Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
459
Views
5
Helpful
2
Replies

Traffic policing on ES20 cards

abgromov
Level 1
Level 1

‎07-13-2015 06:16 AM

Hi all. I have Cisco 7606S-RSP720 with ES20 card and latest 15S. Is it possible to apply service policy on SVI interface to police all traffic on VPLS VFI?

I am trying to configure traffic policing on a 7609 with ES20 line card - however it doesn't appear to be working.

When I generate traffic in one direction only (212.176.120.203->212.176.120.202 or 212.176.120.202->212.176.120.203), this policer works correctly. But with two-way traffic it's  working in one direction only. Allmost all traffic had  dropped in other direction.

!

policy-map vlan1010
class class-default
police 1000000 8000 conform-action transmit exceed-action drop

!

l2 vfi vlan1010 manual

vpn id 1010

neighbor 212.176.120.203 1013 encapsulation mpls no-split-horion

neighbor 212.176.120.202 1012 encapsulation mpls np-split-horizon

!

interface Vlan1010
xconnect vfi vlan1010
mtu 9000

service-policy output vlan1010

!

Labels:
0 Helpful
2 Replies 2

Vinit Jain
Cisco Employee
Cisco Employee

‎07-13-2015 10:05 AM

Hello,

I noticed that you already have a case opened with Cisco TAC on this issue. I have seen similar issue in the past where it was not supported properly on SVI but I will leave it on the TAC engineer to comment on.

Can you try to implement aggregate policer on the ingress interface. I think this solution should scale well. Below is the link for aggregate policers.

http://www.cisco.com/c/en/us/td/docs/routers/7600/ios/15S/configuration/guide/7600_15_0s_book/qos.html#pgfId-1571923

Secondly, you can do marking on ingress and shape directly on the egress LC.

Hope this helps.

Vinit

Thanks
--Vinit

abgromov
Level 1
Level 1
In response to Vinit Jain

‎07-16-2015 02:02 AM

Hi Vinit,

Thanks a lot for you. 

I have tested new policy-map configuration:

mls qos

mls qos aggregate-policer POLICER 20000000 16000 16000 conform-action transmit exceed-action drop

 

policy-map POLICER

class class-default

     police aggregate POLICER

 

l2 vfi vpls1010 manual

 vpn id 1010

neighbor XXX.XXX.XXX.XXX  PW_ID encapsulation mpls no-split-horizon

...

neighbor XXX.XXX.XXX.XXX PW_ID encapsulation mpls no-split-horizon

 

 

interface Vlan1010

description --- XXXXXXXXXXXXXXX ---

mtu 1546

bandwidth 20000

no ip address

load-interval 30

xconnect vfi vpls1010

service-policy output POLICER

end

 

It seems working now, but traffic is distributed among 10 neighbors with unequal costs.

0 Helpful
Customers Also Viewed These Support Documents