[c-nsp] Ingress Rate Limit on SVI - 6500 SUP720-3BXL
Simon Allard
simon.allard at maxnet.co.nz
Wed Jul 11 19:15:40 EDT 2007
Hi Cisco NSP
I am trying to do Ingress Rate limiting based on BGP BGP communities,
but for some reason the service-policy is not seeing the traffic, and
more importantly, the traffic is not being rate limited. Also the fact
that Input is traffic coming from the switches and Output is traffic
coming from the internet, has done my head in at times :-)
Egress rate limiting works fine.
show policy-map int vl918 in
Vlan918
Service-policy input: CUSTOMER_BWPLAN662_UPLOAD
class-map: MATCH-NATIONAL (match-any)
Match: ip dscp 2
Match: ip dscp 1
Match: ip precedence 2
Match: ip precedence 1
police :
10480000 bps 1966000 limit 1966000 extended limit
Earl in slot 5 :
803021 bytes
5 minute offered rate 0 bps
aggregate-forwarded 803021 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
class-map: MATCH-INTERNATIONAL (match-any)
Match: ip dscp 5
Match: ip precedence 5
police :
128000 bps 24000 limit 24000 extended limit
Earl in slot 5 :
1454169 bytes
5 minute offered rate 0 bps
aggregate-forwarded 1454169 bytes action: transmit
exceeded 0 bytes action: drop
aggregate-forward 0 bps exceed 0 bps
Class-map: class-default (match-any)
34349 packets, 6608374 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Even though, there is traffic flowing in.
Vlan918 is up, line protocol is up
Hardware is EtherSVI, address is 00d0.04ca.5000 (bia 00d0.04ca.5000)
Internet address is
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:07, output 00:00:19, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 487000 bits/sec, 57 packets/sec
5 minute output rate 151000 bits/sec, 42 packets/sec
L2 Switched: ucast: 18303 pkt, 1192560 bytes - mcast: 165596 pkt,
18919290 bytes
L3 in Switched: ucast: 669054521 pkt, 940153244908 bytes - mcast: 0
pkt, 0 bytes mcast
L3 out Switched: ucast: 235348046 pkt, 44167196164 bytes mcast: 0 pkt,
0 bytes
697378477 packets input, 979086346048 bytes, 0 no buffer
Received 177571 broadcasts (1096 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
411673909 packets output, 76489409570 bytes, 0 underruns
0 output errors, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
show mls qos ip vlan 918
[In] Policy map is CUSTOMER_BWPLAN662_UPLOAD [Out] Policy map is
CUSTOMER_BWPLAN662_DOWNLOAD
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By
AgPoliced-By
Id Id
------------------------------------------------------------------------
-------
Vl918 5 In MATCH-NATI 0 57 dscp 0 792589
0
Vl918 5 In MATCH-INTE 0 58 dscp 0 1444297
0
Vl918 5 Out MATCH-NATI 0 55 -- 0 12452334193
0
Vl918 5 Out MATCH-INTE 0 56 -- 0 20361408955
888448919
Config as follows:
Cisco Internetwork Operating System Software
IOS (tm) s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version
12.2(18)SXF8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Sat 03-Mar-07 00:07 by tinhuang
Image text-base: 0x40101040, data-base: 0x42D98000
cisco WS-C6509 (R7000) processor (revision 2.0) with 983008K/65536K
bytes of memory.
Processor board ID SCA05170112
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from power-on
SuperLAT software (copyright 1990 by Meridian Technology Corp).
X.25 software, Version 3.0.0.
Bridging software.
TN3270 Emulation software.
1 Enhanced FlexWAN controller (1 ATM).
110 Virtual Ethernet/IEEE 802.3 interfaces
28 Gigabit Ethernet/IEEE 802.3 interfaces
1 ATM network interface
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
mls ip multicast flow-stat-timer 9
mls flow ip full
mls flow ipv6 full
mls qos
mls rate-limit unicast ip icmp unreachable acl-drop 0
no mls acl tcam share-global
mls cef error action freeze
class-map match-any MATCH-COMBINED-ALL
description Many any traffic
match ip dscp 5
match ip dscp 2
match ip dscp 1
match ip precedence 5
match ip precedence 2
match ip precedence 1
class-map match-any MATCH-INTERNATIONAL
description Match any International Traffic
match ip dscp 5
match ip precedence 5
class-map match-any MATCH-LOCAL-PEERING
description Match any peering traffic local to Auckland
match ip precedence 2
match ip dscp 2
class-map match-any MATCH-NATIONAL
description Match any traffic which is national including local
peering
match ip dscp 2
match ip dscp 1
match ip precedence 2
match ip precedence 1
!
!
The Policy Maps
----------------
policy-map CUSTOMER_BWPLAN662_DOWNLOAD
class MATCH-NATIONAL
police cir 10485500 bc 1966202 be 1966202 conform-action transmit
exceed-action drop violate-action drop
class MATCH-INTERNATIONAL
police cir 131000 bc 24577 be 24577 conform-action transmit
exceed-action drop violate-action drop
policy-map CUSTOMER_BWPLAN662_UPLOAD
class MATCH-NATIONAL
police cir 10485500 bc 1966202 be 1966202 conform-action transmit
exceed-action drop violate-action drop
class MATCH-INTERNATIONAL
police cir 131000 bc 24577 be 24577 conform-action transmit
exceed-action drop violate-action drop
The Customer
------------
interface Vlan918
ip address XXX.XXX.XXX.XXX 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
bgp-policy destination ip-prec-map
service-policy input CUSTOMER_BWPLAN662_UPLOAD
service-policy output CUSTOMER_BWPLAN662_DOWNLOAD
end
BGP Config
----------
router bgp XXXX
table-map RATELIMIT-QOS-MAP
route-map RATELIMIT-QOS-MAP permit 10
description Mark precedence 5 for International Rate Limits
match community INTERNATIONAL-ROUTES
set ip precedence critical
!
route-map RATELIMIT-QOS-MAP permit 20
description Mark precedence 1 for National Rate Limits
match community NATIONAL-ROUTES
set ip precedence priority
!
route-map RATELIMIT-QOS-MAP permit 30
description Mark precedence 2 for Peering Rate Limits
match community PEERING-ROUTES
set ip precedence immediate
!
route-map RATELIMIT-QOS-MAP permit 40
description Mark Precedence 7 for Local traffic rate limits
set ip precedence network
!
The CEF Tables are being propagated correctly.
203.109.248.0/21, version 23697719, epoch 1, cached adjacency
123.100.64.130
0 packets, 0 bytes, Precedence immediate (2)
tag information from 123.100.64.15/32, shared, all rewrites owned
local tag: 448
via 123.100.64.15, 0 dependencies, recursive
next hop 123.100.64.130, GigabitEthernet5/1 via 123.100.64.15/32
(Default)
valid cached adjacency
tag rewrite with Gi5/1, 123.100.64.130, tags imposed: {}
72.14.252.0/23, version 21904129, epoch 1, cached adjacency
123.100.64.130
0 packets, 0 bytes, Precedence critical (5)
tag information from 123.100.64.15/32, shared, all rewrites owned
local tag: 448
via 123.100.64.15, 0 dependencies, recursive
next hop 123.100.64.130, GigabitEthernet5/1 via 123.100.64.15/32
(Default)
valid cached adjacency
tag rewrite with Gi5/1, 123.100.64.130, tags imposed: {}
Link to Switches
----------------
interface GigabitEthernet4/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no ip address
mls qos vlan-based
end
interface GigabitEthernet4/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
no ip address
mls qos vlan-based
end
Link to the Internets
----------------------
interface GigabitEthernet5/1
description L3 Link to border
mtu 9216
ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map CUSTOMER-DOMINAT-SPLIT-NEXTHOP
ip ospf network point-to-point
tag-switching ip
mls qos trust dscp
hold-queue 2000 in
end
More information about the cisco-nsp
mailing list