[nsp] 6509 Help - Please! :)

Paul Stewart pauls at nexicom.net
Fri Mar 19 04:16:30 EST 2004


This was what we were doing before... However it still only polices traffic
out to them correct versus both directions?  Actually when we were running
it before it was limiting their upload speeds I believe and not their
download speeds (that was with native ios)... 

Is there a solution for bi-directional "rate limiting" of some form?  Either
using policing or any other methods?  We don't care if it's hybrid or native
ios as long as we can control the traffic in a bidirectional basis on vlan
and physical ethernet port basis...

Thanks very much,

Paul


-----Original Message-----
From: Alexandre Snarskii [mailto:snar at paranoia.ru] 
Sent: Friday, March 19, 2004 1:59 AM
To: Paul Stewart
Cc: 'Tim Stevenson'; 'Jared Mauch'; cisco-nsp at puck.nether.net
Subject: Re: [nsp] 6509 Help - Please! :)


On Thu, Mar 18, 2004 at 09:36:44PM -0500, Paul Stewart wrote:
> We were told this before but what threw us off is that another company 
> locally that we supply some inet services to has a 6509 on their end.  
> They refeed some internet to some of their customers over vlan's and 
> are able to police their traffic using hybrid mode with 
> sup2/msfc2/pfc2 ... So I'm trying to figure out how they are doing it 
> then?  Unless they are "punting" everything to the msfc for software 
> switching??  We tried turning mls off in native ios however it seems 
> that mls will not turn off on them??  I also read another thread where 
> someone else tried to turn off mls and run software switching (taking 
> a major performance hit) and never got it working neither...

Looks like that they just doing ingress policing, which may be like egress..
Hint: 

in vlan xxx
 service-policy input BB-IN
policy-map BB-IN
 class CLIENT-OUT
  police .... 

where class-map CLIENT-OUT permits traffic from any to 'client-ip-addresses'

The same schema works well for us for some months. 





More information about the cisco-nsp mailing list