hi Jerry,

What i'm trying to achieve is traffic shaping for all egress traffic at 100Mbps.

For example,

Nexus7K (shaping)--------->(policing) ISP-A

The link btw Nexus & ISP-A is a L2 1Gbps.  ISP-A is policing at 100Mbps based on our

contract.  In order to minimize pkts drop due to non-compliant, i would like to

traffic shape all egress traffic at 100Mbps.

Can it be done using SRR or WRR?

Instead of shaping at individual queue, is there a way to shape all egress traffics

using nested MQC?

Regards

The Nexus 7000 is designed as a data center core. What you are trying to do is placing the N7K as the DC edge, you need to consider other platform like the Catalyst 6500 with SIP/SPA, Cisco 7600, or the Cisco 7200 series.

Regards,

jerry

hi Jerry,

I trying to avoid another hardware in-between.

Can i say that Nexus 7K doesn't support egress shaping; similar to Nexus 5548P?

What about egress policing on Nexus 7K?

Regards

Well, it does support shaping (SRR) but not MQC egress shaping. We generally do not recommend using N7K or any type of LAN line card (67xx series in C6K) as CE interface (to SP). If you still want to use this approach, like you said, you can use policing and here is the configuration example

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/qos/configuration/guide/policing.html#wp1056940

HTH,

jerry

I tried applying the 1 rate, two color egress policing but it return below error messages:

XXX(config-if)# service-policy type qos output POLICE-100M

ERROR:   Module 1, 4, 9, 10 returned status "Egress policy on an L2 interface is not supported"

In Cisco doc, it says "You can apply the policing instructions in a QoS  policy map to ingress or egress packets by

attaching that QoS policy map  to an interface"

Is there a condition to above statement like it works only on L3 interfaces?

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/qos/configuration/guide/policing.html#wp1056918

---------------------------------------------------------

policy-map type qos POLICE-100M
    class  class-default
      police cir 100 mbps bc 200 ms conform transmit violate drop

---------------------------------------------------------

interface Ethernet1/37
  switchport mode trunk
  switchport trunk allowed vlan 10,104,106
  spanning-tree port type edge trunk
  spanning-tree guard root
  speed 1000
  duplex full
  mtu 9216
  no shutdown

-------------------------------------------------------

Regards

Hi Kian,

You can't do classic Shaping in N7K switch. Your only option is prioritizing queues on outbound direction. As far as I know no current linecard in N7K is supporting shaping. I hope that they will release such card as they did with c6500.

My suggestion is to set the interface speed to 100Mbps instead of 1Gbps on your side and on the Service provider edge device.  This way you can be sure that you are not oversubscribe the line, and if you do, then you can apply QOS (queue prioritization) to prioritize critical traffic on the outbound direction.

HTH,

Timor Sherf

Setting the interface speed requires coordination with the SP. Most of the time when you are ordering subrate GE interface from them, they will leave the speed to 1000. This will give them flexability to upgrade the circuit much quicker.

BTW, the N7K is designed as DC core, hence, there isn't any WAN line card like SIP/SPA available or in the near future. Recommendation is not to use it as DC edge.

Regards,

jerry

I agree that N7K isn't ment to be WAN gateway router, but it seems that in this case he has no choise.

In my experience with the Service providers, there should be no problem asking them to set 100Mb speed on the port. Morover, they usually deploy small termination box of some kind that should be able to work with 100Mb links.

As I understood the question, the demand was for traffic shaping, not policing. Implementing policing is possible in N7K in case of "no switchports"
(as you've mentuned).

He has a choice but he prefer not to.

I trying to avoid another hardware in-between.

Yes, that is true, the error message indicates that you cannot do police in L2 interface, however, you can use the SRR on L2 to shape COS. If it is configured with no switchport (L3 interface), I believe the service policy will be able to attach.

Regards,

jerry

hi,

Yap, just confirmed that we can apply QoS egress policing ONLY on L3 interfaces.

Cisco should update their documentation to reflect this :-)

My customers are all ISP & content provider and they usually terminate on Nexus

using Single Mode Fiber (i don't think u can change the speed of fiber port).

----------------------------------------

interface Ethernet1/1
  no switchport
  mtu 9216
  service-policy type qos output POLICE-100M
  service-policy type qos input POLICE-100M

---------------------------------------

XXXX# sh policy-map interface e1/1

Global statistics status :   enabled

Ethernet1/1

  Service-policy (qos) input:   POLICE-100M
    policy statistics status:   enabled

    Class-map (qos):   class-default (match-any)
      police cir 100 mbps bc 200 ms

  Service-policy (queuing) input:   default-in-policy
    policy statistics status:   enabled

    Class-map (queuing):   in-q1 (match-any)
      queue-limit percent 50
      bandwidth percent 80
      queue dropped pkts : 0

    Class-map (queuing):   in-q-default (match-any)
      queue-limit percent 50
      bandwidth percent 20
      queue dropped pkts : 0

  Service-policy (qos) output:   POLICE-100M
    policy statistics status:   enabled

    Class-map (qos):   class-default (match-any)
      police cir 100 mbps bc 200 ms

  Service-policy (queuing) output:   default-out-policy
    policy statistics status:   enabled

    Class-map (queuing):   out-pq1 (match-any)
      priority level 1
      queue-limit percent 16
      queue dropped pkts : 0

    Class-map (queuing):   out-q2 (match-any)
      queue-limit percent 1
      queue dropped pkts : 0

    Class-map (queuing):   out-q3 (match-any)
      queue-limit percent 1
      queue dropped pkts : 0

    Class-map (queuing):   out-q-default (match-any)
      queue-limit percent 82
      bandwidth remaining percent 25
      queue dropped pkts : 0

----------------------------------------------------------------

Hi Jeye,

I can agree with you that the Nexus 7000 is designed as a data center core and not recommended to place it as a DC WAN edge or PE Router. But can I have the pleasure to share you 2 questions?

1. Does the Nexus 7000 still not supporting MPLS? If yes, why we cannot use one VDC as a PE? If I'm talking about PE, It's mandatory to have MPLS support as I have to do some import / export under VRFs and just with vrf-lite, this is not supported.

2. If I continue to use 7600 or 6500 as DC/WAN edge routers, is there a need to have a dedicated VDC for the core of our Data Center or I can use a collapsed core and aggregation?

Thanks.

For Q1, development is aware of this customer requirement of supporting MPLS in the N7K. It is in the roadmap and this is all I can share. If you need more info, contact your Cisco sales team and they can provide more info with NDA.

For Q2, designing core or collapse core/aggregation in a DC is really upto the design requirement(s). If you have limited budget, of course, you might want to consider collapse core/aggregation. For some of the network we have seen/worked on, organizations still prefer to have a dedicated core (dedicated boxes) to forward traffic. If you have to do maintenance on the aggregation, etc. it will not affect any other traffics across the core.

Regards,

jerry