Cisco Nexus 1000V Quality of Service Configuration Guide, Release 4.2(1)SV2(2.1)
Configuring QoS Policing
Downloads: This chapterpdf (PDF - 1.33MB) The complete bookPDF (PDF - 2.56MB) | The complete bookePub (ePub - 245.0KB) | Feedback

Configuring QoS Policing

Configuring QoS Policing

This chapter contains the following sections:

Information About Policing

Policing is the monitoring of the data rates for a particular class of traffic. When the data rate exceeds user-configured values, marking or dropping of packets occurs immediately. Policing does not buffer the traffic, so transmission delay is not affected. When traffic exceeds the data rate, you instruct the system to either drop the packets or mark QoS fields in them. You can define single-rate, dual-rate, and color-aware policers.

Single-rate policers monitor the committed information rate (CIR) of traffic. Dual-rate policers monitor both the CIR and peak information rate (PIR) of traffic. In addition, the system monitors associated burst sizes. Three colors or conditions are determined by the policer for each packet depending on the data rate parameters supplied: conform (green), exceed (yellow), or violate (red).

You can configure only one action for each condition. For example, you might police for traffic in a class to conform to the data rate of 256,000 bits per second, with up to 200 millisecond bursts. The system would apply the conform action to traffic that falls within this rate, and it would apply the violate action to traffic that exceeds this rate.

Color-aware policers assume that traffic has been previously marked with a color. This information is then used in the actions taken by this type of policer. For more information about policies, see RFC 2697, RFC 2698, and RFC4115.

Figure 1. Policing Condition and Types



The following table lists the conditions that trigger actions by the policer depending on the defined data rate.

Table 1 Policer Actions for Exceed or Violate

Condition

Color

Description

Policer Action1

Conform

Green

The packet traffic data rate is within the defined boundaries.

The policer either transmits these packets as is or changes the value in the header (DSCP, precedence, or CoS) and then transmits these packets.

Exceed

Yellow

The packet traffic data rate exceeds the defined boundary.

The policer can drop or mark down these packets.

Violate

Red

The packet traffic data rate violates the defined boundaries.

The policer can drop or mark down these packets.

1 Only one policer action is allowed per condition.

Prerequisites for Policing

  • You are logged on to the CLI in EXEC mode.

Guidelines and Limitations for QoS Policing

Each module polices independently, which might affect a policer that is applied to traffic distributed across more than one module, such as in the case of a port channel interface.

Configuring Policing

Police Command and Policer Types

Police Command Arguments

The type of policer that is created by the Cisco Nexus 1000V is based on a combination of the police command arguments.

Note


Specify the identical value for pir and cir to configure 1-rate, 3-color policing.

Argument

Description

cir

Committed information rate (cir), or desired bandwidth, specified as a bit rate or a percentage of the link rate. Although a value for cir is required, the argument itself is optional. The range of values is from 1 to 80000000000; the range of policing values that are mathematically significant is 250 Kbps to 80 Gbps.

percent

Rate as a percentage of the interface rate. The range of values is from 1 to 100%.

bc

Indication of how much the cir can be exceeded, either as a bit rate or an amount of time at cir. The default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.

pir

Peak information rate (pir), which is specified as a PIR bit rate or a percentage of the link rate. There is no default. The range of values is from 1 to 80000000000; the range of policing values that are mathematically significant is from 250 Kbps to 80 Gbps. The range of percentage values is from 1 to 100%.

be
Indication of how much the pir can be exceeded, either as a bit rate or an amount of time at pir. When the bc value is not specified, the default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
Note   

You must specify a value for pir before the device displays this argument.

conform

Single action to take if the traffic data rate is within bounds. The basic actions are transmit or one of the set commands listed in the table. The default is transmit.

exceed

Single action to take if the traffic data rate exceeds the specified boundaries. The basic actions are drop or markdown. The default is drop.

violate

Single action to take if the traffic data rate violates the configured rate values. The basic actions are drop or markdown. The default is drop.

Policer Types and Actions

Although all the arguments in the above table are optional, you must specify a value for cir. In this section, cir indicates the value but not necessarily the keyword itself. The combination of these arguments and the resulting policer types and actions are described in the following table.

Police Arguments Present

Policer Type

Policer Action

cir, but not pir, be, or violate

1-rate, 2-color

cir, then conform; otherwise violate

cir and pir

1-rate, 3-color

cir conform; pirexceed; else violate

Note   

You must specify identical values for cir and pir.

cir and pir

2-rate, 3-color

cir, then conform; ≤ pir, then exceed; otherwise violate

Policer Action

You can take the following actions when the packet exceeds the parameters or violates the parameters:

Action

Description

drop

Drops the packet. This action is available only when the packet exceeds or violates the parameters.

set dscp dscp table {cir-markdown-map | pir-markdown-map}

Sets the specified fields from a table map and transmits the packet. For more information on the system-defined, or default table maps, see Configuring QoS Marking Policies. This action is available only when the packet exceeds the parameters (use the cir-markdown-map) or violates the parameters (use the pir-markdown-map).

Action

Description

transmit

Transmits the packet. This action is available only when the packet conforms to the parameters.

set-prec-transmit

Sets the IP precedence field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters.

set-dscp-transmit

Sets the DSCP field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters.

set-cos-transmit

Sets the CoS field to a specified value and transmits the packet. This action is available only when the packet conforms to the parameters.

set-qos-transmit

Sets the QoS group internal label to the specified value and transmits the packet. This action can be used only in input policies and is available only when the packet conforms to the parameters.

set-discard-class-transmit

Sets the discard-class internal label to a specified value and transmits the packet. This action can be used only in ingress policies and is available only when the packet conforms to the parameters.

Police Command Data Rates

The policer can only drop or mark down packets that exceed or violate the specified parameters. For more information, see Configuring QoS Marking Policies.

The police command uses the following data rates:

Table 2 Data Rates for the police Command

Rate

Description

bps

Bits per second (default)

kbps

1000 bits per seconds

mbps

1,000,000 bits per second

gbps

1,000,000,000 bits per second

Police Command Burst Sizes

The police command uses the following burst sizes:

Speed

Description

bytes

bytes

kbytes

1000 bytes

mbytes

1,000,000 bytes

ms

milliseconds

us

microseconds

Configuring Mark Down Policing

Markdown policing is the setting of a QoS field in a packet when traffic exceeds or violates the policed data rates. You can configure markdown policing by using the set commands. The example in this section shows you how to use a table map to perform markdown.

Note


You must specify the identical value for pir and cir to configure 1-rate, 3-color policing.
SUMMARY STEPS

    1.    switch# configure terminal

    2.    switch(config)# policy-map [type qos] [match-first] policy-map-name

    3.    switch(config-pmap-qos)# class [type qos] {class_map_name |class-default}

    4.    switch(config-pamp-c-qos)# police [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]][pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] [conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]}

    5.    (Optional) switch(config-pamp-c-qos)# show policy-map [type qos] [policy-map-name]

    6.    switch# show table-map table-map-name

    7.    (Optional) switch(config-pmap-c-qos)# copy running-config startup-config


DETAILED STEPS
     Command or ActionPurpose
    Step 1switch# configure terminal 

    Enters global configuration mode.

     
    Step 2switch(config)# policy-map [type qos] [match-first] policy-map-name 

    Places you into policy map QoS configuration mode for the specified policy map and configures the map name in the running configuration.

    The policy_map_name argument is an alphabetic string that can be up to 40 case-insensitive characters long, including hyphen (-) and underscore (_) characters.

     
    Step 3switch(config-pmap-qos)# class [type qos] {class_map_name |class-default} 

    Creates a reference to class-map-name and enters policy-map class QoS configuration mode for the specified class map. By default, the class is added to the end of the policy map. Changes are saved in the running configuration.

    Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.

     
    Step 4switch(config-pamp-c-qos)# police [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]][pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] [conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]} 

    Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir. The actions are described in Information About Policing. The data rates and link speeds are described in Police Command Data Rates and Police Command Burst Sizes.

    Note   

    Default value of 200 ms is taken for bc and be, if bc and be is configured in ms/us. This limitation does not apply if bc and be is in bps.

