cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
595
Views
5
Helpful
8
Replies

6509 Microflow Policing

dgahm
Level 8
Level 8

I am configuring microflow policing on a 6509 with Sup2, PFC2, and CatOS 7.3.1. It works with an ICMP ACE, but not with IP or TCP. Aggregate policing works fine with IP or TCP using port or vlan base QOS.

The config is basically the same for microflow or aggregate, so I'm thinking bugs, but a search turned up nothing.

Anybody run into this?

8 Replies 8

didyap
Level 6
Level 6

Microflow policing does not support policing of identical flows arriving on different interfaces simultaneously. Attempts to do so lead to incorrectly policied flows.So just check the configuration once again for identical flows.The following link has more details

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/relnotes/ol_1982.pdf

szahid
Level 3
Level 3

Hi David -

Could you provide the configuration and the output from following two commands.

show qos statistics l3stats

show mls entry qos short

Thanks

Salman Z.

Cisco Systems

Salman,

Thanks for the response.

My goal is to limit any single Citrix session to a set bandwidth with burst, and drop excess. For testing purposes I have dropped the rate and burst down as low as possible, just to ensure I would drop packets if it was working. Port 8/47 is connected to the Citrix server sourcing the session. Host 10.234.8.8 is the clent PC which was connected to a Web site that was streaming an ad at about 900kb/s. I have also tried using VLAN based QOS, and mapping it to the server VLAN.

set qos policer microflow CitrixMicro rate 32 burst 1 drop

set qos acl ip WANpolice trust-dscp microflow CitrixMicro ip any host 10.234.8.8

set qos acl map WANpolice 8/47

AN-J2-SC6509 (enable) sh qos statistics l3stats

Packets dropped due to policing: 1284

IP packets with ToS changed: 9663580220

IP packets with CoS changed: 54499904879

Non-IP packets with CoS changed: 0

The dropped count did not change. Those 1284 dropped occurred when I used aggregate rather than microflow.

AN-J2-SC6509 (enable) show mls entry qos short

Destination-IP Source-IP Prot DstPrt SrcPrt Uptime Age

--------------- --------------- ----- ------ ------ -------- --------

IP bridged entries:

Total of 10479 microflow entries (0 bridged)

Only out of the profile MLS entries are displayed

I never got any output here.

The server connects to a 6348. Is it possible some modules do not support microflow?

David -

I will test this in the lab and let you know what results I get .

Also I notice that you are setting the bucket size too low. It should atleast be greater then the minimum MTU size . I would suggest atleast keep it 3 * MTU size = 3 * 1500 = 4500 bytes .

If you set the bucket size to less then the minimum MTU size , it would not be able to police .

As I said , I will get back with the lab testing result.

thanks

Salman Z.

Salman,

I started with a realistic burst size but kept cranking it down. It is my understanding that with it set for 1k, any packet exceeding 1000 bytes would be out of profile, and dropped.

Thanks for taking the time to test this!

David -

I tested the configuration in the lab and it works fine.

here are my outputs

Console> (enable) sh mls entry qos short

Destination-IP Source-IP Prot DstPrt SrcPrt Uptime Age

--------------- --------------- ----- ------ ------ -------- --------

IP bridged entries:

10.10.10.20 10.10.10.1 TCP 2 1 00:01:50 00:01:34

Stat-Pkts : 183

Stat-Bytes : 8418

Excd-Pkts : 2817

Stat-Bkts : 1219

Total of 1 microflow entries (1 bridged)

Only out of the profile MLS entries are displayed]

Now what I think is happening in your case is you are not using the following command.

set qos bridged-microflow-policing

The above command is required for microflow policers if the traffic within the same vlan is to be policed.

Please add the above command and see if that fixes the issue.

Thanks

SZ

They need to show that command in some of the examples.

Thanks for your help!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: