7200 policing and rate limiting

Unanswered Question
bapatsubodh Wed, 10/21/2009 - 13:41

hello Darren Sasso,

I didnt actually get policing and rate limiting per flow bases. Do you mean flow which is used in Class bases weighted fair quesing?

You can try Network Based Application recongnization. (NBAR). And the use Police or bandwidth commands to control that application traffic.

HTH Please rate if it helps.

Thanks

Subodh

Edison Ortiz Wed, 10/21/2009 - 14:31

Per-user microflow policing is only available on Cat6k with Sup720 or Cat4500.

If you have neither switch, an option would be implementing an ingress service-policy at the LAN access-layer and tag abnormal traffic with a policer.

For instance:

1) Create a police-dsp map

mls qos map policed-dscp 0 to 8

2) create the policy-map - any traffic over 256kbps will change the dscp from 0 to 8 (CS1)

policy-map NETPRO

class class-default

police 256000000 32000 exceed-action policed-dscp-transmit

3) apply this policy on ingress.

interface fx/x

service-policy input NETPRO

Any traffic exceeding 256kbps from connected devices will be marked with CS1.

Now, at the 7200, you can configure a class to match on CS1 traffic and perform any QoS queueing strategy against it - like policing or rate limiting.

class-map SCAVENGER

match ip dscp 8

policy-map WAN_QOS

class SCAVENGER

police xxx

or you can shape it as well

policy-map WAN_QOS

class SCAVENGER

shape average xxxx

interface sx/x

service-policy output WAN_QOS

Regards

Edison.

Actions

This Discussion