I have a query regarding traffic shaping on the Cisco 3850-XS for a particular scenario. We have a 10Gbps connection between two locations and we need to establish a logical trunk over this to separate different traffic from one another.
We plan to use VLANs and VRFs for this. Between the two locations for each VLAN we will use a /30, SVI. I would like to restrict the amount of traffic egressing out of each VLAN either side of the connection. There will be no hosts within the VLAN, the VLAN and SVI will simply be a transit Vlan.
I was thinking I would enable traffic shaping and shape the traffic to a configured amount of the 10Gbps. The switch appears to take the commands but I’m not sure if this is the right way to achieve the objective or I should consider something else? I can’t use a native routed connection between the sites as there is a requirement for potentially several separate routing tables, hence the trunk and SVIs.
The 3850 supports per VLAN QoS so you have a couple of options. You could shape each VLAN to 1 Gbit but that means that VLAN never gets to go above 1 Gbit…is that what you are looking for? Instead of shaping, you also could use a policer which drops the traffic.
You might also want to look at some nested policies. For example, when you shape up to 1 Gbit, you might want to prioritize sensitive traffic like VoIP.
I can probably explain it better with a topology drawing.
I have incoming connections, routed ports, via two physical connections to the switch. I then have a trunk that connects the two sites. I am using a Vlan SVI only for the transit over the trunk. I have no physical ports in the Vlan. I would like to shape the traffic out of the physical interface that the logical SVI is routing over. In further reading I have done, I don’t believe I can apply the policy-map to the SVI, I think I need to configure it on the physical interface. My only doubt now is that the physical interface (trunk) is not in an explicit VRF. If I apply the policy-map to the physical interface, and use class-map to identify traffic by destination, then applying shaping, will this work transparently or do I also need to consider the VRF in the MQC configuration on the physical interface?
You can configure a nonhierarchical policy map on a physical port that specifies which traffic class to act on
In VLAN-based QoS, a service policy is applied to an SVI interface
You don’t have to worry about the VRF or L3, that’s not needed to apply QoS on the switch. You should be able to create a class-map / policy-map with the traffic you want to match and be good to go.
If you want to test this in a safe way, you can always create a class-map and a policy-map, just don’t add any actions to it. You’ll at least be able to see the counters. If you try anything that the switch doesn’t support (like adding a hierarchical policy map on a physical port) it will throw an error.
