[c-nsp] Policing Question
Paolo Lucente
pl+list at pmacct.net
Tue Dec 4 05:51:57 EST 2007
Hi Bill,
1)
i would recommend you to police ingress traffic from the customer
and shape egress traffic to the customer. This gives you several
benefits including ease of configuration your side (limited to the
6509 box only) and smooth congestion management.
If it's an un-managed CE solution advice your customer he has to
shape egress traffic on his CPE. This is to avoid TCP traffic from
performing very badly when hitting your policer.
2)
I believe it's the shaping Tc value you are referring to - but your
question is about policing. I would point the following two values:
Bc = (CIR/8)*1.5 = 786000; Be = 2*Bc = 1572000. This is basing on a
4 Mbps CIR. Remember Bc/Be are expressed in bytes. Moreover because
you want them to be able to burst beyond their CIR, you don't want
the "exceed-action drop" action there. You can simply replace it
with a "transmit" to make it working - but it wouldn't really have
sense: you want to mark the excess burst to be able to handle it
differently in periods of congestion.
3)
If i understood correctly the etherchannel is a backbone link (P-P)
so the question doesn't reaply apply. Btw, as far as i'm aware there
shouldn't be any problems.
Cheers,
Paolo
On Tue, Dec 04, 2007 at 01:38:21AM -0800, Bill ford wrote:
> Guys,
>
>
> Need your help on this...
>
>
>
> Here is the scenario:
>
> We have a Catalyst 6509 with Sup 720+Policy Feature Card 3 connected to the Internet gateway Switch (catalyst 3750G). We are running Layer 3 etherchannel between the Cat 6509 and Cat 3750G.
>
> We need to restrict the bandwidth for one of the customer.
>
> Requirement is as follows:
>
> CIR of 4 Mbps and burst up to 8 Mb based on availability.
>
> Thinking of using policing with ACLs based on the public IP address range on the customer, however few questions here.
>
> 1) Is it advisable to do Policing only on the Cat 6509s in both direction and avoid do any changes on the Cat 3750G. Is this the right way?
>
> 2) What should be the CIR, bc and be values to provide double the burst than CIR based on avaliability?
>
> Is the below statement correct? I believe Tc value for Cat 6509s is 0.00025 seconds, calculation is based on that.
>
> police cir 4194304 bc 2000 be 4000 conform-action transmit exceed-action drop violate-action drop
>
> 3) Is there any issues applying Policing on L3 etherchannels in both ways on Cat 6509s?
>
> Any help will be appreciated.
> Thanks in advance,
>
> Bill
More information about the cisco-nsp
mailing list