cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1487
Views
4
Helpful
5
Replies

3750 - Vlan based qos and egress policy

matthydras
Level 1
Level 1

Hello All

I trying to configure a vlan based QoS and an egress policy on my 3750 switch.
I have done the same thing on 3850 which can implement the both features.

In my case, I have deployed the same vlan (ISCSI network) on my 2 datacenters and I need to police the mutualized level 2 link.
So, on the 3850, I have done this :


class-map CM_DC_vlan50
 match vlan 50
exit

policy-map PM_DC_vlan50
 class CM_DC_vlan50
  police 400000 conform-action transmit exceed-action drop
  exit
 exit
exit

interface g2/0/43
service-policy output PM_DC_vlan50
exit

In this test configuration, I have configured only 400 Kbps. I have tested it and everything works well.

I want to do the same thing on the 3750 but I can't because the 2 features are not supported, class-map based on vlan and egress policy (Feature Detail Comparison Table link : http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3850-series-switches/118629-technote-qos-00.html#anc7)

I think about a solution-like for the "egress policy" using the srr feature (srr-queue bandwidth limit or/and srr-queue bandwidth) applied to the egress port but I did't any solution for class-mapped the vlan.

If someone can help to see or find a solution

Have a nice day

Best Regards

Matt

1 Accepted Solution

Accepted Solutions

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Matt, you may have misunderstood what I wrote.

What I suggested was you tag ingress traffic, on the VLAN of interest, and then, on egress, you match that special tag.

I'm also aware of the interface bandwidth limit command, but that command slows ALL traffic that egresses that interface, not just traffic of interest.  (It's also a bit inexact, i.e. your 50% might not be 50%.)  So, I also suggested using an egress queue shaper to shape the specially tagged traffic.

Of course, I might have misread your OP, I understood you just wanted to shape just VLAN 50 traffic.  If the egress is just VLAN 50 traffic, then limiting the bandwidth of the port makes sense, although again, it's a bit inaccurate.

View solution in original post

5 Replies 5

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Perhaps if you class-map match and specially tag VLAN 50 traffic on ingress than you can map that traffic to one of the 3750's four egress queues and shape limit it.  3750 egress interface shaping probably won't drop exactly like the 3850's policer, but overall traffic bandwidth is still controlled.  (Unless you have a really good reason to cap VLAN 50 traffic, I would suggest using the egress share feature instead.  That way you limit VLAN 50's bandwidth if there is congestion, but don't preclude it from using otherwise available bandwidth.)

Hello Joseph

On the 3750, thanks for your reply.
You can't match the class-map to vlan on 3750, this is not supported. The only solution that I have found is to used the srr-queue bandwidth limit.

You have to configure the speed of the port. The srr-queue used the speed configuration value to calculate the limit. After you have to configure the bandwidth percentage that you want to used .

 

In my case, the configuration works weel (iperf tests that I have made) :

interface GigabitEthernet1/0/23
 speed 100
 srr-queue bandwidth limit 50
end

 

In this case, I limit the bandwidth to 50 Mbit/s

Thanks for your help.

Matt

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Matt, you may have misunderstood what I wrote.

What I suggested was you tag ingress traffic, on the VLAN of interest, and then, on egress, you match that special tag.

I'm also aware of the interface bandwidth limit command, but that command slows ALL traffic that egresses that interface, not just traffic of interest.  (It's also a bit inexact, i.e. your 50% might not be 50%.)  So, I also suggested using an egress queue shaper to shape the specially tagged traffic.

Of course, I might have misread your OP, I understood you just wanted to shape just VLAN 50 traffic.  If the egress is just VLAN 50 traffic, then limiting the bandwidth of the port makes sense, although again, it's a bit inaccurate.

Hello Joseph

 

Sorry I have worked on your requirements but when I see my situation, only one flow on the egress interface, I don't work on the ingress traffic.
You're totally true about the way to mark for ingress and policy or queuing on the egress.

Sorry but I didn't understand your syntax : "It's also a bit inexact, i.e. your 50% might not be 50%". In my case, on the egress interface, only 1 flow so the srr-queue limitation is only for the flow.

I'm agree with you, if I have more than 1 flow I must used srr-queue shaper.

Matt

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

"Sorry but I didn't understand your syntax : "It's also a bit inexact, i.e. your 50% might not be 50%". In my case, on the egress interface, only 1 flow so the srr-queue limitation is only for the flow."

Laugh - it's now I who doesn't understand.

When I say the command is inexact that's because Cisco documents:

Usage Guidelines

If you configure this command to 80 percent, the port is idle 20 percent of the time. The line rate drops to 80 percent of the connected speed. These values are not exact because the hardware adjusts the line rate in increments of six.

Regarding number of flows, if there were indeed only one, it wouldn't matter much how you controlled it, but if more than one flow, then it depends whether flows are in different traffic classes.  If they were all in the same traffic class, again just one shaper, for all the class traffic should work, but what have in mind is a traffic class for your VLAN 50 traffic and at least one more class for any non-VLAN 50 traffic.

If there's only one flow you're trying to control, can you not match a source/destination pair?  Again, since you noted it was VLAN 50 traffic, I assumed there could be multiple flows.

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: