Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3357
Views
3
Helpful
4
Replies

Cisco ACI Data Plane Policing

burghelea_mihai
Level 1
Level 1

‎12-23-2016 05:48 AM - edited ‎03-01-2019 05:07 AM

Hello everyone,

I have a question regarding the Data Plane Policing option in ACI. I would appreciate any help.

I have been working with ACI a while now but I never had the opportunity to try this feature out. I now have a customer that requires the ACI fabric to do bandwidth rate limit at the access of their fabric where their customers connect. I have seen that DPP is the way to do this.

I understand how it works I have done something similar on IOS devices. I would like to know if there is any way to do this at Layer 2 on per VLAN basis? There is a line in the documentation that says: "DPP policies applied to interfaces on border leaf switch access ports (l3extOut or l2extOut) are configured in the tenant (fvTenant) portion of the ACI fabric, and can be configured by a tenant administrator".

I could not find any way to apply this policy at the l2extOut. I know I could accomplish this at Layer 3 per subnet/l3 out but that would mean attaching the customers of my customer at layer 3 to the ACI fabric which is not desired. The ACI fabric will only be configured at Layer 2 for this service and pass traffic to upstream devices that will do the Layer 3.

Regards

Mihai Burghelea

Labels:
0 Helpful
4 Replies 4

Gaurav Gambhir
Cisco Employee
Cisco Employee

‎12-25-2016 11:57 AM

for l2extOut, you can configure the QOS policy under the l2extInstP

::::l2extInstP  :::

hope this helps.

burghelea_mihai
Level 1
Level 1
In response to Gaurav Gambhir

‎12-28-2016 04:35 AM

Hi Guarav,

Thank you for your reply. I am not looking for the QoS configuration under the l2extOut but for the Data Plane Policing configuration or more exact the Egress/Ingress Data Plane Policing Policy selection as there is for the l3extOut - see picture below.

I am expecting, from the text in the documentation to find something similar under the l2extOut configuration.

Let me know if there is anyway to do this under the l2extOut in this current version of code.

Regards

0 Helpful

Gaurav Gambhir
Cisco Employee
Cisco Employee
In response to burghelea_mihai

‎01-12-2017 01:42 PM

ok, there is no specific DPP for l2extOut. DPP can be configured for L2 port in access policies.

 FABRIC > Access Policies > Interface Policies > Policies > Data Plane Policing

refer :

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Configuring_Data_Plane_Policing_in_APIC.html#id_11896

0 Helpful

burghelea_mihai
Level 1
Level 1
In response to Gaurav Gambhir

‎01-13-2017 02:24 AM

Thank you for the reply Gaurav,

So again some of the documentation is a bit misleading, and looks like its talking about something that ACI might be capable in the future.

But that's ok , thank you for confirming.

Regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License