Information About Policing
Policing is the monitoring of the data rates for a particular class of traffic. When the data rate exceeds user-configured values, marking or dropping of packets occurs immediately. Policing does not buffer the traffic; therefore, the transmission delay is not affected. When traffic exceeds the data rate, you instruct the system to either drop the packets or mark QoS fields in them.
You can define single-rate, dual-rate, and color-aware policers.
Single-rate policers monitor the committed information rate (CIR) of traffic. Dual-rate policers monitor both CIR and peak information rate (PIR) of traffic. In addition, the system monitors associated burst sizes. Three colors, or conditions, are determined by the policer for each packet depending on the data rate parameters supplied: conform (green), exceed (yellow), or violate (red).
You can configure only one action for each condition. For example, you might police for traffic in a class to conform to the data rate of 256000 bits per second, with up to 200 millisecond bursts. The system would apply the conform action to traffic that falls within this rate, and it would apply the violate action to traffic that exceeds this rate.
Color-aware policers assume that traffic has been previously marked with a color. This information is then used in the actions taken by this type of policer.
For more information about policers, see
RFC 2697
and
RFC 2698
.
Shared Policers
QoS applies the bandwidth limits specified in a shared policer cumulatively to all flows in the matched traffic. A shared policer applies the same policer to more than one interface simultaneously.
For example, if you configure a shared policer to allow 1 Mbps for all Trivial File Transfer Protocol (TFTP) traffic flows on VLAN 1 and VLAN 3, the device limits the TFTP traffic for all flows combined on VLAN 1 and VLAN 3 to 1 Mbps.
The following are guidelines for configuring shared policers:
-
You create named shared policers by entering the
qos shared-policer
command. If you create a shared policer and create a policy using that shared policer and attach the policy to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.
-
You define shared policers in a policy map class within the police command. If you attach a named shared policer to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.
-
Shared policing works independently on each module.
Configuring Policing
You can configure a single- or dual-rate policer.
This section includes the following topics:
Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing
The type of policer created by the device is based on a combination of the
police
command arguments described in
Table 6-1
.
Note You must specify the identical value for pir and cir to configure 1-rate 3-color policing.
Table 6-1 Arguments to the
police
Command
|
|
cir
|
Committed information rate, or desired bandwidth, specified as a bit rate or a percentage of the link rate. Although a value for
cir
is required, the argument itself is optional. The range of values is from 1 to 80000000000. The range of policing values that are mathematically significant is from 8000 to 80 Gbps.
|
percent
|
Rate as a percentage of the interface rate. The range of values is from 1 to 100 percent.
|
bc
|
Indication of how much the
cir
can be exceeded, either as a bit rate or an amount of time at
cir
. The default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
|
pir
|
Peak information rate, specified as a PIR bit rate or a percentage of the link rate. There is no default. The range of values is from 1 to 80000000000; the range of policing values that are mathematically significant is 8000 to 80 Gbps. The range of percentage values is from 1 to 100 percent.
|
be
|
Indication of how much the
pir
can be exceeded, either as a bit rate or an amount of time at
pir
. When the
bc
value is not specified, the default is 200 milliseconds of traffic at the configured rate. The default data rate units are bytes, and the Gigabit per second (gbps) rate is not supported for this parameter.
Note You must specify a value for pir before the device displays this argument.
|
conform
|
Single action to take if the traffic data rate is within bounds. The basic actions are transmit or one of the
set
commands listed in
Table 6-4
. The default is transmit.
|
exceed
|
Single action to take if the traffic data rate is exceeded. The basic actions are drop or markdown. The default is drop.
|
violate
|
Single action to take if the traffic data rate violates the configured rate values. The basic actions are drop or markdown. The default is drop.
|
Note For information on the color-aware police command arguments, see the “Configuring Color-Aware Policing” section.
Although all the arguments in
Table 6-1
are optional, you must specify a value for
cir
. In this section,
cir
indicates its value but not necessarily the keyword itself. The combination of these arguments and the resulting policer types and actions are shown in
Table 6-2
.
Table 6-2 Policer Types and Actions from Police Arguments Present
|
|
|
cir
, but not
pir
,
be
, or
violate
|
1-rate, 2-color
|
≤
cir
,
conform
; else
violate
|
cir
and
pir
|
1-rate, 3-color
|
≤
cir
,
conform
; ≤
pir
,
exceed
; else
violate
Note You must specify identical values for cir and pir.
|
cir
and
pir
|
2-rate, 3-color
|
≤
cir
,
conform
; ≤
pir
,
exceed
; else
violate
|
The policer actions that you can specify are described in
Table 6-3
and
Table 6-4
.
Table 6-3 Policer Actions for Exceed or Violate
|
|
drop
|
Drops the packet. This is only available when the packet exceeds or violates the parameters.
|
set dscp dscp table
{
cir-markdown-map
|
pir-markdown-map
}
|
Sets the specified fields from a table map and transmits the packet. For more information on the system-defined, or default table maps, see Chapter4, “Configuring Marking” This is available only when the packet exceeds the parameters (use the cir-markdown-map) or violates the parameters (use the pir-markdown-map).
|
Table 6-4 Policer Actions for Conform
|
|
transmit
|
Transmits the packet. This is available only when the packet conforms to the parameters.
|
set-prec-transmit
|
Sets the IP precedence field to a specified value and transmits the packet. This is available only when the packet conforms to the parameters.
|
set-dscp-transmit
|
Sets the Differentiated Service Code Point (DSCP) field to a specified value and transmits the packet. This is available only when the packet conforms to the parameters
|
set-cos-transmit
|
Sets the class of service (CoS) field to a specified value and transmits the packet. This is available only when the packet conforms to the parameters
|
set-qos-transmit
|
Sets the QoS group internal label to specified value and transmits the packet. This action can be used only in input policies and is available only when the packet conforms to the parameters
|
set-discard-class-transmit
|
Sets the discard-class internal label to a specified value and transmits the packet. This action can be used only in ingress policies and is available only when the packet conforms to the parameters
|
Note The policer can only drop or mark down packets that exceed or violate the specified parameters. For information on marking down packets, see Chapter4, “Configuring Marking”
The data rates used in the
police
command are described in
Table 6-5
.
Table 6-5 Data Rates for the police Command
|
|
bps
|
Bits per second (default)
|
kbps
|
1,000 bits per seconds
|
mbps
|
1,000,000 bits per second
|
gbps
|
1,000,000,000 bits per second
|
Burst sizes used in the
police
command are described in
Table 6-6
.
Table 6-6 Burst Sizes for the police Command
|
|
bytes
|
bytes
|
kbytes
|
1,000 bytes
|
mbytes
|
1,000,000 bytes
|
ms
|
milliseconds
|
us
|
microseconds
|
SUMMARY STEPS
You must specify the identical value for
pir
and
cir
to configure 1-rate 3-color policing.
1.
config t
2.
policy-map
[
type qos
] [
match-first
]
{
qos-policy-map-name
|
qos-dynamic
}
3.
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default} [
insert-before
before-class-map-name
]
4.
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-burst-rate
[
link-speed
]] [
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] {
conform
{
transmit
|
set-prec-transmit
|
set-dscp-transmit
|
set-cos-transmit
|
set-qos-transmit
|
set-discard-class-transmit
} [
exceed
{
drop
|
set dscp dscp table
{
cir-markdown-map
}} [
violate
{
drop
|
set dscp dscp table
{
pir-markdown-map
}}]]}
5.
exit
6.
exit
7.
show policy-map
[
type qos
] [
policy-map-name
|
qos-dynamic
]
8.
copy running-config startup-config
Note A 1-rate 2-color policer with the violate markdown action is not supported.
DETAILED STEPS
|
|
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
policy-map
[
type qos
] [
match-first
] [
qos-policy-map-name
|
qos-dynamic
]
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
|
Creates or accesses the policy map named
policy-map-name,
and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
|
Step 3
|
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default
} [
insert-before
before-class-map-name
]
Example:
switch(config-pmap-qos)# class class-default
switch(config-pmap-c-qos)#
|
Creates a reference to
class-map-name,
and enters policy-map class configuration mode. The class is added to the end of the policy map unless
insert-before
is used to specify the class to insert before. Use the
class-default
keyword to select all traffic that is not currently matched by classes in the policy map.
|
Step 4
|
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-
burst-rate
[
link-speed
]][
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] [
conform
{
transmit
|
set-prec-transmit
|
set-dscp-transmit
|
set-cos-transmit
|
set-qos-transmit
|
set-discard-class-transmit
}
[
exceed
{
drop
|
set dscp dscp table
{
cir-markdown-map
}}
[
violate
{
drop
|
set dscp dscp table
{
pir-markdown-map
}}]]}
Example:
switch(config-pmap-c-qos)# police cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
|
Polices
cir
in bits or as a percentage of the link rate. The
conform
action is taken if the data rate is ≤
cir
. If
be
and
pir
are not specified, all other traffic takes the
violate
action. If
be
or
violate
are specified, the
exceed
action is taken if the data rate ≤
pir
, and the
violate
action is taken otherwise. The actions are described in
Table 6-3
and
Table 6-4
. The data rates and link speeds are described in
Table 6-5
and
Table 6-6
.
This example shows a 1-rate, 3-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps, marks DSCP to 6 if the data rate is within 300 milliseconds of traffic at 256000 bps, and drops packets otherwise.
Note You must specify identical values for cir and pir.
|
Step 5
|
exit
Example:
switch(config-pmap-c-qos)# exit
switch(config-pmap-qos)#
|
Exits policy-map class configuration mode and enters policy-map mode.
|
Step 6
|
exit
Example:
switch(config-pmap-qos)# exit
switch(config)#
|
Exits policy-map mode and enters configuration mode.
|
Step 7
|
show
policy-map
[
type qos
] [
policy-map-name
|
qos-dynamic
]
Example:
switch(config)# show policy-map
|
(Optional) Displays information about all configured policy maps or a selected policy map of type qos.
|
Step 8
|
copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
|
(Optional) Saves the running configuration to the startup configuration.
|
Use the
show policy-map
command to display the policy1 policy-map configuration as shown below:
switch# show policy-map policy1
Configuring Color-Aware Policing
Color-aware policing implies that the QoS DSCP field in a class of traffic has been previously marked with values that you can use in a policer. This feature allows you to mark traffic at one node in a network and then take action based on this marking at a subsequent node.
Note For information on the police command, see the “Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing” section.
You can use one or more of the four
police
command class maps
conform-color
or
exceed-color
to perform color-aware policing. These keywords require a class-map name that is used to classify packets. Based on the match criteria that you specify in the class maps, the traffic is classified into one of these two classes or class-default if there is no match. The policer then takes the following action:
-
Packets that belong to the
conform-color
class are policed with the
cir
and
pir
arguments to the
police
command.
-
Packets that belong to the
exceed-color
class are policed only against the
pir
argument to the
police
command. If
pir
is not specified, the
cir
values are used.
-
Packets that end up in class-default because they fail to match either the
conform-color
or
exceed-color
class will immediately take the violate action.
Note A color other than class-default cannot be assigned to the violate action because according to RFC 2697 and RFC 2698, all packets must be assigned a color.
You can set the DSCP value for color-aware policing to a specified value. The list of valid DSCP values is shown in
Table 6-7
.
Table 6-7 Color-Aware Policing Valid DSCP Values
|
|
af11
|
AF11 dscp (001010)—decimal value 10
|
af12
|
AF12 dscp (001100)—decimal value 12
|
af13
|
AF13 dscp (001110)—decimal value 14
|
af21
|
AF21 dscp (010010)—decimal value 18
|
af22
|
AF22 dscp (010100)—decimal value 20
|
af23
|
AF23 dscp (010110)—decimal value 22
|
af31
|
AF31 dscp (011010)—decimal value 26
|
af32
|
AF40 dscp (011100)—decimal value 28
|
af33
|
AF33 dscp (011110)—decimal value 30
|
af41
|
AF41 dscp (100010)—decimal value 34
|
af42
|
AF42 dscp (100100)—decimal value 36
|
af43
|
AF43 dscp (100110)—decimal value 38
|
cs1
|
CS1 (precedence 1) dscp (001000)—decimal value 8
|
cs2
|
CS2 (precedence 2) dscp (010000)—decimal value 16
|
cs3
|
CS3 (precedence 3) dscp (011000)—decimal value 24
|
cs4
|
CS4 (precedence 4) dscp (100000)—decimal value 32
|
cs5
|
CS5 (precedence 5) dscp (101000)—decimal value 40
|
cs6
|
CS6 (precedence 6) dscp (110000)—decimal value 48
|
cs7
|
CS7 (precedence 7) dscp (111000)—decimal value 56
|
default
|
Default dscp (000000)—decimal value 0
|
ef
|
EF dscp (101110)—decimal value 46
|
After you apply color-aware policing, all matching packets in the device will be policed according to the specifications of the color-aware policer.
To configure color-aware policing, follow these steps:
Step 1 Create the class map. For information about configuring class maps, see Chapter2, “Configuring Classification”
Step 2 Create a policy map. For information about policy maps, see this chapter and Chapter3, “Using Modular QoS CLI”
Step 3 Configure the color-aware class map as described in this section.
Step 4 Apply the service policy to the interfaces. For information about attaching policies to interfaces, see Chapter3, “Using Modular QoS CLI”
Note The rates specified in the shared policer are shared by the number of interfaces to which you apply the service policy. Each interface does not have its own dedicated rate as specified in the shared policer.
SUMMARY STEPS
1.
config t
2.
class-map
{
conform-color-in | conform-color-out | exceed-color-in | exceed-color-out
}
3.
match
dscp
dscp-value
4.
policy-map
[
type qos
] [
match-first
]
{
qos-policy-map-name
|
qos-dynamic
}
5.
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default} [
insert-before
before-class-map-name
]
6.
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-burst-rate
[
link-speed
]] [
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] {
conform
{
transmit
|
set-prec-transmit
|
set-dscp-transmit
|
set-cos-transmit
|
set-qos-transmit
|
set-discard-class-transmit
} [
exceed
{
drop
|
set dscp dscp table
{
cir-markdown-map
}} [
violate
{
drop
|
set dscp dscp table
{
pir-markdown-map
}}]]}
7.
exit
8.
show policy-map
[
policy-map-name
|
qos-dynamic
]
9.
copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
class-map
{
conform-color-in
|
conform-color-out
|
exceed-color-in
|
exceed-color-out
}
Example:
switch(config)# class-map conform-color-in
switch(config-color-map)#
|
Accesses the color-aware class map, and enters color-map mode. When you enter this command, the system returns the following message:
Warning: Configuring match for any DSCP values in this class-map will make ALL policers in the system color-aware for those DSCP values
.
|
Step 3
|
match dscp
dscp-value
Example:
switch(config-color-map)# match dscp af22
switch(config-color-map)#
|
Specifies the DSCP value to match for color-aware policers. See
Table 6-7
for a list of valid values.
|
Step 4
|
policy-map
[
type qos
] [
match-first
] [
qos-policy-map-name
|
qos-dynamic
]
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
|
Creates or accesses the policy-map named
policy-map-name,
and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
|
Step 5
|
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default
} [
insert-before
before-class-map-name
]
Example:
switch(config-pmap-qos)# class class-default
switch(config-pmap-c-qos)#
|
Creates a reference to
class-map-name
and enters policy-map class configuration mode. The class is added to the end of the policy map unless
insert-before
is used to specify the class to insert before. Use the
class-default
keyword to select all traffic that is not currently matched by classes in the policy map.
|
Step 6
|
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-
burst-rate
[
link-speed
][
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
] [
conform
{
transmit
|
set-prec-transmit
|
set-dscp-transmit
|
set-cos-transmit
|
set-qos-transmit
|
set-discard-class-transmit
}
[
exceed
{
drop
|
set dscp dscp table
{
cir-markdown-map
}}
[
violate
{
drop
|
set dscp dscp table
{
pir-markdown-map
}}]]]
Example #1:
switch(config-pmap-c-qos)# police cir 256000 be 300 ms conform-class my_conform_class_map exceed-class my_exceed_class_map conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
Example #2:
switch(config-pmap-c-qos)# police cir 256000 pir 512000 conform-class my_conform_class_map exceed-class my_exceed_class_map conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
|
Polices
cir
in bits or as a percentage of the link rate. The
conform
action is taken if the data rate is ≤
cir
. If
be
and
pir
are not specified, all other traffic takes the
violate
action. If
be
or
violate
are specified, the
exceed
action is taken if the data rate ≤
pir
, and the
violate
action is taken otherwise. The actions are described in
Table 6-3
and
Table 6-4
. The data rates and link speeds are described in
Table 6-5
and
Table 6-6
.
This first example shows a 1-rate, 3-color color-aware policer that transmits if the conform-class data rate is within 200 milliseconds of traffic at 256000 bps, marks DSCP to 6 if the exceed-class data rate is within 300 milliseconds of traffic at 256000 bps, and drops packets otherwise.
This second example shows a 2-rate, 3-color color-aware policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps, marks CoS to 5 if the data rate exceeds 200 milliseconds of traffic at 512 bps, and drops packets otherwise.
|
Step 7
|
exit
Example:
switch(config-color-map)# exit
switch(config)#
|
Exits color-map mode and then enters configuration mode.
|
Step 8
|
show
policy-map
[
type qos
] [
policy-map-name
|
qos-dynamic
]
Example:
switch(config)# show policy-map
|
(Optional) Displays information about all configured policy maps or a selected policy map of type qos.
|
Step 9
|
copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
|
(Optional) Saves the running configuration to the startup configuration.
|
This example shows how to display the policy1 policy-map configuration:
switch# show policy-map policy1
Configuring Ingress and Egress Policing
You can apply the policing instructions in a QoS policy map to ingress or egress packets by attaching that QoS policy map to an interface. To select ingress or egress, you specify either the
input
or
output
keyword in the
service-policy
command. For more information on attaching and detaching a QoS policy action from an interface, see the Chapter3, “Using Modular QoS CLI”
Configuring Markdown Policing
Markdown policing is the setting of a QoS field in a packet when traffic exceeds or violates the policed data rates. You can configure markdown policing by using the
set
commands for policing action described in
Table 6-3
and
Table 6-4
.
The example in this section shows you how to use a table map to perform a markdown.
SUMMARY STEPS
1.
config t
2.
policy-map
[
type qos
] [
match-first
]
{
qos-policy-map-name
|
qos-dynamic
}
3.
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default} [
insert-before
before-class-map-name
]
4.
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-burst-rate
[
link-speed
]] [
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] {
conform
conform-action
[
exceed
{
drop
|
set dscp dscp table
cir-markdown-map
} [
violate
{
drop
|
set dscp dscp table
pir-markdown-map
}]]}}
5.
exit
6.
exit
7.
show policy-map
[
type qos
] [
policy-map-name
|
qos-dynamic
]
8.
copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
policy-map
[
type qos
] [
match-first
]
[qos-policy-map-name
|
qos-dynamic
]
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
|
Creates or accesses the policy-map named
policy-map-name,
and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
|
Step 3
|
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default
} [
insert-before
before-class-map-name
]
Example:
switch(config-pmap-qos)# class class-default
switch(config-pmap-c-qos)#
|
Creates a reference to
class-map-name,
and enters policy-map class configuration mode. The class is added to the end of the policy map unless
insert-before
is used to specify the class to insert before. Use the
class-default
keyword to select all traffic that is not currently matched by classes in the policy map.
