02-28-2019 05:38 AM
Hi,
I seem to be having some issues with my policers i have set up to police certain flows to limited bandwidth. I have attached a simple diagram to illustrate the premise of what i am trying to do.
Essentially I have some servers in each location and they regularly transfer data between them, to ensure that they do not flood my 2Gb Inter DC link I have applied an input service policy on the 10G router interfaces facing the switch on both sides of the link, the ACL's to identify the traffic are a reversal of each other each side to capture traffic in both directions.
I believe that these policers are not working at the moment, when i look at the policy map stats there are no packets being matched by the policers etc. Also i have Netflow stats from the routers that show the two end devices were causing congestion on the link which affected other apps.
Below are sanitised configs but are the same with names and IP's changed
Router A Config
class-map match-all CM_Loc_A_to_Loc_B
match access-group name Loc_A_to_Loc_B
policy-map PM_Loc_A_to_Loc_B
class CM_Loc_A_to_Loc_B
police 150000000 conform-action transmit exceed-action drop
ip access-list extended Loc_A_to_Loc_B
remark File transfer policer
permit ip object-group Location_A object-group Location_B
object-group network Location_A
10.10.10.0 255.255.255.0
object-group network Location_B
20.20.20.0 255.255.255.0
interface TenGigabitEthernet0/0/0
description Router A connection
no ip address
service-policy input PM_Loc_A_to_Loc_B
channel-group 1 mode active
interface TenGigabitEthernet0/0/1
description router A connection
no ip address
service-policy input PM_Loc_A_to_Loc_B
channel-group 1 mode active
----------------------------------------------------------
Router B Config
class-map match-all CM_Loc_B_to_Loc_A
match access-group name Loc_B_to_Loc_A
policy-map PM_Loc_B_to_Loc_A
class CM_Loc_B_to_Loc_A
police 150000000 conform-action transmit exceed-action drop
ip access-list extended Loc_B_to_Loc_A
remark File transfer policer
permit ip object-group Location_B object-group Location_A
object-group network Location_A
10.10.10.0 255.255.255.0
object-group network Location_B
20.20.20.0 255.255.255.0
interface TenGigabitEthernet0/0/0
description Router B connection
no ip address
service-policy input PM_Loc_B_to_Loc_A
channel-group 1 mode active
interface TenGigabitEthernet0/0/1
description router B connection
no ip address
service-policy input PM_Loc_B_to_Loc_A
channel-group 1 mode active
02-28-2019 05:44 AM
02-28-2019 06:10 AM
Hello,
what are Router A and Router B (e.g. Cisco 4331s) and what IOS version are you running ?
02-28-2019 06:21 AM
Hi,
They are ASR 1001-X and is running bootflash asr1001x-universalk9.03.16.03.S.155-3.S3-ext.SPA.bin
Thanks
Neil
02-28-2019 06:38 AM
Hello,
here is your answer:
Restrictions for Traffic Policing
Traffic policing can be configured on an interface or a subinterface.
Traffic policing is not supported on the EtherChannel interfaces.
02-28-2019 08:14 AM
So I am not sure I follow, the actual policer is applied to the physical interfaces. So are we saying that because those interfaces are part of a etherchannel you cannot apply a policer?
02-28-2019 08:43 AM
02-28-2019 09:01 AM
Hello,
try and replace:
police 150000000 conform-action transmit exceed-action drop
with
shape average percent 15 be 300 ms bc 400 ms
Policing is usually not a good idea anyway, since it will more or less abruptly cut off excess traffic, while shaping smoothes traffic bursts out much better...
02-28-2019 03:19 PM - edited 03-01-2019 02:46 AM
Hello
As you are more concerned about the dc link utilization remove the policing from the switch to router PC and apply CBWFQ/ shaping egress on the wan router egress PC’s links
This way in time of congestion classified egress traffic will be shaped accordingly to 150mb but not dropped and the dc link would be to also have an allocated CIR value applied with weighted fair queuing providing some degree of fairness to default traffic
Happy to provide Hqos example if need be
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide