cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
640
Views
0
Helpful
7
Replies

the application of "full-flow" in microflow policing

Eric.Wang
Level 1
Level 1

we have two sites A and B. let us say IP ranges are 10/8 in A and 20/8 in B

I want to apply microflow policing on user/server port at site A, so that for this host at site A, let us say

1. allowe 1Mbps to host 20.10.10.10 at site B

2. allowe 1Mbps to host 20.11.11.11 at site B

basically the goal is to police EACH flow at 1Mbps to host range 20.x.x.x. NOT to police ALL flows at 1mbps

should I use key word "full-flow". does it mean each flow is identified as source/dest IP?

access-list 101 permit ip any 20.0.0.0 0.255.255.255

class-map 1m-eachflow

match access-group 101

policy-map per-flow-map

class 1m-eachflow

police flow mask full-flow 1000000 conform-action transmit exceed-action drop

interface range g1/1 -48

service-policy input per-flow-map

so will this work with "full-flow" keyword?

1 Accepted Solution

Accepted Solutions
7 Replies 7

Edison Ortiz
Hall of Fame
Hall of Fame

In theory, that's how micro-flow policing works. With that said, what type of hardware this configuration is going to be implemented and IOS version?

__

Edison.

12.2(18)SXF3 on SUP720

line card is WS-X6748-GE-TX or WS-X6548-GE-TX

Be aware, when applying policers to a physical port in the 6500, you may run out of agg-ids. Best practice is to use vlan-based QoS but the drawback is that the policy must be the aggregated value of all participating ports.

For information on agg-ids issue, see this technote:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#qm_agg

HTH,

__

Edison.

Edison:

thanks for the tip.

this error is only about Aggregate policers

correct? I am trying to implement microflow policer

some doc says sup720 can support 128K flows and 64 different rates.

what do you think?

The error is misleading. It consumes agg-ids on any QoS applied to the physical port.

You can do a quick test and apply your configuration on 48 ports and then type the command:

show mls qos ip

and look under the Agg-ID column. Once you reach 1023, you are out of luck.

__

Edison.

Edison:

great info. thanks

but other than this trick. my config. looks good for my desired operation???

Yes.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: