Getting good statistics on policed 3550 links?

From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Mon Apr 28 2003 - 13:44:52 GMT-3

• Next message: kasturi cisco: "RE: Floating static routes not working on cat 4006 (w SUP III)"
• Previous message: MADMAN: "Re: getting inside the vip card in 7500"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A little background.

I brought an 3550 and am using it to bandwidth police an small isp.

My problem is that; either I horribly misconfigured the acls, or more
likey the switch is giving me very poor information about the effective
limiting it is doing.

I found a document on tac suggesting, that because the policing is done
in hardware that getting valid statistics is a common problem on the
3550.

So, has anyone else had problems with getting valid mls qos interface
statistics? And/or what was your work around?

For example,

FastEthernet0/13
Ingress
  dscp: incoming no_change classified policed dropped (in pkts)
Others: 28326020 27250335 1075685 0 188768
Egress
  dscp: incoming no_change classified policed dropped (in pkts)
Others: 25622804 n/a n/a 0 0

In this case I know that my last policer on this port matches any any,
yet not all packets are classified (neat trick). None are listed as
policed; but it is dropping packets. None of the other non-policed
ports have dropped any pkts.

Which leads me to believe that I'm not getting the full story.

I also noticed that that acl list counters never get incremented yet I
believe some limiting must be working because of the dropped pkts, hence
some of the applied access lists must be working. :(

Thanks for Your Time,

Michael

------------------------------------------------------------------------

---
Below is the configuration in question.
Please feel free to critique it.
My goal is dividing up a dual t1 circuit; 3 mbs total into a /24
downstream subnet..
mls qos
!
class-map match-all No2_prefered_applications
  match access-group 102
class-map match-all webcache
  match access-group 111
class-map match-all outgoing_all_leftover_canopy
  match access-group 28
class-map match-all outgoing_commerical
  match access-group 23
class-map match-all outgoing_novell
  match access-group 30
class-map match-all ep_office_novell_server
  match access-group 110
class-map match-all No1_trouble_makers
  match access-group 101
class-map match-all No4_1st_block_residential
  match access-group 104
class-map match-all outgoing_3rd_block_residential
  match access-group 26
class-map match-all No5_2nd_block_residential
  match access-group 105
class-map match-all outgoing_4th_block_residential
  match access-group 27
class-map match-all No3_commerical_users
  match access-group 103
class-map match-all No8_all_others
  match access-group 108
class-map match-all outgoing_trouble_makers
  match access-group 21
class-map match-all outgoing_1st_block_residential
  match access-group 24
class-map match-all No6_3rd_block_residential
  match access-group 106
class-map match-all No7_4th_block_residential
  match access-group 107
class-map match-all outgoing_2nd_block_residential
  match access-group 25
!
!
policy-map ingress_canopy
  class outgoing_trouble_makers
    police 384000 24000 exceed-action drop
  class outgoing_commerical
    police 1544000 64000 exceed-action drop
  class outgoing_1st_block_residential
    police 512000 32000 exceed-action drop
  class outgoing_2nd_block_residential
    police 512000 32000 exceed-action drop
  class outgoing_3rd_block_residential
    police 512000 32000 exceed-action drop
  class outgoing_4th_block_residential
    police 512000 32000 exceed-action drop
  class outgoing_all_leftover_canopy
    police 768000 48000 exceed-action drop
policy-map downstream_ingress
  class No1_trouble_makers
    police 512000 32000 exceed-action drop
  class webcache
    police 1544000 64000 exceed-action drop
  class ep_office_novell_server
    police 1024000 48000 exceed-action drop
  class No3_commerical_users
    police 1544000 64000 exceed-action drop
  class No4_1st_block_residential
    police 1024000 48000 exceed-action drop
  class No5_2nd_block_residential
    police 1024000 48000 exceed-action drop
  class No6_3rd_block_residential
    police 1024000 48000 exceed-action drop
  class No7_4th_block_residential
    police 1024000 48000 exceed-action drop
policy-map ingress_novell
  class outgoing_novell
    police 1024000 32000 exceed-action drop
!
!
!
!
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/2
 no ip address
!
interface FastEthernet0/3
 no ip address
!
interface FastEthernet0/4
 no ip address
!
interface FastEthernet0/5
 no ip address
!
interface FastEthernet0/6
 no ip address
!
interface FastEthernet0/7
 no ip address
!
interface FastEthernet0/8
 no ip address
!
interface FastEthernet0/9
 no ip address
!
interface FastEthernet0/10
 no ip address
!
interface FastEthernet0/11
 no ip address
!
interface FastEthernet0/12
 no ip address
!
interface FastEthernet0/13
 switchport access vlan 2
 no ip address
 service-policy input downstream_ingress
!
interface FastEthernet0/14
 switchport access vlan 2
 no ip address
!
interface FastEthernet0/15
 switchport access vlan 2
 no ip address
!
interface FastEthernet0/16
 switchport access vlan 2
 no ip address
 service-policy input ingress_novell
!
interface FastEthernet0/17
 switchport access vlan 2
 no ip address
!
interface FastEthernet0/18
 switchport access vlan 2
 no ip address
!
interface FastEthernet0/19
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/20
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/21
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/22
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/23
 switchport access vlan 3
 no ip address
!
interface FastEthernet0/24
 switchport access vlan 3
 no ip address
 service-policy input ingress_canopy
!
i
access-list 21 permit x.y.z.199
access-list 22 permit x.y.z.199
access-list 23 permit x.y.z.0 0.0.0.31
access-list 23 permit x.y.z.32 0.0.0.15
access-list 24 permit x.y.z.64 0.0.0.15
access-list 25 permit x.y.z.80 0.0.0.15
access-list 26 permit x.y.z.96 0.0.0.15
access-list 27 permit x.y.z.112 0.0.0.15
access-list 28 permit x.y.z.0 0.0.0.255
access-list 29 permit x2.y2.z2.72 0.0.0.7
access-list 30 permit x2.y2.z2.76
access-list 31 permit x2.y2.z2.77
access-list 101 permit ip any host x.y.z.199
access-list 102 permit ip any host x.y.z.199
access-list 103 permit ip any x.y.z.0 0.0.0.31
access-list 103 permit ip any x.y.z.32 0.0.0.15
access-list 104 permit ip any x.y.z.64 0.0.0.15
access-list 105 permit ip any x.y.z.80 0.0.0.15
access-list 106 permit ip any x.y.z.96 0.0.0.15
access-list 107 permit ip any x.y.z.112 0.0.0.15
access-list 108 permit ip any x.y.z.0 0.0.0.255
access-list 108 permit ip any x2.y2.z2.72 0.0.0.7
access-list 110 permit ip any host x2.y2.z2.76
access-list 111 permit ip any host x2.y2.z2.77

• Next message: kasturi cisco: "RE: Floating static routes not working on cat 4006 (w SUP III)"
• Previous message: MADMAN: "Re: getting inside the vip card in 7500"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:08 GMT-3