QoS on ICX switch

  • 1
  • Question
  • Updated 2 months ago
I am planning to replace Cisco router to ICX switch with L3 license.
Currently I am using QoS on Cisco as below. I want to implement same QoS on ICX.
I tried to create config for ICX. Will this work and do similar behavior?
Please advice how I can implement QoS like Cisco on ICX switch.



Cisco
---
class-map match-any VOICE
 match access-group name Phones
 match access-group name P_Controller
!
class-map match-any DATA
 match access-group name Data
 match access-group name Critical_System
!
class-map match-any INTERNET
 match access-group name Internet
!

policy-map Company_QOS
 class VOICE
  set dscp ef
  priority percent 20
 class DATA
  bandwidth percent 30 
  set dscp af21
 class INTERNET
  bandwidth percent 10 
  set dscp af11
!

ip access-list extended Phones
 permit ip any 192.168.101.0 0.0.0.255
 permit ip 192.168.101.0 0.0.0.255 any
!
ip access-list extended P_Controller
 deny   ip any any fragments
 permit udp any any range 5000 5100
 permit tcp any any range 5000 5100
!
ip access-list extended Data
 permit ip any 192.168.100.0 0.0.0.255
 permit ip 192.168.100.0 0.0.0.255 any
!
ip access-list extended Critical_System
 permit ip any 192.168.200.0 0.0.0.255
 permit ip 192.168.200.0 0.0.0.255 any
!
ip access-list extended Internet
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any

interface GigabitEthernet0/0/0
 description UPLINK
 ip address 10.0.0.1 255.255.255.254
 service-policy output Company_QOS
!
---



ICX 7450
---
ip access-list extended Company_QOS
 remark !!!!_ip access-list extended Phones
 sequence 10 permit ip any 192.168.101.0 0.0.0.255 dscp-marking 46 
 sequence 20 permit ip 192.168.101.0 0.0.0.255 any dscp-marking 46 
 remark !!!!_ip access-list extended P_Controller
 sequence 30 permit udp any any range 5000 5100 dscp-marking 46   
 sequence 40 permit tcp any any range 5000 5100 dscp-marking 46 
 remark !!!!_ip access-list extended Data
 sequence 50 permit ip any 192.168.100.0 0.0.0.255 dscp-marking 18 
 sequence 60 permit ip 192.168.100.0 0.0.0.255 any dscp-marking 18 
 remark !!!!_ip access-list extended Critical_System
 sequence 70 permit ip any 192.168.200.0 0.0.0.255 dscp-marking 18 
 sequence 80 permit ip 192.168.200.0 0.0.0.255 any dscp-marking 18 
 remark !!!!_ip access-list extended Internet 
 sequence 90 permit ip ant any dscp-marking 10
!

qos scheduler-profile AAA mechanism mixed-sp-wrr
qos scheduler-profile AAA profile qosp0 10 qosp1 10 qosp2 30 qosp3 30 qosp4 20 qosp5 20 qosp6 sp qosp7 sp
!
interface ethernet 1/2/1
 port-name UPLINK
 ip address 10.0.0.1 255.255.255.254
 route-only
 ip access-group Company_QOS out
 scheduler-profile AAA
!
Photo of ys

ys

  • 6 Posts
  • 2 Reply Likes

Posted 2 months ago

  • 1
Photo of Tim Brumbaugh

Tim Brumbaugh

  • 42 Posts
  • 18 Reply Likes
Couple of things.  Make sure you rate limit the interface to match what your bandwidth is from your provider assuming this is going into a WAN or Metro-E circuit of some type.  The QOS mechanism works on bandwidth same as Cisco so if it thinks it has 1gbps then it won't shape the traffic until it starts getting full.  
Each interface needs to have the (trust dscp) just like Cisco.
It is not necessary to grab the traffic in an ACL if the devices (phones) are marking the traffic with DSCP EF (46) or any DSCP marked traffic as the QOS mechanism will put them in the correct priority QUE.
Que 0 DSCP 0-7
Que 1 DSCP 8-15
Que 2 DSCP 16-23
Que 3 DSCP 24-31
Que 4 DSCP 32-39
Que 5 DSCP 40-47
Que 6 DSCP 48-55
Que 7 DSCP 56-63
If you use and ACL just grab the IP address or subnet and apply that to the QUE that you want it in. There is no need to remark traffic if your phone system is already doing it.
DON'T USE QUE 6-7 as these (like on Cisco) are reserved for routing protocols and device to device pathways, I have seen people put stuff in QUE 7 but that is wrong and can break your ability to SSH into the device if you run out of bandwidth.
Remember if you are not using L3 it falls back on the L2 or COS value which there are 7 and they match the Que numbers above, so COS 0 = Que 0 and COS 1 = Que 1 etc.
Since you are using mixed-SP-WRR as the queing mechanism QUE's 6-7 are strict priority and anything in those QUE's will go out first regardless (that is why you never use them for anything and are reserved). 
The others are as follows.
Unicast per Queue details: Bandwidth%
Traffic Class 0                     15%
Traffic Class 1                     15%
Traffic Class 2                     15%
Traffic Class 3                     15%
Traffic Class 4                     15%
Traffic Class 5                     25%
Traffic Class 6                     sp
Traffic Class 7                     sp
Multicast per Queue details:    Bandwidth%
Traffic Class 0                     15%
Traffic Class 1                     15%
Traffic Class 2                     15%
Traffic Class 3                     15%
Traffic Class 4                     15%
Traffic Class 5                     25%
Traffic Class 6                     sp
Traffic Class 7                     sp  

So if you have a 100mbps link the and vice has DSCP set at EF (dscp 46) it will get 25% or 25mbps
of the 100mbps if it needs it and will get you out first after any SP traffic (same as Cisco) and does
not reserve that amount of traffic so other things can use it if it is not being used by voice.



Photo of ys

ys

  • 6 Posts
  • 2 Reply Likes
Hello, Tim,

Thank you for your advice. This helps me for more understanding.