L3スイッチで帯域制限をやってみた個人メモです。
使用機材:
* FW(Router) : Fortigate-60E
* L3 : Catalyst 3560
* PC1,2 : Ubuntu18.04
設定
fa 0/1とFa0/8にそれぞれ10Mbpsの帯域制限を入れます。制限の種類は「ポリシング」で超過トラフィックのパケットをドロップする設定になります。Switch>ena
Switch#conf t
Switch(config)#mls qos
Switch(config)#class-map match-all vlan1
Switch(config-cmap)#match access-group name vlan1
Switch(config-cmap)#exit
Switch(config)#policy-map vlan1-police
Switch(config-pmap)#class vlan1
Switch(config-pmap-c)#police 10m 1000000 exceed-action drop
Switch(config-pmap-c)#exit
Switch(config-pmap)#exit
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#service-policy input vlan1-police
Switch(config-if)#exit
Switch(config)#interface fastEthernet 0/8
Switch(config-if)#service-policy input vlan1-police
Switch(config-if)#exit
Switch(config)#ip access-list extended vlan1
Switch(config-ext-nacl)#permit ip 0.0.0.0 255.255.255.255 any
Switch(config-ext-nacl)#exit
Switch(config-if)#end
Switch#write memory
### memo
Switch(config-pmap-c)#police ?
<8000-10000000000> Bits per second (postfix k, m, g optional; decimal point
allowed)
aggregate Choose aggregate policer for current class
Switch(config-pmap-c)#
動作確認
iperf3コマンドを使ってPC1 –> PC2で帯域確認を行います。hiro@hiro [22時18分07秒] [~]
-> % iperf3 -t 30 -c 192.168.1.111
Connecting to host 192.168.1.111, port 5201
[ 4] local 192.168.1.100 port 45052 connected to 192.168.1.111 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 2.23 MBytes 18.7 Mbits/sec 126 2.83 KBytes
[ 4] 1.00-2.00 sec 1.12 MBytes 9.38 Mbits/sec 92 1.41 KBytes
[ 4] 2.00-3.00 sec 1.37 MBytes 11.5 Mbits/sec 121 9.90 KBytes
[ 4] 3.00-4.00 sec 1.06 MBytes 8.86 Mbits/sec 118 4.24 KBytes
[ 4] 4.00-5.00 sec 1.12 MBytes 9.38 Mbits/sec 95 2.83 KBytes
[ 4] 5.00-6.00 sec 1.12 MBytes 9.38 Mbits/sec 112 7.07 KBytes
[ 4] 6.00-7.00 sec 1.12 MBytes 9.38 Mbits/sec 117 1.41 KBytes
[ 4] 7.00-8.00 sec 1.18 MBytes 9.90 Mbits/sec 127 2.83 KBytes
[ 4] 8.00-9.00 sec 1.24 MBytes 10.4 Mbits/sec 101 2.83 KBytes
[ 4] 9.00-10.00 sec 1018 KBytes 8.34 Mbits/sec 40 4.24 KBytes
[ 4] 10.00-11.00 sec 1.12 MBytes 9.38 Mbits/sec 119 2.83 KBytes
[ 4] 11.00-12.00 sec 1.12 MBytes 9.38 Mbits/sec 99 2.83 KBytes
[ 4] 12.00-13.00 sec 1.12 MBytes 9.38 Mbits/sec 97 8.48 KBytes
[ 4] 13.00-14.00 sec 1.12 MBytes 9.38 Mbits/sec 119 4.24 KBytes
[ 4] 14.00-15.00 sec 1.12 MBytes 9.38 Mbits/sec 116 8.48 KBytes
[ 4] 15.00-16.00 sec 1.24 MBytes 10.4 Mbits/sec 113 26.9 KBytes
[ 4] 16.00-17.00 sec 1.24 MBytes 10.4 Mbits/sec 117 9.90 KBytes
[ 4] 17.00-18.00 sec 1.06 MBytes 8.86 Mbits/sec 92 7.07 KBytes
[ 4] 18.00-19.00 sec 1.24 MBytes 10.4 Mbits/sec 133 2.83 KBytes
[ 4] 19.00-20.00 sec 1.06 MBytes 8.86 Mbits/sec 90 4.24 KBytes
[ 4] 20.00-21.00 sec 1.12 MBytes 9.38 Mbits/sec 87 2.83 KBytes
[ 4] 21.00-22.00 sec 1.06 MBytes 8.86 Mbits/sec 101 7.07 KBytes
[ 4] 22.00-23.00 sec 1.24 MBytes 10.4 Mbits/sec 123 7.07 KBytes
[ 4] 23.00-24.00 sec 1.06 MBytes 8.86 Mbits/sec 84 8.48 KBytes
[ 4] 24.00-25.00 sec 1.12 MBytes 9.38 Mbits/sec 130 5.66 KBytes
[ 4] 25.00-26.00 sec 1.12 MBytes 9.38 Mbits/sec 102 4.24 KBytes
[ 4] 26.00-27.00 sec 1.12 MBytes 9.38 Mbits/sec 107 7.07 KBytes
[ 4] 27.00-28.00 sec 1.12 MBytes 9.38 Mbits/sec 109 1.41 KBytes
[ 4] 28.00-29.00 sec 1.37 MBytes 11.5 Mbits/sec 142 8.48 KBytes
[ 4] 29.00-30.00 sec 1.12 MBytes 9.38 Mbits/sec 129 2.83 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-30.00 sec 35.4 MBytes 9.90 Mbits/sec 3258 sender
[ 4] 0.00-30.00 sec 35.0 MBytes 9.78 Mbits/sec receiver
iperf Done.
hiro@hiro [22時18分42秒] [~]
「police 10m 1000000 exceed-action drop」でバーストサイズを8000にすると、10Mbps制限をかけても4Mbps程度になって想定した動作にならなかった。
参考:
Catalyst ( 2960 / 3560 / 3750 ) QoS
4.1.4 ポート帯域制御