Solved: policy-map Issue

G3000LEE · ‎12-10-2021

WS-C3650-12X48UR-E

Software Version: 16.9.4

The issue is related to the application of a new policy-map and it not been hit. The switch config is show below:

class-map match-all CTS

match access-group name CTS

class-map match-all PACEY

match access-group name PACEY

policy-map customer_vsx_bandwidth_limit

class CTS

police cir 350000000 bc 175000

conform-action transmit

violate-action drop

class PACEY

police cir 30000000 bc 5625000

conform-action transmit

violate-action drop

class class-default

policy-map customer_allocated_vsx

class class-default

bandwidth percent 100

queue-buffers ratio 100

service-policy customer_vsx_bandwidth_limit

policy-map default_buffer_que

class class-default

bandwidth percent 100

queue-buffers ratio 100

ip access-list extended CTS

permit ip any x.x.x.x x.x.x.x

permit ip x.x.x.x x.x.x.x any

deny ip any any

ip access-list extended PACEY

permit ip any host x.x.x.x

permit ip host x.x.x.x any

deny ip any any

(access list IP details hidden but set up with the correct addresses)

The new config is highlighted in bold.

The below show the PACEY map is not been hit but CTS is

TFM20-DIST-3650-B#show policy-map interface gi1/0/17

GigabitEthernet1/0/17

Service-policy output: customer_allocated_vsx

Class-map: class-default (match-any)

6494049035 packets

Match: any

Queueing

(total drops) 30174599

(bytes output) 4617005411418

bandwidth 100% (1000000 kbps)

queue-buffers ratio 100

Service-policy : customer_vsx_bandwidth_limit

Class-map: CTS (match-all)

6487482186 packets

Match: access-group name CTS

police:

cir 350000000 bps, bc 175000 bytes, be 175000 bytes

conformed 3339873693272 bytes; actions:

transmit

exceeded 102268355219 bytes; actions:

drop

violated 0 bytes; actions:

drop

conformed 39460000 bps, exceeded 509000 bps, violated 0000 bps

Class-map: PACEY (match-all)

0 packets

Match: access-group name PACEY

police:

cir 30000000 bps, bc 5625000 bytes, be 5625000 bytes

conformed 0 bytes; actions:

transmit

exceeded 0 bytes; actions:

drop

violated 0 bytes; actions:

drop

conformed 0000 bps, exceeded 0000 bps, violated 0000 bps

Class-map: class-default (match-any)

6566849 packets

Match: any

Any help would be appreciated

G3000LEE · ‎12-17-2021

I also lab it on a router and it's working but not on a switch. This is an issue with a customer so there must be something they're not doing right or a bug.

I have access to just about every bit of hardware, so I will lab it up on the same switch and software to see if I get the same result

View solution in original post

pman · ‎12-10-2021

Hi,

Did you make sure that the source ip that configured in PACEY ACL actually transmits data through GigabitEthernet1/0/17 in out direction?

i have checked it and i got hits:

Router#show policy-map interface gigabitEthernet 0/2 | b PACEY
Class-map: PACEY (match-all)
1363 packets, 154937 bytes
5 minute offered rate 5000 bps, drop rate 0000 bps
Match: access-group name PACEY
police:
cir 30000000 bps, bc 5625000 bytes, be 5625000 bytes
conformed 1363 packets, 154937 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 5000 bps, exceeded 0000 bps, violated 0000 bps

Class-map: class-default (match-any)
3698 packets, 418292 bytes
5 minute offered rate 5000 bps, drop rate 0000 bps
Match: any

G3000LEE · ‎12-10-2021

we have merged these into one policy by creating a single ‘service-policy output customer_allocated_vsx’, in which that policy is a Parent/Child QOS setup?

So we now have policy map ‘customer_allocated_vsx’ as the PARENT which has policy map ‘customer_vsx_bandwidth_limit’ as the CHILD containing the two classes (CTS and PACEY)

policy-map customer_vsx_bandwidth_limit

class CTS

police cir 350000000 bc 175000

conform-action transmit

violate-action drop

class PACEY

police cir 30000000 bc 5625000

conform-action transmit

violate-action drop

class class-default

policy-map customer_allocated_vsx

class class-default

bandwidth percent 100

queue-buffers ratio 100

service-policy customer_vsx_bandwidth_limit

policy-map default_buffer_que

class class-default

bandwidth percent 100

queue-buffers ratio 100

interface GigabitEthernet1/0/17

description XXXXXX ETH3

switchport trunk allowed vlan 513

switchport mode trunk

switchport nonegotiate

load-interval 30

no cdp enable

no snmp trap link-status

spanning-tree portfast trunk

spanning-tree bpduguard enable

service-policy output customer_allocated_vsx

end

Can you please get them to clarify why this Parent/Child relationship is not correct/working and provide a quick example of how it should be created?

G3000LEE · ‎12-11-2021

Yes, it has been tested but now the Policy config has changed and I have updated the post.

G3000LEE · ‎12-17-2021

I also lab it on a router and it's working but not on a switch. This is an issue with a customer so there must be something they're not doing right or a bug.

I have access to just about every bit of hardware, so I will lab it up on the same switch and software to see if I get the same result