Cisco ASR 920 Series Configuration Manual
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Router
  5. ASR 920 series
  6. Configuration manual

Cisco ASR 920 Series Configuration Manual

Policing and shaping configuration guide
Hide thumbs Also See for ASR 920 Series:
Table of Contents

Advertisement

Quick Links

See also: Installation Manual
QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
First Published: 2014-07-29
Last Modified: 2014-11-22
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 920 Series

Summary of Contents for Cisco ASR 920 Series

  • Page 1 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series) First Published: 2014-07-29 Last Modified: 2014-11-22 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
  • Page 2 © 2017 Cisco Systems, Inc. All rights reserved.

  • Page 3: Table Of Contents

    How to Configure Punt Policing and Monitoring Configuring Punt Policing Verifying Punt Policing Verifying Queue-Based Punt Policing Verifying Punt Policing Statistics Configuration Examples for Punt Policing and Monitoring Example: Configuring Punt Policing Additional References QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 4 Configuring Control Plane Policing to Mitigate Denial-of-Service Attacks Configuration Examples for Control Plane Policing Example: Configuring Control Plane Policing on Input Telnet Traffic Additional References Feature Information for Control Plane Policing QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 5 Example Disallowing the Removal of an Active Color-Aware Class Map Example Dismantling a Configuration of the Hierarchical Color-Aware Policing Feature Example Applying show Command with Hierarchical Color-Aware Policing Additional References Feature Information for Hierarchical Color-Aware Policing QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 6 Contents QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 7: Class-Based Policing

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 8: Benefits

    • To use the set-clp-transmitaction available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter. For more information, see the documentation for your specific device. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 9: Prerequisites

    In order to use the Class-Based Policing feature, Cisco Express Forwarding must be configured on both the interface receiving the packet and the interface sending the packet. • On a Cisco ASR 920 Series router, Class-Based Policing cannot be applied to packets that originated from or are destined to a device.

  • Page 10: Verifying Traffic Policing

    Restrictions, on page 2 section of this module. • For input Class-Based Policing on a Cisco ASR 920 Series router, verify that CEF is configured on the interface where Class-Based Policing is configured. • For output Class-Based Policing on a Cisco ASR 920 Series router, ensure that the incoming traffic is CEF-switched.

  • Page 11: Configuration Examples

    Because enough bytes are available in the exceed token bucket, the exceed action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving 100 bytes in the exceed token bucket. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 12: Additional References

    MIBs has not been Cisco IOS XE software releases, and feature sets, use modified by this feature. Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 13: Feature Information For Class-Based Policing

    Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
  • Page 14 Class-Based Policing Feature Information for Class-Based Policing QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 15: Punt Policing And Monitoring

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 16: How To Configure Punt Policing And Monitoring

    Enters global configuration mode. Example: Device# configure terminal Step 3 platform qos-policer queue queue-id cir Enables punt policing on a queue, and specifies the maximum punt rate on a per-queue basis. Example: QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 17: Verifying Punt Policing

    MCAST Q MPLS OAM Q IP MPLS MTU Q PTP Q LINUX ND Q KEEPALIVE Q ESMC Q FPGA BFD Q FPGA CCM Q FPGA CFE Q L2PT DUP Q QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 18: Verifying Punt Policing Statistics

    PTP Q | 3000 | 6000 LINUX ND Q | 500 | 1000 KEEPALIVE Q | 1000 | 2000 ESMC Q | 3000 | 6000 FPGA BFD Q | 3000 | 6000 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 19 Policer commit rate is: 1000000, Policer burst commit is 100000 ########### Stats for CPU queue 31 ########## Internal Qnum: 32 Queue Name: SSFPD Q Policer conform: 0 (packets) 0 (bytes) Policer exceed: 0 (packets) 0 (bytes) QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 20: Configuration Examples For Punt Policing And Monitoring

    Configuration Examples for Punt Policing and Monitoring Example: Configuring Punt Policing The following example shows how to enable punt-policing: Router# enable Router# configure terminal Router(config)# platform qos-policer queue 3 64000 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 21: Additional References

    None To locate and download MIBs for selected platforms, Cisco IOS XE Software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs RFCs Title None QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 22: Feature Information For Punt Policing And Monitoring

    Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 23: Port-Shaper And Llq In The Presence Of Efps

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 24: Information About Port-Shaper And Llq In The Presence Of Efps

    Configuring Hierarchical Policy Maps To configure hierarchical policy maps, you create child policies which you then attach to a parent policy. The parent policy is then attached to an interface. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 25 (Optional) Sets the Layer 2 class of service (CoS) value of an outgoing packet. Example: • The value is a specific IEEE 802.1Q CoS value from 0 to 7. Device(config-pmap-c)# set cos 5 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 26 • You can configure only the class-default class in a parent policy. Do not configure any other traffic class. Device(config-pmap)# class class-default Step 13 service-policy policy-map-name Applies the child policy to the parent class-default class. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 27: Configuring An Llq Policy Map

    Command or Action Purpose Step 1 Enables privileged EXEC mode. enable • Enter your password if prompted. Example: Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 28 Exits QoS policy-map class configuration mode. exit Example: Device(config-pmap-c)# exit Step 10 class class-map-name Assigns the traffic class you specify to the policy map and enters QoS policy-map class configuration mode. Example: Device(config-pmap)# class dscp-af3 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 29: Configuring Port Level Shaping On The Main Interface With Ethernet Flow Points

    7. service instance id ethernet 8. encapsulation dot1q vlan-id 9. bridge-domain bridge-domain-id 10. exit 11. service instance id ethernet 12. encapsulation dot1q vlan-id 13. bridge-domain bridge-domain-id 14. exit 15. end QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 30 Device(config-if)# service instance 1 ethernet Step 8 encapsulation dot1q vlan-id Defines the matching criteria to map 802.1Q frames' ingress on an interface to the service instance. Example: Device(config-if-srv)# encapsulation dot1q QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 31 Binds the bridge domain to the service instance. Example: Device(config-if-srv)# bridge-domain 101 Step 14 exit Exits QoS policy-map class configuration mode. Example: Device(config-if-srv)# exit Step 15 (Optional) Exits interface configuration mode. Example: Device(config-if)# end QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 32: Configuration Examples For Port-Shaper And Llq In The Presence Of Efps

    200000000 class dscp-af3 bandwidth 400000 interface GigabitEthernet 0/0/1 no ip address negotiation auto service-policy output llq_flat service instance 1 ethernet QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 33: Additional References

    To locate and download MIBs for selected platforms, for existing MIBs has not been modified. Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 34: Feature Information For Port-Shaper And Llq In The Presence Of Efps

    Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 35: Control Plane Policing

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

  • Page 36: Information About Control Plane Policing

    Configuring the Control Plane Policing feature on your Cisco router or switch provides the following benefits: • Protection against DoS attacks at infrastructure routers and switches • QoS control for packets that are destined to the control plane of Cisco routers or switches • Ease of configuration for control plane policies •...

  • Page 37: Supported Protocols

    0.0.1.255 eq 69 any permit udp 64.202.160.0 0.0.1.255 any eq 69 TELNET IP/Port Match permit tcp 169.223.252.0 NQ_CPU_CONTROL_Q 0.0.3.255 host 169.223.253.1 eq telnet permit tcp 169.223.252.0 0.0.3.255 eq telnet host 169.223.253.1 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 38 20 permit udp any eq 20 any HTTP - Hypertext IP/Port Match permit tcp any any eq NQ_CPU_HOST_Q Transfer Protocol permit tcp any eq www QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 39 SAA - Service Assurance IP/Port Match permit icmp host 10.2.2.4 NQ_CPU_HOST_Q Agent host 10.1.1.1 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 40 LDP - Label Distribution IP/Port Match permit tcp any any eq 646 NQ_CPU_CFM_Q Protocol permit tcp any eq 646 any permit udp any any eq permit udp any eq 646 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 41 0.0.1.255 eq 1813 any permit tcp 64.202.160.0 0.0.1.255 any eq 1813 HSRP - Hot Standby IP/Port Match permit udp any NQ_CPU_HOST_Q Router Protocol 224.0.0.0/24 eq 1985 permit udp any eq 1985 224.0.0.0/24 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 42: Input Rate-Limiting And Silent Mode Operation

    Rate-limiting (policing) of input traffic from the control plane is performed in silent mode. In silent mode, a router that is running Cisco IOS XE software operates without receiving any system messages. If a packet that is entering the control plane is discarded for input policing, you do not receive an error message.

  • Page 43: Verifying Control Plane Services

    Device> enable Step 2 show policy-map control-plane [all] [input Displays information about the control plane. [class class-name]] • all—(Optional) Displays service policy information about all QoS policies used on the CP. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 44: Configuring Control Plane Policing To Mitigate Denial-Of-Service Attacks

    5 minute offered rate 0 bps, drop rate 0 bps Match:any Configuring Control Plane Policing to Mitigate Denial-of-Service Attacks Apply control plane policing (CoPP) to ICMP packets to mitigate denial of service (DoS) attacks. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 45 {any Configures an access list for filtering frames by protocol type. | host {address | name}} {any | host {address | name}} Example: Device(config)# access-list 110 permit icmp any 169.223.253.1 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 46 64000 to 10000000000. Supply an optional postfix (K, M, G). Decimal point is allowed. • bc burst-bytes—(Optional) Specifies the conformed burst (bc) or the number of acceptable burst bytes. The range is 8000 to 16000000. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 47 Exits control plane configuration mode and returns to global configuration mode. Example: Device(config-cp)# exit Step 17 exit Exits global configuration mode returns to privileged EXEC mode. Example: Device(config)# exit QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 48: Configuration Examples For Control Plane Policing

    Related Documents Related Topic Document Title Cisco IOS commands https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ mcl/allreleasemcl/all-book.html Standards and RFCs Standard/RFC Title No specific Standards and RFCs are supported by the — features in this document. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 49: Feature Information For Control Plane Policing

    Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
  • Page 50 Feature Information Control Plane Policing Cisco IOS XE Release 3.14.0S This feature was introduced on the Cisco ASR 920 Series Aggregation Services Router (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, ASR-920-10SZ-PD, ASR-920-24SZ-IM, ASR-920-24SZ-M, ASR-920-24TZ-M). QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 51: Priority Shaper

    As a result, very few packet counters are seen in other queues. Configuring Priority Shaper Perform the following steps to configure Priority Shaper. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 52 Step 7 priority level <level 1/2 > percent <percentage 1-100 > Assigns priority to a traffic class at the priority level or priority level <level 1/2> <kbps> <burst size> specified. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 53: Configuration Examples For Priority Shaper

    Device(config-cmap)#class-map match-any class_bw Device(config-cmap)#match cos 5 Device(config-cmap)#end Device(config)#policy-map shape_priority Device(config-pmap)#class class_level1 Device(config-pmap-c)#priority level 1 per 10 Device(config-pmap-c)#class class_level2 Device(config-pmap-c)#priority level 2 per 20 Device(config-pmap-c)#class class_bw Device(config-pmap-c)#bandwidth remaining percent 70 Device(config-pmap-c)#end QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 54: Verifying Priority Shaper

    Device(config)#interface GigabitEthernet0/0/3 Device(config-if)#load-interval 30 Device(config-if)#service-policy output shape_priority Device(config-if)#end The match cos is not supported at egress on the Cisco RSP3 Module. Note Verifying Priority Shaper Use the following command to verify that the Priority Shaper feature is configured on your interface.
  • Page 55 Priority Shaper Verifying Priority Shaper (queue depth/total drops/no-buffer drops) 0/0/0 (pkts output/bytes output) 0/0 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 56 Priority Shaper Verifying Priority Shaper QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 57: Hierarchical Color-Aware Policing

    To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Hierarchical Color-Aware Policing You must have Cisco IOS XE Release 3.15S or a later version installed and running on your router. You must already be familiar with relevant features and technologies including modular QoS CLI (MQC) and the master control processor (MCP) software and hardware architecture.

  • Page 58: Restrictions For Hierarchical Color-Aware Policing

    The following sample configuration for a simple two-level policer would result in the changed behavior shown in the figure below: policy-map child class user1 police 100k class user2 police 100k policy-map parent class class-default police 150k service-policy child QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 59: Limited Color-Aware Policing

    5 class user2-acl-child police 20000 bc 1500 conform-action set-qos-transmit 5 class class-default police 50000 bc 1500 policy-map parent-policy class class-default police 50000 bc 3000 confirm-action transmit exceed-action transmit violate-action drop QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 60: Policing Traffic In Child Classes And Parent Classes

    QoS options. For example, a voice customer was limited to 112 kb/s for voice control and 200 kb/s for voice traffic. The class-default class has no policer. The only limit is the physical bandwidth of the QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 61 200 kb/s VoIP traffic are unaffected at the parent policer, but 500 kb/s class default from the child is policed to 188kb/s to meet the overall police policy of 500 kb/s at the parent level. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 62: How To Configure Hierarchical Color-Aware Policing

    (commonly known as the class-default class) before you configure its policy. Repeat this command as many times as necessary to Router(config-pmap)# class specify the child or parent classes that you are creating or modifying: user1-acl-child QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)
  • Page 63 Example: • policy-map-name—Name of the predefined policy map to be used as a QoS policy. The name can be a maximum of 40 alphanumeric characters. Router(config-pmap-c-police)# service-policy child-policy QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 64: Configuration Examples For Hierarchical Color-Aware Policing

    Example Enabling the Hierarchical Color-Aware Policing Feature The following example shows a sample configuration that enables the Hierarchical Color-Aware Policing feature: class-map qos_group1 match qos_group 1 class-map qos_group2 match qos_group 2 class-map cos1 QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 65: Example Disallowing The Removal Of An Active Color-Aware Class Map

    Router# show policy-map interface GigabitEthernet0/0/0 Service-policy input: parent-policy Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: any QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 66: Additional References

    Related Documents Related Topic Document Title Cisco IOS commands https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ mcl/allreleasemcl/all-book.html Standards and RFCs Standard/RFC Title No specific Standards and RFCs are supported by the — features in this document. QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

  • Page 67: Feature Information For Hierarchical Color-Aware Policing

    Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
  • Page 68 Feature Information Hierarchical Color-Aware Policing Cisco IOS XE Release 3.15.0S This feature was introduced on the Cisco ASR 920 Series Aggregation Services Router (ASR-920-12CZ-A, ASR-920-12CZ-D, ASR-920-4SZ-A, ASR-920-4SZ-D, ASR-920-10SZ-PD, ASR-920-24SZ-IM, ASR-920-24SZ-M, ASR-920-24TZ-M). QoS: Policing and Shaping Configuration Guide (Cisco ASR 920 Series)

Table of Contents