Guest

Cisco IOS Software Releases 12.0 S

QoS: Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

  • Viewing Options

  • PDF (234.2 KB)
  • Feedback
QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Table Of Contents

QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Contents

Restrictions for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Information About QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Configuration Examples for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Police and Rate Limit:—Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference


QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card


This feature creates the result of a 2-level hierarchial traffic policing policy by combining the rate-limit interface configuration command with a flat policy map. This feature is implemented only for the ingress interfaces and subinterfaces of the Cisco 12000 4-port Gigabit Ethernet ISE line card.

Feature History for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Release
Modification

12.0(30)S1

The feature was introduced for the Cisco 12000 4-port GE ISE line card.

12.0(31)S

This feature was marketed as part of the major release.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Restrictions for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Information About QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Configuration Examples for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

Additional References

Restrictions for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

This feature is supported only on ingress interfaces or subinterfaces of the Cisco 12000 4-port Gigabit Ethernet ISE line card.

Nested policy maps (also known as, hierarchical policy maps) are not supported.

Do not use the ACL-based rate-limit, continue, and set actions with this feature.

Percentage-based policing is not supported.

Only the transmit and drop actions are supported for the rate-limit command.

Random-detect and police cannot be configured in the same class if rate-limit is also configured on the interface.

The implementation of the police and rate-limit interface configuration commands described in this feature are not supported for IPv6.

Any Transport over MPLS (AToM) is not supported.

Information About QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

When applied to Service Provider edge and core routers (termed PE and P routers respectively), Cisco IOS Modular Quality of Service CLI (MQC) configurations can police and shape service provider bandwidth in accordance with service level agreements (SLAs). For installations in which the customer edge router(CE) is unmanaged, service providers may choose to classify and police traffic on the ingress interfaces of the PE routers. Hierarchical MQC policy maps can ordinarily be configured for these cases, but hierarchical policy maps are not supported on the ingress interfaces of the Cisco 12000 4-port Gigabit Ethernet ISE line card.

Beginning with Cisco IOS Release 12.0(30)S1, you can combine the rate-limit interface configuration command with a flat policy map to attain the same result as a 2-level hierarchical policy for policing ingress interfaces. In addition, the rate-limit command can now be applied to Gigabit Ethernet subinterfaces. An example of a 2-level hierarchical policy map is shown in the left column of Table 1. The implementation for the Cisco 12000 4-port Gigabit Ethernet ISE line card is shown in the right column.

Table 1 Comparison of Unsupported and Supported Hierarchical Policing

Unsupported 2-Level Policing with Hierarchical Policy Map
Supported 2-Level Policing with the Rate-limit Command
policy-map parent
Class class-default
police cir 200000000 bc 100000 be 100000
exceed-action drop
service-policy child

policy-map child
class prec1
police cir 100000000 bc 3125000 be 3125000
conform-action set-prec-transmit 3
exceed-action drop
class prec2
police cir 100000000 bc 3125000 be 3125000
conform-action transmit
exceed-action drop
class prec3
police cir 100000000 bc 3125000 be 3125000
conform-action transmit
exceed-action drop

class-map match-any Prec1
Match ip precedence 1
class-map match-any Prec2
Match ip precedence 2
class-map match-any Prec3
Match ip precedence 3

interface gigabitEthernet 1/0.1 
service-policy input parent 
policy-map 3class
class prec1
police cir 100000000 bc 3125000 be 3125000
conform-action set-prec-transmit 3
exceed-action drop
class prec2
police cir 100000000 bc 3125000 be 3125000
conform-action transmit
exceed-action drop
class prec3
police cir 100000000 bc 3125000 be 3125000
conform-action transmit
exceed-action drop

class-map match-any Prec1
Match ip precedence 1
class-map match-any Prec2
Match ip precedence 2
class-map match-any Prec3
Match ip precedence 3

interface gigabitEthernet 1/0.1 
service-policy input 3class 
rate-limit input 200000000 100000 100000 
conform-action transmit exceed-action drop

The hierarchical policing policy map in the left column of Table 1 first executes the police action of the nested policy map, "child," and secondly, the main policy map, "parent." The action invoked in the parent policy is the police command with only conform-action and exceed-action options specified for class-default traffic. The child level consists of a flat policy that can be configured with any action or class within the current restrictions of the hardware and the Cisco IOS release version. Thus, precedence 1 traffic from the customer edge router is policed to 100 megabits per second, with conforming packets retransmitted and remarked as precedence 3. Precedence 2 and precedence 3 traffic is policed to 100 megabits per second and is retransmitted, and all other traffic is policed to 200 megabits per second and retransmitted.

The supported workaround in the right column of Table 1 simulates the functionality of the 2-level policing hierarchical policy. Because the rate-limit feature can police traffic, the rate-limit command simulates the parent level and a flat policy-map simulates the child level. The flat policy-map is always executed before the rate-limit command, and packets not dropped by the policy-map are then filtered by the rate-limit feature. Packets dropped by the policy map filters are not counted in the rate-limit statistics.

Configuration Examples for QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card

No changes are introduced in the CLI for the rate-limit and police commands.

