H-QoS on service instance on ES+ card in 7600 reports error

Static, RIP, EIGRP, OSPF, BGP, IBGP, IS-IS and any other routing.
Guest

H-QoS on service instance on ES+ card in 7600 reports error

Post by Guest » Thu Mar 05, 2009 1:46 pm

I am attempting to configure a dual level input policy on a service instance, the outer class-default policy is to apply policing, and the child policy is to mark traffic identified by ACLs with DSCP values. The card is an ES+, in a 7606-s



After reading the documentation I am sure this should work.



When I apply the service policy to the service instance the router reports an error, but the policy does appear in the running config for the service instance. Testing the policy, passing telnet across this service instance, checking the output of sh policy-map int te1/1 service instance 300, no packets are seen at all. But the traffic connection works.



The error message is:

%X40G_QOS-DFC1-3-CFN: TCAM key not supported on this intf,policymap MARK-INGRESS can not be applied to intf 6(type 1)



I cannot find any reference to this message.



One of the policies I tried:



Child policy

policy-map MARK-INGRESS


class IDENTIFY-VOICE

set ip dscp ef

class IDENTIFY-CALL-SIGNALLING

set ip dscp cs3



Parent policy

policy-map RATE-LIMIT

class class-default

police 2000000 conform-action transmit exceed-action set-dscp-transmit 0 violate-action drop

service-policy MARK-INGRESS



interface TenGigabitEthernet1/1

service instance 300 ethernet

service-policy input MARK-INGRESS



This didnt work, resulting in the error message, but does appear in the sh run int te1/1 output.



After more testing I found this one did work, and no error message:



policy-map test

class class-default

police 2000000 conform-action transmit exceed-action set-dscp-transmit 0 violate-action drop





interface TenGigabitEthernet1/1

service instance 300 ethernet

service-policy input test





So is what Im trying to do possible? I think this may be a code issue, but as this is the first time trying to configure this Im not sure yet.



Code and card details:



sh mod
Mod Ports Card Type Model .
--- ----- -------------------------------------- ------------------ -----------
5 5 Route Switch Processor 720 10GE (Activ RSP720-3C-10GE

6 5 Route Switch Processor 720 10GE (Hot) RSP720-3C-10GE

Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
5 001c.584e.d884 to 001c.584e.d88b 2.2 12.2(33r)SRD 12.2(33)SRE Ok
6 001c.584e.e440 to 001c.584e.e447 2.2 12.2(33r)SRD 12.2(33)SRE Ok

Mod Sub-Module Model Hw Status
---- --------------------------- ------------------ ----------- ------- -------
5 Policy Feature Card 3 7600-PFC3C-10GE 1.1 Ok
5 C7600 MSFC4 Daughterboard 7600-MSFC4 2.1 Ok
6 Policy Feature Card 3 7600-PFC3C-10GE 1.1 Ok
6 C7600 MSFC4 Daughterboard 7600-MSFC4 2.1 Ok

Guest

Re:H-QoS on service instance on ES+ card in 7600 reports error

Post by Guest » Thu Mar 05, 2009 2:10 pm

Hello, The config seems to be valid from H-QoS point of view. But as per Table 7-3, first row and Note1, on the following CCO link there are restrictionsfrom Classification side (class-maps) on ES+:https://www.cisco.com/en/US/docs/router ... #wp1337428 Like, for match ACLs only classify based on source MAC address using Layer 2 ACLsupported for L2-switchports, EVCs/Port-chan EVCs.Deny ACL is not supported on ES+ linecards. So if in your class maps classification is based on an ACLs trying tomatch Layer3 (IPs) and/or Layer4 info, those classification options are not supported for ES+.And you got those errors. If such a case you would need a some kind of re-design, for example, to mark CoS fields on some downstream/access device,and then on ES+ ingress l2 interface or EVCs use a class mapswhich would just match on those DSCP/IP_Prec values. Thanks,Sergey

Guest

Re:H-QoS on service instance on ES+ card in 7600 reports error

Post by Guest » Thu Mar 05, 2009 3:13 pm

Hi Sergey, Thanks for your reply, I eventually found that as the interface is only processing at L2 no L3 criteria can be used for classification, which makes sense when you think about it. So, yes I agree, classification needs to take place closer to the edge, I will have to come up with some alternate ideas. Andy

Guest

Re:H-QoS on service instance on ES+ card in 7600 reports error

Post by Guest » Thu Mar 05, 2009 4:46 pm

aacole, Have you researched using policy-map(s) and the police command. https://www.cisco.com/en/US/docs/router ... #wp1430024   RegardsJude

Post Reply