Quality of Service: Managing bandwidth effectively > Creating QoS Policy

  

 next

Creating QoS Policy

Configuring QoS globally

To globally configure a QoS policy on the switch, follow these steps:

  1. Determine the global QoS policy to implement on the switch by analyzing the types of traffic flowing through the network and identifying one or more traffic types to prioritize. The order of precedence in which global QoS classifiers are applied, from a (highest) to h (lowest), is as follows:

    1. TCP/UDP applications.

    2. Device priority—IP source or destination address. Destination has precedence over source.

    3. IP precedence bit set (leftmost three bits in the ToS/Traffic Class field of IP packets).

    4. IP differentiated services bit set (leftmost six bits in the ToS/Traffic Class field of IP packets).

    5. Layer-3 protocol.

    6. VLAN ID. At least one tagged VLAN is required on the network.

    7. Source port.

    8. Incoming 802.1p priority (requires at least one tagged VLAN on the network).

      Default: In a tagged VLAN environment, the incoming 802.1p priority is used as the default QoS classifier if no global QoS classifier with a higher precedence matches.

  2. Select the global QoS classifier to use. The following table shows the types of QoS marking (802.1p priority or DSCP codepoint) supported by each global QoS classifier.

    QoS marking supported by global QoS classifiers

    Global QoS classifiers Type of QoS marking used to prioritize outbound traffic
    802.1p Priority[1] only DSCP policy [2]– DSCP codepoint with 802.1p priority
    UDP/TCP Supported Supported
    IP Device Supported Supported
    IP Precedence Supported[3] Not Supported
    IP DiffServ Supported Supported
    L3 Protocol Supported Not Supported
    VLAN ID Supported Supported
    Source Port Supported Supported

    [1] When you configure only the 802.1p priority to mark packets that match a global QoS classifier, the selected traffic is prioritized and sent to the corresponding outbound port queue on the switch. VLAN-tagged ports are necessary to carry the 802.1p priority in a packet header to downstream devices.

    [2] When you configure a DSCP policy to mark packets that match a global QoS classifier, the selected traffic is also prioritized according to the associated 802.1p priority and sent to the corresponding outbound port queue on the switch. VLAN-tagged ports carry the 802.1p priority in a packet header to downstream devices. In addition, you can configure downstream devices to read the DSCP value in IP packets and implement the service policy implied by the codepoint.

    [3] When using a global QoS IP Precedence classifier, the 802.1p priority is automatically assigned to matching packets based on the IP precedence bit set in the packet header.

  3. For 802.1p priority settings to be included in outbound packets, ensure that tagged VLANs are configured on the appropriate downstream links.

  4. Determine the global QoS policy required for each QoS-capable device in the network and configure the necessary settings.

    For downstream devices to recognize and use DSCP codepoints in IP packets sent from the switch, enable ToS (Type-of-Service) Differentiated Service mode on the devices and configure the appropriate DSCP policies. Note that certain DSCP policies have a default 802.1p priority automatically assigned.

Viewing a global QoS configuration

To display the existing switch-wide configurations for a global QoS classifier, use one of the following show qos commands.

Syntax:

show qos global-classifier

Options

tcp-udp-port-priority

Displays the current TCP/UDP port priority configuration.

device-priority

Displays the current device (IP address) priority configuration.

type-of-service

Displays the current type-of-service priority configuration. The display output differs according to the option used for IP Precedence.

protocol-priority

Displays the current protocol priority configuration.

vlan-priority

Displays the current VLAN priority configuration.

port-priority

Displays the current source-port priority configuration.

Creating a policy based on IP address

This procedure creates a DSCP policy for IP packets carrying the selected IP address (source or destination).

  1. Identify the IPv4 or IPv6 address to use as a classifier for assigning a DSCP policy.

  2. Determine the DSCP policy for packets carrying the selected IP address:

    1. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received from upstream devices.)