Use the show interfaces rate-limit command to display rate limit counters. Use the show policy-map interface gigabitEthernet slot/port command to display the policy map statistics.

Police and Rate Limit:—Example

In this example, a policy map defines four classes of traffic as Class-1, Class-2, Class-3, and Class-4. The defined classes are policed to 9 Mbps each with a rate-limit on the entire Gigabit Ethernet interface set to 30 Mbps. When 10 Mbps of traffic is generated for 5 seconds (50,000 packets) for classes 1, 2, 4, and default class, the police and rate-limit commands filter the 40 Mbps of total traffic to approximately 30 Mbps total throughput, with each class of traffic contributing only the allowed 9 Mbps of traffic each. No traffic is generated for class-3 in this example.

The Policy Map

policy-map Police-1
class Class-1
police cir 9000000 bc 4500 be 4500
class Class-2
police cir 9000000 bc 4500 be 4500
class Class-3
police cir 9000000 bc 4500 be 4500
class Class-4
police cir 9000000 bc 4500 be 4500

Running Configuration File of the Interface

Router# show running-conf interface g2/0
Building configuration...
Current configuration : 284 bytes
!
interface GigabitEthernet2/0
ip address 10.0.0.0 255.255.255.255 

no ip directed-broadcast
rate-limit input 30000000 100000 200000 conform-action transmit exceed-action 

drop
no ip mroute-cache
load-interval 30
negotiation auto
no cdp enable
service-policy input Police-1
end

Policy Map Definitions, Byte, and Packet Counters

Router# show policy-map interface gigabitEthernet 2/0 
 GigabitEthernet2/0 

  Service-policy input: Police-1 (1182)

    Class-map: Class-1 (match-any) (1183/3)
      50000 packets, 6000000 bytes
      30 second offered rate 1366000 bps, drop rate 85000 bps
      Match: mpls experimental  1  (1184)
      Match:  precedence 1  (1185)
      police:
        9008000 bps, 4504 limit, 4504 extended limit
        conformed 46951 packets, 5634120 bytes; actions:
          transmit 
        exceeded 3049 packets, 365880 bytes; actions:
          drop 
        conformed 1283000 bps, exceed 85000 bps

    Class-map: Class-2 (match-any) (1187/2)
      50000 packets, 6000000 bytes
      30 second offered rate 1366000 bps, drop rate 85000 bps
      Match: mpls experimental  2  (1188)
      Match:  precedence 2  (1189)
      police:
        9008000 bps, 4504 limit, 4504 extended limit
        conformed 46952 packets, 5634240 bytes; actions:
          transmit 
        exceeded 3048 packets, 365760 bytes; actions:
          drop 
        conformed 1283000 bps, exceed 85000 bps

    Class-map: Class-4 (match-any) (1191/8)
      50000 packets, 6000000 bytes
      30 second offered rate 1366000 bps, drop rate 85000 bps
      Match: mpls experimental  4  (1192)
      Match:  precedence 4  (1193)
      police:
        9008000 bps, 4504 limit, 4504 extended limit
        conformed 46952 packets, 5634240 bytes; actions:
          transmit 
        exceeded 3048 packets, 365760 bytes; actions:
          drop 
        conformed 1283000 bps, exceed 85000 bps

    Class-map: Class-3 (match-any) (1291/1)
      0 packets, 0 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: mpls experimental  3  (1292)
      Match:  precedence 3  (1293)
      police:
        9008000 bps, 4504 limit, 4504 extended limit
        conformed 0 packets, 0 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          drop 
        conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any) (1195/0)
      50000 packets, 6000000 bytes
      30 second offered rate 1366000 bps, drop rate 0 bps
      Match: any  (1196)

Rate-Limit Packet and Byte Count for the Interface

Router# show interfaces g2/0 rate-limit 
GigabitEthernet2/0 
  Input
    matches: all traffic
      params:  30000000 bps, 100000 limit, 200000 extended limit
      conformed 157346 packets, 18876032 bytes; action: transmit
      exceeded 33607 packets, 4032840 bytes; action: drop
      last packet: 24ms ago, current burst: 0 bytes
      last cleared 00:07:33 ago, conformed 332863 bps, exceeded 71115 bps

Note Only packets that pass through the policy-map filters are counted in the rate-limit statistics.


Additional References

The following sections provide references related to QoS—Partial Support for Ingress Hierarchical Policing for the Cisco 12000 4-port Gigabit Ethernet ISE Line Card.

Related Documents

Related Topic
Document Title

Descriptions of software functionality added in Cisco IOS Release 12.0S to support the 4-port Gigabit Ethernet ISE line card.

4-Port Gigabit Ethernet ISE Line Card for Cisco 12000 Series Internet Router

Library of Cisco IOS 12.0S feature documents written for the Cisco 12000 series router.

Cisco IOS Release 12.0S Features for Cisco 12000 Series Internet Router

Descriptions of QoS concepts and configurations.

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2

QoS command reference.

Cisco IOS Quality of Service Solutions Command Reference, Release 12.2


Standards

Standards
Title

No new or modified standards are supported, and support for existing standards has not been modified.


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported, and support for existing MIBs has not been modified.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported, and support for existing RFCs has not been modified.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

There are no new comands for this feature.