[c-nsp] Cisco 3550 counters and QoS

Yuval Ben-Ari yuvalba at netvision.net.il
Tue Aug 24 17:26:33 EDT 2004


I remember this problem when we just started using 3550 for policing
back then when checking with the product manager/engineer I remember the
conclusion was that the switch is first counts and only then polices so
the counters actually show the pre-policing traffic (hope I'm getting it
right and not misleading)
so it is a design flaw that cannot be overcome, at least that was the
conclusion back then.
In general saying, the 3550 is very good in doing stuff but very bad in
reporting what it's doing :(

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Marco 
> Matarazzo
> Sent: Tuesday, August 24, 2004 17:28
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Cisco 3550 counters and QoS
> 
> 
> Hi all,
> 
> usual question about counters... ;)
> 
> I've setup a 3550-48 SMI in a lab, one port is a layer3 port, 
> the other one
> a layer2 trunk to the rest of the network.
> I've applied an inbound and an outbound policy to the layer3 
> port, to police
> the traffic at 1Mbps. This is the relevant part of the configuration:
> 
> IOS (tm) C3550 Software (C3550-I9Q3L2-M), Version 12.1(22)EA1, RELEASE
> SOFTWARE (fc1)
> 
> mls qos
> 
> class-map match-any all_traffic
>   match ip dscp 0
> 
> policy-map 1MbpsIN
>   class all_traffic
>     police 1024000 192000 exceed-action drop
> policy-map 1MbpsOUT
>   class all_traffic
>     police 1024000 192000 exceed-action drop
> 
> interface FastEthernet0/2
>  description CustomerPort
>  no switchport
>  ip address x.x.x.x 255.255.255.0
>  service-policy input 1MbpsIN
>  service-policy output 1MbpsOUT
>  no cdp enable
> 
> interface FastEthernet0/48
>  description TrunkCust3Gig1
>  switchport trunk encapsulation dot1q
>  switchport trunk allowed vlan 1,6,1002-1005
>  switchport mode trunk
> 
> Now the weird part:
> 
> If I download anything on the customer machine, traffic gets 
> policed at
> 1Mbps (5 minute average, I'm using the usual mrtg), and I can 
> see on the
> graphs a nice almost flat line on egress on the layer3 
> interface, and a nice
> almost flat line on ingress on the trunk. All fine.
> 
> If I upload anything from the customer machine, the traffic 
> gets policed at
> 1Mbps, but on the graphs, I see on the ingress of the layer3 interface
> 1.20Mbps, and on the egress of the trunk the nice flat line at 1Mbps.
> Checking the ftp client, I can see it's uploading at 125KBps (that's
> 1Mbps!), checking the "sh int":
> 
>   Input queue: 0/75/0/0 (size/max/drops/flushes); Total 
> output drops: 0
>   Queueing strategy: fifo
>   Output queue: 0/40 (size/max)
>   5 minute input rate 1270000 bits/sec, 107 packets/sec << 
> Should be lower!
>   5 minute output rate 39000 bits/sec, 68 packets/sec
> 
> Now, it wouldn't be a big problem (traffic gets policed 
> correctly anyway),
> but billing on the layer3 counters becomes impossible, as 
> there's a 20%
> difference on real traffic used! It there something wrong I'm 
> doing? Any
> ideas?
> 
> Thanks!
> ]\/[arco
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list