This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Classification based on DSCP

Classification based on DSCP

zeeshan_qadir
New Contributor

ā€Ž05-26-2015 09:48 PM

Hi everybody,



I am trying to aceive following QOS goals.

All traffic entering port 1 should be policed to CIR 10 Mig on port1. All conforming traffic then get classified based on DSCP and then subject to their respective policer and then placed in appropriate egress QP.

My config:

create meter METER_SNID create meter METER_SNID_REALTIME
create meter METER_SNID_CRITICAL

configure meter METER_SNID committed-rate 10000 Kbps max-burst-size 8000 Kb out-actions drop configure meter METER_SNID_REALTIME committed-rate 5000 Kbps max-burst-size 8000 Kb out-actions drop
configure meter METER_SNID_CRITICAL committed-rate 1000 Kbps max-burst-size 8000 Kb out-actions drop

Vi CLI_SNID1.pol
entry POLICER
{
if match all {
}
then
{
meter CLI_SNID;

}
}

entry REAL_TIME {
if match any {
dscp 46;
dscp 23;
}
then {
meter METER_SNID_REALTIME ;
qosprofile QP5 ;
count REALTIME ;
}
}

entry CRITICAL {
if match any {
dscp 24;
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

###############################

ISSUE:

* X450a-24t.20 # check policy CLI_SNID1Policy file check successful.
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 # configure access-list CLI_SNID1 ports 1 ingress
Error: Policy CLI_SNID1 has syntax errors
Line 15 : Attribute dscp already exists as a match statement in Acl entry REAL_TIME.
* X450a-24t.22 #

2)How is the policy get evaluated ? Suppose there is policy with three rules, rule1,rule2,rule3, if rule 1 is matched ,does the evaluation stop or it continues to rule2 and rule3?

Much appreciated!!

Thanks

0 Kudos
2 REPLIES 2

zeeshan_qadir
New Contributor

ā€Ž05-28-2015 12:59 AM

Thanks Prashanth .
0 Kudos

Prashanth_KG
Extreme Employee

ā€Ž05-27-2015 10:34 AM

Hi Zeeshan,

While configuring an acl, we need to ensure that the match conditions do not get repeated under the same entry.

For example, the entry,

entry CRITICAL {
if match any {
dscp 24;
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

should be converted to 2 different entries.

entry CRITICAL {
if match any {
dscp 24;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

entry CRITICAL1 {
if match any {
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

Regarding the rule evaluation, all the rules are evaluated at the same time.
Snippet from the user guide under the rule evaluation section.

When there are multiple rule entries applied to an interface, evaluation proceeds as follows:

ā€¢ A packet is compared to all the rule entry match conditions at the same time.
ā€¢ For each rule where the packet matches all the match conditions, the action and any action
modifiers in the then statement are taken. If there are any actions or action modifiers that conflict
(deny vs. permit, etc), only the one with higher precedence is taken.
ā€¢ If a packet matches no rule entries in the ACL, it is permitted.

0 Kudos
GTM-P2G8KFN