[c-nsp] 6500 policing
Jon Lewis
jlewis at lewis.org
Mon Aug 2 14:13:35 EDT 2010
On Mon, 2 Aug 2010, Justin M. Streiner wrote:
> On Mon, 2 Aug 2010, Jon Lewis wrote:
>
>> I'm having some trouble with policing on a 6500 (sup720-3bxl) on a
>> WS-X6416-GBIC port. The port is supposed to be rate-limited to 40mbit/s.
>> The physical port is configured as a layer 2 port tied to a single vlan
>> (switchport access vlan ...). Egress policing is applied to the SVI port
>>
>> interface Vlan2006
>> service-policy output 40mbit
>>
>> The policy-map is simply
>>
>> class-map match-any all
>> match ip dscp default
>> policy-map 40mbit
>> class all
>> police 40000000 4000000 4000000 conform-action transmit exceed-action
>> drop
>>
>> The interface counters really don't make much sense. show int g... shows
>> the physical port is doing 20-25mbit/s in each direction. show int vl2006
>> claims there's no input and 10mbit/s output traffic. I can live with the
>> vlan interface counters being bogus, but what I'm seeing is at 20-25mbit/s
>> output traffic on the gig port, output packets are being dropped and sh mls
>> qos ip g... shows policed packets incrementing at a pretty good rate.
>>
>> I'm tempted to reconfigure the physical ports as layer 3 ports to see if
>> that makes any difference.
>>
>> I'm doing similar policing on other interfaces and can't recall ever seeing
>> this behavior.
>
> What IOS version are you running?
I conveniently left that out...12.2(18)SXD7b. Getting a maintenance
window for the long overdue IOS update is non-trivial. If that weren't an
issue, I'd have it running at least 122-33.SXI1.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list