Qos does not works

SI-SPMT · December 7, 2021, 5:48pm

Hello,
I made several policies on a Nexus 9000 C93180YC-FX (NXOS Version 9.3(4))

ip access-list limitation10Mo
  10 permit ip any any
ip access-list limitation1Mo
  10 permit ip any any
class-map type qos match-any 1Mo
  match access-group name limitation1Mo
class-map type qos match-any 10Mo
  match access-group name limitation10Mo
policy-map type qos 1Mo
  class 1Mo
    police cir 1 mbps bc 200 ms conform transmit violate drop
policy-map type qos 10Mo
  class 10Mo
    police cir 10 mbps bc 200 ms conform transmit violate drop

when i apply this on different ports it doesn’t work properly.

interface Ethernet1/3
  service-policy type qos input 10Mo
  service-policy type qos output 10Mo
  ip address 192.168.2.2/24
  no shutdown 
interface Ethernet1/4
  service-policy type qos input 1Mo
  service-policy type qos output 1Mo
  ip address 192.168.3.2/24
  no shutdown

In the example above when I do download and upload tests on interface 1/3 or 1/4 the values are always 1MB download and 1MB upload.
So my question is the following, can we apply several different policies on different ports of the nexus 9000

Kind regards,
Ben

lagapidis · December 9, 2021, 7:34am

Hello SPM

First of all, looking at your configuration, I don’t immediately see anything wrong with it. It looks like it should be OK. I suggest you examine how you are doing the upload and download tests. Are you sure that when you are testing Ethernet 1/3 at 10Mbps, your test traffic is not flowing via Ethernet 1/4 as well simply due to your topology? Or is it being limited by some other policy on the switch?

To test this, you can change the CIR of your 1Mo class to 1 mbps, and do the tests again for both interfaces. If you find that you are now limited to 2 Mbps, then it could be that test traffic for Ethernet 1/3 is somehow taking a path via Ethernet 1/4 as well, thus limiting this traffic.

Take a look and let us know your results. If you need further help troubleshooting let us know.

I hope this has been helpful!

Laz

SI-SPMT · December 15, 2021, 2:36pm

lagapidis:

First of all, looking at your configuration, I don’t immediately see anything wrong with it. It looks like it should be OK. I suggest you examine how you are doing the upload and download tests. Are you sure that when you are testing Ethernet 1/3 at 10Mbps, your test traffic is not flowing via Ethernet 1/4 as well simply due to your topology? Or is it being limited by some other policy on the switch?

To test this, you can change the CIR of your 1Mo class to 1 mbps, and do the tests again for both interfaces. If you find that you are now limited to 2 Mbps, then it could be that test traffic for Ethernet 1/3 is somehow taking a path via Ethernet 1/4 as well, thus limiting this traffic.

Take a look and let us know your results. If you need further help troubleshooting let us know.

I hope this has been helpful!

Laz

Hello laz, thank you for your reply.
I performed the tests with a laptop directly connected to the Nexus9K ethernet port 1/3 with 192.168.2.45/24 gateway 192.168.2.2 to a speedtest website and the result was 1mbps
I then performed the test with a laptop PC directly connected to the Nexus9K on a 1/4 ethernet port with 192.168.3.45/24 gateway 192.168.3.2 to a speedtest website and the result was 1mbps

On your advice I applied a policy to a 1mbps on the 1/3 and 1/4 ethernet port, I obtained on the speedtest a result of 1mbps.

The policies presented in my post are the only ones on the switch.

best regards,

well

lagapidis · December 17, 2021, 6:49am

Hello SPM

I’m starting to think that the limiting speed of 1Mbps is not found on the interfaces themselves, but somewhere downstream, elsewhere on your network, or on your Internet connection. What may be misleading here is that the measured speed of the speedtest is the same as the policing speed configured on Ethernet 1/4, giving the impression that there is some kind of link between these. I suggest you try some of the following:

Remove all policies from a particular port, and attempt to do a speedtest to see what kinds of speeds you should expect without a policer. If you’re still at 1Mbps, then the bottleneck is somewhere else.
Create a policer at a value different than 1Mbps. Set it to 5 or 2 Mbps and see if that actually changes the speedtest results.

In this way, you will be able to determine if the 1Mbps you are seeing is really due to the 1Mbps policer on the one interface, or is due to some other limitation elsewhere on the network.

I believe you will find that the policer on Ethernet 1/4 is not the limiting factor in this speedtest limit that you are experiencing. Let us know your results!

I hope this has been helpful!

Laz

SI-SPMT · December 17, 2021, 11:44am

Hello,

When there is no policy on the eth 1/3 and 1/4 port the speed is 120Mbps for download and 10Mbps for upload.
1 - I see that when I put a policy of 1 or 5 or 10 Mbps on port 1/3, it is applied correctly. The speedtest is indeed identical to the policy set up on port.
2 - However the problem I encounter is only when I apply a policy different from the previous one on a second port.
Thanks for your help.

Ben

lagapidis · December 20, 2021, 6:50am

Hello SPM

Your troubleshooting process is perfect. It confirms that there is no bottleneck elsewhere that may cause this behavior. I find it very strange that the policy applied to one interface seems to be limiting the traffic on another interface.

Unfortunately, I don’t have nexus devices available to do some lab tests on these policies. However, I’ll let Rene know to take a look as well, maybe another set of eyes looking at the problem anew will help…

Laz