Hello,
I made several policies on a Nexus 9000 C93180YC-FX (NXOS Version 9.3(4))
ip access-list limitation10Mo
10 permit ip any any
ip access-list limitation1Mo
10 permit ip any any
class-map type qos match-any 1Mo
match access-group name limitation1Mo
class-map type qos match-any 10Mo
match access-group name limitation10Mo
policy-map type qos 1Mo
class 1Mo
police cir 1 mbps bc 200 ms conform transmit violate drop
policy-map type qos 10Mo
class 10Mo
police cir 10 mbps bc 200 ms conform transmit violate drop
when i apply this on different ports it doesn’t work properly.
interface Ethernet1/3
service-policy type qos input 10Mo
service-policy type qos output 10Mo
ip address 192.168.2.2/24
no shutdown
interface Ethernet1/4
service-policy type qos input 1Mo
service-policy type qos output 1Mo
ip address 192.168.3.2/24
no shutdown
In the example above when I do download and upload tests on interface 1/3 or 1/4 the values are always 1MB download and 1MB upload.
So my question is the following, can we apply several different policies on different ports of the nexus 9000
First of all, looking at your configuration, I don’t immediately see anything wrong with it. It looks like it should be OK. I suggest you examine how you are doing the upload and download tests. Are you sure that when you are testing Ethernet 1/3 at 10Mbps, your test traffic is not flowing via Ethernet 1/4 as well simply due to your topology? Or is it being limited by some other policy on the switch?
To test this, you can change the CIR of your 1Mo class to 1 mbps, and do the tests again for both interfaces. If you find that you are now limited to 2 Mbps, then it could be that test traffic for Ethernet 1/3 is somehow taking a path via Ethernet 1/4 as well, thus limiting this traffic.
Take a look and let us know your results. If you need further help troubleshooting let us know.
Hello laz, thank you for your reply.
I performed the tests with a laptop directly connected to the Nexus9K ethernet port 1/3 with 192.168.2.45/24 gateway 192.168.2.2 to a speedtest website and the result was 1mbps
I then performed the test with a laptop PC directly connected to the Nexus9K on a 1/4 ethernet port with 192.168.3.45/24 gateway 192.168.3.2 to a speedtest website and the result was 1mbps
On your advice I applied a policy to a 1mbps on the 1/3 and 1/4 ethernet port, I obtained on the speedtest a result of 1mbps.
The policies presented in my post are the only ones on the switch.
I’m starting to think that the limiting speed of 1Mbps is not found on the interfaces themselves, but somewhere downstream, elsewhere on your network, or on your Internet connection. What may be misleading here is that the measured speed of the speedtest is the same as the policing speed configured on Ethernet 1/4, giving the impression that there is some kind of link between these. I suggest you try some of the following:
Remove all policies from a particular port, and attempt to do a speedtest to see what kinds of speeds you should expect without a policer. If you’re still at 1Mbps, then the bottleneck is somewhere else.
Create a policer at a value different than 1Mbps. Set it to 5 or 2 Mbps and see if that actually changes the speedtest results.
In this way, you will be able to determine if the 1Mbps you are seeing is really due to the 1Mbps policer on the one interface, or is due to some other limitation elsewhere on the network.
I believe you will find that the policer on Ethernet 1/4 is not the limiting factor in this speedtest limit that you are experiencing. Let us know your results!
When there is no policy on the eth 1/3 and 1/4 port the speed is 120Mbps for download and 10Mbps for upload.
1 - I see that when I put a policy of 1 or 5 or 10 Mbps on port 1/3, it is applied correctly. The speedtest is indeed identical to the policy set up on port.
2 - However the problem I encounter is only when I apply a policy different from the previous one on a second port.
Thanks for your help.
Your troubleshooting process is perfect. It confirms that there is no bottleneck elsewhere that may cause this behavior. I find it very strange that the policy applied to one interface seems to be limiting the traffic on another interface.
Unfortunately, I don’t have nexus devices available to do some lab tests on these policies. However, I’ll let Rene know to take a look as well, maybe another set of eyes looking at the problem anew will help…