Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.2 T

Two-Rate Policer

Downloads

Table Of Contents

Two-Rate Policer

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring the Two-Rate Policer

Verifying the Two-Rate Policer Configuration

Troubleshooting Tips

Monitoring and Maintaining the Two-Rate Policer

Configuration Examples

Limiting the Traffic Using a Policer Class Example

Command Reference

police

show policy-map

show policy-map interface


Two-Rate Policer

Release
Modification

12.2(4)T

This feature was introduced.

12.2(4)T3

Support for the Cisco 7500 series routers was added.


Feature History

This document describes the Two-Rate Policer feature in Cisco IOS Release 12.2(4)T. It includes the following sections:

Feature Overview, page 1

Supported Platforms, page 4

Supported Standards, MIBs, and RFCs, page 5

Configuration Tasks, page 5

Monitoring and Maintaining the Two-Rate Policer, page 7

Configuration Examples, page 7

Command Reference, page 8

Feature Overview

Networks police traffic by limiting the input or output transmission rate of a class of traffic based on user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS).

The Two-Rate Policer performs the following functions:

Limits the input or output transmission rate of a class of traffic based on user-defined criteria.

Marks packets by setting the IP precedence value, IP differentiated services code point (DSCP) value, Multiprotocol Label Switching (MPLS) experimental value, Quality of Service (QoS) group, ATM Cell Loss Priority (CLP) bit, and the Frame Relay Discard Eligibility (DE) bit.

With the Two-Rate Policer, you can enforce traffic policing according to two separate rates—committed information rate (CIR) and peak information rate (PIR). You can specify the use of these two rates, along with their corresponding values, by using two keywords, cir and pir, of the police command. For more information about the police command, see the "Command Reference" section of this document.

The Two-Rate Policer manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm can use the user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface (depending on the location of the interface on which the Two-Rate Policer is configured) and is useful in managing network bandwidth in cases where several large packets are sent in the same traffic stream.

The token bucket algorithm provides users with three actions for each packet: a conform action, an exceed action, and an optional violate action. Traffic entering the interface with Two-Rate Policer configured is placed in to one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent, packets that exceed can be configured to be sent with a decreased priority, and packets that violate can be configured to be dropped.

The Two-Rate Policer is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common configurations, traffic that conforms is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these configuration options to suit their network needs.

Note Additionally, the Two-Rate Policer enables you to implement Differentiated Services (DiffServ) Assured Forwarding (AF) Per-Hop Behavior (PHB) traffic conditioning. For more information about DiffServ, refer to the "Implementing DiffServ for End-to-End Quality of Service" chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2.

Note Starting with Cisco IOS Release 12.1(5)T, you can police traffic by using the Traffic Policing feature (sometimes referred to as the single-rate policer). The Two-Rate Policer (available with Cisco IOS Release 12.2(4)T) is in addition to the Traffic Policing feature, and it provides additional functionality. For more information about the Traffic Policing feature, refer to the "Policing and Shaping Overview" chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2.

Benefits

Bandwidth Management Through Rate Limiting

This feature provides improved bandwidth management through rate limiting. Before this feature was available, you could police traffic with the single-rate Traffic Policing feature. The Traffic Policing feature provided a certain amount of bandwidth management by allowing you to set the peak burst size (be). The Two-Rate Policer supports a higher level of bandwidth management and supports a sustained excess rate. With the Two-Rate Policer, you can enforce traffic policing according to two separate rates—CIR and PIR—specified in bits per second (bps).

Packet Marking Through IP Precedence, DSCP Value, MPLS Experimental Value, and the QoS Group Setting

In addition to rate-limiting, the Two-Rate Policer allows you to independently mark the packet according to whether the packet conforms, exceeds, or violates a specified rate. Packet marking also allows you to partition your network into multiple priority levels or classes of service (CoS).

Use the Two-Rate Policer to set the IP precedence value, the IP  DSCP value, or the MPLS experimental value for packets that enter the network. Then networking devices within your network can use the this setting to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence value to determine the probability that a packet will be dropped.

Use the Two-Rate Policer to assign packets to a QoS group. The router uses the QoS group to determine how to prioritize packets within the router.

If you want to mark traffic but do not want to use the Two-Rate Policer, see the Class-Based Marking feature module available with Cisco IOS Release 12.2(2)T. More information about the Class-Based Marking feature is available from the Cisco documentation website (Cisco.com) or the Cisco documentation CD.

Packet Marking for Frame Relay Frames

The Two-Rate Policer allows users to mark the Frame Relay DE bit of the Frame Relay frame. The Frame Relay DE bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, frames that have the DE bit set to 1 are discarded before frames that have the DE bit set to 0.

Packet Marking for ATM Cells

The Two-Rate Policer allows users to mark the ATM CLP bit in ATM cells. The ATM CLP bit is used to prioritize packets in ATM networks. The ATM CLP bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, cells that have the ATM CLP bit set to 1 are discarded before cells that have the ATM CLP bit set to 0.

Restrictions

The following restrictions apply to the Two-Rate Policer:

On a Cisco 7500 series router, traffic policing can monitor Cisco Express Forwarding (CEF) or Distributed CEF (dCEF) switching paths only. To use the Two-Rate Policer, CEF or dCEF must be configured on both the interface receiving the packet and the interface sending the packet.

On a Cisco 7500 series router, traffic policing cannot be applied to packets that originated from or are destined to a router.

Two-rate policing can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC).

Two-rate policing is not supported on the following interfaces:

Fast EtherChannel

PRI

Any interface on a Cisco 7500 series router that does not support CEF or dCEF

Related Features and Technologies

Modular Quality of Service Command-Line Interface

Class-based Weighted Fair Queueing (CBWFQ)

Class-Based Packet Marking

Traffic Policing

Related Documents

Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2

Cisco IOS Quality of Service Solutions Command Reference, Release 12.2

RFC 2698, A Two Rate Three Color Marker

Supported Platforms

Cisco 2600 series

Cisco 3620

Cisco 3640

Cisco 7100 series

Cisco 7200 series

Cisco 7500 series (VIP-based platform only)

Note To use the set-clp-transmit action available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter (such as the Cisco 2600 series router, the Cisco 3620 router, and the 3640 router). For more information, refer to the documentation for your specific router.

Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

The Two-Rate Policer feature supports the following MIBs:

CISCO-CLASS-BASED-QOS-MIB

CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

This feature supports RFC 2698, A Two Rate Three Color Marker.

Prerequisites

On a Cisco 7500 series router, CEF or dCEF must be configured on the interface before you can use the Two-Rate Policer. For additional information on CEF or dCEF, refer to the Cisco IOS Switching Services Configuration Guide, Release 12.2.

To configure the Two-Rate Policer, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface. These tasks are performed using the Modular QoS CLI. For information on the Modular QoS CLI, see the "Modular Quality of Service Command-Line Interface" chapter of the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2.

Configuration Tasks

See the following sections for configuration tasks for the Two-Rate Policer feature. Each task in the list is identified as either required or optional.

Configuring the Two-Rate Policer (required)

Verifying the Two-Rate Policer Configuration (optional)

Configuring the Two-Rate Policer

The Two-Rate Policer is configured in the service policy. To configure the Two-Rate Policer, use the following command in policy-map class configuration mode:

Command
Purpose

Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst]

Specifies that both the CIR and the PIR are to be used for two-rate traffic policing. The bc and be keywords and their associated arguments (conform-burst and peak-burst, respectively) are optional.

Although not required for configuring the Two-Rate Policer, the command syntax of the police command also allows you to specify the action to be taken on a packet when you enable an optional action argument. The resulting action corresponding to the keyword choices are listed in Table 1.

Table 1 police Command Action Keywords 

Keyword
Resulting Action

drop

Drops the packet.

set-clp-transmit

Sets the ATM CLP bit from 0 to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1.

set-dscp-transmit new-dscp

Sets the IP DSCP value and sends the packet with the new IP DSCP value setting.

set-frde-transmit

Sets the Frame Relay DE bit from 0 to 1 on the Frame Relay frame and sends the packet with the DE bit set to 1.

set-mpls-exp-transmit

Sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.

set-prec-transmit new-prec

Sets the IP precedence and sends the packet with the new IP precedence value setting.

set-qos-transmit new-qos

Sets the QoS group value and sends the packet with the new QoS group value setting.

transmit

Sends the packet with no alteration.


For more information about the police command, see the "Command Reference" section of this document.

The Two-Rate Policer works by using a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm (available through the Traffic Policing feature) and a two token bucket algorithm (available through the Two-Rate Policer).

For more information about the single-rate Traffic Policing feature, refer to the "Policing and Shaping Overview" chapter in the Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2.

For more information about the two token bucket algorithm, see the "Command Reference" section of this document.

Verifying the Two-Rate Policer Configuration

To verify that the Two-Rate Policer is configured on your interface, use the following command in EXEC or privileged EXEC mode:

Command
Purpose

Router# show policy-map interface

Displays statistics and configurations of all input and output policies attached to an interface.


Troubleshooting Tips

Check the interface type. Verify that your interface is not listed as a nonsupported interface in the "Restrictions" section of this document.

For input traffic policing on a Cisco 7500 series router, verify that CEF or dCEF is configured on the interface on which traffic policing is configured.

For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is CEF-switched or dCEF-switched. Traffic policing cannot be used on the switching path unless CEF or dCEF switching is enabled.

Monitoring and Maintaining the Two-Rate Policer

To monitor and maintain the Two-Rate Policer, use the following EXEC or privileged EXEC mode commands:

Command
Purpose

Router# show policy-map

Displays all configured policy maps.

Router# show policy-map policy-map-name

Displays the user-specified policy map.

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.


Configuration Examples

This section provides the following configuration example:

Limiting the Traffic Using a Policer Class Example

Limiting the Traffic Using a Policer Class Example

In this example, the Two-Rate Policer is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps. 

Router(config)# class-map police

Router(config-cmap)# match access-group 101

Router(config-cmap)# policy-map policy1

Router(config-pmap)# class police

Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Router(config-pmap-c)# interface s3/0

Router(config-if)# service-policy output policy1

Router(config-if)# end


Router# show policy-map policy1

 Policy Map policy1

  Class police

   police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.

In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer class. 

Router# show policy-map interface s3/0

 Serial3/0


  Service-policy output: policy1


   Class-map: police (match all)

    148803 packets, 36605538 bytes

    30 second offered rate 1249000 bps, drop rate 249000 bps

    Match: access-group 101

    police:

     cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000

     conformed 59538 packets, 14646348 bytes; action: transmit

     exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2

     violated 29731 packets, 7313826 bytes; action: drop

     conformed 499000 bps, exceed 500000 bps violate 249000 bps


   Class-map: class-default (match-any)

    19 packets, 1990 bytes

    30 seconds offered rate 0 bps, drop rate 0 bps

    Match: any

The Two-Rate Policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is, and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as violating the specified rate are dropped.

Command Reference

This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

police

show policy-map

show policy-map interface

police

To configure traffic policing, use the police command in policy-map class configuration mode. To remove traffic policing from the configuration, use the no form of this command.

police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

no police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

Syntax Description

cir

The committed information rate (CIR) at which the first token bucket is updated.

cir

Specifies the CIR value in bits per second.

bc

(Optional) The conform burst size (bc) used by the first token bucket for policing.

conform-burst

(Optional) Specifies the bc value in bytes.

pir

The peak information rate (PIR) at which the second token bucket is updated.

pir

Specifies the PIR value in bits per second.

be

(Optional) The peak burst size (be) used by the second taken bucket for policing.

peak-burst

(Optional) Specifies the be size in bytes.

conform-action

(Optional) Action to take on packets that conform to the CIR and PIR.

exceed-action

(Optional) Action to take on packets that conform to the PIR but not the CIR.

violate-action

(Optional) Action to take on packets exceed the PIR.

action

(Optional) Action to take on packets. Specify one of the following keywords:

drop—Drops the packet.

set-clp-transmit—Sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1.

set-dscp-transmit new-dscpSets the IP differentiated services code point (DSCP) value and sends the packet with the new IP DSCP value setting.

set-frde-transmit—Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1 on the Frame Relay frame and sends the packet with the DE bit set to 1.

set-mpls-exp-transmit—Sets the Multiprotocol Label Switching (MPLS) experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.

set-prec-transmit new-prec—Sets the IP precedence and sends the packet with the new IP precedence value setting.

set-qos-transmit new-qos—Sets the Quality of Service (QoS) group value and sends the packet with the new QoS group value setting.

transmit—Sends the packet with no alteration.


Defaults

This command is disabled by default.

Command Modes

Policy-map class configuration

Command History

Release
Modification

11.1 CC

The rate-limit command was introduced.

12.0(5)XE

The police command, which was closely related to the rate-limit command, was introduced.

12.1(1)E

This command was integrated into Cisco IOS Release 12.1(1)E.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T. The violate-action keyword became available.

12.2(2)T

The following keywords for the action argument were added to the police command:

set-clp-transmit

set-frde-transmit

set-mpls-exp-transmit

12.2(4)T

This command was integrated into Cisco IOS Release 12.2. Two keywords, cir and pir, were added to the police command to accommodate two-rate traffic policing.


Usage Guidelines

The Two-Rate Policer uses two token buckets—Tc and Tp—for policing traffic at two independent rates. Note the following points about the two token buckets:

The Tc token bucket is updated at the CIR value each time a packet arrives at the Two-Rate Policer. The Tc token bucket can contain up to the confirm burst (Bc) value.

The Tp token bucket is updated at the PIR value each time a packet arrives at the Two-Rate Policer. The Tp token bucket can contain up to the peak burst (Be) value.

Updating Token Buckets

The following scenario illustrates how the token buckets are updated:

A packet of B bytes arrives at time t. The last packet arrived at time t1. The CIR and the PIR token buckets at time t are represented by Tc(t) and Tp(t), respectively. Using these values and in this scenario, the token buckets are updated as follows:

Tc(t) = min(CIR * (t-t1) + Tc(t1), Bc)

Tp(t) = min(PIR * (t-t1) + Tp(t1), Be)

Marking Traffic

The Two-Rate Policer marks packets as either conforming, exceeding, or violating a specified rate. The following points (using a packet of B bytes) illustrate how a packet is marked:

If (B > Tp(t)), the packet is marked as violating the specified rate.

If (B > Tc(t)), the packet is marked as exceeding the specified rate, and the Tp(t) token bucket is updated as Tp(t) = Tp(t) - B.

Otherwise, the packet is marked as conforming to the specified rate, and both token buckets—Tc(t) and Tp(t)—are updated as follows:

Tp(t) = Tp(t) - B

Tc(t) = Tc(t) - B

For example, if the CIR is 100 kbps, and the PIR is 200 kbps, and a data stream with a rate of 250 kbps arrives at the Two-Rate Policer, the packet would be marked as follows:

100 kbps would be marked as conforming to the rate

100 kbps would be marked as exceeding the rate

50 kbps would be marked as violating the rate

Marking Packets and Assigning Actions Flowchart

The flowchart in Figure 1 illustrates how the Two-Rate Policer marks packets and assigns a corresponding action (that is, violate, exceed, or conform) to the packet.

Figure 1 Marking Packets and Assigning Actions with the Two-Rate Policer

Examples

In this example, the Two-Rate Policer is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps. 

Router(config)# class-map police

Router(config-cmap)# match access-group 101

Router(config-cmap)# policy-map policy1

Router(config-pmap)# class police

Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Router(config-pmap-c)# interface s3/0

Router(config-if)# service-policy output policy1

Router(config-if)# end


Router# show policy-map policy1

 Policy Map policy1

  Class police

   police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic marked as exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.

In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer class. 

Router# show policy-map interface s3/0

 Serial3/0


  Service-policy output: policy1


   Class-map: police (match all)

    148803 packets, 36605538 bytes

    30 second offered rate 1249000 bps, drop rate 249000 bps

    Match: access-group 101

    police:

     cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000

     conformed 59538 packets, 14646348 bytes; action: transmit

     exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2

     violated 29731 packets, 7313826 bytes; action: drop

     conformed 499000 bps, exceed 500000 bps violate 249000 bps


   Class-map: class-default (match-any)

    19 packets, 1990 bytes

    30 seconds offered rate 0 bps, drop rate 0 bps

    Match: any

The Two-Rate Policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming to the rate will be sent as is, and packets marked as exceeding the rate will be marked with IP Precedence 2 and then sent. Packets marked as violating the rate are dropped.

Related Commands

Command
Description

policy-map

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

service-policy

Attaches a policy map to an input interface or an output interface to be used as the service policy for that interface.

show policy-map

Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps.

show policy-map interface

Displays the configuration of all classes configured for all service policies on the specified interface or displays the classes for the service policy for a specific PVC on the interface.


show policy-map

To display the configuration of all classes for a specified service policy map or all classes for all existing policy maps, use the show policy-map command in EXEC or privileged EXEC mode.

show policy-map [policy-map]

Syntax Description

policy-map

(Optional) Name of the service policy map whose complete configuration is to be displayed.


Defaults

All existing policy map configurations are displayed.

Command Modes

EXEC or privileged EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.0(5)XE

This command was integrated into Cisco IOS Release 12.0(5)XE.

12.0(7)S

This command was integrated into Cisco IOS Release 12.0(7)S.

12.1(1)E

This command was integrated into Cisco IOS Release 12.1(1)E.

12.2(4)T

This command was modified for the Two-Rate Policer. It now can display burst parameters and associated actions.


Usage Guidelines

The show policy-map command displays the configuration of a service policy map created using the policy-map command. You can use the show policy-map command to display all class configurations comprising any existing service policy map, whether or not that service policy map has been attached to an interface.

Examples

In this example, the Two-Rate Policer is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps. 

Router(config)# class-map police

Router(config-cmap)# match access-group 101

Router(config-cmap)# policy-map policy1

Router(config-pmap)# class police

Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Router(config-pmap-c)# interface s3/0

Router(config-if)# service-policy output policy1

Router(config-if)# end


Router# show policy-map policy1

 Policy Map policy1

  Class police

   police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action 
transmit exceed-action set-prec-transmit 2 violate-action drop

Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10000 bytes.

Table 2 describes the significant fields shown in this display.

Table 2 show policy-map Field Descriptions 

Field
Description

police

Indicates that the police command has been configured to enable traffic policing. Also, displays the specified committed information rate (CIR), conform burst size (BC), peak information rate (PIR), and peak burst size used for marking packets.

conform-action

Displays the action to be taken on packets conforming to a specified rate.

exceed-action

Displays the action to be taken on packets exceeding a specified rate.

violate-action

Displays the action to be taken on packets violating a specified rate.


Related Commands

Command
Description

policy-map

Creates or modifies a policy map that can be attached to one or more interfaces to specify a service policy.

show policy-map class

Displays the configuration for the specified class of the specified policy map.

show policy-map interface

Displays the configuration of all classes configured for all service policies on the specified interface or displays the classes for the service policy for a specific PVC on the interface.


show policy-map interface

To display the configuration of all classes configured for all service policies on the specified interface or to display the classes for the service policy for a specific permanent virtual circuit (PVC) on the interface, use the show policy-map interface command in EXEC or privileged EXEC mode.

show policy-map interface-name [vc [vpi/] vci][dlci dlci]

Syntax Description

interface-name

Name of the interface or subinterface whose policy configuration is to be displayed.

vc

(Optional) For ATM interfaces only, shows the policy configuration for a specified PVC. The name can be up to 16 characters long.

vpi/

(Optional) ATM network virtual path identifier (VPI) for this PVC. The absence of the "/" and a vpi value defaults the vpi value to 0.

On Cisco 7200 and 7500 series routers, this value ranges from 0 to 255.

The vpi and vci arguments cannot both be set to 0; if one is 0, the other cannot be 0.

If this value is omitted, information for all VCs on the specified ATM interface or subinterface is displayed.

vci

(Optional) ATM network virtual channel identifier (VCI) for this PVC. This value ranges from 0 to 1 less than the maximum value set for this interface by the atm vc-per-vp command. Typically, lower values 0 to 31 are reserved for specific traffic (F4 Operation, Administration, and Maintenance (OAM), switched virtual circuit (SVC) signaling, Integrated Local Management Interface (ILMI), and so on) and should not be used.

The VCI is a 16-bit field in the header of the ATM cell. The VCI value is unique only on a single link, not throughout the ATM network, because it has local significance only.

The vpi and vci arguments cannot both be set to 0; if one is 0, the other cannot be 0.

dlci

(Optional) Indicates a specific PVC for which policy configuration will be displayed.

dlci

(Optional) A specific data-link connection identifier (DLCI) number used on the interface. Policy configuration for the corresponding PVC will be displayed when a DLCI is specified.


Defaults

This command has no default behavior or values.

Command Modes

EXEC or privileged EXEC

Command History

Release
Modification

12.0(5)T

This command was introduced.

12.0(5)XE

This command was integrated into Cisco IOS Release 12.0(5)XE.

12.0(7)S

This command was integrated into Cisco IOS Release 12.0(7)S.

12.1(1)E

This command was integrated into Cisco IOS Release 12.1(1)E.

12.1(2)T

This command was integrated into Cisco IOS Release 12.1(2)T. This command was modified to display information about the policy for all Frame Relay PVCs on the interface, or, if a DLCI is specified, the policy for that specific PVC. This command was also modified to display the total number of packets marked by the QoS set action.

12.1(3)T

This command was integrated into Cisco IOS Release 12.1(3)T. This command was modified to display per-class accounting statistics.

12.2(4)T

This command was modified for the Two-Rate Policer. It now can display burst parameters and associated actions.


Usage Guidelines

The show policy-map interface command displays the configuration for classes on the specified interface or the specified PVC only if a service policy has been attached to the interface or the PVC.

You can use the interface-name argument to display output for a PVC only for Enhanced ATM port adapters (PA-A3) that support per-VC queueing.

The counters displayed after the show policy-map interface command is entered are updated only if congestion is present on the interface.

The show policy-map interface command will display policy information about Frame Relay PVCs only if Frame Relay Traffic Shaping (FRTS) is enabled on the interface.

Examples

In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer class: 

Router# show policy-map interface s3/0

 Serial3/0


  Service-policy output: policy1


   Class-map: police (match all)

    148803 packets, 36605538 bytes

    30 second offered rate 1249000 bps, drop rate 249000 bps

    Match: access-group 101

    police:

     cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000

     conformed 59538 packets, 14646348 bytes; action: transmit

     exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2

     violated 29731 packets, 7313826 bytes; action: drop

     conformed 499000 bps, exceed 500000 bps violate 249000 bps


   Class-map: class-default (match-any)

    19 packets, 1990 bytes

    30 seconds offered rate 0 bps, drop rate 0 bps

    Match: any

The Two-Rate Policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is, and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as violating the specified rate are dropped.

Table 3 describes the fields associated with the Two-Rate Policer shown in this display. For more information about the other fields shown in this display, refer to the documentation for the show policy-map interface command in the Cisco IOS Quality of Service Solutions Command Reference, Release 12.2.

Table 3 show policy-map interface Field Descriptions 

Field
Description

police

Indicates that the police command has been configured to enable traffic policing. Also, displays the specified committed information rate (CIR), conform burst size, peak information rate (PIR), and peak burst size used for marking packets.

conform-action

Displays the action to be taken on packets conforming to a specified rate.

exceed-action

Displays the action to be taken on packets exceeding a specified rate.

violate-action

Displays the action to be taken on packets violating a specified rate.


Related Commands

Command
Description

show frame-relay pvc

Displays statistics about PVCs for Frame Relay interfaces.

show policy-map

Displays the configuration of all classes for a specified service policy map or all classes for all existing policy maps.

show policy-map class

Displays the configuration for the specified class of the specified policy map.