[c-nsp] Applying output rate limit at 6500/SUP720 platform

Ziv Leyes zivl at gilat.net
Mon Jun 29 05:58:07 EDT 2009


I've found that the best results are obtained by using the following formulas
BC = BW / 8 * 1.5
BE = BC
In your case it will be 
425000000 / 8 * 1.5 = 79687500
So your rate-limit will look like this:

interface Vlan20
 rate-limit output 425000000 79687500 79687500 conform-action transmit exceed-action drop

Hope this helps,
Ziv

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
Sent: Monday, June 29, 2009 12:21 PM
To: Manuel García Montero
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Applying output rate limit at 6500/SUP720 platform

I think your burst-normal and burst-max values are badly estimated:

burst-normal is the burst size in byte during 1 second of burst
burst max = burst-normal x2

Try that:

interface Vlan20
 rate-limit output 425000000 80000000 160000000 conform-action transmit
exceed-action drop
R/
Manu
2009/6/29 Manuel García Montero <magamo79 at gmail.com>

> Hi,
>
> we are facing difficulties trying to limit the rate at an interfaz in a
> 6509/SUP720 (IOS image s72033-pk9sv-mz.122-18.SXD1.bin).
>
> We want to limite the output rate at a Gigabit port connected directly to
> Customer Equipment. That port is configured at swithport mode, and we have
> all level 3 configuration at VLAN interface (1)
>
> In that vlan interface we have try 3 different configurations (2)  to
> establish the output rate limit, and while all of them should work, they
> dont, beacause the rate seen at the vlan interface is lower than the
> Gigabit
> interface, which is correct:
>
>
> 6.2#sh interfaces GigabitEthernet 1/11 | i rate
>  Queueing strategy: fifo
>  30 second input rate 221436000 bits/sec, 60004 packets/sec
>  30 second output rate 456426000 bits/sec, 67772 packets/sec
> 6.2#sh interfaces vlan20 | i rate
>  Queueing strategy: fifo
>  30 second input rate 228770000 bits/sec, 61961 packets/sec
>  30 second output rate 89869000 bits/sec, 23914 packets/sec
>
>
> As your can see, input rates are more or less the same in both interfaces,
> but output rate at vlan is a lot lower than the real value (shown at
> physical port), so all packets are getting conform policy applied,
> transmit,
> with no drops to reduce the rate.
>
> Which can be the cause of this issue?
>
> Theres also the chance to move layer3 config to physical interface, which
> would solve the issue as that interface can see correct rates.
>
>
>
> *******************************************
> (1) Relevant interface / general configuration
> *******************************************
>
> interface GigabitEthernet1/11
>  description CUSTOMER_Principal
>  no ip address
>  load-interval 30
>  switchport
>  switchport access vlan 20
>  switchport mode access
> end
> interface Vlan20
>  ip address 10.160.0.19 255.255.255.240
>  ip access-group 122 in
>  no ip redirects
>  ip wccp 97 redirect in
>  ip wccp 98 redirect in
>  ip multicast netflow egress
>  ip route-cache flow
>  no ip mroute-cache
>  load-interval 30
>  standby 55 ip 10.160.0.17
>  standby 55 priority 150
>  standby 55 preempt
> end
>
> mls ip multicast flow-stat-timer 9
> mls aging long 64
> mls aging normal 60
> mls flow ip destination-source
> no mls flow ipv6
> mls qos
> mls cef error action freeze
>
> *******************************************
> (2) Configuration to limit the output rate:
> *******************************************
>
> 1. rate-limit
>
> interface Vlan20
>  rate-limit output 425000000 212500 212500 conform-action transmit
> exceed-action drop
>
> 2. service-policy with rate-limit
>
> policy-map CUSTOMER_OUT
> class class-default
> police 425000000 conform-action transmit exceed-action drop
> !apply police to interfaz
> interface vlan20
>  service-policy output CUSTOMER
>
> 3. service-policy with aggregate policer
>
> mls qos aggregate-policer CUSTOMER_OUT 425000000 106250 conform-action
> transmit exceed-action drop
> !
> policy-map CUSTOMER_OUT
>  class class-default
>  police aggregate CUSTOMER_OUT
> !apply police to interfaz
> interface vlan20
>  service-policy output CUSTOMER
>
> Regards,
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************



More information about the cisco-nsp mailing list