OK so let me summarize the facts based on your (and my own) practical modeling:
1) Catalyst QoS implementation by default maintains uniform L3 and L2
marking, using the global mapping tables.
This feature could be disabled using QoS pass-through in the 3550 or
by disabling DSCP rewrite in the 3560.
2) Policing markdown is DSCP-based in both models. CoS value is always
modified according to the mapping tables.
This behavior could not be changed in the 3560. In the 3550 you can
set CoS in parallel with trusting DSCP using
the "mls qos cos policy-map" feature.
3) For non-IP packets, DSCP markdown is still in effect, by the virtue
of the same mapping tables.
Lastly, anyone who has access to our IEWB-RS VOL1 v5.0 QoS section may
find the extensive set of practical verifications
of the above statements. However, the stuff that Bryan and Nowy1981
have posted should be pretty self-explanatory.
-- Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice) petr_at_INE.com Internetwork Expert, Inc. http://www.INE.com Toll Free: 877-224-8987 Outside US: 775-826-4344 2009/5/3 nowy1981 <freemaxis_at_gmail.com>: > Thanks all for answers. > I've done some tests too and this is my results (of course it;s 3550). > > In the following configuration switch will not remark DSCP, but will > remark the COS field based on the default map dscp-cos when it sends > over trunk up to the next switch > > mls qos > int fa0/1 > mls qos trust dscp > > > > In the following configuration switch will not remark COS, but will > remark the DSCP field based on the default map cos-dscp when it sends > over trunk up to the next switch > > mls qos > int fa0/1 > mls qos trust cos > > > if you add mls qos trust dscp pass-through cos or mls qos trust cos > pass-through dscp to the mls qos trust switch will not remark field that > is trusted neither field that must pass-through > > > In following example switch will remark DSCP field to 24 if packets > crossed the 64 bits per sec and remark the COS based on the default map > (based on the new DSCP 24 to COS 3) > > mls qos > > class-map match-all ICMP > match access-group 100 > ! > mls qos map policed-dscp 46 to 24 > ! > policy-map POLICE > class ICMP > police 64000 8000 exceed-action policed-dscp-transmit > trust dscp > > > In following example switch will remark DSCP field to 24 if packets > crossed the 64 bits per sec but will not touch the COS field. > COS will be marked based on the policy-map set cos to 4 (mls qos cos > policy-map is required to set the COS field in the policy-map). > > > mls qos map policed-dscp 46 to 24 > mls qos cos policy-map > mls qos > ! > class-map match-all ICMP > match access-group 100 > ! > policy-map POLICE > class ICMP > police 64000 8000 exceed-action policed-dscp-transmit > trust dscp > set cos 4 > > > If you have any doubts please let me know. > > Bryan Bartik pisze: >> >> Actually I don't need a capture. I can track COS markings with a policy >> map. I configured SW2-R2 as a trunk. Here is R2's config now: >> >> class-map match-all COS5 >> match cos 5 >> ! >> policy-map TRACK-COS >> class COS5 >> ! >> interface Ethernet0/0.12 >> encapsulation dot1Q 12 >> ip address 192.168.0.2 255.255.255.0 >> no snmp trap link-status >> service-policy input TRACK-COS >> >> R1#ping 192.168.0.2 re 100 >> >> Type escape sequence to abort. >> Sending 100, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: >> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >> !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! >> Success rate is 100 percent (100/100), round-trip min/avg/max = 1/3/4 ms >> R1# >> >> R2#sho policy-map interface >> Ethernet0/0.12 >> >> Service-policy input: TRACK-COS >> >> Class-map: COS5 (match-all) >> 110 packets, 12980 bytes >> 30 second offered rate 0 bps >> Match: cos 5 >> >> Class-map: class-default (match-any) >> 0 packets, 0 bytes >> 30 second offered rate 0 bps, drop rate 0 bps >> Match: any >> >> I am still using the default mappings. >> >> Bryan Bartik >> CCIE #23707, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> On Sat, May 2, 2009 at 9:46 PM, Bryan Bartik <bbartik_at_ipexpert.com >> <mailto:bbartik_at_ipexpert.com>> wrote: >> >> Here is my results. Please let me know if I am missing something, >> this was