cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
599
Views
0
Helpful
8
Replies
ibrunello
Beginner

L2 policing on cat6500 L2 interface

I need to police ingress traffic on a layer2 ("switchport") interface.

Traffic is raw ethernet, so only L2 policying is usable.

Cat6500

Sup 720

Native mode

IOS 12.2(18)SXF13 adv enterprise

Already read config guides, but it takes a while to understand all concepts.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1750716

Any sample config, to make me understand better the concepts?

TIA

Ivan

1 ACCEPTED SOLUTION

Accepted Solutions

Yep - but I suggest you review the numbers:-

50000000 - 50 megabits per second

1562500 - 1.4 megabits per second

The burst size should be x 2 the CIR - otherwise you will never reach the CIR and you will experiance TCP global synchronization.

HTH>

View solution in original post

8 REPLIES 8
andrew.prince
Advocate

From the URL:-

This is the modified IPPHONE-PC policy map, which includes the police command:

policy-map IPPHONE-PC

class CLASSIFY-OTHER

police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop

These are the police command parameters:

•The 50000000 parameter defines the committed information rate (CIR) for traffic allowed in this traffic class. This example configures the CIR to be 50 Mbps.

•The 1562500 parameter defines the CIR burst size for traffic in this traffic class; this example uses a default maximum burst size. Set the CIR burst size to the maximum TCP window size used on the network.

•The conform action keywords define what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is below the 50-Mbps rate. In this example, set-dscp-transmit default applies DSCP 0 to those packets.

•The exceed action defines what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is above the 50 Mbps CIR. In this example, exceed action drop drops those packets.

The MQC is quite clear, and I used to apply on routed traffic.

My problem is with definition of class-map.

How can I set "match everything" clause?

the outlined class use an acl matching "IP any any", but I'm not sure the traffic is all pure IPv4 (maybe some IPv6, or some pure ether frames).

any hint?

That is the "class default"

Anything else that has not been defined and does not match a class = class default.

then, using the standard MQC syntax:

policy-map IPPHONE-PC

class class-default

police 50000000 1562500 conform-action transmit exceed-action drop

and then apply to interface.

right?

Yep - but I suggest you review the numbers:-

50000000 - 50 megabits per second

1562500 - 1.4 megabits per second

The burst size should be x 2 the CIR - otherwise you will never reach the CIR and you will experiance TCP global synchronization.

HTH>

View solution in original post

ok.

this is a good start.

will play with the aggregate policers at later stage.

Thank you.

Ivan

np - glad to help

according to Cisco docs, the second parameter is in bytes, not bits.

as a rule of the thumb, I usually set the burst BYTE value as 1.5 bits value, so I have a quite big burst cache.