Conform, exceed, and violate are conditions can occur when metering traffic using a dual token bucket traffic policing QoS mechanism on Cisco routers.
How a Traffic Policing Mechanism Regulates Traffic
The time interval between token updates (Tc) to the token bucket is updated at the CIR value each time a packet arrives at the traffic policer. The Tc token bucket can contain up to the Bc value. If a packet of size B is greater than the Tc token bucket, then the packet exceeds the CIR value and a configured action is performed. If a packet of size B is less than the Tc token bucket, then the packet conforms and a different configured action is performed.
CIR = Bc/Tc
Committed Information Rate (CIR) - the rate the device will send at (on average) over a one second period. The default CIR when traffic-shaping is enabled on the interface is 56K. CIR is also referred to as the "target rate". Since the device is forced to send at the AR, it does not send all of the time (within one second) in order to send an average amount of data that equals the CIR.
Minimum CIR (MinCIR) - the rate the service provider guarantees to accept. Theoretically, the provider will set the DE bit for all traffic above this rate. MinCIR is designed to be used in conjunction with adaptive shaping. With adaptive shaping, the router will throttle down in the event of congestion. The router will not throttle down below this value.
Committed Burst (Bc) - the number of committed bits allows to be sent during a given interval. The device sends an average amount of traffic to achieve the CIR. The Bc value defaults to 1/8 of the configured CIR for speeds below 650K. For speeds above that, it is roughly 1/16 of CIR.
Excess Burst (Be) - the number of non-committed bits the router is allowed to send above Bc during the first interval (Tc). The amount of Be "credits" is derived from unused Bc credits in previous intervals. There is no limit to how long Be can "store" unused Bc credits. It is a common misconception that Be can only store credits from the previous interval or the previous second. There is no default Be value.
Committed Rate Measurement Interval (Tc) - the time interval over which Bc or Bc+Be can be transmitted. The max value is 125 ms and the minimum value is 10 ms.
The Formula
CIR, Tc, and Bc are related mathematically by the following formula:
CIR = Bc/(Tc/1,000)
Notice the division of Tc by 1,000 is used to convert milliseconds into seconds - the common measurement of CIR and Bc.
DS-TE implementations on Cisco routers support global pool, subpool, class-type 0, and class-type 1.
Differential Service Tunnels
Differential Service Traffic Engineering (TE) is an extension of the regular MPLS Traffic Engineering (MPLS-TE) feature. Regular TE does not provide bandwidth guarantees to different traffic classes. A single bandwidth pool (global pool) is used in regular TE that is shared by all traffic. In order to support various class of service (CoS), the ability to provide multiple bandwidth pools is required. These bandwidth pools then can be treated differently based on the requirement for the traffic class using that pool.
In RSVP global and subpools reservable bandwidths are configured on a per interface basis to accommodate TE tunnels on the node. Available bandwidth from all configured bandwidth pools is advertised using Interior Gateway Protocol (IGP). RSVP is used to signal the TE tunnel with appropriate bandwidth pool requirements.
EXP field in the MPLS shim header is used to support different QoS markings.
MPLS EXP Marking
The three MPLS EXP (experimental) bits in the shim header of an input or output MPLS packet header may be set or changed by a user configured value.
On a Cisco IOS XR router, LPTS mechanism protects the router resources by filtering and policing the packets flows that are destined to the router that is based on defined flow-type rates.
Local Packet Transport Services (LPTS) maintains tables describing all packet flows destined for the secure domain router (SDR), making sure that packets are delivered to their intended destinations.
When configuring LLQ (strict priority queue) on a traffic class using the Cisco IOS XR priority command on a Cisco ASR9K router, police additional QoS command is required for this traffic class.
The Low Latency Queueing feature brings strict priority queueing to Class-Based Weighted Fair Queueing (CBWFQ).
On the Cisco ASR9K router, when using the bandwidth command to specify the minimum guaranteed bandwidth to be allocated for a specific class of traffic, CBWFQ will be used as the queuing algorithm.
Class based weighted fair queuing (CB-WFQ) was initially released without the support of a priority queuing system, thus it could not guarantee the delay and jitter (delay variation) requirements of real-time, interactive voice and video conversations. Since for CBWFQ, the weight for a packet belonging to a specific class is derived from the bandwidth assigned to the class, which in turn determines the order in which packets are sent. All packets are serviced fairly based on weight and no class of packets may be granted strict priority. This scheme poses problems for voice traffic that is largely intolerant of delay, especially variation in delay.
