[c-nsp] Cisco 3550 counters and QoS

Jon Lewis jlewis at lewis.org
Tue Aug 24 14:34:12 EDT 2004 

On Tue, 24 Aug 2004, Marco Matarazzo wrote:

> I've setup a 3550-48 SMI in a lab, one port is a layer3 port, the other one
> a layer2 trunk to the rest of the network.
> I've applied an inbound and an outbound policy to the layer3 port, to police
> the traffic at 1Mbps. This is the relevant part of the configuration:
>
> class-map match-any all_traffic
>   match ip dscp 0
>
> policy-map 1MbpsIN
>   class all_traffic
>     police 1024000 192000 exceed-action drop
> policy-map 1MbpsOUT
>   class all_traffic
>     police 1024000 192000 exceed-action drop
>
> interface FastEthernet0/2
>  description CustomerPort
>  no switchport
>  ip address x.x.x.x 255.255.255.0
>  service-policy input 1MbpsIN
>  service-policy output 1MbpsOUT
>  no cdp enable
>
> Now the weird part:
>
> If I download anything on the customer machine, traffic gets policed at
> 1Mbps (5 minute average, I'm using the usual mrtg), and I can see on the
> graphs a nice almost flat line on egress on the layer3 interface, and a nice
> almost flat line on ingress on the trunk. All fine.

Search back a few weeks/months, but there was just a thread on 3550
policing and how for reasons nobody could figure out (including the tac
case I opened) matching on ip dscp 0 will not always police ingress
traffic.  When I originally tested it in the lab, it worked, but I found
in production it did not.

> If I upload anything from the customer machine, the traffic gets policed at
> 1Mbps, but on the graphs, I see on the ingress of the layer3 interface
> 1.20Mbps, and on the egress of the trunk the nice flat line at 1Mbps.
> Checking the ftp client, I can see it's uploading at 125KBps (that's
> 1Mbps!), checking the "sh int":

My guess is that the 1.2mbps you're seeing is the policed system trying to
send slightly more than it's allowed.  The extra .2mbps is being dropped
by the switch.  Since that traffic is getting to the switch, it doesn't
seem unreasonable for the snmp counters to include it.  It sounds like
what you want is an additional per-interface snmp counter for traffic
actually switched/forwarded.

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list