Discussion:
[c-nsp] Qos Statistics on the 7K
Bradley Ordner
2018-11-15 04:48:33 UTC
Permalink
Hi,

This may have been asked before, even on Cisco Support Community I have an answer but it doesn't seem to be working for me.

We have a Layer 3 port with a QoS policy for marking traffic inbound. I have added the 'statistics per-entry' command in our ACL but I do not see any hits. When checking the policy and queueing, I see traffic being matched.

We are only marking inbound on this port, is it not supported or do I have a bug? I am on version - 7.2(0)D1(1)

Match: access-group QOSACL- BLAH
46082768 packets
set dscp 56

Thanks

Brad Ordner

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson (tstevens) via cisco-nsp
2018-12-04 22:48:38 UTC
Permalink
Hi Brad,

I checked this on n7700 F3 - concur that even w/'statistics per-entry', the hit count is not incrementing in 'sh ip access' output when the ACL is used for QOS classification. Same behavior in 8.3.1.

From what I see, the statistics are in fact incrementing in hardware, you can verify by attaching to the LC via 'attach mod x' and using 'sh sys internal access-list input entries detail' and find the block with your ACL (might be a bit tedious doing it this way as all policies, including CoPP etc, will be listed out there). Not sure why that is not just being exported up and aggregated in the sup, though the 'usual' use-case for monitoring ACL hit counts has centered around security ACLs.

VDC-1 Ethernet2/1 :
====================

INSTANCE 0x0
---------------

Tcam 0 resource usage:
----------------------
Label_a = 0x201
Bank 1
------
IPv4 Class
Policies: QoS(all-ip)
Netflow profile: 0
Netflow deny profile: 0
Entries:
[Index] Entry [Stats]
---------------------
[0015:000b:000b] qos ip 0.0.0.0/0 10.1.1.0/24 [398869316]


I guess you're hoping to figure out which specific ACEs are matching in each class (vs just seeing the total number of packets classified in each class, as seen in 'sh policy-map interface')? I can check w/our engineering team and see if there's some reason this has not been implemented.

Hope that helps,
Tim



-----Original Message-----
From: cisco-nsp <cisco-nsp-***@puck.nether.net> On Behalf Of Bradley Ordner
Sent: Wednesday, November 14, 2018 8:49 PM
To: cisco-***@puck.nether.net
Subject: [c-nsp] Qos Statistics on the 7K

Hi,

This may have been asked before, even on Cisco Support Community I have an answer but it doesn't seem to be working for me.

We have a Layer 3 port with a QoS policy for marking traffic inbound. I have added the 'statistics per-entry' command in our ACL but I do not see any hits. When checking the policy and queueing, I see traffic being matched.

We are only marking inbound on this port, is it not supported or do I have a bug? I am on version - 7.2(0)D1(1)

Match: access-group QOSACL- BLAH
46082768 packets
set dscp 56

Thanks

Brad Ordner

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Loading...