[c-nsp] 3550 QoS not working as expected

WILDE, David David.WILDE at neuf.com
Fri Jan 7 04:25:49 EST 2005 

That is a good point by Dmitry, since unless the 3550 IOS has changed since
I last did this, you can only have one match command under a class-map - so
your AllMac line wouldn't get hit.  (We actually tested almost your exact
config below and it didn't police the non-IP traffic)  We had to configure
two class-maps (one to match IP, the other for non-IP) then police them both
under the policy-map via an aggregate-policer to share the bandwidth
specified.

To answer the original poster's question though, it did police to pretty
close to what we had configured though.  I would suggest trying to police
everything first, then scale it back to the required particularly IP range,
perhaps there's some other traffic messing up your observations.

David

-----Message d'origine-----
De : cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] De la part de Dmitry Valdov
Envoyé : vendredi 7 janvier 2005 10:04
À : McCallum, Robert
Cc : 'cisco-nsp at puck.nether.net '
Objet : RE: [c-nsp] 3550 QoS not working as expected

On Fri, 7 Jan 2005, McCallum, Robert wrote:

> Tim try this - it works for me.

Does it work for non-IP traffic? Can you please check this to be sure?

>
> class-map match-any matchall
>  match access-group name AllIpPackets
>  match access-group name AllMac
>
> policy-map ratelimit8meg
>  class matchall
>    police 8000000 8000 exceed-action drop !
> mac access-list extended AllMac
> permit any any
> !
> ip access-list extended AllIpPackets
> permit ip any any
>
> Remember (Im sure you have) to enable mls qos globally for this to work.
>
> Robert McCallum
> CCIE #8757 R&S
> 01415663448
> 07818002241
>
>> -----Original Message-----
>> From: Tim Devries [mailto:tdevries at northrock.bm]
>> Sent: 07 January 2005 02:28
>> To: Tim Devries
>> Cc: 'Nick Shah '; 'cisco-nsp at puck.nether.net '
>> Subject: RE: [c-nsp] 3550 QoS not working as expected
>>
>>
>>
>> Yes, I did read that they are collected from the hardware counters, 
>> therefore the counter discrepancy.  However in real time when I view 
>> the traffic graph, it still show bandwidth spikes.  It more an issue 
>> of semantics than anything else, because I really never gave much of 
>> a care about the details of the QoS stats, just knowing some packets 
>> are classified as dropped shows that the configuration should be 
>> working (at least to a degree...).
>>
>> The monitoring software grabs the interface counters through snmp.  I 
>> would assume (perhaps erroneously?) that the 'real'
>> time counters would still not show traffic above 3Mb/s if QoS was 
>> actually working.
>>
>> I'm fairly sure a new image will solve the problem.  I will try an 
>> aggregate policy and apply it to my upstream link (so I can limit 
>> both ways -- i.e. it may be possible the snmp oid's are reversed in 
>> software on what is input and
>> output?) to see if that makes any difference.
>>
>> Thanks,
>>
>> Tim
>>
>> -----Original Message-----
>> From: Sam Stickland
>> To: Tim Devries
>> Cc: 'Nick Shah '; 'cisco-nsp at puck.nether.net '
>> Sent: 1/6/05 9:49 PM
>> Subject: RE: [c-nsp] 3550 QoS not working as expected
>>
>>
>>
>> On Thu, 6 Jan 2005, Tim Devries wrote:
>>
>>> When I do a
>>>
>>> Colo-3550#sh mls qos int fa0/1 stat
>>> FastEthernet0/1
>>> Ingress
>>>  dscp: incoming   no_change  classified policed    dropped (in pkts)
>>> Others: 38469779   38379716   90063      0          190138
>>> Egress
>>>  dscp: incoming   no_change  classified policed    dropped (in pkts)
>>> Others: 33285081      n/a       n/a      0          0
>>>
>>> Colo-3550#
>>>
>>> I see packets being dropped, but in my monitoring software
>> I still see
>> it
>>> spiking up to 5-6Mb.
>>
>> I believe the interface counters on the 3550 increment before the 
>> traffic policing is applied - ie. they count prepoliced traffic.
>>
>> It's something that makes checking whether configurations like this 
>> are working an order of magnitude more difficult :/
>>
>> S
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco> -nsp archive at 
>> http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

-- 
Dmitry Valdov                  mailto:dv at dv.ru
CCNP
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list