    2. Determine the 802.1p priority you want to assign to the DSCP.

  3. If necessary, use the qos dscp-map codepoint priority0 - 7 command to configure the DSCP policy (codepoint and associated 802.1p priority) that you want to use to mark matching packets.

    Prerequisite: A DSCP codepoint must have a preconfigured 802.1p priority (0 - 7) to use the codepoint to mark matching packets. If a codepoint shows No-override in the Priority column of the DSCP Policy table (show qos dscp-map command), first configure a priority for the codepoint before proceeding (qos dscp-map priority command).

    Syntax:

    qos dscp-map codepoint priority0 - 7

    Optional: this command is required only if an 802.1p priority is not already assigned to the specified codepointin the DSCP Policy table, see The default DSCP policy table.

    When the switch applies this policy to a packet, the priority determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. For IP packets, the DSCP will be replaced by the codepoint specified in this command.

    Default: No-override for most codepoints.

  4. Configure the switch to assign the DSCP policy to packets with the specified IP address or subnet mask.

    Syntax:

    qos device-priority [ ipv4-address | [ipv4 ipv4-address/mask-length]] dscpcodepoint

    qos device-priority [ ipv6-address | ipv6 ipv6-address/mask-length ]dscp codepoint

    Assigns a DSCP policy in packets with the specified IP address or subnet mask in the source or destination field in a packet header, where:

    • ipv4-address or ipv6-address is an IPv4 or IPv6 address used to match the source or destination address in packet headers.
      [NOTE: ]

      NOTE: An IPv6 local-link address (such as fe80::110:252%vlan20) that is automatically generated on a VLAN interface is not supported as an ipv6-address value.

    • [ipv4] ipv4-address/mask-length is the subnet identified by the IPv4 mask for the specified address that is used to match the IPv4 in the source or destination field of packet headers.

    • ipv6 ipv6-address/prefix-length is the subnet identified by the IPv6 prefix-length for the specified address that is used to match the IPv6 address in the source or destination field of packet headers.

      Enter the IPv4 mask or IPv6 prefix length with an address in CIDR format by using the number of significant bits (for example, 2001:db8:2:1:262:a03:e102:127/64 or 10.28.31.1/24).

    • dscp codepoint overwrites the DSCP codepoint in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets with the specified value.

      Valid values for the DSCP codepoint are as follows:

      • A binary value for the six-bit codepoint from 000000 to 111111.

      • A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set

      • An ASCII standard name for a binary DSCP bit set Enter ? to display the list of valid codepoint entries.

        The DSCP value you enter must be currently associated with an 802.1p priority in the DSCP Policy table (see Order of precedence for classifier-based QoS over global QoS ). The 802.1p priority and determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. The default DSCP codepoint is No-override. The DSCP codepoint is not overwritten in matching packets.

        The no form of the command deletes the specified IP address or subnet mask as a QoS classifier. If you configured a subnet mask as match criteria, you must enter the entire IP address and mask-length in the no command.

    Syntax:

    show qos device-priority

    Displays a listing of all IP addresses and subnet masks used as QoS classifiers currently in the running-config file.

Configuring QoS actions in a policy

In QoS policy-configuration mode, you define the actions to be applied to a pre-configured IPv4 or IPv6 traffic class when a packet matches the match criteria in the class. Note: Actions are not executed on packets that match ignore criteria. You can enter multiple action statements in a traffic class, including the default class.

The following commands are supported in a QoS policy configuration:

rate-limit

Configures the rate limit for matching packets.

ip-precedence

Configures (marks) the IP precedence bits in the ToS byte of IPv4 packet headers and Traffic Class byte of IPv6 headers.

dscp

Configures the DSCP bits in the IPv4 ToS byte and IPv6 Traffic Class byte of packet headers.

priority

Configures the 802.1p class of service (CoS) priority in Layer 2 frame headers.

For information on the difference between the DSCP bits and precedence bits in the ToS byte of an IPv4 header and the Traffic Class byte of an IPv6 header.

Context: Global configuration

Syntax:

[no] [seq-number ]class [ ipv4 | ipv6 ] classname actionqos-action [ action qosaction ...]