When implementing MPLS DS-TE on Cisco IOS XR routers, all aggregate Cisco MPLS TE traffic is mapped to class-type 0 (bandwidth global pool) by default.
On the Cisco IOS XR, LLQ can be applied in the input or output direction MQC configuration is different than on the Cisco IOS and IOS XE.
On Cisco routers, within the parent policy-map, reference another child policy-map using the service-policy command is hierarchical QoS implemented.
Refer to the Cisco IOS XR policy-map configuration exhibit.
policy-map test
!
class one
priority level 1
!
class two
priority level 2
!
class three
bandwidth percent 60
!
interface GigabitEthernet0/0/0/2
service-policy output test
!
Missing the police command under class one and class two is wrong with the policy-map configuration.
When configuring class-based WRED on Cisco routers, the mark probability denominator WRED parameter is not user configurable on a Cisco IOS XR but is user configurable on a Cisco IOS and IOS XE.
IPv6 QoS:
A 20-bit flow label field enables per-flow processing.
IPv6 QoS features are configured using the modular QoS CLI on Cisco routers.
The traffic class field in the IPv6 header can be used to set specific precedence or DSCP values.
With unmanaged CE routers, between the CE and PE router point in the service provider network is the QoS trust boundary, and mapping of the customer traffic classes into the service provider traffic classes at the PE router ingress is required at the trust boundary.
On the Cisco IOS XR, when using the match protocol command within a class-map to classify traffic, you noticed that the match protocol option on the Cisco IOS XR shows much fewer protocol options than on the Cisco IOS or IOS XE, like there is no option such as the match protocol yahoo-messenger command on the Cisco IOS XR. Because NBAR is not supported on the Cisco IOS XR.
Within the service provider core network, WRED and LLQ QoS mechanisms are typically deployed on the P routers.
Steps are required to configure QPPB on Cisco IOS XR routers:
Enable QPPB on an interface using the ipv4 bgp policy propagation input ip-precedence|qos-group destination|source command.
Define a QPPB route policy to match the customer routes, then set the IP precedence or qos-group.
Apply a QPPB route policy to the BGP process using the table-policy command.
The
Cisco IOS and IOS XE qos pre-classify command allows for packets to be
classified based on the packet header parameters other than the ToS byte
values after packet encryption kind of packet classification on IP
packets that are encapsulated with GRE and IPsec.
On the PE ingress, classify the customer traffic and then mark with
qos-group. On the PE egress, classify based on the qos-group and then
mark with mpls exp are typical class-based marking policies that are
implemented on service provider IP NGN PE routers.
Inner EXP item is not available to be used for QoS classification in Cisco IOS XR.
When an ingress edge LSR receives an IP packet, it will decrement the IP
TTL field by 1; then it will copy the decremented IP TTL field into the
MPLS Label TTL field is the default MPLS TTL behavior.
Ping mpls command operations:
They are used to test for a broken LSP.
They use a 127/8 address as the destination address in the MPLS echo request packet.
MPLS OAM has to be enabled on the router using the mpls oam command.
Label, EXP, S, and TTL are the fields inside the MPLS shim header.
LSPs:
An IGP is used to populate routing tables in all routers in an MPLS domain.
LDP is used to propagate labels and build LSPs.
Next-hop IP address, outgoing label, outgoing interface, and local label pieces of information are stored for each prefix in the LFIB.
Layer 2 VPNs, Layer 3 VPNs, and traffic engineering network services can be implemented using MPLS within the service provider IP NGN core.
LDP session protection uses backup-targeted LDP hellos to maintain the LDP session between LDP neighbors.
You are tasked to enable LDP on many of the interfaces on the Cisco
CRS-3 router, and because there are many interfaces that need to have
LDP enabled, you mistakenly did not enable LDP on all the required
interfaces. To prevent this issue from happening again in the future, use the mpls ldp auto-config command under the IGP routing process could do the next time you need to enable LDP on many
interfaces.
Describing ISP environments that are running IP/MPLS in the core network:
The PE and P routers run LDP to learn the labels for reaching the BGP next-hop addresses.
The BGP next hops point to the PE routers, and only the PE routers are required to run BGP.
When troubleshooting LDP operations on the Cisco IOS and IOS XE routers, check if the ip cef command has been enabled is one of the first things that should be verified.
Referring to the Cisco IOS XR configuration exhibit,
mpls ldp
label
advertise
disable
for test1 to test2
!
ipv4 access-list test2
10 permit ipv4 any any
ipv4 access-list test1
10 permit ipv4 host 10.1.1.1 any
Only the label for 10.1.1.1/32 will be advertised to all the LDP peers.
Local is the term that is used for the label that an LSR assigns and distributes to other LSRs in MPLS.
LDP-IGP synchronization Cisco IOS XR high-availability feature is used to prevent routes from being used before LDP converges.
RP/0/RSP0/CPU0:R1(config-isis-if-af)#mpls ldp sync Cisco IOS XR command should be used in order to enable LDP-IGP synchronization for the ISIS IGP protocol.
Referring to the Cisco IOS XR show command output exhibit,
Possible reasons that the GigabitEthernet0/1/0/10 LDP IGP sync status is not ready:
The OSPF neighbor on GigabitEthernet0/1/0/10 is not up.
LDP is up on GigabitEthernet0/1/0/10, but no label bindings have been received from the peer.
The LDP neighbor on GigabitEthernet0/1/0/10 is not up.
In config-ospf and config-ospf-ar Cisco IOS XR OSPF configuration modes can mpls ldp igp sync be configured.
On Cisco routers, static routing, autoroute, and policy-based routing methods can be used to map traffic into the MPLS traffic engineering tunnel.
A Cisco MPLS TE:
CBR takes into account link resource and traffic tunnel attributes.
A Cisco MPLS TE tunnel maps onto an LSP path.
A tunnel that is created with a priority of 0 can pre-empt an existing tunnel with a priority of 7.
On a Cisco router, on the receipt of the RSVP Resv message will the router actually reserve the bandwidth for the MPLS traffic engineering tunnel.
Cisco MPLS TE path setup can be affected by affinity, bandwidth, and priority tunnel attributes.
When using the tunnel mpls traffic-eng path-option 1 explicit name test command in Cisco MPLS TE tunnel configurations, the test explicit-path configuration will consist of a list of IP address values.
Cisco MPLS TE resource attributes that are configured locally for each link are distributed to the headend router of the traffic engineering tunnel using OSPF or IS-IS with TE extension protocol.
When implementing Cisco MPLS TE, the constrained-based path calculations by default, it will use the IGP metric, or each link can be assigned a specific value using the admin-weight command.
Affinity 0x0F000001 and mask 0xFF0000FF value will match the link affinity that has 0x0F in the first 8 bits and 0x01 in the last 8 bits, and the middle 16 bits can be any value.
Fast reroute and backup tunnels are used to provide Cisco MPLS TE node and link protection.
In Cisco MPLS TE implementations, autobandwidth can cause the tunnel bandwidth to adjust automatically based on the traffic load in the tunnel.
0xFF00EEEA affinity value will be matched by the affinity bit mask of the affinity 0xFF00000A mask 0xFFFF000F command.
When defining an explicit MPLS TE tunnel path, next-address and exclude-address command options are available under the explicit-path configuration mode.
CSPF, tunnel interface, and RSVP mechanisms are used to implement MPLS TE.
A DSCP value of 41 in decimal corresponds to 5 Critical IP precedence value.
= INT(41/
The AF behavior group defines four separate AF classes with Class 4 having the highest priority. Within each class, packets are given a drop precedence (high, medium or low). The combination of classes and drop precedence yields twelve separate DSCP encodings from AF11 through AF43
Assured Forwarding (AF) Behavior Group
Class 1 (lowest) Class 2 Class 3 Class 4 (highest)
Low Drop AF11 (DSCP 10) AF21 (DSCP 18) AF31 (DSCP 26) AF41 (DSCP 34)
Med Drop AF12 (DSCP 12) AF22 (DSCP 20) AF32 (DSCP 28) AF42 (DSCP 36)
High Drop AF13 (DSCP 14) AF23 (DSCP 22) AF33 (DSCP 30) AF43 (DSCP 38)
