why Peak Information Rate (PIR) does not work?

laisheng.miao@gmail.comlaisheng.miao@gmail.com Member Posts: 3 ■□□□□□□□□□
the related configuration on Cisco 6506 is:
policy-map testD
class class-default
police cir 300000000 bc 1200000 pir 360000000 be 1200000 conform-action transmit exceed-action transmit violate-action drop
policy-map testE
class class-default
police cir 350000000 bc 1400000 pir 420000000 be 1400000 conform-action transmit exceed-action transmit violate-action drop
policy-map testB
class class-default
police cir 100000000 bc 400000 pir 120000000 be 400000 conform-action transmit exceed-action transmit violate-action drop
policy-map testC
class class-default
police cir 200000000 bc 800000 pir 240000000 be 800000 conform-action transmit exceed-action transmit violate-action drop
policy-map testA
class class-default
police cir 10000000 bc 40000 pir 12000000 be 40000 conform-action transmit exceed-action transmit violate-action drop

interface Vlan171
bandwidth 10000
ip vrf forwarding testA
ip address 20.20.21.1 255.255.255.0
random-detect
service-policy input testA
service-policy output testA
!
interface Vlan172
bandwidth 100000
ip vrf forwarding testB
ip address 20.20.22.1 255.255.255.0
random-detect
service-policy input testB
service-policy output testB
!
interface Vlan173
bandwidth 200000
ip vrf forwarding testC
ip address 20.20.23.1 255.255.255.0
random-detect
service-policy input testC
service-policy output testC
!
interface Vlan174
bandwidth 300000
ip vrf forwarding testD
ip address 20.20.24.1 255.255.255.0
random-detect
service-policy input testD
service-policy output testD
!
interface Vlan175
bandwidth 350000
ip vrf forwarding testE
ip address 20.20.25.1 255.255.255.0
random-detect
service-policy input testE
service-policy output testE

When use Siprent test tool, I find interface Vlan 171 can send and receive more than 12Mbps, even 50Mbps, 100Mbps, etc. Is there any configuration I've missed?

Comments

  • CCIEWANNABECCIEWANNABE Banned Posts: 465
    need more info:

    do a show policy-map interface vlan171 on the 6506 and see what the output is in the conform, exceed and violate categories for the testA policy map and then paste it here.

    i would think that you would only have to use the service-policy command inbound. someone correct me if i'm wrong but if your trying to police traffic you would want to do it as close to the source as possible. in this case it would be inbound on the vlan interface, that way the switch doesn't have to do exhaust any extra cpu resources. i may be wrong, but i would think that makes sense. hope this helps!
  • CCIEWANNABECCIEWANNABE Banned Posts: 465
    ooops, double post.
  • laisheng.miao@gmail.comlaisheng.miao@gmail.com Member Posts: 3 ■□□□□□□□□□
    http://www.cisco.com/application/pdf/en/us/guest/products/ps708/c1225/ccmigration_09186a00806eca1e.pdf

    Here is the output of show policy-map
    router#show policy-map int vlan 171
    Vlan171
    Service-policy input: testA
    class-map: class-default (match-any)
    Match: any
    police :
    10000000 bps 40000 limit 40000 extended limit 12000000 pir-bps
    Earl in slot 5 :
    0 bytes
    5 minute offered rate 0 bps
    aggregate-forwarded 0 bytes action: transmit
    exceeded 0 bytes action: transmit
    violated 0 bytes action: drop
    aggregate-forward 0 bps exceed 0 bps violate 0 bps
    Service-policy output: testA
    class-map: class-default (match-any)
    Match: any
    police :
    10000000 bps 40000 limit 40000 extended limit 12000000 pir-bps
    Earl in slot 5 :
    353286 bytes
    5 minute offered rate 272 bps
    aggregate-forwarded 353286 bytes action: transmit
    exceeded 0 bytes action: transmit
    violated 0 bytes action: drop
    aggregate-forward 272 bps exceed 0 bps violate 0 bps
    router#
  • CCIEWANNABECCIEWANNABE Banned Posts: 465
    it doesn't look like you are even getting close to the bandwidth levels you are policing at. it looks like you are only at 272 bps that you are forwarding outbound with that policy map. you may want to change the load interval down to the minimum for the offered rate. i think you can go down as far as 30 seconds. this will allow you to see the traffic offered in a smaller time frame, which you need to do since it looks like the traffic is flowing to fast for you to be able to see it. to do this enter the load-interval 30 command from interface configuration mode and make sure you have your traffic flowing at that time when you do the show policy-map interface vlan171 command.
  • laisheng.miao@gmail.comlaisheng.miao@gmail.com Member Posts: 3 ■□□□□□□□□□
    When the Siprent generate data, I had done a lot of show int vlan 171, the 5 minutes input or output can reach as much as 90Mbps which is what we have configured on the Siprent.
    Right now, I can not generate the test data now, but can you see any configuration missed or error which have caused PIR does not work?
  • CCIEWANNABECCIEWANNABE Banned Posts: 465
    yeah, but you have to remember that is not the actual rate of traffic flowing through the interface at that time you do the show interface vlan171 command, that is the cummulative amount of traffic that the interface has processed since the last time you cleared the interface counters (you can look at the load that the interface is processing, but nothing will give you an exact percentage). you can't get an exact reading of bandwidth utilization by doing the show interface command, you must do the show policy-map interface testA command to see if the bandwidth is reaching the levels suggested in the policy map, and it should show the number of bytes that violate the policy map as being dropped, which should be incrementing. that is how you know it is working, but remember you have to have more than 12 meg flowing through the interface for it to violate that policy map.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    What hardware are you using?

    You have the interfaces configured in different VRFs, what are you using for the source and destination of the traffic flows?
    The only easy day was yesterday!
Sign In or Register to comment.