service policy direction on vlan interface

gavin han · ‎04-21-2012

Hi,

<SW1>--------(Router)--------<SW2>

I've 4 servers (10.1.1.89, 10.1.1.90, 10.1.1.91, 10.1.1.92) in vlan20 on SW1 and 4 servers in VLAN 21(10.1.1.121, 10.1.1.122, 10.1.1.123, 10.1.1.124) on SW2.

on SW1: I've to limit b/w for traffic going out from those 4 servers to 20M. I don't want limit b/w for others servers in vlan20.

on SW2: I've to limit b/w for traffic going out from those 4 servers to 20M. I don't want limit b/w for others servers in vlan21.

in which direction should I apply service policy on vlan interface(would it be in "in" direction or "out" direction)?

below is the configuration that I built.

SW1:

access-list extended SERVERS permit ip host 10.1.1.89 any

access-list extended SERVERS permit ip host 10.1.1.90 any

access-list extended SERVERS permit ip host 10.1.1.91 any

access-list extended SERVERS permit ip host 10.1.1.92 any

class-map match-all SERVERS-HOST

match access-group SERVERS

policy-map BW-LIMIT

class SERVERS-HOST

shape average 20000000

class class-default

fair-que

int vlan20

service-policy in BW-LIMIT

====

SW2:

access-list extended SERVERS permit ip host 10.1.1.121 any

access-list extended SERVERS permit ip host 10.1.1.122 any

access-list extended SERVERS permit ip host 10.1.1.123 any

access-list extended SERVERS permit ip host 10.1.1.124 any

class-map match-all SERVERS-HOST

match access-group SERVERS

policy-map BW-LIMIT

class SERVERS-HOST

shape average 20000000

class class-default

fair-que

int vlan21

service-policy in BW-LIMIT

Please advise. Thanks in advance...

paolo bevilacqua · ‎04-21-2012

Switches are not good for traffic shapping. Do that on router.

gavin han · ‎04-21-2012

Hi,

these switches are nexus 7K so I'm pretty sure it won't be any issue.

Joseph W. Doherty · ‎04-21-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I haven't worked with the Nexus series, but generally you can't shape ingress (although you can police).

Normally in vs. out on an interface, VLAN or otherwise, is similar to ACLs, i.e. in for ingress traffic to that interface and out for egress traffic on the interface. Since you note the servers are on those VLANs, you could police them as the traffic ingresses the interface they are connected to or police/shape the traffic to the servers as it egresses the interface toward them. (Normally you want to police or shape ASAP.) Although since you didn't describe the topology in full, from what you did describe, the traffic might bypass the switch(es) VLAN interface(s) going between VLANs 20 and 21.