08-13-2015 01:39 AM - edited 03-08-2019 01:20 AM
Hello All
I trying to configure a vlan based QoS and an egress policy on my 3750 switch.
I have done the same thing on 3850 which can implement the both features.
In my case, I have deployed the same vlan (ISCSI network) on my 2 datacenters and I need to police the mutualized level 2 link.
So, on the 3850, I have done this :
class-map CM_DC_vlan50
match vlan 50
exit
policy-map PM_DC_vlan50
class CM_DC_vlan50
police 400000 conform-action transmit exceed-action drop
exit
exit
exit
interface g2/0/43
service-policy output PM_DC_vlan50
exit
In this test configuration, I have configured only 400 Kbps. I have tested it and everything works well.
I want to do the same thing on the 3750 but I can't because the 2 features are not supported, class-map based on vlan and egress policy (Feature Detail Comparison Table link : http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/118629-technote-qos-00.html#anc7)
I think about a solution-like for the "egress policy" using the srr feature (srr-queue bandwidth limit or/and srr-queue bandwidth) applied to the egress port but I did't any solution for class-mapped the vlan.
If someone can help to see or find a solution
Have a nice day
Best Regards
Matt
Solved! Go to Solution.
08-17-2015 04:28 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Matt, you may have misunderstood what I wrote.
What I suggested was you tag ingress traffic, on the VLAN of interest, and then, on egress, you match that special tag.
I'm also aware of the interface bandwidth limit command, but that command slows ALL traffic that egresses that interface, not just traffic of interest. (It's also a bit inexact, i.e. your 50% might not be 50%.) So, I also suggested using an egress queue shaper to shape the specially tagged traffic.
Of course, I might have misread your OP, I understood you just wanted to shape just VLAN 50 traffic. If the egress is just VLAN 50 traffic, then limiting the bandwidth of the port makes sense, although again, it's a bit inaccurate.
08-13-2015 05:49 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Perhaps if you class-map match and specially tag VLAN 50 traffic on ingress than you can map that traffic to one of the 3750's four egress queues and shape limit it. 3750 egress interface shaping probably won't drop exactly like the 3850's policer, but overall traffic bandwidth is still controlled. (Unless you have a really good reason to cap VLAN 50 traffic, I would suggest using the egress share feature instead. That way you limit VLAN 50's bandwidth if there is congestion, but don't preclude it from using otherwise available bandwidth.)
08-17-2015 02:06 AM
Hello Joseph
On the 3750, thanks for your reply.
You can't match the class-map to vlan on 3750, this is not supported. The only solution that I have found is to used the srr-queue bandwidth limit.
You have to configure the speed of the port. The srr-queue used the speed configuration value to calculate the limit. After you have to configure the bandwidth percentage that you want to used .
In my case, the configuration works weel (iperf tests that I have made) :
interface GigabitEthernet1/0/23
speed 100
srr-queue bandwidth limit 50
end
In this case, I limit the bandwidth to 50 Mbit/s
Thanks for your help.
Matt
08-17-2015 04:28 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Matt, you may have misunderstood what I wrote.
What I suggested was you tag ingress traffic, on the VLAN of interest, and then, on egress, you match that special tag.
I'm also aware of the interface bandwidth limit command, but that command slows ALL traffic that egresses that interface, not just traffic of interest. (It's also a bit inexact, i.e. your 50% might not be 50%.) So, I also suggested using an egress queue shaper to shape the specially tagged traffic.
Of course, I might have misread your OP, I understood you just wanted to shape just VLAN 50 traffic. If the egress is just VLAN 50 traffic, then limiting the bandwidth of the port makes sense, although again, it's a bit inaccurate.
08-17-2015 04:28 AM
Hello Joseph
Sorry I have worked on your requirements but when I see my situation, only one flow on the egress interface, I don't work on the ingress traffic.
You're totally true about the way to mark for ingress and policy or queuing on the egress.
Sorry but I didn't understand your syntax : "It's also a bit inexact, i.e. your 50% might not be 50%". In my case, on the egress interface, only 1 flow so the srr-queue limitation is only for the flow.
I'm agree with you, if I have more than 1 flow I must used srr-queue shaper.
Matt
08-17-2015 05:01 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
"Sorry but I didn't understand your syntax : "It's also a bit inexact, i.e. your 50% might not be 50%". In my case, on the egress interface, only 1 flow so the srr-queue limitation is only for the flow."
Laugh - it's now I who doesn't understand.
When I say the command is inexact that's because Cisco documents:
If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six.
Regarding number of flows, if there were indeed only one, it wouldn't matter much how you controlled it, but if more than one flow, then it depends whether flows are in different traffic classes. If they were all in the same traffic class, again just one shaper, for all the class traffic should work, but what have in mind is a traffic class for your VLAN 50 traffic and at least one more class for any non-VLAN 50 traffic.
If there's only one flow you're trying to control, can you not match a source/destination pair? Again, since you noted it was VLAN 50 traffic, I assumed there could be multiple flows.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide