Re: 3560 Hierarchical Policy-Maps for Traffic Policing

From: Moses Polalysa (mpurple7@yahoo.com)
Date: Wed Apr 02 2008 - 21:00:29 ART

• Next message: Angelo De Guzman: "Re:Failed R&S 1st attempt: Need clarification"
• Previous message: Shine Joseph: "RE: Diameter option in the spanning-tree vlan command."
• Maybe in reply to: Nitro Drops: "3560 Hierarchical Policy-Maps for Traffic Policing"
• Next in thread: Ramy Sisy: "RE: 3560 Hierarchical Policy-Maps for Traffic Policing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Nitro,

How if we set like this, is the result still same?

!
policy-map POLICE_32K
  class INPUT_INTERFACES
    police 32000 16000 exceed-action drop
    set ip precedence 5
!
policy-map VLAN201_POLICY
  class IP_TRAFFIC
     service-policy POLICE_64K
!

Thanks.
 
Regards,
Moses

----- Original Message ----
From: Nitro Drops <nitrodrops@hotmail.com>
To: ccielab@groupstudy.com
Sent: Thursday, April 3, 2008 5:30:54 AM
Subject: 3560 Hierarchical Policy-Maps for Traffic Policing

Hi Folks,Was practising this last evening using the IE materials, a bit lost in understanding the end results.

Setup :
SW1 F0/13 >> Trunk >> F0/13 SW2 F0/4 >> Trunk >> E0/0 R4

SW1 Vlan201 - 155.1.201.7/24
SW1 Vlan202 - 155.1.202.7/24
R4 E0/0.201 (encap dot1q vlan 201) - 155.1.201.4/24
R4 E0/0.202 (encap dot1q vlan 202) - 155.1.202.4/24

------------------------------------------------------------------------------------------------------------
SW2 is supposed to do Hierarchical Policy-Maps for Traffic Policing

SW2#
!
mls qos
!
interface F0/13
 mls qos vlan based
!
access-lisy 100 permit ip any any

!
class-map match-all IP_TRAFFIC
  match access-group 100
class-map match-all INPUT_INTERFACES
  match input-interface Fa0/13
!
policy-map POLICE_32K
  class INPUT_INTERFACES
    police 32000 16000 exceed-action drop
!
policy-map POLICE_64K
  class INPUT_INTERFACES
    police 64000 32000 exceed-action drop
!
policy-map VLAN201_POLICY
  class IP_TRAFFIC
   set ip precedence 5
   service-policy POLICE_64K
!
policy-map VLAN202_POLICY
  class IP_TRAFFIC
   set ip precedence 4
   service-policy POLICE_32K
!
interface vlan 201
 service input VLAN201_POLICY
!
interface vlan 202
 service input VLAN202_POLICY

----------------------------------------------------------------------------------------------------------------
Verification results

SW1#ping 155.1.201.4 repeat 100 size 1490 timeout 1

Type escape sequence to abort.
Sending 100, 1490-byte ICMP Echos to 155.1.201.4, timeout is 1 seconds:
!!!!!!!!!!!!!!!!!!!!!!.!!!!!.!!!!!!.!!!!!!.!!!!!!.!!!!!.!!!!!!.!!!!!.!!!!!!.!!!!!!.!!!!!.!!!!!!.!!!!
Success rate is 88 percent (88/100), round-trip min/avg/max = 1/27/151 ms

SW1#ping 155.1.202.4 repeat 100 size 1490 timeout 1

Type escape sequence to abort.
Sending 100, 1490-byte ICMP Echos to 155.1.202.4, timeout is 1 seconds:
!!!!!!!!!!!.!!.!!.!!!.!!.!!.!!!.!!.!!.!!!.!!.!!.!!.!!!.!!.!!!.!!.!!.!!.!!!.!!.!!!.!!.!!!.!!.!!.!!!.!
Success rate is 73 percent (73/100), round-trip min/avg/max = 1/56/160 ms

Qns 1.) Looking at the Ping results from SW1 to 155.1.201.4 & 155.1.202.4
How come when i ping a big packet size from SW1 to 155.1.201.4 &
155.1.202.4, packet losses are encountered? Based on the SW2 policing,
it is limiting 64k for vlan201 and 32k for vlan202.

Is it because when i ping a big packet of size 1490 bytes ( =
11920bits), when it hits 64kbps for vlan 201, the timeout happens. The
same goes for 32kbps for vlan202? Because the ratelimit for vlan 202
(32k)is smaller than vlan 201 (64k), timeouts happen more often when
tracing to 155.1.202.4.

---------------------------------------------------------------------------------------------------------------------------------

SW2#sh mls qos interface F0/13 statistics
FasttEthernet0/13
  dscp: incoming
-------------------------------
  0 - 4 : 200 0 0 0 0
  5 - 9 : 0 0 0 0 0

  dscp: outgoing
-------------------------------
  0 - 4 : 189 0 0 0 0
  5 - 9 : 0 0 0 0 0

Qns2.) Look at the mls qos statistics of SW2 F0/13. Since the traffic is coming into SW2 F0/13 from SW1, how come there are values in the "DSCP:outgoing (DSCP1)"? Shouldnt it just hit "DSCP:incoming(DSCP1)" only?

SW2#sh mls qos interface F0/4 statistics

FasttEthernet0/4

  dscp: incoming

-------------------------------
  30 - 34 : 0 0 85 0 0
  35 - 39 : 0 0 0 0 0

  40 - 44 : 87 0 0 0 0

  dscp: outgoing

-------------------------------
  30 - 34 : 0 0 85 0 0

  35 - 39 : 0 0 0 0 0

  40 - 44 : 87 0 0 0 0

Qns3.) Look at the mls qos statistics of SW2 F0/4. Since the traffic
is going out from SW2 F0/4 to R4 F0/0, how come there are values in the
"DSCP:incoming (DSCP32,40)"? Shouldnt it just hit "DSCP:outgoing(DSCP32,40)"
only?My understanding is SW1 f0/13 >> traffic >> (incoming) F0/13 SW2 F0/4 (Outgoing) >> traffic (incoming) R4Appreciate any kind replies.

• Next message: Angelo De Guzman: "Re:Failed R&S 1st attempt: Need clarification"
• Previous message: Shine Joseph: "RE: Diameter option in the spanning-tree vlan command."
• Maybe in reply to: Nitro Drops: "3560 Hierarchical Policy-Maps for Traffic Policing"
• Next in thread: Ramy Sisy: "RE: 3560 Hierarchical Policy-Maps for Traffic Policing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:49 ART