Table Of Contents
Information About the Color-Aware Policer
Color-Aware Mode of Single-Rate Traffic Policing
Color-Aware Mode of Two-Rate Traffic Policing
How to Configure Color-Aware Policing
Configuration Examples for Color-Aware Policing
QoS: Color-Aware Policer
First Published: August 26, 2003Last Updated: February 28, 2006The QoS: Color-Aware Policer enables a "color-aware" method of traffic policing. This feature allows you to police traffic according to the color classification of a packet. The packet color classification is based on packet matching criteria defined for two user-specified traffic classes—the conform-color class and the exceed-color class. These two traffic classes are created using the conform-color command and the metering rates are defined using the police command.
History for the QoS: Color-Aware Policer Featurer
Release Modification12.0(26)S
This feature was introduced.
12.2(28)SB
This feature was integrated into Cisco IOS Release 12.2(28)SB.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•Information About the Color-Aware Policer
•How to Configure Color-Aware Policing
•Configuration Examples for Color-Aware Policing
Information About the Color-Aware Policer
To configure the Color-Aware Policer, you should understand the following concepts:
Benefits
Extended Traffic Policing Functionality
The Color-Aware Policer extends the functionality of the quality of service (QoS) traffic policing feature. It allows you to police traffic on the basis of the packet color classification in color-aware mode.
Improved SLA Provisioning
The Color-Aware Policer allows you to provision enhanced Service Level Agreements (SLAs) across the DiffServ domain.
Full Compliance with Industry-Standard RFCs
This feature fully complies with the following two industry-standard RFCs:
•RFC 2697: A Single Rate Three Color Marker
•RFC 2698: A Two Rate Three Color Marker
Use of Preexisting Packet Marking from Other Traffic Policers
Cisco IOS software includes a number of traffic policing features, including the Two-Rate Policer. The Color-Aware Policer takes into account any preexisting markings that may be set for a packet by another traffic policer (for example, the Two-Rate Policer) configured at a previous network node. At the node where color-aware policing is configured, these preexisting markings are then used in determining the appropriate color-aware policing action for the packet.
For example, two-rate policing may be configured on a node upstream in the network. The Two-Rate Policer has marked a packet as violate-color. The Color-Aware Policer takes this violate-color marking into account when determining the appropriate policing action. In color-aware policing, the violate-color packet would never receive the action associated with either the conform-color packets or exceed-color packets. This way, tokens for violating packets are never taken from the metering token buckets at the color-aware policing node.
Color-Aware Mode
The Cisco IOS traffic policing software polices traffic on the basis of metering rates such as the committed information rate (CIR), the peak information rate (PIR), their associated burst sizes, and any policing actions (such as transmit or drop) configured for the traffic. These metering rates, sizes, and policing actions are specified using the police command.
This feature allows you to police traffic in color-aware mode. In the color-aware mode, packet matching criteria will first be specified using the class-map command. Then a policy map will be configured to create classes, enable color-aware traffic policing, and create two classes used specifically for color-aware policing—the conform-color class and the exceed-color class.
The conform-color class and the exceed-class are created by using the conform-color command (described later in this document). The police command is used in conjunction with the conform-color command to specify the policing actions to be taken on packets in the conform-color class and the exceed-color class.
With color-aware policing, packets are classified as either conform-color packets, exceed-color packets, or violate-color packets. The metering treatment the packet receives varies by the classification, as described below:
•Packets belonging to the conform-color class are metered against both the CIR and the PIR.
•Packets belonging to the exceed-color class are metered against the PIR only.
•Packets belonging to the violate-color class are not metered against either the CIR or the PIR.
The police command is then used to specify the following items:
•The CIR and PIR
•The conform burst (bc) size
•The excess burst (be) size
•The policing actions to be taken on the packet
Color-aware mode can be used with either single-rate traffic policing or two-rate traffic policing.
Color-Aware Mode of Single-Rate Traffic Policing
Networks police traffic by limiting the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS).
Single-rate traffic policing (often referred to simply as traffic policing) limits the input or output transmission rate of a class of traffic on the basis of user-defined criteria. It allows you to control the maximum rate of traffic transmitted or received on an interface.
Traffic policing works by using a token bucket algorithm. There are currently two types of token bucket algorithms: a single-token bucket algorithm and a two-token bucket algorithm. A single-token bucket system is used when the violate-action option is not specified, and a two-token bucket system is used when the violate-action option is specified.
