[c-nsp] policy-maps on dCEF platforms

Artyom Viklenko artem at aws-net.org.ua
Fri Jun 11 01:39:55 EDT 2010


11.06.2010 03:37, Tim Stevenson пишет:
> Hi Tony & all,
>
> There is no difference in behavior in any aggregate policer (named,
> shared, whatever) from the point of view of the enforcement point - ie,
> it is the *ingress* fwding engine (FE) that calculates the rate &
> performs the policing independently, for both ingress & egress policing.
>
> Thus if you have multiple FEs (as in the case of using DFCs), then you
> have multiple possible enforcement points and the aggregate allowed rate
> can be as high as <configured-rate> * <number-of-FEs>
>

Thanks to all who pay attention to my question.
I can only confirm that aggregate policer doesn't really help to.

Start to think to bring back WS-X6704GE with CFC to this customers
faced router...


Anyway, thanks!


> Hope that helps,
> Tim
>
>
>
> At 04:15 PM 6/10/2010, Tony mused:
>
>> The 7600 Software Config Guide contains the relevant section on
>> aggregate policers:
>>
>> <http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923>http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923
>>
>>
>> I'm not sure if it will do what you want, but certainly worth a try to
>> see what happens. I've just read it 3-4 times and my head hurts.
>>
>>
>>
>> regards,
>> Tony.
>>
>>
>> --- On Fri, 11/6/10, Mack McBride <mack.mcbride at viawest.com> wrote:
>>
>> From: Mack McBride <mack.mcbride at viawest.com>
>> Subject: Re: [c-nsp] policy-maps on dCEF platforms
>> To: "Artyom Viklenko" <artem at aws-net.org.ua>,
>> "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
>> Received: Friday, 11 June, 2010, 2:29 AM
>>
>> DFC line cards will rate limit independently of the PFC rate limiting
>> (CFC line cards).
>> Software switched traffic will also be rate limited separately from
>> DFC and PFC switched traffic.
>> This is true for all rate limited traffic including Control Plane
>> Policing traffic.
>> You may get better results from a named aggregate policer which should
>> all go through the PFC
>> but there may be caveats and I can't guaranty this will do what you
>> want as the only documentation
>> is 6500 specific.
>>
>> <http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml>http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml
>>
>>
>> If someone has a 7600 link please post it.
>>
>> LR Mack McBride
>> Network Architect
>> Viawest, Inc.
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net]
>> On Behalf Of Artyom Viklenko
>> Sent: Wednesday, June 09, 2010 11:30 PM
>> To: cisco-nsp at puck.nether.net
>> Subject: [c-nsp] policy-maps on dCEF platforms
>>
>> Hi, All!
>>
>> I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
>> IOS 12.2(33)SRD4 Advanced IP Services
>>
>> From config:
>>
>> !
>> policy-map xxxxxx
>> class class-default
>> police cir 10240000 bc 1920000 be 3840000
>> conform-action transmit
>> exceed-action drop
>> violate-action drop
>> !
>> !
>> interface VlanYYY
>> description Some Customer
>> ip address x.x.x.x 255.255.255.252
>> no ip redirects
>> ip flow ingress
>> no snmp trap link-status
>> service-policy input xxxxxx
>> service-policy output xxxxxx
>> end
>> !
>>
>> Before upgrade we has only CFC-capble line cards in it
>> (WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
>> interfaces was according policy-maps.
>>
>> Recently 4-port 10G card WS-X6704-10GE was replaced by
>> WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).
>>
>> Incoming traffic comes via CFC line cards and via this
>> 10GE DFC line card. So, on customer interface we have
>> some time nearly doubled rate.
>>
>> I have read some docs on cisco.com and found explanation
>> how policyng works in such situation - each DFC-capable
>> linecard process service policy independently on ingress.
>>
>> #sh policy-map int vlan YYY
>> ...
>> Service-policy output: xxxxxx
>>
>> class-map: class-default (match-any)
>> Match: any
>> police :
>> 10240000 bps 1920000 limit 1920000 extended limit
>> Earl in slot 2 :
>> 108929538743 bytes
>> 5 minute offered rate 72568 bps
>> aggregate-forwarded 108895170086 bytes action: transmit
>> exceeded 34368657 bytes action: drop
>> aggregate-forward 65368 bps exceed 0 bps
>> Earl in slot 5 :
>> 252903936350 bytes
>> 5 minute offered rate 101144 bps
>> aggregate-forwarded 252600188727 bytes action: transmit
>> exceeded 303747623 bytes action: drop
>> aggregate-forward 56304 bps exceed 0 bps
>> #
>>
>>
>> I try add command mls qos bridged but it doesn't help.
>>
>> So the question is: Is it possible in some way to solve such
>> situation and control egress rate to customers with DFC line
>> cards?
>>
>> Still trying to find any hints in Google... without success. :(
>>
>> Thanks in advance!
>>
>>
>> --
>> Sincerely yours,
>> Artyom Viklenko.
>> -------------------------------------------------------
>> artem at aws-net.org.ua |
>> <http://www.aws-net.org.ua/~artem>http://www.aws-net.org.ua/~artem
>> artem at viklenko.net | ================================
>> FreeBSD: The Power to Serve -
>> <http://www.freebsd.org>http://www.freebsd.org
>>
>>
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>
>> archive at
>> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
>
>
> Tim Stevenson, tstevens at cisco.com
> Routing & Switching CCIE #5561
> Technical Marketing Engineer, Cisco Nexus 7000
> Cisco - http://www.cisco.com
> IP Phone: 408-526-6759
> ********************************************************
> The contents of this message may be *Cisco Confidential*
> and are intended for the specified recipients only.
>
>


-- 
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------
artem at aws-net.org.ua | http://www.aws-net.org.ua/~artem
artem at viklenko.net   | ================================
FreeBSD: The Power to Serve   -  http://www.freebsd.org


More information about the cisco-nsp mailing list