3550 -> 3560 lost egress policer functionality

mholbrook1 · ‎04-11-2006

Need some guidance here.

On a 3550 I normally set up rate-limiting on a per-port basis to provide internet service or other rate-based services to customers. As such I need to be able to apply ingress and egress service policies to an interface. In other words, I set the upload and download speeds that are then sold to customers as a service at that level.

Now that we are migrating to 3560s, I have hit a roadblock, in that the command that I used to use to assign a service policy to an interface on egress is no longer supported on the 3560 (and 3750) series of switches.

So, previously I might have defined something like the following:

mls qos aggregate-policer Out 5000000 2000000 exceed-action drop

mls qos aggregate-policer In 5000000 2000000 exceed-action drop

mls qos

class-map match-all DSCP

match ip dscp default

policy-map In

class DSCP

police aggregate In

policy-map Out

class DSCP

police aggregate Out

interface fastethernet0/1

service-policy input In

service-policy output Out

I can get as far as the last line on a 3560, where it states that:

Warning: Assigning a policy map to the output side of an interface not supported

I have looked around on Cisco's website and I see that some things have changed and that now "shaping" is how egress traffic is handled. I haven't been able to find a straightforward guide as to how to configure an equivalent for the command I used to do.

Any ideas or suggestions would be greatly appreciated! Thanks!

globalnettech · ‎04-12-2006

Hello,

the "service-policy output" is indeed not supported on the 3560/3750 switches due to an ASIC limitation. See if "srr-queue bandwidth limit" command will work for you, here is the link to the configuration details:

Limiting the Bandwidth on an Egress Interface

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12225sed/scg/swqos.htm#wp1253412

HTH,

GNT

rasoftware · ‎05-21-2006

Hi,

we are having similar probelms with 3560. Looking at the srr commands it will only allow us to set a percentage (10) of max interface bandwidth ie 10Mbit or 1Mbit depending on port speed. Is it possible to assign a lower rate ie 512kbits?

etoman · ‎05-19-2006

The Catalyst 2960/2970/3560/3750 switches support "SRR" instead of WRR. SRR is the ability to support shared or shaped round robin queuing. Sharing is like wrr i.e. a minium b/w guarantee but can get more if available. Shaping overrides sharing when configured, and rate limits traffic to not exceed the specified rate.

Example on a 3560

int fa0/1

srr-queue bandwidth share 1 70 25 5

srr-queue bandwidth shape 4 0 0 0

This results in Queue #1 being shaped to 1/4 of the B/W of the interface i.e. it cannot exceed 1/4 of the B/W of the interface. Queue 2 gets 70/(70+25+5) percent of the b/w minimum, but can get more if available. Similarly Queue #3 gets 25(70+25+5) % of the B/W etc.

These are topics I address at length in the Advanced Cisco QoS course I put together for Global Knowledge and teach for them.

rasoftware · ‎05-22-2006

Hi,

Did you manage to get this working? We basically use the same policers as yourself in a similar situation. I am hoping to upgrade to 3560 but the egress rate limiting issues are concerning me. 3550 is now end of life.