Solved: Rate limit Physical interface GSR

t.tashiro · ‎04-16-2009

Hi

I would like to cap a physical GE interface to 100mbps whist running vlans through it on a GSR i.e.

interface GigabitEthernet0/0/6

no ip address

no ip directed-broadcast

rate-limit input 100032000 12504000 12504000 conform-action transmit exceed-action drop

rate-limit output 100032000 12504000 12504000 conform-action transmit exceed-action drop

no negotiation auto

!

interface GigabitEthernet0/0/6.2

encapsulation dot1Q 2

ip vrf forwarding test

ip address 10.1.1.5 255.255.255.252

no ip directed-broadcast

no cdp enable

!

interface GigabitEthernet0/0/6.3

encapsulation dot1Q 3

ip vrf forwarding test2

ip address 10.1.1.1 255.255.255.252

no ip directed-broadcast

no cdp enable

!

.................etc

However when I apply the rate-limit command on GE0/0/6, I don't see any drop in traffic. Actually I have set up a throughput test through GigabitEthernet0/0/6.2 running at 1Gbps which I can see through sh int GigabitEthernet0/0/6 which does not drop to 100Mbps once the rate-limit is added

I have also tried a vlan policy map with but get the same issue when applying to an interface

policy-map gig-out

class all-vlans

police 64000 4470 4470

policy-map parent-gig-out

class class-default

service-policy gig-out

class-map match-all all-vlans

match vlan 1-4095

(config)#int gigabitEthernet 0/0/6

(config-if)#service-policy output parent-gig-out

% 'match vlan/pseudowire' not supported in gig-out

The GSR cards are 12000-SIP-601 and SPA-10X1GE-V2

Is there a way to cap this aggregate interface?

Regards

Mark

Laurent Aubert · ‎04-20-2009

Ok, I found this link which I think answer to our question:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/aggvlan.html

From this link, the following configuration should be supported:

policy-map Child

class class-default

police 64000 4470 4470

!

policy-map Parent

class all-vlans

service-policy child

class-map match-all all-vlans

match vlan 1-4095

!

Laurent.

View solution in original post

Laurent Aubert · ‎04-16-2009

Hi,

You don't need two levels of service-policy in your case. Try the following one:

policy-map gig-out

class class-default

police cir 100000000 conform-action transmit exceed-action drop

HTH

Laurent.

t.tashiro · ‎04-17-2009

Hi Laurent

I tried what you suggested but I still don't see any drop in traffic. As you can see from the results I applied it bu the aggregate interface is stall taking 875Mbps of traffic

policy-map gig-in1

class class-default

police cir 104000 bc 4470 be 4470 conform-action transmit exceed-action drop

policy-map gig-out1

class class-default

police cir 104000 bc 4470 be 4470 conform-action transmit exceed-action drop

interface GigabitEthernet0/0/7

no ip address

no ip directed-broadcast

no negotiation auto

service-policy input gig-in1

service-policy output gig-out1

!

#sh policy-map interface GigabitEthernet0/0/7

GigabitEthernet0/0/7

Service-policy input: gig-in1 (240)

Class-map: class-default (match-any) (9166881/0)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any (14941378)

police:

128000 bps, 4470 limit, 4470 extended limit

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

Service-policy output: gig-out1 (242)

Class-map: class-default (match-any) (9191457/0)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: any (5027266)

Class of service queue: 14

Queue-limit: 32768 packets (default) Threshold drop 0 pkts, 0 bytes

Current queue-depth: 0 packets, Maximum queue-depth: 483 packets

Average queue-depth: 0.000 packets

police:

128000 bps, 4470 limit, 4470 extended limit

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

sh interface GigabitEthernet0/0/7

GigabitEthernet0/0/7 is up, line protocol is up

Hardware is GigabitEthernet, address is 0021.1c59.e807 (bia 0021.1c59.e807)

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 223/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full Duplex, 1000Mbps, link type is force-up, media type is LX

output flow-control is on, input flow-control is on

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:04, output 00:00:04, output hang never

Last clearing of "show interface" counters 01:16:56

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

Available Bandwidth 1000000 kilobits/sec

5 minute input rate 875937000 bits/sec, 399611 packets/sec

5 minute output rate 876365000 bits/sec, 399808 packets/sec

381783166 packets input, 104608586928 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 113 ignored

0 watchdog, 0 multicast, 0 pause input

382965954 packets output, 104932671550 bytes, 0 underruns

Transmitted 0 broadcasts

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier, 0 pause output

0 output buffer failures, 0 output buffers swapped out

Laurent Aubert · ‎04-17-2009

I'm not a GSR expert but can you try the following configuration:

class-map match-all all-vlans

match vlan 1-4095

!

policy-map gig-out

class all-vlans

police cir 100000000 conform-action transmit exceed-action drop

!

int gigabitEthernet 0/0/7

service-policy output gig-out

!

Laurent.

t.tashiro · ‎04-19-2009

Hi, I've actually tried that as well however I see no drop in traffic :(

Laurent Aubert · ‎04-20-2009

Ok, I found this link which I think answer to our question:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/aggvlan.html

From this link, the following configuration should be supported:

policy-map Child

class class-default

police 64000 4470 4470

!

policy-map Parent

class all-vlans

service-policy child

class-map match-all all-vlans

match vlan 1-4095

!

Laurent.

t.tashiro · ‎04-21-2009

Hi, that seems to have done the trick.

Thanks

Mark