[c-nsp] policy-maps on dCEF platforms

Mack McBride mack.mcbride at viawest.com
Thu Jun 10 19:18:29 EDT 2010


That document answers the question.
Named policers will not help the original poster.
The named aggregate is not forwarded to the PFC.

Mack

From: Tony [mailto:td_miles at yahoo.com]
Sent: Thursday, June 10, 2010 5:15 PM
To: Artyom Viklenko; cisco-nsp at puck.nether.net; Mack McBride
Subject: Re: [c-nsp] policy-maps on dCEF platforms

The 7600 Software Config Guide contains the relevant section on aggregate policers:

http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923

I'm not sure if it will do what you want, but certainly worth a try to see what happens. I've just read it 3-4 times and my head hurts.



regards,
Tony.


--- On Fri, 11/6/10, Mack McBride <mack.mcbride at viawest.com> wrote:

From: Mack McBride <mack.mcbride at viawest.com>
Subject: Re: [c-nsp] policy-maps on dCEF platforms
To: "Artyom Viklenko" <artem at aws-net.org.ua>, "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Received: Friday, 11 June, 2010, 2:29 AM
DFC line cards will rate limit independently of the PFC rate limiting (CFC line cards).
Software switched traffic will also be rate limited separately from DFC and PFC switched traffic.
This is true for all rate limited traffic including Control Plane Policing traffic.
You may get better results from a named aggregate policer which should all go through the PFC
but there may be caveats and I can't guaranty this will do what you want as the only documentation
is 6500 specific.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml

If someone has a 7600 link please post it.

LR Mack McBride
Network Architect
Viawest, Inc.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net</mc/compose?to=cisco-nsp-bounces at puck.nether.net> [mailto:cisco-nsp-bounces at puck.nether.net</mc/compose?to=cisco-nsp-bounces at puck.nether.net>] On Behalf Of Artyom Viklenko
Sent: Wednesday, June 09, 2010 11:30 PM
To: cisco-nsp at puck.nether.net</mc/compose?to=cisco-nsp at puck.nether.net>
Subject: [c-nsp] policy-maps on dCEF platforms

Hi, All!

I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
IOS 12.2(33)SRD4 Advanced IP Services

>From config:

!
policy-map xxxxxx
   class class-default
     police cir 10240000 bc 1920000 be 3840000
      conform-action transmit
      exceed-action drop
      violate-action drop
!
!
interface VlanYYY
  description Some Customer
  ip address x.x.x.x 255.255.255.252
  no ip redirects
  ip flow ingress
  no snmp trap link-status
  service-policy input xxxxxx
  service-policy output xxxxxx
end
!

Before upgrade we has only CFC-capble line cards in it
(WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
interfaces was according policy-maps.

Recently 4-port 10G card WS-X6704-10GE was replaced by
WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).

Incoming traffic comes via CFC line cards and via this
10GE DFC line card. So, on customer interface we have
some time nearly doubled rate.

I have read some docs on cisco.com and found explanation
how policyng works in such situation - each DFC-capable
linecard process service policy independently on ingress.

#sh policy-map int vlan YYY
...
   Service-policy output: xxxxxx

     class-map: class-default (match-any)
       Match: any
       police :
         10240000 bps 1920000 limit 1920000 extended limit
       Earl in slot 2 :
         108929538743 bytes
         5 minute offered rate 72568 bps
         aggregate-forwarded 108895170086 bytes action: transmit
         exceeded 34368657 bytes action: drop
         aggregate-forward 65368 bps exceed 0 bps
       Earl in slot 5 :
         252903936350 bytes
         5 minute offered rate 101144 bps
         aggregate-forwarded 252600188727 bytes action: transmit
         exceeded 303747623 bytes action: drop
         aggregate-forward 56304 bps exceed 0 bps
#


I try add command mls qos bridged but it doesn't help.

So the question is: Is it possible in some way to solve such
situation and control egress rate to customers with DFC line
cards?

Still trying to find any hints in Google... without success. :(

Thanks in advance!


--
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua</mc/compose?to=artem at aws-net.org.ua> | http://www.aws-net.org.ua/~artem<http://www.aws-net.org.ua/%7Eartem>
artem at viklenko.net</mc/compose?to=artem at viklenko.net>   | ================================
FreeBSD: The Power to Serve   -  http://www.freebsd.org





More information about the cisco-nsp mailing list