[c-nsp] Policing on Catalyst 4948 (update)

Rick Ernst rick at woofpaws.com
Tue Jun 23 17:30:43 EDT 2009


I posted an earlier question on whether policing on the Catalyst 4948 is
done in hardware or software.  I had a couple of non-committal "hardware"
responses.

I set up a lab with a 4948 and two hosts attached to different VLANs/SVIs
with a policy-map with class-default attached to the physical interfaces. 
Both hosts can push ~500Mbs back-to-back with iperf.

Without policing, the hosts had the same performance as back-to-back.  I
added a 5Mbs policer and let iperf run for an hour.  The CPU on the 4948
stayed at the same level as while quiescent and iperf dropped to 5Mbs.

I also added a simple ACL to a class-map and got the same results.

I want to throw a few more hosts at it for testing, but initial results
look promising.




More information about the cisco-nsp mailing list