[c-nsp] Shaping by 3550 QoS

Sun May 6 08:47:58 EDT 2007

On Sun, May 06, 2007, Taher Taghizadeh wrote:
>  Colleagues, 
>  
> I have a usual situation where I have to do a traffic shaping for our customers. My switch is  3550 SMI IOS Version 12.1(13)EA1. 

.. upgrade to 12.2 if you can? Many 3550 bugs are fixed. unfortunately some stuff
which "somewhat works" was removed between 12.1 and 12.2 so check what you're
using before upgrading.

> I used a typical config to do so but unfortunately neither this or other  config have not work up to now. 
> So any body could help me in it? 

Sure, I've done this quite often.

> First configuration was something like this: 
>  
> mls qos 

Good start.

> ! 
> class-map match-all customer1-Recv 
>  match access-group name customer1-RL-Recv 
> class-map match-all customer2-Recv 
>  match access-group name customer2-RL-Recv 
> class-map match-all Any 
>  match access-group 1 

You generally don't require that, but ok..

> class-map match-all customer2-Send 
>  match access-group name customer2-RL-Send 
> class-map match-all customer1-Send 
>  match access-group name customer1-RL-Send 
> !         
> !   
> policy-map Receive 
>  class customer2-Recv 
>    police 2000000 8000 exceed-action drop 
>   class customer1-Recv 
>    police 128000 8000 exceed-action drop 

> policy-map From-customer2 
>  class Any 
>    police 20000000 8000 exceed-action drop 
>  class customer2-Send 
>    police 20000000 8000 exceed-action drop 

You're better off saying:

class class-default
  police ...

For the policy maps sending traffic to the client. Don't bother
defining an "any" then two policers when you really only need one.

Unless, of course, you have two customers on that port and you need
to shape stuff in "customer2-send" to 2mbit and the rest to another
2mbit; then yes you'd do that. But then, use:

class customer2-Send
  police ..
class class-default
  police ...

> policy-map From-customer1 
>  class Any 
>    police 1024000 8000 exceed-action drop 
>  class customer1-Send 
>    police 1024000 8000 exceed-action drop 

Same here.

> ip access-list extended customer2-RL-Recv 
> permit ip any ll.mm.nn.oo 0.0.0.16 

Why 0.0.0.16? That wildcard is almost guaranteed to not be what you want.

if you want to match on /24 on send, do

permit ip 1.2.3.0 0.0.0.255 any

And say its a /27, its

permit 1.2.3.0 0.0.0.31 any

etc, etc. .16 is only one bit (bit 5) and thus won't match very
many IPs.

> ip access-list extended customer2-RL-Send 
> permit ip ll.mm.nn.oo 0.0.0.16 any 
> ip access-list extended customer1-RL-Recv 
> permit ip any host xx.yy.zz.tt 
> ip access-list extended customer1-RL-Send 
> permit ip host xx.yy.zz.tt any 
> !         
> !          

> It doesn't work at all. I change the burst but it won't help then try to  use aggregate method and again nothing. Then I try to use DSCP value  still nothing changed. 
> Seams this SMI switch do what ever except what you need. 

It should be fine. I'd also check "show log" as you might find there's logging
entries requiring you change the SDM template (ie, how it allocates/uses TCAM)
to enable the features you want. Don't do that without first checking what you're
using.

Now, there's some commands to check whether your shapers are working. I don't
remember off hand..

Here's the "Configuring QoS" guide for 12.2(25)SE:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a00802cb831.html

There's a section on configuring policers. the command to check whats going on
IIRC:

show mls qos interface <xx> policers

Read that configuration chapter. If you need to stick with 12.1, then:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a008014f36e.html

adrian