[nsp] 6509 Help - Please! :)

Alexandre Snarskii snar at paranoia.ru
Fri Mar 19 04:49:15 EST 2004 

On Fri, Mar 19, 2004 at 04:16:30AM -0500, Paul Stewart wrote:
> This was what we were doing before... However it still only polices traffic
> out to them correct versus both directions?  Actually when we were running
> it before it was limiting their upload speeds I believe and not their
> download speeds (that was with native ios)... 
> 
> Is there a solution for bi-directional "rate limiting" of some form?  Either
> using policing or any other methods?  We don't care if it's hybrid or native
> ios as long as we can control the traffic in a bidirectional basis on vlan
> and physical ethernet port basis...

Surely there is: if you need to police both directions, you just need
to apply two policers (one for each direction) for this customer.. :) 

Of course, 'upload' policer must be applied to 'client-side' interface.

> 
> Thanks very much,
> 
> Paul
> 
> 
> -----Original Message-----
> From: Alexandre Snarskii [mailto:snar at paranoia.ru] 
> Sent: Friday, March 19, 2004 1:59 AM
> To: Paul Stewart
> Cc: 'Tim Stevenson'; 'Jared Mauch'; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] 6509 Help - Please! :)
> 
> 
> On Thu, Mar 18, 2004 at 09:36:44PM -0500, Paul Stewart wrote:
> > We were told this before but what threw us off is that another company 
> > locally that we supply some inet services to has a 6509 on their end.  
> > They refeed some internet to some of their customers over vlan's and 
> > are able to police their traffic using hybrid mode with 
> > sup2/msfc2/pfc2 ... So I'm trying to figure out how they are doing it 
> > then?  Unless they are "punting" everything to the msfc for software 
> > switching??  We tried turning mls off in native ios however it seems 
> > that mls will not turn off on them??  I also read another thread where 
> > someone else tried to turn off mls and run software switching (taking 
> > a major performance hit) and never got it working neither...
> 
> Looks like that they just doing ingress policing, which may be like egress..
> Hint: 
> 
> in vlan xxx
>  service-policy input BB-IN
> policy-map BB-IN
>  class CLIENT-OUT
>   police .... 
> 
> where class-map CLIENT-OUT permits traffic from any to 'client-ip-addresses'
> 
> The same schema works well for us for some months. 
> 
>

More information about the cisco-nsp mailing list