Table Of Contents
Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing
Configuring Ingress and Egress Policing
Verifying the Policing Configuration
Feature History for QoS Policing
Configuring QoS Policing
This chapter describes how to configure policing of traffic classes.
This chapter includes the following sections:
•
Verifying the Policing Configuration
•
Information About Policing
Policing is the monitoring of data rates and burst sizes for a particular class of traffic.
QoS policing on a network determines whether network traffic is within a specified profile (contract). This may cause out-of-profile traffic to drop or to be marked down to another differentiated services code point (DSCP) value to enforce a contracted service level. DSCP is a measure of the QoS level of the frame. Figure 4-1shows policing conditions and types.
Figure 4-1 Policing Conditions and Types
The following conditions, are recognized and trigger action by the policer depending on the defined data rate:
You can define single-rate and dual-rate policers.
Single-rate policers monitor the specified committed information rate (CIR) of traffic. Dual-rate policers monitor both CIR and peak information rate (PIR) of traffic.
For more information about policies, see RFC 2697, RFC 2698, and RFC 4115.
Prerequisites for Policing
Policing has the following prerequisites:
•
•
Guidelines and Limitations
Use the following guideline to configure policing:
•
Configuring Policing
You can configure a single- or dual-rate policer.
This section includes the following topics:
•
•
•
•
Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing
The type of policer created by the device is based on a combination of the police command arguments described in Table 4-1.
Note
Table 4-1 Arguments to the police Command
cir
Committed information rate, or desired bandwidth, specified as a bit rate or a percentage of the link rate. Although a value for cir is required, the argument itself is optional. The range of values is 1 to 80000000000; the range of policing values that are mathematically significant is 8000 to 80 Gbps.
percent
Specifies the rate as a percentage of the interface rate. The range of values is 1 to 100%.
bc
Indication of how much the cir can be exceeded, either as a bit rate or an amount of time at cir. The default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
pir
Peak information rate, specified as a PIR bit rate or a percentage of the link rate. There is no default. The range of values is 1 to 80000000000; the range of policing values that are mathematically significant is 8000 to 80 Gbps. The range of percentage values is 1 to 100%.
be
Indication of how much the pir can be exceeded, either as a bit rate or an amount of time at pir. When the bc value is not specified, the default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
Note
conform
Single action to take if the traffic data rate is within bounds. The basic actions are transmit or one of the set commands listed in Table 4-4. The default is transmit.
exceed
Single action to take if the traffic data rate exceeds the specified boundaries. The basic actions are drop or markdown. The default is drop.
violate
Single action to take if the traffic data rate violates the configured rate values. The basic actions are drop or markdown. The default is drop.
Although all the arguments in Table 4-1 are optional, you must specify a value for cir. In this section, cir indicates what is its value but not necessarily the keyword itself. The combination of these arguments and the resulting policer types and actions are shown in Table 4-2.
The policer actions that you can specify are described in Table 4-3 and Table 4-4.
Table 4-3 Policer Actions for Exceed or Violate
drop
Drops the packet. This is only available when the packet exceeds or violates the parameters.
set dscp dscp table {cir-markdown-map | pir-markdown-map}
Sets the specified fields from a table map and transmits the packet. For more information on the system-defined, or default table maps, see Chapter 3, "Configuring QoS Marking Policies." This is available only when the packet exceeds the parameters (use the cir-markdown-map) or violates the parameters (use the pir-markdown-map).
Note
The data rates used in the police command are described in Table 4-5.
Table 4-5 The Data Rates for the police Command
bps
Bits per second (default)
kbps
1,000 bits per seconds
mbps
1,000,000 bits per second
gbps
1,000,000,000 bits per second
Burst sizes used in the police command are described in Table 4-6.
Table 4-6 Burst Sizes for the police Command
bytes
bytes
kbytes
1,000 bytes
mbytes
1,000,000 bytes
ms
milliseconds
us
microseconds
SUMMARY STEPS
Note
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Step 1
config t
Example:
switch# config t
switch(config)#
Places you into CLI Global Configuration mode.
Step 2
policy-map [type qos] [match-first] policy-map-name
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
Creates or accesses the policy map named policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3
class [type qos] {class_map_name | class-default}
Example:
switch(config-pmap-qos)# class class-default
switch(config-pmap-c-qos)#
Creates a reference to class_map_name, and enters policy-map class configuration mode. The class is added to the end of the policy map. Specify class-default to select all traffic that is not matched by classes in the policy map so far.
Step 4
police [cir] {committed-rate [data-rate] | percent cir-link-percent} [[bc committed-burst-rate [link-speed]][pir] {peak-rate [data-rate] | percent cir-link-percent} [[be peak-burst-rate [link-speed]] [conform {transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit} [exceed {drop | set dscp dscp table {cir-markdown-map}} [violate {drop | set dscp dscp table {pir-markdown-map}}]]]
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is <= cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, then the exceed action is taken if the data rate <= pir, and the violate action is taken otherwise. The actions are described in Table 4-3 and Table 4-4. The data rates and link speeds are described in Table 4-5 and Table 4-6.
Example #1:
switch(config-pmap-c-qos)# police cir 256000 conform transmit violate set dscp dscp table pir-markdown-map
switch(config-pmap-c-qos)#
This first example shows a 1-rate, 2-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps and marks DSCP to the values that are configured in table map if the data rate is violated.
Example #2:
switch(config-pmap-c-qos)# police cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
This second example shows a 1-rate, 3-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps, and marks DSCP to the values that are configured in table map if the data rate is violated.
Note
Step 5
show policy-map [type qos] [policy-map-name]
Example:
switch(config-pmap-c-qos)# show policy-map
(Optional) Displays information about all configured policy maps or a selected policy map of type QoS.
Step 6
copy running-config startup-config
Example:
switch(config-pmap-c-qos)# copy running-config startup-config
(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.
Configuring Ingress and Egress Policing
You can apply the policing instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface or port profile. To select ingress or egress, you specify either the input or output keyword in the service-policy command. For an example of how to use the service-policy command, see the "Creating Ingress and Egress Policies" procedure on page 3-12.
Configuring Markdown Policing
Markdown policing is the setting of a QoS field in a packet when traffic exceeds or violates the policed data rates. You can configure markdown policing by using the set commands for policing action described in Table 4-3 and Table 4-4.
The example in this section shows you how to use a table map to perform markdown.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Step 1
config t
Example:
switch# config t
switch(config)#
Places you into CLI Global Configuration mode.
Step 2
policy-map [type qos] [match-first] policy-map-name
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
Creates or accesses the policy-map named policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
Step 3
class [type qos] {class_map_name | class-default}
Example:
switch(config-pmap-qos)# class class-default
switch(config-pmap-c-qos)#
Creates a reference to class_map_name, and enters policy-map class configuration mode. The class is added to the end of the policy map. Specify class-default to select all traffic not matched by classes in the policy map so far.
Step 4
police [cir] {committed-rate [data-rate] | percent cir-link-percent} [[bc | burst] burst-rate [link-speed]] [[be | peak-burst] peak-burst-rate [link-speed]] [conform action [exceed set dscp dscp table cir-markdown-map [violate set dscp dscp table pir-markdown-map]]]
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is <= cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, then the exceed action is taken if the data rate <= pir, and the violate action is taken otherwise. The actions are described in Table 4-3 and Table 4-4. The data rates and link speeds are described in Table 4-5 and Table 4-6.
Example:
switch(config-pmap-c-qos)# police cir 256000 be 300 ms conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
This example shows a 1-rate, 3-color policer that transmits if the data rate is within 300 milliseconds of traffic at 256000 bps; marks down DSCP using the system-defined table map if the data rate is within 300 milliseconds of traffic at 256000 bps; and drops packets otherwise.
Step 5
show policy-map [type qos] [policy-map-name]
Example:
switch(config-pmap-c-qos)# show policy-map
(Optional) Displays information about the policy map configuration.
Step 6
copy running-config startup-config
Example:
switch(config-pmap-c-qos)# copy running-config startup-config
(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration.
Verifying the Policing Configuration
Use these command to verify the policing configuration.
Example Configurations
The following are examples of how to configure policing:
Example 4-1 1-rate, 2-color policer
config tpolicy-map policy1class one_rate_2_color_policerpolice cir 256000 conform transmit violate dropExample 4-2 1-rate, 2-color policer with DSCP markdown
config tpolicy-map policy2class one_rate_2_color_policer_with_dscp_markdownpolice cir 256000 conform set-dscp-transmit af11 violate set dscp dscp table pir-markdown-mapExample 4-3 1-rate, 3-color policer
config tpolicy-map policy3class one_rate_3_color_policerpolice cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate dropFeature History for QoS Policing
This section provides the QoS policing release history.