     
    Step 5switch(config-pamp-c-qos)# show policy-map [type qos] [policy-map-name]  (Optional)

    Displays information about all configured policy maps or a selected policy map of type QoS.

     
    Step 6switch# show table-map table-map-name 

    Displays information about QoS table-maps.

     
    Step 7switch(config-pmap-c-qos)# copy running-config startup-config   (Optional)

    Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.

     

    This example shows how to configure a 1-rate, 2-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps and marks DSCP as per pir-markdown-map from table map if data rate is violated.

    switch(config)# policy-map pol1switch(config-pmap-qos)# class class-default 
    switch(config-pmap-c-qos)# police cir 256000 bps conform transmit violate set dscp dscp table pir-markdown-map 
    switch(config)# show policy-map pol1Type qos policy-maps
    policy-map type qos pol1 
    class class-defaultpolice cir 256000 bps bc 200 ms conform transmit violate set dscp dscp table 
    pir-markdown-map 
    switch(config)# show table-map pir-markdown-map Table-map pir-markdown-mapdefault copyfrom 10,12 to 14 
    from 18,20 to 22from 26,28 to 30from 34,36 to 38
    
    

    Verifying the Policing Configuration

    Use the following command to verify the configuration:

    Command

    Description

    show policy-map

    Displays information about policy maps and policing.

    Configuration Example for QoS Policing

    This example shows a 2 rate 3 color policer that sets cos to 4 if the data rate is within 300 kbps. It also shows how to mark down DSCP using the system-defined cir-markdown-map table map if the data rate is within 750 kbps and how to mark down DSCP using the system-defined pir-markdown-map table map if the data rate is greater 750 kbps:

    switch(config)# policy-map ty qos 2rate3clr
    switch(config-pmap-qos)# class  class1
    switch(config-pmap-c-qos)# police cir 300 kbps pir 750 kbps conform set-cos-transmit 4 exceed set dscp dscp table cir-markdown-map violate set dscp dscp table pir-markdown-map   
    switch(config-pmap-c-qos)# show policy-map 2rate3clr 
    
    
      Type qos policy-maps
      ====================
    
      policy-map type qos 2rate3clr 
        class  class1
          police cir 300 kbps bc 200 ms pir 750 kbps be 200 ms conform set-cos-transmit 4 exceed set dscp dscp table cir-markdown-map violate set dscp dscp table pir-mar
    kdown-map 
    
    

    This example shows a 1 rate, 2 color policer that transmits if the data rate is within 200 milliseconds of traffic at 600 kbps:

    switch(config)# policy-map ty qos 1rate2clr
    switch(config-pmap-qos)# class  class2
    switch(config-pmap-c-qos)# police cir 600 kbps conform transmit violate drop 
    switch(config-pmap-c-qos)# show policy-map 1rate2clr 
    
    
      Type qos policy-maps
      ====================
    
      policy-map type qos 1rate2clr 
        class  class2
          police cir 600 kbps bc 200 ms conform transmit violate drop 
    switch(config-pmap-c-qos)# 
    

    This example shows how to configure single-rate three-color policer that polices traffic at 4,000,000 bits per second and allows normal or committed bursts of 200 kbytes and excess bursts of 400 kbytes. The policer transmits traffic that conforms to the policing rate, marks down the DSCP using system-defined "cir-markdown-map" table map for traffic that exceeds the burst sizes, and drops traffic that violates the policing rate.

    switch(config)# policy-map 1rate3clr
    switch(config-pmap-qos)# class class1
    switch(config-pmap-c-qos)# police cir 4 mbps bc 200 kbytes pir 4 mbps be 400 kbytes conform transmit exceed set dscp dscp table cir-markdown-map violate drop 
    switch(config-pmap-c-qos)# show policy-map 1rate3clr 
    
    
      Type qos policy-maps
      ====================
    
      policy-map type qos 1rate3clr 
        class  class1
          police cir 4 mbps bc 200 kbytes pir 4 mbps be 400 kbytes conform transmit exceed set dscp dscp table cir-markdown-map violate drop 

    Feature History for QoS Policing

    This section provides the QoS policing release history.

    Feature Name

    Release

    Feature Information

    QoS Policing

    4.0

    This feature was introduced