[nsp] VLAN Traffic shaping not working on 6500
Sam Stickland
sam_ml at spacething.org
Tue Feb 3 14:57:49 EST 2004
My brain should had clicked into life and realised that the ACLs were only
incrementing for processed switched packets.
Disabling mls on the inbound and outbound vlans appears kicked it into life
(Fortunately there's not much traffic on these two VLANs, and it's only for
a few days so I can suffer the MFSC CPU running at a bit more), but there
isn't actually any decrease in the traffic rate.
'sh policy-map interface vlan 803 output' shows that it's offering a 5
minute rate of 6671000 bps which doesn't exactly tie in with the 'shape
average 520000 2080 2080' command in the policy-map.
sh policy-map interface vlan 803 output
Vlan803
service-policy output: OUTBOUND_PM
class-map: xxxx (match-any)
532335 packets, 794842311 bytes
5 minute offered rate 6671000 bps, drop rate 0 bps
match: access-group name xxxx_IO
532335 packets, 794842311 bytes
5 minute rate 6671000 bps
queue size 0, queue limit 130
packets output 0, packet drops 0
tail/random drops 0, no buffer drops 0, other drops 0
shape: cir 520000, Bc 2080, Be 2080
output bytes 0, shape rate 0 bps
At least I'm getting counters now - can probably figure it out from here.
(Btw, seeing the effect this has had on my graphs reminded of something else
I've been meaning to look into - does anyone know if it's possible to graph
Null0 traffic off the supervisor card?)
Sam
Stephen J. Wilcox wrote:
> Yeah, fairly sure its because of the mls the vlan interface doesnt
> actually switch much traffic and its all done by the switch
> supervisor rather than the mfsc which is where your router config is.
>
> You can disable mls but your router will then be switching on the
> msfc which is probably not what you want else you would have bought a
> 7500 :)
>
> There may be a switch based workaround but I dont know it as I've not
> tried to do this on my Cat6ks
>
> Steve
>
> On Tue, 3 Feb 2004, Sam Stickland wrote:
>
>> Hi,
>>
>> Perhaps I'm missing something obvious here, but I can't seem to get
>> outbound traffic shaping working.
>>
>> Selective config:
>>
>> mls flow ip destination
>> mls flow ipx destination
>> mls qos statistics-export
>> mls qos
>>
>> ip access-list extended xxxx_IO
>> permit ip any a.b.c.d 0.0.0.63
>> permit ip a.b.c.d 0.0.0.63 any
>>
>> class-map match-any xxxx
>> match access-group name xxxx_IO
>>
>> policy-map INBOUND_PM
>> class xxxx
>> police 520000 8000 8000 conform-action transmit exceed-action
>> drop
>>
>> policy-map OUTBOUND_PM
>> class xxxx
>> shape average 520000 2080 2080
>>
>> interface Vlan803
>> service-policy input MFN_xxxx_PM
>> service-policy output MFN_xxxx_PM
>>
>> But it's definately not shaping outbound traffic.
>>
>> The access-list increment very very slowly. Far slow than an
>> equivalent ACL on the interface shows.
>>
>> Here's the result of 'sh policy-map interface vlan 803 output':
>>
>> sh policy-map interface vlan 803 output
>>
>> Vlan803
>>
>> service-policy output: OUTBOUND_PM
>>
>> class-map: xxxx (match-any)
>> 0 packets, 0 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> match: access-group name xxxx_IO
>> 0 packets, 0 bytes
>> 5 minute rate 0 bps
>> queue size 0, queue limit 130
>> packets output 0, packet drops 0
>> tail/random drops 0, no buffer drops 0, other drops 0
>> shape: cir 520000, Bc 2080, Be 2080
>> output bytes 0, shape rate 0 bps
>>
>> ie. Nothing.
>>
>> This attempting to shape about 8mbps of about traffic. I can verify
>> this by adding a deny ip a.b.c.d 0.0.0.63 any' entry to the
>> interfaces outbound ACL, and seeing the traffic drop off.
>>
>> This on a C6500/Sup2 running 12.1(20)E.
>>
>> Any thoughts?
>>
>> Sam
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list