cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1366
Views
5
Helpful
8
Replies

Inter DC Policer not working

CSCO11095844
Level 1
Level 1

Hi,

 

I seem to be having some issues with my policers i have set up to police certain flows to limited bandwidth.  I have attached a simple diagram to illustrate the premise of what i am trying to do.

 

Essentially I have some servers in each location and they regularly transfer data between them,  to ensure that they do not flood my 2Gb Inter DC link I have applied an input service policy on the 10G router interfaces facing the switch on both sides of the link,  the ACL's to identify the traffic are a reversal of each other each side to capture traffic in both directions.  

 

I believe that these policers are not working at the moment,  when i look at the policy map stats there are no packets being matched by the policers etc.  Also i have Netflow stats from the routers that show the two end devices were causing congestion on the link which affected other apps.

 

Below are sanitised configs but are the same with names and IP's changed

 

Router A Config

class-map match-all CM_Loc_A_to_Loc_B
match access-group name Loc_A_to_Loc_B

policy-map PM_Loc_A_to_Loc_B
class CM_Loc_A_to_Loc_B
police 150000000 conform-action transmit exceed-action drop

ip access-list extended Loc_A_to_Loc_B
remark File transfer policer
permit ip object-group Location_A object-group Location_B

object-group network Location_A
10.10.10.0 255.255.255.0

object-group network Location_B
20.20.20.0 255.255.255.0


interface TenGigabitEthernet0/0/0
description Router A connection
no ip address
service-policy input PM_Loc_A_to_Loc_B
channel-group 1 mode active

interface TenGigabitEthernet0/0/1
description router A connection
no ip address
service-policy input PM_Loc_A_to_Loc_B
channel-group 1 mode active

----------------------------------------------------------

Router B Config

class-map match-all CM_Loc_B_to_Loc_A
match access-group name Loc_B_to_Loc_A

policy-map PM_Loc_B_to_Loc_A
class CM_Loc_B_to_Loc_A
police 150000000 conform-action transmit exceed-action drop

ip access-list extended Loc_B_to_Loc_A
remark File transfer policer
permit ip object-group Location_B object-group Location_A

object-group network Location_A
10.10.10.0 255.255.255.0

object-group network Location_B
20.20.20.0 255.255.255.0


interface TenGigabitEthernet0/0/0
description Router B connection
no ip address
service-policy input PM_Loc_B_to_Loc_A
channel-group 1 mode active

interface TenGigabitEthernet0/0/1
description router B connection
no ip address
service-policy input PM_Loc_B_to_Loc_A
channel-group 1 mode active

8 Replies 8

Jaderson Pessoa
VIP Alumni
VIP Alumni
Hello,

Check this link: https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/command/reference/fqos_r/qrfcmd6.html

i hope that it can help you.
Jaderson Pessoa
*** Rate All Helpful Responses ***

Hello,

 

what are Router A and Router B (e.g. Cisco 4331s) and what IOS version are you running ?

Hi,

 

They are ASR 1001-X and is running bootflash asr1001x-universalk9.03.16.03.S.155-3.S3-ext.SPA.bin

 

Thanks 

Neil

Hello,

 

here is your answer:

 

Restrictions for Traffic Policing
Traffic policing can be configured on an interface or a subinterface.
Traffic policing is not supported on the EtherChannel interfaces.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/qos_plcshp/configuration/xe-16/qos-plcshp-xe-16-book/qos-plcshp-trfc-plc.html#GUID-B9DF8260-272D-4D45-BE89-E795AA1EECF8

So I am not sure I follow,  the actual policer is applied to the physical interfaces.  So are we saying that because those interfaces are part of a etherchannel you cannot apply a policer?

 

 

As Pauwen said, you can not apply it on etherchannel, remove interfaces from LAG and apply it on physical interfaces.
Jaderson Pessoa
*** Rate All Helpful Responses ***

Hello,

 

try and replace:

 

police 150000000 conform-action transmit exceed-action drop

 

with

 

shape average percent 15 be 300 ms bc 400 ms

 

Policing is usually not a good idea anyway, since it will more or less abruptly cut off excess traffic, while shaping smoothes traffic bursts out much better...

Hello

As you are more concerned about the dc link utilization remove the policing from the switch to router PC and apply CBWFQ/ shaping egress on the wan router egress PC’s links 

 

This way in time of congestion classified egress traffic will be shaped accordingly to 150mb but not dropped and the dc link would be to also have an allocated CIR value applied with weighted fair queuing providing some degree of fairness to default traffic

 

Happy to provide Hqos example if need be


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card