QOS on 2950

[mate75]

Hello,

I'm trying to configure qos on 2950 to restrict speed for several users who sit on 10/100 ports. For example for only 8Mb/s for traffic in direction to the users.

To achive this I configure my switch in the following way:

1. Configure access-list to choose particular user:

#access-list 199 permit ip any 192.168.0.0 0.0.0.255

2. Configure class-map for this user:

#class-map match-all cl-user
#match access-group 199

3. Configure policy-map to tie speed policy 8Mb/s and burst 8192 with particular user:

#policy-map pol-input
#class cl-user
#police 8000000 8192 exceed-action drop

4. Finally, I assign this policy to gigabit interface which is configured as trunk to the network core switch (currently cat 3750). This port receives traffic from other parts of the network to the local users.

#int gi0/X
#service-policy input pol-input

At this moment switch starts policing traffic but result is strange. Download speed is about 250Kbit/s (about 8 mb/s expected). If I increase burst parameter speed is getting faster:
burst: 32768, speed: about 900 Kbit/s
burst: 131072, speed: about 3.5 Mb/s
burst: 262144, speed: about 5.4 Kbit/s

If I try to restrict upload speed by configuring policers on 10/100 ports results are more starnge: For example this command restrict upload speed to approximately 2.5 Mb/s but it brobabely should be about 20 Mb/s:

#police 20000000 65536 exceed-action drop

The questions are:

Do I missunderstand something? Is this behavior usual? Or 2950 doesn't have enough functionality to perform policing well? And would 3550/2560 or 3750 catalysts (upstream switches) be better choices to achieve my goal if configure qos on them instead of 2950?

Thanks in advance for any comments/ideas.

Roman

 

[ADB100]

What are you using to test? If you are just using FTP or copying via Windows shares then its likely the results won't be anything like the raw bandwidth. I would suggest using something like IPerf and sending UDP traffic at different rates. TCP will inherantly back off when packets get dropped so you will likely see the 'saw-tooth' effect.

I am interested in how you get on with this as I have configured classifying and policing on 2950's but have never tested it like this - I have just 'believed' the documentation.....

Some Q&A on 2950 QoS here:

http://www.cisco.com/en/US/partner/tech/tk389/tk813/technologies_q_and_a_item09186a00804976d3.shtml

Let me know how you get on.

Andy

 

[mate75]

Thanks for your reply.

I used iperf, but not udp. http/ftp download/upload was used too.

I also believed the documentation right before the actual testing. Moreover, I currently have linux-box as router in production which is also police traffic (tc/htb/~70 classes) and it performs just fine. It gives almost what I expect.

Unfortunately, I couldn't get the page on the cisco site. It tels: The Page You Have Requested Is Not Available.

PS: burst: 262144, speed: about 5.4 Mb/s ( not 5.4 kbit/s)

 

[ADB100]

Sorry I was logged into Cisco when I searched....

http://www.cisco.com/en/US/tech/tk389/tk813/technologies_q_and_a_item09186a00804976d3.shtml

I have a 2950T that runs the EI features. If I get time I will try and set this up. What were the IPerf settings you used?

Andy

 

[mate75]

I also have EI. I used iperf v. 1.7.0 for Windows with default settins. Like this:

iperf -c 192.168.0.32 -i2 -t15

On other end: iperf -s

As I mentioned before, I used same iperf version to test qos on linux-box so I am sure in it.

Thanks for the link.

 

[ADB100]

I have just tested this and you are correct - it doesn't do what it's supposed to do....

I tested something similar earlier today on a 3550 and this did pretty much what I configured it to do, however the rates were much less - 64Kbps (IPerf showed between 64 & 67Kbps with a UDP flow).

I am having a dig around the documentation but I can't seem to see anything.....

Andy

 

[ADB100]

I am still trying to understand the logic of the 2950 configuration but if I configure the following policy:

 Policy Map pol-input
  class  restrict
   police 8000000 16384 exceed-action drop

I can get roughly 8Mbps using IPerf and UDP:

7Mbps

C:\iperf>iperf -c 192.168.150.129 -u -b 7000k
------------------------------------------------------------
Client connecting to 192.168.150.129, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 8.00 KByte (default)
------------------------------------------------------------
[1884] local 192.168.100.60 port 4913 connected with 192.168.150.129 port 5001
[ ID] Interval       Transfer     Bandwidth
[1884]  0.0-10.0 sec  8.31 MBytes  6.96 Mbits/sec
[1884] Server Report:
[1884]  0.0-10.0 sec  8.31 MBytes  6.96 Mbits/sec  0.636 ms    0/ 5929 (0%)
[1884] Sent 5929 datagrams

8Mbps

C:\iperf>iperf -c 192.168.150.129 -u -b 8000k
------------------------------------------------------------
Client connecting to 192.168.150.129, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 8.00 KByte (default)
------------------------------------------------------------
[1884] local 192.168.100.60 port 4918 connected with 192.168.150.129 port 5001
[ ID] Interval       Transfer     Bandwidth
[1884]  0.0-10.0 sec  9.49 MBytes  7.94 Mbits/sec
[1884] Server Report:
[1884]  0.0-10.0 sec  9.16 MBytes  7.68 Mbits/sec  0.581 ms  233/ 6766 (3.4%)
[1884] Sent 6766 datagrams

9Mbps

C:\iperf>iperf -c 192.168.150.129 -u -b 9000k
------------------------------------------------------------
Client connecting to 192.168.150.129, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 8.00 KByte (default)
------------------------------------------------------------
[1884] local 192.168.100.60 port 4919 connected with 192.168.150.129 port 5001
[ ID] Interval       Transfer     Bandwidth
[1884]  0.0-10.0 sec  10.7 MBytes  8.99 Mbits/sec
[1884] Server Report:
[1884]  0.0-10.0 sec  9.22 MBytes  7.73 Mbits/sec  0.809 ms 1079/ 7658 (14%)
[1884] Sent 7658 datagrams

I can't quite understand the logic of the burst size in the policer with the 2950, nor can I find any detailed documentation on CCO.

I will play around with it some more next week.

Andy

 

[mate75]

Yes, you see exactly what I am talking about. I's strange.

For the moment I tried the following:

1. Updated the IOS to 12.1(22)EA10 (there was EA2).
2. Made auto qos on interface (there was default).
3. Tried to play with buffers.

The result is nothing, unfortunately. The only change I see is that now policy changes can be applied immediately. There is no need to remove and then assign it again to the interface in order to turn the changes in effect.

I feel there is a point to contact to Cisco staff. But I don't have subscription to support service.

 

[ADB100]

If you take a look here:

http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml

This details the policing for a Catalyst 3550 and gives you the equation for working out the burst size. I can't find a similar document on CCO. However my results are different to yours - I can police @ roughly 8Mbps using a burst size of 16384-Bytes (it is slightly less than 8Mbps). I am however using UDP so it is likely the results will be different. Can you retest using UDP to see if you get the same results as me?

Andy