cc/td/doc/product/rtrmgmt/qos/qpm1_0
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Working with Policy Statements
Writing a New Policy
Modifying a Policy
Deleting a Policy
Enabling and Disabling Policies
Creating Policy Building Blocks
Changing the Priority of Policies
Viewing the Equivalent IOS Software Commands for Policies
Viewing Policy Reports

Working with Policy Statements


The heart of your Quality of Service configuration is the policy statements you create in QoS Policy Manager and deploy to your network devices. These policies define how the network devices manage the data that flows through the network.

These topics cover the details about creating and managing policies.

Writing a New Policy

These topics describe the basics of policies, and how to create them.

Understanding the Elements of a Policy

A policy has several elements, all of which are displayed in the policy editor pane when you select an existing policy or define a new policy.

When you select a policy, its algebraic expression is displayed in the Policy Expression field.

Understanding the Difference Between AND and OR Operators

The policy filter can contain a complex set of conditions connected by AND and OR operators.

In the policy filter grid in the policy editor, conditions are ANDed together (conjoined) if they are in the same row.

Conditions are ORed together (disjoined) if they reside in different rows.

If you are familiar with programming logic, then you already understand how these conditions work.

Figure 5-1 shows a complex set of conditions. The first row translates as (Sender Port is 80 AND Protocol is TCP). This condition is only met if the packet is TCP coming through port 80. No other TCP packets are considered. The second row applies to all UDP packets. Together, these filter conditions apply to every UDP packet, and to all TCP port 80 packets.

The translation for the entire policy filter is (Sender Port is 80 and Protocol is TCP) or (Protocol is UDP).

QoS Policy Manager does not allow you to create a set of filter conditions that are internally inconsistent. If the Policy Manager finds the filter conditions inconsistent, it issues an error message, describing the error.


Figure 5-1   AND and OR Operators

Creating the Policy and Writing the Policy Filter

Create a policy and write a policy filter whenever you want to apply a specific QoS action to a selected group of packets, rather than just change how an interface or group of interfaces manages traffic. Besides the filter, you must also assign a policy action (see "Writing the Policy Action").

Before You Begin

Determine the characteristics of the packets you are targeting. For example, the port the packets use, the protocol the packets use, the IP address of the source of the packets, the IP packet of the destination of the packets, and so forth.

Procedure

Step 1   Select the interface or device group on which you want to create the policy in the tree view.

Step 2  
Click the New Policy button, or select File>New>Policy.

QoS Policy Manager adds a new policy to the list view, and enables the policy editor pane.

Step 3   Click New in the policy editor pane.

QoS Policy Manager opens the Define Policy Filter window.

Step 4   Fill in the Define Policy Filter window as required to define the traffic to which the policy should apply (see "Define Policy Filter Dialog Box" in Appendix B for information about the fields in the window). You can identify the traffic by its general characteristics, its source, or its destination. Click OK when finished.

Related Topics

Writing the Policy Action

The policy actions available for a policy statement are different depending on the type of queuing being used on the interface. All valid actions for a policy appear in the Action drop-down list in the policy editor's Define Policy Action group.

To define the policy action for a policy, select the desired action in the Action field.

These topics discuss the various requirements for each policy action.

Defining a Coloring Action

Define coloring policies on interfaces where you want to change the IP precedence, or color, of a packet, thus changing the packet's relative importance.

Before You Begin

You can define coloring actions for inbound or outbound traffic. IOS software changes the color of a packet before queuing the packet, so your coloring affects queuing if the interface uses a type of queuing that is sensitive to coloring.

This procedure assumes you are in the process of writing a policy. If you are not writing a policy, start with "Creating the Policy and Writing the Policy Filter."

Procedure

Step 1   Select Coloring in the Action field.

Step 2   Select the desired priority for the traffic in the Precedence field.

Some versions of IOS software (at present IOS 11.1cc and IOS 12.0) support complex coloring policies called Committed Access Rate (CAR). If you are creating a coloring policy on an interface that supports it, you can click Advanced and define a complex coloring action, rather than filling the Precedence field. Table 5-1 describes the advanced coloring fields.

Table 5-1   Committed Access Rate Advanced Coloring Settings

Field  Description 

Rate

The target rate for the traffic that the policy covers. If a traffic flow is lower than or equal to this rate, the policy applies your conforming action (that is, the traffic flow is conforming to your defined rate). If a traffic flow is greater than this rate, the policy applies your exceeding action. Thus, you can create different actions based on a specific level of service.

Burst Size

Optionally, the amount of KB allowed to the traffic flow to accommodate bursty traffic.

Exceed Burst Size

Optionally, the amount of KB allowed to the traffic flow to accommodate bursty traffic in excess of the bandwidth allocated to normal bursts.

Direction

The direction of the traffic to which this policy applies

  • IN—The policy only applies to traffic entering the interface.
  • OUT—The policy only applies to traffic leaving the interface.
  • BOTH—The policy applies to all traffic traversing the interface.

Conform Priority

The IP precedence value to be applied to traffic that conforms to the rate for the policy. Select NONE to not assign a priority to conforming flows.

  • Continue—Select Continue to indicate that the device should examine subsequent policies for conforming flows after applying the conforming priority. The packet is evaluated using the next rate policy. If there is not another rate policy, the packet is transmitted.
  • Set precedence and continue—The IP precedence bits in the packet header are rewritten. The packet is evaluated using the next rate policy. If there is not another rate policy, the packet is transmitted.

Exceed Priority

The IP precedence value to be applied to traffic that exceeds the rate for the policy. Select NONE to not assign a priority to exceeding flows.

  • Continue—Select Continue to indicate that the device should examine subsequent policies for exceeding flows after applying the exceeding priority. The packet is evaluated using the next rate policy. If there is not another rate policy, the packet is transmitted.
  • Set precedence and continue-The IP precedence bits in the packet header are rewritten. The packet is evaluated using the next rate policy. If there is not another rate policy, the packet is transmitted.

Tips
Related Topics

Defining a Shaping Policy Action for Outbound Traffic

Define shaping policies on interfaces where you want to limit the bandwidth for a traffic flow. A shaping rate limit is not a rigid limit—if a traffic flow exceeds your limit, the device begins dropping packets to get the sender to lower its transmission rate. However, not all packets are dropped as the maximum rate is exceeded, as in limiting policies. This only works with protocols like TCP, which respond to dropped packets by lowering the transmission rate. Other protocols, such as IPX or UDP, do not change transmission rates for re-sending packets, so shaping has a less meaningful effect on those traffic flows.

Before You Begin

You can define shaping actions for outbound traffic.

This procedure assumes you are in the process of writing a policy. If you are not writing a policy, start with "Creating the Policy and Writing the Policy Filter."

Procedure

Step 1   Select Shaping in the Action field.

Step 2   Enter the desired rate limit in the Rate field, in kilobits per second. Optionally, you can include a burst and exceed burst size, to accommodate bursty traffic.

Tips
Related Topics

Defining a Limiting Action

Define limiting policies on interfaces where you want to limit the bandwidth for a traffic flow. A limiting rate limit is a rigid limit—if a traffic flow exceeds your limit, the device begins drops all packets that exceed the rate. This allows you to set a firm service level for a traffic flow.

Before You Begin

You can define limiting actions for inbound or outbound traffic. Because IOS software changes the color of a packet before queuing the packet, you can color traffic before you limit it on a single interface. You can color the traffic using a separate coloring policy, or you can color the conforming traffic within the limiting policy itself.

This procedure assumes you are in the process of writing a policy. If you are not writing a policy, start with "Creating the Policy and Writing the Policy Filter."

Procedure

Step 1   Select Limiting in the Action field.

Step 2   Fill in the remaining fields described in Table 5-2.

Table 5-2   Limiting Settings

Field  Description 

Rate

The target rate for the traffic that the policy covers. If a traffic flow is lower than or equal to this rate, the policy applies your conforming priority, if any, and transmits the traffic. If a traffic flow is greater than this rate, the traffic is dropped unless you specify burst sizes.

The rate must be a multiple of 8.

Burst Size

Optionally, the amount of KB allowed to the traffic flow to accommodate bursty traffic.

Exceed Burst Size

Optionally, the amount of KB allowed to the traffic flow to accommodate bursty traffic in excess of the bandwidth allocated to normal bursts.

Direction

The direction of the traffic to which this policy applies

  • IN—The policy only applies to traffic entering the interface.
  • OUT—The policy only applies to traffic leaving the interface.
  • BOTH—The policy applies to all traffic traversing the interface.

Conform Priority

The IP precedence value to be applied to traffic that conforms to the rate for the policy. Select NONE to not assign a priority to conforming flows.

  • Continue—Select Continue to indicate that the device should examine subsequent policies for conforming flows after applying the conforming priority.

Tips
Related Topics

Defining a Priority Queuing Action for Outbound Traffic

Define priority queuing policies on all interfaces or device groups that are defined as priority queues.

Before You Begin

You can only define a priority queuing action on an interface or device group that has priority queuing as the interface QoS property. See "Adding Device Interfaces" in Chapter 6 or "Creating Device Groups" in Chapter 6 for information on defining the QoS property on an interface or device group.

This procedure assumes you are in the process of writing a policy. If you are not writing a policy, start with "Creating the Policy and Writing the Policy Filter."

Procedure

Step 1   Select Priority Queuing in the Action field.

Step 2   Select the desired priority queue for the traffic in the Priority Level field. Unfiltered traffic is placed in the normal queue.

Related Topics

Defining a Custom Queuing Action for Outbound Traffic

Define custom queuing policies on all interfaces or device groups that are defined as custom queues.

Before You Begin

You can only define a custom queuing action on an interface or device group that has custom queuing as the interface QoS property. See "Adding Device Interfaces" in Chapter 6 or "Creating Device Groups" in Chapter 6 for information on defining the QoS property on an interface or device group.

This procedure assumes you are in the process of writing a policy. If you are not writing a policy, start with "Creating the Policy and Writing the Policy Filter."

Procedure

Step 1   Select Custom Queue in the Action field.

Step 2   Enter the percentage of the interface's bandwidth you want to allocated to the traffic.

The value must be in increments of 5% from 5% to 95%, and the total allocation of all custom queue policies on the interface or device group must not exceed 95%. The remaining 5% is used for unfiltered traffic.

Related Topics

Resolving the Host Names in a Policy to Their IP Addresses

QoS Policy Manager resolves newly-added host names to their IP addresses when you save the QoS database, so you are never required to manually resolve new host names. However, any IP addresses that are changed are not resolved by saving. When IP address changes have been made, you should resolve all host names so that the IP address changes are recognized and distributed to the devices.

Before You Begin

The DNS resolution process requires that the DNS server is up and available. Do not resolve host names if you are currently having DNS server problems.

Procedure
Tips
Related Topics

Modifying a Policy

If a policy is not meeting your needs, you can modify it to alter the name, comments, filter conditions, or policy actions. When you redistribute the policies, the modified policy is written to the associated device, replacing the old policy.

Procedure

Step 1   Select the interface or device group that contains the policy you want to modify in the tree view.

Step 2   Select the policy you want to modify in the list view.

Step 3   Make your changes to the policy in the policy editor window.

Tips
Related Topics

Deleting a Policy

When you no longer want to use a policy, you can delete it from the QoS database. When you redistribute the policies, the deleted policy is removed from the associated device.

Before You Begin

If you are not sure that you no longer need a policy, consider disabling it instead of deleting it. See "Enabling and Disabling Policies" for more information.

