nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: qos 3560

From: "Bogdan" <shoshon () shoshon ro>
Date: Thu, 12 Nov 2009 20:18:09 +0200 (EET)
Following on, the best way is to 'trust' on all uplinks between devices
and filter at the edge. So you have a customer who shouldn't be sending
tagged traffic, set the port to not trusted (should be the default
state) and any customer using QoS should have "mls qos trust dscp" on
the demark port.

If you don't have a trusted core, then all it takes is a simple switch
in the path traffic takes and you'll find yourself scratching your head
as to why the DSCP tags are disappearing all of a sudden!




indeed, i do see another dscp value in the counters. (besides mine).
i tried with dscp mutation and re-mapping, but it did't work.
so..start NOT trusting the edge/customers ports.




Paul



-----Original Message-----
From: Scott Morris [mailto:swm () emanon com]
Sent: 12 November 2009 14:41
To: Bogdan
Cc: nanog () nanog org
Subject: Re: qos 3560

Look at "show mls qos map" to see the defaults that may be rewriting
your information depending on trust (or non-trust) mechanisms you have
configured.

If you trust CoS, a frame received with cos5 and dscp46 will get
rewritten to dscp 40 with default maps...

"show mls qos interface (intf)" is also good to see status.

Scott



Bogdan wrote:

hello

indeed, a fellow nanoger gave me this hint.

1. i had to enable mls qos globally in "network" switches
2. set the mls qos trust dscp on the uplinks (ingress port)


thanks

ps thanks to andrey.gordon too :)





On 11/12/2009 03:21 PM, Brian Feeny wrote:


You should make sure that any links that go between devices have

trust

set.  In your case if your doing DSCP,
then make sure each link that goes between devices which must carry
tagged packets have trust dscp set.

Brian

On Nov 12, 2009, at 5:11 AM, Bogdan wrote:



hello

i am playing with qos on some devices
- cisco 3560
- cisco 7609
and i have some things that i don't seem to understand.

1. in 3560, i enable mls qos, on the ingress port applyed policy

map,

classify the packets with acl, mark, all good. on the egress ports i

use

srr-queue with shape/share, everything is fine, it is working.



http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/relea
se/12.2_20_se/configuration/guide/swqos.html#wp1028614




2. reset to defaults the 3560
in 7606 i pick up a vlan, and apply a policy-map and set dscp 40 on
egress of that vlan
3560 in uplinked in 7609
in 3560 i can see the "marked" packets, and i have matches on the

dscp

set earlier (sh mls qos int xx stat).
the problem is: when i apply the srr-queue in 3560 on egress

(towards

the test port), it does not work.
if i enable mls qos on 3560, i cannot match anymore the dscp 40 from

the

7609

is it normal? do i have to apply the qos stuff (point1) on all

switches

i want qos on? i mean, i cannot set dscp in one "core" device and

use

that in the whole network ?


thanks















For more information about the Viatel Group, please visit www.viatel.com

VTL (UK) Limited Registered in England and Wales
Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR
Company Registration No: 04287100 VAT Registration Number: 781 4991 88

THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO
WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
CONFIDENTIAL AND EXEMPT FROM DISCLOSURE.  If the reader of this message is
not the intended recipient, or an employee or agent responsible for
delivering the message to the intended recipient, you are notified that
any dissemination, distribution or copying of this e-mail is prohibited,
and you should delete this e-mail from your system.

This message has been scanned for viruses and spam by Viatel MailControl -
www.viatel.com
Previous By Date Next
Previous By Thread Next

Current thread: