10-1 Modular QoS Command-Line Interface (MQC)

QoS can be defined according to the Diffserv model:
- Packet classification at the edge of a Diffserv region
- Packet marking (rewriting the DSCP values)
- Traffic conditioning, including traffic shaping, Frame Relay traffic shaping, and policing with CAR
- Policy or PHB enforcement, including EF PHB with Low Latency Queuing (LLQ) and AF PHBs with class-based WFQ, WRED, CAR, and traffic shaping
QoS is configured in a modular fashion:
- Traffic is classified into one or more class map s.
- Class maps are applied to policy maps.
- Policy maps are applied to interfaces as service policies.

Configuration

Classify traffic into a class map.
1. Define a class map:
```
 (global)  class-map  [  match-all   match-any  ]  class-map-name  
```
  The class map is given an arbitrary class-map-name (a text string). Traffic is tested against one or more match conditions in the class map. By default, all matches must be met ( match-all ) to classify a packet as a part of the class. The match-any keyword can be given so that a packet matching any of the conditions is classified into the class. Exit from class map configuration mode with the exit command.
2. Define one or more matching conditions for packets.
  
  NOTE
  
  Use the match criteria keywords to match against a specific parameter. To match against a negated parameter, use match not criteria.
  - Match any packet:
```
 (class-map)  match any  
```
    Packets are matched unconditionally. This can be used to create a class map that always matches packets so that all traffic can be classified into the class. QoS policies can then be easily applied to all traffic on an interface.
  - Match against another class map:
```
 (class-map)  match class-map   class-name  
```
    To be matched, a packet must have already been classified into the class named class-name. This allows class maps to be nested to create more complex policy structures.
  - Match against a protocol type:
```
 (class-map)  match protocol   protocol  
```
    A packet is matched if it contains the protocol. Valid protocol names are referenced through Network-Based Application Recognition (NBAR). (Refer to Section 10-2 for more information.) Here are some of the accepted protocol names :
    
    aarp (AppleTalk ARP), apollo, arp (Address Resolution Protocol), bridge (transparent bridging), bstun (Block Serial Tunnel), cdp (Cisco Discovery Protocol), clns (ISO Connectionless Network Service), clns_es (CLNS End System), clns_is (CLNS Intermediate System), cmns (ISO Connection-Mode Network Service), compressedtcp, decnet, decnet_node, decnet_router-l1 (DECnet router L1), decnet_router-l2 (DECnet router L2), dlsw (Data Link Switching), ip, ipx, llc2 (Logical Link Control 2), pad (Packet Assembler/Disassembler), qllc (Qualified Logical Link Control), rsrb (Remote Source Route Bridging), snapshot (Snapshot routing), stun (Serial Tunnel), vines, and xns.
  - Match against an access list:
```
 (class-map)  match access-group  [  access-group   name   access-group-name  ] 
```
    If a packet is permitted by the access list access-group, it is matched.
    
    The name keyword can be used to specify a named access list.
  - Match against a Layer 2 Class of Service (CoS):
```
 (class-map)  match cos   cos  [  cos cos cos  ] 
```
    If a packet is marked with the given CoS value cos (0 to 7; 0 = low, 7 = high), it is matched. IEEE 802.1Q/ISL CoS values are usually set by Layer 2 devices at the edge of the network. Up to four CoS values can be specified in a single match command.
  - Match against IP Precedence values:
```
 (class-map)  match ip precedence   precedence  [  precedence precedence   precedence  ] 
```
    If a packet is marked with IP Precedence value precedence (a name or number), it is matched. Valid precedence values are (routine), 1 (priority), 2 (immediate), 3 (Flash), 4 (Flash-override), 5 (critical), 6 (Internet), and 7 (network). Up to four precedence values can be given. Only one needs to match.
  - Match against DSCP values:
```
 (class-map)  match ip dscp   dscp  [  dscp dscp dscp dscp dscp dscp dscp  ] 
```
    Up to eight DSCP values (0 to 63) can be given to match against. Only one of the values given needs to match. The IP DSCP field is carried in the first 6 bits of the IP ToS byte.
  - Match against a local QoS group:
```
 (class-map)  match qos-group   qos-group  
```
    A router can mark and match traffic using locally significant QoS group numbers (0 to 99). If the packet is already marked with qos-group, it is matched.
  - Match against the MPLS experimental value:
```
 (class-map)  match mpls experimental   mpls-value  
```
    A packet is matched if it has the MPLS experimental (EXP) value mpls-value (0 to 7).
  - Match against Real-Time Protocol (RTP):
```
 (class-map)  match ip rtp   starting-port port-range  
```
    To match against RTP packets, a UDP port range is given as starting-port (2000 to 65535) and extends for port-range (0 to 16383) additional port numbers. If a packet contains a UDP port within the range, it is matched.
  - Match against an inbound interface:
```
 (class-map)  match input-interface   type number  
```
    If a packet arrives on the specified interface, it is matched.
  - Match against a source MAC address:
```
 (class-map)  match source-address mac   address  
```
    If a packet has the source MAC address given by address ( dotted - triplet hexadecimal format), it is matched. This can be used only on an input interface that has a MAC address (not a serial or ATM interface).
  - Match against a destination MAC address:
```
 (class-map)  match destination-address mac   address  
```
    If a packet has the destination MAC address given by address (dotted-triplet hexadecimal format), it is matched.
Use a policy map to perform a QoS policy.
1. Define the policy map:
```
 (global)  policy-map   policy-name  
```
  The policy map is named policy-name (an arbitrary text string).
2. Identify one or more traffic classes using class maps (up to 64 classes):
```
 (pmap)  class   class-name  
```
  The policy will be enacted on all traffic classified into the class class-name (a text string). Use the exit command to end the current class policy definition.
3. (Optional) Use the default class:
```
 (pmap)  class class-default  
```
  The default class can be referenced to include traffic that doesn't match any other class definition.
4. (Optional) Set various QoS parameters in the packet.
  - Set the Frame Relay Discard Eligibility (DE) bit (added in Cisco IOS Software Release 12.2(2)T):
```
 (pmap-class)  set fr-de  
```
    By default, packets that are converted to Frame Relay frames do not have their DE bits set. If you want to, you can set the DE bit on matching packets, indicating that the frame is eligible to be discarded during switch congestion.
  - Set the ATM cell loss priority (CLP):
```
 (pmap-class)  set atm-clp  
```
    By default, packets that are converted to ATM cells have their CLP bits set to 0 (high priority). If you want to, you can set the CLP bit to 1 (lower priority), indicating that the cell is eligible to be discarded during congestion.
  - Set the Class of Service (CoS):
```
 (pmap-class)  set cos   cos  
```
    The Layer 2 IEEE 802.1Q CoS value can be set to cos (0 to 7; 0 = low, 7 = high). The CoS value should be set only on packets that are being forwarded into a switched environment.
  - Set the IP DSCP:
```
 (pmap-class)  set ip dscp   dscp  
```
    The IP DSCP value can be set to dscp (0 to 63). You also can use the keywords EF (expedited forwarding, decimal 46), AF11 (assured forwarding class 11, decimal 10), and AF12 (assured forwarding class 12, decimal 12).
  - Set the IP Precedence:
```
 (pmap-class)  set ip precedence   precedence  
```
    The IP Precedence value can be set to precedence (0 to 7; 0 = low, 7 = high).
  - Set the MPLS experimental value:
```
 (pmap-class)  set mpls experimental   mpls-value  
```
    The MPLS experimental (EXP) value can be set to mpls-value (0 to 7).
  - Set the QoS group number:
```
 (pmap-class)  set qos-group   qos-group  
```
    The locally significant QoS group number (0 to 99) can be set.
5. (Optional) Use class-based WFQ to manage congestion.
  - Allocate the bandwidth for the class:
```
 (pmap-class)  bandwidth  {  bandwidth   percent   percentage  } 
```
    Class-based WFQ derives the weights for classes from their bandwidths and, during congestion, from their bandwidth percentages. The bandwidth is set in Kbps, and percentage is unitless (0 to 100). All classes in a policy map must use bandwidth or percentage, but not a mix of both. If an interface's bandwidth is unknown, use the percent keyword for a relative allocation.
  NOTE
  
  The available bandwidth for WFQ is the interface bandwidth minus the sum of the bandwidth reservations for RSVP, LLQ, and IP RTP priority.
  - (Optional) Use LLQ for a strict priority class:
```
 (pmap-class)  priority  {  bandwidth   percent   percentage  } [  burst  ] 
```
    The guaranteed bandwidth for a strict priority class of traffic can be given as bandwidth (in Kbps) or as a percentage of the overall bandwidth (1 to 100). The burst size can also be specified as burst (32 to 2000000 bytes).
  NOTE
  
  The strict priority queue that is used with WFQ can be assigned to a class map for traffic that matches a certain criteria. For voice traffic, the (interface) ip rtp priority command can be used instead to assign RTP packets to the strict priority queue. See Step 4 for details.
  - (Optional) Reserve a number of queues for the class:
```
 (pmap-class)  fair-queue  [  queue-limit   queues  ] 
```
    The maximum number of packets that are queued per flow can be set to queues. If the default class is being configured, fair-queue [ queues ] sets the number of dynamic queues that are available for the default class (16 to 4096, as a power of 2). The default number of queues starts at 16 for a bandwidth of 64 kbps or less and doubles as the bandwidth doubles. However, any bandwidth over 512 kbps is given 256 queues.
6. (Optional) Use congestion avoidance with tail drop:
```
 (pmap-class)  queue-limit   packets  
```
  The maximum number of packets in the queue is set to packets (1 to 64, although the maximum might depend on the router hardware; the default is 64). When the queue threshold is reached, no further queuing is performed, causing tail drop until the queue level is lowered .
7. (Optional) Use congestion avoidance with Weighted Random Early Detection (WRED).
  - Select a QoS criteria for WRED:
```
 (pmap-class)  random-detect  [  prec-based   dscp-based  ] 
```
    WRED can be based on IP Precedence ( prec-based, the default) or on IP DSCP ( dscp-based ).
  - (Optional) Set the WRED thresholds:
```
 (pmap-class)  random-detect  {  precedence   precedence   dscp   dscp  }  min-threshold max-threshold mark-prob-denominator  
```
    WRED can be based on IP Precedence ( precedence ) or IP DSCP ( dscp ).When the average queue length reaches the minimum threshold, min-threshold (1 to 4096 packets), some packets with the precedence value or the dscp value are dropped. Likewise, when the queue length reaches max-threshold ( min-threshold to 4096 packets), all packets with the precedence value are dropped.
    
    When the queue meets the threshold level, one out of every mark-prob-denominator packets (1 to 65536; the default is 10 packets) is dropped.
    
    IP Precedence values are given as precedence (0 to 7), and DSCP values are given as dscp (0 to 63 or a keyword: ef, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, or cs7.
8. (Optional) Use traffic policing to control the rate of traffic:
```
 (pmap-class)  police   bps burst-normal burst-max   conform-action   action   exceed-action   action  [  violate-action   action  ] 
```
  The average traffic rate is given as bps (bits per second). Traffic can burst above the average by burst-normal bytes and by an excess burst of burst-max bytes.
  
  Depending on the relationship between the traffic rate and the policing thresholds, certain actions can be taken. If the traffic rate conforms to the bps rate or rises under the normal burst or burst-normal size, the conform-action is taken. If the traffic rate rises to between the normal and excess burst sizes, the exceed-action is taken. Finally, if the traffic rate rises above the excessive burst or burst-max size, the violate-action can be taken if it is specified. (If it is not specified, the burst-max value has no effect on the traffic. A one-token bucket algorithm is then used.)
  
  The action parameters can be drop (drop the packet), set-prec-transmit new-prec (set the IP Precedence to new-prec and then forward the packet), set-qos-transmit new-qos (set the QoS group to new-qos and then forward the packet), set-dscp-transmit new-dscp (set the DSCP to new-dscp and then forward the packet), or transmit (forward the packet as-is).
9. (Optional) Use class-based shaping to match the speed of a remote target:
```
 (pmap-class)  shape  {  average   peak  }  cir  [  bc  ] [  be  ] 
```
  Generic traffic shaping is configured with an average rate or a peak rate as cir (bits per second). You can also specify a normal burst size bc (in bits) and an excess burst size be (in bits).
Apply a policy map to an interface:
```
 (interface)  service-policy  {  input   output  }  policy-map-name  
```
The traffic policy named policy-map-name is attached to the interface in either the input (entering the interface) or output (leaving the interface) direction.
(Optional) Use a strict priority queue for RTP voice traffic:
```
 (interface)  ip rtp priority   starting-rtp-port port-range bandwidth  
```
IP RTP voice traffic can be assigned to a strict priority queue that is serviced before any other queue on the interface. RTP packets are identified by their UDP port numbers, given as the lowest UDP port for RTP (starting-rtp-port) and the number of ports used in the RTP range (port-range). The guaranteed bandwidth is also specified, in Kbps.

Allocate enough bandwidth for all simultaneous calls that will be supported, taking traffic bursts into account. The priority queue takes RTP compression into account automatically, so you only need to consider the compressed call bandwidth and any Layer 2 headers.

MQC Example

The Modular QoS CLI is used to configure a QoS policy for outbound traffic on interface serial 0. Streaming audio traffic is classified into a class map called streaming, containing RealAudio, StreamWorks, and VDOlive traffic flows. Voice over IP traffic is classified into class map voip, containing RTP traffic. FTP traffic is classified into class map filetransfer, using an access list to match TCP ports 20 and 21.

A policy map called traffic-out is used to define the QoS policy. The following policies are configured:

Traffic belonging to the streaming class map has the DSCP value set to 34 (AF41), using WFQ to manage congestion for a 128 kbps bandwidth.
Traffic belonging to the voip class map has the DSCP value set to 46 (EF). LLQ is used to implement a strict priority queue alongside WFQ for up to 128 kbps of voice traffic.
Traffic belonging to the filetransfer class map has the DSCP value set conditionally. A traffic policer is configured to control FTP traffic to a 128 kbps bandwidth, allowing bursts of 16000 bytes. If the FTP traffic conforms to the 128 kbps rate, the DSCP value is set to 26 (AF31), and packets are forwarded. If the FTP traffic bursts to within the burst size, the DSCP value is set to 30 (AF33, high drop precedence), and the packets are forwarded. If the FTP traffic violates the burst size, packets are simply dropped.
The default class, class-default, is defined to set the DSCP value of all other packets to 0. This indicates that best-effort service is acceptable.

  class-map match-all streaming   match protocol realaudio   match protocol streamwork   match protocol vdolive   class-map voip   match ip rtp 16384 17800   access-list 110 permit tcp any any eq ftp   access-list 110 permit tcp any any eq ftp-data   class-map filetransfer   match access-group 110   policy-map traffic-out   class streaming   set ip dscp 34   bandwidth 128   class voip   set ip dscp 46   priority 128   class filetransfer   police 128000 16000 16000 conform-action set-dscp-transmit 26   exceed-action set-dscp-transmit 30 violate-action drop   class class-default   set ip dscp 0   interface serial 0   service-policy output traffic-out