[c-nsp] Rate limit on 3750

mack mack at exchange.alphared.com
Wed Nov 14 04:15:28 EST 2007


For a single distant host and a 100 mbit line the this seems about right.
Any packet loss on a high latency link really kills speed.
Changing the burst size will help but needs to be tuned to the link.
Lower latency will yield higher values as will smoother traffic or more hosts.

Linux has traffic shaping which may be preferable to policing at the switch.
A linux box will probably do a better job for low traffic values and cost
considerably less than an equivalent switch.  A router-on-a-stick configuration
with a Linux box and sending 'interesting' traffic to it via PBR for processing
can be used for a lot more than just rate limiting.

LR Mack McBride
Network Administrator
Alpha Red, Inc.

>
> Message: 8
> Date: Tue, 13 Nov 2007 19:45:50 -0700
> From: Clinton Work <clinton at scripty.com>
> Subject: Re: [c-nsp] Rate limit on 3750
> To: William <willay at gmail.com>
> Cc: "\[c-nsp\]" <cisco-nsp at puck.nether.net>
> Message-ID: <473A615E.5090302 at scripty.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>
> Sounds about right for a single TCP session (iperf) and a 30Mbps
> policer.  Have you seen the following article from Cisco with discusses
> the differences between shaping and policing?  Personally, I really
> dislike using policing on TCP traffic for sub-native speeds because it
> results in a lot of drops as the clients send bursty traffic.  I would
> prefer to implement shaping, but very few Cisco boxes support that on a
> budget.
>
> Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting:
> http://www.cisco.com/warp/public/105/policevsshape.html
>
> William wrote:
> > We have workstation x.x.x.x on port 23, sending data to another host
> > on a distant network. Using iperf to send tcp traffic (defaults) we
> > get a rate of approx 12mb/s. I want to have a max of 15mb/s for
> > 'interesting' traffic. Can anyone tell me where I'm going wrong?
> >
> > The software I'm running is ip services 12.2(25)SEB4 on a 3750.
> >
> >
> --
> =======================================================
> Clinton Work
> Airdrie, AB
>
>
>
>
> Message: 11
> Date: Wed, 14 Nov 2007 10:47:50 +0200
> From: Tassos Chatzithomaoglou <achatz at forthnet.gr>
> Subject: Re: [c-nsp] Rate limit on 3750
> To: William <willay at gmail.com>
> Cc: "\[c-nsp\]" <cisco-nsp at puck.nether.net>
> Message-ID: <473AB636.8020501 at forthnet.gr>
> Content-Type: text/plain; charset=ISO-8859-7; format=flowed
>
> Maybe try increasing the burst size of the policer.
>
> Also make sure you get this low speed because of drops, otherwise you
> need to increase the tcp
> window and/or number of connections on the iperf hosts.
>
> --
> Tassos
>
>
> William wrote on 13/11/2007 7:51 ??:
> > Hi,
> >
> > I'm trying to rate limit traffic using class-maps.
> >
> > I believe I've got the config right to police the traffic, however,
> > I'm not getting the rates I want.
> >
> > config goes like:
> >
> > ip routing
> > mls qos
> > !
> > class-map match-all interesting
> >     match access-group 1
> > !
> > policy-map interesting
> >     class interesting
> >     police 32000000 320000 exceed-action drop
> > !
> > access-list 1 permit x.x.x.x
> >
> > int fa1/0/23
> > service-policy input interesting
> >
> >
> > We have workstation x.x.x.x on port 23, sending data to another host
> > on a distant network. Using iperf to send tcp traffic (defaults) we
> > get a rate of approx 12mb/s. I want to have a max of 15mb/s for
> > 'interesting' traffic. Can anyone tell me where I'm going wrong?
> >
> > The software I'm running is ip services 12.2(25)SEB4 on a 3750.
> >
> > Cheers,
> >
> > W
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>


More information about the cisco-nsp mailing list