Nested Policy-map

Policy-maps do indeed have the ability to be nested inside other policy maps. When we engage in this nesting behavior, we refer to the policy as a hierarchical policy. This is typically done to configure multiple treatments to QoS. For example – we might want to traffic-shape all traffic to 3 MB; and then inside that 3 MB shaped traffic, guarantee Web traffic at least 1 MB of bandwidth.

Remember, we use a service-policy (normally done with interfaces) to  assign the QoS policies that we define inside the policy-map.

With the nesting of policy maps, there are some restrictions that you should be aware of. For example:

  • The set command is not supported on the child policy
  • The priority command can be used in either the parent or the child policy, but not both
  • The fair-queue command cannot be used in the parent

Here is an example of nesting policy maps:

Verifying your policy-map, is very simple thanks to the following show commands:

show policy-map
show policy-map interface int_name
Share this!

QoS Misc. 1 Q/A

How to block using QoS matching DNS name, while allowing the web access to the host like

How to read the output of CoS-DSCP map

d1 is digit-one of the dscp, d2 is digit-two of the dscp. The intersection of the two digits gives the cos value for that particular dscp value.
e.g. for dscp 46, we can see the cos value is 05, while dscp 48 has cos 06 and dscp 64 is not shown as it is invalid.

Priority Queuing

Q: When I set priority-list 1 queue-limit 5 45 66 80 (I am setting the priority queue to 5 packets) I would think I would want this to be my highest #. In short I don’t think I understand this concept. If I set the priority queue to 80, then my priority traffic could accept 80 packets before it moves to the next queue. I would think this would be a good thing. I am sure I am not seeing this the right way.  Can somebody explain please?

A: The queue-limit is simply how many packets each queue will hold. That is, the size of the queue.
With priority queuing, the scheduler will always try to empty the higher queues first before moving to the next-highest.
Ex. empty the high queue first, then medium queue, then normal queue and then finally low queue.
That’s why texts often mention the possibility of queue starvation.
When you have congestion on the interface, (which is the only situation you would engage the software queues) you would want your high priority traffic sent first.
You can set the limit (size) to whatever you want, but if you classify your traffic incorrectly, or rather too “loose”, putting too much into the high priority queue, you would end up servicing this queue all the time.
Tail drop should occur when you can’t “buffer” any more data, yes.
PQ is a double edged sword in my opinion.

Share this!

SVI Policy Configuration

Here are the main points to keep in mind:

  • The configuration requires a nested policy-map
  • The policy-map applied to the SVI references another policy map that actually does the policing
  • Do not forget to enable vlan-based QoS on the appropriate range of ports
  • In the parent policy-map, you must perform some action (besides calling another policy map)

In order to configure policing on a Switched Virtual Interface (SVI or VLAN interface), here is a sample configuration:

Notice we set the DSCP value in the parent policy map in order to  meet the requirement of “performing some action!” Also remember, both of the sample configurations above require mls qos configured globally on the device.

Share this!