Saturday, December 14, 2013

QoS Traffic Policing (drop excess traffic)

Today, I was facing an issue with several users. These users were uploading big files on server (http). Unfortunately, they were using all available bandwidth. It's why, I have decided to police this specific traffic (any users to this server). With the following configuration, the bandwidth for users is limited at 3Mbps (configuration applied on a Layer 3 Switch):



  • If the bandwidth exceeds 3Mbps, following packets are dropped:

access-list 100 permit tcp any 10.10.10.200 0.0.0.0 eq www
!
class-map match-all UserTraffic
match access-group 100
!
policy-map policeTraffic
class UserTraffic
    police 3000000 conform-action transmit  exceed-action drop
!
interface Vlan999
service-policy output policeTraffic

  • Check statistics:
MYSWITCH#show policy-map  interface vlan 999
Vlan999
  Service-policy output: policeTraffic
    Class-map:UserTraffic (match-all)
      558663 packets, 827048161 bytes
      5 minute offered rate 3643000 bps, drop rate 645000 bps
      Match: access-group 100
      police:
          cir 3000000 bps, bc 93750 bytes
        conformed 460702 packets, 679305595 bytes; actions:
          transmit
        exceeded 97962 packets, 147744080 bytes; actions:
          drop
        conformed 2994000 bps, exceed 669000 bps
    Class-map: class-default (match-any)
      1626596 packets, 568490144 bytes
      5 minute offered rate 3555000 bps, drop rate 0 bps
      Match: any

No comments:

Post a Comment