[c-nsp] Policing Question

Paolo Lucente pl+list at pmacct.net
Tue Dec 4 05:51:57 EST 2007 

Hi Bill,

1) 

i would recommend you to police ingress traffic from the customer
and shape egress traffic to the customer. This gives you several
benefits including ease of configuration your side (limited to the
6509 box only) and smooth congestion management.

If it's an un-managed CE solution advice your customer he has to
shape egress traffic on his CPE. This is to avoid TCP traffic from
performing very badly when hitting your policer.

2)

I believe it's the shaping Tc value you are referring to - but your
question is about policing. I would point the following two values:
Bc = (CIR/8)*1.5 = 786000; Be = 2*Bc = 1572000. This is basing on a
4 Mbps CIR. Remember Bc/Be are expressed in bytes. Moreover because
you want them to be able to burst beyond their CIR, you don't want
the "exceed-action drop" action there. You can simply replace it
with a "transmit" to make it working - but it wouldn't really have
sense: you want to mark the excess burst to be able to handle it
differently in periods of congestion.

3)

If i understood correctly the etherchannel is a backbone link (P-P)
so the question doesn't reaply apply. Btw, as far as i'm aware there
shouldn't be any problems.

Cheers,
Paolo

On Tue, Dec 04, 2007 at 01:38:21AM -0800, Bill ford wrote:
> Guys,
> 
> 
> Need your help on this...
> 
> 
> 
> Here is the  scenario:
>   
>  We have a Catalyst 6509 with Sup  720+Policy Feature Card 3 connected to the Internet gateway Switch (catalyst  3750G). We are running Layer 3 etherchannel between the Cat 6509 and Cat  3750G.
>   
>  We need to restrict the bandwidth  for one of the customer. 
>   
>  Requirement is as  follows:
>   
>  CIR of 4 Mbps and burst up to 8 Mb  based on availability.
>   
>  Thinking of using policing with ACLs  based on the public IP address range on the customer, however few questions  here.
>   
>  1) Is it advisable to do Policing  only on the Cat 6509s in both direction and avoid do any changes on the Cat  3750G. Is this the right way?
>   
>  2) What should be the CIR, bc and be  values to provide double the burst than CIR based on avaliability?
>   
>  Is the below statement correct? I  believe Tc value for Cat 6509s is 0.00025 seconds, calculation is based on  that.
>   
>  police cir 4194304 bc 2000 be 4000  conform-action transmit exceed-action drop violate-action  drop
>   
>  3) Is there any issues applying  Policing on L3 etherchannels in both ways on Cat  6509s?
>   
>  Any help will be  appreciated.
>  Thanks in advance,
> 
> Bill

More information about the cisco-nsp mailing list