Configuring QoS actions in a policy

In QoS policy-configuration mode, you define the actions to be applied to a pre-configured IPv4 or IPv6 traffic class when a packet matches the match criteria in the class. Note: Actions are not executed on packets that match ignore criteria. You can enter multiple action statements in a traffic class, including the default class.

The following commands are supported in a QoS policy configuration:

rate-limit

Configures the rate limit for matching packets.

ip-precedence

Configures (marks) the IP precedence bits in the ToS byte of IPv4 packet headers and Traffic Class byte of IPv6 headers.

dscp

Configures the DSCP bits in the IPv4 ToS byte and IPv6 Traffic Class byte of packet headers.

priority

Configures the 802.1p class of service (CoS) priority in Layer 2 frame headers.

For information on the difference between the DSCP bits and precedence bits in the ToS byte of an IPv4 header and the Traffic Class byte of an IPv6 header.

Context: Global configuration

Syntax:


no [seq-number] class [ipv4 | ipv6] classname action qos-action [action qosaction ...]

In a QoS policy configuration, the qos-action parameter can be any of the following commands:

Syntax


rate-limit kbps

Configures the maximum transmission rate for matching packets in a specified traffic class. All packets that exceed the configured limit are dropped.

The rate limit is specified in kilobits per second, where kbps is a value from 0 to 10000000.

Rate limiting usage

Rate limit values below 13 kbps may result in unpredictable rate limiting behavior. Configuring a rate limit of 0 (zero) kilobits on a port blocks all traffic on the port. If blocking all traffic is the desired behavior, HPE recommends that you configure deny ACL instead configuring a rate limit of 0. A rate limit that you apply with a classifier-based policy overrides any globally-configured per-port rate limit on the selected packets.

For more information on per-port rate limiting, see the ArubaOS-Switch Management and Configuration Guide for your switch.

Rate limiting restrictions

A rate limit is calculated on a per-module or per port-bank basis. If trunked ports or VLANs with a configured rate limit span multiple modules or port-banks, the configured rate limit is not guaranteed. A QoS policy that uses the class action rate-limit command is not supported on a port interface on which ICMP rate limiting has already been globally configured. To apply the QoS policy, you must first disable the ICMP rate limiting configuration. In cases where you want to maintain an ICMP rate limiting configuration, configure a class in which you specify the necessary match statements for ICMP traffic, and a QoS policy in which you configure the rate limit action for the class.

See the ArubaOS-Switch Multicast and Routing Guide for your switch for more information.

priority priority-value

Configures the 802.1p class of service (CoS) bits in Layer 2 frames of matching packets in a specified traffic class. Valid CoS values range from 0 to 7. The 802.1p CoS value controls the outbound port-queue priority for traffic leaving the switch. In an 802.1Q VLAN network, downstream devices may honor or change the 802.1p priority in incoming packets. 802.1p priority settings and outbound queue assignment shows how the Layer 2 802.1p priority value determines to which outbound port queue a packet is sent both on the switch and on a downstream device. The 802.1p CoS numeric value (from 0 to 7) corresponds to the hexadecimal equivalent of the three binary 0 and 1 bit settings in the Layer 2 header. For example if the CoS bit values are 1 1 1, the numeric value is 7 (1+2+4). Similarly, if the CoS bits are 0 1 1, the numeric value is 3 (1+2+0).

NOTE:

If you want the 802.1p CoS priority settings included in outbound packets to be honored on downstream devices, configure tagged VLANs on the appropriate inbound and outbound ports.

ip-precedence precedence-value
Configures the IP precedence value in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets in a specified traffic class. Valid IP precedence values are either a numeric value from 0 (low priority) to 7 (high priority) or its corresponding name:

0

routine

1

priority

2

immediate

3

flash

4

flash-override

5

critical

6

internet (for internetwork control)

7

network (for network control)

802.1p priority settings and outbound queue assignment shows how the Layer 2 802.1p priority value determines to which outbound port queue a packet is sent.

IP precedence-to-802.1p priority mapping shows the 802.1p priority value (0 to 7) associated, by default, with each IP Precedence three-bit setting and automatically assigned by the switch to the Layer 2 header of matching packets.

dscp dscp-value

Configures the DSCP codepoint in the IPv4 ToS byte or IPv6 Traffic Class byte of matching packets in a specified traffic class. Valid values for the DSCP codepoint are any of the following:

  • A binary eight-bit set (such as 100110 ).
  • A decimal value from 0 (low priority) to 63 (high priority) that corresponds to a binary DSCP bit set.
  • The ASCII standard name for a binary DSCP bit set:
af11

(001010)

af42

(100100)

af12

(001100)

af43

(100110)

af13

(001110)

ef

(101110)

af21

(010010)

cs1

(001000) = precedence 1

af22

(010100)

cs2

(010000) = precedence 2

af23

(010110)

cs3

(011000) = precedence 3

af31

(011010)

cs4

(100000) = precedence 4

af32

(011100)

cs5

(101000) = precedence 5

af33

(011110)

cs6

(110000) = precedence 6

af41

(100010)

cs7

(111000) = precedence 7

default

(000000)

 

Prerequisite

The DSCP value you enter must already be configured with an 802.1p priority in the DSCP Policy table before you can use it to mark matching packets.

NOTE:

DSCP-802.1p Mapping: The 802.1p priority currently associated with each DSCP codepoint is stored in the DSCP Policy table (displayed with the show qos dscp-map command. Certain DSCP codepoints have 802.1p priorities assigned by default. The 802.1p priority mapped to a DSCP codepoint is automatically applied in matching packets whose codepoint is reset with the class action dscp command in a QoS policy.