[c-nsp] Rate limit on 3750
Matt Carter
matt at iseek.com.au
Wed Nov 14 18:35:06 EST 2007
Configuration, tuning and performance of policing on Catalyst 6506 switches
TCP traffic
http://www.cnaf.infn.it/~ferrari/tfngn/cat6500/police/tcp/
is a good document to read and has some nice visual representations
ie
"Figure 1: relationship between normal burst size and end-to-end TCP
performance"
"Figure 2: minimum normal burst size needed to achieve a target CIR
throughput"
"Figure 3: throughput gain introduced with PIR"
"Figure 3b: comparison of TCP and UDP performance as a function of the PIR"
"Figure 4: relationship between maximum burst size and throughput"
--matt
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of mack
> Sent: Wednesday, November 14, 2007 7:15 PM
> To: cisco-nsp at puck.nether.net
> Cc: clinton at scripty.com
> Subject: Re: [c-nsp] Rate limit on 3750
>
> For a single distant host and a 100 mbit line the this seems about right.
> Any packet loss on a high latency link really kills speed.
> Changing the burst size will help but needs to be tuned to the link.
> Lower latency will yield higher values as will smoother traffic or more
> hosts.
>
> Linux has traffic shaping which may be preferable to policing at the
> switch.
> A linux box will probably do a better job for low traffic values and cost
> considerably less than an equivalent switch. A router-on-a-stick
> configuration
> with a Linux box and sending 'interesting' traffic to it via PBR for
> processing
> can be used for a lot more than just rate limiting.
>
> LR Mack McBride
> Network Administrator
> Alpha Red, Inc.
>
> >
> > Message: 8
> > Date: Tue, 13 Nov 2007 19:45:50 -0700
> > From: Clinton Work <clinton at scripty.com>
> > Subject: Re: [c-nsp] Rate limit on 3750
> > To: William <willay at gmail.com>
> > Cc: "\[c-nsp\]" <cisco-nsp at puck.nether.net>
> > Message-ID: <473A615E.5090302 at scripty.com>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> >
> > Sounds about right for a single TCP session (iperf) and a 30Mbps
> > policer. Have you seen the following article from Cisco with discusses
> > the differences between shaping and policing? Personally, I really
> > dislike using policing on TCP traffic for sub-native speeds because it
> > results in a lot of drops as the clients send bursty traffic. I would
> > prefer to implement shaping, but very few Cisco boxes support that on a
> > budget.
> >
> > Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting:
> > http://www.cisco.com/warp/public/105/policevsshape.html
> >
> > William wrote:
> > > We have workstation x.x.x.x on port 23, sending data to another host
> > > on a distant network. Using iperf to send tcp traffic (defaults) we
> > > get a rate of approx 12mb/s. I want to have a max of 15mb/s for
> > > 'interesting' traffic. Can anyone tell me where I'm going wrong?
> > >
> > > The software I'm running is ip services 12.2(25)SEB4 on a 3750.
> > >
> > >
> > --
> > =======================================================
> > Clinton Work
> > Airdrie, AB
> >
> >
> >
> >
> > Message: 11
> > Date: Wed, 14 Nov 2007 10:47:50 +0200
> > From: Tassos Chatzithomaoglou <achatz at forthnet.gr>
> > Subject: Re: [c-nsp] Rate limit on 3750
> > To: William <willay at gmail.com>
> > Cc: "\[c-nsp\]" <cisco-nsp at puck.nether.net>
> > Message-ID: <473AB636.8020501 at forthnet.gr>
> > Content-Type: text/plain; charset=ISO-8859-7; format=flowed
> >
> > Maybe try increasing the burst size of the policer.
> >
> > Also make sure you get this low speed because of drops, otherwise you
> > need to increase the tcp
> > window and/or number of connections on the iperf hosts.
> >
> > --
> > Tassos
> >
> >
> > William wrote on 13/11/2007 7:51 ??:
> > > Hi,
> > >
> > > I'm trying to rate limit traffic using class-maps.
> > >
> > > I believe I've got the config right to police the traffic, however,
> > > I'm not getting the rates I want.
> > >
> > > config goes like:
> > >
> > > ip routing
> > > mls qos
> > > !
> > > class-map match-all interesting
> > > match access-group 1
> > > !
> > > policy-map interesting
> > > class interesting
> > > police 32000000 320000 exceed-action drop
> > > !
> > > access-list 1 permit x.x.x.x
> > >
> > > int fa1/0/23
> > > service-policy input interesting
> > >
> > >
> > > We have workstation x.x.x.x on port 23, sending data to another host
> > > on a distant network. Using iperf to send tcp traffic (defaults) we
> > > get a rate of approx 12mb/s. I want to have a max of 15mb/s for
> > > 'interesting' traffic. Can anyone tell me where I'm going wrong?
> > >
> > > The software I'm running is ip services 12.2(25)SEB4 on a 3750.
> > >
> > > Cheers,
> > >
> > > W
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list