mark.tinka at seacom.mu
Sun May 24 11:22:58 UTC 2020
On 21/May/20 21:08, Bryan Holloway wrote:
> * Rate-limit at the Layer 2 switch for both customer ingress/egress,
In the past, we did this on the routers, as most switches only supported
ingress policing and egress shaping, often with very tiny buffers.
Recently, some switches do now support ingress and egress policing.
Being able to do this as close to the customer as possible is always
most effective, especially if you run LAG's between a switch and
> * Rate-limit at the Layer 3 router upstream, i/e, or
This is how we used to do it, but became problematic when you ran LAG's
between switches and routers.
However, between switches supporting ingress/egress policing, as well as
moving away from switch-router LAG's to native 100Gbps trunks, you can
now police on the router or switch without much concern. The choice of
either is determined by the number of services customers buy on a single
> * Some combination thereof? E.g.: Rate-limit my traffic towards the
> customer closer to the core, and rate-limit ingress closer to the edge?
Where we run LAG's between routers and switches, we police on the switch.
Where we run 100Gbps native trunks between switches and routers, we
police on the router depending on the type of service, i.e., a Q-in-Q
setup for a customer where different services being delivered on the
same switch port have different policing requirements.
> I've done all three on some level in my travels, but in the past it's
> also been oftentimes vendor-centric which hindered a scalable or
> "templateable" solution. (Some things police in only one direction, or
> only well in one direction, etc.)
Yes, we've oscillated between different methods depending, particularly,
on what (switch) vendor we used.
> In case someone is interested in a tangible example, imagine an Arista
> switch and an ASR9k router. :)
Arista do support ingress/egress policing (tested on the 7280R). The
previous Juniper EX4550's we ran only shaped on egress, and that was
problematic due to the small buffers it has.
You should have a lot more flexibility on the ASR9000 router, except in
cases where you need to police services delivered on a LAG.
More information about the NANOG