02-09-2009 01:01 AM - edited 03-06-2019 03:55 AM
Hi,
Currently we are enrolling Catalyst 3560 switches in our network to connect to our MPLS backbone. We've used Catalyst 3550 before and based on that platform we've developed a âstandardâ configuration we are using.
In this template we apply a âpolicy map outâ on the interface to the backbone for real-time traffic. BW allocation is 50 30 10 10, priority queue out and policing 2Mb.
How can I do this on a 3560? By using wrr shaping I can allocate 2Mb to a queue but this queue will act different than the policing on a 3550 does. By configuring 'priority queue out' the full bandwidth will be consumed for real time traffic when bandwidth is needed ⦠How can this be solved?
02-09-2009 04:11 AM
You could police the real-time traffic upon ingress. Although you should be able to match ingress real-time traffic going to your MPLS backbone, if there are multiple ingress ports, unclear (to me) whether you can easily define an overall cap of 2 Mbps without defining individual ingress interface real-time police caps.
02-10-2009 12:25 AM
I'm not sure ingress policing is the answer. I've been thinking about it, but on an ingress interface we're marking. Depending of the kind of traffic, the packet gets an dscp value. For all dscp "ef" values, I wanted to police on egress. I can't see how I can solve this on ingress interface ...
02-10-2009 04:50 AM
I looked into this a while ago and hit the same wall as you have. The 3560/3750 series are good switches but there seems to be a few features that were in the 3550 that haven't been implemented in them.
You would need to deploy a 'real' router at the handoff point to implement egress policing. You could also look at the Metro Ethernet switches (ME3400?) as these have the ability to apply policers on egress.
HTH
Andy
02-10-2009 06:09 AM
I agree that I too am unsure ingress policing is the answer, not though due to identification, which I think can be done via a class map identifing both VoIP and destination off the LAN, but due to there might a limitation to number of ports if working with a SVI two level policer and/or policing at the intended aggregate outbound level.
I agree with Andrew, the 3560/3750 LAN switches fall IOS feature short in some aspects. A sure solution, as Andrew also notes would be a more suitable device between the LAN and WAN, such as perhaps an ISR or Metro Switch. Another possible device might be a very small 2960 (e.g. 8 port). As long as there's only one ingress to egress port, believe its inbound ingress policer would work.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: