PFC: Classification, policing and marking with MQC

The MQC (Modular QoS Command Line) for PFC enabled cards provides classifaction, policing and marking. All queueing is done on the interface, this includes queue depths, WRR bandwidth, WRED.

Policing (PFC3+)

Aggregate policing can be one of the following on either ingress or egress:

  • Policer attached to a single interface via MQC using the MQC class  ‘police’ command
  • Policer attached to mutiple interfaces via MQC using the MQC class command ‘police aggregate {name}’ which references the global policer command ‘mls qos aggregate-policer {name}’

Microflow policing is used to identify individual flows on ingress only:

  • Policer is attached to an interface via MQC using the MQC class command ‘police flow’ and parameters defining the traffic flow mask to be policed by this policer. The traffic flow mask defines how the policer views traffic entering the interface and therefore the policer to consitute a flow. The possible flow masks are:
    • mask src-only
      • Identifies flows using source address only, so only different source IP’s will constitute a new/different flow
    • mask dest-only
      • Identifies flows using the destination IP address, so each ingress packet with a different destination address consitutes a different flow.
    • mask full flow (default)
      • Identifies flows using the source and destination IP, protocol and protocol interfaces to indentify different flows.
    • mask destination-source {tbc (PFC3+)}
    • mask destination-source-interface {tbc(PFC3+)}
    • mask full-interface {tbc(PFC3+)}

Ingress Policing

  • Ingress polcing is supported on Layer 2, Layer 3, and SVI interfaces through MQC configuration.
  • Microflow and aggregate policing is supported on ingress.

Egress Policing

  • Egress polcing is supported on Layer 3, and SVI interfaces through MQC configuration (note: not L2 interfaces).
  • Only aggregate policing is supported on Egress.
  • Direct remarking using policing command is not supported for traffic that exceeds, this requires the use of  “policed-dscp-transmit” and the map “qos map dscp policed 24 to dscp 16”, this is an EARL 7 limitation (hardware) which SUP/RSP720’s run.

Simon Birtles

I have been in the IT sector for over 20 years with a primary focus on solutions around networking architecture & design in Data Center and WAN. I have held two CCIEs (#20221) for over 12 years with many retired certifications with Cisco and Microsoft. I have worked in demanding and critical sectors such as finance, insurance, health care and government providing solutions for architecture, design and problem analysis. I have been coding for as long as I can remember in C/C++ and Python (for most things nowadays). Locations that I work without additional paperwork (incl. post Brexit) are the UK and the EU including Germany, Netherlands, Spain and Belgium.