Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco ME 3800x and ME 3600x Switches Software Configuration Guide, Cisco IOS Release 15.4(2)S

Book Contents
Find Matches in This Book
Available Languages

Results

Updated:
February 9, 2018

Chapter: Hierarchical Color-Aware Policing

Hierarchical Color-Aware Policing

The Hierarchical Color-Aware Policing feature provides two levels of policing where the policer ordering is evaluated from child to parent, and there is preferential treatment of certain traffic at the parent level.

Contents

Restrictions for Hierarchical Color-Aware Policing

The following restrictions apply to the Hierarchical Color-Aware Policing feature:

  • Only dual policer where only the parent or child policer alone is color-aware is supported. Both parent and child policers cannot be color-aware at the same time and the configuration is rejected
  • Color-classification at the parent-level is based on incoming packets on the wire and not the re-marked value at the child-level.
  • Child and parent policers can have independent conform/exceed/violate marking actions at the child and parent-level. All restrictions/support of hierarchical policing continue to exist with respect to all police subcommand actions.
  • Color-classification matches should already be part of policy heierachy’s classification match criteria.
  • Color-classification matches not part of any policy-map classification criteria are ignored. They are not explicitly rejected
  • For dual policers in HQoS policy, if parent policer is color-aware, the child level policer cannot be configured to be color-aware and is rejected. If child policer is color-aware, the parent policer must be color-blind.
  • When a parent policer is color-aware, the child policer cannot be configured with PIR. It can only be a 1R2C policer, and it is rejected.

Information About Hierarchical Color-Aware Policing

Hierarchical Order Policing

The switch supports policers in hierarchical policies with an evaluation order of child to parent.

This is a sample configuration for a simple two-level policer:

policy-map child
class user1
police 100k
class user2
police 100k
policy-map parent
class class-default
police 150k
service-policy child

 

Limited Color-Aware Policing

This is a sample configuration for a simple two-level color-aware policer would result in the behavior shown in Figure 36-1

ip access-list extended user1-acl
permit ip host 192.168.1.1 any
permit ip host 192.168.1.2 any
ip access-list extended user2-acl
permit ip host 192.168.2.1 any
permit ip host 192.168.2.2 any
 
class-map match-all user1-acl-child
match access-group name user1-acl
class-map match-all user2-acl-child
match access-group name user2-acl
class-map match-any user3-acl-child
match access-group name user2-acl
match access-group name user1-acl
 
policy-map child-policy
class user1-acl-child
police 10000 bc 1500
conform-action set-qos-transmit 5
class user2-acl-child
police 20000 bc 1500
conform-action set-qos-transmit 5
class class-default
police 50000 bc 1500
 
policy-map parent-policy
class class-default
police 50000 bc 3000
exceed-action transmit
violate-action drop
conform-color user1-acl-child
service-policy child-policy

Figure 36-1 Simple Two-Level Color-Aware Policer

Note To avoid drops at the parent level for “conformed” child traffic, the parent policer must have a rate and burst that are equal to or greater than the sum of the child conform rates and burst sizes. There is no check for inappropriate (parent-to-child) rates and burst sizes in code.

You must be aware of this limitation and configure appropriately. In the following example, explicit marking actions are supported in conjunction with color-aware policing; and with operations similar to the color-aware policer marking actions:

50k >= 10k (user1-acl-child) + 20k (user2-acl-child)

Note Where color-aware policing is enabled there will be no difference in the output of the show policy-map output command.

How to Configure Hierarchical Color-Aware Policing

Configuring the Hierarchical Color-Aware Policing Feature

SUMMARY STEPS

1. enable

2. configure terminal

3. policy-map policy-map-name

4. class { class-name | class-default [ fragment fragment-class-name ]} [ insert-before class-name ] [ service-fragment fragment-class-name ]

5. police { cir cir {{ pir pir}[ bc conform-burst ] [ be peak-burst ] [ conform-action action [ exceed-action action [ violate-action action ]]] { conform-color class-map-name }[ exceed-color class-map-name ]

6. service-policy policy-map-name

7. end

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

policy-map policy-map-name

 

Router(config)# policy-map parent-policy

Enters policy-map configuration mode and creates a policy map.

