My setup looks like this: two GigE interfaces in a port-channel with a number of VLANs configured as sub-interfaces to the port-channel and PPPoE sessions terminated on those VLANs. Simple enough.
If I apply a simple policer to the virtual-template or configure it via RADIUS for a router dialling in with a PPPoE client the policy is applied, no questions asked. But a simple policer isn't really much good to me because I'm going to want a child-policy in order to define an LLQ for, say, VoIP traffic.
So, I need to apply a shaper parent policy effectively defining the bandwidth of the interface and a child policy containing my LLQ for my VoIP class and my other traffic classes specific bandwidth requirement.
All straightforward enough stuff, bread and butter for SPs and enterprises. Until you bring up your PPPoE client, do a show policy-map interface on the virtual-access subinterface and... nothing. A quick look at the log shows an error like this:
Sep 7 14:30:02 BST: %QOS-6-POLICY_INST_FAILED:
Service policy installation failed
After digging around a bit and trying a few things I was confident enough that I'd hit at best some sort of bug, at worst a "feature limitation" so I got in touch with Cisco TAC. After a bit of troubleshooting the TAC engineer homed in on my port-channel configuration and suggested that I upgrade to IOX XE 3.7 as there is limited support for queuing on port-channel interfaces. Fine, I went ahead with that and tried again. Show policy-map interface and... nothing.
Another look at the logs showed the familiar policy installation error from before but this was now accompanied with this additional error:
Sep 11 08:19:32.251: Port-channel1 has more than one active member link
Yes, this port-channel has more than one active member link because, you know, it's a port-channel!
At this point I could see where this was going and spoke to the TAC engineer again. Apparently this is what he meant by "limited support" for PPPoEoVLAN on port-channels. So, in order to prove that the rest of my configuration worked I went ahead and re-configured the port-channel for fast-switchover (active / standby - see here (cisco.com)). Now the policy applied without a problem.
This leaves me in a bit of a predicament though. On one hand I now have policy-maps applying successfully PPPoE virtual-access interfaces. On the other hand I now have an ASR 1001 that can do 2.5Gbps throughput by default (and is upgradeable by license to 5Gbps throughput) that I've had to "waste" an interface on to get uplink resilience. And, on a box with only four SFP ports that's expensive wastage. I could use the other two SFP ports and artificially load-balance traffic by targeting different PPPoE VLANs on each port-channel, but I honestly would much rather see Cisco fix queuing on load-balanced port-channels. Hopefully this will happen sometime soon, before this box starts getting pushed beyond 1Gbps!
HI,
ReplyDeleteI just stumbled across your post about this. We have just ran into this issue.
Did you get a solution to this? I have passed our findings onto teh TAC again to see what we can do...
Not very happy with this at all.
TJS
Hi,
DeleteNo, I didn't get a solution. Here's the latest technical note from Cisco: http://www.cisco.com/en/US/docs/ios-xml/ios/qos_mqc/configuration/xe-3s/asr1000/qos-pppgec.html
I'm hoping for it to be fixed. To add to the insult the workaround suggested by TAC was to just create a PPPoE server on another physical interface and let it naturally load-balance.
yeah its actually pathetic. The Tac engineer is looking into any work arounds, however I think he will come back with what they offered you..
DeleteI don’t want to but we may need to go down the 10Gb path.
.
Just wondering if there has been any update on this issue? I have upgraded to 3.10 but it is still occuring.
ReplyDeleteFYI - I have had two TAC cases open on this "issue" Jan this year and July 2012 - The latest from TAC is:
ReplyDelete"Currently, our engineering is working on aggregate port-channel QoS.
We don’t have an exact release at this time, but we can say that support will be no sooner than XE3.11, and may be later."
Is PPPoE load balancing even ported over port-channels on the 1K? I seem to remember trying this but outbound PPPoE traffic was always just on one member, not the other.
ReplyDeletebtw, i'm on XE 3.13 and this issue still exist... Do you have any idea of the CSC number?
ReplyDeleteAny update on this issue?
ReplyDeleteI have a similar issue has anyone got a resolution to this issue?
ReplyDeleteMar 27 16:44:07.489: %QOS-6-POLICY_INST_FAILED:
Service policy installation failed
This comment has been removed by the author.
Deletebtw my issue is only when I try to bind shaping as part of the attribute replies, otherwise (even when police or routed-ip is injected) no log error is generated:
DeleteMar 27 16:43:59.212: %VPDN-6-CLOSED: L2TP LNS MEL-NDC-LNS02 closed Vi3.104 user dadada@blahblahblah.com.au; Result 2, Error 6, Locally generated disconnect
Mar 27 16:44:07.489: %QOS-6-POLICY_INST_FAILED:
Service policy installation failed
same issue with ASR 1004 running 15.4(3)S.
ReplyDeleteif you configure the port-channel with only one member the policy shaping will work. then, you can configure once again the port-channel with 2,3 or 4 members, reset one subscriber and everything works.
i found this workarround, but i get in touch with TAC in order to know if this is a limitation or we are hitting any bug. furthermore, i don't know if this workarround will be 100% sure.
I just tried you workaround it seems to be working ! Did you get a chance to had TAC response ?
Delete