Implementing rate-limit at vlan interface for Cat 6509

Discussion in 'Cisco' started by Mr_Magoo, May 5, 2004.

  1. Mr_Magoo

    Mr_Magoo Guest

    Hi guys,

    Basically, I have 2 questions which I would really appreciate if
    anyone can help me out here. I have already search around in Cisco
    website but couldn't find a right solution to it.

    Question 1.
    Can anyone tell me what is the correct way to implement rate-limit on
    a virtual vlan interface of a 6509?

    Is the command for example, "rate-limit output 5000000 2400 3200
    conform-action transmit exceed-action drop" will do the trick? Or is
    this command only work on physical interface and not on virtual
    interface like vlan?

    Or should I do it using class map & policy map command and then apply
    it at the vlan interface as in the example given below?

    ----start----
    class-map match-all test
    match any
    !

    policy-map vlan-2
    class test
    police 2000000 62500 62500 conform-action transmit exceed-action
    drop


    interface Vlan2
    description E-merge
    ip address 202.75.41.2 255.255.255.0
    no ip redirects
    no ip proxy-arp
    service-policy input vlan-2
    service-policy output vlan-2

    ----end----

    Question 2.
    Has anyone managed to implement rate limiting features on vlan
    interface of a Cat 6509 successfully? The reason I asked is because I
    have implement both methods and both of it shows some packet drop on
    the interface once it was implemented. The only thing is that the
    packet drop happened even though its input/output rate was much less
    than the one specified on the rate limit command (I got the info for
    the 5 min input/output rate from "sh int vlan" command).

    Thanks.

    Rgds,

    Sham
     
    Mr_Magoo, May 5, 2004
    #1
    1. Advertising

  2. Mr_Magoo

    Ben Guest

    Question 1

    Either way. The class-based stuff is just a newer CLI format, called MQC -
    modular qos command line interface.

    You can still just apply the rate-limit command directly to the interface,
    but using MQC obviously gives you far more power and enables you to
    differentiate traffic.

    Will work fine on a software interface.

    Question 2

    Remember 5 minute input output rate is just an average. You were most likely
    exceeding that rate for a few seconds during that 5 minutes where the drops
    occured.

    You can change the 5 minute period with the load-interval command to
    something like 30 seconds if you want to get more granularity.

    Best method is to use the show policy-map interface vlan x command though.
    That will show you the current transmit and drop rates.




    "Mr_Magoo" <> wrote in message
    news:...
    > Hi guys,
    >
    > Basically, I have 2 questions which I would really appreciate if
    > anyone can help me out here. I have already search around in Cisco
    > website but couldn't find a right solution to it.
    >
    > Question 1.
    > Can anyone tell me what is the correct way to implement rate-limit on
    > a virtual vlan interface of a 6509?
    >
    > Is the command for example, "rate-limit output 5000000 2400 3200
    > conform-action transmit exceed-action drop" will do the trick? Or is
    > this command only work on physical interface and not on virtual
    > interface like vlan?
    >
    > Or should I do it using class map & policy map command and then apply
    > it at the vlan interface as in the example given below?
    >
    > ----start----
    > class-map match-all test
    > match any
    > !
    >
    > policy-map vlan-2
    > class test
    > police 2000000 62500 62500 conform-action transmit exceed-action
    > drop
    >
    >
    > interface Vlan2
    > description E-merge
    > ip address 202.75.41.2 255.255.255.0
    > no ip redirects
    > no ip proxy-arp
    > service-policy input vlan-2
    > service-policy output vlan-2
    >
    > ----end----
    >
    > Question 2.
    > Has anyone managed to implement rate limiting features on vlan
    > interface of a Cat 6509 successfully? The reason I asked is because I
    > have implement both methods and both of it shows some packet drop on
    > the interface once it was implemented. The only thing is that the
    > packet drop happened even though its input/output rate was much less
    > than the one specified on the rate limit command (I got the info for
    > the 5 min input/output rate from "sh int vlan" command).
    >
    > Thanks.
    >
    > Rgds,
    >
    > Sham
     
    Ben, May 6, 2004
    #2
    1. Advertising

  3. Mr_Magoo wrote:
    > Hi guys,
    >
    > Basically, I have 2 questions which I would really appreciate if
    > anyone can help me out here. I have already search around in Cisco
    > website but couldn't find a right solution to it.
    >
    > Question 1.
    > Can anyone tell me what is the correct way to implement rate-limit on
    > a virtual vlan interface of a 6509?
    >
    > Is the command for example, "rate-limit output 5000000 2400 3200
    > conform-action transmit exceed-action drop" will do the trick? Or is
    > this command only work on physical interface and not on virtual
    > interface like vlan?
    >
    > Or should I do it using class map & policy map command and then apply
    > it at the vlan interface as in the example given below?
    >
    > ----start----
    > class-map match-all test
    > match any
    > !
    >
    > policy-map vlan-2
    > class test
    > police 2000000 62500 62500 conform-action transmit exceed-action
    > drop
    >
    >
    > interface Vlan2
    > description E-merge
    > ip address 202.75.41.2 255.255.255.0
    > no ip redirects
    > no ip proxy-arp
    > service-policy input vlan-2
    > service-policy output vlan-2
    >
    > ----end----


    Both -rate-limit and policy-map- will work (we are doing that) on a VLAN.

    >
    > Question 2.
    > Has anyone managed to implement rate limiting features on vlan
    > interface of a Cat 6509 successfully? The reason I asked is because I
    > have implement both methods and both of it shows some packet drop on
    > the interface once it was implemented. The only thing is that the
    > packet drop happened even though its input/output rate was much less
    > than the one specified on the rate limit command (I got the info for
    > the 5 min input/output rate from "sh int vlan" command).
    >

    You can have drops because of exceeding the rate-limit at a whole _and_
    because of exceeding the burst-rate at a moment. You will never see that
    at a 5-minute-average.

    Lothar


    Lothar Hofmann HRZ / computer center Mail:
    Universitaet Siegen
    Hoelderlinstr. 3 Phone: +49 271 740 4760
    D - 57068 Siegen Fax: +49 271 740 2523
     
    Lothar Hofmann, May 6, 2004
    #3
  4. Mr_Magoo

    Mr_Magoo Guest

    "Ben" <> wrote in message news:<6nhmc.22599$>...
    > Question 1
    >
    > Either way. The class-based stuff is just a newer CLI format, called MQC -
    > modular qos command line interface.
    >


    ----snip----

    Ok thanks Ben. I have managed to get it work with the class-based
    method. As for the 'rate-limit' command, I don't think it works (I
    have tried it again but still didn't work). Have you done it before (I
    meant the 'rate-limit' method on the interface)? I am asking just for
    the sake of knowledge. :)

    Rgds,

    Sham
     
    Mr_Magoo, May 6, 2004
    #4
  5. Mr_Magoo

    Ben Guest

    I have used it on the older platforms e.g 1600 as they don't support QoS. It
    worked well on ethernet interfaces. Have also used it on 7200's.
    Haven't used it in this way though, with a vlan interface.

    "Mr_Magoo" <> wrote in message
    news:...
    > "Ben" <> wrote in message

    news:<6nhmc.22599$>...
    > > Question 1
    > >
    > > Either way. The class-based stuff is just a newer CLI format, called

    MQC -
    > > modular qos command line interface.
    > >

    >
    > ----snip----
    >
    > Ok thanks Ben. I have managed to get it work with the class-based
    > method. As for the 'rate-limit' command, I don't think it works (I
    > have tried it again but still didn't work). Have you done it before (I
    > meant the 'rate-limit' method on the interface)? I am asking just for
    > the sake of knowledge. :)
    >
    > Rgds,
    >
    > Sham
     
    Ben, May 7, 2004
    #5
  6. Mr_Magoo wrote:
    > "Ben" <> wrote in message news:<6nhmc.22599$>...
    >
    >>Question 1
    >>
    >>Either way. The class-based stuff is just a newer CLI format, called MQC -
    >>modular qos command line interface.
    >>

    >
    >
    > ----snip----
    >
    > Ok thanks Ben. I have managed to get it work with the class-based
    > method. As for the 'rate-limit' command, I don't think it works (I
    > have tried it again but still didn't work). Have you done it before (I
    > meant the 'rate-limit' method on the interface)? I am asking just for
    > the sake of knowledge. :)
    >

    It really works on a 6509:

    interface Vlan4
    ip address a.b.c.d 255.255.255.0
    ip broadcast-address a.b.c.255
    rate-limit input access-group 2204 10000000 128000 128000
    conform-action transmit exceed-action transmit
    rate-limit input access-group 2104 64000 8000 8000 conform-action
    transmit exceed-action drop
    rate-limit input 10000000 128000 128000 conform-action transmit
    exceed-action transmit
    rate-limit output access-group 2304 1000000 128000 128000
    conform-action transmit exceed-action drop
    rate-limit output access-group 114 10000000 128000 128000
    conform-action transmit exceed-action transmit
    rate-limit output access-group 104 64000 8000 8000 conform-action
    transmit exceed-action drop
    rate-limit output 10000000 128000 128000 conform-action transmit
    exceed-action transmit

