Paul.Martin at viatel.com
Thu Nov 12 09:31:02 CST 2009
Following on, the best way is to 'trust' on all uplinks between devices
and filter at the edge. So you have a customer who shouldn't be sending
tagged traffic, set the port to not trusted (should be the default
state) and any customer using QoS should have "mls qos trust dscp" on
the demark port.
If you don't have a trusted core, then all it takes is a simple switch
in the path traffic takes and you'll find yourself scratching your head
as to why the DSCP tags are disappearing all of a sudden!
From: Scott Morris [mailto:swm at emanon.com]
Sent: 12 November 2009 14:41
Cc: nanog at nanog.org
Subject: Re: qos 3560
Look at "show mls qos map" to see the defaults that may be rewriting
your information depending on trust (or non-trust) mechanisms you have
If you trust CoS, a frame received with cos5 and dscp46 will get
rewritten to dscp 40 with default maps...
"show mls qos interface (intf)" is also good to see status.
> indeed, a fellow nanoger gave me this hint.
> 1. i had to enable mls qos globally in "network" switches
> 2. set the mls qos trust dscp on the uplinks (ingress port)
> ps thanks to andrey.gordon too :)
> On 11/12/2009 03:21 PM, Brian Feeny wrote:
>> You should make sure that any links that go between devices have
>> set. In your case if your doing DSCP,
>> then make sure each link that goes between devices which must carry
>> tagged packets have trust dscp set.
>> On Nov 12, 2009, at 5:11 AM, Bogdan wrote:
>>> i am playing with qos on some devices
>>> - cisco 3560
>>> - cisco 7609
>>> and i have some things that i don't seem to understand.
>>> 1. in 3560, i enable mls qos, on the ingress port applyed policy
>>> classify the packets with acl, mark, all good. on the egress ports i
>>> srr-queue with shape/share, everything is fine, it is working.
>>> 2. reset to defaults the 3560
>>> in 7606 i pick up a vlan, and apply a policy-map and set dscp 40 on
>>> egress of that vlan
>>> 3560 in uplinked in 7609
>>> in 3560 i can see the "marked" packets, and i have matches on the
>>> set earlier (sh mls qos int xx stat).
>>> the problem is: when i apply the srr-queue in 3560 on egress
>>> the test port), it does not work.
>>> if i enable mls qos on 3560, i cannot match anymore the dscp 40 from
>>> is it normal? do i have to apply the qos stuff (point1) on all
>>> i want qos on? i mean, i cannot set dscp in one "core" device and
>>> that in the whole network ?
For more information about the Viatel Group, please visit www.viatel.com
VTL (UK) Limited Registered in England and Wales
Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR
Company Registration No: 04287100 VAT Registration Number: 781 4991 88
THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system.
This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
More information about the NANOG