[c-nsp] Applying output rate limit at 6500/SUP720 platform

Ian MacKinnon Ian.Mackinnon at lumison.net
Mon Jun 29 06:26:32 EDT 2009


Watch out!
If your bc and be are the same it might not apply to the tcam properly :-
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html#wp4208036

With Release 12.2(33)SXI and later releases where CSCso97991 is not resolved, you must configure an appropriate burst size when you configure QoS policing on WAN ports. Do not rely on the burst size calculated by QoS

Ian

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ziv Leyes
Sent: 29 June 2009 10:58
To: Manu Chao; Manuel García Montero
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Applying output rate limit at 6500/SUP720 platform

I've found that the best results are obtained by using the following formulas
BC = BW / 8 * 1.5
BE = BC
In your case it will be
425000000 / 8 * 1.5 = 79687500
So your rate-limit will look like this:

interface Vlan20
 rate-limit output 425000000 79687500 79687500 conform-action transmit exceed-action drop

Hope this helps,
Ziv

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
Sent: Monday, June 29, 2009 12:21 PM
To: Manuel García Montero
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Applying output rate limit at 6500/SUP720 platform

I think your burst-normal and burst-max values are badly estimated:

burst-normal is the burst size in byte during 1 second of burst
burst max = burst-normal x2

Try that:

interface Vlan20
 rate-limit output 425000000 80000000 160000000 conform-action transmit
exceed-action drop
R/
Manu
2009/6/29 Manuel García Montero <magamo79 at gmail.com>

> Hi,
>
> we are facing difficulties trying to limit the rate at an interfaz in a
> 6509/SUP720 (IOS image s72033-pk9sv-mz.122-18.SXD1.bin).
>
> We want to limite the output rate at a Gigabit port connected directly to
> Customer Equipment. That port is configured at swithport mode, and we have
> all level 3 configuration at VLAN interface (1)
>
> In that vlan interface we have try 3 different configurations (2)  to
> establish the output rate limit, and while all of them should work, they
> dont, beacause the rate seen at the vlan interface is lower than the
> Gigabit
> interface, which is correct:
>
>
> 6.2#sh interfaces GigabitEthernet 1/11 | i rate
>  Queueing strategy: fifo
>  30 second input rate 221436000 bits/sec, 60004 packets/sec
>  30 second output rate 456426000 bits/sec, 67772 packets/sec
> 6.2#sh interfaces vlan20 | i rate
>  Queueing strategy: fifo
>  30 second input rate 228770000 bits/sec, 61961 packets/sec
>  30 second output rate 89869000 bits/sec, 23914 packets/sec
>
>
> As your can see, input rates are more or less the same in both interfaces,
> but output rate at vlan is a lot lower than the real value (shown at
> physical port), so all packets are getting conform policy applied,
> transmit,
> with no drops to reduce the rate.
>
> Which can be the cause of this issue?
>
> Theres also the chance to move layer3 config to physical interface, which
> would solve the issue as that interface can see correct rates.
>
>
>
> *******************************************
> (1) Relevant interface / general configuration
> *******************************************
>
> interface GigabitEthernet1/11
>  description CUSTOMER_Principal
>  no ip address
>  load-interval 30
>  switchport
>  switchport access vlan 20
>  switchport mode access
> end
> interface Vlan20
>  ip address 10.160.0.19 255.255.255.240
>  ip access-group 122 in
>  no ip redirects
>  ip wccp 97 redirect in
>  ip wccp 98 redirect in
>  ip multicast netflow egress
>  ip route-cache flow
>  no ip mroute-cache
>  load-interval 30
>  standby 55 ip 10.160.0.17
>  standby 55 priority 150
>  standby 55 preempt
> end
>
> mls ip multicast flow-stat-timer 9
> mls aging long 64
> mls aging normal 60
> mls flow ip destination-source
> no mls flow ipv6
> mls qos
> mls cef error action freeze
>
> *******************************************
> (2) Configuration to limit the output rate:
> *******************************************
>
> 1. rate-limit
>
> interface Vlan20
>  rate-limit output 425000000 212500 212500 conform-action transmit
> exceed-action drop
>
> 2. service-policy with rate-limit
>
> policy-map CUSTOMER_OUT
> class class-default
> police 425000000 conform-action transmit exceed-action drop
> !apply police to interfaz
> interface vlan20
>  service-policy output CUSTOMER
>
> 3. service-policy with aggregate policer
>
> mls qos aggregate-policer CUSTOMER_OUT 425000000 106250 conform-action
> transmit exceed-action drop
> !
> policy-map CUSTOMER_OUT
>  class class-default
>  police aggregate CUSTOMER_OUT
> !apply police to interfaz
> interface vlan20
>  service-policy output CUSTOMER
>
> Regards,
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

--

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted.  Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison.
Finally, the recipient should check this email and any attachments for the
presence of viruses.  Lumison accept no liability for any
damage caused by any virus transmitted by this email.


More information about the cisco-nsp mailing list