Wednesday, July 16, 2008

3550 QoS - Trusting, Mapping and Override

Here's the network:

[R2]---[SW3]---[trunk, native vlan 1]---[SW4]---[R4 ]

R2 sets ip-prec to 2:

interface FastEthernet0/0
ip address
rate-limit output 16000 8000 8000 conform-action set-prec-transmit 2 exceed-action set-prec-transmit 2

Packet capture show packets still marked when they reach R4 (using Dyngen for routers, binding them to NICs on the PC and then connecting them to the 3550's).

As soon as I enable mls qos on SW3, packets are no longer marked:

SW3(config)#mls qos

To get the 3550 to keep the marking I configure qos trust on the incoming ports:

SW3(config)#int f0/2
SW3(config-if)#mls qos trust

To get the switch to remark the packets, configure cos override:

SW3(config)#int f0/2
SW3(config-if)#mls qos cos override
SW3(config-if)#mls qos cos 4

These packets show up as CS4 on R4. Note that the override command removes the trust command and vice versa:

SW3(config)#int f0/2
SW3(config-if)#mls qos trust

SW3#show run int f0/2
interface FastEthernet0/2
switchport mode dynamic desirable
mls qos cos 4
mls qos trust dscp

If the trust and "mls qos cos 4" commands exist, the trust takes effect and will not override the DSCP. So the COS4 override mapped to CS4...where does this mapping take place? Here:

SW3#show mls qos maps cos-dscp
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56

Suppose we want COS4 to be mapped to AF41...which is DSCP 34. We can do this:

SW3(config)#mls qos map cos-dscp ?
<0-63> 8 dscp values separated by spaces
SW3(config)#mls qos map cos-dscp 0 8 16 24 34 40 48 56

Here's part of my wireshark capture in plain text:

Internet Protocol, Src: (, Dst: (
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x88 (DSCP 0x22: Assured Forwarding 41; ECN: 0x00)
1000 10.. = Differentiated Services Codepoint: Assured Forwarding 41 (0x22)

Ok here's an interesting one: what happens if I configure QoS on SW4 and set it to trust the COS instead of the DSCP value?

SW4(config)#int f0/24
SW4(config-if)#mls qos trust ?
cos Classify by packet COS
device trusted device class
dscp Classify by packet DSCP
ip-precedence Classify by packet IP precedence

SW4(config-if)#mls qos trust cos

It remarks the packet to CS4 based on the cos-dscp map, of course!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.