Solved: Aggregate Policing

Fraser Reid · ‎11-25-2010

Hello All

I have the following configured on a 3750 stack

mls qos aggregate-policer slowdownagg 2000000 78125 exceed-action drop
!
class-map match-any slowdown
match access-group name slowthese
!
!
policy-map slowdown
class slowdown
police aggregate slowdownagg
!
ip access-list extended slowthese

deny ip 10.145.74.0 0.0.0.255 10.144.210.0 0.0.0.64
deny ip 10.145.75.0 0.0.0.255 10.144.210.0 0.0.0.64
deny ip 10.145.108.0 0.0.0.255 10.144.210.0 0.0.0.64
deny ip 10.145.127.0 0.0.0.255 10.144.210.0 0.0.0.64
deny ip 10.144.210.0 0.0.0.64 10.145.74.0 0.0.0.255
deny ip 10.144.210.0 0.0.0.64 10.145.75.0 0.0.0.255
deny ip 10.144.210.0 0.0.0.64 10.145.108.0 0.0.0.255
deny ip 10.144.210.0 0.0.0.64 10.145.127.0 0.0.0.255
permit tcp any any eq 1352
permit tcp any any eq 8080
deny ip any any

the service-policy is on the UPLINK Trunks (Etherchannel Trunks)

the deny should allow certain subnets to run at full speed on all ports

the permit is showing then that all orhter subnets need to be limited

and although traffic is running that should be caught by the ACL in the Class-Map nothing is being seen........

Switch#sho policy-map interface gi1/0/25 input
GigabitEthernet1/0/25

Service-policy input: slowdown

    Class-map: slowdown (match-any)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: access-group name slowthese
        0 packets, 0 bytes
         rate 0 bps

    Class-map: class-default (match-any)
      0 packets, 0 bytes
       offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
         rate 0 bps

where am I going wrong ?

Config from this port is......

Current configuration : 182 bytes
!
interface GigabitEthernet1/0/25
description Etherchannel Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
service-policy input slowdown
end

Thanks

Jon Marshall · ‎11-25-2010

Fraser

You are not necessarily doing anything wrong. There is a well know issue with "sh policy-map" on the 3560/3750 ie. it doesn't work so you can't rely on it to give you any statistics.

Best you can get on these switches is "sh mls qos interface statistics"

Jon

View solution in original post

Jon Marshall · ‎11-25-2010

Fraser

You are not necessarily doing anything wrong. There is a well know issue with "sh policy-map" on the 3560/3750 ie. it doesn't work so you can't rely on it to give you any statistics.

Best you can get on these switches is "sh mls qos interface statistics"

Jon

Fraser Reid · ‎11-25-2010

Thanks John for your fast reply.....

I take it this is what you mean....( the last line)

DESTR01XGW001#sho mls qos int gi1/0/25 statistics
GigabitEthernet1/0/25

dscp: incoming
-------------------------------

0 - 4 : 1182350562            0            0            0           19
5 - 9 :           0            0            0            0            0
10 - 14 :           0            0            0            0            0
15 - 19 :           0            0            0            0            0
20 - 24 :           0            0            0            0     84546568
25 - 29 :           0           32            0            0            0
30 - 34 :           0            0            0            0            0
35 - 39 :           0            0            0            0            0
40 - 44 :           0            0            0            0            0
45 - 49 :           0    317527738            0       218064            0
50 - 54 :           0            0            0            0            0
55 - 59 :           0            0            0            0            0
60 - 64 :           0            0            0            0
dscp: outgoing
-------------------------------

0 - 4 : 1851694010            0            0            0          139
5 - 9 :           0            0            0            0            0
10 - 14 :       30975            0           24            0            0
15 - 19 :           0            0            0            3            0
20 - 24 :           0            0            0            0        24125
25 - 29 :           0         2760            0            0            0
30 - 34 :      364611            0            0            0            0
35 - 39 :           0            0            0            0            0
40 - 44 :          91            0            0            0            0
45 - 49 :           0      7799002            0     24171450            0
50 - 54 :           0            0            0            0            0
55 - 59 :           0       343523            0            0            0
60 - 64 :           0            0            0            0
cos: incoming
-------------------------------

0 - 4 : 1220437451 0 0 79763125 0
5 - 7 : 293958384 217744 16833
cos: outgoing
-------------------------------

0 - 4 : 1913100214            0            0        19960            0
5 - 7 :     8787715         4741        36260
Policer: Inprofile:        70493 OutofProfile:           56

Jon Marshall · ‎11-25-2010

Fraser

Yes, this shows that policing is actually occuring regardless of what the policy-map says.

Jon

Fraser Reid · ‎11-25-2010

Thanks a lot Jon.

I just need to get my sums right now for the Burst rate.......hmmm....where is that PDF again.... :-)