[nsp] 6509 Help - Please! :)

George Stylianou georges at is.co.za
Fri Mar 19 04:43:15 EST 2004 

On Fri, Mar 19, 2004 at 04:16:30AM -0500, Paul Stewart wrote:
> This was what we were doing before... However it still only polices traffic
> out to them correct versus both directions?  Actually when we were running
> it before it was limiting their upload speeds I believe and not their
> download speeds (that was with native ios)... 
> 
> Is there a solution for bi-directional "rate limiting" of some form?  Either
> using policing or any other methods?  We don't care if it's hybrid or native
> ios as long as we can control the traffic in a bidirectional basis on vlan
> and physical ethernet port basis...

we had the same issue and are using the following 'workaround'

inbound:
we use a route-map that has an acl that matches ip any any and apply that to all vlan interfaces.
this forces all traffic to be process switched inbound on that vlan. we then use car to limit it.

outbound:
we use traffic shaping to force traffic to be process switched, then use car to limit


quite messy, but it works... (depending on traffic load, it may cause cpu issues)


> -----Original Message-----
> From: Alexandre Snarskii [mailto:snar at paranoia.ru] 
> Sent: Friday, March 19, 2004 1:59 AM
> To: Paul Stewart
> Cc: 'Tim Stevenson'; 'Jared Mauch'; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] 6509 Help - Please! :)
> 
> 
> On Thu, Mar 18, 2004 at 09:36:44PM -0500, Paul Stewart wrote:
> > We were told this before but what threw us off is that another company 
> > locally that we supply some inet services to has a 6509 on their end.  
> > They refeed some internet to some of their customers over vlan's and 
> > are able to police their traffic using hybrid mode with 
> > sup2/msfc2/pfc2 ... So I'm trying to figure out how they are doing it 
> > then?  Unless they are "punting" everything to the msfc for software 
> > switching??  We tried turning mls off in native ios however it seems 
> > that mls will not turn off on them??  I also read another thread where 
> > someone else tried to turn off mls and run software switching (taking 
> > a major performance hit) and never got it working neither...
> 
> Looks like that they just doing ingress policing, which may be like egress..
> Hint: 
> 
> in vlan xxx
>  service-policy input BB-IN
> policy-map BB-IN
>  class CLIENT-OUT
>   police .... 
> 
> where class-map CLIENT-OUT permits traffic from any to 'client-ip-addresses'
> 
> The same schema works well for us for some months. 
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
George Stylianou
CCIE# 10663
Networks Infrastructure
Internet Solutions
Tel: (+27 11) 575 0465
Fax: (+27 11) 576 0465
Cell:(+27) 0844 GEORGE
E-mail: georges at is.co.za
Web: www.is.co.za
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20040319/db104329/attachment.bin

More information about the cisco-nsp mailing list