Match list for QoS policies

Match lists provide a mechanism to simplify the configuration of IP and IPv6 criteria matching statements within QoS policies. Instead of defining multiple match statements in an ip-criteria or ipv6-criteria statement, a user can group the same types of matching criteria into a single match list and use that list as a match criterion value, thereby requiring only a single policy entry per each unique action. The same match list can be used in one or more QoS policies.

The match lists further simplify management and deployment of the policy changes. A change in a match-list content is automatically propagated across all policies employing that list in their match criteria, therefore, only a single configuration change is required to trigger policy changes when a list is used by entries in one or more QoS policies.

The hardware resource usage does not change when QoS match lists are used compared to when the user creates multiple entries (one for each element in the list). However, consideration must be given to how the lists are used to ensure only needed match permutations are created in a QoS policy entry (especially when other match criteria that are also lists or ranges are specified in the same entry). The system verifies whether a new list element, for example, an IP address prefix, can be added to a specific list, or a list can be used by a new QoS policy, by checking whether the resources exist in hardware to implement the required changes for all QoS policies that reference the updated list. If sufficient resources do not exist, the addition of a new element to the list or use of the list by another policy fails.

QoS match lists are created within config>qos>match-list. The following types of match lists are supported:

  • IPv4 prefix lists

    These are applicable to src-ip and dst-ip matching in SAP ingress and SAP egress QoS policies used by both SAPs and subscribers, and in the ingress section of a network QoS policy.

  • IPv6 prefix lists

    These are applicable to src-ip and dst-ip matching in SAP ingress and SAP egress QoS policies used by both SAPs and subscribers, and in the ingress section of a network QoS policy

  • port lists

    These are applicable to src-port and dst-port matching in network QoS policies

A prefix list can be configured in criteria statements within SAP QoS policies or within network QoS policies, but not in both types simultaneously.

The following restrictions apply to the use of prefix lists in network QoS policies:

  • A single IP prefix list (IPv4/IPv6) cannot be used by network QoS policy entries more than 128 times.

  • A single entry in a network QoS policy can only refer to either a source or destination prefix list. It is not permitted to refer simultaneously to both a source and a destination prefix IPv4/IPv6 list.

  • A single entry in a network QoS policy can only refer to either a source or destination port list. It is not permitted to refer simultaneously to both a source and a destination port list. Port lists can only be applied to network entries.

  • Prefix lists and port lists are mutually exclusive within a single entry.

The following shows a created IPv4 prefix list which is configured within a SAP ingress QoS policy to rate limit the traffic from those prefixes.

configure
#--------------------------------------------------
echo "QoS Policy Configuration"
#--------------------------------------------------
    qos
        match-list
            ip-prefix-list "ip-prefix-list-1" create
                description "IPv4 prefix list"
                prefix 10.0.0.0/8
                prefix 192.168.0.0/16
            exit
        exit
    exit
#--------------------------------------------------
echo "QoS Policy Configuration"
#--------------------------------------------------
    qos
        sap-egress 10 create
            queue 1 create
            exit
            queue 2 create
            exit
            fc af create
                queue 2
            exit
            ip-criteria
                entry 10 create
                    match
                        dst-ip ip-prefix-list "ip-prefix-list-1"
                    exit
                    action fc "af"
                exit
            exit
        exit
    exit

The IPv4 prefix list can be shown as follows:


*A:PE# show qos match-list ip-prefix-list "ip-prefix-list-1"

===============================================================================
QoS Match IP Prefix List
===============================================================================
Prefix Name        : ip-prefix-list-1
Description        : IPv4 prefix list
-------------------------------------------------------------------------------
IP Prefixes
-------------------------------------------------------------------------------
10.0.0.0/8
192.168.0.0/16
-------------------------------------------------------------------------------
No. of Prefixes : 2
-------------------------------------------------------------------------------
===============================================================================