Options
QoS Policing not working for HTTP
I have this config on a router;
class-map match-all http
match protocol http
match access-group 10
class-map match-all ftp
match protocol ftp
policy-map corp
class ftp
police 15000
class http
police cir 8000
exceed-action drop
interface Ethernet0
ip address 10.2.1.2 255.255.255.0
full-duplex
service-policy input corp
interface FastEthernet0
ip address 10.1.1.1 255.255.255.0
speed auto
service-policy output corp
interface Serial0
no ip address
shutdown
ip route 0.0.0.0 0.0.0.0 10.1.1.254
access-list 10 permit 10.2.1.1
It's supposed to match http traffic and traffic from 10.2.1.1 and police it down to 8000 bits.
However when this is applied to the interfaces it does not seem to police it all the way down.... I run an online speed checker and can download at 72KB. It is limiting the traffic down though because if i remove the config from the interfaces my speed jumps up to over 250KB..
So why wouldn't it be policing it all the way down?
The topology is
PC
Router_With_QoS
swtich
internet modem.
Would it be because the router will police the traffic down when it sends it out the interface connected to the switch, but since this is diffserv and no QoS is on the switch it will speed back up again?
class-map match-all http
match protocol http
match access-group 10
class-map match-all ftp
match protocol ftp
policy-map corp
class ftp
police 15000
class http
police cir 8000
exceed-action drop
interface Ethernet0
ip address 10.2.1.2 255.255.255.0
full-duplex
service-policy input corp
interface FastEthernet0
ip address 10.1.1.1 255.255.255.0
speed auto
service-policy output corp
interface Serial0
no ip address
shutdown
ip route 0.0.0.0 0.0.0.0 10.1.1.254
access-list 10 permit 10.2.1.1
It's supposed to match http traffic and traffic from 10.2.1.1 and police it down to 8000 bits.
However when this is applied to the interfaces it does not seem to police it all the way down.... I run an online speed checker and can download at 72KB. It is limiting the traffic down though because if i remove the config from the interfaces my speed jumps up to over 250KB..
So why wouldn't it be policing it all the way down?
The topology is
PC
Router_With_QoS
swtich
internet modem.
Would it be because the router will police the traffic down when it sends it out the interface connected to the switch, but since this is diffserv and no QoS is on the switch it will speed back up again?
CCIE# 38186
showroute.net
showroute.net
Comments
-
Options
kpjungle
Member Posts: 426
I have this config on a router;
class-map match-all http
match protocol http
match access-group 10
class-map match-all ftp
match protocol ftp
policy-map corp
class ftp
police 15000
class http
police cir 8000
exceed-action drop
interface Ethernet0
ip address 10.2.1.2 255.255.255.0
full-duplex
service-policy input corp
interface FastEthernet0
ip address 10.1.1.1 255.255.255.0
speed auto
service-policy output corp
interface Serial0
no ip address
shutdown
ip route 0.0.0.0 0.0.0.0 10.1.1.254
access-list 10 permit 10.2.1.1
It's supposed to match http traffic and traffic from 10.2.1.1 and police it down to 8000 bits.
However when this is applied to the interfaces it does not seem to police it all the way down.... I run an online speed checker and can download at 72KB. It is limiting the traffic down though because if i remove the config from the interfaces my speed jumps up to over 250KB..
So why wouldn't it be policing it all the way down?
The topology is
PC
Router_With_QoS
swtich
internet modem.
Would it be because the router will police the traffic down when it sends it out the interface connected to the switch, but since this is diffserv and no QoS is on the switch it will speed back up again?
Have you tried to check the rate your router drops with?
Ie.: sh policy-map int <interface>
See if you get the expected results.Studying for CCNP (All done)