[c-nsp] Limiting Interface Traffic

[Bill Blackford]

I am trying to get a working configuration that can limit traffic bandwidth to a fixed rate in both ingress and egress directions on a given interface. I have customer handoffs that I'm linking at 1g and need to limit to 200M, 100M each, etc.

My platform is a fixed switch, Cisco 3750G. I know I can't apply a service-policy outbound (only inbound) so I'm looking at other options.

I've configured 'mls qos' 

I am testing with a single flow using Iperf (two hosts).

options:

1. rate-limit command. This doesn't appear to do anything. Either direction does not seem to be limiting anything. Is this due to the single flow?

2. srr-queue bandwidth 20 (I want to limit a 1gig to 200M in this case). This works fine on egress, does nothing on ingress. Does srr-queue introduce any performance/latency issues?

3. Policy-map. Applying a policy-map as a service-policy input, I see that limiting is happening (ingress) but not at the rate I specified.
Can policing input start to reach the configured limit when using multiple flows? IOW, I'm only getting 36M (not 200M) testing with a single flow.

I could use a combination of srr-queue which seems to work for egress and policing which is doing something for ingress. I just think the behavior of the policing (option 3) is odd.

In a perfect world, I would love to be able to mimic the behavior of using policers both input and output as I do on my 6500 (ws-6748-ge-tx), but that platform is not an option in this example due to budget, etc.


While on this subject, what is a recommended lower cost customer aggregation platform?

Thanks,

-b


--
Bill Blackford                     
Senior Network Engineer            
Technology Systems Group           
Northwest Regional ESD             

Logged into reality and abusing my sudo priviledges