03-09-2006 03:54 PM - edited 03-03-2019 02:12 AM
Hi,
I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:
class-map match-all ALL-TRAFFIC
match access-group 1
!
policy-map 10mbs
class ALL-TRAFFIC
police 10000000 65536 exceed-action drop
!
access-list 1 permit any
Here's the interface config:
interface FastEthernet0/24
switchport access vlan 53
load-interval 30
service-policy input 10mbs
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree link-type point-to-point
!
What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.
I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.
03-09-2006 03:58 PM
It may not be the policer that is the issue - what happens if you try the transfer without the policer applied ? What sort of rate do you get ?
Paresh
03-10-2006 04:19 AM
Without the policer, I can get between 50 to 60Mb/s transfer rates. If I boost the policer up to 25000000, I can get marginally better results, transferring around 2.5Mb/s.
03-10-2006 04:50 AM
Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).
Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.
HTH
Andy
03-10-2006 05:07 AM
Actually, I have tried this and I see quite the opposite occurring. I end up being able to push *more* than the 10Mb/s policer rate.
03-10-2006 04:57 AM
An Ethereal capture shows with the policer applied, some out-of-order TCP segments, but not a lot. I do see a huge amount of retransmissions and duplicate ACKs, which would account for the slow throughput. However, I wouldn't expect the policer to be limiting at such a low rate, in effect, causing these retransmissions to constantly occur.
I even went so far as to limit the FTP transfer software to only upload at 2.4Mb/s, well under the 10Mb/s limit, but that didn't produce any different results.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: