After dealing with CBQoS in the past days, some observations i have made
Cisco seams not to fill the SNMP variables on Catalyst 2960C /2960CG / 2960CX platforms.
snmp genarator is picky about ordering.
You may find this line “- source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]” in the GitHub Issues but this “- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]” seams to do the right thing.
So it is time get out some router again.
Configuration
!
mls qos map policed-dscp 0 10 18 to 8
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 40 46
mls qos srr-queue output dscp-map queue 2 threshold 1 16 18 20 22 26 28 30 34
mls qos srr-queue output dscp-map queue 2 threshold 1 36 38
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 56
mls qos srr-queue output dscp-map queue 3 threshold 3 0
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 100 100
mls qos queue-set output 1 threshold 2 80 90 100 400
mls qos queue-set output 1 threshold 3 100 100 100 3200
mls qos queue-set output 1 threshold 4 60 80 100 400
mls qos queue-set output 1 buffers 15 30 35 20
mls qos
!
class-map match-all BROADCAST-VIDEO
match access-group name BROADCAST-VIDEO
class-map match-all BULK-DATA
match access-group name BULK-DATA
class-map match-all VVLAN-SIGNALING
match access-group name VVLAN-SIGNALING
class-map match-all MULTIMEDIA-CONFERENCING
match access-group name MULTIMEDIA-CONFERENCING
class-map match-all OAM
match access-group name OAM
class-map match-all DEFAULT
match access-group name DEFAULT
class-map match-all SCAVENGER
match access-group name SCAVENGER
class-map match-all SIGNALING
match access-group name SIGNALING
class-map match-all REALTIME-INTERACTIVE
match access-group name REALTIME-INTERACTIVE
class-map match-all VVLAN-VOIP
match access-group name VVLAN-VOIP
class-map match-all TRANSACTIONAL-DATA
match access-group name TRANSACTIONAL-DATA
class-map match-all VOIP-TELEPHONY
match access-group name VOIP-TELEPHONY
class-map match-all MULTIMEDIA-STREAMING
match access-group name MULTIMEDIA-STREAMING
!
policy-map MARKING-POLICY
class VOIP-TELEPHONY
set dscp ef
class BROADCAST-VIDEO
set dscp cs5
class REALTIME-INTERACTIVE
set dscp cs4
class MULTIMEDIA-CONFERENCING
set dscp af41
class MULTIMEDIA-STREAMING
set dscp af31
class SIGNALING
set dscp cs3
class OAM
set dscp cs2
class TRANSACTIONAL-DATA
set dscp af21
class BULK-DATA
set dscp af11
class SCAVENGER
set dscp cs1
class class-default
set dscp default
policy-map MARKING&POLICING
class MULTIMEDIA-CONFERENCING
set dscp af41
police 5000000 8000 exceed-action drop
class SIGNALING
set dscp cs3
police 32000 8000 exceed-action drop
class TRANSACTIONAL-DATA
set dscp af21
police 10000000 8000 exceed-action policed-dscp-transmit
class BULK-DATA
set dscp af11
police 10000000 8000 exceed-action policed-dscp-transmit
class SCAVENGER
set dscp cs1
police 10000000 8000 exceed-action drop
class VVLAN-VOIP
set dscp ef
police 128000 8000 exceed-action drop
class VVLAN-SIGNALING
set dscp cs3
police 32000 8000 exceed-action drop
class DEFAULT
set dscp default
police 10000000 8000 exceed-action policed-dscp-transmit
!
ip access-list extended SIGNALING
remark sccp
permit tcp any any eq 2000
permit tcp any any eq 2001
permit tcp any any eq 2002
remark rtsp
permit tcp any any eq 554
permit tcp any any eq 8554
remark sip
permit tcp any any eq 5060
permit udp any any eq 5060
remark sip-tls
permit tcp any any eq 5061
permit udp any any eq 5061
!
ip access-list extended BULK-DATA
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq pop3
permit tcp any any eq 143
!
ip access-list extended OAM
remark ping
permit icmp any 10.0.0.0 0.255.255.255 echo
permit icmp any 10.0.0.0 0.255.255.255 echo-reply
remark SNMP
permit udp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq snmp
remark SSH
permit tcp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq 22
remark SYSLOG
permit udp 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255 eq syslog
SNMP
Tables
cbQosServicePolicyTable
cbQosObjectsTable
cbQosPolicyMapCfgTable
cbQosCMStatsTable
cbQosCMCfgTable
snmp_exporter / snmp_generator
auths:
modules:
cisco_qos:
walk:
- sysName
- sysUpTime
- interfaces
- ifXTable
- ifNumber
- ifIndex
- ifDescr
- ifType
- ifAdminStatus
- ifOperStatus
- ifLastChange
- ifInDiscards
- ifInErrors
- ifOutDiscards
- ifOutErrors
- ifName
- ifHCInOctets
- ifHCInUcastPkts
- ifHCInMulticastPkts
- ifHCInBroadcastPkts
- ifHCOutOctets
- ifHCOutUcastPkts
- ifHCOutMulticastPkts
- ifHCOutBroadcastPkts
- ifHighSpeed
- ifConnectorPresent
- ifAlias
- cpmCPUTotalTable
- cpmCPUTotal5minRev
- cpmCPUTotal1minRev
- cpmCPUTotal5secRev
- ciscoMemoryPoolTable
- ciscoEnvMonMIB
- cbQosServicePolicyTable
- cbQosPoliceCfgTable
- cbQosTSCfgTable
- cbQosSetCfgTable
- cbQosCMStatsTable
- cbQosMatchStmtStatsTable
- cbQosPoliceStatsTable
- cbQosQueueingStatsTable
- cbQosTSStatsTable
- cbQosCMCfgTable
- cbQosObjectsTable
- cbQosConfigIndex
- cbQosCMName
- cbQosPolicyDirection
- cbQosIfIndex
- cbQosCMPostPolicyByte64
- cbQosCMDropPkt64
- cbQosCMDropByte64
- cbQosObjectsIndex
- c3gGsmNetworkTable
- c3gGsmRadio
- cwceLteRadioTable
lookups:
- source_indexes: [ifIndex]
lookup: ifName
- source_indexes: [ifIndex]
# Uis OID to avoid conflict with PaloAlto PAN-COMMON-MIB.
lookup: 1.3.6.1.2.1.2.2.1.2 # ifDescr
- source_indexes: [ifIndex]
# Use OID to avoid conflict with Netscaler NS-ROOT-MIB.
lookup: 1.3.6.1.2.1.31.1.1.1.1 # ifName
# - source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]
- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]
lookup: cbQosConfigIndex
- source_indexes: [cbQosConfigIndex]
lookup: cbQosCMName
- source_indexes: [cbQosPolicyIndex]
lookup: cbQosIfIndex
- source_indexes: [cbQosIfIndex]
lookup: ifName
overrides:
ifAlias:
ignore: true # Lookup metric
ifDescr:
ignore: true # Lookup metric
ifName:
ignore: true # Lookup metric
ifType:
type: EnumAsInfoPrometheus output
So now we get the cbQosCMDropBitRate with the class and interface name.
# HELP ifIndex A unique value for each interface - 1.3.6.1.2.1.2.2.1.1
# TYPE ifIndex gauge
ifIndex{ifDescr="GigabitEthernet0/1",ifIndex="10101",ifName="Gi0/1"} 10101
# TYPE cbQosPolicyDirection gauge
cbQosPolicyDirection{cbQosIfIndex="10101",cbQosPolicyIndex="161616",ifName="Gi0/1"} 1
# HELP cbQosCMDesc Description of the Classmap. - 1.3.6.1.4.1.9.9.166.1.7.1.1.2
# TYPE cbQosCMDesc gauge
cbQosCMDesc{cbQosCMDesc="",cbQosCMName="BROADCAST-VIDEO",cbQosConfigIndex="322185256"} 1
# HELP cbQosCMDropBitRate The bit rate of the drops per class as the result of all features that can produce drops (e.g., police, random detect, etc.). - 1.3.6.1.4.1.9.9.166.1.15.1.1.18
# TYPE cbQosCMDropBitRate gauge
cbQosCMDropBitRate{cbQosCMName="BROADCAST-VIDEO",cbQosConfigIndex="322185256",cbQosIfIndex="10105",cbQosObjectsIndex="131072",cbQosPolicyIndex="161680",ifName="Gi0/5"} 0
Grafana
Panel Title: cbQosCMPostPolicyByte
Query: rate(cbQosCMPostPolicyByte{instance=”$instance”,ifName=”$ifName”}[$__rate_interval])
Label: {{instance}} – {{ifName}} – {{cbQosCMName}}
Links
- https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-traffic-shaping-54/TS_Configuration/TS_ToS_DSCP.htm
- https://community.fortinet.com/t5/FortiGate/Technical-Tip-Differentiated-Services-Code-Point-DSCP-marking/ta-p/190923
- https://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/91862-cat3750-qos-config.html
- https://en.wikipedia.org/wiki/Differentiated_services
- https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKCRS-2501.pdf
- https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/119031-technote-router-00.html
- https://pierky.wordpress.com/2009/04/09/cisco-class-based-qos-snmp-mib-and-statistics-monitor-for-nms/
- https://pierky.wordpress.com/2009/04/23/zabbix-tool-for-cisco-class-based-qos-monitoring/
- https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/119031-technote-router-00.html
- https://github.com/prometheus/snmp_exporter/issues/405
- https://gist.github.com/tarko/47dc7fa972711cf17976e0c35e14c3c3
- https://community.fortinet.com/t5/FortiGate/Technical-Tip-Add-SNMP-OIDs-for-shaping-related-statistics/ta-p/195977
Additional MIBS
pkg search netdisco-mibs
netdisco-mibs-4.034 MIBs for use with ports-mgmt/netdisco (and SNMP)
cp netdisco-mibs/cisco/CISCO-PORT-QOS-MIB.my mibs/
HELP cportQosCosEgressPkts This object indicates the number of egress packets whose COS value matched the value of the cportQosCosValue object - 1.3.6.1.4.1.9.9.189.1.3.9.1.4
# TYPE cportQosCosEgressPkts counter
cportQosCosEgressPkts{cportQosCosValue="0",ifAlias="",ifDescr="GigabitEthernet0/11",ifIndex="10111",ifName="Gi0/11"} 44
Patrick Marc's Networks 