1. Home
  2. Cisco Systems
  3. Catalyst IOS policer

Catalyst IOS policer

I have a switch thats connected to the internet via an ethernet connection, i want to limit 2 subnets to a download speed of

10MB...this is what i have

class-map match-all Test match access-group 150 ! ! policy-map DOWNLOAD class Test police 10000000 64000 exceed-action drop

int f0/24 desc Connection to Internet no switchport ip address 172.29.65.2 255.255.255.252 logging event trunk-status logging event bundle-status service-policy input DOWNLOAD

access-list 150 permit ip any 192.168.13.0 0.0.0.255 access-list 150 permit ip any 192.168.16.0 0.0.0.255

what happens is web surfing seems to be ok, but when i try an download a service pack or something large from the internet i get very slow response, around 20-30K...why is this?

TIA!!!!

Reply to
SW
Loading thread data ...

Two possibilities come to mind:

1) duplex mismatch. These get -far- worse under loads;

2) when you apply a policer to incoming data, the only thing it can do is drop the data that has already been sent, resulting in TCP timeouts on the packets that kick in the congestion reduction algorithms that reduce the window size. It should grow the window again (slowly) until it finds a window size that works consistantly -- but if you are policing an interface aggregate rather than a single flow, you probably aren't going to be able to find a speed that works consistantly, and so are probably going to end up with small window sizes.

Also, each time you do get packets dropped because of the policer, you are going to have the latency factored in as well (because your end is going to have to timeout and NAK and the NAK has to get through the whole pipe); and of course you also waste any packets that were already in the pipe, sent in the same window size but which didn't happen to get dropped by the policer. Selective ACK can reduce that effect.

All in all, incoming policers with drop just don't work as well as one might hope.

Reply to
Walter Roberson

Is there a better way on a catalyst 3750 to do rate limiting? Idealy id like to have a shaper, but those arent supported on IOS switches...any ideas out there guys???

TIA

Reply to
SW

Take a look at doing traffic shaping on egress ports instead. That way traffic is queued as opposed to being dropped.

Here's a discussion on what the 3750 can do, refer to the configuration guide for your IOS release for specifics on how to configure it.

formatting link
Brian

Reply to
response3

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.