03-09-2006 03:54 PM - edited 03-03-2019 02:12 AM
Hi,
I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:
class-map match-all ALL-TRAFFIC
match access-group 1
!
policy-map 10mbs
class ALL-TRAFFIC
police 10000000 65536 exceed-action drop
!
access-list 1 permit any
Here's the interface config:
interface FastEthernet0/24
switchport access vlan 53
load-interval 30
service-policy input 10mbs
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree link-type point-to-point
!
What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.
I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.
03-09-2006 03:58 PM
It may not be the policer that is the issue - what happens if you try the transfer without the policer applied ? What sort of rate do you get ?
Paresh
03-10-2006 04:19 AM
Without the policer, I can get between 50 to 60Mb/s transfer rates. If I boost the policer up to 25000000, I can get marginally better results, transferring around 2.5Mb/s.
03-10-2006 04:50 AM
Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).
Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.
HTH
Andy
03-10-2006 05:07 AM
Actually, I have tried this and I see quite the opposite occurring. I end up being able to push *more* than the 10Mb/s policer rate.
03-10-2006 04:57 AM
An Ethereal capture shows with the policer applied, some out-of-order TCP segments, but not a lot. I do see a huge amount of retransmissions and duplicate ACKs, which would account for the slow throughput. However, I wouldn't expect the policer to be limiting at such a low rate, in effect, causing these retransmissions to constantly occur.
I even went so far as to limit the FTP transfer software to only upload at 2.4Mb/s, well under the 10Mb/s limit, but that didn't produce any different results.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide