Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
7
Replies

the application of "full-flow" in microflow policing

Go to solution
Eric.Wang
Level 1
Level 1

‎04-07-2009 06:22 AM - edited ‎03-06-2019 05:02 AM

we have two sites A and B. let us say IP ranges are 10/8 in A and 20/8 in B

I want to apply microflow policing on user/server port at site A, so that for this host at site A, let us say

1. allowe 1Mbps to host 20.10.10.10 at site B

2. allowe 1Mbps to host 20.11.11.11 at site B

basically the goal is to police EACH flow at 1Mbps to host range 20.x.x.x. NOT to police ALL flows at 1mbps

should I use key word "full-flow". does it mean each flow is identified as source/dest IP?

access-list 101 permit ip any 20.0.0.0 0.255.255.255

class-map 1m-eachflow

match access-group 101

policy-map per-flow-map

class 1m-eachflow

police flow mask full-flow 1000000 conform-action transmit exceed-action drop

interface range g1/1 -48

service-policy input per-flow-map

so will this work with "full-flow" keyword?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
7 Replies 7

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎04-07-2009 11:09 AM

In theory, that's how micro-flow policing works. With that said, what type of hardware this configuration is going to be implemented and IOS version?

__

Edison.

0 Helpful

Go to solution
Eric.Wang
Level 1
Level 1
In response to Edison Ortiz

‎04-07-2009 11:26 AM

12.2(18)SXF3 on SUP720

line card is WS-X6748-GE-TX or WS-X6548-GE-TX

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Eric.Wang

‎04-07-2009 11:38 AM

Be aware, when applying policers to a physical port in the 6500, you may run out of agg-ids. Best practice is to use vlan-based QoS but the drawback is that the policy must be the aggregated value of all participating ports.

For information on agg-ids issue, see this technote:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#qm_agg

HTH,

__

Edison.

0 Helpful

Go to solution
Eric.Wang
Level 1
Level 1
In response to Edison Ortiz

‎04-08-2009 05:26 AM

Edison:

thanks for the tip.

this error is only about Aggregate policers

correct? I am trying to implement microflow policer

some doc says sup720 can support 128K flows and 64 different rates.

what do you think?

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Eric.Wang

‎04-08-2009 05:38 AM

The error is misleading. It consumes agg-ids on any QoS applied to the physical port.

You can do a quick test and apply your configuration on 48 ports and then type the command:

show mls qos ip

and look under the Agg-ID column. Once you reach 1023, you are out of luck.

__

Edison.

0 Helpful

Go to solution
Eric.Wang
Level 1
Level 1
In response to Edison Ortiz

‎04-08-2009 08:09 AM

Edison:

great info. thanks

but other than this trick. my config. looks good for my desired operation???

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to Eric.Wang

‎04-08-2009 08:20 AM

Yes.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card