cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1722
Views
0
Helpful
5
Replies

2950 Traffic Policing

evantol
Level 1
Level 1

Hi,

I'm trying to configure traffic policing on a Catalyst 2950. The config is pretty straight-forward, or so I thought. I need to set up several policy-maps, each one policing traffic at different levels (5meg, 10meg, 20meg, etc.). My problem is, anything above 1Meg just doesn't seem to work as expected. Here's my config for a 10Meg policer:

class-map match-all ALL-TRAFFIC

match access-group 1

!

policy-map 10mbs

class ALL-TRAFFIC

police 10000000 65536 exceed-action drop

!

access-list 1 permit any

Here's the interface config:

interface FastEthernet0/24

switchport access vlan 53

load-interval 30

service-policy input 10mbs

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree link-type point-to-point

!

What happens is, when uploading files from the server attached to this port (ingress to the switch), my throughput is nowhere near 10Mb/s. I only end up getting about 2Mb/s consistently, with a large 600MB ISO file transfer.

I've configured policers before in routers and other types of switches and I would at least get around 7 to 8Mb/s, if not immediately, after some time, due to TCP's native congestion avoidance. I may be missing something blatantly obvious, though, as I've been wrestling with this the past few hours.

5 Replies 5

pkhatri
Level 11
Level 11

It may not be the policer that is the issue - what happens if you try the transfer without the policer applied ? What sort of rate do you get ?

Paresh

Without the policer, I can get between 50 to 60Mb/s transfer rates. If I boost the policer up to 25000000, I can get marginally better results, transferring around 2.5Mb/s.

Although the page is about the 3550 I think most of the information is relevent to the 2950 as well (although the 2950 doesn't support the granularity of the 3550).

http://www.cisco.com/en/US/partner/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml

Have you tried using non connection-oriented traffic (UDP) to see what rates you achieve? I suspect TCP is probably suffering due to the policer dropping the packets.

HTH

Andy

Actually, I have tried this and I see quite the opposite occurring. I end up being able to push *more* than the 10Mb/s policer rate.

An Ethereal capture shows with the policer applied, some out-of-order TCP segments, but not a lot. I do see a huge amount of retransmissions and duplicate ACKs, which would account for the slow throughput. However, I wouldn't expect the policer to be limiting at such a low rate, in effect, causing these retransmissions to constantly occur.

I even went so far as to limit the FTP transfer software to only upload at 2.4Mb/s, well under the 10Mb/s limit, but that didn't produce any different results.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco