Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Class-based Policing on a Catalyst 3560 Switch

Dear Sir,

I'm trying to configure rate-limiting, using class-based policing, on a Catalyst 3560 L2 port. The objective is to drop input traffic that exceeds 2-Mbps average traffic. The config as follows:

!

mls qos

!

class-map match-any all-in

match access-group 100

!

policy-map mb-in

class all-in

police 2000000 96000 exceed-action drop

!

interface FastEthernet0/14

switchport mode access

no ip address

service-policy input mb-in

!

access-list 100 permit ip any any

!

The attached MRTG graph shows that input traffic bursts quite high beyond the 2-Mbps average. Max input is 2643 Kbps. This is not acceptable. Also attached are outputs of "show policy-map interface fas0/14" and "show access-list 100".

Lowering the normal burst size (originally configured to 96000 bytes) seriously affects the speed a customer can get on average and how much it can burst. Please see attached screenshots.

Can anyone please advise, what's the best value of normal burst size to configure? Or is my config correct at all?

Please help.

Thank you.

B.Rgds,

Lim TS

2 REPLIES

Re: Class-based Policing on a Catalyst 3560 Switch

These link will help you determine the rigth burst size as it explains the "leaky bucket" concept that the 3550 uses for policing:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml#police_mark

One thing to keep in mind is that there is no "value" that will give you the exact rate. When you configure the burst rate, you must take into account that some protocols implement mechanisms that react to the packet loss. For instance, Transmission Control Protocol (TCP) reduces the window by half for each lost packet. This causes a "saw tooth" effect in the TCP traffic when TCP tries to accelerate to the line rate and is throttled by the policer. If the average rate of the saw tooth traffic is calculated, this rate is much lower than the policed rate. However, you can increase the burst in order to achieve better utilization. A good start is to set the burst equal to twice the amount of the traffic sent with the desired rate during Round-Trip Time (TCP RTT). If RTT is not known, you can double the value of the burst parameter.

For the same reason, it is not recommended to benchmark the policer operation by connection-oriented traffic. This scenario generally shows lower performance than permitted by the policer.

New Member

Re: Class-based Policing on a Catalyst 3560 Switch

Hi,

Thanks for the info. I've gone thru it but still find it difficult to determine the right burst size.

Using the first equation, in order to sustain a rate of 2 Mbps, the minimum burst is:

2000000 (bps) / 8000 (1/sec) = 250 (bits)

With my original policer ("police 2000000 96000 exceed-action drop"), should I expect to see traffic being limited at 2 Mbps on the MRTG graph? In my case, the graph exceeds 2 Mbps, with max 2.6 Mbps.

However, lowering the burst size affects the customer from reaching the average 2 Mbps, as you can see on the other graphs.

Please help.

Thank you.

B.Rgds,

Lim TS

473
Views
0
Helpful
2
Replies