• September 22, 2020, 12:47:51 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: ERS 5500 DSCP Remarking  (Read 3395 times)

0 Members and 1 Guest are viewing this topic.

Offline Salias

  • Rookie
  • **
  • Posts: 2
ERS 5500 DSCP Remarking
« on: May 11, 2014, 09:39:28 PM »
Hello everyone,

I'll preface this with I am primarily a Cisco guy with some experience in Juniper. Nortel\Avaya and its CLI is fairly new to me. Essentially, I'm a newbie when it comes to NNCLI\ACLI

With that said, I've been trying to write a set of policies that will remark DSCP based on certain TCP\UDP ports on a specific VLAN.

I was originally going to try to approach this using an ACL, until I discovered ACLs are limited to 16 lines. I was also unsure of the ACL logic on Nortel. For instance, there appears to be an implicit deny at the end of the ACL, but will putting a drop-action disable as line 16 with no other criteria bypass the deny any any and move on to the next ACL? I haven't had time to test this out...

Anyway, I decided to set up a handful of policies. I created an interface group, then created ip elements specifying protocol (6 or 17) and dst-port-min to dst-port-max for TCP\UDP ports I wanted to remark. I also created a l2 element using vlan-min and vlan-max to define the VLAN. I declared classifiers, pairing each ip-element with the l2 element. I then created classifier blocks, grouping classifiers that will receive the same DSCP markings.

The classifier blocks are then attached to policies, with a precedence set and an action profile called for each. Each action called drop-action disable (because paranoid) and update-dscp.

The issue I'm running into is at the point of defining policies. I don't have the exact error in front of me, but it is essentially referencing an error due to a mismatch in classification masks (if I recall correctly, I don't have the stack in front of me).

My configuration is being tested on a factory default switch, so no other non-default QoS configurations should be applicable. What I don't understand is each of my classifiers should essentially be looking at the protocol field in the IP header, destination port in the TCP\UDP header, and the VLAN. All classifiers that are grouped together are looking at the same 3 fields, so I'm unsure why it is a mismatch.

I've gone as far as removing the l2 element from the classifiers, so it's just the ip element, adding those into classifier blocks, and policy creation yields the same error. I've also tried separating classifier blocks by TCP and UDP, with the same results. So I don't think I'm quite understanding something or this is simply not possible with the 5500 series...

I'm not going to place the complete configuration here (it's lengthy! -- primarily due to heavy commenting, but will post one group so any of you experienced with this can get a feel with what I've done and can tell me what I'm doing wrong):

qos if-group name TestQoS class unrestricted
qos if-assign port 1/ALL name TestQoS
!
qos action 20 name SetDSCPCS1 drop-action disable update-dscp 8
!
!   FTP (CS1)
qos ip-element 1000 protocol 6 dst-port-min 20 dst-port-max 21
!   SSH (CS1)
qos ip-element 1001 protocol 6 dst-port-min 22 dst-port-max 22
!   Proxy (CS1)
qos ip-element 1002 protocol 6 dst-port-min 8080 dst-port-max 8080
!   Data VLAN element
qos l2-element 5 vlan-min 20 vlan-max 20
!   CS1 Pairings
qos classifier 1000 set-id 1000 element-type ip element-id 1000
qos classifier 1001 set-id 1001 element-type ip element-id 1001
qos classifier 1002 set-id 1002 element-type ip element-id 1002
qos classifier 1500 set-id 1000 element-type l2 element-id 5
qos classifier 1501 set-id 1001 element-type l2 element-id 5
qos classifier 1502 set-id 1002 element-type l2 element-id 5
!   CS1 Classifier Group
qos classifier-block 100 block-number 1 name CS1ClassBlock set-id 1000
qos classifier-block 101 block-number 1 name CS1ClassBlock set-id 1001
qos classifier-block 102 block-number 1 name CS1ClassBlock set-id 1002
!
qos policy 10 name MarkDSCP_CS1 if-group TestQoS clfr-type block clfr-id 1 in-profile-action 20 precedence 10
qos policy 10 enable


Thanks in advance for any light anyone can shed on this.

(Side note: BBCode for code is considered an external link in the parser?)

Edit: Forgot to mention I am running 6.2.7 code.

The specific error is:
% Different classifier component masks/keys in block detected
« Last Edit: May 12, 2014, 01:16:25 AM by Salias »


Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: ERS 5500 DSCP Remarking
« Reply #1 on: May 14, 2014, 05:25:07 PM »
Just wondering, but have to tried making the policy in the Avaya EDM GUI?  It has a really nice system to make QoS rules when I have needed it in the past.  Certainly easier than trying to do it in the CLI.  Maybe this document can help you as well.

http://downloads.avaya.com/css/P8/documents/100122162

Offline Salias

  • Rookie
  • **
  • Posts: 2
Re: ERS 5500 DSCP Remarking
« Reply #2 on: May 15, 2014, 07:30:12 AM »
I actually haven't tried via EDM yet, primarily because I'm a stubborn CLI person. I've been hitting this wall long enough now that I guess this may be the next logical step (and will probably save my sanity coupled with less switches flying across the lab). I just wanted to check here to see if anyone had any experience with trying something like this, as I've learnt quite a few things from here. Maybe doing it via EDM will shed some light on how it's done via CLI so I can template it in the future.

Thanks for the link to the doco, I've actually been using this and an older engineering document to try and get a feel for how QoS works via CLI.

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: ERS 5500 DSCP Remarking
« Reply #3 on: May 15, 2014, 10:08:21 AM »
Yeah, with Avaya gear it really was made to use the EDM system for configuration.  And once the config is saved you can check the CLI config to see exactly what it did.  Every other making of network gear says "Yeah, we have a GUI but you really don't want to use it.  Use the CLI to configure it".  With Avaya it's "Use the EDM GUI to configure the switches once you put the IP address in and turned on the GUI".