From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Aug 23 2005 - 07:18:42 GMT-3
Hi,
That formula is only a guideline, IOS will pick the best values, setting
burst parameters is non-deterministic in terms of the rates it enable
through an interface, as it is dependent upon how the traffic arrives. I
don't think you need to worry about how IOS picks those numbers, but it
is not difficult to figure out the multiplication factor to get from
64000 to 2000 or from 96000 to 3000 (factor of 32).
Chris
-----Original Message-----
From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
Sent: Tuesday, August 23, 2005 2:13 AM
To: Chris Lewis (chrlewis); beokim@comcast.net; ccielab@groupstudy.com
Subject: RE: CB Policing - police vs police cir
Hi Chris
Understood the logic, now when we look at the policy-map output for the
two-rate system, the bc & be are showed as 2000 & 3000 respectively.
Usually we use the formula (configured rate*1/8)*1.5 for the bc and
be=bc*2 to calculate the rates in single=rate system. Similarly, can you
confirm the formula used by the two-rate system? . I think once this is
clear, this discussion will come to an end.
Regards
Shunmugam
-----Original Message-----
From: Chris Lewis (chrlewis) [mailto:chrlewis@cisco.com]
Sent: Monday, August 22, 2005 7:10 AM
To: Kumara Guru Shunmugam L (WI01 - Services); beokim@comcast.net;
ccielab@groupstudy.com
Subject: RE: CB Policing - police vs police cir
I'll try,
There are potentially any number of ways the wording could be
constructed, but here is an example (not real world, but lab
appropriate). Another way would be to reference some requirements and
says a method compatible with RFC 2698 is required.
Voice traffic marked with EF enters interface serial 3/0. For voice
traffic destined towards prefixes reachable via serial 2/0 ensure the
lowest latency possible for 64K of this traffic. Traffic can burst up to
96K at which time it should be dropped. If any traffic bursts above 64K,
it should be marked as DSCP 1 if it is transmitted. Do not configure any
burst paramters.
This would be solved with a poice cir configuration in a policy map for
a class identifying voice traffic as follows.
Router1(config)#class-map match-all voice Router1(config-cmap)#match ip
dscp ef Router1(config-cmap)#match input-interface serial 3/0
Router1(config-cmap)#exit Router1(config)#policy-map pm1
Router1(config-pmap)#class voice Router1(config-pmap-c)#police cir 64000
pir 96000 conform transmit exceed set-dscp 1 violate drop
Router1(config-pmap-c-police)#int s2/0
Router1(config-if)#service-pol out pm1
Router1(config-if)#do sho policy-map int Serial2/0
Service-policy output: pm1
Class-map: voice (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Match: input-interface Serial3/0
police:
cir 64000 bps, bc 2000 bytes
pir 96000 bps, be 3000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit 1
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
The config generated looks like this
policy-map pm1
class voice
police cir 64000 pir 96000
conform-action transmit
exceed-action set-dscp-transmit 1
violate-action drop
If I tried to do this with a single rate policer, it would not work as
the treatment of a series of packets leaving serial 2/0 depends on the
size of the packet and the number of bytes remaining in the conform and
exceed token buckets. For furher detail on this, the 12.3 command
reference is good, however just for completeness consider the following
config, creating a second policy-map and just applying it at random to
e0/0 to look at what the policy does
Router1(config)#policy-map pm2
Router1(config-pmap)#class voice
Router1(config-pmap-c)#police 64000 bc 8000 be 16000 conf transmit
exceed set-dscp 1 violate drop Router1(config-pmap-c-police)#int e0/0
Router1(config-if)#service-pol out pm2 Router1(config-if)#do sho
policy-map int e0/0 Ethernet0/0
Service-policy output: pm2
Class-map: voice (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp ef
Match: input-interface Serial3/0
police:
cir 64000 bps, bc 8000 bytes, be 16000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-dscp-transmit 1
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
1 packets, 60 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
As you can see although there is a violate action in effect, it is not
based off a specific rate, it is based off the non rate specific burst
parameters which depend upon the profile of the offered load.
Chris
-----Original Message-----
From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
Sent: Monday, August 22, 2005 1:38 AM
To: Chris Lewis (chrlewis); beokim@comcast.net; ccielab@groupstudy.com
Subject: RE: CB Policing - police vs police cir
Chris
Good one. Can you explain with an example ..pls ?. In exam, we normally
have to use the single rate system only I believe...?? ..How will we
differentiate between the these two if we get a question to configure a
Police.
Regards
Shunmugam
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Wednesday, July 27, 2005 8:52 AM
To: B Kim; CCIE Study Group
Subject: RE: CB Policing - police vs police cir
To get the Doc CD explanation, you need to lookup the 12.3 command
reference for both police and police (two rates)
Policing can take multiple forms.
One rate two color or three color (RFC 2697) Two rate three color (RFC
2698)
Two color refers to confrm and exceed actions as a result of policing,
Three color means there is confrom, exceed and violate actions.
The straight police command refers to the single rate system, the police
cir to the two rate system
Single rate 3 color is configured with police cir Bc Be conform exceed
violate For single rate, Be need not be specified if there is no violate
action.
When you configure the violate action, separate Bc and Be buckets are
used.
Two rate three color config: police cir Bc pir Be conform exceed violate
Policing is enforced according to 2 separate rates. Default Bc and Be
value is (configured rate/8)*1.5 The idea here is that there is a normal
rate under which packets conform, which is the CIR, above that rate and
up to the PIR, packets have the exceed action, and abover the PIR,
packets take the violate action.
If police percent is required, the reference bandwidth that is used to
form the basis of percent is important. For example if there is a police
percent in a child policy, and the parent is shaped to 512, 512 is the
rate that percent uses. If bandwidth is used instead of shape in the
parent policy, there is no upper limit on the amount of traffic the
class can send if there is no congestion, so the operation is to look
one level higher to the interface level bandwidth command.
This is a very short summary, it takes lots of practice to become
anywhere near familiar with this topic IMHO.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
B Kim
Sent: Wednesday, July 27, 2005 10:14 AM
To: 'CCIE Study Group'
Subject: CB Policing - police vs police cir
Hi Group,
I was puzzled by the difference between police command and police cir
command.
I would appreciate if anyone clearly explains what the cir keyword does.
Thanks
B. Kim
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3