05-28-2018 12:15 AM - edited 03-08-2019 03:09 PM
Looking for some advice regarding Policing traffic.
We have 6509 switches at one site that connect to 3750 switches at another site via a 100Mb/s link.
police bps burst-normal burst-max conform-action action exceed-action action violate-action action
I was looking to limit the backup traffic that we send over this link to a max of 95Mb/s, to ensure that I have 5Mb/s free for other traffic (firewall failover).
I read something that Cisco recommends the following
normal burst = configured rate * (1 byte)/(8 bits) * 1.5 seconds
extended burst = 2 * normal burst
So basing it on this I configured the policing like so
police 95000000 17812 35625 conform-action transmit exceed-action drop violate-action drop
However the switch changed this to
police 95000000 47500 35625 conform-action transmit exceed-action drop violate-action drop
I can see the following
show mls qos ip fa9/47
[In] Default. [Out] Policy map is Policy_Commvault
QoS Summary [IPv4]: (* - shared aggregates, Mod - switch module)
Int Mod Dir Class-map DSCP Agg Trust Fl AgForward-By AgPoliced-By
Id Id
-----------------------------------------------------------------------------------
Fa9/47 6 In Default 0 0* No 0 518833477507 0
Fa9/47 6 Out Class_Comm 0 1 -- 0 501275078239 7279440743
The problem I have is that when I look at the traffic on the other end of the link it is reaching 98Mb/s so it appears that the policing isn't working properly.
Any ideas what I am doing wrong ?
Solved! Go to Solution.
05-28-2018 04:02 AM
Hello,
the first number is in bits, the second and third is in bytes. The math is still the same:
policed rate 95000000
normal burst (in bytes): 95000000/8 * 1.5 = 17812500
excess burst (normal burst * 2)) = 35625000
The limits are platform dependent, so in your case, 32000000 for the excess burst is close enough to the 'real' value.
Either way, did that make a difference with regard to limiting your rate to 95MB ?
05-28-2018 12:38 AM
Hello,
the burst/extended burst values you have originally configured look extremely low. Try these:
police 95000000 17812500 35625000
05-28-2018 01:35 AM
extended burst (be) must be between 1000 and 32000000 for this interface
Configuration failed!
So I changed it to this
police 95000000 17812500 32000000 conform-action transmit exceed-action drop violate-action drop
The reason I had it the way I had it originally as I thought the first number was in bps, but the second and third numbers were in bytes
05-28-2018 04:02 AM
Hello,
the first number is in bits, the second and third is in bytes. The math is still the same:
policed rate 95000000
normal burst (in bytes): 95000000/8 * 1.5 = 17812500
excess burst (normal burst * 2)) = 35625000
The limits are platform dependent, so in your case, 32000000 for the excess burst is close enough to the 'real' value.
Either way, did that make a difference with regard to limiting your rate to 95MB ?
05-28-2018 04:11 AM
Thanks for explaining it.
I will let you know. There is no a lot of traffic going over the link at present.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide