[c-nsp] Rate limiting problem under 12.0(27) S1
Jon Allen Boone
ipmonger at delamancha.org
Thu Oct 21 14:18:38 EDT 2004
On Oct 20, 2004, at 14:35, Rodney Dunn wrote:
> Can you do:
>
> clear count
>
> wait 30 seconds:
>
> sh int Serial4/0/0/22:0 stat
Serial4/0/0/22:0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 6 96 6 96
Route cache 0 0 2527 3129504
Distributed cache 1123 70857 0 0
Total 1129 70953 2533 3129600
> wait 30 seconds:
>
> sh int Serial4/0/0/22:0 stat
Serial4/0/0/22:0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 12 192 12 192
Route cache 0 0 4585 5791945
Distributed cache 2337 185226 0 0
Total 2349 185418 4597 5792137
> I want to understand if you are dCEF switching
> all the traffic going in/out this interface.
>
> Did you confirm on the downstream router it's indeed
> not being rate limited?
>
downstream is a customer router - the snmp stats of the access router
confirm that the rate-limiting doesn't work. for testing purposes, I
generated traffic using ping on a host, routing it through this
interface to the customer. Regardless of whether rate-limiting was
applied or not, the load-average (both 30 sec and 5 min) and snmp
indicate that rate-limiting isn't being done properly.
> What we suggest is that if you are trying to do rate-limiting
> on an interface you do it with MQC:
i'm going to give this a try
>
> policy-map test
> class class-default
> police <blah>
>
> and then attach the service-policy in or out.
>
> Rodney
>
>
> On Wed, Oct 20, 2004 at 02:21:09PM -0400, Jon Allen Boone wrote:
>> Sorry, code version (in subject line) 12.0(27)S1.
>>
>> here's the relevant portion of an example config:
>>
>> interface Serial4/0/0/22:0
>> ip address XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX
>> no ip redirects
>> no ip directed-broadcast
>> no ip proxy-arp
>> rate-limit input 512000 64000 64000 conform-action transmit
>> exceed-action drop
>> rate-limit output 512000 64000 64000 conform-action transmit
>> exceed-action drop
>> encapsulation ppp
>> down-when-looped
>> end
>>
>>
>> Serial4/0/0/22:0
>> Input
>> matches: all traffic
>> params: 512000 bps, 64000 limit, 64000 extended limit
>> conformed 60339508 packets, 11592M bytes; action: transmit
>> exceeded 50024 packets, 63884982 bytes; action: drop
>> last packet: 32ms ago, current burst: 0 bytes
>> last cleared 5w1d ago, conformed 29716 bps, exceeded 163 bps
>> Output
>> matches: all traffic
>> params: 512000 bps, 64000 limit, 64000 extended limit
>> conformed 4697 packets, 5143576 bytes; action: transmit
>> exceeded 0 packets, 0 bytes; action: drop
>> last packet: 418016928ms ago, current burst: 0 bytes
>> last cleared 5w1d ago, conformed 13 bps, exceeded 0 bps
>>
>> SNMP traffic stats confirm that the rate limits aren't being
>> honored...
>>
>> --jon
>>
>> On Oct 20, 2004, at 14:07, Rodney Dunn wrote:
>>
>>> Do you see the same problem if you use MQC with
>>> a policer?
>>>
>>> That's the way we prefer it be done.
>>>
>>> btw, code version and interface configuration?
>>>
>>> Rodney
>>>
>>> On Wed, Oct 20, 2004 at 01:54:35PM -0400, Jon Allen Boone wrote:
>>>> Folks,
>>>>
>>>> I'm experiencing problems with CAR on a 7507+VIP2/50+PA-MC-T3.
>>>> It
>>>> appears that CAR is not properly rate-limiting traffic on either
>>>> input
>>>> or output. Is this a known issue? I'm having trouble getting Bug
>>>> Tracker to return known bugs on this version of the IOS.
>>>>
>>>> --jon
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>
More information about the cisco-nsp
mailing list