11-28-2020 03:22 AM
Hello,
I'm looking for the best practices to limit user throughput on interface/vlan connected behind Catalyst 3750X.
What can you advise me ?
Currently I use the following configuration to limit the port of the vlan50 on the 3750X-12S-E (See diagram 1):
interface GigabitEthernet1/0/5 description VLAN50 switchport access vlan 50 switchport nonegotiate srr-queue bandwidth limit 50 service-policy input RATE_500Mbps ! policy-map RATE_500Mbps class class-default police 500000000 1000000 exceed-action drop !
11-28-2020 06:16 AM
Best practice, I would say, would not to limit a user's bandwidth.
What your doing should do the trick on a 3750, although you're shaping egress and policing ingress, behavior is a bit different between the two, but I believe that's what you stuck with on that platform.
11-28-2020 06:53 AM
Hi Joseph,
Best practice, I would say, would not to limit a user's bandwidth.
Disagree with you! There are cases where it is required to have a controlled bandwidth...
What your doing should do the trick on a 3750, although you're shaping egress and policing ingress, behavior is a bit different between the two, but I believe that's what you stuck with on that platform.
OK ! On the ASR it is not possible to rate-limit if I understood correctly.
On 3750 how do you determine the correct value of "Normal burst bytes" ?
11-28-2020 02:20 PM
"There are cases where it is required to have a controlled bandwidth..."
I agree, in fact, while responding I almost added that as an "except for". But, that should be more on the abnormal side. Otherwise, if restricting bandwidth to users was a typical need, there would not be much need for the growth of access ports from shared 10 Mbps to switched 10g. If you consider such a need, rate limiting users, the exception, you might now agree it is not a "best practice", and because an exceptional need is often unique too. Again, to be clear, I didn't intend to imply there's no need, just that it's not a best practice. (Of course, feel free to disagree with this too. It's only my not so IMHO - laugh.)
On an ASR, you find you should be able to police ingress or egress.
How to determine "normal burst bytes", is the same whether a 3750 or not. What you what to emulate is an interface, of a certain bandwidth, with a certain FIFO queue size. I.e. given the same traffic, you will obtain the same egress transit volume (although not the same egress transit results).
There might be some calculation to compute such, but if so, I'm unaware of it.
Usually, we just go for some target Tc value, usually in the range of 10 to 25ms.
Here's some information, you might start with, on calculating Bc:
11-30-2020 04:05 AM
@Joseph W. Doherty wrote:"There are cases where it is required to have a controlled bandwidth..."
I agree, in fact, while responding I almost added that as an "except for". But, that should be more on the abnormal side. Otherwise, if restricting bandwidth to users was a typical need, there would not be much need for the growth of access ports from shared 10 Mbps to switched 10g. If you consider such a need, rate limiting users, the exception, you might now agree it is not a "best practice", and because an exceptional need is often unique too. Again, to be clear, I didn't intend to imply there's no need, just that it's not a best practice.
I completely agree with you on this
On an ASR, you find you should be able to police ingress or egress.
Yes you have to use a policy-map. With an ISR I can directly use the rate-limit input / output command which is not possible on the ASR ...
How to determine "normal burst bytes", is the same whether a 3750 or not. What you what to emulate is an interface, of a certain bandwidth, with a certain FIFO queue size
On routers, I use the following formula for NB: CAR x (1/8) x1.5
On 3750 this value of NB it'is not possible, 1000000 bytes is the max.
Now I use 200 Mbps Bandwidth Limit, 5 ms Burst Duration = 200 000 0000 x 0.005 / 8 = 125 000 bytes for NB
policy-map 200M class class-default police 200000000 125000 exceed-action drop
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide