|
This chapter describes how to create and configure Layer 3 Quality of Service (QoS) Committed Access Rate (CAR) policies.
This chapter contains the following information:
Table 14-1 lists the Layer 3 QoS windows that can be launched from each object type. For example, the CAR Policy Configuration window can be launched from a Site, Shelf, Chassis, Module, Interface or CAR Policy, but not from an Access List.
Interface Profile Window Access
Note Cisco 7200/7400 Series Manager windows cannot be opened when multiple objects are selected (the menu options to open the Cisco 7200/7400 Series Manager windows are grayed out). Available menu options can be launched from a site object containing the required objects. |
Access lists enhance the abilities of a Committed Access Rate (CAR) policy. For example, access lists allow you to specify certain types of traffic, or certain locations where the traffic is coming from.
CAR is a policing mechanism that allows you to partition your network into multiple priority levels or classes of service. You set the IP precedence for packets entering the network. Networking devices within your network can then use the adjusted IP precedence to determine how to treat the traffic. CAR services limit the input or output transmission rate on an interface or subinterface based on a flexible set of criteria.
CAR is often configured on interfaces at the edge of a network to limit traffic into or out of the network. CAR can rate-limit traffic based on certain matching criteria, such as incoming interface, IP precedence, or IP access list. You configure the actions CAR will take when traffic conforms to or exceeds the rate limit. Each interface can have multiple CAR policies, corresponding to different types of traffic. For example, low-priority traffic can be limited to a lower rate than high-priority traffic.
There are two types of CAR objects: CAR policies and access lists. When you create these objects in the Cisco 7200/7400 Series Manager, you can work within the Layer 3 QoS view to create, apply, delete, or edit Layer 3 QoS objects. The CAR policies you create are placed under the CAR policies container in the Layer 3 QoS view. The access list you create are placed under the Access List container in the Layer 3 QoS view.
Note Access lists are supported only with the CAR and do not function as stand-alone objects. |
Layer 3 QoS CAR objects (access lists and policies) can be applied to any physical interface.
Note Voice cards and the associated logical interfaces do not support QoS. |
To begin working with CAR objects:
Step 2 Create and configure an access list (optional).
Step 3 Apply one or more access lists to the CAR policy.
Step 4 Apply the created CAR policy or access list to one or more interfaces.
At any given time, you have the option to edit or delete CAR policies (which are not applied), change the association of CAR policies, or view the status of CAR policies on any interface.
CAR policies can rate-limit traffic based on certain matching criteria, such as incoming interface, IP precedence, or IP access list. You configure the actions CAR will take when traffic conforms to or exceeds the rate limit. You can set CAR policies that are associated with one of the following:
Each interface can have only one CAR policy applied.
This section covers the following areas:
Step 2 Choose Create. A popup window appears, asking for you to enter a name for the CAR policy.
Step 3 Enter a name for the CAR policy you are about to create, then choose OK.
A confirmation window appears. The name of your new profile appears in the list box at the left of the window.
Step 4 Modify the configuration fields as desired. See the"CAR Policy Configuration WindowDetailed Description" section for details.
Step 5 Choose Save to save the changes.
You can apply an access list to a selected CAR policy if desired (to create an access list, refer to the "Access Lists" section).
Step 2 Choose the access list you want to apply.
Step 3 In the Actions area, choose the right-facing arrow to move the selected access list into the required access list.
Step 4 Choose Save to save the changes.
The CAR Policy Configuration window contains a single CAR Policy Configuration tab.
The CAR Policy Configuration tab contains four areas: CAR Parameters, Access List Choice, Conform Action, and Exceed Action.
The CAR Parameters area contains the following fields:
Traffic DirectionChoose either incoming (input) or outgoing (output) traffic.
Average Transmission RateNormal transmission rate based on a long-term average in bits per second (bps).
Normal Burst Size (in bytes)Bytes allowed in a burst before some packets will exceed the rate limit. Larger bursts are more likely to exceed the rate limit.
Maximum Burst Size (in bytes)Bytes allowed in a burst before all packets will exceed the rate limit.
The Access List Choice area contains the following fields:
With Access List?Yes applies a selected access list to the selected CAR policy; No does not apply an access list to the selected CAR policy.
Available Access ListPane that lists all created access lists.
ActionsTwo arrow buttons move access lists between the available access list and the required access list.
