Header Only - DO NOT REMOVE - Extreme Networks
Question

ingress rate-limit problem


I'm having problem with access-list that i'm using for user ports ingress-limit. Sometimes access-list just seems to fail. User get IP-address, but no trafic will flood.

Only way to solve that problem is unconfigure access-list for that user port and put it back.

Meter that i use is:
create meter meter10M
configure meter meter10M committed-rate 11000 Kbps max-burst-size 500 Kb out-actions drop[/code]
And my policy-file:
entry policy {
if match all {
}
then {
permit;
meter meter10M ;
}}
[/code]
How i use it under port:
configure access-list in_10M port 2 ingress[/code]
Does anyone have same problem? Or am i doing something wrong?
I have x460, x440, x430 switches and it's same problem with all of them.

9 replies

Userlevel 5
Tuomas Rasku,

I have reviewed the configuration, the meter configuration looks fine. During the failed state, you have mentioned that no traffic will flood, can you please clarify this part?
Also, did you get a chance to look at the port utilization during a working condition and non-working condition? Command to check the port utilization "show ports utilization".
What is the EXOS Release running on the switch?

Regards,
Sumeesh.v
We have different EXOS versions on switshes, 15.3.1.4, 15.5.2.9 pathc1-5, 15.7.1.4. Same problem with all.
I can check the port utilization at next time when this problem occurs. But sometimes it might get i while.
When this problem is on, there is no RX-trafic. Some TX-trafic goes, but only few bits.
Userlevel 3
Hi Tuomas,

you wrote that sometimes ACL fail to install and you must unconfigure ACL's.
Maybe the ACL manager has a problem to install ACL because it has no space for it.

Could you show us:
for 24 port switch
sh access-list usage acl-slice port 1

For 48 port switch
sh access-list usage acl-slice port 1
sh access-list usage acl-slice port 25

and write on what model you have execute that command

Do you have ACL on ports only or mixed ports and vlan's ?

Regards
--
Jarek
Hi,
We can confirm this problem.
We use the Software 15.5.3.4 patch1-6 on Extreme x460-24x.
We have the problem when we put the access-list with ingress policy on an interface away.
The other interfaces with an different acl they are affected.
As workaround we have load an other acl on an interface, so all interface with acl worked again.

But thats not a solution, is there something else that we can do.

Regards
Patrick
Userlevel 7
Hi Tuomas,
Unless this has been resolved, the progression of this thread indicates sounds like it might be best to open a case with GTAC so that it can be tested.
sh access-list usage acl-slice port 2:25

Ports 2:25-2:50
Stage: INGRESS
Slices: Used: 2 Available: 14
Slice 0 Rules: Used: 0 Available: 0
Slice 1 Rules: Used: 0 Available: 0
Slice 2 Rules: Used: 0 Available: 0
Slice 3 Rules: Used: 0 Available: 0
Slice 4 Rules: Used: 0 Available: 0
Slice 5 Rules: Used: 0 Available: 0
Slice 6 Rules: Used: 0 Available: 0
Slice 7 Rules: Used: 0 Available: 0
Slice 8 Rules: Used: 0 Available: 0
Slice 9 Rules: Used: 0 Available: 0
Slice 10 Rules: Used: 0 Available: 0
Slice 11 Rules: Used: 0 Available: 0
Slice 12 Rules: Used: 0 Available: 0
Slice 13 Rules: Used: 0 Available: 0
Slice 14 Rules: Used: 10 Available: 246 system
Slice 15 Rules: Used: 130 Available: 126 user/other
Stage: EGRESS
Slices: Used: 0 Available: 4
Slice 0 Rules: Used: 0 Available: 0
Slice 1 Rules: Used: 0 Available: 0
Slice 2 Rules: Used: 0 Available: 0
Slice 3 Rules: Used: 0 Available: 0
Stage: LOOKUP
Slices: Used: 1 Available: 3
Slice 0 Rules: Used: 0 Available: 0
Slice 1 Rules: Used: 0 Available: 0
Slice 2 Rules: Used: 0 Available: 0
Slice 3 Rules: Used: 31 Available: 481 system
Stage: EXTERNAL
Slices: Used: 0 Available: 0
Hi Tuomas
Do get an solution of your Problems, because we have still the same Problem ?
Userlevel 3
Hi,

could you explain your problem with details?
You have an ACL, then apply on port...etc...

--
Jarek

Reply