[c-nsp] policy-maps on dCEF platforms

Tim Stevenson tstevens at cisco.com
Thu Jun 10 20:37:09 EDT 2010


Hi Tony & all,

There is no difference in behavior in any aggregate policer (named, 
shared, whatever) from the point of view of the enforcement point - 
ie, it is the *ingress* fwding engine  (FE) that calculates the rate 
& performs the policing independently, for both ingress & egress policing.

Thus if you have multiple FEs (as in the case of using DFCs), then 
you have multiple possible enforcement points and the aggregate 
allowed rate can be as high as <configured-rate> * <number-of-FEs>

Hope that helps,
Tim



At 04:15 PM 6/10/2010, Tony mused:

>The 7600 Software Config Guide contains the relevant section on 
>aggregate policers:
>
><http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923>http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923
>
>I'm not sure if it will do what you want, but certainly worth a try 
>to see what happens. I've just read it 3-4 times and my head hurts.
>
>
>
>regards,
>Tony.
>
>
>--- On Fri, 11/6/10, Mack McBride <mack.mcbride at viawest.com> wrote:
>
>From: Mack McBride <mack.mcbride at viawest.com>
>Subject: Re: [c-nsp] policy-maps on dCEF platforms
>To: "Artyom Viklenko" <artem at aws-net.org.ua>, 
>"cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
>Received: Friday, 11 June, 2010, 2:29 AM
>
>DFC line cards will rate limit independently of the PFC rate 
>limiting (CFC line cards).
>Software switched traffic will also be rate limited separately from 
>DFC and PFC switched traffic.
>This is true for all rate limited traffic including Control Plane 
>Policing traffic.
>You may get better results from a named aggregate policer which 
>should all go through the PFC
>but there may be caveats and I can't guaranty this will do what you 
>want as the only documentation
>is 6500 specific.
>
><http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml>http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml
>
>If someone has a 7600 link please post it.
>
>LR Mack McBride
>Network Architect
>Viawest, Inc.
>
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net 
>[<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net] 
>On Behalf Of Artyom Viklenko
>Sent: Wednesday, June 09, 2010 11:30 PM
>To: cisco-nsp at puck.nether.net
>Subject: [c-nsp] policy-maps on dCEF platforms
>
>Hi, All!
>
>I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
>IOS 12.2(33)SRD4 Advanced IP Services
>
>  From config:
>
>!
>policy-map xxxxxx
>    class class-default
>      police cir 10240000 bc 1920000 be 3840000
>       conform-action transmit
>       exceed-action drop
>       violate-action drop
>!
>!
>interface VlanYYY
>   description Some Customer
>   ip address x.x.x.x 255.255.255.252
>   no ip redirects
>   ip flow ingress
>   no snmp trap link-status
>   service-policy input xxxxxx
>   service-policy output xxxxxx
>end
>!
>
>Before upgrade we has only CFC-capble line cards in it
>(WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
>interfaces was according policy-maps.
>
>Recently 4-port 10G card WS-X6704-10GE was replaced by
>WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).
>
>Incoming traffic comes via CFC line cards and via this
>10GE DFC line card. So, on customer interface we have
>some time nearly doubled rate.
>
>I have read some docs on cisco.com and found explanation
>how policyng works in such situation - each DFC-capable
>linecard process service policy independently on ingress.
>
>#sh policy-map int vlan YYY
>...
>    Service-policy output: xxxxxx
>
>      class-map: class-default (match-any)
>        Match: any
>        police :
>          10240000 bps 1920000 limit 1920000 extended limit
>        Earl in slot 2 :
>          108929538743 bytes
>          5 minute offered rate 72568 bps
>          aggregate-forwarded 108895170086 bytes action: transmit
>          exceeded 34368657 bytes action: drop
>          aggregate-forward 65368 bps exceed 0 bps
>        Earl in slot 5 :
>          252903936350 bytes
>          5 minute offered rate 101144 bps
>          aggregate-forwarded 252600188727 bytes action: transmit
>          exceeded 303747623 bytes action: drop
>          aggregate-forward 56304 bps exceed 0 bps
>#
>
>
>I try add command mls qos bridged but it doesn't help.
>
>So the question is: Is it possible in some way to solve such
>situation and control egress rate to customers with DFC line
>cards?
>
>Still trying to find any hints in Google... without success. :(
>
>Thanks in advance!
>
>
>--
>             Sincerely yours,
>                              Artyom Viklenko.
>-------------------------------------------------------
>artem at aws-net.org.ua | 
><http://www.aws-net.org.ua/~artem>http://www.aws-net.org.ua/~artem
>artem at viklenko.net   | ================================
>FreeBSD: The Power to 
>Serve   -  <http://www.freebsd.org>http://www.freebsd.org
>
>
>
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at 
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/




Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.




More information about the cisco-nsp mailing list