[c-nsp] One or two policy and class maps?

Frank Bulk frnkblk at iname.com
Mon Dec 10 18:57:18 EST 2007 

To answer my own question, almost two months later: we settled on using an
'any any' for our ACL and since I'm told this is done in hardware, it
doesn't really matter if there are one or two class maps.

We can only do policing, not shaping, because we're not working with OSMs.
Yes, the traffic flow is choppy, but that's all there's to it.  It does seem
to work consistently well if the traffic in inter or intra-blade.

So despite the fancy SUP module and DFC3C's on our 10/100/1000 blade, the
only thing we gain is outbound policing.

Frank
 
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
Sent: Thursday, October 18, 2007 9:36 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] One or two policy and class maps?

I have a 7609-S with the RSP720 and PFC3C, which supports in and outbound
QoS flows.

Should I be using one or two policy and class maps?  The first method, if I
understand this correctly, has a single service policy in configuration that
is moot because there will never be matches one direction.  The second one,
while more complex, eliminates checking flow ACL matches that will never
exist.

This:

class-map match-any test-networks
  match access-group name test-policer-inbound
  match access-group name test-policer-outbound

policy-map test-policer
  class test-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

interface Vlan203
 ip address 167.a.b.c 255.255.255.252
 service-policy input test-policer
 service-policy output test-policer
end

or this:

class-map match-any test-inbound-networks
  match access-group name test-policer-inbound

class-map match-any test-outbound-networks
  match access-group name test-policer-outbound

policy-map test-inbound-policer
  class test-inbound-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

policy-map test-outbound-policer
  class test-outbound-networks
   police cir 2000000 pir 2000000    conform-action transmit
exceed-action drop

interface Vlan203
 ip address 167.a.b.c 255.255.255.252
 service-policy input test-inbound-policer
 service-policy output test-outbound-policer
end

The rest of the config can be found below.

Regards,

Frank
=====================================================
vlan 203
 name Test

interface GigabitEthernet1/5
 description Test
 switchport
 switchport access vlan 203
 speed 100
 duplex full

ip access-list extended test-policer_inbound
 permit ip any d.e.f.0 0.0.0.255
ip access-list extended test-policer_outbound
 permit ip d.e.f.0 0.0.0.255 any

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list