[c-nsp] policy-maps on dCEF platforms

Mack McBride mack.mcbride at viawest.com
Thu Jun 10 12:29:43 EDT 2010


DFC line cards will rate limit independently of the PFC rate limiting (CFC line cards).
Software switched traffic will also be rate limited separately from DFC and PFC switched traffic.
This is true for all rate limited traffic including Control Plane Policing traffic.
You may get better results from a named aggregate policer which should all go through the PFC
but there may be caveats and I can't guaranty this will do what you want as the only documentation
is 6500 specific.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml

If someone has a 7600 link please post it.

LR Mack McBride
Network Architect
Viawest, Inc.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Artyom Viklenko
Sent: Wednesday, June 09, 2010 11:30 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] policy-maps on dCEF platforms

Hi, All!

I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
IOS 12.2(33)SRD4 Advanced IP Services

 From config:

!
policy-map xxxxxx
   class class-default
     police cir 10240000 bc 1920000 be 3840000
      conform-action transmit
      exceed-action drop
      violate-action drop
!
!
interface VlanYYY
  description Some Customer
  ip address x.x.x.x 255.255.255.252
  no ip redirects
  ip flow ingress
  no snmp trap link-status
  service-policy input xxxxxx
  service-policy output xxxxxx
end
!

Before upgrade we has only CFC-capble line cards in it
(WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
interfaces was according policy-maps.

Recently 4-port 10G card WS-X6704-10GE was replaced by
WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).

Incoming traffic comes via CFC line cards and via this
10GE DFC line card. So, on customer interface we have
some time nearly doubled rate.

I have read some docs on cisco.com and found explanation
how policyng works in such situation - each DFC-capable
linecard process service policy independently on ingress.

#sh policy-map int vlan YYY
...
   Service-policy output: xxxxxx

     class-map: class-default (match-any)
       Match: any
       police :
         10240000 bps 1920000 limit 1920000 extended limit
       Earl in slot 2 :
         108929538743 bytes
         5 minute offered rate 72568 bps
         aggregate-forwarded 108895170086 bytes action: transmit
         exceeded 34368657 bytes action: drop
         aggregate-forward 65368 bps exceed 0 bps
       Earl in slot 5 :
         252903936350 bytes
         5 minute offered rate 101144 bps
         aggregate-forwarded 252600188727 bytes action: transmit
         exceeded 303747623 bytes action: drop
         aggregate-forward 56304 bps exceed 0 bps
#


I try add command mls qos bridged but it doesn't help.

So the question is: Is it possible in some way to solve such
situation and control egress rate to customers with DFC line
cards?

Still trying to find any hints in Google... without success. :(

Thanks in advance!


-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net   | ================================
FreeBSD: The Power to Serve   -  http://www.freebsd.org
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list