Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
4
Replies

Help with shaping and drops

dan.letkeman
Level 4
Level 4

‎03-17-2014 09:31 AM - edited ‎03-07-2019 06:44 PM

Hello,

I am having some trouble with shaping and output drops.  I have the need to enable shaping on our edge router in order to bandwith limit our guest networks.  I have shaping enabled with the following config:

 

class-map match-any tec-class-download
 match access-group name tec-class-download
class-map match-any priority
 match protocol ntp
 match protocol eigrp
 match protocol dns
 match protocol telnet
 match protocol icmp
 match protocol echo
class-map match-any test
class-map match-any tec-class
 match access-group name tec-class-download
 match access-group name tec-class-upload
class-map match-all shape-wan
class-map match-all guest-download
 match access-group name guest-download
class-map match-all staff-byod-download
 match access-group name staff-byod-download
class-map match-any guest
 match access-group name guest-download
 match access-group name guest-upload
class-map match-any expedited
 match dscp ef
class-map match-any video
 match dscp af41
 match dscp cs4
!
policy-map police-lan
 class tec-class
  police cir 750000 bc 100000 be 1000
   conform-action transmit
   exceed-action drop
   violate-action drop
policy-map shape-lan
 class tec-class-download
  shape average 6500000
  queue-limit 8192 packets
  fair-queue
 class guest-download
  shape average 5250000
  queue-limit 2048 packets
 class priority
  priority 5000
  set dscp af31
 class business
 class video
  priority 6000 1000
 class expedited
  priority 1000
 class staff-byod-download
  shape average 3000000
  queue-limit 512 packets
 class class-default
  queue-limit 4096 packets
  fair-queue
!
!

interface GigabitEthernet0/0

 description LAN
 ip address 10.10.10.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly in
 ip policy route-map inet
 duplex auto
 speed auto
 no mop enabled
 service-policy input police-lan
 service-policy output shape-lan

 

 

It all seems to work fine, but I am seeing a lot of output drops :

 

 

2921-gw-div-1#show policy-map interface g0/0 output
 GigabitEthernet0/0

  Service-policy output: shape-lan

    queue stats for all priority classes:
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/4138/0
      (pkts output/bytes output) 207832790/49073460695

    Class-map: tec-class-download (match-any)
      1929884057 packets, 2262373820395 bytes
      5 minute offered rate 5730000 bps, drop rate 29000 bps
      Match: access-group name tec-class-download
        1929884137 packets, 2262373823263 bytes
        5 minute rate 5730000 bps
      Queueing
      queue limit 8192 packets
      (queue depth/total drops/no-buffer drops/flowdrops) 0/4315988/0/0
      (pkts output/bytes output) 1925568712/2257298782306
      shape (average) cir 6500000, bc 26000, be 26000
      target shape rate 6500000

      Fair-queue: per-flow queue limit 2048 packets

    Class-map: guest-download (match-all)
      1330263683 packets, 1622579329821 bytes
      5 minute offered rate 5364000 bps, drop rate 52000 bps
      Match: access-group name guest-download
      Queueing
      queue limit 2048 packets
      (queue depth/total drops/no-buffer drops) 972/6277262/0
      (pkts output/bytes output) 1323986464/1614272076524
      shape (average) cir 5250000, bc 21000, be 21000
      target shape rate 5250000


    Class-map: priority (match-any)
      157884546 packets, 26574459594 bytes
      5 minute offered rate 27000 bps, drop rate 0000 bps
      Match: protocol ntp
        88549 packets, 6875982 bytes
        5 minute rate 0 bps
      Match: protocol eigrp
        5741287 packets, 442058821 bytes
        5 minute rate 0 bps
      Match: protocol dns
        122770488 packets, 23474269487 bytes
        5 minute rate 26000 bps
      Match: protocol telnet
        181502 packets, 79748221 bytes
        5 minute rate 0 bps
      Match: protocol icmp
        29102559 packets, 2571458823 bytes
        5 minute rate 1000 bps
      Match: protocol echo
        201 packets, 50788 bytes
        5 minute rate 0 bps
      Priority: 5000 kbps, burst bytes 125000, b/w exceed drops: 0

      QoS Set
        dscp af31
          Packets marked 157884598

    Class-map: business (match-any)
      41498376 packets, 15164255708 bytes
      5 minute offered rate 21000 bps
      Match: access-group name bellamy
        41498376 packets, 15164255708 bytes
        5 minute rate 21000 bps

    Class-map: video (match-any)
      29156440 packets, 18094909638 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match:  dscp af41 (34)
        29156376 packets, 18094905926 bytes
        5 minute rate 0 bps
      Match:  dscp cs4 (32)
        64 packets, 3712 bytes
        5 minute rate 0 bps
      Priority: 6000 kbps, burst bytes 1000, b/w exceed drops: 463


    Class-map: expedited (match-any)
      20796363 packets, 4423949121 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match:  dscp ef (46)
        20796363 packets, 4423949121 bytes
        5 minute rate 0 bps
      Priority: 1000 kbps, burst bytes 25000, b/w exceed drops: 0


    Class-map: staff-byod-download (match-all)
      183254517 packets, 219456875943 bytes
      5 minute offered rate 153000 bps, drop rate 0000 bps
      Match: access-group name staff-byod-download
      Queueing
      queue limit 512 packets
      (queue depth/total drops/no-buffer drops) 0/437030/0
      (pkts output/bytes output) 182817487/218884018447
      shape (average) cir 3000000, bc 12000, be 12000
      target shape rate 3000000


    Class-map: class-default (match-any)
      28186108575 packets, 31547070367404 bytes
      5 minute offered rate 52976000 bps, drop rate 147000 bps
      Match: any
      Queueing
      queue limit 4096 packets
      (queue depth/total drops/no-buffer drops/flowdrops) 0/18560622/0/0
      (pkts output/bytes output) 28290766615/31649670878148

      Fair-queue: per-flow queue limit 1024 packets

 

 

Is there anyway I can disable shaping on class-default?

 

Dan.

Labels:
0 Helpful
4 Replies 4

LA-Engineer
Level 1
Level 1

‎03-17-2014 09:59 AM

What's the bandwidth of the link? It looks like class-default is already transmitting at a rate of 53 Mbps. It doesn't look like there is any shaping on class-default.  The drops may be from bursts of traffic that exceed the BW.

0 Helpful

dan.letkeman
Level 4
Level 4
In response to LA-Engineer

‎03-17-2014 05:17 PM

It is a 1Gbps link between the router and the adjacent switch.  Upstream is an ASA with a 100Mbps internet pipe from our ISP.

 

Dan.

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎03-17-2014 10:26 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As also noted by the other poster, you're not shaping class-default.

 

BTW, your queue limits seem excessive for your shaped rates.  (NB: having too large queues can result in excessive drops as traffic queues up for bandwidth that's never available.)

 

Are you trying to regulate Internet ingress bandwidth by shaping LAN egress bandwidth?  If so, you would probably be better policing Internet ingress.

0 Helpful

dan.letkeman
Level 4
Level 4
In response to Joseph W. Doherty

‎03-17-2014 05:16 PM

I have played with the queue sizes a lot and I have noticed that when they are too small that the drops are more significant.  I will give policing ingress a try and see if that helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card