[nsp] 6509 Help - Please! :)

sthaug at nethelp.no sthaug at nethelp.no
Fri Mar 19 05:02:32 EST 2004


> Is there a solution for bi-directional "rate limiting" of some form?  Either
> using policing or any other methods?  We don't care if it's hybrid or native
> ios as long as we can control the traffic in a bidirectional basis on vlan
> and physical ethernet port basis...

You have been told several times that the MSFC2/PFC2 hardware *cannot*
do output policing. Maybe you're looking at the wrong tool for the job?

Having said that,

1. MSFC2/PFC2 hardware certainly can do input policing, both on a
physical port and on a VLAN basis. The traffic that's going out one
physical port certainly has to come in on one or more other physical
ports, which means that you may be able to convert policing on output to
policing on the corresponding input ports/VLANs. Look into aggregate
policers to do this.

2. The idea of running the traffic out one port and in on another port
on the same box has already been offered - this has worked for us in the
past (but we don't have it in production any more).

3. You *may* be able to do some rate limiting in software on the MSFC2
with hybrid - I believe it was said explicitly from Cisco people on this
list that it didn't work with native IOS. Note that using software for
this will of course greatly lower the capacity you can offer/police to
your customers - the MSFC2 has a 300 Mhz MIPS CPU and in this respect
should be comparable to a 7200 with NPE-300 or thereabouts.

All of these should be tested in a lab before you sell it to customers.

Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the cisco-nsp mailing list