At 12:02 AM 12/26/2001 +0100, sthaug@nethelp.no wrote:
>I've spent part of the holiday reading up on Cat6000 QoS, at
>
>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/121_8aex/swconfig/qos.htm
>
>The description seems to imply that Cat6000 is very good at policing
>bandwidth on input, but not so featureful on output. Specifically,
>
>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/121_8aex/swconfig/qos.htm#xtocid37
>
>says "Catalyst 6000 family switches do not support the output
>service-policy keyword on LAN ports." So I have a couple of questions:
>
>- If I use VLAN-based QoS (instead of port based), can I then police
>bandwidth on output? (Implying, of course, that if I have one port per
>VLAN, I could get the same effect as port based policing on output...)
The PFC and PFC2 ASICs do not support output policing only input policing.
It does not matter if it is port or vlan based, only input policing is
supported.
>- By the same token, does this mean that pure L3 ports (no "switchport"
>statement) cannot have bandwidth policing on output at all?
No it does mean this. You can use input policing on L3 ports as well. You
can utilize input policing on the output port to achieve the results of
output policing if you know the IP subnets involved and you are L3 switching.
If what you are wanting to achieve is bi-directional rate limiting for a
particular port or users/customers traffic then you can use a set of input
policers on the ports that link to rest of the network to achieve the same
result. The example below is from a CatOS system but the same logic applies
for a system running Native but all the commands are different. If you need
the commands to implement this on a Native system drop me another email.
Ian
Example:
Take premium customers addresses to be A, B and C. Take medium to be D, E
and F, and lowest to be G and H. Take the link from this catalyst to the
core to be vlan Z, and the input vlan is Y, subnet 1.1.1.x/24.
set qos policer aggregate premium_in rate 50000 burst 100 drop
set qos policer aggregate medium_in rate 10000 burst 100 drop
set qos policer aggregate standard_in rate 10000 burst 100 drop
set qos policer aggregate premium_out rate 50000 burst 100 drop
set qos policer aggregate medium_out rate 1000 burst 100 drop
set qos policer aggregate standard_out rate 1000 burst 100 drop
## First line does not restrict any traffic within the given subnet.
set qos acl ip vlan_Y trust-dscp ip 1.1.1.0 0.0.0.255 1.1.1.0 0.0.0.255
set qos acl ip vlan_Y trust-dscp aggregate premium_in ip host 1.1.1.A any
set qos acl ip vlan_Y trust-dscp aggregate premium_in ip host 1.1.1.B any
set qos acl ip vlan_Y trust-dscp aggregate premium_in ip host 1.1.1.C any
set qos acl ip vlan_Y trust-dscp aggregate medium_in ip host 1.1.1.D any
set qos acl ip vlan_Y trust-dscp aggregate medium_in ip host 1.1.1.E any
set qos acl ip vlan_Y trust-dscp aggregate medium_in ip host 1.1.1.F any
set qos acl ip vlan_Y trust-dscp aggregate standard_in ip host 1.1.1.G any
set qos acl ip vlan_Y trust-dscp aggregate standard_in ip host 1.1.1.H any
set qos acl ip vlan_Z trust-dscp aggregate premium_out ip any host 1.1.1.A
set qos acl ip vlan_Z trust-dscp aggregate premium_out ip any host 1.1.1.B
set qos acl ip vlan_Z trust-dscp aggregate premium_out ip any host 1.1.1.C
set qos acl ip vlan_Z trust-dscp aggregate medium_out ip any host 1.1.1.D
set qos acl ip vlan_Z trust-dscp aggregate medium_out ip any host 1.1.1.E
set qos acl ip vlan_Z trust-dscp aggregate medium_out ip any host 1.1.1.F
set qos acl ip vlan_Z trust-dscp aggregate standard_out ip any host 1.1.1.G
set qos acl ip vlan_Z trust-dscp aggregate standard_out ip any host 1.1.1.H
set qos acl map vlan_Y Y
set qos acl map vlan_Z Z
A policer can be used multiple times in multiple ACEs, but is still refers
to single entity.
Theory: You always have a known set of uplink ports or vlans. A outbound
policer can be written as inbound policer for the source VLANs. If the
traffic X is not meant to exceed 30Mbps on the uplink, then you can
restrict the input traffic destined to the uplink to be X Mbps.
Ian
>Steinar Haug, Nethelp consulting, sthaug@nethelp.no
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:26 EDT