Cisco IOS XE Quality of Service Solutions Configuration Guide, Release 2
Policer Enhancement--Multiple Actions
Download this chapter
Policer Enhancement--Multiple ActionsPolicer Enhancement--Multiple Actions
give_us_feedback

Table Of Contents

Policer Enhancement—Multiple Actions

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring Multiple Policer Actions

Verifying the Multiple Policer Actions Configuration

Troubleshooting Tips

Monitoring and Maintaining the Multiple Policer Actions

Configuration Examples

Multiple Actions in a Two-Rate Policer: Example

Verifying the Multiple Policer Actions: Example


Policer Enhancement—Multiple Actions

Feature History

Release
Modification

Cisco IOS XE Release 2.1

This feature was introduced on Cisco ASR 1000 Series Routers.


This document describes the Policer Enhancement—Multiple Actions feature and includes the following sections:

Feature Overview

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Monitoring and Maintaining the Multiple Policer Actions

Configuration Examples

Feature Overview

This feature further extends the functionality of the Cisco IOS XE single-rate policer and the Two-Rate Policer feature. The Traffic Policing and Two-Rate Policer features are traffic policing mechanisms that allow you to control the maximum rate of traffic sent or received on an interface. Both of these traffic policing mechanisms mark packets as either conforming to, exceeding, or violating a specified rate. After a packet is marked, you can specify an action to be taken on the packet based on that marking.

With both the Traffic Policing feature and the Two-Rate Policer feature, you can specify only one conform action, one exceed action, and one violate action. Now with the new Policer Enhancement—Multiple Actions feature, you can specify multiple conform, exceed, and violate actions for the marked packets.

You specify the multiple actions by using the action argument of the police command. The resulting actions are listed in Table 1.

Table 1 police Command Action Arguments

Specified Action
Result

drop

Drops the packet.

set-clp-transmit

Sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet.

set-cos-transmit

Sets the Class of Service (CoS) value and transmits the packet.

set-discard-class-transmit

Sets the discard-class value and transmits the packet.

set-dscp-transmit new-dscp

Sets the IP differentiated services code point (DSCP) value and transmits the packet with the ATM CLP bit set to 1.

set-frde-transmit

Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1 on the Frame Relay frame and transmits the packet.

set-mpls-exp-transmit

Sets the Multiprotocol Label Switching (MPLS) experimental (EXP) bits from 0 to 7 and transmits the packet.

set-mpls-exp-imposition-transmit

Sets the MPLS EXP bits from 0 to 7 at tag imposition and transmits the packet.

set-prec-transmit new-prec

Sets the IP Precedence level and transmits the packet.

set-qos-transmit new-qos

Sets the Quality of Service (QoS) group value and transmits the packet.

transmit

Transmits the packet.


For more information about the police command, see the Cisco IOS Quality of Service Solutions Command Reference.

For more information about traffic policing, see the "Policing and Shaping Overview" module. For more information about the Two-Rate Policer feature, see the "Two-Rate Policer" module.

Benefits

Before this feature, you could specify only one marking action for a packet, in addition to transmitting the packet. This feature provides enhanced flexibility by allowing you to specify multiple marking actions for a packet, as required. For example, if you know the packet will be transmitted through both a TCP/IP and a Frame Relay environment, you can change the DSCP value of the exceeding or violating packet, and also set the Frame Relay Discard Eligibility (DE) bit from 0 to 1 to indicate lower priority.

Restrictions

Multiple policer actions can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC) only.

When using this feature, you can specify a maximum of four actions at one time.

Multiple policer actions are not supported on EtherChannel interfaces.

Related Features and Technologies

Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC)

Class-Based Weighted Fair Queueing (CBWFQ)

Class-Based Packet Marking

Traffic Policing

Two-Rate Policing

Related Documents

"Applying QoS Features Using the MQC" module

"Marking Network Traffic" module

"Policing and Shaping Overview" module

"Traffic Policing" module

"Two-Rate Policer" module

Cisco IOS Quality of Service Solutions Command Reference

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

CISCO-CLASS-BASED-QOS-MIB

CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

To locate and download MIBs for selected platforms, Cisco IOS XE Software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC 2697, A Single Rate Three Color Marker

RFC 2698, A Two Rate Three Color Marker

Prerequisites

Before configuring the Policer Enhancement—Multiple Actions feature, you should read and be familiar with the information in the following modules:

"Policing and Shaping Overview" module

"Traffic Policing" module

"Two-Rate Policer" module

To configure the Policer Enhancement—Multiple Actions feature, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface. These tasks are performed using the MQC. For about the MQC, see the "Applying QoS Features Using the MQC" module.

Configuration Tasks

See the following sections for configuration tasks for the Police Enhancement—Multiple Actions feature. Each task in the list is identified as either required or optional.

Configuring Multiple Policer Actions (required)

Verifying the Multiple Policer Actions Configuration (optional)

Configuring Multiple Policer Actions

To configure multiple policer actions, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates a policy map. Enters policy-map configuration mode.

Step 2 

Router(config-pmap)# class class-default

Specifies the default traffic class for a service policy. Enters policy-map class configuration mode.

Step 3 

Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

Configures traffic policing and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode.

Verifying the Multiple Policer Actions Configuration

To verify that the multiple policer actions have been configured on the interface, use the following command in EXEC or privileged EXEC mode:

Command
Purpose

Router# show policy-map interface

Displays statistics and configurations of all input and output policies attached to an interface.


Troubleshooting Tips

Check the interface type. Verify that this feature is supported on your interface. See the "Restrictions" section.

Monitoring and Maintaining the Multiple Policer Actions

To monitor and maintain the multiple policer actions, use the following EXEC or privileged EXEC mode commands, as needed:

Command
Purpose

Router# show policy-map

Displays all configured policy maps.

Router# show policy-map policy-map-name

Displays the user-specified policy map.

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.


Configuration Examples

This section provides the following configuration examples:

Multiple Actions in a Two-Rate Policer: Example

Verifying the Multiple Policer Actions: Example

Multiple Actions in a Two-Rate Policer: Example

In the following example, a policy map called police is configured to use a two-rate policer to police traffic leaving an interface. Two rates, a committed information rate (CIR) of 1 Mbps and a peak information rate (PIR) of 2 Mbps, have been specified. 

Router(config)# policy-map police

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir 1000000 pir 2000000 

Router(config-pmap-c-police)# conform-action transmit

Router(config-pmap-c-police)# exceed-action set-prec-transmit 4

Router(config-pmap-c-police)# exceed-action set-frde-transmit

Router(config-pmap-c-police)# violate-action set-prec-transmit 2

Router(config-pmap-c-police)# violate-action set-frde-transmit 

Router(config-pmap-c-police)# end

The following actions will be performed on packets associated with the policy map called police:

All packets marked as conforming to these rates (that is, packets conforming to the CIR) will be transmitted unaltered.

All packets marked as exceeding these rates (that is, packets exceeding the CIR but not exceeding the PIR) will be assigned an IP Precedence level of 4, the DE bit will be set to 1, and then transmitted.

All packets marked as violating the rate (that is, exceeding the PIR) will be assigned an IP Precedence level of 2, the DE bit will be set to 1, and then transmitted.

Verifying the Multiple Policer Actions: Example

The following sample output of the show policy-map command displays the configuration for a service policy called police. In this service policy, multiple actions for packets marked as exceeding the specified CIR rate have been configured. For those packets, the IP Precedence level is set to 4, the DE bit is set to 1, and the packet is transmitted. Multiple actions for packets marked as violating the specified PIR rate have also been configured. For those packets, the IP Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted. 

Router# show policy-map police


  Policy Map police

    Class class-default

     police cir 1000000 bc 31250 pir 2000000 be 31250

       conform-action transmit 

       exceed-action set-prec-transmit 4

       exceed-action set-frde-transmit 

       violate-action set-prec-transmit 2

       violate-action set-frde-transmit

CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0812R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental

© 2007-2009 Cisco Systems, Inc. All rights reserved.