In a QoS policy configuration, the qos-action parameter can be any of the following commands:

Syntax

rate-limit kbps

Configures the maximum transmission rate for matching packets in a specified traffic class. All packets that exceed the configured limit are dropped.

The rate limit is specified in kilobits per second, where kbps is a value from 0 to 10000000.

Rate limiting usage

Rate limit values below 13 kbps may result in unpredictable rate limiting behavior. Configuring a rate limit of 0 (zero) kilobits on a port blocks all traffic on the port. If blocking all traffic is the desired behavior, HP recommends that you configure deny ACL instead configuring a rate limit of 0. A rate limit that you apply with a classifier-based policy overrides any globally-configured per-port rate limit on the selected packets.

For more information on per-port rate limiting, see the Management and Configuration Guide for your switch.

Rate limiting restrictions,

A rate limit is calculated on a per-module or per port-bank basis. If trunked ports or VLANs with a configured rate limit span multiple modules or port-banks, the configured rate limit is not guaranteed. A QoS policy that uses the class action rate-limit command is not supported on a port interface on which ICMP rate limiting has already been globally configured. To apply the QoS policy, you must first disable the ICMP rate limiting configuration. In cases where you want to maintain an ICMP rate limiting configuration, configure a class in which you specify the necessary match statements for ICMP traffic, and a QoS policy in which you configure the rate limit action for the class.

See the Multicast and Routing Guide for your switch for more information.

priority priority-value,

Configures the 802.1p class of service (CoS) bits in Layer 2 frames of matching packets in a specified traffic class. Valid CoS values range from 0 to 7. The 802.1p CoS value controls the outbound port-queue priority for traffic leaving the switch. In an 802.1Q VLAN network, downstream devices may honor or change the 802.1p priority in incoming packets. 802.1p priority settings and outbound queue assignment shows how the Layer 2 802.1p priority value determines to which outbound port queue a packet is sent both on the switch and on a downstream device. The 802.1p CoS numeric value (from 0 to 7) corresponds to the hexadecimal equivalent of the three binary 0 and 1 bit settings in the Layer 2 header. For example if the CoS bit values are 1 1 1, the numeric value is 7 (1+2+4). Similarly, if the CoS bits are 0 1 1, the numeric value is 3 (1+2+0).
[NOTE: ]

NOTE: If you want the 802.1p CoS priority settings included in outbound packets to be honored on downstream devices, configure tagged VLANs on the appropriate inbound and outbound ports.

ip-precedence precedence-value

Configures the IP precedence value in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets in a specified traffic class. Valid IP precedence values are either a numeric value from 0 (low priority) to 7 (high priority) or its corresponding name:

0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet (for internetwork control)
7 network (for network control)

802.1p priority settings and outbound queue assignment shows how the Layer 2 802.1p priority value determines to which outbound port queue a packet is sent.

IP precedence-to-802.1p priority mapping shows the 802.1p priority value (0 to 7) associated, by default, with each IP Precedence three-bit setting and automatically assigned by the switch to the Layer 2 header of matching packets.

dscp dscp-value,

Configures the DSCP codepoint in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets in a specified traffic class. Valid values for the DSCP codepoint are any of the following:

A binary eight-bit set (such as 100110 ).
A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set .
The ASCII standard name for a binary DSCP bit set:
af11 (001010) af42 (100100)
af12 (001100) af43 (100110)
af13 (001110) ef (101110)
af21 (010010) cs1 (001000) = precedence 1
af22 (010100) cs2 (010000) = precedence 2
af23 (010110) cs3 (011000) = precedence 3
af31 (011010) cs4 (100000) = precedence 4
af32 (011100) cs5 (101000) = precedence 5
af33 (011110) cs6 (110000) = precedence 6
af41 (100010) cs7 (111000) = precedence 7
default (000000)  

Prerequisite

The DSCP value you enter must already be configured with an 802.1p priority in the DSCP Policy table before you can use it to mark matching packets.
[NOTE: ]

NOTE: DSCP-802.1p Mapping: The 802.1p priority currently associated with each DSCP codepoint is stored in the DSCP Policy table (displayed with the show qos dscp-map command. Certain DSCP codepoints have 802.1p priorities assigned by default. The 802.1p priority mapped to a DSCP codepoint is automatically applied in matching packets whose codepoint is reset with the class action dscp command in a QoS policy.

