From: Valiente, Rafael (rafael.valiente@bt.es)
Date: Mon Jan 13 2003 - 07:35:57 GMT-3
Hi Emre
With the first statement of Khurrom's configuration you are limiting the
traffic to 64000, following rate-limits are applied against these 64000.
For example, you have next stream of data in one second arriving to the
ethernet interface:
1.- (48000 www)
2.- (5000 udp)
3.- (18000 www)
4.- (20000 ip )
After first car line you will have:
rate-limit input 64000 2000 2000 conform-action continue exceed-action drop
1.- ( 48000 www ) continue
2.- ( 5000 udp ) continue
3.- ( 11000 www ) continue
1+2+3= 64000
router has dropped 7000 www and 20000 ip
Following rate-limit:
rate-limit input access-group 101 32000 2000 2000 conform-action transmit
exceed-action drop
1.- 32000 www----transmit
1.- 16000 www ---- drop
2.- 5000 udp --- doesn't match acl 101- no action
3.- 11000 www---- drop
rate-limit input access-group 102 16000 2000 2000 conform-action transmit
exceed-action drop
2.- 5000 udp ---- transmit
rate-limit input access-group 103 16000 2000 2000 conform-action transmit
exceed-action drop
No traffic to match against acl 103
Through serial interface you will get 32000 www plus 5000 udp in this second
You are right about my configuration, 12.2 is needed and is the same that
Khurrom's configuration without the first rate-limit line, we give 32000 to
www, 16000 to ip and 16000 to udp but we don't' limit the total traffic to
64000.
Khurrom, if you really want to limit the traffic to 64000 and you have 12.2,
I think you can get it with this:
class-map match-all ip
match access-group 103
class-map match-all udp
match access-group 102
class-map match-all www
match access-group 101
!
!
policy-map test
class udp
bandwidth 16
class ip
bandwidth 16
class www
bandwidth 32
policy-map limiting
class class-default
shape average 64000
service-policy test
interface Ethernet0/0
service-policy input limiting
access-list 101 permit tcp any any eq www
access-list 102 permit udp any any
access-list 103 permit ip any any
Rafa
-----Mensaje original-----
De: Emre [mailto:emrekoyuncu@hotmail.com]
Enviado el: lunes 13 de enero de 2003 10:35
Para: ccielab@groupstudy.com; Valiente, Rafael
Asunto: Re: QoS (CAR): problem with "conform-action continue" command -
Hi Valiente,
Your way is one of the solutions to achieve this (as i remember only in
12.2). But I think Khurrom's way should be working.
Maybe we have no control on the first statement of Khurrom's configuration ,
but by using the conform-action continue option , we get a control on the
traffic type on the following rate-limits. I still can't understand why it
is not working. Has anybody have an idea of that ? Also I think there is no
need for the first statement to achieve our goal but I just wonder why it
does not work properly eventhough the first statement is unneeded (but
harmless).
Emre
----- Original Message -----
From: "Valiente, Rafael" <rafael.valiente@bt.es>
To: "'Khurram Khani'" <kkhani@nortelnetworks.com>
Cc: <ccielab@groupstudy.com>
Sent: Monday, January 13, 2003 12:27 AM
Subject: RE: QoS (CAR): problem with "conform-action continue" command -
> Hello
>
> Whit the first car sentence you are limiting all traffic to 64000, but you
> have no control over what type of traffic is, for example it should be 80
%
> www ( 51200 ), 20 % UDP (12800 ) and 0% ip. As result of this you will
get
> on your sniffer 32000 of www and 12800 of UDP.
>
> I think you can get what you are looking for with this config:
>
> class-map match-all ip
> match access-group 103
> class-map match-all udp
> match access-group 102
> class-map match-all www
> match access-group 101
> !
> !
> policy-map test
> class www
> police 32000 1500 1500 conform-action transmit exceed-action drop
> class ip
> police 16000 1500 1500 conform-action transmit exceed-action drop
> class udp
> police 16000 1500 1500 conform-action transmit exceed-action drop
>
> interface Ethernet0/0
> service-policy input test
>
>
> access-list 101 permit tcp any any eq www
> access-list 102 permit udp any any
> access-list 103 permit ip any any
>
>
>
> Regards
>
> Rafa
>
>
> -----Mensaje original-----
> De: Khurram Khani [mailto:kkhani@nortelnetworks.com]
> Enviado el: lunes 13 de enero de 2003 4:26
> Para: ccielab@groupstudy.com
> Asunto: QoS (CAR): problem with "conform-action continue" command -
>
>
> Hi All,
>
> I am having problem with 'conform-action continue' command while
> configuring
> CAR.
>
> This is what I want:
>
> - 50% WWW traffic on eth0
> - 25% UDP traffic on eth0
> - 25% IP traffic on eth0
>
> I am sending traffic to Ethernet0 interface using Smart Bits at rate of
300
> KBits/sec. Incoming traffic
> has 3 streams , WWW , UDP, IP. Equal packet size for all streams (200
> bytes).
