- Testing deployment of easyqos beta of APIC-EM 126.96.36.1994. When tested it on a 3750x and 2960x, it doesn't completely deploys the QoS. Found some of the class-maps and ACLs empty, plus couldn't see all 1323 apps being matches in ACLs (many of them are missing, when applied the policy) .
you need to deploy the default CVD policy. You would expect that default applications would not be matched. Tim Szigeti's excellent CiscoLive presentation (BRKRST-2046 SDN QoS Deep Dive) goes into the details of how this works. Bear in mind the rendering will be different on different platforms due to TCAM resources etc.
EasyQoS will always implement an instantiation of the expressed business-intent to the maximum of a given platform's capabilities.
What this means is: you might configure a policy for 1323 applications (our NBAR2 library). However, not all of our platforms support NBAR. As such, rather than doing nothing on, say a Catalyst 3750 access-switch (which does not support NBAR), APIC-EM will parse the NBAR library and sift out all the apps that CAN be classified using L4 ACLs (incidentally there are only about 200 apps that can be identified via static ACLs), and then constructs and programs these ACLs into the platform, until we hit the TCAM (memory) limits of the box.
In addition to this access-edge policy, which represents the "best that the C3750 can do", EasyQoS will also push out another policy-enforcement-point at the LAN edge of any ASR or ISR router that supports the full NBAR library. At this edge then, apps that were NOT classified at the campus access-edge will ALSO be classified and marked.
(Side Note: As you may know, NBAR has recently been released on the Catalyst 3650 and 3850 platforms; as such, we will be adding this support to EasyQoS in the next few months as well).
As for the ACLs that were not populated by default (i.e. the Voice and Video ACLs), these will be populated by APIC-EM as it discovers Cisco devices via CDP (e.g. IP Phones, Cisco TelePresence Systems, Cisco IP Video Surveillance Cameras and/or Cisco Digital Media Players) AND/OR when APIC-EM receives dynamic QoS requests via the Northbound API from EasyQoS to applications like CallManager and/or MS-Lync, etc.)
More explicit and gory detail (like the slide above) can be found at:
- PPT: https://cisco.box.com/v/SDN-QoS
- VoD: https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=90876&backBtn=true
Short answer: the dynamic QoS Northbound API (from CUCM or from MS-Lync server) will supply the IP and UDP port information for the voice/video calls. Only at that time will EasyQoS dynamically program the ACEs (i.e. the "permit udp IP Port statements). The reason for the policy-shells (i.e. the empty ACLs, class-maps and policy-maps) in your config is to optimize performance and to ensure that QoS is applied in a non-disruptive manner.
Slides 138 through 144 and
Appendix D: Dynamic QoS (Slides 272 through 285).
Dynamic Shells are only added if you turn on Dynamic QoS. It is an optional feature, which is still in beta, and Static QoS , which has just been released as GA in 1.3, does not require these dynamic shells to work properly.
About to release 1.3 which has a number of EQ enhancements.