cancel
Showing results for 
Search instead for 
Did you mean: 

Classification based on DSCP

Classification based on DSCP

zeeshan_qadir
New Contributor
Hi everybody,



I am trying to aceive following QOS goals.

All traffic entering port 1 should be policed to CIR 10 Mig on port1. All conforming traffic then get classified based on DSCP and then subject to their respective policer and then placed in appropriate egress QP.

My config:

create meter METER_SNID create meter METER_SNID_REALTIME
create meter METER_SNID_CRITICAL

configure meter METER_SNID committed-rate 10000 Kbps max-burst-size 8000 Kb out-actions drop configure meter METER_SNID_REALTIME committed-rate 5000 Kbps max-burst-size 8000 Kb out-actions drop
configure meter METER_SNID_CRITICAL committed-rate 1000 Kbps max-burst-size 8000 Kb out-actions drop

Vi CLI_SNID1.pol
entry POLICER
{
if match all {
}
then
{
meter CLI_SNID;

}
}

entry REAL_TIME {
if match any {
dscp 46;
dscp 23;
}
then {
meter METER_SNID_REALTIME ;
qosprofile QP5 ;
count REALTIME ;
}
}

entry CRITICAL {
if match any {
dscp 24;
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

###############################

ISSUE:

* X450a-24t.20 # check policy CLI_SNID1Policy file check successful.
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 #
* X450a-24t.21 # configure access-list CLI_SNID1 ports 1 ingress
Error: Policy CLI_SNID1 has syntax errors
Line 15 : Attribute dscp already exists as a match statement in Acl entry REAL_TIME.
* X450a-24t.22 #

2)How is the policy get evaluated ? Suppose there is policy with three rules, rule1,rule2,rule3, if rule 1 is matched ,does the evaluation stop or it continues to rule2 and rule3?

Much appreciated!!

Thanks

2 REPLIES 2

zeeshan_qadir
New Contributor
Thanks Prashanth .

Prashanth_KG
Extreme Employee
Hi Zeeshan,

While configuring an acl, we need to ensure that the match conditions do not get repeated under the same entry.

For example, the entry,

entry CRITICAL {
if match any {
dscp 24;
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

should be converted to 2 different entries.

entry CRITICAL {
if match any {
dscp 24;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

entry CRITICAL1 {
if match any {
dscp 36;
}
then {
meter METER_SNID_CRITICAL ;
qosprofile QP3 ;
count CRITICAL ;
}
}

Regarding the rule evaluation, all the rules are evaluated at the same time.
Snippet from the user guide under the rule evaluation section.

When there are multiple rule entries applied to an interface, evaluation proceeds as follows:

• A packet is compared to all the rule entry match conditions at the same time.
• For each rule where the packet matches all the match conditions, the action and any action
modifiers in the then statement are taken. If there are any actions or action modifiers that conflict
(deny vs. permit, etc), only the one with higher precedence is taken.
• If a packet matches no rule entries in the ACL, it is permitted.

GTM-P2G8KFN