Users Guide

Table Of Contents
1. Create a user defined dscp or dot1p trust-map.
OS10(config)# trust dscp-map userdef-dscp
OS10(config-tmap-dscp-map)# qos-group 3 dscp 15
OS10(config-tmap-dscp-map)# qos-group 5 dscp 30
2. Apply user-defined trust map to an interface or in system QoS.
OS10(conf-if-eth1/1/1)# trust-map dscp userdef-dscp
or
OS10(config)# system qos
OS10(config-sys-qos)# trust-map dscp userdef-dscp
3. Create a class-map and attach it to a policy where trust is configured. This example uses 802.1p cos to define the match
criteria. You can use dscp or other access group match filters. If the 802.1p traffic matches the defined criteria, the set
qos-group 1 command assigns the traffic to TC 1.
OS10(config)# class-map type qos example-class-map
OS10(config-cmap-qos)# match cos 1
OS10(config-cmap-qos)# exit
OS10(config)# policy-map type qos example-policy-map
OS10(config-pmap-qos)# class example-class-map
OS10(config-pmap-c-qos)# set qos-group 1
4. Attach the policy map to an interface or in system QoS mode.
OS10(config)# interface ethernet 1/1/1
OS10(conf-if-eth1/1/1)# service-policy input type qos example-policy-map
or
OS10(config)# system qos
OS10(config-sys-qos)# service-policy input type qos example-policy-map
In this example, DSCP 15 flow is mapped to traffic class 3 or qos-group 3 and DSCP 30 flow is mapped to TC 5 or qos-group 5.
The rest of the DSCP flows are mapped based on the trust that is configured.
Control-plane policing
Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and
giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through
the QoS CLIs to set rate-limiting capabilities for control plane packets.
If the rate of control packets towards the CPU is higher than the packet rate that the CPU can handle, CoPP provides a method
to selectively drop some of the control traffic so that the CPU can process high-priority control traffic. You can use CoPP to
rate-limit traffic through each CPU port queue of the network processor (NPU).
CoPP applies policy actions on all control-plane traffic. The control-plane class map does not use any match criteria. To enforce
rate-limiting or rate policing on control-plane traffic, create policy maps. You can use the control-plane command to attach
the CoPP service policies directly to the control-plane.
Starting from release 10.4.2, the default rate limits have changed from 12 CPU queues and the protocols mapped to each CPU
queue are changed.
NOTE:
When you upgrade from a previous release to release 10.4.2 and you have CoPP policy with rate limits configured in
the previous release, the CoPP policies are automatically remapped based on the new CoPP protocol mappings to queues.
For example:
You have a CoPP policy configured for queue 5 in release 10.4.1, which is for ARP Request, ICMPv6-RS-NS, iSCSI
snooping, and iSCSI-COS.
After upgrade to release 10.4.2, the CoPP policy for queue 5 is remapped based on the new CoPP protocol mappings to
queues as follows:
ARP Request is mapped to queue 6
1320 Quality of service