Step 4

class { class-name | class-default }

 

Router(config-pmap)# class class-default

Enters policy-map class configuration mode.

  • Specifies the name of the class whose policy you want to create or change or specifies the default class (commonly known as the class-default class) before you configure its policy. Repeat this command as many times as necessary to specify the child or parent classes that you are creating or modifying:
  • class name —Name of the class to be configured or whose policy is to be modified. The class name is used for both the class map and to configure a policy for the class in the policy map.
  • class-default —Specifies the default class so that you can configure or modify its policy.

Step 5

police { cir cir }{ pir pir }[ bc conform-burst ] [ be peak-burst ] [ conform-action action [ exceed-action action [ violate-action action ]]]{ conform-color class-map-name }[ exceed-color class-map-name ]

 
Router(config-pmap-c)# police cir 50000000 pir 70000000 bc 3000
Router(config-pmap-c-police)# exceed-action transmit
Router(config-pmap-c-police)# violate-action drop
Router(config-pmap-c-police)# conform-color hipri-conform

Configures traffic policing and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate.

  • Enters policy-map class police configuration mode. Use one line per action that you want to specify:
  • cir —(Required) Committed information rate. Indicates that the CIR will be used for policing traffic.
  • pir —(Required) Permitted information rate. Indicates that the PIR will be used for policing traffic.
  • conform-action —(Optional) Action to take on packets when the rate is less than the conform burst.
  • exceed-action —(Optional) Action to take on packets whose rate is within the conform and conform plus exceed burst.
  • violate-action —(Optional) Action to take on packets whose rate exceeds the conform plus exceed burst. You must specify the exceed action before you specify the violate action.
  • conform-color —(Required) Enables color-aware policing (on the policer being configured) and assigns the class map to be used for conform color determination. The class-map-name argument is the class map (previously configured via the class-map command) to be used.
  • exceed-color —(Optional) Enables color-aware policing (on the policer being configured) and assigns the class map to be used for exceed color determination. The class-map-name argument is the class map (previously configured via the class-map command) to be used.

Step 6

service-policy policy-map-name

 

Router(config-pmap-c-police)# service-policy child-policy

Specifies a service policy as a QoS policy within a policy map (called a hierarchical service policy).

  • policy-map-name —Name of the predefined policy map to be used as a QoS policy. The name can be a maximum of 40 alphanumeric characters.

Step 7

end

 

Router(config-pmap-c-police)# end

Exits the current configuration mode.

Example

The following is a sample configuration for the Hierarchical Color-Aware Policing feature, policer (root) which have already passed though their respective child policers (child-policy):

policy-map root
class class-default
police cir 70000000 pir 100000000
conform-color dscp_1_2 exceed-color dscp_3_4
service-policy child-policy
 
policy-map child-policy
class dscp1
police cir 20000000
class dscp2
police cir 50000000
class dscp3
police cir 80000000
class dscp4
police cir 90000000
 

Configuration Examples for Hierarchical Color-Aware Policing

The examples provided in this section show how to configure the hierarchical color-aware policing feature:

Example: Enable the Hierarchical Color-Aware Policing Feature

This is a sample configuration that shows how to enables the hierarchical color-aware policing feature where packets with DSCP 1 & 2 will be treated as Green and packets with DSCP 3 & 4 will be treated as Yellow:

policy-map root
class class-default
police cir 70000000 pir 100000000
conform-color dscp_1_2 exceed-color dscp_3_4
service-policy child-policy
 
policy-map child-policy
class dscp1
police cir 20000000
class dscp2
police cir 50000000
class dscp3
police cir 80000000
class dscp4
police cir 90000000
 

Example: Hierarchical Color-Aware Policing

This is a sample configuration that shows how to enable the hierarchical color-aware policing feature on Cisco ME3600 and ME3800 switches:

policy-map root
class class-default
police cir 70000000 pir 100000000
conform-color dscp_1_2 exceed-color dscp_3_4
service-policy child-policy
 
policy-map child-policy
class dscp1
police cir 20000000
class dscp2
police cir 50000000
class dscp3
police cir 80000000
class dscp4
police cir 90000000
 

 

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

Related Cisco Community Discussions

About Us
Contact Us
Work with Us