LAG Egress Shaping or Policing on Sub-Interfaces

OcNOS SP : Quality of Service Guide : Quality of Service Configuration : LAG Egress Shaping or Policing on Sub-Interfaces

The LAG Egress Shaping or Policing on Sub-Interfaces feature introduces Hierarchical Quality of Service (HQoS) enhancements to enable unified bandwidth management for Link Aggregation Group (LAG) and Multi-Chassis LAG (MLAG) interfaces.

In earlier releases, LAG shaping was applied per member port, causing an overall bandwidth reduction when one or more LAG members failed. The new Unified Traffic Management (TM) model resolves this limitation by enabling a single, shared shaper across all active LAG members, ensuring consistent throughput and QoS behavior.

This enhancement provides two programming models:

• Multi-Unit TM per Member Model: Applied per member and per service (sub-interface) for multi-unit systems.

• Single-Unit Unified TM Model: Applied per LAG or per LAG-based service for single-unit systems.

Note: Both models provide enhanced control over bandwidth allocation, congestion avoidance, and policy enforcement for LAG and sub-interface–based traffic.

Feature Characteristics

• Provides egress shaping and policing on LAG interfaces and sub-interfaces.

• Supports HQoS for flexible bandwidth control and service differentiation.

• Offers two QoS programming models:

• Per-Member Model: Individual TM instance per member or per service.

• Unified Model: Single TM instance applied across the entire LAG or per service.

• Allows unified bandwidth control across all active LAG members to maintain consistent throughput.

• Supports QoS operations, including shaping, congestion avoidance (WRED), tail-drop, and header compensation.

• Enables policy-map binding and modification for both default and user-defined QoS profiles.

• Supports per-service (sub-interface) QoS configuration, allowing granular bandwidth control at VLAN or service levels.

• Provides dynamic event handling for LAG membership changes — automatically reprograms QoS mappings when members are added or removed.

• Offers counters and debug visibility for interfaces, policy maps, and scheduling elements.

• Compatible with both static and dynamic LAG configurations.

• Integrated with default and user-defined policy maps for traffic management.

• Supports hierarchical scheduling, allowing bandwidth enforcement at multiple levels (LAG and service).

• Maintains consistent QoS behavior across LAG and MLAG interfaces.

Benefits

• Unified Bandwidth Management: Prevents bandwidth degradation when a member link fails by maintaining a shared shaping policy.

• Enhanced QoS Consistency: Ensures uniform treatment of traffic across aggregated links.

• Flexible Configuration Models: Offers both per-member and unified programming options.

• Dynamic Adaptability: Handles membership changes in real time without affecting service continuity.

• Efficient Resource Utilization: Optimizes use of traffic management and scheduling elements.

• Simplified QoS Administration: Centralized configuration per LAG reduces operational complexity.

• Scalable Design: Supports thousands of sub-interfaces and policy instances with predictable performance.

Limitations

• Unified bandwidth model cannot be used when LAG spans multiple switching units.

• Swapping between programming models is not supported when:

• The LAG interface already has associated member ports.

• A policy map is already bound to the LAG interface.

• MLAG is supported only in active/standby mode; active/active unified shaping is not supported.

• Hash-based load balancing is used as the traffic distribution mechanism; unified TM does not alter hashing behavior.

• In this release, only the ‘Match Queue’ classification option is supported for both programming models.

• Shaper limit is not supported on unified shaper LAG interfaces when using default policy maps due to the inherent hierarchy of default queueing.

• Default policies such as ‘default-out-policy’ and ‘subif-default-out-policy’ do not apply shaping.

• To apply shaping correctly, the user must use a custom (user-defined) policy map on unified shaper LAG interfaces or sub-interfaces.

• Unified TM scheme can only be enabled before member ports are added.

• Migration between per-member and unified TM models is not supported once the LAG is active.

• Unified TM model is supported only on systems where the traffic manager operates in a single, unified instance.

• Resource scaling depends on available traffic management and scheduling elements; shaping precision may vary slightly at high rates.

Configuration Considerations

• Unified scheme can only be enabled before adding member ports.

• The LAG interface must be associated with a default policy-map before enabling unified scheme.

Configurations

When traffic is forwarded over a port-channel (single or multi-chassis), rate limits must be applied at the correct logical level (LAG interface or sub-interface) to ensure consistent, predictable bandwidth control across bundled links.

Topology

The topology consists of two network endpoints connected through a pair of intermediate network nodes. Traffic enters the topology through interface cd0/1 on the first node. This interface is configured as a sub-interface with VLAN encapsulation and mapped into a bridge domain.

From there, traffic is forwarded across a LAG formed using interfaces cd4 and cd5. These two physical links operate as a single logical port-channel, enabling the application of egress shaping or policing on the associated sub-interface.

On the second node, the corresponding LAG is created using interfaces cd49 and cd55. The aggregated traffic received over this port-channel is then forwarded toward the far end of the network through interface xe2.

This topology is used to validate that egress shaping or policing applied on a port-channel sub-interface is consistently enforced across all member links of the LAG, ensuring uniform rate control across the aggregated path.

Egress Shaping or Policing on Subinterface

Perform the following steps to configure egress shaping or policing on LAG sub-interfaces:

1. Configure the Port-Channel interface with a LAG shaper to ensure that shaping or policing is applied per LAG instead of per physical member interface.

(config)# interface po10

(config-if)# switchport

(config-if)# load-interval 30

(config-if)# lag-shaper unified unit 1

(config-if)# commit

Note: Based on the interface availability configure the lag-shaper unified unit zero or unit one.

2. Attach physical interfaces to the Port-Channel so the LAG operates as a single logical egress interface.

(config)# interface cd4

(config-if)# channel-group 10 mode active

(config-if)# commit

(config-if)# exit

(config)# interface cd5

(config-if)# channel-group 10 mode active

(config-if)# commit

3. Create the access sub-interface with VLAN encapsulation to identify customer/service traffic before it enters the bridge domain.

(config)# interface cd0/1.1 switchport

(config-if)# encapsulation dot1q 10

(config-if)# load-interval 30

(config-if)# commit

4. Apply port shaping at the Port-Channel sub-interface to ensure per-service bandwidth control over the LAG uplink.

(config)# interface po10.1 switchport

(config-if)# encapsulation dot1q 10

(config-if)# load-interval 30

(config-if)# shape rate 4 gbps

(config-if)# commit

5. Create queue classifications and shaping policies to enforce rate limits per queue on the sub-interface.

(config)# qos enable

(config)# qos statistics

(config)# commit

(config)# class-map type queuing C3

(config-cmap-que)# match queue 0

(config-cmap-que)# commit

(config-cmap-que)# exit

(config)# policy-map type queuing P3

(config-pmap-que)# class type queuing C3

(config-pmap-c-que)# shape 3 gbps

(config-pmap-c-que)# exit

(config-pmap-que)# commit

6. Attach the policy-map with queue shaping to the port-channel sub-interface to enforce egress rate limits on LAG traffic.

(config)# interface po10.1

(config-if)# service-policy type queuing output P3

(config-if)# commit

7. Map the access and uplink sub-interfaces into the bridge domain to enable L2 forwarding with shaping applied.

(config)# bridge-domain 5

(config-bridge-domain)# interface cd0/1.1

(config-bridge-domain)# interface po10.1

(config-bridge-domain)# commit

8. Repeat LAG and Sub-Interface Configuration on the Peer side:

• The corresponding port-channel

• Member interfaces

• VLAN sub-interfaces

• Bridge-domain mappings

Validation

show etherchannel summary

Aggregator po10 100010

Aggregator Type: Layer2

Admin Key: 0010 - Oper Key 0010

Link: cd4 (5023) sync: 1

Link: cd5 (5024) sync: 1

show policy-map interface po10.1

Interface po10.1

Type Queuing policy-map : P3

Service-policy (queuing) output: P3

Interface Bandwidth 800000000 kbps

Port Shaper 4 gbps

-----------------------------------

Class-map (queuing): C3

shape 3 gbps

wfq-queue weight 1

queue-limit 3749888 bytes/10 ms (default)

match queue 0

Output

Total : 8357663 packets, 12536494500 bytes

Green : 8357663 packets, 12536494500 bytes

Yellow : 0 packets, 0 bytes

Dropped

Total : 2744779 packets, 4117168500 bytes

Green : 2744779 packets, 4117168500 bytes

Yellow : 0 packets, 0 bytes

Red : 0 packets, 0 bytes

Class-map (queuing): class-default-q

shape 4000000 kbps (inherited)

wfq-queue weight 1

queue-limit 500000000 bytes/1000 ms (default)

match queue 1

match queue 2

match queue 3

match queue 4

match queue 5

match queue 6

match queue 7

show interface po10.1 counters queue-stats

E - Egress, I - Ingress, Q-Size is in bytes

+--------------------+-------------------+-----------------+-------------------+-----------------+-------------------+

