Ethernet Switches & Routers

Reply
CMD
Contributor
CMD
Posts: 52
Registered: ‎02-18-2010

QoS on FastIron CX switches in a stack

The configuration guide states that: "By default in stacking mode, 802.1p marking is not enabled. Outgoing tagged traffic is not marked with 802.1p in the VLAN tag based on teh internal hardware aueue into which ingress traffic was classified."

Is this something you can enable? I don't see how you can do this in the documentation.

If I configure VLAN priority to mark all traffic in VLAN 10 to a 802.1p priority level of 6, will this marking be carried over to an upstream device?

Thank you,

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: QoS on FastIron CX switches in a stack

have a look at manual page 632 (PDF page 686) of the Fastiron config guide (Dated  18 March 2010)

QoS options for IP ACLs

Quality of Service (QoS) options enable you to perform QoS for packets that match the ACLs. Using an ACL to perform QoS is an alternative to directly setting the internal forwarding priority based on incoming port, VLAN membership, and so on.

internal-priority-marking and 802.1p-priority-marking – Supported with the DSCP marking option, these commands assign traffic that matches the ACL to a hardware forwarding queue (internal-priority-marking), and re-mark the packets that match the ACL with the 802.1p priority (802.1p-priority-marking).

Note : CoS - 802.1p in stacking mode is onoured in ingress but as you stated not ergrss.  Using the above should get you want you need.

CMD
Contributor
CMD
Posts: 52
Registered: ‎02-18-2010

Re: QoS on FastIron CX switches in a stack

MsChipp,

Okay, this looks good. I can use an ACL like you stated in your last message and mark the traffic as it egresses the switch. That is perfect.

Another question, do you typically change the default queueing method when you are configuring QoS for an IPT installation?

Thank you very much!

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: QoS on FastIron CX switches in a stack

Hi CMD,

     You can do so if you want to, however I just create a VoIP and just have the phones in that vlan.

oh, and please stop the MsChipp thing

My Name is Michael Schipp

CMD
Contributor
CMD
Posts: 52
Registered: ‎02-18-2010

Re: QoS on FastIron CX switches in a stack

Thanks for your replys Michael. Sorry about the MsChipp thing....

CMD
Contributor
CMD
Posts: 52
Registered: ‎02-18-2010

Re: QoS on FastIron CX switches in a stack

I have a stack of FCX switches and I want to make sure they pass traffic to their up or downstream neighbors with the DSCP set to 46. Now the FCX does not mark traffic when it egresses the switch when in a stack. So I know I can use an access-list to mark traffice with the DSCP value that I want but only inbound ACL's are supported, correct??? If so, how do I accomplish this?

Also, when I attempt to apply and ACL to an interface on FCX, the command "ip access-group" is not available to me. I only have "ip access-list" The FCX's are all running layer 3 code.

Thank you,

Chris

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: QoS on FastIron CX switches in a stack

Hi Chris,

     Yes FCX can only do engress ACL and that is ok here.

     When in a stack it is disbaled by defualt.

     However using FastIron(config)#access-list 101 permit ip any any dscp-marking 46 will get you want you want.

The ACL 'turns on engress marking' (in a round about way).

Why do you need ip access group?

Please read PDF page 86 (or manual page 633) of  FastIron Config guilde - dated 18 march 2010. 07.0.01b

k A bit more reading and this may also course you a problem

Enabling ACL support for switched traffic in the router image

NOTE

The bridged-routed CLI parameter applies to FastIron X Series devices only. For FGS, FLS, FWS, and

FCX Series devices, ACL support for switched traffic in the router image is enabled by default. There

is no command to enable or disable it.

By default, when an ACL is applied to a physical or virtual routing interface, the Brocade Layer 3

device filters routed traffic only. It does not filter traffic that is switched from one port to another

within the same VLAN or virtual routing interface, even if an ACL is applied to the interface.

You can enable the device to filter switched traffic within a VLAN or virtual routing interface. When

filtering is enabled, the device uses the ACLs applied to inbound traffic to filter traffic received by a

port from another port in the same virtual routing interface.

To enable this feature, enter a command such as the following.

FastIron(config)#ip access-list 101 bridged-routed

Applying the ACL rule above to an interface enables filtering of traffic switched within a VLAN or

virtual routing interface.

Syntax: ip access-list

<ACL-ID> bridged-routed

The

<ACL-ID> parameter specifies a standard or extended numbered or named ACL.

You can use the bridged-routed feature in conjunction with enable ACL-per-port-per-vlan, to assign

an ACL to certain ports of a VLAN under the virtual interface configuration level. In this case, all of

the Layer 3 traffic (bridged and routed) are filtered by the ACL. The following shows an example

configuration.

FastIron(config)#vlan 101 by port

FastIron(config-vlan-101)#tagged ethernet 1 to 4

FastIron(config-vlan-101)#router-interface ve 101

FastIron(config-vlan-101)#exit

FastIron(config)#enable ACL-per-port-per-vlan

FastIron(config)#ip access-list 101 bridged-routed

FastIron(config)#write memory

FastIron(config)#exit

FastIron#reload

...

FastIron(config-vif-101)#ip access group 1 in ethernet 1 ethernet 3 ethernet 4

NOTE

For FastIron X Series devices, the enable ACL-per-port-per-vlan command must be followed by the

write-memory and reload commands to place the change into effect.

N/A
fred.huynh
Posts: 1
Registered: ‎11-19-2010

Re: QoS on FastIron CX switches in a stack

Hi Michael,

I have an unique setup that I need to apply qos-tos trust dscp and also need ACL to block other subnet from access my voice network under the VE interface.  My company use both RX and CX switches, when I try to apply the ACL on the interface, I got the error saying "QOS is configured on the port".  Even the tech said that I can only apply either QoS or ACL on the interface, but not both.   I am wonder if you know of an alternative way for me to do that.  The idea is to trust the QoS coming out from Cisco UCM and be able to configure ACL to only allow voice subnet.

Thanks,

Super Contributor
mschipp
Posts: 1,087
Registered: ‎12-13-2009

Re: QoS on FastIron CX switches in a stack

Hi Fred,

     Ok this should be fine.

     By default the trust is already there on the FCX (note that queue 7 will auto drop to queue 6 as queue 7 is for the stack controll traffic).

     Recommend remove the qos based ACL's let the default do what you want and then add the security ACL (for your subnet) in and you should be good to go mate.

Thanks

Michael.

Extra reading...

QoS profile restrictions in an IronStack

In a stacking topology, because CoS level 7 is reserved for stacking, quality profiles for qosp7 cannot be configured. If an attempt is made to configure a profile for qosp7, the system gnores the configuration.

NOTE

This applies only when the device is operating in stacking mode. It does not apply to standalone devices.

QoS behavior for trusting Layer 2 (802.1p) in an IronStack

By default, Layer 2 Trust is enabled. Because priority 7 is reserved for stacking control packets, any

ingress data traffic with priority 7 is mapped to internal hardware queue 6. All other priorities are

mapped to their corresponding queues.

QoS behavior for trusting Layer 3 (DSCP) in an IronStack

When the trust dscp mode is enabled, packets arriving with DSCP values 56 to 63 are mapped to

internal hardware queue 6. All other DSCP values are mapped to their corresponding internal

hardware queues.

FastIron stackable devices

FastIron GS, LS, WS, and CX Series devices support DSCP-based QoS on a per-port basis.

DSCP-based QoS is not automatically honored for switched traffic. The default is 802.1p to CoS

mapping. To honor DSCP-based QoS, enter the following command at the interface level of the CLI.

FastIron(config-if-e1000-11)#trust dscp

Syntax: trust dscp

When trust dscp is enabled, the interface honors the Layer 3 DSCP value. By default, the interface

honors the Layer 2 CoS value.

Contributor
serhat.kahraman
Posts: 61
Registered: ‎12-08-2009

Re: QoS on FastIron CX switches in a stack

Hi Michael,


I did not find any restrictions about that but want to be sure,

when configuring ACL based rate limiting, does it matter ACL is an IPv6 one?


it works for both ipv4 and ipv6 ACLs right?

Br,


Serhat


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.