Shaping on a 3560 Switch Interface Port

dameon.boyle · ‎08-08-2011

Hi

We are about to deploy a failover firewall solution between two sites using a port based Etherfow connection between the site's, the Etherflow circuit has a 20Mbps port speed on a 100Mbps bearer. As an Etherflow circuit will need to be shaped to accomadate the lower port speed I have often in the past used routers on this type of circuit. However for this solution I need it to run at layer 2 to support the ASA failover. I currently have 3560's at each of the two site's but they do not support shaping in the format I would use on a router. Does anyone know of anyway to provide the same functionality on a switch port egress.

I thought I might be able to get round this by using a router with a switch port module as routers support shaping, I tried the following on an 877 which had switch ports and hence allowed the shape command but even though the switchport took the service-policy command, no matter how much data i put through the trunk it never throttled it back.

class-map match-all shaper

match access-group 150

!

policy-map shaped

class shaper

shape average 2000000

interface FastEthernet3

switchport mode trunk

service-policy output shaped

access-list 150 permit ip any any

I have also seen the following but have seen comments suggesting this does not work the same as shaping

Limiting the Bandwidth on an Egress Interface

You can limit the bandwidth on an egress port. For example, if a customer pays only for a small percentage of a high-speed link, you can limit the bandwidth to that amount.

Note The egress queue default settings are suitable for most situations. You should change them only when you have a thorough understanding of the egress queues and if these settings do not meet your QoS solution.

Beginning in privileged EXEC mode, follow these steps to limit the bandwidth on an egress port. This procedure is optional.


	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	interface interface-id	Specify the port to be rate limited, and enter interface configuration mode.
Step 3	srr-queue bandwidth limit weight1	Specify the percentage of the port speed to which the port should be limited. The range is 10 to 90. By default, the port is not rate limited and is set to 100 percent.
Step 4	end	Return to privileged EXEC mode.
Step 5	show mls qos interface [interface-id] queueing	Verify your entries.
Step 6	copy running-config startup-config	(Optional) Save your entries in the configuration file.

To return to the default setting, use the no srr-queue bandwidth limit interface configuration command.

This example shows how to limit the bandwidth on a port to 80 percent:

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# srr-queue bandwidth limit 80

Thanks for your help

Dameon Boyle

Jon Marshall · ‎08-08-2011

Dameon

It doesn't work the same as shaping because it is a hard limit so any packets that exceed that will be dropped. If you want shaping you can look at using shaped weights although it still not a direct comparison with shaping that you see on routers -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swqos.html#wp1163879

One possible reason you may have seen comments about it not working is that on switches like the 3560 it is not exact so the figure you put in is not necessarily the figure you get so some experimentation is need to get the desired result.

Note that with the "bandwidth limit" command you simly need to enable QOS and apply the command. With the "bandwith shape" command you may also need to map markings to queues depending on which markings are present in the packets when they reach the 3560. Or you could just not trust ingress port.

Jon