Re: Two switches in truking 802.1q with QoS

You were right :

SW-REPLICACION-MON(config-if)#service-policy out VLAN120
police command is not supported for this interface
The interface does not support the specified policy configuration and/or
parameter values.
Warning: Assigning a policy map to the output side of an interface not
supported
SW-REPLICACION-MON(config-if)#

My Bad, I am so sorry,

Regards

----- Original Message -----
From: "Bryan Bartik" <bbartik_at_ipexpert.com>
To: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
Cc: "Petr Lapukhov" <petr_at_internetworkexpert.com>; <ccielab_at_groupstudy.com>
Sent: Wednesday, December 30, 2009 12:25 AM
Subject: Re: Two switches in truking 802.1q with QoS

> Try to attach a policy and see what happens :)
>
> On Tue, Dec 29, 2009 at 10:13 PM, Edouard Zorrilla
> <ezorrilla_at_tsf.com.pe>wrote:
>
>> Thanks for answering Petr,
>>
>> My switch is : 3560,
>>
>> SW-REPLICACION-MON(config-if)#do sh ver | in WS
>> cisco WS-C3560G-24TS (PowerPC405) processor (revision D0) with 131072K
>> bytes of memory.
>> Model number : WS-C3560G-24TS-S
>> * 1 28 WS-C3560G-24TS 12.2(53)SE C3560-IPBASEK9-M
>>
>> And It support ingress and egress policy :
>>
>> SW-REPLICACION-MON(config)#int vlan 750
>> SW-REPLICACION-MON(config-if)#service-policy ?
>> input Assign policy-map to the input of an interface
>> output Assign policy-map to the output of an interface
>>
>> SW-REPLICACION-MON(config-if)#int gi0/24
>> SW-REPLICACION-MON(config-if)#service-policy ?
>> input Assign policy-map to the input of an interface
>> output Assign policy-map to the output of an interface
>> SW-REPLICACION-MON(config-if)#
>>
>> So, what do you mean, when you said "3560 model does not support egress
>> policing" ?,
>>
>> Thanks a lot,
>>
>> Regards
>>
>> ----- Original Message ----- From: "Petr Lapukhov" <
>> petr_at_internetworkexpert.com>
>> To: "Bryan Bartik" <bbartik_at_ipexpert.com>
>> Cc: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>; <ccielab_at_groupstudy.com>
>> Sent: Tuesday, December 29, 2009 11:49 PM
>> Subject: Re: Two switches in truking 802.1q with QoS
>>
>>
>>
>> Hi All,
>>
>> Unfortunately, the 3560 model does not support egress policing.
>> However, it does support a rudimentary form of traffic shaping via the
>> SRR queueing strategy (shaped mode). Specifically, any given egress
>> queue (there are 4 of them) on any port could be limited in its
>> transmission rate. The limiting is actually based on the SRR, and
>> resembles traffic shaping in the way that it does not drop "exceeding"
>> packets but queues them.
>>
>> Let's say you need to limit SWA VLAN120's egress traffic on the trunk
>> link. You need to do the following:
>>
>> 1) Enable VLAN based QoS on all ingress links that may potentially
>> carry VLAN 120
>> 2) Attach a service policy that marks all ingress packets with DSCP
>> value of X to VLAN120's SVI
>> 3) Configure the switch to map the DSCP value of X to, say, queue 4
>> 4) Configure the trunk port to shape queue 4's bandwidth to 1/N of the
>> interface rate so that the resulting sending rate is close to 150Mbps.
>> In case of 1000 Mbps link, N is 1000/150 = approx 7
>>
>> Here is a sample configuration:
>>
>> mls qos
>> !
>> interface FastEthernet 0/13
>> mls qos vlan-based
>> !
>> interface FastEthernet 0/15
>> mls qos vlan-based
>> !
>> .. enable the above on all ingress ports with VLAN 120
>>
>> !
>> ! All IP Traffic
>> !
>> ip access-list extended IP_ACL
>> permit ip any any
>> !
>> class-map IP_TRAFFIC
>> match access-group name IP_ACL
>> !
>> ! Mark IP traffic with DSCP 16 (DSCP X)
>> !
>> policy-map VLAN120_MARK
>> class IP_TRAFFIC
