Re: [c-nsp] Qos Statistics on the 7K

Tue, 04 Dec 2018 14:49:26 -0800

--- Begin Message --- 
Hi Brad, 

I checked this on n7700 F3 - concur that even w/'statistics per-entry', the hit 
count is not incrementing in 'sh ip access' output when the ACL is used for QOS 
classification. Same behavior in 8.3.1.

>From what I see, the statistics are in fact incrementing in hardware, you can 
>verify by attaching to the LC via 'attach mod x' and using 'sh sys internal 
>access-list input entries detail' and find the block with your ACL (might be a 
>bit tedious doing it this way as all policies, including CoPP etc, will be 
>listed out there). Not sure why that is not just being exported up and 
>aggregated in the sup, though the 'usual' use-case for monitoring ACL hit 
>counts has centered around security ACLs.

                VDC-1 Ethernet2/1 : 
                ==================== 

INSTANCE 0x0
---------------

  Tcam 0 resource usage:
  ----------------------
  Label_a = 0x201
   Bank 1
   ------
     IPv4 Class
       Policies: QoS(all-ip) 
       Netflow profile: 0
       Netflow deny profile: 0
       Entries: 
         [Index] Entry [Stats]
         ---------------------
  [0015:000b:000b] qos ip 0.0.0.0/0 10.1.1.0/24  [398869316] 


I guess you're hoping to figure out which specific ACEs are matching in each 
class (vs just seeing the total number of packets classified in each class, as 
seen in 'sh policy-map interface')? I can check w/our engineering team and see 
if there's some reason this has not been implemented.

Hope that helps,
Tim



-----Original Message-----
From: cisco-nsp <cisco-nsp-boun...@puck.nether.net> On Behalf Of Bradley Ordner
Sent: Wednesday, November 14, 2018 8:49 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] Qos Statistics on the 7K

Hi,

This may have been asked before, even on Cisco Support Community I have an 
answer but it doesn't seem to be working for me.

We have a Layer 3 port with a QoS policy for marking traffic inbound. I have 
added the 'statistics per-entry' command in our ACL but I do not see any hits. 
When checking the policy and queueing, I see traffic being matched.

We are only marking inbound on this port, is it not supported or do I have a 
bug? I am on version - 7.2(0)D1(1)

Match: access-group QOSACL- BLAH
        46082768 packets
      set dscp 56

Thanks

Brad Ordner

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--- End Message ---
_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to