Re: mlq qos vlan-based Q? from Marko Milivojevic on 2010-02-02 (Ccielab archives /201002)

From: Marko Milivojevic <markom_at_ipexpert.com>
Date: Tue, 2 Feb 2010 19:41:19 +0000

On Tue, Feb 2, 2010 at 18:05, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
> Hello,
>
> one question about mls qos on 3560, just to make sure that I've understood.
> Diagram:
>
> R1-----------------------SW1-----------trunk-----------------SW2---------------R2
> R3-----------------------SW1-----------trunk-----------------SW2---------------R4
>
> R1 and R2 are in VLAN 12, R3 and R4 are in VLAN 34. SW1 is routing
> between VLANs via SVI interfaces configured for each VLAN.
> Traffic in VLAN 12 should be mapped with ip prec 3, and traffic from
> VLAN 34 with ip prec 4.
> On SW1 I configured policy-map under interface vlan 12 (inbound) which
> should mark packets according to task. Same thing for interface vlan
> 34. On the same switch I put mls qos vlan-based on trunk ports.
> When I ping from R1 to R2 packets are NOT marked. When I ping from R2
> to R1, packets are marked correctly.
> Is the reason for that mls qos vlan-based command under trunk
> interface? I mean, does it work only when traffic is going INBOUND
> into physical interface? Actual marking is done on physical int or on
> SVI int? Obviously interVLAN traffic is coming IN SVI interface on
> SW1, but traffic still isn't marked with correct ip prec value.

You are right in so many ways here, especially so in being confused.
Per-VLAN QoS on all Cisco switches works differently. While certainly
not the most creative use of SVI interfaces*, it is one that may
confuse people who see it for the first time.

So... while you are indeed applying service-policy inbound on the SVI,
this is actually processed "on the physical interface", i.e. on all
interfaces that have that VLAN and have VLAN-based QoS enabled. Those
interfaces that do not have this feature applied, will not be
processed.

So, when your R1 sends the traffic and it hits the switch, since you
don't have per-V:AN QoS enabled on that port, it is simply switched
where it needs to go. Traffic form R2 is "caught" by per-VLAN QoS and
passed on to the appropriate service-policy.

[*] Really mind-blowing one is 6500/7600 and IGMP snooping. For
example, if you want to disable IGMP snooping on a VLAN, you do it
under SVI. It is recommended to have SVI in shutdown if it's not
used... yet, the snooping is disabled. This took TAC engineer and me
quite some time to digest. He actually needed to call development team
to confirm.

--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert
Mailto: markom_at_ipexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Community: http://www.ipexpert.com/communities
Blogs and organic groups at http://www.ccie.net

Received on Tue Feb 02 2010 - 19:41:19 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART