[nsp] traffic policing on a 3550-48-EMI

Tantsura, Jeff jeff.tantsura at capgemini.com
Sun Jun 20 10:54:59 EDT 2004 

Matthew,

By dropping TCP traffic you are going to mess with global
synchronisation.
You should use WRED instead

On 3550
You can enable WRED and configure the two threshold percentages assigned
to the four egress queues on a Gigabit-capable Ethernet port by using
the wrr-queue random-detect max-threshold interface configuration
command. Each threshold percentage represents where WRED starts to
randomly drop packets. After a threshold is exceeded, WRED randomly
begins to drop packets assigned to this threshold. As the queue limit is
approached, WRED continues to drop more and more packets. When the queue
limit is reached, WRED drops all packets assigned to the threshold. By
default, WRED is disabled.

You modify the DSCP-to-threshold map to determine which DSCPs are mapped
to which threshold ID by using the wrr-queue dscp-map interface
configuration command. By default, all DSCPs are mapped to threshold 1,
and when this threshold is exceeded, all the packets are randomly
dropped.

If you use WRED thresholds, you cannot use tail drop, and vice versa. If
WRED is disabled, tail drop is automatically enabled with the previous
configuration (or the default if it was not previously configured).

Jeff

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matthew Crocker
Sent: Thursday, June 17, 2004 6:53 PM
To: 'cisco-nsp at puck.nether.net' Nsp
Subject: [nsp] traffic policing on a 3550-48-EMI


Hey,

  I'm trying to configure some traffic policing on my 3550-EMI switch.

Here is what I have...

  I have a machine which is currently spitting 30 mbps of web traffic at

the switch (If I let it).    I want to police it down to a reasonable
value (1mbps or so).

This is what I have configured so far.  What am I missing?

3550-48#show version
Cisco Internetwork Operating System Software IOS (tm) C3550 Software
(C3550-I5Q3L2-M), Version 12.1(12c)EA1, RELEASE SOFTWARE (fc1) Copyright
(c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 25-Nov-02 00:07 by antonino Image text-base: 0x00003000,
data-base: 0x0075FE48

ROM: Bootstrap program is C3550 boot loader

3550-48 uptime is 39 weeks, 6 days, 21 hours, 5 minutes System returned
to ROM by power-on System image file is
"flash:c3550-i5q3l2-mz.121-12c.EA1/c3550-i5q3l2-mz.121-12c.EA1.bin"

cisco WS-C3550-48 (PowerPC) processor (revision H0) with 65526K/8192K
bytes of memory.

Model revision number: H0
Motherboard revision number: A0
Model number: WS-C3550-48-EMI

mls qos
!
class-map match-all class_everything
   match any
!
!
policy-map 1mbps
   class class_everything
     police 1000000 8000 exceed-action drop !
!
interface FastEthernet0/5
  switchport access vlan 60
  switchport mode access
  bandwidth 1000
  speed 10
  no ip address
  service-policy input 1mbps
  service-policy output 1mbps
  spanning-tree portfast
!

The port is still cranking out 4 mbps (I forced it to 10mbps mode to
save my upstream a bit)

3550-48#show int f0/5
FastEthernet0/5 is up, line protocol is up
   Hardware is Fast Ethernet, address is 000b.fd67.9e85 (bia
000b.fd67.9e85)
   Description: x
   MTU 1500 bytes, BW 1000 Kbit, DLY 1000 usec,
      reliability 255/255, txload 18/255, rxload 162/255
   Encapsulation ARPA, loopback not set
   Keepalive set (10 sec)
   Full-duplex, 10Mb/s
   input flow-control is off, output flow-control is off
   ARP type: ARPA, ARP Timeout 04:00:00
   Last input never, output 00:00:00, output hang never
   Last clearing of "show interface" counters 00:05:30
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
   Queueing strategy: fifo
   Output queue :0/40 (size/max)
   5 minute input rate 4448000 bits/sec, 327 packets/sec
   5 minute output rate 73000 bits/sec, 186 packets/sec
      124198 packets input, 184633146 bytes, 0 no buffer
      Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
      1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored
      0 watchdog, 0 multicast, 0 pause input
      0 input packets with dribble condition detected
      73558 packets output, 5124380 bytes, 0 underruns
      0 output errors, 0 collisions, 0 interface resets
      0 babbles, 0 late collision, 0 deferred
      0 lost carrier, 0 no carrier, 0 PAUSE output
      0 output buffer failures, 0 output buffers swapped out

3550-48#show mls qos interface f0/5
FastEthernet0/5
Attached policy-map for Ingress: 1mbps
trust state: not trusted
trust mode: not trusted
COS override: dis
Attached policy-map for Egress: 1mbps
default COS: 0
DSCP Mutation Map: Default DSCP Mutation Map trust device: none

3550-48#show mls qos interface f0/5 statistics
FastEthernet0/5
Ingress
   dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 2045584460 1978428161 67156299   0          27069088
Egress
   dscp: incoming   no_change  classified policed    dropped (in bytes)
Others: 2584029791    n/a       n/a      0          0

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




Our name has changed.  Please update your address book to the following format: "recipient at capgemini.com".

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

More information about the cisco-nsp mailing list