>> set dscp 16
>> class class-default
>> trust dscp
>> !
>> interface vlan 120
>> service-policy input VLAN120_MARK
>>
>> !
>> ! Map all VLAN120's IP traffic to (DSCP 16=CS2) to queue 4
>> !
>> mls qos srr-queue output dscp-map queue 4 16
>>
>> !
>> ! Set queue 4's shaping weight to 7 to limit the egress rate to 1/7 of
>> 1000 (port speed)
>> !
>> interface FastEthernet 0/6
>> speed 1000
>> srr-queue bandwidth shape 0 0 0 7
>>
>> The obvious drawback is that you need to reserve a special queue just
>> for this particular purpose, plus use a dedicated DSCP value which
>> might not be used by any other traffic. If the link bandwidth is not
>> heavily oversubscribed you may use the ingress policing method that
>> Bryan has demonstrated. It is much more scalable in terms of resources
>> used, though allows for egress port overutilization.
>>
>> HTH,
>> --
>> Petr Lapukhov, petr_at_INE.com
>> CCIE #16379 (R&S/Security/SP/Voice)
>>
>> Internetwork Expert, Inc.
>> http://www.INE.com
>> Toll Free: 877-224-8987
>> Outside US: 775-826-4344
>>
>> 2009/12/29 Bryan Bartik <bbartik_at_ipexpert.com>:
>>
>>> Hi, Edouard,
>>>
>>> I am not sure how to do this outbound, but inbound can be done using a
>>> hierarchical policy. The following example matches the trunk interface
>>> and
>>> limits it to 150m.
>>>
>>> mls qos
>>> access-list 100 permit ip any any
>>>
>>> class-map match-all IP
>>> match access-group 100
>>> ! this is the input trunk interface
>>> class-map match-all TRUNK
>>> match input-interface g0/1
>>>
>>> ! this the child policy
>>> policy-map VLAN120-POLICER
>>> class TRUNK
>>> police 150m 187500 exceed-action drop
>>> ! this is the parent policy with child nested below
>>> policy-map VLAN120-PARENT
>>> class IP
>>> trust
>>> service-policy VLAN120-POLICER
>>>
>>> interface g0/1
>>> mls qos vlan-based
>>> interface Vlan120
>>> no ip address
>>> service-policy input VLAN120-PARENT
>>>
>>> You could also use similar policies for the access ports, policing them
>>> individually or as a range I believe. It would be nice if you could use
>>> an
>>> aggregate police action in a class that matches all access ports but it
>>> is
>>> not supported (in the IOS I tried).
>>>
>>> Perhaps someone knows a better way to do outbound policing if
>>> possible...
>>>
>>> On Tue, Dec 29, 2009 at 8:03 PM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe
>>> >wrote:
>>>
>>> Hello,
>>>>
>>>> I have two switches 3560 in trunk 802.1q with 1000Mbps (1GEth.), there
>>>> I
>>>> have
>>>> many vlans, one of them is vlan120.
>>>>
>>>> SWA ------------[802.1q at 1000Mbps]-------------------------SWB
>>>>
>>>> Do any one know how can I set up QoS there so that I limit the bandwith
>>>> for
>>>> vlan120 to 150Mbps ?. What I want is that vlan120 just go up to 150Mbps
>>>> instead of taking all traffic in the trunk link (1000Mbps.) = Limit the
>>>> amount
>>>> of traffic entering the SW and limiting the amount of traffic leaving
>>>> the
>>>> SW
>>>> at the same time.
>>>>
>>>> I am reading this configurations guide :
>>>>
>>>>
>>>>
>>>> http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12
>>>> .2_52_se/configuration/guide/swqos.html
>>>>
>>>> But I do not figure out yet how can I acomplish it,
>>>>
>>>> Any help will be appreciated.
>>>>
>>>> Best Regards
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Bryan Bartik
>>> CCIE #23707 (R&S, SP), CCNP
>>> Sr. Support Engineer - IPexpert, Inc.
>>> URL: http://www.IPexpert.com
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
> --
> Bryan Bartik
> CCIE #23707 (R&S, SP), CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 30 2009 - 00:39:07 ART