Configuring a QoS policy for Voice over IP and Data traffic (Example)

Configuring Layer 2 802.1p CoS and Layer 3 DSCP values to prioritize how VoIP traffic from different phones is handled compared to data traffic:

Softphone traffic

DSCP 46; 802.1p CoS priority 6

Avaya phone traffic

DSCP 34; 802.1p CoS priority 3

Miscellaneous phone traffic

DSCP 26; 802.1p CoS priority 3

Data traffic

DSCP 000000; 802.1p CoS priority 0

The following QoS configuration creates and assigns a QoS policy to VLAN 1 that prioritizes VoIP and data traffic in this way:

A QoS policy for voice over IP and data traffic

A QoS policy for voice over IP and data traffic

Configuring a QoS policy for layer 4 TCP/UDP traffic (Example)

The following example shows how to configure a rate limiting policy for TCP/UDP application streams and apply the policy on all inbound switch ports.

HP Switch(config)#: class ipv4 http
HP Switch(config-class)#: match tcp any any eq 80
HP Switch(config-class)#: match tcp any any eq 443
HP Switch(config-class)#: match tcp any any eq 8080
HP Switch(config-class)#: exit
HP Switch(config)#: class ipv4 kazaa
HP Switch(config-class)#: match tcp any eq 1214 any
HP Switch(config-class)#: match tcp any any eq 1214
HP Switch(config-class)#: exit
HP Switch(config)#: class ipv4 gnutella
HP Switch(config-class)#: match tcp any range 6346 6347 any
HP Switch(config-class)#: match tcp any any range 6346 6347
HP Switch(config-class)#: match udp any range 6346 6347 any
HP Switch(config-class)#: match udp any any range 6346 6347
HP Switch(config-class)#: exit
HP Switch(config)#: policy qos PrioritizeSuspectTraffic
HP Switch(config-policy)#: class ipv4 http action rate-limit kbps 7000
HP Switch(config-policy)#: class ipv4 kazaa action rate-limit kbps 3500
HP Switch(config-policy)#: class ipv4 gnutella action rate-limit kbps 3500
HP Switch(config-policy)#: exit
HP Switch(config)#: interface all service-policy PrioritizeSuspectTraffic in

Configuring a QoS policy for subnet traffic (Example)

The next example shows how to configure a QoS policy that prioritizes inbound traffic sent to and received from a specified subnet (15.29.16.0/10) and TCP port range on VLAN 5.

A QoS policy for IPv4 and IPv6 subnet traffic on a VLAN interface

A QoS policy for IPv4 and IPv6 subnet traffic on a VLAN interface

Creating a policy based on source-port classifiers

Only one DSCP per source-port may be used to mark matching packets.

Configuring a new DSCP for a source-port automatically overwrites any previous DSCP or 802.1p priority configuration for that source-port classifier.

  1. Identify the source-port classifier to which you want to assign a DSCP policy.

  2. Determine the DSCP policy for packets having the selected source-port:

    1. Determine the DSCP you want to assign to the selected packets. (This codepoint will be used to overwrite the DSCP carried in packets received through the source-port from upstream devices.)

    2. Determine the 802.1p priority you want to assign to the DSCP.

  3. If necessary, use the qos dscp-map codepoint priority 0 - 7 command to configure the DSCP policy (codepoint and associated 802.1p priority) that you want to use to mark matching packets.
    [NOTE: ]

    NOTE: Prerequisite: A DSCP codepoint must have a preconfigured 802.1p priority (0 - 7) before you can use the codepoint to mark matching packets. If a codepoint you want to use shows No-override in the Priority column of the DSCP Policy table (show qos dscp-map command), you must first configure a priority for the codepoint before proceeding (qos dscp-map priority command ).

