[c-nsp] 3550 QoS not working as expected

Tim Devries tdevries at northrock.bm
Thu Jan 6 18:20:48 EST 2005 

 

Well, this is my current config:

 Mls qos 
 ! 
 class-map match-all customerA
    match access-group 102 
 ! 
 ! 
 policy-map customerA
  class customerA 
    police 3000000 8000 exceed-action drop 
 ! 
 ! 
 ! 
 interface FastEthernet0/1 
 description CustomerA - 3MB/s 
 switchport access vlan 4 
 switchport mode access 
 switchport protected 
 bandwidth 3000 
 mls qos monitor packets 
 service-policy history 
 service-policy input customerA 
 no cdp enable 
 spanning-tree portfast 
 !
 access-list 102 permit ip x.x.x.x 0.0.0.15 any

I made some changes through the day like applying it ingress w/ access-list
etc., however, it still spikes up to 5-6Mb.  In all of the documentation
I've read, I didn't see anything regarding the aggregate as being a
necessary configuration step.   I guess I'm wondering if it should work
without an aggregate policer, because at least with this IOS version and my
current configuration it doesn't.

When I do a

Colo-3550#sh mls qos int fa0/1 stat
FastEthernet0/1
Ingress
  dscp: incoming   no_change  classified policed    dropped (in pkts)
Others: 38469779   38379716   90063      0          190138
Egress
  dscp: incoming   no_change  classified policed    dropped (in pkts)
Others: 33285081      n/a       n/a      0          0

Colo-3550#

I see packets being dropped, but in my monitoring software I still see it
spiking up to 5-6Mb.

Thanks,

Tim




-----Original Message-----
From: Nick Shah
To: Tim Devries; cisco-nsp at puck.nether.net
Sent: 1/6/05 6:39 PM
Subject: RE: [c-nsp] 3550 QoS not working as expected



Tim

There are a couple of things wrong with the config. Here's what 3550 can
& cant do in terms of QOS:

- Only ingress & egress policing is supported, SHAPING is NOT supported
- It supports 2 types of policers Aggregate & individual
- An aggregate policer acts, in a combined manner, on all classes within
the policy map, essentially policing it to the rate prescribed in the
aggregate policer
- Individual policer polices each class to the rate
- 1 x match statement per class map is supported
- Ingress matching can only be done on match access-group, match ip dscp
& match ip precedence
- Egress matching can only be done on match ip dscp

In your case you can only match on ip dscp (on egress), and you can use
an individual policer. If you want the inbound rate to also be 3MB than
you may need to match on access list, dscp & precedence and then use an
aggregate policer.

Check : http://www.cisco.com/warp/public/473/153.html

That url explains what you can & cant do & how to do it.

Rgds

Nick

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tim Devries
Sent: Friday, 7 January 2005 4:14 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 3550 QoS not working as expected




Hello,

We are currently attempting to do QoS with our 3550 for customers in our
collocation. However, when monitoring the real-time usage of the
interface using our monitoring software, it does not appear to work.
For example we have a customer limited to 3Mb, but they frequently jump
as high as 6Mb.

We are running Version 12.1(22)EA1a.  Relevant portions of the config
follow:

!
Mls qos
!
class-map match-all customerA
  match any
  match input-interface FastEthernet0/1
  match access-group 101
  match access-group 102
!
policy-map customerA
  class customerA
   bandwidth 3000
    police 3000000 8000 exceed-action drop
!
interface FastEthernet0/1
 description CustomerA - 3MB/s
 switchport access vlan 4
 switchport mode access
 switchport protected
 mls qos monitor packets
 flowcontrol send off
 service-policy history
 service-policy output customerA
 no cdp enable
 spanning-tree portfast
!
access-list 101 permit ip host X.X.X.X any 
access-list 101 permit ip host X.X.X.X any
access-list 102 permit ip any host X.X.X.X
access-list 102 permit ip any host X.X.X.X

As an aside, Cisco literature mentions 3550's can do rate-limiting, but
I have been unable to find any literature on how, as the usual commands
don't seem to work.  Is there a better way to do what I am trying to do?

Thanks for any help,

Tim


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


------------------------------------------------------------------------
------
This communication, including any attachments, is confidential. If 
 you are not the intended recipient, you should not read it - please 
 contact me immediately, destroy it, and do not copy or use any part of 
 this communication or disclose anything about it.

------------------------------------------------------------------------
------

More information about the cisco-nsp mailing list