Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1480
Views
0
Helpful
3
Replies

Rate-limiting on BVI Interface (ASR9001) - Multiple Customers

Go to solution
Dominique Demore
Level 1
Level 1

‎10-24-2016 04:09 PM

Hi Everyone,

I am wondering if someone might be able to shed some light on what I am missing to get the following configuration up and running for one of our Customers.

Scenario: Customer has an ASR9001-S which is doing all the core routing for their business internet customers and they are trying to rate limit each customer to their respective SLA. All the customers are part of a single BVI instance (BVI200) as an example which has a /25 configured. Each customer will receive 1-3 addresses from this /25. 

Ideally I would like to have a BVI for each customer, but unfortunately, this isn't possible with their currently IPv4 allocation which is why it is built this way.

I was thinking of the following, but I get some errors when I apply the service-policy to the BVI.

ipv4 access-list Customer_A-v4_10Mbps remark *** Customer A IPv4 10Mbps Symmetrical Service ***
ipv4 access-list Customer_A-v4_10Mbps permit ipv4 a.b.c.d/32 any
!
ipv6 access-list Customer_A-v6_10Mbps remark *** Customer A IPv6 10Mbps Symmetrical Service ***
ipv6 access-list Customer_B-v6_10Mbps permit ipv6 x:x:x:x::/64
!
ipv4 access-list Customer_B-v4_20Mbps remark *** Customer B IPv4 20Mbps Symmetrical Service ***
ipv4 access-list Customer_B-v4_20Mbps permit ipv4 e.f.h.i/32 any
!
ipv6 access-list Customer_B-v6_20Mbps remark *** Customer B IPv6 20Mbps Symmetrical Service ***
ipv6 access-list Customer_B-v6_20Mbps permit ipv6 x:x:x:x:/64
!

class-map match-any Customer_B_10Mbps
match access-group ipv4 Customer_B-v4_10Mbps
match access-group ipv6 Customer_B-v6_10Mbps
end-class-map
!
class-map match-any Customer_B_20Mbps
match access-group ipv4 Customer_B-v4_20Mbps
match access-group ipv6 Customer_B-v6_20Mbps
end-class-map
!

policy-map Business_Internet
class Customer_A_10Mbps
shape average 10 mbps
bandwidth 10 mbps
!
class Customer_B_20Mbps
shape average 20 mbps
bandwidth 20 mbps
!
class class-default
 shape average 5 mbps
 bandwidth 5 mbps
!

I've also tried to create it with a parent/child policy-map but I get the same errors listed below:

interface BVI200
service-policy output Business_Internet
!!% 'qos-ea' detected the 'warning' condition 'Queueing actions are not supported on BVI/GRE virtual interface'
!

interface BVI200
service-policy input Business_Internet
!!% 'qos-ea' detected the 'warning' condition 'Ingress queueing features is not supported on this line card'
!

Has anyone done something similar to this. Unfortunately, this will be a dynamic policy-map which will grow/shrink as customers are added/removed. 

I am also looking at applying shaping on the customer facing port, however there will be some instances where this won't be possible due to multiple customers being services by a single demarc switch..

Thoughts/Comments/Suggestions.

Thanks.

--Dominique

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
smailmilak
Level 4
Level 4

‎10-24-2016 11:30 PM

Hi Dominique,

have you tried with policing instead of shaping? Shaping on BVI intf is not supported.

I remember that we tried to do some policing on a Trident LC and it was not supported, only on Typhoon. ASR9001-S has Typhoon HW (Enhanced Ethernet Linecard) as far I know. 

You can also try this link. I remember that we had to use qos-group even on ME3600 because of some HW limitations.

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/qos/configuration/guide/b_qos_cg52xasr/b_qos_cg52xasr_chapter_0101.html

"Queuing can be performed by marking the qos-group and then adding a interface policy that matches the qos-group."

View solution in original post

0 Helpful
3 Replies 3

Go to solution
smailmilak
Level 4
Level 4

‎10-24-2016 11:30 PM

Hi Dominique,

have you tried with policing instead of shaping? Shaping on BVI intf is not supported.

I remember that we tried to do some policing on a Trident LC and it was not supported, only on Typhoon. ASR9001-S has Typhoon HW (Enhanced Ethernet Linecard) as far I know. 

You can also try this link. I remember that we had to use qos-group even on ME3600 because of some HW limitations.

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-2/qos/configuration/guide/b_qos_cg52xasr/b_qos_cg52xasr_chapter_0101.html

"Queuing can be performed by marking the qos-group and then adding a interface policy that matches the qos-group."

0 Helpful

Go to solution
Dominique Demore
Level 1
Level 1
In response to smailmilak

‎10-25-2016 12:55 PM

I'll give this a shot later tonight. I thought about policing but didn't test it. I'll also read up on qos-groups and let you know how it goes tomorrow afternoon.

Thanks.

--Dominique

0 Helpful

Go to solution
Dominique Demore
Level 1
Level 1
In response to smailmilak

‎10-27-2016 08:52 AM

I changed it over using police instead of shape and the errors are no longer given when applying the policy-map. I'll be testing it out next week to confirm things are being rate-limited as expected.

Another option I was also thinking about was to apply the service-policy on the sub-interface as well.

Thanks again for the help.

--Dominique

0 Helpful
Customers Also Viewed These Support Documents