Cisco Nexus : Time based ACLs QOs Service Policies
Mar 12,2024 Moka
Cisco Nexus : Time based ACLs QOs Service Policies
Time-based ACLs give administrators more control over whether or not a user has access to resources. They also improve policy-based routing (PBR) and queueing capabilities.
For example, when a provider's access charges vary by time of day, traffic can be rerouted automatically and cost-effectively. Service providers can dynamically adjust a committed access rate (CAR) configuration to satisfy QoS service level agreements (SLAs) negotiated at specific times of day.
To define time-based QoS service regulations, utilize time-based ACLs as the match-on criterion for a specific type of traffic. In our example we are going to create a time based ACLs with the service policy on the interface.
Model : cisco Nexus9000 C93180YC-FX Chassis
Use case : The traffic is restricted with the bandwidth and the burst rate at the specific time
⭐ Step 1: Configure the time range
NDNA_SW# config t
NDNA_SW(config)# time-range DCbackup-day
NDNA_SW(config-time-range)# 10 periodic daily 06:00:00 to 21:00:00
NDNA_SW(config)# time-range DCbackup-night
NDNA_SW(config-time-range)# 10 periodic daily 21:01:00 to 05:59:00
NDNA_SW#
⭐ Step 2: Configure the Access list
NDNA_SW# config t
NDNA_SW(config)# ip access-list dcbackup-night
NDNA_SW(config-acl)# 10 permit ip any 10.10.10.5 0.0.0.255 time-range DCbackup-night
NDNA_SW(config)# ip access-list dcbackup-day
NDNA_SW(config-acl)# 10 permit ip any 10.10.10.5 0.0.0.255 time-range DCbackup-day
NDNA_SW(config-acl)# ^c
NDNA_SW#
⭐ Step 3: Now we need to create the Class-map required for Qos
NDNA_SW# config t
NDNA_SW(config)# class-map type qos match-any class_dcbackup-day
NDNA_SW(config-class-map)# match access-group name dcbackup-day
NDNA_SW(config)# class-map type qos match-any class_dcbackup-night
NDNA_SW(config-class-map)#match access-group name dcbackup-night
NDNA_SW(config)# ^c
NDNA_SW#
⭐ Step 4: Now as class-map already defined, now lets create the policy map which should be applied to the interface later on
NDNA_SW# config t
NDNA_SW(config)# policy-map type qos dcbackup
NDNA_SW(config-pmap-qos)# class class_dcbackup-day
NDNA_SW(config-pmap-qos-class)# police cir 200 mbps bc 37500000 bytes conform transmit violate drop
NDNA_SW(config-pmap-qos)# class class_dcbackup-night
NDNA_SW(config-pmap-qos-class)# police cir 300 mbps bc 56250000 bytes conform transmit violate drop
NDNA_SW(config-pmap-qos-class)# ^c
NDNA_SW#
⭐ Step 5: Now its time to apply the policy-map under the interface
NDNA_SW# config t
NDNA_SW(config)# interface eth1/5
NDNA_SW(config-if)# service-policy type qos input dcbackup
NDNA_SW(config-if)# ^c
NDNA_SW#