The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure policing of traffic classes.
Policing is the monitoring of data rates and burst sizes for a particular class of traffic.
QoS policing on a network determines whether network traffic is within a specified profile (contract). This may cause out-of-profile traffic to drop or to be marked down to another differentiated services code point (DSCP) value to enforce a contracted service level. DSCP is a measure of the QoS level of the frame. Figure 4-1shows policing conditions and types.
Figure 4-1 Policing Conditions and Types
The following conditions, are recognized and trigger action by the policer depending on the defined data rate:
You can define single-rate and dual-rate policers.
Single-rate policers monitor the specified committed information rate (CIR) of traffic. Dual-rate policers monitor both CIR and peak information rate (PIR) of traffic.
For more information about policies, see RFC 2697, RFC 2698, and RFC 4115.
Policing has the following prerequisites:
You can configure a single- or dual-rate policer.
This section includes the following topics:
The type of policer created by the device is based on a combination of the police command arguments described in Table 4-1 .
Note Specify the identical value for pir and cir to configure 1-rate 3-color policing.
|
|
---|---|
Committed information rate, or desired bandwidth, specified as a bit rate or a percentage of the link rate. Although a value for cir is required, the argument itself is optional. The range of values is 1 to 80000000000; the range of policing values that are mathematically significant is 8000 to 80 Gbps. |
|
Specifies the rate as a percentage of the interface rate. The range of values is 1 to 100%. |
|
Indication of how much the cir can be exceeded, either as a bit rate or an amount of time at cir. The default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter. |
|
Peak information rate, specified as a PIR bit rate or a percentage of the link rate. There is no default. The range of values is 1 to 80000000000; the range of policing values that are mathematically significant is 8000 to 80 Gbps. The range of percentage values is 1 to 100%. |
|
Indication of how much the pir can be exceeded, either as a bit rate or an amount of time at pir. When the bc value is not specified, the default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter. Note You must specify a value for pir before the device displays this argument. |
|
Single action to take if the traffic data rate is within bounds. The basic actions are transmit or one of the set commands listed in Table 4-4 . The default is transmit. |
|
Single action to take if the traffic data rate exceeds the specified boundaries. The basic actions are drop or markdown. The default is drop. |
|
Single action to take if the traffic data rate violates the configured rate values. The basic actions are drop or markdown. The default is drop. |
Although all the arguments in Table 4-1 are optional, you must specify a value for cir. In this section, cir indicates what is its value but not necessarily the keyword itself. The combination of these arguments and the resulting policer types and actions are shown in Table 4-2 .
|
|
|
---|---|---|
The policer actions that you can specify are described in Table 4-3 and Table 4-4 .
|
|
---|---|
Drops the packet. This is only available when the packet exceeds or violates the parameters. |
|
Sets the specified fields from a table map and transmits the packet. For more information on the system-defined, or default table maps, see Chapter3, “Configuring QoS Marking Policies” This is available only when the packet exceeds the parameters (use the cir-markdown-map) or violates the parameters (use the pir-markdown-map). |
Note The policer can only drop or markdown packets that exceed or violate the specified parameters. See Chapter 3, “Configuring QoS Marking Policies” for information on marking down packets.
The data rates used in the police command are described in Table 4-5 .
|
|
---|---|
Burst sizes used in the police command are described in Table 4-6 .
|
|
---|---|
Note Specify the identical value for pir and cir to configure 1-rate 3-color policing.
