Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

the application of "full-flow" in microflow policing

we have two sites A and B. let us say IP ranges are 10/8 in A and 20/8 in B

I want to apply microflow policing on user/server port at site A, so that for this host at site A, let us say

1. allowe 1Mbps to host 20.10.10.10 at site B

2. allowe 1Mbps to host 20.11.11.11 at site B

basically the goal is to police EACH flow at 1Mbps to host range 20.x.x.x. NOT to police ALL flows at 1mbps

should I use key word "full-flow". does it mean each flow is identified as source/dest IP?

access-list 101 permit ip any 20.0.0.0 0.255.255.255

class-map 1m-eachflow

match access-group 101

policy-map per-flow-map

class 1m-eachflow

police flow mask full-flow 1000000 conform-action transmit exceed-action drop

interface range g1/1 -48

service-policy input per-flow-map

so will this work with "full-flow" keyword?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: the application of "full-flow" in microflow policing

Yes.

7 REPLIES
Hall of Fame Super Bronze

Re: the application of "full-flow" in microflow policing

In theory, that's how micro-flow policing works. With that said, what type of hardware this configuration is going to be implemented and IOS version?

__

Edison.

New Member

Re: the application of "full-flow" in microflow policing

12.2(18)SXF3 on SUP720

line card is WS-X6748-GE-TX or WS-X6548-GE-TX

Hall of Fame Super Bronze

Re: the application of "full-flow" in microflow policing

Be aware, when applying policers to a physical port in the 6500, you may run out of agg-ids. Best practice is to use vlan-based QoS but the drawback is that the policy must be the aggregated value of all participating ports.

For information on agg-ids issue, see this technote:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801b42bf.shtml#qm_agg

HTH,

__

Edison.

New Member

Re: the application of "full-flow" in microflow policing

Edison:

thanks for the tip.

this error is only about Aggregate policers

correct? I am trying to implement microflow policer

some doc says sup720 can support 128K flows and 64 different rates.

what do you think?

Hall of Fame Super Bronze

Re: the application of "full-flow" in microflow policing

The error is misleading. It consumes agg-ids on any QoS applied to the physical port.

You can do a quick test and apply your configuration on 48 ports and then type the command:

show mls qos ip

and look under the Agg-ID column. Once you reach 1023, you are out of luck.

__

Edison.

New Member

Re: the application of "full-flow" in microflow policing

Edison:

great info. thanks

but other than this trick. my config. looks good for my desired operation???

Hall of Fame Super Bronze

Re: the application of "full-flow" in microflow policing

Yes.

422
Views
0
Helpful
7
Replies