|
Step 4
|
police
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-
link-percent
} [[
bc
|
burst
]
burst-rate
[
link-speed
]] [[
be
|
peak-burst
]
peak-burst-rate
[
link-speed
]] [
conform
conform-action
[
exceed
set dscp dscp table
cir-markdown-map
[
violate drop set dscp dscp table
pir-markdown-map
]]}
Example:
switch(config-pmap-c-qos)# police cir 256000 be 300 ms conform transmit exceed set dscp dscp table cir-markdown-map violate drop
switch(config-pmap-c-qos)#
|
Polices
cir
in bits or as a percentage of the link rate. The
conform
action is taken if the data rate is ≤
cir
. If
be
and
pir
are not specified, all other traffic takes the
violate
action. If
be
or
violate
are specified, the
exceed
action is taken if the data rate ≤
pir
, and the
violate
action is taken otherwise. The actions are described in
Table 6-3
and
Table 6-4
. The data rates and link speeds are described in
Table 6-5
and
Table 6-6
.
This example shows a 1-rate, 3-color policer that transmits if the data rate is within 200 milliseconds of traffic at 256000 bps; marks down DSCP using the system-defined table map if the data rate is within 300 milliseconds of traffic at 256000 bps, and drops packets otherwise.
|
Step 5
|
exit
Example:
switch(config-pmap-c-qos)# exit
switch(config-pmap-qos)#
|
Exits policy-map class configuration mode and enters policy-map mode.
|
Step 6
|
exit
Example:
switch(config-pmap-qos)# exit
switch(config)#
|
Exits policy-map mode and enters configuration mode.
|
Step 7
|
show
policy-map
[
type qos
] [
policy-map-name
|
qos-dynamic
]
Example:
switch(config)# show policy-map
|
(Optional) Displays information about all configured policy maps or a selected policy map of type qos.
|
Step 8
|
copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
|
(Optional) Saves the running configuration to the startup configuration.
|
Use the
show policy-map
command to display the policy1 policy-map configuration as shown below:
switch# show policy-map policy1
Configuring Shared Policers
The shared-policer feature allows you to apply the same policing parameters to several interfaces simultaneously. You create a shared policer by assigning a name to a policer, and then applying that policer to a policy map that you attach to the specified interfaces. The shared policer is also referred to as the named aggregate policer in other Cisco documentation.
Note After you configure the shared policer, you can use the shared-policer name to configure any type of shared policing, as described in the “Configuring 1-Rate and 2-Rate, 2-Color and 3-Color Policing” section, the “Configuring Color-Aware Policing” section, the “Configuring Ingress and Egress Policing” section, and the “Configuring Markdown Policing” section.
To configure shared policing, follow these steps:
Step 1 Configure the shared policer as described in this section.
Step 2 Create the class map. For information about configuring class maps, see Chapter2, “Configuring Classification”
Step 3 Create a policy map. For information about policy maps, see this chapter and Chapter3, “Using Modular QoS CLI”
Step 4 Reference the shared policer to the policy map as described in this section.
Step 5 Apply the service policy to the interfaces. For information about attaching policies to interfaces, see Chapter3, “Using Modular QoS CLI”
Note The rates specified in the shared policer are shared by the number of interfaces to which you apply the service policy. Each interface does not have its own dedicated rate as specified in the shared policer.
SUMMARY STEPS
1.
config t
2.
qos shared-policer
[
type qos
]
shared-policer-name
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-burst-rate
[
link-speed
]] [
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] {{
conform
conform-action
[
exceed
{
drop
|
set dscp dscp table
cir-markdown-map
} [
violate
{
drop
|
set dscp dscp table
pir-markdown-map
}]]}
3.
policy-map
[
type qos
] [
match-first
]
{
qos-policy-map-name
|
qos-dynamic
}
4.
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default} [
insert-before
before-class-map-name
]
5.
police
aggregate
shared-policer-name
6.
exit
7.
exit
8.
show qos shared-policer
[
shared-policer-name
]
9.
copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
qos shared-policer
[
type qos
]
shared-policer-name
[
cir
] {
committed-rate
[
data-rate
] |
percent
cir-link-percent
} [
bc
committed-
burst-rate
[
link-speed
]][
pir
] {
peak-rate
[
data-rate
] |
percent
cir-link-percent
} [
be
peak-burst-rate
[
link-speed
]] [
conform
conform-action
[
exceed
{
drop
|
set dscp dscp table
cir-markdown-map
[
violate set dscp dscp table
pir-markdown-map
}]]}
Example:
switch(config)# qos shared-policer test1 cir 10 mbps
switch(config)#
|
Creates or accesses the shared policer. The shared-policer-name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. Polices
cir
in bits or as a percentage of the link rate. The
conform
action is taken if the data rate is ≤
cir
. If
be
and
pir
are not specified, all other traffic takes the
violate
action. If
be
or
violate
are specified, the
exceed
action is taken if the data rate ≤
pir
, and the
violate
action is taken otherwise. The actions are described in
Table 6-3
and
Table 6-4
. The data rates and link speeds are described in
Table 6-5
and
Table 6-6
.
|
Step 3
|
policy-map
[
type qos
] [
match-first
] [
qos-policy-map-name
|
qos-dynamic
]
Example:
switch(config)# policy-map policy1
switch(config-pmap-qos)#
|
Creates or accesses the policy-map named
policy-map-name,
and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.
|
Step 4
|
class
[
type qos
] {
class-map-name
|
qos-dynamic
|
class-default
} [
insert-before
before-class-map-name
]
Example:
switch(config-pmap-qos)# class class1
switch(config-pmap-c-qos)#
|
Creates a reference to
class-map-name
and enters policy-map class configuration mode. The class is added to the end of the policy map unless
insert-before
is used to specify the class to insert before. Use the
class-default
keyword to select all traffic that is not currently matched by classes in the policy map.
|
Step 5
|
police aggregate
shared-policer-name
Example:
switch(config-pmap-c-qos)# police aggregate test1
switch(config-pmap-c-qos)#
|
Creates a reference in the policy map to
shared-policer-name
.
|
Step 6
|
exit
Example:
switch(config-pmap-c-qos)# exit
switch(config-pmap-qos)#
|
Exits policy-map class configuration mode and enters policy-map mode.
|
Step 7
|
exit
Example:
switch(config-pmap-qos)# exit
switch(config)#
|
Exits policy-map mode and enters configuration mode.
|
Step 8
|
show
qos shared-policer
[
shared-policer-name
]
Example:
switch(config)# show qos shared-policer test1
|
(Optional) Displays information about the configuration of all shared policers.
|
Step 9
|
copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
|
(Optional) Saves the running configuration to the startup configuration.
|
Use the
show qos shared-policer
command to display the test1 shared-policer configurations as shown below:
switch# show qos shared-policer test1
Examples for Policing
The following example shows how to configure policing for a 1-rate, 2-color policer:
class one_rate_2_color_policer police cir 256000 conform transmit violate drop
The following example shows how to configure policing for a 1-rate, 2-color policer with DSCP markdown:
class one_rate_2_color_policer_with_dscp_markdown police cir 256000 conform transmit violate drop
The following example shows how to configure policing for a 1-rate, 3-color policer:
class one_rate_3_color_policer police cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate drop
The following example shows how to configure policing for a 2-rate, 3-color policer:
class two_rate_3_color_policer police cir 256000 pir 256000 conform transmit exceed set dscp dscp table cir-markdown-map violate drop
The following example shows how to configure policing for a color-aware policer for specified DSCP values:
class-map conform-color-in class one_rate_2_color_policer police cir 256000 conform transmit violate drop
The following example shows how to configure policing for a shared policer:
qos shared-policer type qos udp_10mbps cir 10 mbps pir 20 mbps conform transmit exceed set dscp dscp table cir-markdown-map violate drop policy-map type qos udp_policy police aggregate udp_10mbps