Single-Rate Color-Aware Mode Functionality
The flow chart in Figure 1 illustrates the algorithm used for handling traffic in color-aware single-rate traffic policing.
Figure 1 Traffic Flow Algorithm Used in Color-Aware Single-Rate Traffic Policing
In the above flow chart, a packet of size B arrives at the interface. Tc indicates the number of tokens in the CIR token bucket, and Tb indicates the number of tokens in the excess token bucket.
When a packet of size B bytes arrives at the interface, the packet is evaluated as to whether it is marked as either a conform-color packet, an exceed-color packet, or a packet with no color marking. Then the following actions are performed on the packet in the order shown below:
1. If the packet is marked conform-color, and Tc is greater than or equal to B, the conform action is applied to the packet, and Tc is decremented by B.
2. Otherwise, if the packet is marked conform-color or exceed-color, and Te is greater than or equal to B, the exceed action is applied to the packet, and Te is decremented by B.
3. Otherwise, for all other packets, the violate action is applied to the packet.
Policing Actions
The algorithm provides users with three actions for each packet: a conform action, an exceed action, and an optional violate action. A conform action is applied to the conforming packets, an exceed action is applied to the exceeding packets, and an violate action is applied to the violating packets. Users can specify these actions. For instance, conforming packets can sent, exceeding packets can sent with a decreased priority, and violating packets can be dropped.
Color-Aware Mode of Two-Rate Traffic Policing
Networks police traffic by limiting the input or output transmission rate of a class of traffic on the basis of user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or CoS.
With the two-rate traffic policing, you can enforce traffic policing according to two separate rates—the CIR and the PIR. You can specify the use of these two rates, along with their corresponding values, by using the cir and pir keywords of the police command.
Two-rate traffic policing uses two token buckets—Tc and Tp—for policing traffic at two independent rates. The Tc token bucket contains the tokens in the CIR bucket. The Tp token bucket contains the tokens in the PIR bucket.
Note the following points about the two token buckets:
•The Tc token bucket is updated at the CIR value each time a packet arrives at the interface. The Tc token bucket can contain up to the confirm burst (Bc) value.
•The Tp token bucket is updated at the PIR value each time a packet arrives at the interface. The Tp token bucket can contain up to the peak burst (Be) value.
Two-Rate Color-Aware Mode Functionality
The flow chart in Figure 2 illustrates the algorithm used for handling traffic in color-aware two-rate traffic policing.
Figure 2 Traffic Flow Algorithm Used in Color-Aware Two-Rate Traffic Policing
In the above illustration, a packet of size B arrives at the interface. Tc indicates the number of tokens in the CIR token bucket, and Tp indicates the number of tokens in PIR token bucket.
When a packet of size B bytes arrives at the interface, the packet is evaluated as to whether it is marked as either an exceed-color packet or a violate-color packet. Then the following actions are performed on the packet in the order shown below:
1. If the packet is marked violate-color, or Tp is less than B, the violate action is applied to the packet. Tp is not decremented.
2. Otherwise, if the packet is marked exceed-color, and Tc is less than B, the exceed action is applied to the packet, and Tc bucket is decremented by B.
3. Otherwise, for all other packets, the conform action is applied to the packet, and both the Tc and Tp are decremented by B.
Policing Actions
The algorithm provides users with three actions for each packet: a conform action, an exceed action, and an optional violate action. A conform action is applied to the conforming packets, an exceed action is applied to the exceeding packets, and an violate action is applied to the violating packets. Users can specify these actions. For instance, conforming packets can sent, exceeding packets can sent with a decreased priority, and violating packets can be dropped.
Packet Matching Criteria
The first process in configuring color-aware policing is to create a class map. The class map is used to specify packet matching criteria.For instance, you can configure the class map to match packets based on a precedence level, a CoS value, or a differentiated services code point (DSCP) value. The match criteria is set with a specific match command. For example, to match packets based on a precedence value, use the match precedence command.
The match commands that can be used in a class map to establish packet matching criteria include the commands listed in Table 1.
.
The specific match commands that can be used to match packets vary from Cisco IOS release to Cisco IOS release. For more information about the match commands, refer to the documentation for your Cisco IOS release.
How to Configure Color-Aware Policing
This section contains the following procedures:
•Creating a Class Map (required)
•Configuring a Policy Map (required)
•Attaching the Policy Map (required)
•Verifying the Configuration (optional)
Creating a Class Map
A class map is used to specify packet matching criteria. To create a class map, use the commands in the following sections.
SUMMARY STEPS
1. enable
2. configure terminal
3. class-map [match-all | match-any] class-map-name
4. match [ip] precedence ip-precedence-value
5. exit
6. class-map [match-all | match-any] class-map-name
7. match [ip] precedence ip-precedence-value
8. exit
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
class-map [match-all | match-any] class-map-name
Example:Router(config)# class-map conform_color_map
Creates the conform-color class-map used for specifying packet matching criterion and enters class-map configuration mode.
Note The optional match-all and match-any keywords determine how packets are evaluated when multiple match criteria exist. Packets must meet either all of the match criteria (match-all) or one of the match criteria (match-any) to be considered a member of the class.
•Enter the class-map name.
Step 4
match [ip] precedence ip-precedence-value
Router(config-cmap)# match ip precedence 5
(Optional) Specifies the IP precedence value as the match criterion.
•Enter the IP precedence value.
Note In this example, the IP precedence value was used as the match criterion. Other criteria (for example, the CoS value, the DSCP, or the MPLS EXP value) can be used. Match criteria are specified by using the various match commands. Use the match command that is appropriate for your network. For a list of match commands that are available, see Table 1.
Step 5
exit
Example:Router(config-cmap)# exit
(Optional) Exits class-map configuration mode.
Step 6
class-map [match-all | match-any] class-map-name
Example:Router(config)# class-map exceed_color_map
Creates the exceed-color class-map used for specifying packet matching criterion and enters class-map configuration mode.
Note The optional match-all and match-any keywords determine how packets are evaluated when multiple match criteria exist. Packets must meet either all of the match criteria (match-all) or one of the match criteria (match-any) to be considered a member of the class.
•Enter the class-map name.
Step 7
match [ip] precedence ip-precedence-value
Router(config-cmap)# match ip precedence 3
(Optional) Specifies the IP precedence value as the match criterion.
•Enter the IP precedence value.
Note In this example, the IP precedence value was used as the match criterion. Other criteria (for example, the CoS value, the DSCP, or the MPLS EXP value) can be used. Match criteria are specified by using the various match commands. Use the match command that is appropriate for your network. For a list of match commands that are available, see Table 1.
Step 8
exit
Example:Router(config-cmap)# exit
(Optional) Exits class-map configuration mode.
Configuring a Policy Map
A policy map determines the specific QoS feature that will be applied to the packets in a specific class. For instance, a policy map can be used to configure traffic shaping, Weight Random Early Detection (WRED), or, as in this case, color-aware traffic policing.
To configure a policy map for color-aware traffic policing, use the commands in the following sections:
SUMMARY STEPS
1. enable
2. configure terminal
3. policy-map policy-map-name
4. class {class-name | class-default}
5. police cir cir [bc conform-burst] pir pir [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]
6. conform-color class-map-name [exceed-color class-map-name]
7. exit
DETAILED STEPS
Attaching the Policy Map
The policy map you have created must be attached to the appropriate interface or ATM permanent virtual circuit (PVC). For example, you may have to attach policy maps to either the input or the output interface on either the ingress or the egress router.
To attach a policy map to the appropriate interface or ATM PVC, use the commands in the following sections:
SUMMARY STEPS
1. enable
2. configure terminal
3. interface type number [name-tag]
4. pvc [name] vpi/vci [ilmi | qsaal | smds]
5. service-policy {input | output} policy-map-name
6. exit
DETAILED STEPS
Command or Action PurposeStep 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•Enter your password if prompted.
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
interface type number [name-tag]
Example:Router(config)# interface FastEthernet1/0.1
Configures the interface type specified and enters interface configuration mode.
•Enter interface type.
Step 4
pvc [name] vpi/vci [ilmi | qsaal | smds]
Example:Router(config-if)# pvc cisco 0/16 ilmi
(Optional) Creates or assigns a name to an ATM PVC, specifies the encapsulation type on an ATM PVC, and enters ATM VC configuration mode.
Note This step is required only if you are attaching the policy map to an ATM PVC. If you are not attaching the policy map to an ATM PVC, skip this step and proceed with Step 5.
•Enter the PVC name.
Step 5
service-policy {input | output} policy-map-name
Example:Router(config-if)#
service-policy input policy1
Specifies the name of the policy map to be attached to the input or output direction of the interface.
Note Policy maps can be configured on ingress or egress routers. They can also be attached in the input or output direction of an interface. The direction (input or output) and the router (ingress or egress) to which the policy map should be attached varies according your network configuration. When using the service-policy command to attach the policy map to an interface, be sure to choose the router and the interface direction that are appropriate for your network configuration.
•Enter the policy map name.
Step 6
exit
Example:Router(config-if)# exit
(Optional) Exits interface configuration mode.
Verifying the Configuration
This task allows you to verify that you created the configuration you intended and that the feature is functioning correctly. To verify the configuration, use the commands in the following sections:
SUMMARY STEPS
1. enable
2. show policy-map
3. show policy-map interface interface-name
4. exit
DETAILED STEPS
Troubleshooting Tips
The commands in the "Verifying the Configuration" section allow you to verify that you achieved the intended configuration and that the feature is functioning correctly. If after using the show commands listed above, the configuration is not correct or the feature is not functioning as expected, do the following.
If the configuration is not the one you intended, complete the following procedures:
•Use the show running-config command and analyze the output of the command.
•If the policy map does not appear in the output of the show running-config command, enable the logging console command.
•Attach the policy map to the interface again.
If the packets are not being matched correctly (for example, the packet counters are not incrementing correctly), complete the following procedures:
•Use the show policy-map command and analyze the output of the command.
•Use the show running-config command and analyze the output of the command.
•Run the show policy-map interface command and analyze the output of the command. Review the the following:
–If a policy map applies queueing and the packets are matching the correct class, but you see unexpected results, compare the number of packets to the number of packets matched.
–If the interface is congested and you are only seeing a small number of packets matched, check the tuning of the transmisson (tx) ring and evaluate whether the queueing is happening on the tx ring. To do this, use the show controllers command and look at the value of the tx count in the show output of the command.
Configuration Examples for Color-Aware Policing
This section provides the following configuration example:
•Color-Aware Policing: Example
Color-Aware Policing: Example
The following example shows color-aware policing configured in a policy map called "color." Before the feature was configured, the class-map command was used to create two classes called "c1" and "c2," respectively. These two classes were configured as shown below:
class-map c1match ip prec 5class-map c2match ip prec 3With the two classes created, color-aware policing is configured as shown below:
Router# enableRouter# configure terminalRouter(config)# policy-map colorRouter(config-pmap)# class ccolorRouter(config-pmap-c)# police cir 8000 bc 5000 pir 8000 be 5000 conform-action transmit exceed-action set-prec-transmit 4 violate-action dropRouter(config-pmap-c-police)# conform-color c1 exceed-color c2
Note The traffic class (in this example, ccolor) must still be created using the Modular QoS Command-Line Interface (CLI) (MQC).
With color-aware policing configured as shown, the following results occur based on the CIR, the PIR, and the conform actions, exceed actions, and violate actions specified by the police command:
•Packets that have metering rates less than or equal to the CIR and belong to class c1 (conform-color) are policed as conforming to the rate. These packets are also policed according to the conform action specified by the police command. In this instance, the packets will be transmitted.
•Packets that have metering rates between the CIR and the PIR and belong to either class c1 (conform-color) or class c2 (exceed-color) are policed as exceeding the CIR. These packets are also policed according to the exceed action specified by the police command. In this instance, the precedence value of the packets will be set and the packets transmitted.
•Packets that have metering rates higher than the PIR or belong to neither class c1 or class c2 are policed as violating the rate. These packets are also policed according to the violate action specified by the police command. In this instance, the packets will be dropped.
Additional References
The following sections provide references related to the Color-Aware Policing feature:
Related Documents
Related Topic Document TitleQoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples
Additional information about configuring traffic policing
"Policing and Shaping" module
MQC
Two-rate traffic policing
"Two-Rate Policer" module
Traffic policing using multiple policer actions
Percentage-based traffic policing and shaping
Standards
MIBs
RFCs
Technical Assistance
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Quality of Service Solutions Command Reference at http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_book.html. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.
•conform-color
•show policy-map
•show policy-map interface
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco StadiumVision, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn is a service mark; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0804R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.