    show interface vlan 4 rate-limit

    Vlan4
    Input
    matches: access-group 2204
    params: 10000000 bps, 128000 limit, 128000 extended limit
    conformed 15295919 packets, 2526M bytes; action: transmit
    exceeded 1305 packets, 1774101 bytes; action: transmit
    last packet: 444ms ago, current burst: 0 bytes
    last cleared 1w2d ago, conformed 23000 bps, exceeded 0 bps
    matches: access-group 2104
    params: 64000 bps, 8000 limit, 8000 extended limit
    conformed 66491294 packets, 6478M bytes; action: transmit
    exceeded 15882049 packets, 2945M bytes; action: drop
    last packet: 20ms ago, current burst: 0 bytes
    last cleared 1w2d ago, conformed 60000 bps, exceeded 27000 bps
    matches: all traffic
    params: 10000000 bps, 128000 limit, 128000 extended limit
    conformed 1053M packets, 318854M bytes; action: transmit
    exceeded 11047912 packets, 13870M bytes; action: transmit
    last packet: 4ms ago, current burst: 1814 bytes
    last cleared 1w2d ago, conformed 2979000 bps, exceeded 129000 bps
    Output
    matches: access-group 2304
    params: 1000000 bps, 128000 limit, 128000 extended limit
    conformed 4135512 packets, 2967M bytes; action: transmit
    exceeded 127727 packets, 182663283 bytes; action: drop
    last packet: 20ms ago, current burst: 0 bytes
    last cleared 2d18h ago, conformed 99000 bps, exceeded 6000 bps
    matches: access-group 114
    params: 10000000 bps, 128000 limit, 128000 extended limit
    conformed 9883090 packets, 7208M bytes; action: transmit
    exceeded 0 packets, 0 bytes; action: transmit
    last packet: 348ms ago, current burst: 0 bytes
    last cleared 2d18h ago, conformed 241000 bps, exceeded 0 bps
    matches: access-group 104
    params: 64000 bps, 8000 limit, 8000 extended limit
    conformed 10899222 packets, 1791M bytes; action: transmit
    exceeded 2928283 packets, 3074M bytes; action: drop
    last packet: 48ms ago, current burst: 4065 bytes
    last cleared 2d18h ago, conformed 60000 bps, exceeded 103000 bps
    matches: all traffic
    params: 10000000 bps, 128000 limit, 128000 extended limit
    conformed 327697870 packets, 211054M bytes; action: transmit
    exceeded 90971331 packets, 96825M bytes; action: transmit
    last packet: 48ms ago, current burst: 5136 bytes
    last cleared 2d18h ago, conformed 7085000 bps, exceeded 3250000 bps

    Lothar

    Lothar Hofmann

    Lothar Hofmann HRZ / computer center Mail:
    Universitaet Siegen
    Hoelderlinstr. 3 Phone: +49 271 740 4760
    D - 57068 Siegen Fax: +49 271 740 2523
     
    Lothar Hofmann, May 7, 2004
    #6
  7. Mr_Magoo

    Mr_Magoo Guest

    "Ben" <> wrote in message news:<f2Emc.24802$>...
    > I have used it on the older platforms e.g 1600 as they don't support QoS. It
    > worked well on ethernet interfaces. Have also used it on 7200's.
    > Haven't used it in this way though, with a vlan interface.
    >


    Ben,

    I have tried implement the 'rate limit command' on the physical
    interface like the GSR ethernet or POS interface & it works well. It
    just doesn't work on the 6509 vlan interface. I did similar to the one
    given in the example by Lothar (refer to his response on the same
    subject). Well, anyway, since it is a live network, I don't have the
    privilige to try and error a lot on the system to try to get it work
    especially when I already managed to do it using the other method.
    Anyway, thanks for both of you for replying to my question. :)

    Rgds,

    Sham
     
    Mr_Magoo, May 8, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Darek
    Replies:
    1
    Views:
    1,556
    Andrea Giordano
    Feb 24, 2004
  2. Adam Landas

    Supervisor Engine on a cat 6509

    Adam Landas, Jan 17, 2005, in forum: Cisco
    Replies:
    6
    Views:
    5,195
  3. Replies:
    2
    Views:
    1,307
    Matthew Melbourne
    Jan 24, 2007
  4. Giuen
    Replies:
    0
    Views:
    1,163
    Giuen
    Sep 12, 2008
  5. saji
    Replies:
    0
    Views:
    2,322
Loading...

Share This Page