I have am converting a number of our sites from priority queue based QOS to MQC based QOS. Previously we were marking packets generated by the local router using "ip local policy route-map". How does MQC based QOS treat locally generated packets? I can't see how they could be marked using MQC based QOS because the policies need to be associated with interfaces and packets generated by the local router are essentially "interfaceless".
Configuring Control Plane Policing on Output ICMP Traffic: Example The following example shows how to apply a QoS policy for aggregate CP services to Telnet traffic transmitted from the control plane. Trusted networks with source addresses 3.3.3.0 and 4.4.4.0 receive Internet Control Management Protocol (ICMP) port-unreachable responses without constraint, while allowing all remaining ICMP port-unreachable responses to be dropped:
! Allow 3.3.3.0 trusted network traffic. Router(config)# access-list 141 deny icmp 3.3.3.0 0.0.0.255 any port- unreachable ! Allow 4.4.4.0 trusted network traffic. Router(config)# access-list 141 deny icmp 4.4.4.0 0.0.0.255 any port- unreachable ! Rate limit all other ICMP traffic. Router(config)# access-list 141 permit icmp any any port-unreachable Router(config)# class-map icmp-class Router(config-cmap)# match access-group 141 Router(config-cmap)# exit Router(config)# policy-map control-plane-out ! Drop all traffic that matches the class "icmp-class." Router(config-pmap)# class icmp-class Router(config-pmap-c)# drop Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# control-plane ! Define aggregate control plane service for the active route processor. Router(config-cp)# service-policy output control-plane-out Router(config-cp)# exit
Thanks for your comments Merv. Control plane policing works great where you need to protect the central packet processing engine in a switch or router from DOS attacks coming in on the line cards. It is not really what I am after here, since I am interested in QOS'ing traffic originated by the router that travels over the WAN.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.