Timeline for C3PL working order
Current License: CC BY-SA 4.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 16, 2019 at 8:49 | vote | accept | Mario Jost | ||
| Dec 16, 2019 at 8:49 | answer | added | Mario Jost | timeline score: 2 | |
| Dec 15, 2019 at 1:26 | comment | added | Ron Maupin♦ | Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can provide and accept your own answer. | |
| Apr 5, 2019 at 13:59 | answer | added | mere3ortal | timeline score: 1 | |
| Apr 2, 2019 at 8:47 | comment | added | Mario Jost | I tried to test this in a lab, but unfortunnately, there is no way for me to tell if a packet that already matched the DSCP value, would be checked again for the ACL. I found an answer at the Cisco forum that confirms what I suspected: "With match-any it reads them in order and stops once/if it finds a match" | |
| Apr 1, 2019 at 22:31 | comment | added | Marc 'netztier' Luethi | @Mario: Still, i suggest not to do Shaping/Queuing/Scheduling on ingress, even if you can - on many platforms, these are less powerful in ingress direction, if supported at all. Upon ingress, only do classification/marking (small scale policing if you must). Have an input service policy with a set of classes matching on ACL and one set matching on DSCP values. Then assign DSCP values, by setting, overwriting or re-setting what was there. Then, on the relevant egress interfaces, apply an output service policy with Queuing/Scheduling/Policing, its clases matching on DSCP exclusively. | |
| Apr 1, 2019 at 15:28 | comment | added | user36472 | @MarioJost Ah yes, there's many new changes on the 3650 and 3850 series. | |
| Apr 1, 2019 at 15:19 | comment | added | Mario Jost | @Marc'netztier'Luethi I know about the policy-map at ingress, but I want to keep the configuration short. Thats why I try to catch everything (DSCP32 and protocol) with one class-map. Additionally, if i catch them in different class-maps, and assign bandwidth 25 to each of them, it is not the same as assigning bandwidth 50 to one class. | |
| Apr 1, 2019 at 15:19 | comment | added | Mario Jost | @Cown I can match for DSCP and an ACL in the same class map (at least on a C3850 that is). You can only assign one ACL per class-map, though. | |
| Apr 1, 2019 at 14:02 | comment | added | Marc 'netztier' Luethi | Oh.. and a word of caution. Your example policy-map mixes two things I wouldn't do in the same PM. Marking traffic (set dscp 32) is typically something done on the ingress interface (service policy input ..) of a device, while applying something from the shaping/policing/queuing toolset (bandwidth percent 50) is meant for an egress interface of a device (service policy output ...). Many devices/Platforms won't even let you rewrite DSCP on the egress side. | |
| Apr 1, 2019 at 13:53 | comment | added | Marc 'netztier' Luethi | I seem to remember than within a class-map, it's match <protocol> XOR match access-group <someACL>. You can have multiple statements (else match-any wouldn't be very useful) of either but not both. On the other hand, nothing stops you from defining two class-maps (one matching on protocol, the other matching on ACL), and then making use of both in the policy map, applying the same set of actions to them. | |
| Apr 1, 2019 at 13:44 | comment | added | user36472 | Depending on your equipment, i only think you can have one match statement per class-map. | |
| Apr 1, 2019 at 13:36 | history | asked | Mario Jost | CC BY-SA 4.0 |