    Syntax:

    qos dscp-map codepoint priority 0 - 7

    This command is optional if a priority has already been assigned to the codepoint.

    The command creates a DSCP policy by assigning an 802.1p priority to a specific DSCP. When the switch applies this priority to a packet, the priority determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. For IP packets, the DSCP codepoint in the packet header is replaced by the codepoint specified in this command.

    Default: For most codepoints, No-override. See The default DSCP policy table.

  4. Configure the switch to assign the DSCP policy to packets from the specified source-port.

    Syntax:

    interface port-list qos dscp codepoint

    Assigns a DSCP policy to IP packets from the specified source-ports, and overwrites the DSCP in these packets with the assigned codepoint value.

    • A binary value for the six-bit codepoint from 000000 to 111111.

    • A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set

    • An ASCII standard name for a binary DSCP bit set.

      Enter ? to display the list of valid codepoint entries.

    Syntax:

    interface port-list qos dscp codepoint

    The DSCP policy includes an 802.1p priority and determines the packet's queue in the outbound port to which it is sent. If the packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device.

    Default: No-override

    Syntax:

    no interface [e] port-list qos

    Removes a QoS classifier for the specified source-ports.

    Syntax:

    show qos source-port

    Displays a listing of all source-port QoS classifiers currently in the running-config file.

    Assigning DSCP policies (codepoint and associated 802.1p priority) to matching packets

    Assigning DSCP policies (codepoint and associated 802.1p priority) to matching packets with the specified source-ports:

    Source-Port DSCP Priority
    A2 000111 7
    B1-B3 000101 5
    B4, C2 000010 1

    1. Determine if the DSCP codepoints that you want to use to mark matching packets already have an 802.1p priority assigned, which could indicate use by existing applications (show qos dscp-map command). This is not a problem as long as the configured priorities are acceptable for all applications using the same DSCP.

      Also, note that a DSCP must have an 802.1p priority configured before you can use it to mark matching packets. If necessary, use the qos dscp-map codepoint priority 0 - 7 command to configure the DSCP policy (codepoint and associated 802.1p priority) that you want to use to mark matching packets.

      Viewing the current DSCP-priority mapping in the DSCP policy table

      Viewing the current DSCP-priority mapping in the DSCP policy table

    2. Configure the priorities for the DSCPs that you want to use to mark matching packets.

      Assigning priorities to the specified DSCP codepoints

      Assigning priorities to the specified DSCP codepoints

    3. Assign the DSCP policies to the selected source-ports and display the result.

      Viewing global source-port classifier with DSCP-priority marking

      Viewing global source-port classifier with DSCP-priority marking

Assigning a priority for a global source-port classifier

This global QoS packet-marking option assigns a priority to all outbound packets having the specified source-port.

This option can be configured by either specifying the source-port ahead of the qos command or moving to the port context for the port you want to configure for priority. For configuring multiple source-ports with the same priority, it is easier to use the interface port-list command to go to the port context instead of individually configuring the priority for each port.

Syntax:

interface port-list qos priority 0 - 7

Configures an 802.1p priority for packets entering the switch through the specified (source) ports. This priority determines the packet queue in the outbound ports to which traffic is sent. If a packet leaves the switch on a tagged port, it carries the 802.1p priority with it to the next downstream device. You can configure one QoS classifier for each source-port or group of source-ports.

Default: No-override

Syntax:

no interface port-list

Disables use of the specified source-ports for QoS classifiers and resets the priority for the specified source-ports to No-override.

Syntax:

show qos port-priority

Lists the QoS port-priority classifiers with their priority data.

