|
|
One of the major parts of your Quality of Service configuration is the roles and policy statements you create in the Policy Editor. These roles and policies define how the network devices manage the data that flows through the network.
A QoS policy is a conditional statement that applies a specific QoS action to a packet if the packet satisfies the conditions defined in the policy.
A role contains a group of policies that will be implemented on a specified set of interfaces. Typically, you create separate roles for edge devices and backbone devices. Roles are defined within the context of a specific service template, but you can specify service template overrides for a role. Policies in a role use the service definitions in the associated service template. When a role has a service template override, policies in that role use the overrides.
The device checks the policies in the roles defined on the interface in order of priority until a match is found for the traffic on the interface. At this point, it applies the policy and ignores remaining policies. Each role also includes a default action, which is implemented when no match is found for the traffic on the interface.
Each policy has two parts:
With QPM-COPS, you can enable and disable policies without deleting them. However, the status of the policy does not change until you distribute the database.
 |
Note The maximum number of roles and policy statements you can define for a domain depends on your system resources. It is recommended not to overload interfaces with filters. You should define more individual roles containing only policies for one type of interface, since you can combine roles on interfaces when required. |
QPM-COPS comes with a set of canned roles, which contain sample policies, filters, and rate limit definitions. You can edit these definitions to suit your requirements.
|
Note Whenever you make changes to roles and policies, save the changes to the QoS database. |
Before You Begin
Before you begin to define roles and policies, make sure that you have selected the appropriate service template for your network. See Choosing a Service Template.
Related Topics
Create a role when you want to define policies for a specific set of device interfaces.
Procedure
Step 2 Choose Role List in the option bar. The Role List page is displayed.
Step 3 Create a new role.
a. In the New Role field, enter a role name.
|
Note Do not use spaces in role names. |
b. Click Add.
The Role page opens for the new role. The default action for all traffic that does not match any filter in this role is Best Effort.
Step 4 To change the default action, choose an option in the Default Action field and click Set Default Action.
Step 5 To view the new role in the Role List page, click Role List in the navigation header at the top of the page.
You can create a role that applies override settings in the selected global service template. For example, you may want to increase the reserved bandwidth of a service level for a traffic on a specific set of devices. See Creating a Service Template Override.
The order of roles in the role list determines the order in which policies in a role combination are checked on the device. The role list is ordered from higher to lower priority. You can change the order of the roles in the role list.
|
Note The roles in a role combination are stored in lexicographic order on the device, but are checked in the order they appear in the role list. |
Procedure
Step 2 Choose Role List in the option bar. The Role List page is displayed as shown in Figure 7-1.
Step 3 In the # column, select the order number next to the role whose order you want to change.
Step 4 Enter the new order number and press Enter. The other roles are renumbered as required and the role list is refreshed according to the new order.
You can delete a role with all its policies. Reusable definitions are not deleted from their corresponding libraries.
Procedure
Step 2 Choose Role List in the option bar. The Role List page is displayed as shown in Figure 7-1.
Step 3 Select the check boxes next to the roles you want to delete.
Step 4 Click the Delete Selection link. The roles and their policies are deleted.
Create a policy when you want to apply a QoS action to a specific type of traffic.
Policy parameters such as type of service and queuing preference are defined according to the settings in the service template selected for the domain. Filters and rate limits can be chosen from libraries, or you can create a new definition.
Procedure
Step 2 If the role to which you want to add a policy is not displayed, in the Go to role dropdown list choose the role. The page refreshes to display the selected role.
|
Note You can also access the Role page from the Role List page by clicking on a role name. |
Step 3 Click the Add PR Policy link or the Add Signaling Policy link according to the type of policy you want to add. The New Policy page appears.
Step 4 Fill in the following fields:
|
Note Do not use spaces in policy names. |
Step 5 Click Save to save the policy.
The Role page reappears with the new policy.
|
Note New policies will be enabled on the device only after deployment. See "Distributing Policies" for details of the deployment process. |
You can view and modify policies, and rename policies.
Procedure
Step 2 If the role you want is not displayed, in the Go to Role list box choose the role. The page refreshes to display the selected role.
Step 3 Click the policy you want to view or modify. The Policy page for the selected policy appears.
Step 4 Edit the fields as described in Creating a Policy.
Step 5 Click Save to save the policy changes, or enter a new name in the Policy Name field and click Save As.
The Role page reappears with the new policy name.
Delete policies that are no longer required.
Procedure
Step 2 If the role you want is not displayed, in the Go to Role list box choose the role. The page refreshes to display the selected role.
Step 3 Select the check boxes next to the policies you want to delete.
Step 4 Click the Delete Selection link.
The Role page reappears without the deleted policies.
The order of policies in a role determines the order in which policies within a role in the role combination are checked on the device. You can change the order of the policies in the role.
Procedure
Step 2 If the role you want is not displayed, in the Go to Role list box choose the role. The page refreshes to display the selected role.
Step 3 In the # column, select the order number next to the policy whose order you want to change.
Step 4 Enter the new order number and press Enter. The other policies are renumbered as required and the Role page is refreshed according to the new order.
A filter defines the type of traffic to which a policy action will apply. You can filter traffic by source, destination, user group, protocol and application. Filter definitions are stored in a Filters library and can be reused for different policies.
Create a filter to define the type of traffic to which policy actions will apply.
Procedure
Each section in the Filter page is a complete condition. You can create as many filter conditions as you want in a single filter definition. A packet satisfies the filter if it satisfies all the conditions in the filter.
Step 2 Fill in the fields as described in Table B-7.
Step 3 Click Save to save the new filter. The Policy page reappears displaying the new filter name.
You can view and modify filters, and you can rename a filter.
Procedure
The Filter page opens displaying details of the selected filter.
Step 2 Edit fields as described in Table B-7.
Step 3 Click Save to save changes.
Step 4 To rename the filter, enter a name in the Filter Name box, and click Save As.
You can delete filters that are not used in any policy.
Procedure
Step 2 Click Filters. The Filters page appears.
Step 3 Select the check boxes next to the filters you want to delete.
Step 4 Click Delete Selection. The filters are deleted.
This section describes creating, modifying and deleting flow and class rate limits for provisioning and RSVP policies.
A flow rate limit defines a limit for a single packet for provisioning, or a single RSVP flow. A class rate limit defines the limit for the aggregate provisioning or RSVP traffic. In-profile traffic will be handled according to the service template definitions for the selected service type. Out-of-profile traffic is treated as defined by the Excess property for the selected service type in the service template. When there is no definition for Excess traffic, the out-of-profile traffic will be discarded.
Create rate limits as part of your policy action.
Procedure
Step 2 Fill in the fields as described in the following tables:
Step 3 Click Save to save the new rate limit. The Policy page reappears displaying the new rate limit name.
You can view and modify rate limits, and you can rename a rate limit.
Procedure
The Rate Limit page opens displaying details of the selected rate limit.
Step 2 Edit fields as described in the following tables:
Step 3 Click Save to save changes.
Step 4 To rename the rate limit, enter a name in the Rate Limit Name box, and click Save As.
You can delete rate limits that are not used in any policy.
Procedure
Step 2 Click the appropriate Rate Limits library. The Rate Limits page appears.
Step 3 Select the check boxes next to the rate limits you want to delete.
Step 4 Click Delete Selection. The rate limits are deleted.
Querying policies lets you view policies according to specified criteria. You can view policies for different roles, and across managed or virtual device interfaces. For example, you can view policies for coloring mission critical traffic in all roles. This section describes how to query policies.
Procedure
Step 2 Choose Policy Query criteria:
a. Choose the type of policy match in the Find policies matching field:
b. Choose matching criteria in the following categories:
When you select multiple values in a list, all policies matching at least one of the values will be found. When no value is selected in a list, policies matching any of the values will be found.
Step 3 Click the Submit Query button. The Policy Query Results page appears displaying details of all matching policies.
QPM-COPS allows you to create roles and policies for your network traffic without requiring knowledge of the capabilities of your network devices. On deployment, the PDPs download to each device those policies that match the specific device capabilities.
The Policy Validation feature lets you preview how policies would be deployed on your network. You can validate policies on managed devices in your network, or you can define virtual devices, which do not necessarily exist in the network. You can also validate how a specific role would be deployed on its assigned devices.
|
Note Validation first looks for pending role assignments (not yet committed to devices). If there are no pending role assignments, it uses the roles that have already been discovered on the device. |
Policy validation results show which policy and service template definitions match the capabilities of the device and its interfaces.
Use Policy Validation on a specific managed device to preview how policies in the assigned role combination for the current service template will be deployed on that device. Policy validation also shows capability mismatches between the device capabilities and policy and service template definitions.
Procedure
Step 2 In the Policy Validation for Managed Devices section, validate a device in one of the following ways:
Click the Validate Device icon next to the device you want to validate.
The Managed Device Preview page appears. See Managed Device Preview Page.
The Managed Device Preview page appears. See Managed Device Preview Page.
|
Note Validation is only performed for roles belonging to the current service template. |
Use Policy Validation on a virtual device to preview how policies and service templates for a specified role combination would be deployed on an interface of a specific device configuration. The device might or might not exist on your network.
 |
Tips Use this feature to test "What If" scenarios before adding a new device to your network. |
Procedure
Step 2 In the Policy Validation for Virtual Device section, define the virtual device properties by choosing an option from each of the following dropdown lists:
Step 3 Define the role combination for which you want to perform validation:
a. Choose a role in the Add Role dropdown list. The role name appears in the role combination box.
b. Choose additional roles in the Add Role dropdown list. As you add each role, it appears in the role combination box preceded by a plus sign (+).
|
Note You can enter role names separated by a plus sign (+) directly into the role combination text box. |
Step 4 Click the Validate button.
The Virtual Device Preview page appears. See Virtual Device Preview Page.
You can validate how policies in a specific role will be deployed on devices with that role or containing that role in a role combination on any of its interfaces.
|
Note When a device contains the specified role in a role combination, role validation only previews the device if the role has top priority in the role combination for the current service template. |
Procedure
Step 2 In the Policy Validation for Role section, choose the role you want to validate in the dropdown list.
Step 3 Click the Validate button. The Role Preview page appears. See Role Preview Page.
Policy validation results are displayed on the following pages:
The Managed Device Preview Page displays basic validation information for coloring and limiting actions in the policies in each role combination defined on the selected device's interfaces.
|
Note Validation is only performed for the roles belonging to the current global service template. |
Figure 7-8 shows device preview details for one of the role combinations on the selected device.
|
Note A message is displayed at the top of the page if the device does not support COPS-PR or COPS-RSVP. |
For each policy the following information is displayed:
For more validation results:
The Virtual Device Preview page displays basic validation information for coloring and limiting actions in the policies in the specified role combination.
The Virtual Device Preview page displays details of the virtual device, and the selected role combination. For each policy in the role combination, the following information is displayed:
For more validation results:
The Role Preview Page displays information for the devices that have interfaces with the specified role, or with a role combination that includes the specified role as the top priority role.
The following information is displayed:
|
Note Validation is effective for devices on which the specified role is defined as the highest priority role in any of role combination defined on that device. |
For each policy in the role, the following information is displayed:
For more validation results:
The Policy Utilization page displays details of the coloring and limiting capability mismatches for each device interface for the selected policy.
This page displays the name or type of device, or the role name for which validation is being performed. Details of the selected policy are also displayed.
The following information is displayed for each interface in the corresponding device(s):
In Figure 7-11, all interfaces have a capability mismatch for coloring and limiting actions on outgoing traffic.
|
Note Some of the displayed interfaces might belong to a devices's internal card. Many of these interfaces do not support any QoS capabilities, and cannot have any discovered roles. When validation is performed on pending roles on these interfaces, the validation results are not meaningful. |
The Service Template Preview page shows how service template definitions will be deployed on the selected device(s).
The Service Template Preview page displays the following information:
|
Note When there are interfaces that do not support any of the defined queuing methods, an additional Error row appears displaying the corresponding number of interfaces. These interfaces will use their default queuing method. |
|
Note 1q1t is not displayed in the service mapping table. For devices that only support 1q1t, such as Cat5K, the # Supporting Interfaces columns will display only zeros. |
For more validation results:
The Service Template Utilization page displays details of how the service template definitions are deployed on each of the selected interfaces.
The Service Template Utilization page displays the selected provisioning parameter that corresponds to the interfaces for which information is displayed.
The Devices Interfaces List displays the following information:
For more validation results:
|
Note Display the Interface Capabilities page to view the default scheduling method for interfaces that do not match the service template scheduling preference. |
The Interface Capabilities page displays the complete scheduling capabilities for selected interfaces. This page is useful when the Service Template Preview page or Service Template Utilization page has displayed Error for an interface's scheduling preference. This means that there is no match between the service template's scheduling preferences and the interface capabilities. In these cases, the interface uses its default scheduling method, which is displayed in the Interface Capabilities page.
The Interface Capabilities page displays the name of the role or device for which validation is being performed, and the name of the current service template.
The Provisioning Parameters table displays the following information:
Posted: Mon Jun 12 04:52:55 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.