[c-nsp] policy-maps on dCEF platforms
Mack McBride
mack.mcbride at viawest.com
Thu Jun 10 12:29:43 EDT 2010
DFC line cards will rate limit independently of the PFC rate limiting (CFC line cards).
Software switched traffic will also be rate limited separately from DFC and PFC switched traffic.
This is true for all rate limited traffic including Control Plane Policing traffic.
You may get better results from a named aggregate policer which should all go through the PFC
but there may be caveats and I can't guaranty this will do what you want as the only documentation
is 6500 specific.
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml
If someone has a 7600 link please post it.
LR Mack McBride
Network Architect
Viawest, Inc.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Artyom Viklenko
Sent: Wednesday, June 09, 2010 11:30 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] policy-maps on dCEF platforms
Hi, All!
I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
IOS 12.2(33)SRD4 Advanced IP Services
From config:
!
policy-map xxxxxx
class class-default
police cir 10240000 bc 1920000 be 3840000
conform-action transmit
exceed-action drop
violate-action drop
!
!
interface VlanYYY
description Some Customer
ip address x.x.x.x 255.255.255.252
no ip redirects
ip flow ingress
no snmp trap link-status
service-policy input xxxxxx
service-policy output xxxxxx
end
!
Before upgrade we has only CFC-capble line cards in it
(WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
interfaces was according policy-maps.
Recently 4-port 10G card WS-X6704-10GE was replaced by
WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).
Incoming traffic comes via CFC line cards and via this
10GE DFC line card. So, on customer interface we have
some time nearly doubled rate.
I have read some docs on cisco.com and found explanation
how policyng works in such situation - each DFC-capable
linecard process service policy independently on ingress.
#sh policy-map int vlan YYY
...
Service-policy output: xxxxxx
class-map: class-default (match-any)
Match: any
police :
10240000 bps 1920000 limit 1920000 extended limit
Earl in slot 2 :
108929538743 bytes
5 minute offered rate 72568 bps
aggregate-forwarded 108895170086 bytes action: transmit
exceeded 34368657 bytes action: drop
aggregate-forward 65368 bps exceed 0 bps
Earl in slot 5 :
252903936350 bytes
5 minute offered rate 101144 bps
aggregate-forwarded 252600188727 bytes action: transmit
exceeded 303747623 bytes action: drop
aggregate-forward 56304 bps exceed 0 bps
#
I try add command mls qos bridged but it doesn't help.
So the question is: Is it possible in some way to solve such
situation and control egress rate to customers with DFC line
cards?
Still trying to find any hints in Google... without success. :(
Thanks in advance!
--
Sincerely yours,
Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net | ================================
FreeBSD: The Power to Serve - http://www.freebsd.org
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list