4. Match List for QoS Policies

Match lists provide a mechanism to simplify the configuration of IP and IPv6 criteria matching statements within QoS policies. Instead of defining multiple match statements in an ip-criteria or ipv6-criteria statement, an operator can group the same types of matching criteria into a single match list and use that list as a match criterion value, thereby requiring only a single policy entry per each unique action. The same match list can be used in one or more QoS policies.

The match lists further simplify management and deployment of the policy changes. A change in a match-list content is automatically propagated across all policies employing that list in their match criteria, therefore, only a single configuration change is required to trigger policy changes when a list is used by entries in one or more QoS policies.

The hardware resource usage does not change when QoS match lists are used compared to when the operator creates multiple entries (one for each element in the list). However, consideration must be given to how the lists are used to ensure only needed match permutations are created in a QoS policy entry (especially when other match criteria that are also lists or ranges are specified in the same entry). The system verifies whether a new list element, for example, an IP address prefix, can be added to a specific list, or a list can be used by a new QoS policy, by checking whether the resources exist in hardware to implement the required changes for all QoS policies that reference the updated list. If sufficient resources do not exist, the addition of a new element to the list or use of the list by another policy will fail.

QoS match lists are created within config>qos>match-list. The following types of match lists are supported:

  1. IPv4 prefix lists – Applicable to src-ip and dst-ip matching in SAP ingress and SAP egress QoS policies used by both SAPs and subscribers, and in the ingress section of a network QoS policy.
  2. IPv6 prefix lists – Applicable to src-ip and dst-ip matching in SAP ingress and SAP egress QoS policies used by both SAPs and subscribers, and in the ingress section of a network QoS policy.

A prefix list can be configured in criteria statements within SAP QoS policies or within network QoS policies, but not in both types simultaneously.

The following restrictions apply to the use of prefix lists in network QoS policies:

  1. A single IP prefix list (IPv4/IPv6) cannot be used by network QoS policy entries more than 128 times.
  2. A single entry in a network QoS policy can only refer to either a source or destination prefix list. It is not permitted to refer simultaneously to both a source and a destination prefix IPv4/IPv6 list.

The following shows a created IPv4 prefix list which is configured within a SAP ingress QoS policy to rate limit the traffic from those prefixes.

configure
#--------------------------------------------------
echo "QoS Policy Configuration"
#--------------------------------------------------
    qos
        match-list
            ip-prefix-list "ip-prefix-list-1" create
                description "IPv4 prefix list"
                prefix 10.0.0.0/8
                prefix 192.168.0.0/16
            exit
        exit
    exit
#--------------------------------------------------
echo "QoS Policy Configuration"
#--------------------------------------------------
    qos
        sap-egress 10 create
            queue 1 create
            exit
            queue 2 create
            exit
            fc af create
                queue 2
            exit
            ip-criteria
                entry 10 create
                    match
                        dst-ip ip-prefix-list "ip-prefix-list-1"
                    exit
                    action fc "af"
                exit
            exit
        exit
    exit

The IPv4 prefix list can be shown as follows:

 
*A:PE# show qos match-list ip-prefix-list "ip-prefix-list-1"
 
===============================================================================
QoS Match IP Prefix List
===============================================================================
Prefix Name        : ip-prefix-list-1
Description        : IPv4 prefix list
-------------------------------------------------------------------------------
IP Prefixes
-------------------------------------------------------------------------------
10.0.0.0/8
192.168.0.0/16
-------------------------------------------------------------------------------
No. of Prefixes : 2
-------------------------------------------------------------------------------
===============================================================================

4.1. Match List for QoS Policies Commands

4.1.1. Command Hierarchies

  1. Configuration Commands
  1. Show Commands

4.1.1.1. Configuration Commands

config
— qos
match-list
ip-prefix-list ip-prefix-list-name [create]
— no ip-prefix-list ip-prefix-list-name
description description-string
— no description
[no] prefix ip-prefix/prefix-length
ipv6-prefix-list ipv6-prefix-list-name [create]
— no ipv6-prefix-list ipv6-prefix-list-name
description description-string
— no description
[no] prefix ipv6-prefix/prefix-length

4.1.1.2. Show Commands

show
— qos
— match-list
ip-prefix-list
ip-prefix-list prefix-list-name [association]
ipv6-prefix-list
ipv6-prefix-list prefix-list-name [association]

4.1.2. Command Descriptions

  1. Configuration Commands
  2. Show Commands

4.1.2.1. Configuration Commands

match-list

Syntax 
match-list
Context 
config>qos
Description 

This command is used to enter the context to create or edit match lists used in QoS policies.

ip-prefix-list

Syntax 
ip-prefix-list ip-prefix-list-name [create]
no ip-prefix-list ip-prefix-list-name
Context 
config>qos>match-list
Description 

This command creates a list of IPv4 prefixes for match criteria in QoS policies.

An IP prefix list must contain only IPv4 address prefixes created using the prefix command and cannot be deleted if it is referenced by a QoS policy.

The no form of this command deletes the specified list.

Parameters 
ip-prefix-list-name —
A string of up to 32 characters of printable ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes. The name default (case insensitive) is reserved by the system.

description

Syntax 
description description-string
no description
Context 
config>qos>match-list>ip-prefix-list
config>qos>match-list>ipv6-prefix-list
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the context in the configuration file.

The no form of this command removes any description string from the context.

Parameters 
description-string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

ipv6-prefix-list

Syntax 
ipv6-prefix-list ipv6-prefix-list-name [create]
no ipv6-prefix-list ipv6-prefix-list-name
Context 
config>qos>match-list
Description 

This command creates a list of IPv6 prefixes for match criteria in QoS policies. An ipv6-prefix-list must contain only IPv6 address prefixes created using the prefix command and cannot be deleted if it is referenced by a QoS policy.

The no form of this command deletes the specified list.

Parameters 
ipv6-prefix-list-name—
A string of up to 32 characters of printable ASCII characters. If special characters are used (#, $, spaces, and so on), the string must be enclosed within double quotes. The name default (case insensitive) is reserved by the system.
create—
Creates IPv6 prefixes for match criteria in QoS policies.

prefix

Syntax 
[no] prefix ip-prefix/prefix-length
Context 
config>qos>match-list>ip-prefix-list
Description 

This command adds an IPv4 address prefix to an existing IPv4 address prefix match list.

To add a set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv4 address space.

An IPv4 prefix addition will be blocked, if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv4 address prefix list.

The no form of this command deletes the specified prefix from the list.

Parameters 
ip-prefix—
A valid IPv4 address prefix in dotted decimal notation.
Values—
0.0.0.0 to 255.255.255.255 (host bit must be 0)

 

prefix-length—
Length of the entered IP prefix
Values—
1 to 32

 

prefix

Syntax 
[no] prefix ipv6-prefix/prefix-length
Context 
config>qos>match-list>ipv6-prefix-list
Description 

This command adds an IPv6 address prefix to an existing IPv6 address prefix match list.

To add set of unique prefixes, execute the command with all unique prefixes. The prefixes are allowed to overlap IPv6 address space.

An IPv6 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of QoS Policies that use this IPv6 address prefix list.

The no form of this command deletes the specified prefix from the list.

Parameters 
ipv6-prefix—
Specifies the IPv6 prefix for the IP match criterion in hex digits.
Values—
ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)
x:x:x:x:x:x:d.d.d.d
x: [0 to FFFF]H
d: [0 to 255]D

 

prefix-length—
Specifies the IPv6 prefix length for the IPv6 address expressed as a decimal integer.
Values—
1 to 128

 

4.1.2.2. Show Commands

ip-prefix-list

Syntax 
ip-prefix-list
ip-prefix-list prefix-list-name [association]
Context 
show>qos>match-list
Description 

Displays the list of configured IPv4 QoS prefix lists or the details of a specific IPv4 QoS prefix list together with the SAP and network QoS policies in which it is used and the entry number within that policy.

Parameters 
prefix-list-name—
Specifies an IPv4 prefix list which contains IPv4 address prefixes to be matched.
Values—
A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

 

association—
Displays the QoS policy and entry number in which the specified prefix list is used.
Output 

The following output is an example of ip-prefix-list information

Sample Output
*A:PE# show qos match-list ip-prefix-list
 
===============================================================================
QoS Match IP Prefix List
===============================================================================
Prefix List Name                 Description                       Num Prefixes
-------------------------------------------------------------------------------
ipv4list1                                                          1 
ipv4list2                                                          1
-------------------------------------------------------------------------------
No. of Prefix-List: 2
===============================================================================
*A:PE#
 
*A:PE# show qos match-list ip-prefix-list “ipv4list1”
 
===============================================================================
QoS Match IP Prefix List
===============================================================================
Prefix Name        : ipv4list1
Description        : (Not Specified)
-------------------------------------------------------------------------------
IP Prefixes
-------------------------------------------------------------------------------
10.0.0.0/8
-------------------------------------------------------------------------------
No. of Prefixes : 1
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
Association
-------------------------------------------------------------------------------
QoS Policy ID                           Criteria Entry
-------------------------------------------------------------------------------
10                   (sap-ingress)      10                   (source-ip)
10                   (sap-egress)       10                   (source-ip)
-------------------------------------------------------------------------------
===============================================================================
*A:PE#

ipv6-prefix-list

Syntax 
ipv6-prefix-list
ipv6-prefix-list prefix-list-name [association]
Context 
show>qos>match-list
Description 

Displays the list of configured IPv6 QoS prefix lists or the details of a specific IPv6 QoS prefix list together with the network QoS policies in which it is used and the entry number within that policy.

Parameters 
prefix-list-name—
Specifies an IPv6 prefix list which contains IPv6 address prefixes to be matched.
Values—
A string of up to 32 characters of printable ASCII characters. If special characters are used, the string must be enclosed within double quotes.

 

association—
Displays the QoS policy and entry number in which the specified prefix list is used.
Output 

The following output is an example of ipv6-prefix-list information

Sample Output
*A:PE# show qos match-list ipv6-prefix-list
 
===============================================================================
QoS Match IPv6 Prefix List
===============================================================================
Prefix List Name                 Description                       Num Prefixes
-------------------------------------------------------------------------------
ipv6list1                                                          1 
ipv6list2                                                          1
-------------------------------------------------------------------------------
No. of Prefix-List: 2
===============================================================================
*A:PE#
 
*A:PE# show qos match-list ip-prefix-list “ipv6list1”
 
===============================================================================
QoS Match IPv6 Prefix List
===============================================================================
Prefix Name        : ipv6list1
Description        : (Not Specified)
-------------------------------------------------------------------------------
IP Prefixes
-------------------------------------------------------------------------------
2001:db8::/32
-------------------------------------------------------------------------------
No. of Prefixes : 1
-------------------------------------------------------------------------------
===============================================================================
*A:PE#
 
*A:PE# show qos match-list ipv6-prefix-list “ipv6list1” association
 
===============================================================================
QoS Match IPv6 Prefix List
===============================================================================
Prefix Name        : ipv6list1
Description        : (Not Specified)
-------------------------------------------------------------------------------
IPv6 Prefixes
-------------------------------------------------------------------------------
2001:db8::/32
-------------------------------------------------------------------------------
No. of Prefixes : 1
-------------------------------------------------------------------------------
 
-------------------------------------------------------------------------------
Association
-------------------------------------------------------------------------------
QoS Policy ID                           Criteria Entry
-------------------------------------------------------------------------------
10                   (sap-ingress)      10                   (source-ip)
-------------------------------------------------------------------------------
===============================================================================
*A:PE#