[c-nsp] Applying output rate limit at 6500/SUP720 platform

Manuel García Montero magamo79 at gmail.com
Mon Jun 29 03:57:30 EDT 2009


Hi,

we are facing difficulties trying to limit the rate at an interfaz in a
6509/SUP720 (IOS image s72033-pk9sv-mz.122-18.SXD1.bin).

We want to limite the output rate at a Gigabit port connected directly to
Customer Equipment. That port is configured at swithport mode, and we have
all level 3 configuration at VLAN interface (1)

In that vlan interface we have try 3 different configurations (2)  to
establish the output rate limit, and while all of them should work, they
dont, beacause the rate seen at the vlan interface is lower than the Gigabit
interface, which is correct:


6.2#sh interfaces GigabitEthernet 1/11 | i rate
  Queueing strategy: fifo
  30 second input rate 221436000 bits/sec, 60004 packets/sec
  30 second output rate 456426000 bits/sec, 67772 packets/sec
6.2#sh interfaces vlan20 | i rate
  Queueing strategy: fifo
  30 second input rate 228770000 bits/sec, 61961 packets/sec
  30 second output rate 89869000 bits/sec, 23914 packets/sec


As your can see, input rates are more or less the same in both interfaces,
but output rate at vlan is a lot lower than the real value (shown at
physical port), so all packets are getting conform policy applied, transmit,
with no drops to reduce the rate.

Which can be the cause of this issue?

Theres also the chance to move layer3 config to physical interface, which
would solve the issue as that interface can see correct rates.



*******************************************
(1) Relevant interface / general configuration
*******************************************

interface GigabitEthernet1/11
 description CUSTOMER_Principal
 no ip address
 load-interval 30
 switchport
 switchport access vlan 20
 switchport mode access
end
interface Vlan20
 ip address 10.160.0.19 255.255.255.240
 ip access-group 122 in
 no ip redirects
 ip wccp 97 redirect in
 ip wccp 98 redirect in
 ip multicast netflow egress
 ip route-cache flow
 no ip mroute-cache
 load-interval 30
 standby 55 ip 10.160.0.17
 standby 55 priority 150
 standby 55 preempt
end

mls ip multicast flow-stat-timer 9
mls aging long 64
mls aging normal 60
mls flow ip destination-source
no mls flow ipv6
mls qos
mls cef error action freeze

*******************************************
(2) Configuration to limit the output rate:
*******************************************

1. rate-limit

interface Vlan20
  rate-limit output 425000000 212500 212500 conform-action transmit
exceed-action drop

2. service-policy with rate-limit

policy-map CUSTOMER_OUT
class class-default
police 425000000 conform-action transmit exceed-action drop
!apply police to interfaz
interface vlan20
  service-policy output CUSTOMER

3. service-policy with aggregate policer

mls qos aggregate-policer CUSTOMER_OUT 425000000 106250 conform-action
transmit exceed-action drop
!
policy-map CUSTOMER_OUT
  class class-default
  police aggregate CUSTOMER_OUT
!apply police to interfaz
interface vlan20
  service-policy output CUSTOMER

Regards,


More information about the cisco-nsp mailing list