Re: Two switches in truking 802.1q with QoS

Try to attach a policy and see what happens :)

On Tue, Dec 29, 2009 at 10:13 PM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe>wrote:

> Thanks for answering Petr,
>
> My switch is : 3560,
>
> SW-REPLICACION-MON(config-if)#do sh ver | in WS
> cisco WS-C3560G-24TS (PowerPC405) processor (revision D0) with 131072K
> bytes of memory.
> Model number : WS-C3560G-24TS-S
> * 1 28 WS-C3560G-24TS 12.2(53)SE C3560-IPBASEK9-M
>
> And It support ingress and egress policy :
>
> SW-REPLICACION-MON(config)#int vlan 750
> SW-REPLICACION-MON(config-if)#service-policy ?
> input Assign policy-map to the input of an interface
> output Assign policy-map to the output of an interface
>
> SW-REPLICACION-MON(config-if)#int gi0/24
> SW-REPLICACION-MON(config-if)#service-policy ?
> input Assign policy-map to the input of an interface
> output Assign policy-map to the output of an interface
> SW-REPLICACION-MON(config-if)#
>
> So, what do you mean, when you said "3560 model does not support egress
> policing" ?,
>
> Thanks a lot,
>
> Regards
>
> ----- Original Message ----- From: "Petr Lapukhov" <
> petr_at_internetworkexpert.com>
> To: "Bryan Bartik" <bbartik_at_ipexpert.com>
> Cc: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>; <ccielab_at_groupstudy.com>
> Sent: Tuesday, December 29, 2009 11:49 PM
> Subject: Re: Two switches in truking 802.1q with QoS
>
>
>
> Hi All,
>
> Unfortunately, the 3560 model does not support egress policing.
> However, it does support a rudimentary form of traffic shaping via the
> SRR queueing strategy (shaped mode). Specifically, any given egress
> queue (there are 4 of them) on any port could be limited in its
> transmission rate. The limiting is actually based on the SRR, and
> resembles traffic shaping in the way that it does not drop "exceeding"
> packets but queues them.
>
> Let's say you need to limit SWA VLAN120's egress traffic on the trunk
> link. You need to do the following:
>
> 1) Enable VLAN based QoS on all ingress links that may potentially
> carry VLAN 120
> 2) Attach a service policy that marks all ingress packets with DSCP
> value of X to VLAN120's SVI
> 3) Configure the switch to map the DSCP value of X to, say, queue 4
> 4) Configure the trunk port to shape queue 4's bandwidth to 1/N of the
> interface rate so that the resulting sending rate is close to 150Mbps.
> In case of 1000 Mbps link, N is 1000/150 = approx 7
>
> Here is a sample configuration:
>
> mls qos
> !
> interface FastEthernet 0/13
> mls qos vlan-based
> !
> interface FastEthernet 0/15
> mls qos vlan-based
> !
> .. enable the above on all ingress ports with VLAN 120
>
> !
> ! All IP Traffic
> !
> ip access-list extended IP_ACL
> permit ip any any
> !
> class-map IP_TRAFFIC
> match access-group name IP_ACL
> !
> ! Mark IP traffic with DSCP 16 (DSCP X)
> !
> policy-map VLAN120_MARK
> class IP_TRAFFIC
> set dscp 16
> class class-default
> trust dscp
> !
> interface vlan 120
> service-policy input VLAN120_MARK
>
> !
> ! Map all VLAN120's IP traffic to (DSCP 16=CS2) to queue 4
> !
> mls qos srr-queue output dscp-map queue 4 16
>
> !
> ! Set queue 4's shaping weight to 7 to limit the egress rate to 1/7 of
> 1000 (port speed)
> !
> interface FastEthernet 0/6
> speed 1000
> srr-queue bandwidth shape 0 0 0 7
>
> The obvious drawback is that you need to reserve a special queue just
> for this particular purpose, plus use a dedicated DSCP value which
> might not be used by any other traffic. If the link bandwidth is not
> heavily oversubscribed you may use the ingress policing method that
> Bryan has demonstrated. It is much more scalable in terms of resources
> used, though allows for egress port overutilization.
>
> HTH,
> --
> Petr Lapukhov, petr_at_INE.com
> CCIE #16379 (R&S/Security/SP/Voice)
>
> Internetwork Expert, Inc.
> http://www.INE.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> 2009/12/29 Bryan Bartik <bbartik_at_ipexpert.com>:
>
>> Hi, Edouard,
>>
>> I am not sure how to do this outbound, but inbound can be done using a
>> hierarchical policy. The following example matches the trunk interface and
>> limits it to 150m.
>>
>> mls qos
>> access-list 100 permit ip any any
>>
>> class-map match-all IP
>> match access-group 100
>> ! this is the input trunk interface
>> class-map match-all TRUNK
>> match input-interface g0/1
>>
>> ! this the child policy
>> policy-map VLAN120-POLICER
>> class TRUNK
>> police 150m 187500 exceed-action drop
>> ! this is the parent policy with child nested below
>> policy-map VLAN120-PARENT
>> class IP
>> trust
>> service-policy VLAN120-POLICER
>>
>> interface g0/1
>> mls qos vlan-based
>> interface Vlan120
>> no ip address
>> service-policy input VLAN120-PARENT
>>
>> You could also use similar policies for the access ports, policing them
>> individually or as a range I believe. It would be nice if you could use an
>> aggregate police action in a class that matches all access ports but it is
>> not supported (in the IOS I tried).
>>
>> Perhaps someone knows a better way to do outbound policing if possible...
>>
>> On Tue, Dec 29, 2009 at 8:03 PM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe
>> >wrote:
>>
>> Hello,
>>>
>>> I have two switches 3560 in trunk 802.1q with 1000Mbps (1GEth.), there I
>>> have
>>> many vlans, one of them is vlan120.
>>>
>>> SWA ------------[802.1q at 1000Mbps]-------------------------SWB
>>>
>>> Do any one know how can I set up QoS there so that I limit the bandwith
>>> for
>>> vlan120 to 150Mbps ?. What I want is that vlan120 just go up to 150Mbps
>>> instead of taking all traffic in the trunk link (1000Mbps.) = Limit the
>>> amount
>>> of traffic entering the SW and limiting the amount of traffic leaving the
>>> SW
>>> at the same time.
>>>
>>> I am reading this configurations guide :
>>>
>>>
>>>
>>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
>>> .2_52_se/configuration/guide/swqos.html
>>>
>>> But I do not figure out yet how can I acomplish it,
>>>
>>> Any help will be appreciated.
>>>
>>> Best Regards
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> Bryan Bartik
>> CCIE #23707 (R&S, SP), CCNP
>> Sr. Support Engineer - IPexpert, Inc.
>> URL: http://www.IPexpert.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>

-- 
Bryan Bartik
CCIE #23707 (R&S, SP), CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net