XOS 15.3.1.4 - policy and meter question

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
  • (Edited)
Hi,
i am wondering how to catch multiple vlan id's in one if.
Is it possible to do sth like ->  ACL-P4-IN

entry POLICE-TEST {       
 if match any {
                vlan-id 1007
                vlan-id 1008;
        }
        then {
        permit ;
        meter p4-TEST;
        }
}

Trying to apply i get 
# configure access-list ACL-P4-IN ports 4Error: Policy ACL-P4-IN has syntax errors
Line 4 : Failed argument value vlan is invalid


Second question - if i have one meter called p4-TEST - and it has Committed Rate(Kbps) = 10000
and i use this meter in one entry (src address)  and then in second entry (vlan id) of policy. 

And lets suppose that traffic caught using src address is 7mbps . Does it mean that there is 3mbps left for  traffic caught using vlan id. ?

Does multiple entries using common meter - share it ? 
Photo of Dawid Chrzan

Dawid Chrzan

  • 362 Points 250 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Ron Huygens

Ron Huygens, Employee

  • 2,878 Points 2k badge 2x thumb
Hi Dawid,

There is a syntax error on the file. There need to be a " ; " after the first vlan-id.

entry POLICE-TEST {       
 if match any {
                vlan-id 1007;
                vlan-id 1008;
        }
        then {
        permit ;
        meter p4-TEST;
        }
}


Photo of Dawid Chrzan

Dawid Chrzan

  • 362 Points 250 badge 2x thumb
Hi Ron,
this is a mistake pasting to extremenetworks.com. Ofcourse there is ";"
and the error is 
configure access-list ACL-P4-IN ports 4Error: Policy ACL-P4-IN has syntax errors
Line 4 : Attribute vlan-id already exists as a match statement in Acl entry POLICE-TEST.


Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Dave

I believe the issues is that in the IF statement you have two VLAN-ID.  Anything in the If section of the entry is considered an "and" statement so for this to match a packet would have to have both VLAN-IDs.

The best approach would break this into two entries one for each VLAN-ID.

As for your second statement the meter can be used over many entries.  Meters are done on a per chip per slice so if there are different slices to the rule for example one looking at IP and one looking at L2 those should be different.  I will check.

One thing to remember is that once traffic his an entry it exists the ACL so in your example when it hits src address it will never make it to VLAN-ID as it will exit the policy.

I hope that helps.  I will check on the meter per slice and let you know

Thanks
P
Photo of Dawid Chrzan

Dawid Chrzan

  • 362 Points 250 badge 2x thumb
Hi Paul
i see now the point with single vlan-id used in "if". Thanks.

But im looking for answer if -> using two "if" statements with two vlan-id's and one meter - results with sharing this 10mbps over these 2 vlans ? 

ps. Example with acls using source and vlan id was not so good.

Thanks...

Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey David

Yep understand if there are two entries looking at the VLAN-ID will they use the same meter.  That is what I posed internally to verify.  I believe the answer will be yes as they are using the slice in the ACL.  I will let you know when I hear the final answer.
P
Photo of Sergio Diaz

Sergio Diaz

  • 90 Points 75 badge 2x thumb
Hello Paul,

Thank you all for this informative thread.
I was also wondering if the configuration will use the same meter.
Have you been able to find out about this?


Kind regards,



Sergio
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Sergio

Sorry I did receive a response

" Looks like each entry will be considered as a separate policy. Each meter is like a template, which can be defined independently by the administrator. These templates

Can be used on different attributes such as Source MAC, Source IP, VLAN-IDs etc independently. So in this case you can have 10M for each policy."

I re-asked the question and did not get a reply back.  Let me re-post and see if I can clarify.

Thanks
P

Photo of Tyler Bartel

Tyler Bartel

  • 100 Points 100 badge 2x thumb
I am using a single acl rule a matching based on source port/protocol and applying a meter which has a 10Mb CIR / 10Mb Max-Burst. If there are 3 connections to different destination IP addresses using that matching port/protocol will each connection get the 10Mb or will they all share the 10Mb?
Photo of Alexandr

Alexandr

  • 82 Points 75 badge 2x thumb
Hi Colleagues,
Had a similar problem. We had to stick to one meter 10 mbps two vlan-id.
Decided by a selective QinQ:

configure vman ethertype 0x8100
create vman vm100
conf vm100 tag 100
conf vman vm100 add ports 1 cep cvid 200
conf vman vm100 add ports 1 cep cvid 300
conf vman vm100 add ports 2 cep cvid 200
conf vman vm100 add ports 2 cep cvid 300


vi pol-p1.pol
entry v100 {
if match all {
    vlan-id 100 ;
}
then {
    meter policy-10M ;
}
}

configure access-list pol-p1 ports 1 ingress
configure access-list pol-p1 ports 1 egress
Photo of Stephane Grosjean

Stephane Grosjean

  • 762 Points 500 badge 2x thumb
I like this approach. Nicely done.