[c-nsp] One or two policy and class maps?

Frank Bulk frnkblk at iname.com
Sat Oct 20 18:49:24 EDT 2007 

But I have an RSP 720 with a DFC3C.  According to:
http://tinyurl.com/u4rxr
"Aggregate rate-limiting location: Ingress port or VLAN and egress VLAN or
Layer 3 port"
	and
http://tinyurl.com/ypecm7
"PFC QoS supports VLAN-based QoS with DFC3s installed.  
You can attach policy maps to Layer 3 interfaces for application of PFC QoS
to egress traffic. VLAN-based or port-based PFC QoS on Layer 2 ports is not
relevant to application of PFC QoS to egress traffic on Layer 3 interfaces.

By default, PFC QoS uses policy maps attached to LAN ports. For ports
configured as Layer 2 LAN ports with the switchport keyword, you can
configure PFC QoS to use policy maps attached to a VLAN. Ports not
configured with the switchport keyword are not associated with a VLAN.
.
.
.
You can attach an output policy map to a Layer 3 interface (either a LAN
port configured as a Layer 3 interface or a VLAN interface) to apply a
policy map to egress traffic.
.
.
.
The PFC supports both ingress and egress PFC QoS, which includes ingress and
egress policing."

Perhaps I am missing something obvious between all these statements.  Or
perhaps I have my configuration set up incorrectly to take advantage of the
purported egress features?

Regards,

Frank

-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: Saturday, October 20, 2007 2:54 PM
To: frnkblk at iname.com; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] One or two policy and class maps?

Frank,

according do http://tinyurl.com/yrk2al, you cannot perform egress
policing on a Vlan, we can only apply egress policers on the ports,
which will likely not achieve what you want.

        oli

Frank Bulk <> wrote on Saturday, October 20, 2007 9:09 PM:

> Anyone have any thoughts on this?  I also learned that my service
> policy is not working, either, so suggestions to rectify it would be
> helpful.
>
> I'm running c7600rsp72043-advipservicesk9-mz.122-33.SRB1
>
> Regards,
>
> Frank
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Frank Bulk
> Sent: Thursday, October 18, 2007 9:36 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] One or two policy and class maps?
>
> I have a 7609-S with the RSP720 and PFC3C, which supports in and
> outbound QoS flows.
>
> Should I be using one or two policy and class maps?  The first
> method, if I understand this correctly, has a single service policy
> in configuration that is moot because there will never be matches one
> direction.  The second one, while more complex, eliminates checking
> flow ACL matches that will never exist.
>
> This:
>
> class-map match-any test-networks
>   match access-group name test-policer-inbound
>   match access-group name test-policer-outbound
>
> policy-map test-policer
>   class test-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
>
> interface Vlan203
>  ip address 167.a.b.c 255.255.255.252
>  service-policy input test-policer
>  service-policy output test-policer
> end
>
> or this:
>
> class-map match-any test-inbound-networks
>   match access-group name test-policer-inbound
>
> class-map match-any test-outbound-networks
>   match access-group name test-policer-outbound
>
> policy-map test-inbound-policer
>   class test-inbound-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
>
> policy-map test-outbound-policer
>   class test-outbound-networks
>    police cir 2000000 pir 2000000    conform-action transmit
> exceed-action drop
>
> interface Vlan203
>  ip address 167.a.b.c 255.255.255.252
>  service-policy input test-inbound-policer
>  service-policy output test-outbound-policer
> end
>
> The rest of the config can be found below.
>
> Regards,
>
> Frank
> =====================================================
> vlan 203
>  name Test
>
> interface GigabitEthernet1/5
>  description Test
>  switchport
>  switchport access vlan 203
>  speed 100
>  duplex full
>
> ip access-list extended test-policer_inbound
>  permit ip any d.e.f.0 0.0.0.255
> ip access-list extended test-policer_outbound
>  permit ip d.e.f.0 0.0.0.255 any
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list