L2 policing on cat6500 L2 interface

Answered Question
Mar 20th, 2009

I need to police ingress traffic on a layer2 ("switchport") interface.


Traffic is raw ethernet, so only L2 policying is usable.


Cat6500

Sup 720

Native mode

IOS 12.2(18)SXF13 adv enterprise


Already read config guides, but it takes a while to understand all concepts.


http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/qos.html#wp1750716


Any sample config, to make me understand better the concepts?


TIA

Ivan



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.

From the URL:-


This is the modified IPPHONE-PC policy map, which includes the police command:


policy-map IPPHONE-PC


class CLASSIFY-OTHER


police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop



These are the police command parameters:


•The 50000000 parameter defines the committed information rate (CIR) for traffic allowed in this traffic class. This example configures the CIR to be 50 Mbps.


•The 1562500 parameter defines the CIR burst size for traffic in this traffic class; this example uses a default maximum burst size. Set the CIR burst size to the maximum TCP window size used on the network.


•The conform action keywords define what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is below the 50-Mbps rate. In this example, set-dscp-transmit default applies DSCP 0 to those packets.


•The exceed action defines what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is above the 50 Mbps CIR. In this example, exceed action drop drops those packets.


ibrunello Fri, 03/20/2009 - 08:46

The MQC is quite clear, and I used to apply on routed traffic.


My problem is with definition of class-map.


How can I set "match everything" clause?

the outlined class use an acl matching "IP any any", but I'm not sure the traffic is all pure IPv4 (maybe some IPv6, or some pure ether frames).


any hint?


ibrunello Fri, 03/20/2009 - 09:08

then, using the standard MQC syntax:


policy-map IPPHONE-PC

class class-default

police 50000000 1562500 conform-action transmit exceed-action drop


and then apply to interface.


right?


ibrunello Fri, 03/20/2009 - 09:24

ok.


this is a good start.


will play with the aggregate policers at later stage.


Thank you.


Ivan

ibrunello Mon, 03/23/2009 - 08:50

according to Cisco docs, the second parameter is in bytes, not bits.


as a rule of the thumb, I usually set the burst BYTE value as 1.5 bits value, so I have a quite big burst cache.


Actions

This Discussion