7200 policing and rate limiting

Unanswered Question
bapatsubodh Wed, 10/21/2009 - 13:41
User Badges:

hello Darren Sasso,

I didnt actually get policing and rate limiting per flow bases. Do you mean flow which is used in Class bases weighted fair quesing?

You can try Network Based Application recongnization. (NBAR). And the use Police or bandwidth commands to control that application traffic.

HTH Please rate if it helps.

Thanks

Subodh

Edison Ortiz Wed, 10/21/2009 - 14:31
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Per-user microflow policing is only available on Cat6k with Sup720 or Cat4500.


If you have neither switch, an option would be implementing an ingress service-policy at the LAN access-layer and tag abnormal traffic with a policer.


For instance:

1) Create a police-dsp map


mls qos map policed-dscp 0 to 8


2) create the policy-map - any traffic over 256kbps will change the dscp from 0 to 8 (CS1)


policy-map NETPRO

class class-default

police 256000000 32000 exceed-action policed-dscp-transmit


3) apply this policy on ingress.


interface fx/x

service-policy input NETPRO


Any traffic exceeding 256kbps from connected devices will be marked with CS1.


Now, at the 7200, you can configure a class to match on CS1 traffic and perform any QoS queueing strategy against it - like policing or rate limiting.


class-map SCAVENGER

match ip dscp 8


policy-map WAN_QOS

class SCAVENGER

police xxx



or you can shape it as well


policy-map WAN_QOS

class SCAVENGER

shape average xxxx


interface sx/x

service-policy output WAN_QOS


Regards


Edison.


Actions

This Discussion