QoS Profile Binding Enhancement

.Use the information in the following topics to learn about the improved binding of Quality of Service (QoS) profiles.

Introduction

XCO 3.5.0 has enhanced the binding of Quality of Service (QoS) profiles. It supports incremental application and the reconciliation of failed bindings caused by conflicting configurations present on devices. It includes out-of-band (OOB) changes to interface mode settings, moving interfaces into and out of port-channels, concurrent execution of tenant CRUD (Create, Read, Update, Delete) operations related to Policy Objects (POs), and Endpoint Groups (EPGs) while QoS profile binding is in progress, and more. The following cases provide some common scenarios and explain how error handling is performed.
If a device in the fabric cannot be reached due to connectivity issues, no commands will be sent to any device. You must wait for the connectivity to be restored before attempting the command again.
In case the error is legitimate, such as an incorrect switch-port mode on an interface or QoS on LAG member that cannot be applied, the binding process may partially succeed on some devices. However, the failed devices will be reconciled, and the issue will be corrected. The app-state (cfg-refreshed) will be displayed for all failed interfaces, and it will be updated to (cfg-in-sync) after the configuration is reconciled.
Successful devices will have a result of SUCCESS while failed devices will have a result of PARTIAL. There is no "Rollback" in a partial success scenario.
When a device binding is in a "Partial" state, it can be automatically applied when relevant events are processed, and the failed bindings are attempted for reconciliation. However, there is a possibility that the policy service may never receive any subsequent events to correct the failed bindings. In such cases, the user will need to re-issue the failed bind command to complete the provisioning of failed bindings.

User can check if recovery is pending by listing interfaces in “Partial” state.

efa policy qos profile list --ip 10.20.246.1  
Name: profileTen
Trust:  dscp
Dscp->Tc:  dscp2tcTen
Service Policy Map: spTen, out
Name: profileTenIF
Trust:  dscp
Dscp->Tc:  dscp2tcTenIF
Service Policy Map: spTen, out
IP Addresses:
+--------------+-------------+-----------+------------------+-----------+---------------+
| profileTen   | 10.20.246.1 | eth 0/29  | tenant           | tenantAB  | cfg-in-sync   |
+--------------+-------------+-----------+------------------+-----------+---------------+
| profileTen   | 10.20.246.1 | eth 0/30  | tenant           | tenantAB  | cfg-in-sync   |
+--------------+-------------+-----------+------------------+-----------+---------------+
| profileTenIF | 10.20.246.1 | eth 0/11  | tenant-interface | tenantAB  | cfg-refreshed |
+--------------+-------------+-----------+------------------+-----------+---------------+
After the recovery is complete, app-state of interfaces will be changed from “cfg-refreshed” to “cfg-in-sync".
✗ efa policy qos profile bind --name profileTen --tenant tb
Error :  Device 10.64.208.16 not reachable. Please retry after verifying the inputs and connectivity issues

✗ efa policy qos profile bind --name profileFab --fabric fabric1
+------------------+-----------+-----------+
| Qos Profile Name | Bind Type | Bind Name |
+------------------+-----------+-----------+
| profileFab       | fabric    | fabric1   |
+------------------+-----------+-----------+

Qos Profile details
+--------------+---------+---------------------------------------------------------+-----------------+
|  IP Address  | Result  |                            Reason                       | Rollback reason |
+--------------+---------+---------------------------------------------------------+-----------------+
| 10.20.246.30 | Success |                                                         |                 |
+--------------+---------+---------------------------------------------------------+-----------------+
| 10.20.246.29 | Partial | IFs: [0/15 0/16 0/24 0/29 0/30 0/1 0/13 0/10|           |                 |
|              |         | Reason: netconf rpc [error] QoS config on LAG           |                 |
|              |         | member is not allowed'                                  |                 |
+--------------+---------+---------------------------------------------------------+-----------------+


✗ efa policy qos profile bind --name profileFabIF --fabric fabric1 --port fabric-internal
+------------------+-----------+-----------+
| Qos Profile Name | Bind Type | Bind Name |
+------------------+-----------+-----------+
| profileFabIF     | fabric    | fabric1   |
+------------------+-----------+-----------+

Qos Profile details

+--------------+---------+--------------------------------------------------------------+----------------+
|  IP Address  | Result  |                            Reason                            | Rollback reason| |
+--------------+---------+--------------------------------------------------------------+----------------+
| 10.20.246.29 | Partial | IFs: [64] Err: Reason: netconf rpc [error] '%Error:          |                | 
|              |         | Policy-Map not found'                                        |                | 
+--------------+---------+--------------------------------------------------------------+----------------+
| 10.20.246.30 | Partial | IFs: [64] Err: Reason: netconf rpc [error] '%Error:          |                | 
|              |         | Policy-Map not found'                                        |                | 
+--------------+---------+--------------------------------------------------------------+----------------+

Sometimes, when multiple actions are happening at the same time (concurrent execution of tenant CRUD operations and QoS profile binding by policy service), there can be issues. For instance, if a tenant service is modifying a switchport mode on an interface by creating an EPG while a QoS profile (tenantIF) is being bound, it can cause the tenantIF profile binding to fail. This happens because the switchport mode change could occur before the binding process is complete. If this occurs, the operation will result in failure, and the device will display the following output:

efa policy qos profile bind --name profileTenIF --tenant tenantAB --port "10.20.246.1[0/11],10.20.246.2[0/11]"

+------------------+-----------+-----------+
| Qos Profile Name | Bind Type | Bind Name |
+------------------+-----------+-----------+
| profileTenIF     | tenant    | tenantAB  |
+------------------+-----------+-----------+

Qos Profile details
+-------------+---------+--------------------------------------------------------------+-----------------+
| IP Address  | Result  |                            Reason                            | Rollback reason |
+-------------+---------+--------------------------------------------------------------+-----------------+
| 10.20.246.2 | Partial | IFs: [0/11] Err: Reason: netconf rpc [error] '%Error: Enable |                 |
|             |         | QoS trust DSCP'                                              |                 |
+-------------+---------+--------------------------------------------------------------+-----------------+
| 10.20.246.1 | Partial | IFs: [0/11] Err: Reason: netconf rpc [error] '%Error: Enable |                 |
|             |         | QoS trust DSCP'                                              |                 |
+-------------+---------+--------------------------------------------------------------+-----------------+

To ensure successful provisioning, re-issue the binding after the switchport mode changes have been processed, following any switchport mode changes made to the EPG. Alternatively, if the tenantIF binding is applied immediately after the creation of the EPG, it is assumed that the switchport mode changes due to EPG creation have been processed before the application of binding, resulting in successful provisioning.

Policy Service CLI Changes

Option -po uses PO name string instead of PO ID string for the efa policy qos bind/unbind command.

Following are the examples of an existing command and a modified command:

Existing Command:

efa policy qos profile bind --name profile2 --tenant tenant1  --po "1,3" 
efa policy qos profile unbind --name profile2 --tenant tenant1  --po "1,3"

Modified Command:

efa policy qos profile bind --name profile2 --tenant tenant1  --po "po1,po3" 
efa policy qos profile unbind --name profile2 --tenant tenant1  --po "po1,po3"