Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2359
Views
0
Helpful
4
Replies

Changing PPPOE user rate-limit via CoA

shap4ever
Level 1
Level 1

‎09-10-2013 10:21 AM

We use 7206VXR as a pppoe bras, due to limited bandwidth during night hours we decided to change our clients download rate during the period. So we generate per session CoA packet and get ACK from cisco, But this is not update the previous values just add new rate-limit:

BRAS#sh int Virtual-access 2007 rate-limit

Virtual-Access2007

  Input

    matches: all traffic

      params:  256000 bps, 48000 limit, 96000 extended limit                 <------------------ Original Values

      conformed 20056 packets, 1939505 bytes; action: transmit

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 2004696ms ago, current burst: 0 bytes                         

      last cleared 03:11:01 ago, conformed 1353 bps, exceeded 0 bps

   matches: all traffic

      params:  1024000 bps, 128000 limit, 256000 extended limit             <-------------------- New Values via CoA

      conformed 0 packets, 0 bytes; action: continue

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 11509504ms ago, current burst: 0 bytes

      last cleared 03:09:46 ago, conformed 0 bps, exceeded 0 bps

  Output

    matches: all traffic

      params:  256000 bps, 48000 limit, 96000 extended limit

      conformed 20172 packets, 26466289 bytes; action: transmit

      exceeded 9311 packets, 12622701 bytes; action: drop

      last packet: 160292ms ago, current burst: 0 bytes

      last cleared 03:11:01 ago, conformed 18472 bps, exceeded 8810 bps

    matches: all traffic

      params:  1024000 bps, 128000 limit, 256000 extended limit

      conformed 0 packets, 0 bytes; action: continue

      exceeded 0 packets, 0 bytes; action: drop

      last packet: 11511624ms ago, current burst: 0 bytes

      last cleared 03:09:49 ago, conformed 0 bps, exceeded 0 bps

as you can see above both policies are match all traffic and the first one is applying always, How can I replace the Original values not Adding new values?

Thanks for your help

Labels:
0 Helpful
4 Replies 4

xthuijs
Cisco Employee
Cisco Employee

‎09-12-2013 12:13 PM

in IOS you should only be able to apply one qos policy per direction at any time.

so what should happen here is the reference of a new policy-map that is getting applied to the user(s).

it should show up as a single pmap in terms of show policy-map interface virtual-ac X.

it all depends on how you have defined your services here.

if you have a base vtemplate that has a qos policy and then assign a service over it with a new qos policy you may get a pmap merge, which is sort of what I see here.

cheers

xander

0 Helpful

shap4ever
Level 1
Level 1
In response to xthuijs

‎09-13-2013 09:40 PM

Dear Alex, Thanks for your reply but there is a problem:

1- I used Policy-map based traffic shaping for pppoe users but consider to very high cpu usage issue (99% on 3000 session) I changed the solution to pass rate-limit parameter behalf of policy-map name, now I have more than 7000 session with 50% cpu consumption. So I have no policy-map @ work now:

#sh policy-map interface virtual-access 3

#

2- as I mentioned before I'm passing rate-limit value with radius while user authorization proccess and everything works fine, problem is you can have more than one rate-limit per virtual-access and with my config just first one applies to session.

Regards

0 Helpful

xthuijs
Cisco Employee
Cisco Employee
In response to shap4ever

‎09-14-2013 08:10 AM

Salar,

when you use the pmaps what is the cpu spent on?

the rate-limit command is usable for the 7200, but that will limit your ability to modify it via COA.

also the rate-limit will cause a full VAI I believe, but the policy-map, if applied via the right VSA will maintain a sub vai which also will provide for larger scale.

So the 2 things I would like to see, besides the version, is the full configuration and what CPU util when using pmaps is spent on.

cheers

xander

0 Helpful

mehdi.sadighian
Level 1
Level 1

‎10-09-2017 06:43 AM

hi

i had this problem too

but i solved the problem with removing the old rate-limit then apply the new rate-limit

example:

 

echo User-Name=mehdi,Framed-IP-Address=\"10.0.0.1\",Cisco-Avpair=\"lcp:interface-config#1=no rate-limit output 2097152 393216 786432 conform-action transmit exceed-action drop\",Cisco-Avpair=\"lcp:interface-config#2=no rate-limit input 2097152 393216 786432 conform-action transmit exceed-action drop\",Cisco-Avpair=\"lcp:interface-config#1=rate-limit output 8388608 1572864 3145728 conform-action transmit exceed-action drop\",Cisco-Avpair=\"lcp:interface-config#2=rate-limit input 8388608 1572864 3145728 conform-action transmit exceed-action drop\" | radclient -d /usr/local/share/freeradius/ -x -F 192.168.1.1:3799 coa nas_secret

 

detail:

removing old rate-limit:

    Cisco-AVPair = "lcp:interface-config#1=no rate-limit output 2097152 393216 786432 conform-action transmit exceed-action drop"
    Cisco-AVPair = "lcp:interface-config#2=no rate-limit input 2097152 393216 786432 conform-action

transmit exceed-action drop"

 

adding new rate limit:   

 

Cisco-AVPair = "lcp:interface-config#1=rate-limit output 8388608 1572864 3145728 conform-action transmit exceed-action drop"
    Cisco-AVPair = "lcp:interface-config#2=rate-limit input 8388608 1572864 3145728 conform-action transmit exceed-action drop"

 

Best Regards

mehdi.sadighian@hotmail.com

http://msadighian.com

mehdi.sadighian@hotmail.com
http://msadighain.com
0 Helpful
Customers Also Viewed These Support Documents