02-10-2019 12:10 AM - edited 03-08-2019 05:17 PM
Hi everyone,
I was solving problem with policing traffic a used this commands to set configuration on switch:
SW1(config)#policy-map Policy1
SW1(config-pmap)#class Class2
SW1(config-pmap-c)#police cir 4000000 conform-action transmit exceed-action drop
SW1(config)#interface GigabitEthernet 1/0/1
SW1(config-if)#service-policy input Policy1
But I have problem with receiving traffic rate, I transmitting 5000 kbps but I receiving 4640 kbps instead of 4000 kbps. Tha packets should be dropped. Thank you for your advice.
02-10-2019 01:36 AM
Hello,
what are you matching in your class ? The service policy cannot limit the incoming traffic originating from the outside. Where are you receiving more than 4K of traffic, the router, or some end device ?
Post the full config of your switch...
02-10-2019 05:13 AM
I'm sorry a forget post all config:
SW1(config)#class-map Class2
SW1(config-cmap)#match ip dscp af13
SW1(config)#policy-map Policy1
SW1(config-pmap)#class Class2
SW1(config-pmap-c)#police cir 4000000 conform-action transmit exceed-action drop
SW1(config)#interface GigabitEthernet 1/0/1
SW1(config-if)#service-policy input Policy1
I'm using generator/analyzer Spirent TestCenter1 which is generating traffic with DSCP value = AF13 (rate 5000 kbps) and I measure incoming traffic from this switch to analyzer.
02-10-2019 05:31 AM
Hello,
what I meant with full configuration was the full output of the command 'sh run'...can you post that ?
Where is the Traffic Generator located, on another subnet ? Post a schematic drawing of your topology including the IP addresses of the traffic generator and the switch interface you have the service policy configured on...
02-10-2019 05:40 AM - edited 02-10-2019 05:42 AM
Several possible answers, although I don't know if any might apply.
First, on some Cisco devices, I'm unsure policers count L2 or L3 bandwidth. If the Cisco switch is counting L3 and your test equipment is counting L2, the latter would be higher.
Second, there's the issue of what K is. I.e. 1,000 or 1,024. Such can throw off stats if one device is using "decimal" while the other device is using "binary". (If this is happening, if you can control frame size, the difference should decrease as frame size increases.)
Third, depending on Tc and frame sizes, and exactly how traffic is being placed on the wire, allowed bandwidth might vary.
Lastly (at least of the things that come to mind), Cisco's implementation might not be "precise" for some reason. For example, they mention on the original 3750 series that egress port limiting is rather inexact (which is likely due to ASIC limitations), although I don't recall a similar mention for ingress policing, perhaps there's hardware precision limitations.
02-10-2019 05:47 AM - edited 02-10-2019 06:18 AM
02-10-2019 05:29 AM
02-10-2019 05:43 AM
My follow up question was to see the topology as well as the full config of the switch...sorry for the misunderstanding. It is not clear, af least to me, where the traffic is coming from ( same or different subnet) and how it hits the interface with the applied service policy...
02-10-2019 05:48 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: