[c-nsp] Applying output rate limit at 6500/SUP720 platform
Manu Chao
linux.yahoo at gmail.com
Mon Jun 29 05:20:59 EDT 2009
I think your burst-normal and burst-max values are badly estimated:
burst-normal is the burst size in byte during 1 second of burst
burst max = burst-normal x2
Try that:
interface Vlan20
rate-limit output 425000000 80000000 160000000 conform-action transmit
exceed-action drop
R/
Manu
2009/6/29 Manuel García Montero <magamo79 at gmail.com>
> Hi,
>
> we are facing difficulties trying to limit the rate at an interfaz in a
> 6509/SUP720 (IOS image s72033-pk9sv-mz.122-18.SXD1.bin).
>
> We want to limite the output rate at a Gigabit port connected directly to
> Customer Equipment. That port is configured at swithport mode, and we have
> all level 3 configuration at VLAN interface (1)
>
> In that vlan interface we have try 3 different configurations (2) to
> establish the output rate limit, and while all of them should work, they
> dont, beacause the rate seen at the vlan interface is lower than the
> Gigabit
> interface, which is correct:
>
>
> 6.2#sh interfaces GigabitEthernet 1/11 | i rate
> Queueing strategy: fifo
> 30 second input rate 221436000 bits/sec, 60004 packets/sec
> 30 second output rate 456426000 bits/sec, 67772 packets/sec
> 6.2#sh interfaces vlan20 | i rate
> Queueing strategy: fifo
> 30 second input rate 228770000 bits/sec, 61961 packets/sec
> 30 second output rate 89869000 bits/sec, 23914 packets/sec
>
>
> As your can see, input rates are more or less the same in both interfaces,
> but output rate at vlan is a lot lower than the real value (shown at
> physical port), so all packets are getting conform policy applied,
> transmit,
> with no drops to reduce the rate.
>
> Which can be the cause of this issue?
>
> Theres also the chance to move layer3 config to physical interface, which
> would solve the issue as that interface can see correct rates.
>
>
>
> *******************************************
> (1) Relevant interface / general configuration
> *******************************************
>
> interface GigabitEthernet1/11
> description CUSTOMER_Principal
> no ip address
> load-interval 30
> switchport
> switchport access vlan 20
> switchport mode access
> end
> interface Vlan20
> ip address 10.160.0.19 255.255.255.240
> ip access-group 122 in
> no ip redirects
> ip wccp 97 redirect in
> ip wccp 98 redirect in
> ip multicast netflow egress
> ip route-cache flow
> no ip mroute-cache
> load-interval 30
> standby 55 ip 10.160.0.17
> standby 55 priority 150
> standby 55 preempt
> end
>
> mls ip multicast flow-stat-timer 9
> mls aging long 64
> mls aging normal 60
> mls flow ip destination-source
> no mls flow ipv6
> mls qos
> mls cef error action freeze
>
> *******************************************
> (2) Configuration to limit the output rate:
> *******************************************
>
> 1. rate-limit
>
> interface Vlan20
> rate-limit output 425000000 212500 212500 conform-action transmit
> exceed-action drop
>
> 2. service-policy with rate-limit
>
> policy-map CUSTOMER_OUT
> class class-default
> police 425000000 conform-action transmit exceed-action drop
> !apply police to interfaz
> interface vlan20
> service-policy output CUSTOMER
>
> 3. service-policy with aggregate policer
>
> mls qos aggregate-policer CUSTOMER_OUT 425000000 106250 conform-action
> transmit exceed-action drop
> !
> policy-map CUSTOMER_OUT
> class class-default
> police aggregate CUSTOMER_OUT
> !apply police to interfaz
> interface vlan20
> service-policy output CUSTOMER
>
> Regards,
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list