My first official technical post. Unfortunately, it is not about Data Center. My work has been dragging me into dealing with the new Catalyst 6880-X, so I have to delay my post on Data Center study.
In this blog post, I will share with you the configuration that I am currently using to apply Bandwidth throttling on VLAN interface using policing.
To understand Policing, and also burst rate, I would recommend the below 2 blog posts:
- QoS Traffic Policing Explain by Rene Molenaar: http://networklessons.com/quality-of-service/qos-traffic-policing-explained/
- The meaning of Burst Rate (BC) with Traffic Policing by Petr Lapukhov: http://blog.ine.com/2009/12/12/the-meaning-of-bc-with-traffic-policing/
For my configuration, I stick with the formula
bc = 1.5 * CIR
where bc is the burst rate, 1.5 is a golden value of token refresh rate (tc) and CIR is the Committed Rate.
Interface Te5/1/5 is a trunk port connect directly to the firewall, which will carry all 4 VLANs.
The goal is to policing incoming and outgoing traffic of on each vlan. VLAN71 will have full 10Mbps (CIR), allow to burst up to 15 Mbps (bc) (bc=1.5*10Mbps), same as VLAN81. With the same calculation, VLAN72 and VLAN82 will have 25Mbps CIR, and bc = 37.5Mbps.
A note from IOS CLI is that CIR's unit is bps (bit per second), and increment of 1000 (not 1024). BC's unit, however, is Bps (byte per second). So, the above number will turn out to be
- CIR = 10Mbps = 10,000,000 bps
BC = 15Mbps = 15,000,000 bps = 1,875,000 Bps
- CIR = 25Mbps = 25,000,000 bps
BC = 37.5Mbps = 37,500,000 bps = 4,687,500 Bps
Here is my config
1.) Enable QoS Police on the platform
4.) Enable VLAN-BASED QoS to the physical/trunk interface. The interface is actually Te1/5/5. I made a typo in my visio diagram above
5.) And finally, apply it to the SVI that I want to.
I hope this is helpful to anyone who land on my blog. It took me a while to finally get the config to work correctly. TC value is very important. Changing TC value will control the actual amount of bandwidth the interface allows.
One draw back on my post is that I haven't completely understand Policing yet. There are values and concept that for now, I'm taking it as it is. Eventually, I will follow-up with another post where I will take on QoS Policing and BC with my own understanding.
Thank you for reading.