Rate Limiting on 7600

Unanswered Question
Jun 24th, 2008


I have a setup where 7606s are connected over an STM-1 SPA interface, following QoS is configured.

Class Maps:-

Ingress (UNI Interface):

class-map match-any Gold

match ip precedence 4

class-map match-any Bronze

match ip precedence 0 1

class-map match-any Platinum

match ip precedence 5

class-map match-any Silver

match ip precedence 2 3

Egress (POS Interface)

class-map match-all Gold-EXP

match mpls experimental topmost 4

class-map match-any Interface

match access-group name IP-ANY

class-map match-all Bronze-EXP

match mpls experimental topmost 0 1

class-map match-all Platinum-EXP

match mpls experimental topmost 4

class-map match-all Silver-EXP

match mpls experimental topmost 2 3

class-map match-all L2-VPN-EXP (For Layer 2 VPNs - not relevant here!!!)

match mpls experimental topmost 6

Policy Map for Priority in backbone STM-1:

policy-map WAN-OUT

class L2-VPN-EXP

priority 139000

class Platinum-EXP

bandwidth 4000

class Gold-EXP

bandwidth 3000

class Silver-EXP

bandwidth 2000

class Bronze-EXP

bandwidth 1000

Policy Map

policy-map Customer-A

class Platinum

police cir 1000000 bc 8000 conform-action transmit exceed-action drop violate-action d


class Gold

police cir 2000000 bc 8000 pir 3000000 be 8000

conform-action transmit

exceed-action transmit

violate-action drop

class Silver

police cir 1000000 bc 8000 pir 5000000 be 8000

conform-action transmit

exceed-action transmit

violate-action drop

class Bronze

police cir 1000000 bc 8000 pir 5000000 be 8000

conform-action transmit

exceed-action transmit

violate-action drop

I have applied WAN-OUT at POS interfaces "service policy WAN OUT"

While Customer_A Policy Map is on CPE/Tester connecting interface.

I am transmitting 10Mb IPP Tagged traffic for each traffic class, this is the pattern I see...

Platinum CIR is 1 Mb, but I get only 128 Kbps.

Gold is not reaching configured PIR.

Silver and Bronze are okay.

In some cases marking is not happening, even if I transmit IPP 5 it is queued under Bronze class...

Am i missing something... Please suggest...




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
n.nandrekar Tue, 06/24/2008 - 20:21

hi Sultan!

Can you please specify the ingress SIP and SPA where you are applying the ingress policy? Also could you give the config for the ingress interface where you are applying the policy?



sultan-shaikh Tue, 06/24/2008 - 23:22

Hi Niranjan..

As always thanks for your response...

Ingress SIP is SIP-400 and SPA is 2xGE, the config for the same is

interface gi1/1/0

mtu 1536

ip vrf forwarding

ip add ! Connected to the CPE/Tester

service policy input

Please let me know if you need further details.. Looking forward for a reply soon...




n.nandrekar Wed, 06/25/2008 - 01:14

hi Sultan!

I am sorry but I am unable to guess the reason here. The configuration seems fine.

How are you testing on the core side? do you have a actual core setup, or are you using ixia/spirent to simulate the core? If there is a core, are you sure there is no qos anywhere else which is affecting? But when you say that marking is not happening for some classes, it rules out this possibility. I know wan cards are trusted by default, but try configuring "mls wos trust dscp" on the main interface of ingress. if other traffic is getting marked, why shouldnt ipp5?

Another thing is that you will not be able to test PIR, as this will burst only for a fraction of sec till the accumulated bandwidth is utilized. So any trafic sent above CIR will be policed to CIR. only if u send trafic below cir for some time instances, that is accumulated and you are allowedto burst to PIR for the next time instance (which might not be possible to test... dont know how)



sultan-shaikh Wed, 06/25/2008 - 06:14

Hi Niranjan,

Yeah.. it is really unusual... this is a pretty simple setup with back to back connected 7600s, I have now changed the POS interface to STM-4 too thinking it might work in a different way... but no luck... as yet...

I am not clear about the PIR part you mentioned... can you please elaborate a little... AFAIK say GOLD will get entire configured PIR when no "other" class is being transmitted...


Will update here as soon as I make some headway on this...



n.nandrekar Wed, 06/25/2008 - 07:50


I am sorry, you are right, I got confused with the PIS in shaping / ATM cervice classes. In policing it should reach the pir as long as the exceed action is transmit. Sorry about the goof-up.

Can you isolate the problem whether its on the ingress policy or the egress? If the ingress policy is classifying correctly based on the ip pre, then there seems to be a problem with dscp-exp-mapping.

Igf the ingress policy is itself not classifying correctly, then its some other problem either with traffic/ trust state or something else. If you isolate the half in which the probl;em is happening, we could concentrate on that area.




This Discussion