a rather hastily put together test, but as you can see I >> did not configure mappings. Only the default exists. >> >> [R1] e0/0 ------ f0/1 [SW1] ------ [SW2] f0/2 ------ e0/0 [R2] >> >> R1 and R2 are on vlan 12, subnet 192.168.0.0/24 >> <http://192.168.0.0/24>. Switches are 3560s and at DEFAULT. Here is >> what I configure, from the start: >> >> On SW1: >> >> Switch>en >> Switch#conf t >> Enter configuration commands, one per line. End with CNTL/Z. >> Switch(config)#host SW1 >> SW1(config)#int f0/13 >> SW1(config-if)#sw tr e dot >> SW1(config-if)#sw mo tr >> SW1(config-if)#int f0/1 >> SW1(config-if)#sw mo a >> SW1(config-if)#sw ac v 12 >> % Access VLAN does not exist. Creating vlan 12 >> SW1(config-if)#mls qos >> SW1(config)#int f0/1 >> SW1(config-if)#mls qos trust dscp >> >> On SW2: >> >> Switch>en >> Switch#conf t >> Enter configuration commands, one per line. End with CNTL/Z. >> Switch(config)#host SW2 >> SW2(config)#int f0/2 >> SW2(config-if)#sw mo a >> SW2(config-if)#sw ac vlan 12 >> % Access VLAN does not exist. Creating vlan 12 >> SW2(config-if)#int rang f0/14 - 24 >> SW2(config-if-range)#shut >> SW2(config-if-range)#int f0/13 >> % Command exited out of interface range and its sub-modes. >> Not executing the command for second and later interfaces >> SW2(config-if)#sw t e d >> SW2(config-if)#sw mo tr >> SW2(config-if)#monito sess 1 sou int f0/13 >> SW2(config)#monito sess 1 des int f0/12 enca replicate >> >> On R1: >> >> R1(config)#policy-map SET-DSCP >> R1(config-pmap)#class class-default >> R1(config-pmap-c)#set dscp 46 >> R1(config-pmap-c)#int e0/0 >> R1(config-if)#service-policy output SET-DSCP >> >> Now I have both routers on VLAN 12 with a trunk between the two >> switches. SW1 has mls qos configured, SW2 does not so it leaves the >> marking alone. On port f0/12 I have a PC with wireshark. When I send >> pings from R1 to R2 they have DSCP 46. When the packets reach SW2 >> over the trunk they have DSCP46 and COS 5. SW1 set this without any >> mappings configured. The mappings are default. >> >> SW1#sho mls qos map dscp-co >> Dscp-cos map: >> d1 : d2 0 1 2 3 4 5 6 7 8 9 >> --------------------------------------- >> 0 : 00 00 00 00 00 00 00 00 01 01 >> 1 : 01 01 01 01 01 01 02 02 02 02 >> 2 : 02 02 02 02 03 03 03 03 03 03 >> 3 : 03 03 04 04 04 04 04 04 04 04 >> 4 : 05 05 05 05 05 05 05 05 06 06 >> 5 : 06 06 06 06 06 06 07 07 07 07 >> 6 : 07 07 07 07 >> SW1# >> >> If you want the packet capture, I can unicast it to you. I don't >> think the list accepts attachments. >> >> >> Bryan Bartik >> CCIE #23707, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> On Sat, May 2, 2009 at 9:36 PM, Narbik Kocharians <narbikk_at_gmail.com >> <mailto:narbikk_at_gmail.com>> wrote: >> >> It will NOT happen by just entering mls qos trust dscp. You need >> to configure the map manually. >> >> >> On Sat, May 2, 2009 at 8:25 PM, Bryan Bartik >> <bbartik_at_ipexpert.com <mailto:bbartik_at_ipexpert.com>> wrote: >> >> Narbik, >> >> What do you mean "unless you change the mapping." There are >> default maps that will make the COS when you trust DSCP. I >> have tried it! :-) >> >> >> Bryan Bartik >> CCIE #23707, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com <http://www.ipexpert.com/> >> >> On Sat, May 2, 2009 at 8:06 PM, Narbik Kocharians >> <narbikk_at_gmail.com <mailto:narbikk_at_gmail.com>> wrote: >> >> *if I have interface with just mls qos trust dscp, if >> port receives packet >> >> with for example DSCP 46, does it remark also COS field >> when it sends packet >> to anoter switch over trunk.* >> *NO,* it does NOT, when you enter "mls qos trust dscp", >> it ONLY trusts the >> DSCP value and it has NOTHING to do with CoS. UNLESS YOU >> change the mapping. >> That was your question and this is your answer. If in >> doubt, please try it, >> IOS WILL ALWAYS TELL YOU THE TRUTH. >> >> *Does mls qos map policed-dscp remark DSCP and COS field >> or just DSCP?