>
> When I try to limit total traffic to 64000 using 'conform-action continue
> exceed-action drop' (1st command
> for rate-limiting) I dont see (50%, 25%, 25%) rate-limit anymore at my
> output
> probes. I am using Sniffer Pro
> and Etherpeek to plot the output traffic graph.
>
> interface Ethernet0/0
> description Connected to Smarts Bit Slot 1
> ip address 1.1.1.1 255.255.255.0
> rate-limit input 64000 2000 2000 conform-action continue exceed-action
drop
> rate-limit input access-group 101 32000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 102 16000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 103 16000 2000 2000 conform-action transmit
> exceed-action drop
>
> !
> access-list 101 permit tcp any any eq www
> access-list 101 permit tcp any eq www any
> access-list 102 permit udp any any
> access-list 103 permit ip any any
>
>
> When I remove the conform-action continue command , 50%, 25% , 25%
> distribution works.
>
> This config works!
>
> interface Ethernet0/0
> description Connected to Smarts Bit Slot 1
> ip address 1.1.1.1 255.255.255.0
> rate-limit input access-group 101 32000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 102 16000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 103 16000 2000 2000 conform-action transmit
> exceed-action drop
>
>
> This is what my topology is
>
> TrafficGenerator --->Eth0 (Router) Se0-----> Measuring Output traffic here
> (Sniffer Pro)
>
> Can anyone plz help me what am I doing wrong in my QoS config?? Attached
is
> full config.
>
>
>
>
>
>
> 3620-QoS#r
> Building configuration...
>
> Current configuration : 2072 bytes
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname 3620-QoS
> !
> !
> !
> !
> !
> !
> ip subnet-zero
> no ip domain-lookup
> !
> !
> !
> !
> !
> !
> !
> !
> interface Ethernet0/0
> description Connected to Smarts Bit Slot 1
> ip address 1.1.1.1 255.255.255.0
> rate-limit input 64000 2000 2000 conform-action continue exceed-action
drop
> rate-limit input access-group 101 32000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 102 16000 2000 2000 conform-action transmit
> exceed-action drop
> rate-limit input access-group 103 16000 2000 2000 conform-action transmit
> exceed-action drop
> no ip route-cache
> no ip mroute-cache
> no cdp enable
> !
> interface Serial0/0
> ip address 34.1.1.2 255.255.255.0
> no ip route-cache
> no ip mroute-cache
> clockrate 64000
> !
> interface Ethernet0/1
> description Connected to Smarts Bit Slot 2
> ip address 2.2.2.1 255.255.255.0
> no cdp enable
> !
> router eigrp 1
> network 1.0.0.0
> network 2.0.0.0
> network 34.0.0.0
> auto-summary
> no eigrp log-neighbor-changes
> !
> ip classless
> no ip http server
> !
> access-list 101 permit tcp any any eq www
> access-list 101 permit tcp any eq www any
> access-list 102 permit udp any any
> access-list 103 permit ip any any
> !
> !
> alias exec b1 debug ip bg up
> alias exec b2 debug ip bgp eve
> alias exec i show ip ro
> alias exec dr1 debug ip rip
> alias exec dr2 debug ip rip event
> alias exec b show ip ro bg
> alias exec u undebug all
> alias exec r show run
> alias exec g show ip ro ig
> alias exec c config t
> alias exec cl clear ip ro *
> alias exec di debug ip packet
> alias exec t show ip ei to
> alias exec de1 debug ip ei
> alias exec de2 debug ip eigrp neighbor 1 10.10.10.3
> alias exec de3 debug ip eigrp neighbor 1 134.177.211.6
> alias exec cle clear ip ei ne
> alias exec on show ip os ne
> alias exec od show ip os database
> alias exec m show ip mroute
> alias exec ci clear interface
> alias exec si show interface
> alias exec s show int se0/0
> alias exec e show int eth0/0
> !
> line con 0
> exec-timeout 0 0
> line aux 0
> line vty 0 4
> login
> !
> end
>
> 3620-QoS#
> 3620-QoS#
> .
> **********************************************
> Noticia legal
> Este mensaje electrsnico contiene informacisn de BT Ignite Espaqa S.A.U.
que
> es privada y confidencial, siendo para el uso exclusivo de la persona (s)
o
> entidades arriba mencionadas. Si usted no es el destinatario seqalado, le
> informamos que cualquier divulgacisn, copia, distribucisn o uso de los
> contenidos esta prohibida. Si usted ha recibido este mensaje por error,
por
> favor borre su contenido lo antes posible.
> Gracias.
> .
**********************************************
Noticia legal
Este mensaje electrsnico contiene informacisn de BT Ignite Espaqa S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona (s) o
entidades arriba mencionadas. Si usted no es el destinatario seqalado, le
informamos que cualquier divulgacisn, copia, distribucisn o uso de los
contenidos esta prohibida. Si usted ha recibido este mensaje por error, por
favor borre su contenido lo antes posible.
Gracias.
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:48 GMT-3