[c-nsp] Policing on Catalyst 4948 - Hardware or Software?

[Rick Ernst]

The Catalyst 4948 was brought to my attention as a potential collocation
aggregation device; with a specific requirement of bidirectional policing
per port.

I have spent quite a bit of time on Cisco and Google trying to find out
whether policing (independent of marking/classifying) is performed in
hardware or software.  I get some hints that it is hardware, but nothing
the says so outright.  With a 266MHz processor, it doesn't seem like there
is a lot of capacity for bandwidth management.

In an ideal/extreme case, I'd like to be able to have hosts/networks
attempt to push 1Gbs per port and have it throttled to 1Mbs each without
cratering the device.  More realistically, 24 ports populated, each set to
10-500Mbs per customer (port).

I'm looking at a distributed device rather than modular for several
reasons including cable management (a nightmare at high port density) and
incremental expansion (makes the finance people less upset than dropping a
full chassis in with minimal utilization).

As part of the bigger picture; I'm looking at 7206VXR/G2 at the border for
GigE upstreams and BGP endpoints funneled to a pair of 7600/Sup720 for
redundant "glue", feeding multiple legacy aggregation devices and new,
bandwidth managed, ethernet customers.  Current utilization is ~300Mbs
both in and out, but we now have customers looking for 100-300Mbs CIR.

As an aggregation device, I'm also looking for OSPF, BGP, HSRP, and
potentially Layer-3 ACLs.

There are several other vendors touting ASIC-based policing but Cisco
isn't as informative.

Thanks,
Rick