0/3
Building configuration...

Current configuration : 68 bytes
!
interface FastEthernet0/3
 switchport mode dynamic desirable
end

Cat1#sh mls qos int fa0/1
FastEthernet0/1
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none

Cat1#sh mls qos int fa0/2
FastEthernet0/2
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none

Cat1#sh mls qos int fa0/3
FastEthernet0/3
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map
Trust device: none

>>>>>>>>>>>>>> No maps can be seen on the interfaces
<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>>>>>>>>>>>>>> Now I add a mutation map to Fa0/1
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Cat1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cat1(config)#int fa0/1
Cat1(config-if)#mls qos dscp-mu
Cat1(config-if)#mls qos dscp-mutation Prec0
Cat1(config-if)#^Z
Cat1#sh mls qos int fa0/2
20:40:54: %SYS-5-CONFIG_I: Configured from console by console
Cat1#sh run int fa0/1
Building configuration...

Current configuration : 113 bytes
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 mls qos dscp-mutation Prec0
end

Cat1#sh run int fa0/2
Building configuration...

Current configuration : 97 bytes
!
interface FastEthernet0/2
 switchport mode dynamic desirable
 mls qos dscp-mutation Prec0
end

Cat1#sh run int fa0/3
Building configuration...

Current configuration : 97 bytes
!
interface FastEthernet0/3
 switchport mode dynamic desirable
 mls qos dscp-mutation Prec0
end

Cat1#sh mls qos int fa0/1
FastEthernet0/1
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Prec0
Trust device: none

Cat1#sh mls qos int fa0/2
FastEthernet0/2
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Prec0
Trust device: none

Cat1#sh mls qos int fa0/3
FastEthernet0/3
trust state: not trusted
trust mode: not trusted
COS override: dis
default COS: 0
DSCP Mutation Map: Prec0
Trust device: none
  
>>>>>>>>>>>>>>> You Can see that the map has been added to fa0/2, fa0/3. I
don't know it hasn't happent when you have tried it. I think that the
limitatin is because of the ASIC's Giga port has an ethernet controler per
port while the 10/100 port have a controler for a group of 12.

Eli

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bob
Sinclair
Sent: Tuesday, January 16, 2007 1:46 AM
To: 'Eli Kosharovsky'; ccielab@groupstudy.com
Subject: RE: 3550&3560 QoS

Hi Eli,

From what I have seen, dscp-mutation maps apply only to the port applied:

Below, I create map "bob" and apply it to F0/1. Note that it is not applied
to f0/2:

CAT3(config)#mls qos map dscp-mutation bob 10 to 12 CAT3(config)#int f0/1
CAT3(config-if)#mls qos dscp-mutation bob CAT3(config-if)#end CAT3#sh mls
qos int f0/1
FastEthernet0/1
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: bob <<<<<<<<<<<<
Trust device: none
qos mode: port-based

CAT3#sh mls qos int f0/2
FastEthernet0/2
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
COS override: dis
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map <<<<<<<<<<<<<<<<<<<
Trust device: none
qos mode: port-based

The only qos parameter I know of that must be applied to a group of ports is
the "mls qos monitor packets" command on the 3550.

In your example, I think you would get the same result from either the MQC
or mutation map approach.

As to whether marking is done on ingress or egress: it seems to me that the
maps that write layer 3 markings (IPP and DSCP) are ingress maps, and the
maps that write layer 2 CoS are outbound maps.

The 3550 permits outbound policing policies that could rewrite dscp, but the
3560 permits no outbound policies at all.

Hope that helps (some)

Bob Sinclair
CCIE 10427 CCSI 30427
www.netmasterclass.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Eli
Kosharovsky
Sent: Monday, January 15, 2007 4:14 PM
To: ccielab@groupstudy.com
Subject: 3550&3560 QoS

Hi,

After spending the last day, trying to understand how Classification&Marking
on 3550&3560 switches work, I still miss some peaces in the puzzle, if
someone could help a bit this would be highly appreciated:

From what I could understand DSCP-mutation maps are applied at ingress
traffic in the case of 3550 ( 10/100 ports) are shared in groups of ports
1-12 13-24. But you can also achieve the same effect of remarking packets
using the MQC:
Class EF
  match ip dscp 46
!
Policy-map in
Class ef
  set ip dscp 0
!

Interface fa0/1
Mls qos trust dscp
Service policy input in

The configuration displayed above supposed to mark down EF packets to DSCP
0. this is done in a per port configuration and will not influence fa0/2 for
instance.

The same configuration using DSCP-mutation will look like this:

mls qos map dscp-mutation Prec0 46 to 0
!
Interface fa0/1
Mls qos trust dscp
mls qos dscp-mutation Prec0

But in this case this configuration will be applied to ports 1-12. Which
will make this method much less flexible.
What is the deal, is it really the same, or there differences I am not aware
off.

==========

The second thing I cant figure out is at which point the remarking takes
place ingress or egress. On a router I am completely flexible, I can do
pretty much everything on every port, but seems with switches this is not
the case, If I understand correctly most of the manipulation of the packet
is done at ingress, the egress takes care of queuing.
Meaning all the marking has to be done at ingress - is that really so ?

==========
That's it for now,
Thx in advance for you help

Eli

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART