Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - END-OF-SALE AND END-OF-LIFE PRODUCTS
      - CISCO IOS SOFTWARE RELEASES 12.2 T
        CONFIGURE
        FEATURE GUIDES
        Traffic Policing

Cisco IOS Software Releases 12.2 T

Traffic Policing

Downloads

Traffic Policing

Table Of Contents

Traffic Policing

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring Traffic Policing

Verifying Traffic Policing

Troubleshooting Tips

Monitoring and Maintaining Traffic Policing

Configuration Examples

Configuring a Service Policy that Includes Traffic Policing

Command Reference

police

Glossary

Traffic Policing

This feature module describes the Traffic Policing feature. It includes information on the benefits of the feature, supported platforms, related documents, and so forth.

This document includes the following sections:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Prerequisites

•Configuration Tasks

•Monitoring and Maintaining Traffic Policing

•Configuration Examples

•Command Reference

•Glossary

Feature Overview

Table 1 Feature History

Cisco IOS Release

Enhancement

12.0(5)XE

This feature was introduced.

12.1(5)T

This command was introduced for Cisco IOS Release 12.1 T.
A new Traffic Policing algorithm was introduced.
The violate-action option became available.
This feature became available on Cisco 2600, 3600, 4500, 7200, and 7500 series routers.

12.2(2)T

The set-clp-transmit option for the action argument was added to the police command.
The set-frde-transmit option for the action argument was added to the police command. However, the set-frde-transmit option is not supported for Any Transport over Multiprotocol Label Switching (MPLS) (AToM) traffic in this release.
The set-mpls-exp-transmit option for the action argument was added to the police command.

The Traffic Policing feature performs the following functions:

•Limits the input or output transmission rate of a class of traffic based on user-defined criteria

•Marks packets by setting the ATM Cell Loss Priority (CLP) bit, Frame Relay Discard Eligibility (DE) bit, IP precedence value, IP differentiated services code point (DSCP) value, MPLS experimental value, and Quality of Service (QoS) group.

Traffic policing allows you to control the maximum rate of traffic transmitted or received on an interface. The Traffic Policing feature is applied when you attach a traffic policy contain the Traffic Policing configuration to an interface. A traffic policy is configured using the Modular Quality of Service Command-Line Interface (Modular QoS CLI). For information on configuring the Modular QoS CLI, see the Modular Quality of Service Command-Line Interface Overview on Cisco Connection Online (CCO) and the Documentation CD-ROM.

Benefits

Bandwidth Management Through Rate Limiting

Traffic policing allows you to control the maximum rate of traffic transmitted or received on an interface. Traffic policing is often configured on interfaces at the edge of a network to limit traffic into or out of the network. In most Traffic Policing configurations, traffic that falls within the rate parameters is transmitted, whereas traffic that exceeds the parameters is dropped or transmitted with a different priority.

Packet Marking

Packet marking allows you to partition your network into multiple priority levels or classes of service (CoS). A packet is marked and these markings can be used to identify and classify traffic for downstream devices. In some cases, such as ATM Cell Loss Priority (CLP) marking or Frame Relay Discard Eligibility (DE) marking, the marking is used to classify traffic.

•Use traffic policing to set the IP precedence or DSCP values for packets entering the network. Networking devices within your network can then use the adjusted IP precedence values to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence values to determine the probability that a packet will be dropped.

•Use traffic policing to assign packets to a QoS group. The router uses the QoS group to determine how to prioritize packets within the router.

Traffic can be marked without using the Traffic Policing feature. If you want to mark traffic but do not want to use Traffic Policing, see the Class-Based Marking feature module.

Packet Prioritization for Frame Relay Frames

The Traffic Policing feature allows users to mark the Frame Relay DE bit of the Frame Relay frame. The Frame Relay DE bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, frames with the DE bit set to 1 are discarded before frames with the DE bit set to 0.

Packet Prioritization for ATM Cells

The Traffic Policing feature allows users to mark the ATM CLP bit in ATM cells. The ATM CLP bit is used to prioritize packets in ATM networks. The ATM CLP bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, cells with the ATM CLP bit set to 1 are discarded before cells with the ATM CLP bit set to 0.

Restrictions

•On a Cisco 7500 series router, traffic policing can monitor Cisco Express Forwarding (CEF) switching paths only. In order to use the Traffic Policing feature, Cisco Express Forwarding must be configured on both the interface receiving the packet and the interface sending the packet.

•On a Cisco 7500 series router, traffic policing cannot be applied to packets that originated from or are destined to a router.

•Traffic policing can be configured on an interface or a subinterface.

•Traffic policing is not supported on the following interfaces:

–Fast EtherChannel

–Tunnel

Note Traffic policing is supported on tunnels that are using the Cisco generic routing encapsulation (GRE) tunneling protocol.

–PRI

–Any interface on a Cisco 7500 series router that does not support Cisco Express Forwarding

Related Features and Technologies

•Modular Quality of Service Command-Line Interface

•Class-Based Weighted Fair Queueing (CBWFQ)

•Class-Based Marking

Related Documents

•Modular Quality of Service Command-Line Interface document

•Committed Access Rate feature module

•Class-Based Marking feature module

•Class-Based Weighted Fair Queuing feature module

Supported Platforms

•Cisco 2500 series

Note Cisco IOS Release 12.2(2)T or later does not run on Cisco 2500 series routers.

•Cisco 2600 series

•Cisco 3640 routers

•Cisco 4500 series

•Cisco 7000 series with RSP7000

•Cisco 7100 series

•Cisco 7200 series

•Cisco 7500 series

Note To use the set-clp-transmit action available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter (such as the Cisco 2600 series router, the Cisco 3640 router, and the 4500 series router). For more information, refer to the documentation for your specific router.

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

Class-Based Quality of Service MIB

•CISCO-CLASS-BASED-QOS-MIB

•CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

•RFC 2697, A Single Rate Three Color Marker

Prerequisites

On a Cisco 7500 series router, Cisco Express Forwarding (CEF) must be configured on the interface before traffic policing can be used.

For additional information on Cisco Express Forwarding, see the Cisco Express Forwarding and Distributed Cisco Express Forwarding feature modules.

Configuration Tasks

See the following sections for configuration tasks for the Traffic Policing feature. Each task in the list indicates if the task is optional or required.

•Configuring Traffic Policing (Required)

Configuring Traffic Policing

To successfully configure the Traffic Policing feature, a traffic class and a traffic policy must be created, and the traffic policy must be attached to a specified interface. These tasks are performed using the Modular QoS CLI. For information on the Modular QoS CLI, see the Modular Quality of Service Command-Line Interface document on CCO or the Documentation CD-ROM.

The Traffic Policing feature is configured in the traffic policy. To configure the Traffic Policing feature, use the following command in policy map configuration mode:

Command

Purpose

Router(config-pmap-c)# police bps burst-normal burst-max conform-action action exceed-action action violate-action action

Specifies a maximum bandwidth usage by a traffic class.

The Traffic Policing feature works with a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified.

For a description of a single token bucket algorithm and an explanation of how it works, see the "What is a Token Bucket?" section of the Policing and Shaping Overview document. An example of how the single token bucket algorithm works is also given in the "Command Reference" section of this document.

For a description of the two token bucket algorithm and an explanation of how it works, see the "Command Reference" section of this document.

Verifying Traffic Policing

Use the show policy-map interface EXEC command to verify that the Traffic Policing feature is configured on your interface. If the feature is configured on your interface, the show policy-map interface command output displays policing statistics:
Router# show policy-map interface
 Ethernet1/7 
  service-policy output: x
    class-map: a (match-all)
      0 packets, 0 bytes
      5 minute rate 0 bps
      match: ip precedence 0
      police:
        1000000 bps, 10000 limit, 10000 extended limit
        conformed 0 packets, 0 bytes; action: transmit
        exceeded 0 packets, 0 bytes; action: drop
        conformed 0 bps, exceed 0 bps, violate 0 bps
Troubleshooting Tips

•Check the interface type. Verify that your interface is not mentioned in the nonsupported interface description in the "Restrictions" section of this document.

•For input traffic policing on a Cisco 7500 series router, verify that CEF is configured on the interface where traffic policing is configured.

•For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is CEF-switched. Traffic policing cannot be used on the switching path unless CEF switching is enabled.

Monitoring and Maintaining Traffic Policing

To monitor and maintain the Traffic Policing feature, use the following commands in EXEC mode, as needed:

Command

Purpose

Router# show policy-map

Displays all configured policy maps.

Router# show policy-map policy-map-name

Displays the user-specified policy map.

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.

Configuration Examples

This section provides the following configuration example:

•Configuring a Service Policy that Includes Traffic Policing

Configuring a Service Policy that Includes Traffic Policing

The following configuration shows how to define a traffic class (with the class-map command) and associate that traffic class with a traffic policy (with the policy-map command). Traffic policing is applied in the traffic policy. The service-policy command is then used to attach the traffic policy to the interface.

For additional information on configuring traffic classes and traffic policies, see the Modular Quality of Service Command-Line Interface document on CCO and the Documentation CD-ROM.

In this particular example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 2000 bytes, and the excess burst size at 4000 bytes. Packets coming into Fast Ethernet interface 0/0 are evaluated by the token bucket algorithm to analyze whether packets conform exceed, or violate the specified parameters. Packets that conform are transmitted, packets that exceed are assigned a QoS group value of 4 and are transmitted, and packets that violate are dropped.

For a description of a token bucket and an explanation of how a token bucket works, see the "What is a Token Bucket?" section of the Policing and Shaping Overview document. An example of how the token bucket works is also given in the "Command Reference" section of this document.
Router(config)# class-map acgroup2
Router(config-cmap)# match access-group 2
Router(config-cmap)# exit
Router(config)# policy-map police
Router(config-pmap)# class acgroup2
Router(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action 
set-qos-transmit 4 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fastethernet 0/0
Router(config-if)# service-policy input police
Command Reference

This section documents new or modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.

•police

police

To configure the Traffic Policing feature, use the police policy map configuration command. The no form of this command removes the Traffic Policing feature from the configuration.

police bps burst-normal burst-max conform-action action exceed-action action [violate-action action]
no police bps burst-normal burst-max conform-action action exceed-action action[violate-action action]
Syntax DescriptionDescription

bps

(Required) Average rate in bits per second.

burst-normal

(Required) Normal burst size in bytes.

burst-max

(Optional) Excess burst size in bytes. In Cisco IOS Release 12.1(5)T onward, the excess burst-size does not have to be specified unless the violate-action option is also specified. In Cisco IOS Releases 12.0(5)XE through 12.1(1)E, the excess burst size has to be specified.

conform-action

(Required) Action to take on packets that conform to the rate limit.

exceed-action

(Required) Action to take on packets that exceed the rate limit.

violate-action

(Optional) Action to take on packets that violate the normal and maximum burst sizes. If the violate-action option is specified, the token bucket algorithm works with two token buckets.
This option is not available in Cisco IOS Release 12.0 XE or Release 12.1 E.

action

Action to take on packets. Specify one of the following keywords:

•drop—Drops the packet.

•set-clp-transmit—Sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet with the ATM CLP bit set to 1.

•set-dscp-transmit new-dscp—Sets the IP DSCP value and transmits the packet with the new IP DSCP value setting.

•set-frde-transmit—Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1 on the frame relay frame and transmits the packet with the DE bit set to 1.

•set-mpls-exp-transmit—Sets the MPLS experimental bits (0 to 7) and transmits the packet with the new MPLS experimental bit value setting.

•set-prec-transmit new-prec—Sets the IP precedence and transmits the packet with the new IP precedence value setting.

•set-qos-transmit new-qos—Sets the QoS group value and transmits the packet with the new QoS group value setting.

•transmit—Transmits the packet. If a packet takes the transmit action, the packet is transmitted without being altered.

Usage

Defaults

Disabled

Command Modes

Policy-map configuration mode

Command History

Release

Modification

11.1 CC

The rate-limit command was introduced.

12.0(5)XE

This police command, which was closely related to the rate-limit command, was introduced.

12.1(1)E

This command was introduced in Cisco IOS Release 12.1 E.

12.1(5)T

This command was introduced in Cisco IOS Release 12.1 T.
The violate-action option became available.

12.2(2)T

The set-clp-transmit option for the action argument was added.
The set-frde-transmit option for the action argument was added. However, the set-frde-transmit option is not supported for AToM traffic in this release. Also, the set-frde-transmit option is supported only when Frame Relay is implemented on a physical interface without encapsulation.

The set-mpls-exp-transmit option for the action argument was added.

Usage Guidelines

The violate-action option is not available in Cisco IOS Release 12.0 XE or Release 12.1 E. The violate-action option is not available with the rate-limit command.

The Traffic Policing feature works with a token bucket algorithm. There are currently two types of token bucket algorithms in Cisco IOS Release 12.1(5)T: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified.

The token bucket algorithm for the police command that was introduced in Cisco IOS Release 12.0(5)XE is different from the token bucket algorithm for the police command introduced in Cisco IOS Release 12.1(5)T. For information on the token bucket algorithm introduced in Release 12.0(5)XE, see the Traffic Policing document for Release 12.0(5)XE. This document is available on the New Features for 12.0(5)XE feature documentation index (under Modular QoS CLI-related feature modules) at cisco.com.

Many of the action options are also Class-Based Marking features. For additional information on these actions, see the Class-Based Marking feature module.

The following are explanations of how the token bucket algorithms introduced in Cisco IOS Release 12.1(5)T work:

Token Bucket Algorithm with One Token Bucket

The one token bucket algorithm is used when the violate-action option is not specified in the police command CLI.

The conform bucket is initially set to the full size (the full size is the number of bytes specified as the normal burst size).

When a packet of size B bytes arrives at time t the following actions occur:

a. Tokens are updated in the conform bucket. If the previous arrival of the packet was at t1 and the current time is t, the bucket is updated with (t-t1) worth of bits based on the token arrival rate. The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is completed for the packet.

c. If the number of bytes in the conform bucket - B is less than 0, the exceed action is taken.

Token Bucket Algorithm with Two Token Buckets

The two token bucket algorithm is used when the violate-action is specified in the police command CLI.

The conform bucket is initially full (the full size is the number of bytes specified as the normal burst size).

The exceed bucket is initially full (the full exceed bucket size is the number of bytes specified in the maximum burst size).

The tokens for both the conform and exceed token buckets are updated based on the token arrival rate (or CIR).

When a packet of size B bytes arrives at time t the following actions occur:

a. Tokens are updated in the conform bucket. If the previous arrival of the packet was at t1 and the current arrival of the packet is at t, the bucket is updated with t-t1 worth of bits based on the token arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform bucket, the overflow tokens are placed in the exceed bucket.

The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.

c. If the number of bytes in the conform bucket - B is less than 0, the excess token bucket is checked for bytes by the packet. If the number of bytes in the exceed bucket - B is greater than or equal to 0, the exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed from the conform bucket.

d. If the number of bytes in the exceed bucket - B is less than 0, the packet violates and the violate action is taken. The action is complete for the packet.

Examples

Token Bucket Algorithm with One Token Bucket Example

The token bucket algorithm for the police command that was introduced in Cisco IOS Release 12.0(5)XE is different from the token bucket algorithms introduced in Cisco IOS Release 12.1(5)T. The following example is for the token bucket algorithm with one token bucket introduced in Cisco IOS Release 12.1(5)T.

When the violate-action option is not specified while configuring a policy with the police command in Cisco IOS Release 12.1(5)T onward, the token bucket algorithm uses one token bucket. If the violate-action option is specified, the token bucket algorithm uses two token buckets. In the following example, the violate-action option is not specified, so the token bucket algorithm only uses one token bucket.

The following configuration shows users how to define a traffic class (using the class-map command) and associate the match criteria from the traffic class with the Traffic Policing configuration, which is configured in the service policy (using the policy-map command). The service-policy command is then used to attach this service policy to the interface.

In this particular example, traffic policing is configured with the average rate at 8000 bits per second and the normal burst size at 1000 bytes for all packets leaving Fast Ethernet interface 0/0.
Router(config)# class-map access-match
Router(config-cmap)# match access-group 1
Router(config-cmap)# exit
Router(config)# policy-map police-setting
Router(config-pmap)# class access-match
Router(config-pmap-c)# police 8000 1000 conform-action transmit exceed-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fastethernet 0/0
Router(config-if)# service-policy output police-setting
The treatment of a series of packets leaving Fast Ethernet interface 0/0 is dependant on the size of the packet and the number of bytes remaining in the conform bucket. These packets are policed based on the following rules:

a. Tokens are updated in the conform bucket. If the previous arrival of the packet was at t1 and the current time is t, the bucket is updated with t-t1 worth of bits based on the token arrival rate. The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is completed for the packet.

c. If the number of bytes in the conform bucket - B is less than 0, the exceed action is taken.

In this example, the initial token buckets starts full at 1000 bytes. If a 450 byte packet arrives, the packet conforms because enough bytes are available in the token bucket. The conform action (transmit) is taken by the packet and 450 bytes are removed from the token bucket (leaving 550 bytes).

If the next packet arrives .25 seconds later, 250 bytes are added to the token bucket (0.25 * 8000)/8), leaving 800 bytes in the token bucket. If the next packet is 900 bytes, the packet exceeds and the exceed action (drop) is taken. No bytes are taken from the token bucket.

Token Bucket Algorithm with Two Token Buckets Example

When the violate-action option is specified while configuring a policy with the police command in Cisco IOS Release 12.1(5)T onward, the token bucket algorithm uses two token buckets. The following example uses the token bucket algorithm with two token buckets.

The following configuration shows users how to define a traffic class (using the class-map command) and associate the match criteria from the traffic class with the Traffic Policing configuration, which is configured in the service policy (using the policy-map command). The service-policy command is then used to attach this service policy to the interface.

In this particular example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 1000 bytes, and the excess burst size at 1000 bytes for all packets leaving Fast Ethernet interface 0/0.
Router(config)# class-map access-match
Router(config-cmap)# match access-group 1
Router(config-cmap)# exit
Router(config)# policy-map police-setting
Router(config-pmap)# class access-match
Router(config-pmap-c)# police 8000 1000 1000 conform-action transmit exceed-action 
set-qos-transmit 1 violate-action drop
Router(config-pmap-c)# exit
Router(config-pmap)# exit
Router(config)# interface fastethernet 0/0
Router(config-if)# service-policy output police-setting
The treatment of a series of packets leaving Fast Ethernet interface 0/0 is dependant on the size of the packet and the number of bytes remaining in the conform and exceed token buckets. The series of packets are policed based on the following rules:

a. If the previous arrival of the packet was at t1 and the current arrival of the packet is at t, the bucket is updated with t-t1 worth of bits based on the token arrival rate. The refill tokens are placed in the conform bucket. If the tokens overflow the conform bucket, the overflow tokens are placed in the exceed bucket.

The token arrival rate is calculated as follows:

(time between packets<which is equal to t-t1> * policer rate)/8 bytes

b. If the number of bytes in the conform bucket - B is greater than or equal to 0, the packet conforms and the conform action is taken on the packet. If the packet conforms, B bytes are removed from the conform bucket and the conform action is taken. The exceed bucket is unaffected in this scenario.

c. If the number of bytes in the conform bucket - B is less than 0, the excess token bucket is checked for bytes by the packet. If the number of bytes in the exceed bucket - B is greater than or equal to 0, the exceed action is taken and B bytes are removed from the exceed token bucket. No bytes are removed from the conform bucket in this scenario.

d. If the number bytes in the exceed bucket - B is less than 0, the packet violates and the violate action is taken. The action is complete for the packet.

In this example, the initial token buckets starts full at 1000 bytes. If a 450 byte packet arrives, the packet conforms because enough bytes are available in the conform token bucket. The conform action (transmit) is taken by the packet and 450 bytes are removed from the conform token bucket (leaving 550 bytes).

If the next packet arrives .25 seconds later, 250 bytes are added to the conform token bucket (0.25 * 8000)/8), leaving 800 bytes in the conform token bucket. If the next packet is 900 bytes, the packet does not conform because only 800 bytes are available in the conform token bucket.

The exceed token bucket, which starts full at 1000 bytes (as specified by the excess burst size) is then checked for available bytes. Because enough bytes are available in the exceed token bucket, the exceed action (set the QoS transmit value of 1) is taken and 900 bytes are taken from the exceed bucket (leaving 100 bytes in the exceed token bucket.

If the next packet arrives 0.40 seconds later, 400 bytes are added to the token buckets ((.40 * 8000)/8). Therefore, the conform token bucket now has 1000 bytes (the maximum number of tokens available in the conform bucket) and 200 bytes overflow the conform token bucket (because it only 200 bytes were needed to fill the conform token bucket to capacity). These overflow bytes are placed in the exceed token bucket, giving the exceed token bucket 300 bytes.

If the arriving packet is 1000 bytes, the packet conforms because enough bytes are available in the conform token bucket. The conform action (transmit) is taken by the packet and 1000 bytes are removed from the conform token bucket (leaving 0 bytes).

If the next packet arrives 0.20 seconds later, 200 bytes are added to the token bucket ((.20 * 8000)/8). Therefore, the conform bucket now has 200 bytes. If the arriving packet is 400 bytes, the packet does not conform because only 200 bytes are available in the conform bucket. Similarly, the packet does not exceed because only 300 bytes are available in the exceed bucket. Therefore, the packet violates and the violate action (drop) is taken.

Related Commands

Command

Description

policy-map

Specifies the name of the service policy to configure.

service-policy

Specifies the name of the service policy to be attached to the interface.

show policy-map

Displays all configured service policies.

show policy-map policy-map-name

Displays the user-specified service policy.

show policy-map interface

Displays statistics and configurations of all input and output service policies that are attached to an interface.

Glossary

average rate—Maximum long-term average rate of conforming traffic.

conform action—Action to take on packets with a burst size below the rate allowed by the rate limit.

DSCP—differentiated services code point

exceed action—Action to take on packets that exceed the rate limit.

excess burst size—Bytes allowed in a burst before all packets will exceed the rate limit.

normal burst size—Bytes allowed in a burst before some packets will exceed the rate limit. Larger bursts are more likely to exceed the rate limit.

QoS group—Internal QoS group ID for a packet used to determine weighted fair queuing characteristics for that packet.

policing policy—Rate limit, conform actions, and exceed actions that apply to traffic matching a certain criteria.

Versatile Interface Processor (VIP)—Interface card used by Cisco 7500 series and Cisco 7000 series with RSP7000 routers.