Solved: Help : Can I limit ingress bandwidth with policing on 2960S ?

jjeong · ‎08-06-2019

Hello Guys,

Would u help me any tip or wise mention further detail config is better.

I wondering, Ingress Traffic handling is possible for 2960s ?
I just want to limit E/Ingress Traffic Bandwidth limit.

current config is below,

mls qos

access-list 199 permit ip any any

class-map match-all 150m
match access-group 199

policy-map 150-limit
class 150m
police 150000000 500000 exceed-action drop (don't know exactly calculate Bursting size, so I just took it as big as 500000)

interface GigabitEthernet1/0/31
srr-queue bandwidth limit 20 ( it works for egress I know)
service-policy input 150-limit

Egress is good, but can't handling Ingress.

I don't care CoS or any Priority, just limit bandwidth just as 150Mbps or 250Mbps like some.

below is iperf3 result

[ 5] 0.00-1.00 sec 2.27 MBytes 19.0 Mbits/sec
[ 5] 1.00-2.00 sec 2.82 MBytes 23.6 Mbits/sec
[ 5] 2.00-3.00 sec 2.28 MBytes 19.1 Mbits/sec
[ 5] 3.00-4.00 sec 2.22 MBytes 18.6 Mbits/sec
[ 5] 4.00-5.00 sec 2.15 MBytes 18.0 Mbits/sec
[ 5] 5.00-6.00 sec 2.19 MBytes 18.4 Mbits/sec
[ 5] 6.00-7.00 sec 2.18 MBytes 18.3 Mbits/sec
[ 5] 7.00-8.00 sec 2.17 MBytes 18.2 Mbits/sec
[ 5] 8.00-9.00 sec 2.22 MBytes 18.6 Mbits/sec
[ 5] 9.00-10.00 sec 2.36 MBytes 19.8 Mbits/sec
[ 5] 10.00-10.04 sec 0.00 Bytes 0.00 bits/sec

ISO is

C2960S-UNIVERSALK9-M, Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)

Someone help me ?

Thanks in advance u guys assistance in this matter

jjeong · ‎08-06-2019

Hello Dave, Thank you for your reply,

police 150000000 500000 exceed-action drop

Dave, you didn't mean both of numbers divide by 8 for byte ? did u ?

So, It is

police 150000000 18750000 exceed-action drop

for the ingress for 150mbps. (I want to)

hm,,, some wired,

on 2960s

Burst size max is 1000000

below is my 2960s CLI

7F_SW3(config-pmap-c)#police 150000000 ?
<8000-1000000> Normal burst bytes

Guess it gonna be mystery some.

Thank you

any further info plz ?

View solution in original post

dbeattie · ‎08-07-2019

Checking the command reference for the 2960S I see:

police rate-bps burst-byte [ exceed-action { drop | policed-dscp-transmit }]

Where:

rate-bps	Specify the average traffic rate in bits per second (b/s). The range is 1000000 to 1000000000.
burst-byte	Specify the normal burst size in bytes. The range is 8000 to 1000000.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/command/reference/2960ComRef/cli1.html#55494

So your command would be:

police 150000000 1000000 exceed-action drop

This will give you a sampling interval of around 50ms (8 x 1M/150M), which should be OK. To get a longer sampling interval you would have to use a router.

Hope this helps,

Dave

View solution in original post

dbeattie · ‎08-06-2019

Caveat - I have not done this on a 2960S.

In a lot of cases policing is listed in units of bytes per second, not bits - hence you need to divide your numbers by 8. This is as opposed to shaping that is usually in bits. I tend to remember it as "Police dog Bites".

Hope this helps,

Dave

jjeong · ‎08-06-2019

Hello Dave, Thank you for your reply,

police 150000000 500000 exceed-action drop

Dave, you didn't mean both of numbers divide by 8 for byte ? did u ?

So, It is

police 150000000 18750000 exceed-action drop

for the ingress for 150mbps. (I want to)

hm,,, some wired,

on 2960s

Burst size max is 1000000

below is my 2960s CLI

7F_SW3(config-pmap-c)#police 150000000 ?
<8000-1000000> Normal burst bytes

Guess it gonna be mystery some.

Thank you

any further info plz ?

dbeattie · ‎08-07-2019

Checking the command reference for the 2960S I see:

police rate-bps burst-byte [ exceed-action { drop | policed-dscp-transmit }]

Where:

rate-bps	Specify the average traffic rate in bits per second (b/s). The range is 1000000 to 1000000000.
burst-byte	Specify the normal burst size in bytes. The range is 8000 to 1000000.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_53_se/command/reference/2960ComRef/cli1.html#55494

So your command would be:

police 150000000 1000000 exceed-action drop

This will give you a sampling interval of around 50ms (8 x 1M/150M), which should be OK. To get a longer sampling interval you would have to use a router.

Hope this helps,

Dave

jjeong · ‎08-07-2019

Thx for the reply Dave, But it Wouldn't work (but I select your answer)
just burst size different between you and me.

By the way,

It looks broken,

the traffic already changed into narrow size than before when I put the 'mls qos' in global mode without any config.

paul driver · ‎08-07-2019

Hello

My understanding for a router the Bc value for policing is calculated as below but obviously the switch is a bit different

CIR/32
or
CIR/0.25/8

So 150MB CIR
BC= 150MB/32
150000000/32 =4687500

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

jjeong · ‎08-07-2019

Hello Paul,
Yes quite a bit diff.

traffic *1.5/8 = xxx bytes is bc on switch.

Btw, thank you for the reply Paul.