[c-nsp] qos on cat2950

[Roman Bestuzhev]

Hello,

I'm trying to configure qos on 2950 to restrict speed for several users who
sit on 10/100 ports. For example for only 8Mb/s for traffic in direction to
the users. Testing tools are iperf and ftp/http downloads/uploads.

To achive this I configure my switch in the following way:

1. Configure access-list to choose particular user:

#access-list 199 permit ip any 192.168.0.0 0.0.0.255

2. Configure class-map for this user:

#class-map match-all cl-user
#match access-group 199

3. Configure policy-map to tie speed policy 8Mb/s and burst 8192 with
particular user:

#policy-map pol-input
#class cl-user
#police 8000000 8192 exceed-action drop

4. Finally, I assign this policy to gigabit interface which is configured as
trunk to the network core switch (currently cat 3750). This port receives
traffic from other parts of the network to the local users.

#int gi0/X
#service-policy input pol-input

At this moment switch starts policing traffic but result is strange.
Download speed is about 250Kbit/s (about 8 mb/s expected). If I increase
burst parameter speed is getting faster:
burst:  32768, speed: about 900 Kbit/s
burst: 131072, speed: about 3.5 Mb/s
burst: 262144, speed: about 5.4 Kbit/s

If I try to restrict upload speed by configuring policers on 10/100 ports
results are more starnge: For example this command restrict upload speed to
approximately 2.5 Mb/s but it brobabely should be about 20 Mb/s:

#police 20000000 65536 exceed-action drop

The questions are:

Do I missunderstand something? Is this behavior usual? Or 2950 doesn't have
enough functionality to perform policing well? And would 3550/2560 or 3750
catalysts (upstream switches) be better choices to achieve my goal if
configure qos on them instead of 2950?

Thanks in advance for any comments/ideas.


-- 
Roman Bestuzhev,
System Administrator