Cisco ASR 900 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. ASR 900 Series
  6. Configuration manual

Cisco ASR 900 Series Configuration Manual

Aggregation services router qos: policing and shaping configuration guide, cisco ios xe release 3s
Hide thumbs Also See for ASR 900 Series:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Manual
QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release
3S (Cisco ASR 900 Series)
First Published: 2011-11-03
Last Modified: 2014-03-01
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 900 Series

Summary of Contents for Cisco ASR 900 Series

  • Page 1 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series) First Published: 2011-11-03 Last Modified: 2014-03-01 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
  • Page 2 Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

  • Page 3: Table Of Contents

    How to Configure Punt Policing and Monitoring Configuring Punt Policing Verifying Punt Policing Verifying Punt Policing Statistics Configuration Examples for Punt Policing and Monitoring Example: Configuring Punt Policing QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 4 Input Rate-Limiting and Silent Mode Operation How to Use Control Plane Policing Defining Control Plane Services Verifying Control Plane Services Configuring Control Plane Policing to Mitigate Denial-of-Service Attacks QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 5 Contents Configuration Examples for Control Plane Policing Example: Configuring Control Plane Policing on Input Telnet Traffic Additional References QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 6 Contents QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 7: Class-Based Policing

    The Class-Based Policing feature performs the following functions: • Limits the input or output transmission rate of a class of traffic based on user-defined criteria. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 8: Benefits Of Class-Based Policing

    Restrictions for Class-Based Policing Restrictions for the Cisco ASR 900 Router • Hierarchical policing (policing at both parent level and child level) is not supported. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 9: How To Configure Class-Based Policing

    Command or Action Purpose Step 1 Enables higher privilege levels, such as privileged EXEC mode. enable • Enter your password if prompted. Example: Router> enable QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 10 Configures traffic policing according to burst sizes and any optional conform-action action exceed-action action actions specified. violate-action action Example: Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action set-qos-transmit 1 violate-action drop QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 11: Monitoring And Maintaining Traffic Policing

    EXEC mode. Example: Router(config-if)# end Monitoring and Maintaining Traffic Policing SUMMARY STEPS 1. enable 2. show policy-map 3. show policy-map policy-map-name 4. show policy-map interface QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 12: Verifying Class-Based Traffic Policing

    4. show policy-map interface type interface service instance service-instance number 5. exit DETAILED STEPS Command or Action Purpose Step 1 enable Enables privileged EXEC mode. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 13: Troubleshooting Tips

    0 bps, exceed 0 bps, violate 0 bps Troubleshooting Tips Check the interface type. Verify that class-based policing is supported on your interface. . QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 14: Configuration Examples For Class-Based Policing

    Because enough bytes are available in the exceed token bucket, the exceed action (set the QoS transmit value of 1) is taken, and 900 bytes are taken from the exceed bucket (leaving 100 bytes in the exceed token bucket). QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 15: Verifying Class-Based Traffic Policing

    3 Marker statistics: Disabled Class-map: class-default (match-any) 346462 packets, 28014400 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 16: Additional References

    Traffic marking “Marking Network Traffic” module Traffic policing “Traffic Policing” module Traffic policing and shaping concepts and overview “Policing and Shaping Overview” information QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 17 Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 18: Feature Information For Class-Based Policing

    ASR 903 Router. In Cisco IOS XE Release 3.16, support was added for the Cisco ASR 900 RSP3 Module. The following command was introduced or modified: police. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 19: Punt Policing And Monitoring

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 20: Information About Punt Policing And Monitoring

    Perform this task to specify the maximum punt rate on the specified queue. SUMMARY STEPS 1. enable 2. configure terminal 3. platform qos-policer queue queue-id cir 4. end QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 21: Verifying Punt Policing

    MCAST HIGH PRI Q | 1000 | 2000 RPF FAIL Q | 500 | 1000 ROUTING THROTTLE Q | 500 | 1000 MCAST Q | 500 | 1000 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 22 Use the show platform hardware qfp active statistics drop to display the output after adding the drop cause: Device# show platform hardware qfp active statistics drop --------------------------------------------------------------------- Global Drop Stats Packets Octets --------------------------------------------------------------------- PuntPerIntfPolicerDrops 274166 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 23: Configuration Examples For Punt Policing And Monitoring

    Cisco IOS Quality of Service Solutions Command command modes, command history, defaults, usage Reference guidelines, and examples Traffic marking “Marking Network Traffic” module Traffic policing “Traffic Policing” module QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 24 Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 25: Feature Information For Punt Policing And Monitoring

    For Cisco IOS XE Release 3.5S, this feature was implemented on Cisco ASR 903 Router. The following command was introduced: platform punt-police queue QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 26 Punt Policing and Monitoring Feature Information for Punt Policing and Monitoring QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 27: Port-Shaper And Llq In The Presence Of Efps

    • If you configure a class-based HQOS or LLQ policy on the port, you cannot configure service-policies on Ethernet Flow Points (EFPs). The only exception to this is the class-default shaper policy and match EFP policy. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 28: Information About Port-Shaper And Llq In The Presence Of Efps

    To configure hierarchical policy maps, you create child policies which you then attach to a parent policy. The parent policy is then attached to an interface. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 29 (Optional) Sets the Layer 2 class of service (CoS) value of an outgoing packet. Example: • The value is a specific IEEE 802.1Q CoS value from 0 to 7. Device(config-pmap-c)# set cos 5 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 30 Applies the child policy to the parent class-default class. • child-llq is the name of the child policy map configured in step Example: Device(config-pmap-c)# service-policy child-llq QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 31: Configuring Class-Default Port-Shaper Policy Maps

