If you are playing around with CBWFQ you might have discovered that it’s impossible to attach a policy-map to a sub-interface directly. There is a good reason for this and I’d like to show you why this occurs and how to fix it. This is the topology I will use to demonstrate this:
Just two routers connected to teach other using frame-relay. We will try to configure CBWFQ on the Serial 0/0.1 sub-interface of R1.
Configuration
First i’ll create a simple CBWFQ configuration:
R1(config)#class-map TELNET
R1(config-cmap)#match protocol telnet
R1(config)#class-map HTTP
R1(config-cmap)#match protocol http
R1(config)#policy-map CBWFQ
R1(config-pmap)#class TELNET
R1(config-pmap-c)#bandwidth percent 10
R1(config-pmap-c)#exit
R1(config-pmap)#class HTTP
R1(config-pmap-c)#bandwidth percent 20
R1(config-pmap-c)#exit
Nothing special here…just a simple CBWFQ configuration that gives 10% of the bandwidth to telnet and 20% to HTTP traffic. Let’s try to apply it to the sub-interface:
R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output CBWFQ
CBWFQ : Not supported on subinterfaces
Too bad, it’s not gonna happen…IOS has a day off. There is a workaround however…we can’t apply it directly, but if we use a hierarchical policy-map it will work. Let me show you what I mean:
R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#service-policy CBWFQ
I’ll create a policy-map called PARENT that has our service-policy attached to the class-default class. Now let’s try to attach this to the sub-interface:
R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT
CBWFQ : Hierarchy supported only if shaping is configured in this class
IOS is still complaining, it only allows a hierarchical policy-map when shaping is configured. Let’s give it what it wants:
R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#shape average percent 100
I don’t want to shape, but if I have to configure something we’ll just set the shaper to 100% of the interface bandwidth so that it doesn’t limit our traffic. Let’s attach it to the sub-interface:
R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT
Bingo! It has been attached.
Verification
We’ll try to telnet from R1 to R2 to see if it matches the policy-map:
R1#telnet 192.168.12.2
Trying 192.168.12.2 ... Open
Password required, but none set
[Connection to 192.168.12.2 closed by foreign host]
Let’s check if it hit something:
R1#show policy-map interface serial 0/0.1
Serial0/0.1
Service-policy output: PARENT
Class-map: class-default (match-any)
39 packets, 4086 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Traffic Shaping
Target/Average Byte Sustain Excess Interval Increment
Rate Limit bits/int bits/int (ms) (bytes)
100 (%) 0 (ms) 0 (ms)
1544000/1544000 9650 38600 38600 25 4825
Adapt Queue Packets Bytes Packets Bytes Shaping
Active Depth Delayed Delayed Active
- 0 39 4086 0 0 no
Service-policy : CBWFQ
Class-map: TELNET (match-all)
11 packets, 514 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol telnet
Queueing
Output Queue: Conversation 73
Bandwidth 10 (%)
Bandwidth 154 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http
Queueing
Output Queue: Conversation 74
Bandwidth 20 (%)
Bandwidth 308 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0
Class-map: class-default (match-any)
28 packets, 3572 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Above you can see that my telnet traffic matches the policy-map. The shaper is configured but since it’s configured to shape to the entire interface bandwidth it won’t bother us.
So why do we have to use a shaper? Logical interfaces like sub-interfaces can’t have congestion like a physical interface so IOS doesn’t support policy-maps that implement for queuing. By using a shaper, we enforce a “hard limit” for the sub-interface and so it will allow queuing.
I hope this has been helpful to you! If you have any questions feel free to ask.
No comments:
Post a Comment