CBWFQ not supported on Sub-Interfaces

If you are playing around with CBWFQ you might have discovered that it’s impossible to attach a policy-map to a sub-interface directly. There is a good reason for this and I’d like to show you why this occurs and how to fix it. This is the topology I will use to demonstrate this:

Just two routers connected to each other using frame-relay. We will try to configure CBWFQ on the Serial 0/0.1 sub-interface of R1.

Configuration

First, I’ll create a simple CBWFQ configuration:

R1(config)#class-map TELNET
R1(config-cmap)#match protocol telnet

R1(config)#class-map HTTP
R1(config-cmap)#match protocol http 

R1(config)#policy-map CBWFQ
R1(config-pmap)#class TELNET
R1(config-pmap-c)#bandwidth percent 10
R1(config-pmap-c)#exit
R1(config-pmap)#class HTTP
R1(config-pmap-c)#bandwidth percent 20
R1(config-pmap-c)#exit

Nothing special here…just a simple CBWFQ configuration that gives 10% of the bandwidth to telnet and 20% to HTTP traffic. Let’s try to apply it to the sub-interface:

R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output CBWFQ
CBWFQ : Not supported on subinterfaces

Too bad, it’s not going to happen…IOS has a day off. There is a workaround, however…we can’t apply it directly, but if we use a hierarchical policy-map, it will work. Let me show you what I mean:

R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#service-policy CBWFQ

I’ll create a policy-map called PARENT that has our service-policy attached to the class-default class. Now let’s try to attach this to the sub-interface:

R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT
CBWFQ : Hierarchy supported only if shaping is configured in this class

IOS is still complaining. It only allows a hierarchical policy-map when shaping is configured. Let’s give it what it wants:

R1(config)#policy-map PARENT
R1(config-pmap)#class class-default
R1(config-pmap-c)#shape average percent 100

I don’t want to shape, but if I have to configure something we’ll just set the shaper to 100% of the interface bandwidth so that it doesn’t limit our traffic. Let’s attach it to the sub-interface:

R1(config)#interface serial 0/0.1
R1(config-subif)#service-policy output PARENT

Bingo! It has been attached.

Verification

We’ll try to telnet from R1 to R2 to see if it matches the policy-map:

R1#telnet 192.168.12.2
Trying 192.168.12.2 ... Open

Password required, but none set

[Connection to 192.168.12.2 closed by foreign host]

Let’s check if it hit something:

R1#show policy-map interface serial 0/0.1

 Serial0/0.1 

  Service-policy output: PARENT

    Class-map: class-default (match-any)
      39 packets, 4086 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any 
      Traffic Shaping
           Target/Average   Byte   Sustain   Excess    Interval  Increment
             Rate           Limit  bits/int  bits/int  (ms)      (bytes)  
              100 (%)                0 (ms)      0 (ms)
          1544000/1544000   9650   38600     38600     25        4825     

        Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
        Active Depth                         Delayed   Delayed   Active
        -      0         39        4086      0         0         no

      Service-policy : CBWFQ

        Class-map: TELNET (match-all)
          11 packets, 514 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol telnet
          Queueing
            Output Queue: Conversation 73 
            Bandwidth 10 (%)
            Bandwidth 154 (kbps)Max Threshold 64 (packets)
            (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

        Class-map: HTTP (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol http
          Queueing
            Output Queue: Conversation 74 
            Bandwidth 20 (%)
            Bandwidth 308 (kbps)Max Threshold 64 (packets)
            (pkts matched/bytes matched) 0/0
        (depth/total drops/no-buffer drops) 0/0/0

        Class-map: class-default (match-any)
          28 packets, 3572 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any

Above, you can see that my telnet traffic matches the policy-map. The shaper is configured, but since it’s configured to shape to the entire interface bandwidth, it won’t bother us.

So why do we have to use a shaper? Logical interfaces like sub-interfaces can’t have congestion like a physical interface, so IOS doesn’t support policy-maps that implement queuing. By using a shaper, we enforce a “hard limit” for the sub-interface so it will allow queuing.

I hope this has been helpful to you! If you have any questions feel free to ask.

• Unit 1: Introduction to QoS
  • Introduction to QoS
  • IP Precedence and DSCP Values
  • How to configure Classification
  • How to configure Marking
  • LLQ (Low Latency Queuing)
  • Bandwidth vs Bandwidth Remaining
  • CBWFQ on Sub-Interfaces
• Unit 2: LAN QoS
  • QoS on LAN Switches
  • QoS Trust Boundary
  • Classification and Marking on Switch
  • Queuing on 3560/3750 Switches
• Unit 3 : Shaping
  • Introduction to Shaping
  • How to configure Shaping
  • Shaping with burst up to interface bandwidth
  • Peak Traffic Shaping Configuration
  • Frame-relay shaping configuration
  • How to test if your ISP shapes your traffic.
• Unit 4 : Policing
  • Introduction to Policing
  • How to configure Policing
• Unit 5: RSVP
  • Introduction to RSVP
  • RSVP DSBM
• Unit 6: Miscellaneous
  • IP SLA Traffic Generator
  • Introduction to NBAR
  • PPP Multilink Fragmentation and Interleaving
  • QoS Pre-Classify
  • WRED (Weighted Random Early Detection)