2. policy-map [ type qos ] [ match-first ] policy-map-name
3. class [ type qos ] { class_map_name | class-default }
4. police [ cir ] { committed-rate [ data-rate ] | percent cir-link-percent } [ bc committed-burst-rate [ link-speed ]] [ pir ] { peak-rate [ data-rate ] | percent cir-link-percent } [ be peak-burst-rate [ link-speed ]] { conform { transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit } [ exceed { drop | set dscp dscp table { cir-markdown-map }} [ violate { drop | set dscp dscp table { pir-markdown-map }}]]}
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] policy-map-name |
Creates or accesses the policy map named policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class_map_name | class-default } |
Creates a reference to class_map_name, and enters policy-map class configuration mode. The class is added to the end of the policy map. Specify class-default to select all traffic that is not matched by classes in the policy map so far. |
|
police [ cir ] { committed-rate [ data-rate ] | percent cir-link-percent } [[ bc committed- burst-rate [ link-speed ]][ pir ] { peak-rate [ data-rate ] | percent cir-link-percent } [[ be peak-burst-rate [ link-speed ]] [ conform { transmit | set-prec-transmit | set-dscp-transmit | set-cos-transmit | set-qos-transmit | set-discard-class-transmit } [ exceed { drop | set dscp dscp table { cir-markdown-map }} [ violate { drop | set dscp dscp table { pir-markdown-map }}]]] |
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is <= cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, then the exceed action is taken if the data rate <= pir, and the violate action is taken otherwise. The actions are described in Table 4-3 and Table 4-4 . The data rates and link speeds are described in Table 4-5 and Table 4-6 . |
|
switch(config-pmap-c-qos)# police cir 256000 conform transmit violate set dscp dscp table pir-markdown-map |
This first example shows a 1-rate, 2-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps and marks DSCP to the values that are configured in table map if the data rate is violated. |
|
switch(config-pmap-c-qos)# police cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate drop |
This second example shows a 1-rate, 3-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps, and marks DSCP to the values that are configured in table map if the data rate is violated. |
|
(Optional) Displays information about all configured policy maps or a selected policy map of type QoS. |
||
copy running-config startup-config switch(config-pmap-c-qos)# copy running-config startup-config |
(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
You can apply the policing instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface or port profile. To select ingress or egress, you specify either the input or output keyword in the service-policy command. For an example of how to use the service-policy command, see the Creating Ingress and Egress Policies.
Markdown policing is the setting of a QoS field in a packet when traffic exceeds or violates the policed data rates. You can configure markdown policing by using the set commands for policing action described in Table 4-3 and Table 4-4 .
The example in this section shows you how to use a table map to perform markdown.
2. policy-map [ type qos ] [ match-first ] policy-map-name
3. class [ type qos ] { class_map_name | class-default }
4. police [ cir ] { committed-rate [ data-rate ] | percent cir-link-percent } [ bc committed-burst-rate [ link-speed ]] [ pir ] { peak-rate [ data-rate ] | percent cir-link-percent } [ be peak-burst-rate [ link-speed ]] { conform action [ exceed { drop | set dscp dscp table cir-markdown-map } [ violate { drop | set dscp dscp table pir-markdown-map }]]}}
|
|
|
---|---|---|
policy-map [ type qos ] [ match-first ] policy-map-name |
Creates or accesses the policy-map named policy-map-name, and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. |
|
class [ type qos ] { class_map_name | class-default } |
Creates a reference to class_map_name, and enters policy-map class configuration mode. The class is added to the end of the policy map. Specify class-default to select all traffic not matched by classes in the policy map so far. |
|
police [ cir ] { committed-rate [ data-rate ] | percent cir- link-percent } [[ bc | burst ] burst-rate [ link-speed ]] [[ be | peak-burst ] peak-burst-rate [ link-speed ]] [ conform action [ exceed set dscp dscp table cir-markdown-map [ violate set dscp dscp table pir-markdown-map ]]] |
Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is <= cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, then the exceed action is taken if the data rate <= pir, and the violate action is taken otherwise. The actions are described in Table 4-3 and Table 4-4 . The data rates and link speeds are described in Table 4-5 and Table 4-6 . |
|
switch(config-pmap-c-qos)# police cir 256000 be 300 ms conform transmit exceed set dscp dscp table cir-markdown-map violate drop |
This example shows a 1-rate, 3-color policer that transmits if the data rate is within 300 milliseconds of traffic at 256000 bps; marks down DSCP using the system-defined table map if the data rate is within 300 milliseconds of traffic at 256000 bps; and drops packets otherwise. |
|
(Optional) Displays information about the policy map configuration. |
||
copy running-config startup-config switch(config-pmap-c-qos)# copy running-config startup-config |
(Optional) Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. |
Use these command to verify the policing configuration.
The following are examples of how to configure policing:
Example 4-1 1-rate, 2-color policer
Example 4-2 1-rate, 2-color policer with DSCP markdown
Example 4-3 1-rate, 3-color policer
This section provides the QoS policing release history.
|
|
|
---|---|---|