[c-nsp] Policing IPv6 on LNS
Steve Glendinning
steve at netthatworks.com
Tue Feb 25 06:02:00 EST 2014
Hi all,
I have a test LNS in the lab and I'm trying to configure per-session
> policing, controlled by RADIUS. I can successfully get the policy
> applied but whatever I do it seems to only police IPv4.
>
> I'm using a 7200 (NPE-400) running 15.1(3)S3.
>
Just to confirm this behaviour is still present in 15.2(4)S4 on c7200. QOS
policers applied to VPDN sessions only ever apply to IPv4 traffic, IPv6 is
completely unpoliced.
It seems that IPv6 as a protocol is just never matched, in either a class
specifically to catch IPv6 or in class-default.
class-map match-any IP6_ONLY
match protocol ipv6
policy-map POLICE-1Mbit
class IP6_ONLY
police cir 1024000 bc 64000
conform-action transmit
exceed-action drop
class class-default
police cir 1024000 bc 64000
conform-action transmit
exceed-action drop
Service-policy input: POLICE-1Mbit
Class-map: IP6_ONLY (match-any)
0 packets, 0 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: protocol ipv6
0 packets, 0 bytes
30 second rate 0 bps
This isn't great, to roll out IPv6 to customers we have to give them
unlimited speed on IPv6. Now I appreciate that's a good incentive for
customers to migrate to IPv6 but I'd rather have the control :-)
--
Steve Glendinning
More information about the cisco-nsp
mailing list