[c-nsp] Police or shape switched traffic in Cisco Catalyst 3750 series switches

Alex Pressé alex.presse at gmail.com
Tue Jan 13 13:38:30 EST 2015 

Make sure to turn on qos features. Use "mls qos" in global config.

On Tue, Jan 13, 2015 at 9:51 AM, Martin T <m4rtntns at gmail.com> wrote:

> Hi,
>
> I tried few options to police or shape traffic in Cisco Catalyst 3750
> series switches:
>
> 1) Storm-control for unicast, multicast and broadcast traffic. As
> expected, this basically does not work in case of UDP traffic as all
> the traffic is allowed up to a point where storm-control rising
> threshold is reached and after that all the unicast traffic is
> blocked. In case of TCP, congestion control would kick in and traffic
> would reduce to a level where unicast traffic is no longer blocked,
> i.e. port would flap between forward and block states. However, as UDP
> has no congestion control, this does not work.
> For TCP I also got bit unexpected results. In case of topology:
>
> Iperf_client <-> [Gi1/0/1]switch1 <-> switch2[Gi1/0/1] <-> Iperf_server
>
> ..where ports Gi1/0/1 in both switches had "storm-control unicast
> level bps 20m" configured, I received bandwidth well over 100Mbps:
>
>
> root at localhost:~# iperf -c 10.10.10.2 -fm -d -t 60
> ------------------------------------------------------------
> Server listening on TCP port 5001
> TCP window size: 0.08 MByte (default)
> ------------------------------------------------------------
> ------------------------------------------------------------
> Client connecting to 10.10.10.2, TCP port 5001
> TCP window size: 0.09 MByte (default)
> ------------------------------------------------------------
> [  5] local 10.10.10.1 port 40496 connected with 10.10.10.2 port 5001
> [  4] local 10.10.10.1 port 5001 connected with 10.10.10.2 port 37359
> [ ID] Interval       Transfer     Bandwidth
> [  4]  0.0-60.4 sec  1286 MBytes   178 Mbits/sec
> [  5]  0.0-60.6 sec  1014 MBytes   140 Mbits/sec
> root at localhost:~#
>
> As expected, Gi1/0/1 in both switches was blocking and forwarding
> unicast traffic with few seconds intervals, but I'm bit surprised by
> high bandwidth results. How to explain this?
>
>
> 2) "srr-queue bandwidth limit" under interface configuration seems to
> work fine. However, it allows only egress policing.
>
>
> 3) I configured a policy-map which I applied to a switch-port in
> "input" direction, but for some reason it had no affect:
>
> WS-C3750G-24TS#sh policy-map POLICED-TRAFFIC
>   Policy Map POLICED-TRAFFIC
>       Description: 100Mbps policer
>     Class class-default
>       police 100000000 8000 exceed-action drop
> WS-C3750G-24TS#sh policy-map interface Gi1/0/1
>  GigabitEthernet1/0/1
>
>   Service-policy input: POLICED-TRAFFIC
>
>     Class-map: class-default (match-any)
>       0 packets, 0 bytes
>       30 second offered rate 0 bps, drop rate 0 bps
>       Match: any
>         0 packets, 0 bytes
>         30 second rate 0 bps
> WS-C3750G-24TS#
>
> Are policy-maps supported for switched traffic?
>
>
> Last but not least, are there any additional possibilities to
> police/shape traffic in Cisco Catalyst 3750 series switches?
>
>
> thanks,
> Martin
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
Alex Presse
"How much net work could a network work if a network could net work?"

More information about the cisco-nsp mailing list