Required Access ListPane that lists all access lists, which are required to be associated with the selected CAR policy.
The Conform Action area contains the following fields:
ContinueEvaluate the next rate-limit command.
DropChoose whether or not to drop the packet.
TransmitChoose whether or not to transmit the packet.
Set Prec. To X and Continue(numbers 0-7) Set precedence to an integer and continue.
Set Prec. To X and Transmit(numbers 0-7) Set precedence to an integer and transmit.
The Exceed Action area contains the following fields:
ContinueEvaluate the next rate-limit command.
DropChoose whether or not to drop the packet.
TransmitChoose whether or not to transmit the packet.
Set Prec. To Y and Continue(numbers 0-7) Set precedence to an integer and continue.
Set Prec. To Y and Transmit(numbers 0-7) Set precedence to an integer and transmit.
Access lists are supplemental to CAR policies and enhance their abilities. For example, access lists allow you to specify certain types of traffic, or certain locations where the traffic is coming from.
This section covers the following areas:
Step 2 Choose Create. A popup window appears, asking for you to enter a name for the access list.
Step 3 Enter a name for the access list you are about to create, then choose OK.
A confirmation window appears.
Step 4 In the General tab, select the type of access list you want to create. You can also enable logging level at this time. See the "Access List Configuration WindowDetailed Description" section for more details.
Step 5 Modify the configuration fields in the respective tab as desired.
Step 6 Choose Save to save the changes.
Step 7 To apply an access list to a CAR policy, refer to the "Applying an Access List to a CAR Policy" section.
The Access List Configuration window contains one button: Create. When you choose Create, a new access list of type IP Standard is created and the next available index is assigned. The access list type can be changed and saved, if desired. When the access list type is changed, the index can be manually or automatically reallocated to the next available index for the new type selected.
The Access List Configuration window displays five tabs: General, IP Standard, IP Precedence, MAC, and IP Extended.
Note The General tab is always accessible. The corresponding tab, based on the access list type, is also accessible. Any non-relevant tabs are grayed out. The fields in all the tabs are populated with default values. The fields can be changed as desired. |
The General tab contains a single area: General.
The General area displays four fields:
Index Allocation ModePossible values are Manual or Automatic. When the access list type is changed, the index can be manually or automatically reallocated to the next available index for the new type selected.
IndexIdentification number for an access list. The Index field is automatically generated if the Index Allocation Mode is set to Automatic.
TypeLists the type of access list. Possible types include: IP Standard, IP Precedence, MAC, and IP Extended.
Logging Level(Applicable only to IP standard and IP extended access lists.) If you enable the logging level, then informational messages about the packet that matched the criteria specified in the access list are generated.
The IP Standard tab displays a single area: IP Standard.
The IP Standard area contains five fields:
Access ActionAction to be taken if the conditions are matched. This value will be either Deny or Permit.
Host TypeHost type indicates the hosts for which the access actions are available. Possible values for this field include the following:
Host NameName of the host (or source of the packet) for which the access action is applicable.
IP AddressIP address of the host (or source of the packet) for which the access action is applicable.
Wild CardIf the access action is applicable for more than one host, then this field should be used as a mask. For example, the wild card 255.255.255.255 represents any host.
The IP Precedence tab is shown in Figure 14-4:
The IP Precedence tab contains one area: IP Precedence.
The IP Precedence area contains three fields:
MaskIf more than one precedence comes into the same classification, Mask should be used for classification. Enabling Mask enables the Precedence Bit Mask field, and disabling Mask enables the Precedence field.
PrecedenceIP precedence to be matched. Possible values are 0 to 7.
Precedence Bit MaskIf more than one precedence comes into the same classification, Precedence Bit Mask should be used. Possible values for this field are 00 to FF.
The MAC tab is shown in Figure 14-5:
The MAC tab contains one area: MAC.
The MAC area contains one field:
MAC AddressType in the MAC address for the packets to be classified.
The IP Extended tab displays a single area: IP Extended.
The IP extended area contains three fields: Dynamic list, Source, and Destination.
The IP Extended area contains two fields:
Access ActionAction to be taken if the conditions are matched. Possible actions are deny and permit.
Protocol NameName or number of an IP protocol. Valid protocol number values are 0 to 255. Valid protocol names are listed in Table 14-2:
DynamicDefines the selected access list as dynamic. Dynamic access lists grant access to users, to a specific source or destination host, through a user authentication process. You can allow user access dynamically through a firewall, without compromising security restrictions.
NameDefines a name for the dynamic list (available only if the Dynamic button is selected).
Time OutSpecifies the absolute length of time (in minutes) that a temporary access list entry can remain in a dynamic access list. The default (0) is an infinite length of time and allows an entry to remain permanently (available only if the Dynamic button is selected).
The Source and Destination area contain the following fields:
Host TypeIndicates the hosts for which the access action are available. Possible values for this field include the following:
Host NameName of the host (or source of the packet) for which the access action is applicable.
IP AddressIP address of the host (or source of the packet) for which the access action is applicable.
Wild CardIf the access action is applicable for more than one host, then this field should be used as a mask. For example, the wild card 255.255.255.255 represents any host.
Port CriteriaValues to be applied on the specified port (interface) number. Possible values are as follows:
The Source and Destination area also contains on subarea: Port.
The Port subarea contains the following fields:
NumberPort (interface) number from or to where the packet is sent.
RangePort (interface) numbers that will be allowed through this filter.
The CAR Policy Apply section covers the following areas:
To apply a CAR policy to an interface:
Step 2 From the list boxes at the left of the window, choose a Chassis, Module, and IP Interface to which you want to apply the CAR policy. You can select multiple chassis, modules, or interfaces, if required.
Step 3 In the Available Policies area, choose the policy you want to apply, and choose the right-facing arrow to move that policy into the Required Order box.
Step 4 When you have moved the CAR policy, choose Apply.
Note If a CAR policy fails to be applied to an interface, the Apply Status area on the CAR Policy Apply window (see Figure 14-7) is updated accordingly. |
If the interface is being managed, the selected CAR policy is downloaded to the device.
For more details on the fields within this tab, see the "CAR Policy Apply WindowDetailed Description" section.
To remove a CAR policy from an interface:
The CAR policy that is currently applied to the selected interface appears in the Required Order list on the CAR Policy Apply tab. CAR policies that are not being used are listed in the Available Policies list.
Step 2 Use the directional arrows to move CAR policies from the Required Order list back to the Available Policies list.
Step 3 Choose Apply to apply the changes. The selected CAR policies are removed from the interface.
A CAR policy can be edited or deleted only if it is not currently being applied to an interface. Once you have applied a CAR policy to an interface, you cannot edit or delete it unless you first remove it from the interface. If that CAR policy is being used by any other interfaces, you will still not be able to edit or delete it. For this reason, it is a good idea to keep a list of which interfaces have which CAR policies applied to them. If you keep such a list, if you later want to edit or delete the CAR policy, you can simply remove it from the interfaces that are using it, then proceed to edit the fields in the CAR Configuration window or delete the CAR policy.
To delete an existing CAR policy:
Step 2 Choose Deployment > Delete Objects. The Deployment Wizard appears with a summary of what will be deleted.
Step 3 Click Finish. The CAR policy is deleted.
If deletion fails, another interface might currently be using the CAR policy; therefore, you cannot delete the CAR policy.
The CAR Policy Apply window contains one tab: CAR Policy Apply.
The CAR Policy Apply tab contains two list boxes, Actions, and Apply Status.
Available PoliciesLists all created CAR policies that are available to apply to a selected interface.
Required OrderDisplays the CAR policy that is applied to the selected interface.
The CAR Policy tab also contains two areas: Actions, and Apply Status.
The Actions area contains the following:
Force synchronization?Allows you to select whether or not to force synchronization with the selected device. Select Yes to force synchronization, or select No if you do not want to force synchronization.
Right arrow button (>>)Allows you to move CAR policies from the Available Policies list to the Required Order list.
Left arrow button (<<)Allows you to move CAR policies from the Required Order list to the Available Policies list.
Apply buttonAllows you to apply the CAR policies listed in the Required Order list to the selected interface.
The Apply Status area contains one field: Status of Last Apply.
Status of Last ApplyStatus of the last CAR policy applied to an interface. This value can be either succeeded or failed.
The CAR Policy Status window displays the CAR policies that are currently applied to a selected interface, and the order in which they are applied.
To view the CAR Policy Status window:
Step 2 Choose the correct Chassis, Module, and IP Interface from the list boxes at the left of the window.
Posted: Mon Jan 20 23:33:45 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.