[c-nsp] Cisco 3550 counters and QoS

Marco Matarazzo marmata at libero.it
Tue Aug 24 11:28:25 EDT 2004 

Hi all,

usual question about counters... ;)

I've setup a 3550-48 SMI in a lab, one port is a layer3 port, the other one
a layer2 trunk to the rest of the network.
I've applied an inbound and an outbound policy to the layer3 port, to police
the traffic at 1Mbps. This is the relevant part of the configuration:

IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(22)EA1, RELEASE
SOFTWARE (fc1)

mls qos

class-map match-any all_traffic
  match ip dscp 0

policy-map 1MbpsIN
  class all_traffic
    police 1024000 192000 exceed-action drop
policy-map 1MbpsOUT
  class all_traffic
    police 1024000 192000 exceed-action drop

interface FastEthernet0/2
 description CustomerPort
 no switchport
 ip address x.x.x.x 255.255.255.0
 service-policy input 1MbpsIN
 service-policy output 1MbpsOUT
 no cdp enable

interface FastEthernet0/48
 description TrunkCust3Gig1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,6,1002-1005
 switchport mode trunk

Now the weird part:

If I download anything on the customer machine, traffic gets policed at
1Mbps (5 minute average, I'm using the usual mrtg), and I can see on the
graphs a nice almost flat line on egress on the layer3 interface, and a nice
almost flat line on ingress on the trunk. All fine.

If I upload anything from the customer machine, the traffic gets policed at
1Mbps, but on the graphs, I see on the ingress of the layer3 interface
1.20Mbps, and on the egress of the trunk the nice flat line at 1Mbps.
Checking the ftp client, I can see it's uploading at 125KBps (that's
1Mbps!), checking the "sh int":

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 1270000 bits/sec, 107 packets/sec << Should be lower!
  5 minute output rate 39000 bits/sec, 68 packets/sec

Now, it wouldn't be a big problem (traffic gets policed correctly anyway),
but billing on the layer3 counters becomes impossible, as there's a 20%
difference on real traffic used! It there something wrong I'm doing? Any
ideas?

Thanks!
]\/[arco

More information about the cisco-nsp mailing list