    QoS policy-map class configuration mode. Example: • You can configure only the class-default class in a parent policy. Do not configure any other traffic class. Device(config-pmap)# class class-default QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 32: Configuring Port-Shaper Policy Maps

    Example: Device# configure terminal Step 3 policy-map policy-map-name Creates or modifies the child policy and enters QoS policy-map configuration mode. Example: Device(config)# policy-map def QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 33: Configuring An Llq Policy Map

    8. shape average value 9. exit 10. class class-map-name 11. bandwidth percent 12. exit DETAILED STEPS Command or Action Purpose Step 1 Enables privileged EXEC mode. enable QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 34 Configures a shape entity with a Comitted Information Rate of 200 Mb/s. Example: Device(config-pmap-c)# shape average 200000000 Step 9 exit Exits QoS policy-map class configuration mode. Example: Device(config-pmap-c)# exit QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 35: Configuring Port Level Shaping On The Main Interface With Ethernet Flow Points

    8. encapsulation dot1q vlan-id 9. bridge-domain bridge-domain-id 10. exit 11. service instance id ethernet 12. encapsulation dot1q vlan-id 13. bridge-domain bridge-domain-id 14. exit 15. end QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 36 Step 8 encapsulation dot1q vlan-id Defines the matching criteria to map 802.1Q frames' ingress on an interface to the service instance. Example: Device(config-if-srv)# encapsulation dot1q QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 37 Device(config-if-srv)# bridge-domain 101 Step 14 exit Exits QoS policy-map class configuration mode. Example: Device(config-if-srv)# exit Step 15 (Optional) Exits interface configuration mode. Example: Device(config-if)# end QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 38: Configuration Examples For Port-Shaper And Llq In The Presence Of Efps

    EFP can have the HQOS policies. policy-map co12 class class-default shape average 50m policy-map def class class-default shape average 500m service-policy co12 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 39: Example: Configuring Port Level Shaping On The Main Interface With Efps

    QoS Congestion Management Configuration Guide Standards and RFCs Standard Title No new or modified standards are supported, and support for existing standards has not been modified. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 40: Feature Information For Port-Shaper And Llq In The Presence Of Efps

    LLQ and traffic prioritization across all EFPs on a port. In Cisco IOS XE Release 3.6S, support was added for the Cisco ASR 903 router. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 41 Port-Shaper and LLQ in the Presence of EFPs Feature Information for Port-Shaper and LLQ in the Presence of EFPs QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 42 Port-Shaper and LLQ in the Presence of EFPs Feature Information for Port-Shaper and LLQ in the Presence of EFPs QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 43: Control Plane Policing

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 44: Restrictions For Control Plane Policing

    Configuring the Control Plane Policing feature on your Cisco router or switch provides the following benefits: • Protection against DoS attacks at infrastructure routers and switches • QoS control for packets that are destined to the control plane of Cisco routers or switches • Ease of configuration for control plane policies •...

  • Page 45: Control Plane Policing Overview

    RP, so all traffic through the control plane interface to or from the control-plane is not subject to the CoPP function performed by the forwarding plane. Supported Protocols The following table lists the protocols supported on Control Plane Policing feature. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 46 169.223.253.1 eq tacacs permit tcp 169.223.252.0 0.0.3.255 eq tacacs host 169.223.253.1 permit udp 169.223.252.0 0.0.3.255 host 169.223.253.1 eq tacacs permit udp 169.223.252.0 0.0.3.255 eq tacacs host 169.223.253.1 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 47 [remote vty mgmt subnet] 0.0.0.255 eq 22 any ICMP - Internet Control Protocol Match access-list 110 permit NQ_CPU_HOST_Q Message Protocol icmp any 169.223.253.1 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 48 IP/Port Match permit tcp any any eq 646 NQ_CPU_CFM_Q Protocol permit tcp any eq 646 any permit udp any any eq permit udp any eq 646 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 49 0.0.1.255 any eq 1813 HSRP - Hot Standby IP/Port Match permit udp any NQ_CPU_HOST_Q Router Protocol 224.0.0.0/24 eq 1985 permit udp any eq 1985 224.0.0.0/24 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 50: Input Rate-Limiting And Silent Mode Operation

    Rate-limiting (policing) of input traffic from the control plane is performed in silent mode. In silent mode, a router that is running Cisco IOS XE software operates without receiving any system messages. If a packet that is entering the control plane is discarded for input policing, you do not receive an error message.

  • Page 51: Verifying Control Plane Services

    [all] [input Displays information about the control plane. [class class-name]] • all—(Optional) Displays service policy information about all QoS policies used on the CP. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 52: Configuring Control Plane Policing To Mitigate Denial-Of-Service Attacks

    5 minute offered rate 0 bps, drop rate 0 bps Match:any Configuring Control Plane Policing to Mitigate Denial-of-Service Attacks Apply control plane policing (CoPP) to ICMP packets to mitigate denial of service (DoS) attacks. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 53 Configures an access list for filtering frames by protocol type. | host {address | name}} {any | host {address | name}} Example: Device(config)# access-list 110 permit icmp any 169.223.253.1 QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 54 (K, M, G). Decimal point is allowed. • bc burst-bytes—(Optional) Specifies the conformed burst (bc) or the number of acceptable burst bytes. The range is 8000 to 16000000. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 55 Exits control plane configuration mode and returns to global configuration mode. Example: Device(config-cp)# exit Step 17 exit Exits global configuration mode returns to privileged EXEC mode. Example: Device(config)# exit QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

  • Page 56: Configuration Examples For Control Plane Policing

    Document Title Cisco IOS commands https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ mcl/allreleasemcl/all-book.html Standards and RFCs Standard/RFC Title No specific Standards and RFCs are supported by the — features in this document. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 57 Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)
  • Page 58 Control Plane Policing Additional References QoS: Policing and Shaping Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series)

Table of Contents