The Modular Quality of Service CLI (MQC) Review – Service Policies

November 4, 2015 at 6:52 pm

T8eQ

In part 1 of this series, we examined the class maps that you use to classify traffic you want to make QoS treatments for. In part 2, we took a look at policy maps. These are the structures you use in order to actually make the QoS manipulations with.

But the question remains, how do you assign this QoS policy to an interface in a particular direction. The answer, of course, is service policies. In this post, we examine the service policy step, and ensure we can easily verify a QoS configuration that utilizes the MQC.

Let us walk through a simple example. We will classify a very specific PING using a class map, and then punish it with the drop treatment at a router interface. Let drop ICMP Echo packets sourced from the loopback of R1 at the R2 interface s0/0.

Screenshot 2015-11-04 10.38.34

First – let’s make sure out little topology has full connectivity – a PING to the Loopback0 of R1 will do the trick:

R2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/26/40 ms
R2#

Next, let’s create a class map that gathers the Echoes from the Loopback0, and then we will add that to a policy map that drops them. Finally, the new step for our posts here, we will assign this to the int s0/0 of R2 in the inbound direction:

R2(config)#access-list 100 permit icmp host 1.1.1.1 any echo   
R2(config)#class-map match-any CM_ICMP
R2(config-cmap)#match access-group 100
R2(config-cmap)#exit
R2(config)#policy-map PM_ICMP
R2(config-pmap)#class CM_ICMP
R2(config-pmap-c)#drop
R2(config-pmap-c)#exit
R2(config-pmap)#exit
R2(config)#int s0/0
R2(config-if)#service-policy input PM_ICMP

Now, it is time for our verifications! Fun!

R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/15/28 ms
R1#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
.....
Success rate is 0 percent (0/5)
R1#

But if you know me, I am pretty paranoid. Was it really out MQC configuration that produced this verification result. Now it is time for the power for the show policy-map interface command. One of my all time favorites:

R2#show policy-map interface s0/0
 Serial0/0 
  Service-policy input: PM_ICMP
    Class-map: CM_ICMP (match-any)
      5 packets, 520 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: access-group 100
        5 packets, 520 bytes
        5 minute rate 0 bps
      drop
    Class-map: class-default (match-any)
      58 packets, 3912 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
R2#

Notice this output proves so much. Our class-map did grab those packets, they were properly treated rudely in the policy map, and we of course verified that we assigned all of this correctly.

Thanks for reading this three part series on a review of the MQC. I am heading back in line for Star Wars tickets.