[c-nsp] One or two policy and class maps?
Frank Bulk
frnkblk at iname.com
Sat Oct 20 18:49:24 EDT 2007
But I have an RSP 720 with a DFC3C. According to:
http://tinyurl.com/u4rxr
"Aggregate rate-limiting location: Ingress port or VLAN and egress VLAN or
Layer 3 port"
and
http://tinyurl.com/ypecm7
"PFC QoS supports VLAN-based QoS with DFC3s installed.
You can attach policy maps to Layer 3 interfaces for application of PFC QoS
to egress traffic. VLAN-based or port-based PFC QoS on Layer 2 ports is not
relevant to application of PFC QoS to egress traffic on Layer 3 interfaces.
By default, PFC QoS uses policy maps attached to LAN ports. For ports
configured as Layer 2 LAN ports with the switchport keyword, you can
configure PFC QoS to use policy maps attached to a VLAN. Ports not
configured with the switchport keyword are not associated with a VLAN.
.
.
.
You can attach an output policy map to a Layer 3 interface (either a LAN
port configured as a Layer 3 interface or a VLAN interface) to apply a
policy map to egress traffic.
.
.
.
The PFC supports both ingress and egress PFC QoS, which includes ingress and
egress policing."
Perhaps I am missing something obvious between all these statements. Or
perhaps I have my configuration set up incorrectly to take advantage of the
purported egress features?
Regards,
Frank
-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
Sent: Saturday, October 20, 2007 2:54 PM
To: frnkblk at iname.com; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] One or two policy and class maps?
Frank,
according do http://tinyurl.com/yrk2al, you cannot perform egress
policing on a Vlan, we can only apply egress policers on the ports,
which will likely not achieve what you want.
oli
Frank Bulk <> wrote on Saturday, October 20, 2007 9:09 PM:
> Anyone have any thoughts on this? I also learned that my service
> policy is not working, either, so suggestions to rectify it would be
> helpful.
>
> I'm running c7600rsp72043-advipservicesk9-mz.122-33.SRB1
>
> Regards,
>
> Frank
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
> Sent: Thursday, October 18, 2007 9:36 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] One or two policy and class maps?
>
> I have a 7609-S with the RSP720 and PFC3C, which supports in and
> outbound QoS flows.
>
> Should I be using one or two policy and class maps? The first
> method, if I understand this correctly, has a single service policy
> in configuration that is moot because there will never be matches one
> direction. The second one, while more complex, eliminates checking
> flow ACL matches that will never exist.
>
> This:
>
> class-map match-any test-networks
> match access-group name test-policer-inbound
> match access-group name test-policer-outbound
>
> policy-map test-policer
> class test-networks
> police cir 2000000 pir 2000000 conform-action transmit
> exceed-action drop
>
> interface Vlan203
> ip address 167.a.b.c 255.255.255.252
> service-policy input test-policer
> service-policy output test-policer
> end
>
> or this:
>
> class-map match-any test-inbound-networks
> match access-group name test-policer-inbound
>
> class-map match-any test-outbound-networks
> match access-group name test-policer-outbound
>
> policy-map test-inbound-policer
> class test-inbound-networks
> police cir 2000000 pir 2000000 conform-action transmit
> exceed-action drop
>
> policy-map test-outbound-policer
> class test-outbound-networks
> police cir 2000000 pir 2000000 conform-action transmit
> exceed-action drop
>
> interface Vlan203
> ip address 167.a.b.c 255.255.255.252
> service-policy input test-inbound-policer
> service-policy output test-outbound-policer
> end
>
> The rest of the config can be found below.
>
> Regards,
>
> Frank
> =====================================================
> vlan 203
> name Test
>
> interface GigabitEthernet1/5
> description Test
> switchport
> switchport access vlan 203
> speed 100
> duplex full
>
> ip access-list extended test-policer_inbound
> permit ip any d.e.f.0 0.0.0.255
> ip access-list extended test-policer_outbound
> permit ip d.e.f.0 0.0.0.255 any
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list