c3560 and traffic policing issue from Calin Chiorean on 2012-03-11 (Ccielab archives 03/2012)

From: Calin Chiorean <calin_at_engineer.com>
Date: Sun, 11 Mar 2012 20:04:55 +0100

Hello all,

I have a QoS related issue with 3560 and I'm thinking that maybe you can
help me.

The topology is something like:

R1 - SW1 - SW2 - R3

On R1 I have to mark all traffic with DSCP 10:

policy-map OUT
class class-default
set ip dscp 10
!
int fa0/0
service-policy output OUT

To prove that this is working (SW1 / SW2 mls qos disabled) I have on R3
a policy-map with a class-map matching on DSCP 10. I issue a ping from
R1 to R3 and:

R3#sh policy-map int fa0/1
FastEthernet0/1

Service-policy input: IN

    Class-map: D10 (match-all)
      5 packets, 570 bytes
      30 second offered rate 0 bps
      Match: ip dscp af11 (10)

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any

Everything working.

Now the issue. On SW2 I need to match on DSCP 10 traffic and to police
it to 1Mbps:

!
no mls qos rewrite ip dscp
mls qos
!
class-map match-all D10
match ip dscp 10
!
policy-map POLICE
class D10
police 1000000 250000 exceed-action drop
!
int fa0/19
service-policy input POLICE

For a test, I issue another ping from R1 to R3. I see the packets on R3,
but on SW2 there seems to be no packet matched:

SW2#sh policy-map int fa0/19
FastEthernet0/19

Service-policy input: POLICE

    Class-map: D10 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip dscp af11 (10)

    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        5 minute rate 0 bps

It appear to match zero packets, but if I police very low to let's say
10kbits and I look at the interface statistics of R3, the policing seems
to work

The IOS image on the 3560 is:
SW2#sh ver | i image
System image file is "flash:c3560-advipservicesk9-mz.122-44.SE6.bin"

Do you think it's a bug on 3560 (I could not find one on Cisco Bug
toolkit) and the police actually work but the output is wrong?

Thanks to all!

Cheers,
Calin C.

Blogs and organic groups at http://www.ccie.net
Received on Sun Mar 11 2012 - 20:04:55 ART

This archive was generated by hypermail 2.2.0 : Sun Apr 01 2012 - 07:56:52 ART