[c-nsp] Fwd: Applying output rate limit at 6500/SUP720 platform
Manuel García Montero
magamo79 at gmail.com
Mon Jun 29 07:13:59 EDT 2009
Thanks for your answers,
i corrected the rates again (burst sizes in the mail where the last
ones configured after trying both 1.5 and 1 sec slots).
Still the same, without any ratelimit applied:
6.2#sh interfaces GigabitEthernet 1/11 | i rate
Queueing strategy: fifo
30 second input rate 261948000 bits/sec, 65584 packets/sec
30 second output rate 428618000 bits/sec, 71798 packets/sec
6.2#sh interfaces vlan20 | i rate
Queueing strategy: fifo
30 second input rate 255650000 bits/sec, 63221 packets/sec
30 second output rate 54892000 bits/sec, 18180 packets/sec
428Mbps at Gigabit vs 55Mbps at VLAN reported rates (this is without
ratelimit configured)
i have try the same in another cisco WS-C6509, this one running
s72033-advipservicesk9_wan-mz.122-18.SXF4.bin (equip with problems
runs s72033-pk9sv-mz.122-18.SXD1.bin):
6.1_2#sh interfaces GigabitEthernet 1/1 | i rate
Queueing strategy: fifo
5 minute input rate 21408000 bits/sec, 18199 packets/sec
5 minute output rate 168652000 bits/sec, 21165 packets/sec
6.1_2#sh interfaces vlan20 | i rate
Queueing strategy: fifo
5 minute input rate 21759000 bits/sec, 18313 packets/sec
5 minute output rate 167289000 bits/sec, 21033 packets/sec
this time reported rates are coherent.
Thanks again for your help.
On Mon, Jun 29, 2009 at 11:58 AM, Ziv Leyes <zivl at gilat.net> wrote:
>
> I've found that the best results are obtained by using the following formulas
> BC = BW / 8 * 1.5
> BE = BC
> In your case it will be
> 425000000 / 8 * 1.5 = 79687500
> So your rate-limit will look like this:
>
> interface Vlan20
> rate-limit output 425000000 79687500 79687500 conform-action transmit exceed-action drop
>
> Hope this helps,
> Ziv
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Manu Chao
> Sent: Monday, June 29, 2009 12:21 PM
> To: Manuel García Montero
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Applying output rate limit at 6500/SUP720 platform
>
> I think your burst-normal and burst-max values are badly estimated:
>
> burst-normal is the burst size in byte during 1 second of burst
> burst max = burst-normal x2
>
> Try that:
>
> interface Vlan20
> rate-limit output 425000000 80000000 160000000 conform-action transmit
> exceed-action drop
> R/
> Manu
> 2009/6/29 Manuel García Montero <magamo79 at gmail.com>
>
> > Hi,
> >
> > we are facing difficulties trying to limit the rate at an interfaz in a
> > 6509/SUP720 (IOS image s72033-pk9sv-mz.122-18.SXD1.bin).
> >
> > We want to limite the output rate at a Gigabit port connected directly to
> > Customer Equipment. That port is configured at swithport mode, and we have
> > all level 3 configuration at VLAN interface (1)
> >
> > In that vlan interface we have try 3 different configurations (2) to
> > establish the output rate limit, and while all of them should work, they
> > dont, beacause the rate seen at the vlan interface is lower than the
> > Gigabit
> > interface, which is correct:
> >
> >
> > 6.2#sh interfaces GigabitEthernet 1/11 | i rate
> > Queueing strategy: fifo
> > 30 second input rate 221436000 bits/sec, 60004 packets/sec
> > 30 second output rate 456426000 bits/sec, 67772 packets/sec
> > 6.2#sh interfaces vlan20 | i rate
> > Queueing strategy: fifo
> > 30 second input rate 228770000 bits/sec, 61961 packets/sec
> > 30 second output rate 89869000 bits/sec, 23914 packets/sec
> >
> >
> > As your can see, input rates are more or less the same in both interfaces,
> > but output rate at vlan is a lot lower than the real value (shown at
> > physical port), so all packets are getting conform policy applied,
> > transmit,
> > with no drops to reduce the rate.
> >
> > Which can be the cause of this issue?
> >
> > Theres also the chance to move layer3 config to physical interface, which
> > would solve the issue as that interface can see correct rates.
> >
> >
> >
> > *******************************************
> > (1) Relevant interface / general configuration
> > *******************************************
> >
> > interface GigabitEthernet1/11
> > description CUSTOMER_Principal
> > no ip address
> > load-interval 30
> > switchport
> > switchport access vlan 20
> > switchport mode access
> > end
> > interface Vlan20
> > ip address 10.160.0.19 255.255.255.240
> > ip access-group 122 in
> > no ip redirects
> > ip wccp 97 redirect in
> > ip wccp 98 redirect in
> > ip multicast netflow egress
> > ip route-cache flow
> > no ip mroute-cache
> > load-interval 30
> > standby 55 ip 10.160.0.17
> > standby 55 priority 150
> > standby 55 preempt
> > end
> >
> > mls ip multicast flow-stat-timer 9
> > mls aging long 64
> > mls aging normal 60
> > mls flow ip destination-source
> > no mls flow ipv6
> > mls qos
> > mls cef error action freeze
> >
> > *******************************************
> > (2) Configuration to limit the output rate:
> > *******************************************
> >
> > 1. rate-limit
> >
> > interface Vlan20
> > rate-limit output 425000000 212500 212500 conform-action transmit
> > exceed-action drop
> >
> > 2. service-policy with rate-limit
> >
> > policy-map CUSTOMER_OUT
> > class class-default
> > police 425000000 conform-action transmit exceed-action drop
> > !apply police to interfaz
> > interface vlan20
> > service-policy output CUSTOMER
> >
> > 3. service-policy with aggregate policer
> >
> > mls qos aggregate-policer CUSTOMER_OUT 425000000 106250 conform-action
> > transmit exceed-action drop
> > !
> > policy-map CUSTOMER_OUT
> > class class-default
> > police aggregate CUSTOMER_OUT
> > !apply police to interfaz
> > interface vlan20
> > service-policy output CUSTOMER
> >
> > Regards,
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
> ************************************************************************************
>
>
>
>
>
>
> ************************************************************************************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
> ************************************************************************************
>
More information about the cisco-nsp
mailing list