«

Hi guys,

Basically, I have 2 questions which I would really appreciate if
anyone can help me out here. I have already search around in Cisco
website but couldn't find a right solution to it.

Question 1.
Can anyone tell me what is the correct way to implement rate-limit on
a virtual vlan interface of a 6509?

Is the command for example, "rate-limit output 5000000 2400 3200
conform-action transmit exceed-action drop" will do the trick? Or is
this command only work on physical interface and not on virtual
interface like vlan?

Or should I do it using class map & policy map command and then apply
it at the vlan interface as in the example given below?

----start----
class-map match-all test
match any
!

policy-map vlan-2
class test
police 2000000 62500 62500 conform-action transmit exceed-action
drop


interface Vlan2
description E-merge
ip address 202.75.41.2 255.255.255.0
no ip redirects
no ip proxy-arp
service-policy input vlan-2
service-policy output vlan-2

----end----

Question 2.
Has anyone managed to implement rate limiting features on vlan
interface of a Cat 6509 successfully? The reason I asked is because I
have implement both methods and both of it shows some packet drop on
the interface once it was implemented. The only thing is that the
packet drop happened even though its input/output rate was much less
than the one specified on the rate limit command (I got the info for
the 5 min input/output rate from "sh int vlan" command).

Thanks.

Rgds,

Sham

Question 1

Either way. The class-based stuff is just a newer CLI format, called MQC -
modular qos command line interface.

You can still just apply the rate-limit command directly to the interface,
but using MQC obviously gives you far more power and enables you to
differentiate traffic.

Will work fine on a software interface.

Question 2

Remember 5 minute input output rate is just an average. You were most likely
exceeding that rate for a few seconds during that 5 minutes where the drops
occured.

You can change the 5 minute period with the load-interval command to
something like 30 seconds if you want to get more granularity.

Best method is to use the show policy-map interface vlan x command though.
That will show you the current transmit and drop rates.




"Mr_Magoo" <> wrote in message
news: om...
> Hi guys,
>
> Basically, I have 2 questions which I would really appreciate if
> anyone can help me out here. I have already search around in Cisco
> website but couldn't find a right solution to it.
>
> Question 1.
> Can anyone tell me what is the correct way to implement rate-limit on
> a virtual vlan interface of a 6509?
>
> Is the command for example, "rate-limit output 5000000 2400 3200
> conform-action transmit exceed-action drop" will do the trick? Or is
> this command only work on physical interface and not on virtual
> interface like vlan?
>
> Or should I do it using class map & policy map command and then apply
> it at the vlan interface as in the example given below?
>
> ----start----
> class-map match-all test
> match any
> !
>
> policy-map vlan-2
> class test
> police 2000000 62500 62500 conform-action transmit exceed-action
> drop
>
>
> interface Vlan2
> description E-merge
> ip address 202.75.41.2 255.255.255.0
> no ip redirects
> no ip proxy-arp
> service-policy input vlan-2
> service-policy output vlan-2
>
> ----end----
>
> Question 2.
> Has anyone managed to implement rate limiting features on vlan
> interface of a Cat 6509 successfully? The reason I asked is because I
> have implement both methods and both of it shows some packet drop on
> the interface once it was implemented. The only thing is that the
> packet drop happened even though its input/output rate was much less
> than the one specified on the rate limit command (I got the info for
> the 5 min input/output rate from "sh int vlan" command).
>
> Thanks.
>
> Rgds,
>
> Sham

Mr_Magoo wrote:
> Hi guys,
>
> Basically, I have 2 questions which I would really appreciate if
> anyone can help me out here. I have already search around in Cisco
> website but couldn't find a right solution to it.
>
> Question 1.
> Can anyone tell me what is the correct way to implement rate-limit on
> a virtual vlan interface of a 6509?
>
> Is the command for example, "rate-limit output 5000000 2400 3200
> conform-action transmit exceed-action drop" will do the trick? Or is
> this command only work on physical interface and not on virtual
> interface like vlan?
>
> Or should I do it using class map & policy map command and then apply
> it at the vlan interface as in the example given below?
>
> ----start----
> class-map match-all test
> match any
> !
>
> policy-map vlan-2
> class test
> police 2000000 62500 62500 conform-action transmit exceed-action
> drop
>
>
> interface Vlan2
> description E-merge
> ip address 202.75.41.2 255.255.255.0
> no ip redirects
> no ip proxy-arp
> service-policy input vlan-2
> service-policy output vlan-2
>
> ----end----

Both -rate-limit and policy-map- will work (we are doing that) on a VLAN.

>
> Question 2.
> Has anyone managed to implement rate limiting features on vlan
> interface of a Cat 6509 successfully? The reason I asked is because I
> have implement both methods and both of it shows some packet drop on
> the interface once it was implemented. The only thing is that the
> packet drop happened even though its input/output rate was much less
> than the one specified on the rate limit command (I got the info for
> the 5 min input/output rate from "sh int vlan" command).
>
You can have drops because of exceeding the rate-limit at a whole _and_
because of exceeding the burst-rate at a moment. You will never see that
at a 5-minute-average.

Lothar


Lothar Hofmann HRZ / computer center Mail:
Universitaet Siegen
Hoelderlinstr. 3 Phone: +49 271 740 4760
D - 57068 Siegen Fax: +49 271 740 2523

"Ben" <> wrote in message news:<6nhmc.22599$>...
> Question 1
>
> Either way. The class-based stuff is just a newer CLI format, called MQC -
> modular qos command line interface.
>

----snip----

Ok thanks Ben. I have managed to get it work with the class-based
method. As for the 'rate-limit' command, I don't think it works (I
have tried it again but still didn't work). Have you done it before (I
meant the 'rate-limit' method on the interface)? I am asking just for
the sake of knowledge.

Rgds,

Sham

I have used it on the older platforms e.g 1600 as they don't support QoS. It
worked well on ethernet interfaces. Have also used it on 7200's.
Haven't used it in this way though, with a vlan interface.

"Mr_Magoo" <> wrote in message
news: om...
> "Ben" <> wrote in message
news:<6nhmc.22599$>...
> > Question 1
> >
> > Either way. The class-based stuff is just a newer CLI format, called
MQC -
> > modular qos command line interface.
> >
>
> ----snip----
>
> Ok thanks Ben. I have managed to get it work with the class-based
> method. As for the 'rate-limit' command, I don't think it works (I
> have tried it again but still didn't work). Have you done it before (I
> meant the 'rate-limit' method on the interface)? I am asking just for
> the sake of knowledge.
>
> Rgds,
>
> Sham

Mr_Magoo wrote:
> "Ben" <> wrote in message news:<6nhmc.22599$>...
>
>>Question 1
>>
>>Either way. The class-based stuff is just a newer CLI format, called MQC -
>>modular qos command line interface.
>>
>
>
> ----snip----
>
> Ok thanks Ben. I have managed to get it work with the class-based
> method. As for the 'rate-limit' command, I don't think it works (I
> have tried it again but still didn't work). Have you done it before (I
> meant the 'rate-limit' method on the interface)? I am asking just for
> the sake of knowledge.
>
It really works on a 6509:

interface Vlan4
ip address a.b.c.d 255.255.255.0
ip broadcast-address a.b.c.255
rate-limit input access-group 2204 10000000 128000 128000
conform-action transmit exceed-action transmit
rate-limit input access-group 2104 64000 8000 8000 conform-action
transmit exceed-action drop
rate-limit input 10000000 128000 128000 conform-action transmit
exceed-action transmit
rate-limit output access-group 2304 1000000 128000 128000
conform-action transmit exceed-action drop
rate-limit output access-group 114 10000000 128000 128000
conform-action transmit exceed-action transmit
rate-limit output access-group 104 64000 8000 8000 conform-action
transmit exceed-action drop
rate-limit output 10000000 128000 128000 conform-action transmit
exceed-action transmit

show interface vlan 4 rate-limit

Vlan4
Input
matches: access-group 2204
params: 10000000 bps, 128000 limit, 128000 extended limit
conformed 15295919 packets, 2526M bytes; action: transmit
exceeded 1305 packets, 1774101 bytes; action: transmit
last packet: 444ms ago, current burst: 0 bytes
last cleared 1w2d ago, conformed 23000 bps, exceeded 0 bps
matches: access-group 2104
params: 64000 bps, 8000 limit, 8000 extended limit
conformed 66491294 packets, 6478M bytes; action: transmit
exceeded 15882049 packets, 2945M bytes; action: drop
last packet: 20ms ago, current burst: 0 bytes
last cleared 1w2d ago, conformed 60000 bps, exceeded 27000 bps
matches: all traffic
params: 10000000 bps, 128000 limit, 128000 extended limit
conformed 1053M packets, 318854M bytes; action: transmit
exceeded 11047912 packets, 13870M bytes; action: transmit
last packet: 4ms ago, current burst: 1814 bytes
last cleared 1w2d ago, conformed 2979000 bps, exceeded 129000 bps
Output
matches: access-group 2304
params: 1000000 bps, 128000 limit, 128000 extended limit
conformed 4135512 packets, 2967M bytes; action: transmit
exceeded 127727 packets, 182663283 bytes; action: drop
last packet: 20ms ago, current burst: 0 bytes
last cleared 2d18h ago, conformed 99000 bps, exceeded 6000 bps
matches: access-group 114
params: 10000000 bps, 128000 limit, 128000 extended limit
conformed 9883090 packets, 7208M bytes; action: transmit
exceeded 0 packets, 0 bytes; action: transmit
last packet: 348ms ago, current burst: 0 bytes
last cleared 2d18h ago, conformed 241000 bps, exceeded 0 bps
matches: access-group 104
params: 64000 bps, 8000 limit, 8000 extended limit
conformed 10899222 packets, 1791M bytes; action: transmit
exceeded 2928283 packets, 3074M bytes; action: drop
last packet: 48ms ago, current burst: 4065 bytes
last cleared 2d18h ago, conformed 60000 bps, exceeded 103000 bps
matches: all traffic
params: 10000000 bps, 128000 limit, 128000 extended limit
conformed 327697870 packets, 211054M bytes; action: transmit
exceeded 90971331 packets, 96825M bytes; action: transmit
last packet: 48ms ago, current burst: 5136 bytes
last cleared 2d18h ago, conformed 7085000 bps, exceeded 3250000 bps

Lothar

Lothar Hofmann

Lothar Hofmann HRZ / computer center Mail:
Universitaet Siegen
Hoelderlinstr. 3 Phone: +49 271 740 4760
D - 57068 Siegen Fax: +49 271 740 2523

"Ben" <> wrote in message news:<f2Emc.24802$>...
> I have used it on the older platforms e.g 1600 as they don't support QoS. It
> worked well on ethernet interfaces. Have also used it on 7200's.
> Haven't used it in this way though, with a vlan interface.
>

Ben,

I have tried implement the 'rate limit command' on the physical
interface like the GSR ethernet or POS interface & it works well. It
just doesn't work on the 6509 vlan interface. I did similar to the one
given in the example by Lothar (refer to his response on the same
subject). Well, anyway, since it is a live network, I don't have the
privilige to try and error a lot on the system to try to get it work
especially when I already managed to do it using the other method.
Anyway, thanks for both of you for replying to my question.

Rgds,

Sham