Procedure

Step 1   Select the interface or device group that contains the policy you want to delete in the tree view.

Step 2   Right-click the policy you want to delete in the list view and select Delete.

Tips
Related Topics

Enabling and Disabling Policies

When you create a policy on an interface or device group, it is enabled by default. That is, when you distribute the QoS database to the devices, the policy is distributed and takes effect. However, you can disable a policy, or enable a disabled one, so that some policies that exist in the QoS database are not enacted on the network. This allows you to define policies before you want to make them effective, or temporarily remove a policy from the network.

Procedure

Step 1   Select the interface or device group that contains the policy you want to enable or disable in the tree view.

Step 2   Select the policy you want to enable or disable in the list view.

Step 3   Select or deselect Enabled in the policy editor pane.

If Enabled is selected, the policy is used on the interface or device group.

If Enabled is not selected, the policy only resides in the QoS database, it is not defined on the devices.

Step 4  
Click the Save button to save your changes to the database.

Step 5  
Click the Distribution Manager button to start Distribution Manager, and distribute your policies. Refer to the section entitled "Distributing Policy Changes to Network Devices" in this chapter for the procedure.

Related Topics

Creating Policy Building Blocks

You can simplify your policies by creating various building blocks that you can then use in the individual policy statements.

For example, you can create a host group that includes every host that requires a specific type of QoS. Instead of entering every host name in each related policy statement, you would use the name of the host group. Then, to add a host to a policy, you would edit the host group instead of every related policy.

These topics cover the types of building blocks you can create in QoS Policy Manager.

Working with Host Groups

A host group is a group of network hosts. You can use device groups to simplify the writing of your policies, because you can write a policy for the group instead of one for each host.

Creating Host Groups

Create a host group when you want to treat a set of network hosts identically in a policy statement.

Before You Begin

Determine the names or IP addresses of the hosts you want to group together.

Procedure

Step 1  
Click the Host Groups button, or select Tools>Host Groups.

QoS Policy Manager opens the Host Groups window.

Step 2   In the Host Groups window, click in the empty box at the end of the list of host group names and enter a host group name. Choose a name you will find meaningful.

If there is no empty box, click Add to create one.

Step 3   With the host group name selected, click Members.

QoS Policy Manager opens the Host Group Members window.

Step 4   In the Host Group Members window, click in the empty box at the end of the list of host names and enter a host name or IP address. You can enter a subnet by including both IP address and subnet mask information. Click Add to add additional members.

When you are finished adding members, click OK to return to the Host Groups window.

Tips
Related Topics

Modifying Host Groups

Modify a host group to add or remove members, or to change the host group name.

Procedure

Step 1  
Click the Host Groups button, or select Tools>Host Groups.

QoS Policy Manager opens the Host Groups window.

Step 2   In the Host Groups window, select the name of the host group you want to modify.

QoS Policy Manager opens the Host Group Members window.

When you are finished adding members, click OK to return to the Host Groups window.

Tips
Related Topics

Deleting Host Groups

Delete a host group when you no longer need to treat the set of hosts as a group. However, you can modify a host group to remove selected hosts, or add other hosts, if you still have use for grouping a subset of the hosts in the group.

Before You Begin

You cannot delete a host group if it is being used in a policy. If you try to delete the group, QoS Policy Manager tells you the interface and policy name of the first policy it finds that uses the group.

Procedure

Step 1  
Click the Host Groups button, or select Tools>Host Groups.

QoS Policy Manager opens the Host Groups window.

Step 2   In the Host Groups window, select the name of the host group you want to delete.

Step 3   Click Delete.

Related Topics

Working with Application Services Aliases

An application service alias is a name of a defined set of characteristics that can identify the source of network traffic from a host or subnet. You can use application service aliases to simplify the writing of your policies, because you can write a policy for the application service instead of one for each host.

Creating Application Service Aliases

Create an application service alias when you want to identify a particular type of network traffic source.

Before You Begin

Determine the IP address of the host or subnet that is the source of the targeted traffic.

Procedure

Step 1  
Click the Application Services button, or select Tools>Application Services.

QoS Policy Manager opens the Application Services window.

Step 2   Click Add in the Application Services window.

QoS Policy Manager opens the Application Service window.

Step 3   In the Application Service window, fill in the required information to identify the source of the targeted traffic, and to give the application service alias a name. (Refer to "Application Service Dialog Box" in Appendix B for more information.)

Click OK when finished to return to the Application Services window.

Step 4   Click OK in the Application Services window.

Related Topics

Modifying Application Service Aliases

Modify an application service alias when you want to change some characteristic of the type of network traffic source.

Procedure

Step 1  
Click the Application Services button, or select Tools>Application Services.

QoS Policy Manager opens the Application Services window.

Step 2   Select the alias you want to change and click Edit in the Application Services window.

QoS Policy Manager opens the Application Service window.

Step 3   In the Application Service window, change the information as required to identify the source of the targeted traffic, or change the application service alias name. (See "Application Service Dialog Box" in Appendix B for more information.)

Click OK when finished to return to the Application Services window.

Step 4   Click OK in the Application Services window.

Related Topics

Deleting Application Service Aliases

Delete an application service alias when you no longer want to use the alias in policies.

Procedure

Step 1  
Click the Application Services button, or select Tools>Application Services.

QoS Policy Manager opens the Application Services window.

Step 2   Select the alias you want to delete and click Delete in the Application Services window.

QoS Policy Manager deletes the alias.

Related Topics

Changing the Priority of Policies

When the IOS software examines QoS policies, it examines them in order until a match is found. Even if a packet satisfies more than one policy, it will be treated as satisfying only the first policy that the IOS software encounters, unless you define your policy to include the Continue setting, in which case a subsequent match will be sought.

In terms of the QoS Policy Manager display, the policies on a interface are examined top-down. To ensure policies get the priority you require, ensure that your policies for an interface are in order of importance, from top to bottom. If you are creating complex policy structures that include Continue settings (so that you can set multiple policies on a given packet), ensure that the statements with the Continue setting come before the subsequent policy statement you want applied.

When you define a new policy, it automatically is defined at the top of your existing policy list. Therefore, define your highest priority policy last so that it is at the top of the list.

Procedure

Step 1   Select the interface whose policies you want to reorder in the tree view.

Step 2   Select the policy whose position you want to change in the list view, and

Viewing the Equivalent IOS Software Commands for Policies

You can view the IOS software commands that QoS Policy Manager sends to the device before (or after) you distribute your policies. As soon as you save a new policy, the device is displayed in the Distribution Manager in the tree view for the new job. If you are comfortable with IOS software commands, you might find this useful. See the IOS software documentation for information on how to read these commands.

Procedure

Step 1   In the Distribution Manager tree view, double-click the device whose commands you want to view.

QoS Policy Manager opens the Device Properties window.

Step 2   Click View Commands.

QoS Policy Manager displays the IOS software commands that correspond to all of the policies you have defined on the device.

Viewing Policy Reports

You can view reports about your policies to help you identify the policies you have deployed. This might help you identify inconsistencies or other issues that you want to address. The reports are created in standard HTML and displayed in your default browser. You can print the reports, save them, and post them to your web site as you require.

Table 5-3 describes the commands for viewing the various types of policy reports.

Table 5-3   Policy Manager Reports

If you want to...  Command 

View all policy statements in the open database

Tools>Reports>All Policies

View all policies defined for the selected device

Tools>Reports>Device Policies

View all policies defined for the selected device group

Tools>Reports>Device Group Policies

View the policies defined for the selected database

Tools>Reports>Interface Policies

Tips


hometocprevnextglossaryfeedbacksearchhelp
Posted: Mon Aug 18 10:21:51 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.