RE: Police command confusion

From: Daniel Cisco Group Study (danielcgs@imc.net.au)
Date: Wed May 28 2003 - 07:21:55 GMT-3

• Next message: FATHALLAH: "RE: ISIS & OSPF Red issues"
• Previous message: Daniel Cisco Group Study: "RE: Dialer Watch Technology Flaw ????"
• Maybe in reply to: lg01: "Police command confusion"
• Next in thread: folivore: "Re: Police command confusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian,

Are you able to confirm that my understanding of aggregate policer is correct? (See below)

Daniel

-----Original Message-----
From: Brian Dennis [mailto:brian@labforge.com]
Sent: Wednesday, 28 May 2003 17:04
To: 'Hunt Lee'; Daniel Cisco Group Study; 'Joe Chang'
Cc: ccielab@groupstudy.com
Subject: RE: Police command confusion

Just use the question mark:

Rack6SW1(config)#mls qos aggregate-policer MYPOLICER ?
  <8000-1000000000> Bits per second

Rack6SW1(config)#mls qos aggregate-policer MYPOLICER 8000 ?
  <8000-2000000> Normal burst bytes

In the real lab ALWAYS use the question mark for commands for aren't
100% sure of. Do not get tripped up by being given a number in bytes
that is entered in the router as bits or visa versa. Also remember that
some commands take values in kbps (i.e. the QoS policy-map bandwidth and
priority commands).

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Hunt Lee
Sent: Tuesday, May 27, 2003 7:40 PM
To: 'Daniel Cisco Group Study'; 'Joe Chang'
Cc: 'ccielab@groupstudy.com'
Subject: RE: Police command confusion

Thanks Daniel + Joe,

Another quick question...

For the police AND aggregate policer command, is the burst value in
bytes
(like CAR), or is it in bits?

e.g. If I am asked to police the burst for up to 32kps

Would my command be:

mls qos aggregate-policer PolicyA 1000000 4000 exceed-action drop (in
bytes)

OR

mls qos aggregate-policer PolicyA 1000000 32000 exceed-action drop (in
bits)

Thanks again.

Regards,
H.

-----Original Message-----
From: Daniel Cisco Group Study [mailto:danielcgs@imc.net.au]
Sent: Tuesday, 27 May 2003 8:29 PM
To: lg01; ccielab@groupstudy.com
Subject: RE: Police command confusion

Hunt,

Firstly, this is my interpretation of the doco, and has not been handed
down
to me by an "authority".

>From what I can gather, the aggregate policer is a quick way to apply
the
same "policing paramters" to multple classes. For example, the policy
map
"NOAGG" will do exactly the same as "WITHAGG" in the example below.

Anyone agree with this???????

If I'm correct, I'd probably not use an aggregate policer in the exam,
unless it was a requirement, or I didn't want to type in the same thing
10
times........sorry.. 8 times. (max no. of policers = 8 on FE)

Daniel

Example:

mls qos aggregate-policer MrPoliceman 128000 8000 exceed-action drop
mls qos
!
class-map match-all class4
  match access-group 103
class-map match-all class2
  match access-group 101
class-map match-all class3
  match access-group 102
class-map match-all class1
  match access-group 100
!
!
policy-map NOAGG
  class class1
    police 128000 8000 exceed-action drop
  class class2
    police 128000 8000 exceed-action drop
  class class3
    police 128000 8000 exceed-action drop
  class class4
    police 128000 8000 exceed-action drop
!
policy-map WITHAGG
  class class1
    police aggregate MrPoliceman
  class class2
    police aggregate MrPoliceman
  class class3
    police aggregate MrPoliceman
  class class4
    police aggregate MrPoliceman
!

-----Original Message-----
From: lg01 [mailto:lg01@myway.com]
Sent: Sunday, 25 May 2003 22:29
To: ccielab@groupstudy.com
Subject: Police command confusion

Hi Team,

Can someone please explain to me, for policy map, when should one just
use
the "police" command, and when should we use the "aggregate policer"
command?

Or is there any particular "wording" that hints when I should use each?

In my exercise that I'm working on, it goes like "Police port 0/13 of
switch1. Limit the speed on this port to 1Mbps, with burst set to
32kps.
Drop all packets that exceed this policy"... and the answer ended up
using
"aggregate policer".

As an e.g., for the "police" command...

mls qos
!
class-map match-all class1
match access-group 102
!
!
policy-map pol1
class class1
police 1000000 32000 exceed-action drop
!
interface FastEthernet0/13
switchport access vlan 813
no ip address
service-policy input pol1
!
access-list 102 permit ip any any

Just for completeness, here comes the "aggregate policer" e.g.

mls qos
!
mls qos aggregate-policer PolicyA 1000000 32000 exceed-action drop
!
class-map match-all All
  match access-group 102
!
!
policy-map Test
  class All
    police aggregate PolicyA

interface FastEthernet0/12
 switchport access vlan 800
 switchport mode access
 no ip address
 service-policy input Test
 spanning-tree portfast

access-list 102 permit ip any any

And one last question I have got for you guys before heading to bed.
For police OR aggregate-policer, does it work like CAR where the burst
value
is in bytes? (rather than in bits)

Meaning should my command become.. (to change 32000bits into bytes?)

mls qos aggregate-policer PolicyA 1000000 4000 exceed-action drop

Any help would be greatly appreciated.

Regards,
Hunt

• Next message: FATHALLAH: "RE: ISIS & OSPF Red issues"
• Previous message: Daniel Cisco Group Study: "RE: Dialer Watch Technology Flaw ????"
• Maybe in reply to: lg01: "Police command confusion"
• Next in thread: folivore: "Re: Police command confusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:49 GMT-3