[c-nsp] shaping w/sub interfaces - drops

[Dan Letkeman]

Hello,

I'm wondering if its possible to eliminate drops using shaping?  I
have a sub interface set-up for guest access and I want to limit all
access to 3mbps and http access to 2mbps.  If I apply a policy to the
sub interface I continuously see drops on the http class when it runs
in and around 2mbps.  Its just web browsing so I don't ever want to
drop the packets just retransmit.

I have the following configured:

class-map match-all http
 match protocol http

policy-map guest-output
 class http
  shape peak 200 50 25
 class class-default
  shape average 300 256000

policy-map guest-input
 class guest-upload
police 75 10 1000 conform-action transmit  exceed-action
drop  violate-action drop

interface GigabitEthernet0/0.823
 encapsulation dot1Q 823
 ip address 10.7.184.1 255.255.255.0
 ip access-group wifiguest in
 ip helper-address 10.4.0.5
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip virtual-reassembly
 ip policy route-map router-astarogw
 service-policy input guest-input
 service-policy output guest-output


I am also seeing drops on the physical interface G0/0.  I tried to
apply a policy and it says I cannot do any shaping when shaping is
already applied to a sub interface.  Do I need to apply a policy to
the G0/0 interface first, and then apply a policy to shape certain
traffic on the sub interface?

Any hints, ideas or configuration examples would be appreciated.

Thanks,
Dan.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] shaping w/sub interfaces - drops

[Jay Hennigan]

On 12/21/11 11:11 AM, Dan Letkeman wrote:
 Hello,
 
 I'm wondering if its possible to eliminate drops using shaping?  I
 have a sub interface set-up for guest access and I want to limit all
 access to 3mbps and http access to 2mbps.  If I apply a policy to the
 sub interface I continuously see drops on the http class when it runs
 in and around 2mbps.  Its just web browsing so I don't ever want to
 drop the packets just retransmit.

When you limit traffic by any means you may have the choice to either
delay the excess packets or drop them.  Delaying the packets means
storing them in a buffer until the traffic falls below the limit, then
forwarding them.

The buffers have a limited size.  If there is more traffic than the
buffers can hold, it will eventually be dropped.  There is lots of
discussion and several examples regarding this with leaky bucket
analogies.

So if there is more traffic than the configured shape rate (or more
traffic than the physical medium can handle) it will get dropped either
immediately or when the buffers fill up depending on configuration,
amount of memory, etc.

Upper-layer protocols such as TCP can mitigate this by slowing the input
rate when drops are detected.  But if there is more traffic coming in
than the buffers, shape limit, or outbound medium can handle, it must
get dropped.  There's nowhere else for it to go.

--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/