Prioritizing inbound traffic on source-ports

Prioritizing inbound traffic on the following source-ports:

Source-Port Priority
A1 - A3 2
A4 3
B1, B4 5
C1-C3 6

Enter the following commands to prioritize packets received from the specified source ports:

Configuring and Viewing source-port QoS priorities

Configuring and Viewing source-port QoS priorities

If you later decided to remove source-port A1 from QoS prioritization, you would enter the following command:

Returning a QoS-prioritized VLAN to "No-override" status

Returning a QoS-prioritized VLAN to "No-override" status

Changing the priority setting on a policy when classifiers are currently using the policy (Example)

Codepoint 000001 is in use by one or more global QoS policies. If you try to modify the priority currently associated with the codepoint, an error message similar to the following is displayed:

HP Switch(config)#: qos dscp-map 1 priority 2
Cannot modify DSCP Policy 1 - in use by other qos rules.

In this case, follow these steps to change the priority:

  1. Identify the global and classifier-based QoS policies that use the codepoint whose DSCP-priority mapping you want to change.

    Identifying the QoS policies that use a codepoint

    Identifying the QoS policies that use a codepoint

  2. Change each QoS configuration by assigning a different DSCP policy or a different 802.1p priority, or by removing the currently configured DSCP policy and restore the default No-override setting; for example:

    1. Delete the current DSCP policy used to mark matching packets for a global IP-device policy (no qos device-priority command) and reset the default priority mapping to No-override.

    2. Create a new DSCP policy to use when you reconfigure QoS policies to use the new codepoint-priority mapping.

    3. Configure a global QoS source-port policy to mark matching packets with the new DSCP policy.

    4. Assign the global QoS policy that matches udp-port 1260 packets to a different 802.1p priority.

      HP Switch(config)#: no qos device-priority 10.26.50.104
HP Switch(config)#: qos dscp-map 000100 priority 6 
HP Switch(config)#: int 3 qos dscp 000100
HP Switch(config)#: qos udp-port 1260 priority 2

  3. Reconfigure the desired priority for the 000001 codepoint.

    HP Switch(config)#: qos dscp-map 000001 priority 4

  4. Reconfigure QoS policies with the original codepoint (000001) to mark packets with the new DSCP-priority mapping, or leave QoS policies as currently configured from Step 2.

Notes on changing priority settings

If you try to modify the priority associated with a DSCP codepoint in a DSCP policy using the qos dscp-map priority command, and if the DSCP policy is currently used by one or more global QoS or classifier-based QoS policies, the following error message is displayed:

Cannot modify DSCP Policy codepoint - in use by other qos rules.

In this case, enter the following QoS show commands to identify in which global and classifier-based QoS configurations the DSCP policy is currently used:

show policy qos-policy

show qos tcp-udp-port-priority

show qos device-priority

show qos type-of-service

show qos protocol

show qos vlan

show qos port-priority

After determining the QoS configurations in which the DSCP-priority mapping is used, you can either delete a QoS configuration and reset the DSCP-priority mapping to No-override, or change either the 802.1p priority or the codepoint used in the QoS configuration.

Changing the priority of a codepoint

If codepoint 000001 is currently mapped to priority 6, and several global QoS policies use this codepoint to assign a priority to their respective types of matching traffic, you can change the priority associated with the codepoint using the following procedure.

  1. Identify the global and classifier-based QoS policies that use the codepoint.

  2. Do one of the following:

    1. Reconfigure each QoS policy by re-entering a different DSCP codepoint or a different 802.1p priority associated with the codepoint.

    2. Enter the no qos classifier or no policy qos-policy command to remove the current DSCP policy with codepoint 000001 and reset the priority to No-override.

  3. Use the qos dscp-map 000001 priority 0 - 7 command to remap DSCP 000001 to the desired priority.

  4. Do one of the following:

    1. Reconfigure codepoint 000001 in the QoS policies in which you want to use the new DSCP-priority mapping to mark matching packets.

    2. Leave a QoS policy in which you use DSCP 000001 to mark matching packets with the associated No-override priority mapping.

prev

 

up

 next

About QoS 

home

 VLAN-ID Classifiers

Copyright © 2015 Hewlett-Packard Development Company, L.P.