* >> >> *NO,* it does NOT touch COS field at all. Unless its >> configured to do so. >> >> This is without twisting word around. >> On Sat, May 2, 2009 at 1:40 PM, Petr Lapukhov >> <petr_at_internetworkexpert.com >> <mailto:petr_at_internetworkexpert.com>>wrote: >> >> > Hi, >> > >> > In general, Catalyst switches implement "synchronous" >> marking logic: >> > i.e. all potential >> > QoS labels (L3,L2) are kept synchronized using the >> DSCP-to-CoS, >> > CoS-to-DSCP and IP Prec-to-CoS >> > global mapping tables. This is pretty natural if you >> think of >> > "uniform" QoS marking model. >> > In some cases it is possible to modify just one QoS >> marking point, >> > keeping the other intact. >> > >> > See below for more details. >> > >> > > Does mls qos map policed-dscp remark DSCP and COS >> field or just DSCP? >> > >> > Yes, CoS is modified according to the DSCP-to-CoS >> mapping table (in >> > both 3550 and 3560). >> > You may avoid CoS modification while policing in the >> 3550 model by >> > using the configuration >> > similar to the following: >> > >> > mls qos cos policy-map >> > ! >> > policy-map POLICE_INBOUND >> > class ICMP >> > trust dscp >> > set cos 2 >> > police 64000 16000 exceed-action policed-dscp-transmit >> > >> > Here you trust DSCP values and set CoS at the same >> time. Setting CoS >> > directly in policy-map in only >> > possible in the 3550 model when enabled by the >> special global-mode >> > command. The 3560 does >> > not provide such flexibility, and most of the time it >> is not needed. >> > >> > > if I have interface with just mls qos trust dscp, >> if port receives packet >> > > with for example DSCP 46, does it remark also COS >> field when it sends >> > packet >> > > to anoter switch over trunk. >> > >> > Yes, by default CoS is modified according to the DSCP >> to CoS mapping table. >> > In the 3550 model you may avoid this behavior by >> enabling special CoS >> > pass-thru mode: >> > >> > interface FastEthernet 0/4 >> > mls qos trust dscp pass-through cos >> > >> > (there is symmetric DSCP pass-thru mode, configured >> using the command >> > "mls qos trust cos pass-through dscp") >> > >> > In the 3560 model, it is not possible to disable CoS >> rewrite. More >> > than that, you have to set >> > CoS values for non-IP packets by using the "set dscp" >> command, as there is >> > no "set cos" commad. Still, you can disable DSCP >> rewriting while trusting >> > CoS >> > (mls qos trust cos) by entering the global command >> "no mls qos rewrite ip >> > dscp" >> > >> > HTH, >> > -- >> > Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice) >> > petr_at_INE.com >> > >> > Internetwork Expert, Inc. >> > http://www.INE.com <http://www.ine.com/> >> <http://www.ine.com/> >> >> > Toll Free: 877-224-8987 >> > Outside US: 775-826-4344 >> > >> > > >> > > >> > > Blogs and organic groups at http://www.ccie.net >> <http://www.ccie.net/> >> > > >> > > >> >> _______________________________________________________________________ >> > > Subscription information may be found at: >> > > http://www.groupstudy.com/list/CCIELab.html >> > >> > >> > Blogs and organic groups at http://www.ccie.net >> <http://www.ccie.net/> >> > >> > >> >> _______________________________________________________________________ >> > Subscription information may be found at: >> > http://www.groupstudy.com/list/CCIELab.html >> > >> > >> > >> > >> > >> > >> > >> > >> >> >> -- >> Narbik Kocharians >> CCSI#30832, CCIE# 12410 (R&S, SP, Security) >> www.MicronicsTraining.com >> <http://www.micronicstraining.com/> >> www.Net-Workbooks.com <http://www.net-workbooks.com/> >> Sr. Technical Instructor >> >> >> Blogs and organic groups at http://www.ccie.net >> <http://www.ccie.net/> >> >> >> _______________________________________________________________________ >> Subscription information may be found at: >> http://www.groupstudy.com/list/CCIELab.html >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> -- Narbik Kocharians >> CCSI#30832, CCIE# 12410 (R&S, SP, Security) >> www.MicronicsTraining.com <http://www.MicronicsTraining.com> >> www.Net-Workbooks.com <http://www.Net-Workbooks.com> >> Sr. Technical Instructor >> >> >> >> >> -- Bryan Bartik >> CCIE #23707, CCNP >> Sr. Support Engineer - IPexpert, Inc. >> URL: http://www.IPexpert.com >> >> >> >> >> -- > > > Blogs and organic groups at http://www.ccie.net > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html Blogs and organic groups at http://www.ccie.netReceived on Sun May 03 2009 - 13:05:16 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART