The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.

An XCCDF Rule

Description

Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework to differentiate traffic and provide a method to manage network congestion. The Differentiated Services Model (DiffServ) is based on per-hop behavior by categorizing traffic into different classes and enabling each node to enforce a forwarding treatment to each packet as dictated by a policy. Packet markings such as IP Precedence and its successor, Differentiated Services Code Points (DSCP), were defined along with specific per-hop behaviors for key traffic types to enable a scalable QoS solution. DiffServ QoS categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment based on the classification. It is imperative that end-to-end QoS is implemented within the IP core network to provide preferred treatment for mission-critical applications.

ID: SV-256013r882381_rule
Version: ARST-RT-000310
Severity: Low
References: CCI-001095
Updated: 15 days ago

Remediation Templates

Step 1: Configure the Arista router class-maps to match on DSCP Quality of Service values to identify four traffic-class into Class 0 (0-7, 16-38, 40-44, 46-48, 50-63) Class 1 (11) Class 2 (39) Class 3 (15, 49).

router(config)#qos map
qos map dscp 0 1 2 3 4 5 6 7 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 40 41 42 43 44 46 47 48 50 51 52 53 54 55 56 57 58 59 60 61 62 63 to traffic-class 0
qos map dscp 11 to traffic-class 1
qos map dscp 39 to traffic-class 2qos map dscp 15 49 to traffic-class 3
!

Step 2: Configure the Arista router bandwidth and shape rates based on four queues defined by DSCP and the defined class-maps in accordance with the QoS GIG Technical Profile.

router(config)#interface Port-Channel33
router(config-if-po33)#description PO33->Distro1-QFX5200-32C-100G
   routerport trunk allowed vlan 2100-2102,4033
   routerport mode trunk
   routerport trunk group 4033
   qos trust dscp
   !
   tx-queue 0
      bandwidth percent 20
   !
   tx-queue 1
      bandwidth percent 40
      shape rate 40088888
   !
   tx-queue 2
      bandwidth percent 15
      shape rate 15022222
   !
   tx-queue 3
      bandwidth percent 25
      shape rate 25250000
!

Step 3: Configure the Arista router for queues 0 through 3 for Interface (Port-Channel33) as round robin, with voice strict-priority, and then allocate bandwidth for four queues: queue (0) 19.6%, queue (1) 39.6%, queue (2) 14.9%,  and queue (3) 24.9%, allowing for control-plane and protocol management traffic. These configurations allow burst traffic levels and shape rates for maximum outbound traffic bandwidth per queue.

router#sh qos int po33
Port-Channel33:
   Trust Mode: DSCP
   Default COS: 0
   Default DSCP: 0
   Port shaping rate: enabled
  Tx    Bandwidth     Bandwidth                   Shape Rate         Priority   ECN/WRED 
 Queue  (percent)     Guaranteed (units)           (units)         
 ----------------------------------------------------------------------------------------
   7        -             - ( - )              -            ( - )      SP         D     
   6        -             - ( - )              -            ( - )      SP         D     
   5        -             - ( - )              -            ( - )      SP         D     
   4        -             - ( - )              -            ( - )      SP         D     
   3        25          - ( - )           24.9      (Gbps)   SP        D     
   2        15          - ( - )           14.9      (Gbps)   RR       D     
   1        40          - ( - )           39.6      (Gbps)   RR       D     
   0        20          - ( - )              -            ( - )       RR       D
     
Legend:
RR -> Round Robin
SP -> Strict Priority
 - -> Not Applicable / Not Configured
 % -> Percentage of reference
ECN/WRED: L -> Queue Length ECN Enabled     W -> WRED Enabled     D -> Disabled

The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.

Description

Remediation Templates

A Manual Procedure