Re: [c-nsp] policy-maps on dCEF platforms

Thu, 10 Jun 2010 17:43:32 -0700 

Hi Tony & all,
There is no difference in behavior in any aggregate policer (named, shared, whatever) from the point of view of the enforcement point - ie, it is the *ingress* fwding engine (FE) that calculates the rate & performs the policing independently, for both ingress & egress policing. 


Thus if you have multiple FEs (as in the case of using DFCs), then 
you have multiple possible enforcement points and the aggregate 
allowed rate can be as high as <configured-rate> * <number-of-FEs>


Hope that helps,
Tim



At 04:15 PM 6/10/2010, Tony mused:


The 7600 Software Config Guide contains the relevant section on 
aggregate policers:


<http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923>http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/qos.html#wp1571923


I'm not sure if it will do what you want, but certainly worth a try 
to see what happens. I've just read it 3-4 times and my head hurts.




regards,
Tony.


--- On Fri, 11/6/10, Mack McBride <mack.mcbr...@viawest.com> wrote:

From: Mack McBride <mack.mcbr...@viawest.com>
Subject: Re: [c-nsp] policy-maps on dCEF platforms

To: "Artyom Viklenko" <ar...@aws-net.org.ua>, 
"cisco-nsp@puck.nether.net" <cisco-nsp@puck.nether.net>

Received: Friday, 11 June, 2010, 2:29 AM


DFC line cards will rate limit independently of the PFC rate 
limiting (CFC line cards).
Software switched traffic will also be rate limited separately from 
DFC and PFC switched traffic.
This is true for all rate limited traffic including Control Plane 
Policing traffic.
You may get better results from a named aggregate policer which 
should all go through the PFC
but there may be caveats and I can't guaranty this will do what you 
want as the only documentation

is 6500 specific.

<http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml>http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml

If someone has a 7600 link please post it.

LR Mack McBride
Network Architect
Viawest, Inc.

-----Original Message-----

From: cisco-nsp-boun...@puck.nether.net 
[<mailto:cisco-nsp-boun...@puck.nether.net>mailto:cisco-nsp-boun...@puck.nether.net] 
On Behalf Of Artyom Viklenko

Sent: Wednesday, June 09, 2010 11:30 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] policy-maps on dCEF platforms

Hi, All!

I have the folowing porblem on Cisco 7600 with RSP720-3CXL-GE.
IOS 12.2(33)SRD4 Advanced IP Services

 From config:

!
policy-map xxxxxx
   class class-default
     police cir 10240000 bc 1920000 be 3840000
      conform-action transmit
      exceed-action drop
      violate-action drop
!
!
interface VlanYYY
  description Some Customer
  ip address x.x.x.x 255.255.255.252
  no ip redirects
  ip flow ingress
  no snmp trap link-status
  service-policy input xxxxxx
  service-policy output xxxxxx
end
!

Before upgrade we has only CFC-capble line cards in it
(WS-X6748-SFP, WS-X6704-10GE) and actual rate on customers
interfaces was according policy-maps.

Recently 4-port 10G card WS-X6704-10GE was replaced by
WS-X6708-10GE with DFC (WS-F6700-DFC3CXL).

Incoming traffic comes via CFC line cards and via this
10GE DFC line card. So, on customer interface we have
some time nearly doubled rate.

I have read some docs on cisco.com and found explanation
how policyng works in such situation - each DFC-capable
linecard process service policy independently on ingress.

#sh policy-map int vlan YYY
...
   Service-policy output: xxxxxx

     class-map: class-default (match-any)
       Match: any
       police :
         10240000 bps 1920000 limit 1920000 extended limit
       Earl in slot 2 :
         108929538743 bytes
         5 minute offered rate 72568 bps
         aggregate-forwarded 108895170086 bytes action: transmit
         exceeded 34368657 bytes action: drop
         aggregate-forward 65368 bps exceed 0 bps
       Earl in slot 5 :
         252903936350 bytes
         5 minute offered rate 101144 bps
         aggregate-forwarded 252600188727 bytes action: transmit
         exceeded 303747623 bytes action: drop
         aggregate-forward 56304 bps exceed 0 bps
#


I try add command mls qos bridged but it doesn't help.

So the question is: Is it possible in some way to solve such
situation and control egress rate to customers with DFC line
cards?

Still trying to find any hints in Google... without success. :(

Thanks in advance!


--
            Sincerely yours,
                             Artyom Viklenko.
-------------------------------------------------------

ar...@aws-net.org.ua | 
<http://www.aws-net.org.ua/~artem>http://www.aws-net.org.ua/~artem

ar...@viklenko.net   | ================================

FreeBSD: The Power to 
Serve   -  <http://www.freebsd.org>http://www.freebsd.org






_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
<https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at 
<http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/





Tim Stevenson, tstev...@cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.


_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






















					Reply via email to