+--------------------+-------------------+-----------------+-------------------+-----------------+-------------------+

q0 (E) 3749888 37957242 56935863000 12488411 18732616500

q1 (E) 500000000 0 0 0 0

q2 (E) 500000000 0 0 0 0

q3 (E) 500000000 0 0 0 0

q4 (E) 500000000 0 0 0 0

q5 (E) 500000000 0 0 0 0

q6 (E) 500000000 0 0 0 0

q7 (E) 500000000 0 0 0 0

show interface counters rate mbps

+-------------------+--------------+-------------+--------------+-------------+

+-------------------+--------------+-------------+--------------+-------------+

cd0/1 3993.66 332804 0.00 0

cd0/1.1 3880.44 323369 0.00 0

cd4 0.00 0 1502.30 125191

cd5 0.00 0 1502.29 125191

po10 0.00 0 3004.59 250382

po10.1 0.00 0 3004.59 250382

Implementation Examples

Unified Shaper for Single LAG Interface:

Applying a single shaping policy across all active member links of a LAG interface to ensure consistent bandwidth utilization, even during link failures.

A operator aggregates four 25G links into a single LAG (Port-channel10) to provide 100G aggregate bandwidth toward an access switch.To prevent bandwidth degradation when a member link goes down, a unified egress shaper is configured at the LAG interface level.

Per-Service (Sub-Interface) Shaping on LAG:

Implementing HQoS where different services (sub-interfaces) under the same LAG interface have individual shaping or policing profiles.

A service provider runs multiple VLAN-based services (For example: business internet and VoIP) over the same LAG. Each VLAN is mapped to a sub-interface, and each sub-interface requires a distinct egress shaping rate.

Commands

The following command is introduced as part of the OcNOS version 7.0.0.

lag-shaper unified

Use this command to enables the unified traffic management (TM) scheme on a LAG or MLAG interface. When enabled, bandwidth shaping is applied uniformly across all member ports of the LAG, preventing per-member bandwidth limitations and ensuring consistent bandwidth allocation.

On Qumran2 series platforms with dual switching units, the optional unit parameter specifies the switching unit to which the LAG is associated. On single-unit platforms, this parameter is ignored, and the LAG is automatically associated with the available unit.

For unit-to-port mapping details, use the show interface hw-mapping command.

Use the no parameter of this command to disable the unified traffic management (TM) scheme on a LAG or MLAG interface.

Command Syntax

lag-shaper unified (unit <0-1>)

Parameters

unit	Specifies the switching unit to which the LAG belongs (applicable only on multi-unit platforms).
<0-1>	0 specifies the first unit 1 specifies the second unit

Default

unit 0

Command Mode

Interface configuration mode.

Applicability

Introduced in OcNOS version 7.0.0.

Example

The following examples show to enable the unified TM scheme on a LAG interface, with and without specifying the switching unit.

# configure terminal

(config)# interface sa1

(config-if)# lag-shaper unified

(config)# interface sa1

(config-if)# lag-shaper unified unit 1

(config)# interface sa1

(config-if)# lag-shaper unified unit 0

Glossary

The following provides definitions for key terms used throughout this document.

Key Terms/Acronym	Description
Link Aggregation Group (LAG)	A logical interface formed by bundling multiple physical Ethernet links to provide increased bandwidth, load balancing, and redundancy.
Multi-Chassis Link Aggregation (MLAG)	An extension of LAG that allows physical links connected to different chassis to appear as a single logical LAG, providing high availability and redundancy.
Egress Traffic	Traffic that is transmitted out of an interface toward the network or downstream devices.
Egress Shaping	A traffic management mechanism that smooths outbound traffic by buffering packets and transmitting them at a configured rate to conform to bandwidth limits.
Egress Policing	A traffic control mechanism that enforces a maximum transmission rate on outbound traffic by dropping or marking packets that exceed the configured rate.
Traffic Management (TM)	A set of mechanisms, including shaping and policing, used to control bandwidth usage, prioritize traffic, and ensure predictable network performance.