Re: CB Policing - police vs police cir

From: Héctor Fernández (gnakh@telefonica.net)
Date: Tue Aug 23 2005 - 10:40:52 GMT-3

Hi all,

AFAIK, if you do nothing about it, both bc and be are automatically
calculated based on the CIR and Tc, and Tc is automatically chosen by the
router (Chris, you may help here).
As Chris told you, police cir/pir is based on a "dual-rate three color
marker" while police is a "single-rate three color marker"
The difference between them is how you can "exceed" from the CIR. With
single-rate policer, you can exceed be bytes in a Tc interval (if you have
enough credit, then, you must wait for the Be bucket to be replentished)
while in a dual-rate you can exceed up to be+bc every tc (PIR), since both
bc and be buckets are refilled every Tc interval.

http://www.cisco.com/warp/public/105/cbpcar.html

bc=CIR/Tc and be=PIR/Tc... if you have Tc (the router show you), you have
both bc and be.

Best regards

Hictor

----- Original Message -----
From: "Chris Lewis (chrlewis)" <chrlewis@cisco.com>
To: <kumara.shunmugam@wipro.com>; <beokim@comcast.net>;
<ccielab@groupstudy.com>
Sent: Tuesday, August 23, 2005 12:18 PM
Subject: RE: CB Policing - police vs police cir

> Hi,
>
> That formula is only a guideline, IOS will pick the best values, setting
> burst parameters is non-deterministic in terms of the rates it enable
> through an interface, as it is dependent upon how the traffic arrives. I
> don't think you need to worry about how IOS picks those numbers, but it
> is not difficult to figure out the multiplication factor to get from
> 64000 to 2000 or from 96000 to 3000 (factor of 32).
>
> Chris
>
> -----Original Message-----
> From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
> Sent: Tuesday, August 23, 2005 2:13 AM
> To: Chris Lewis (chrlewis); beokim@comcast.net; ccielab@groupstudy.com
> Subject: RE: CB Policing - police vs police cir
>
>
> Hi Chris
>
>
> Understood the logic, now when we look at the policy-map output for the
> two-rate system, the bc & be are showed as 2000 & 3000 respectively.
> Usually we use the formula (configured rate*1/8)*1.5 for the bc and
> be=bc*2 to calculate the rates in single=rate system. Similarly, can you
> confirm the formula used by the two-rate system? . I think once this is
> clear, this discussion will come to an end.
>
>
> Regards
> Shunmugam
>
>
> -----Original Message-----
> From: Chris Lewis (chrlewis) [mailto:chrlewis@cisco.com]
>
> Sent: Monday, August 22, 2005 7:10 AM
> To: Kumara Guru Shunmugam L (WI01 - Services); beokim@comcast.net;
> ccielab@groupstudy.com
> Subject: RE: CB Policing - police vs police cir
>
> I'll try,
>
> There are potentially any number of ways the wording could be
> constructed, but here is an example (not real world, but lab
> appropriate). Another way would be to reference some requirements and
> says a method compatible with RFC 2698 is required.
>
> Voice traffic marked with EF enters interface serial 3/0. For voice
> traffic destined towards prefixes reachable via serial 2/0 ensure the
> lowest latency possible for 64K of this traffic. Traffic can burst up to
> 96K at which time it should be dropped. If any traffic bursts above 64K,
> it should be marked as DSCP 1 if it is transmitted. Do not configure any
> burst paramters.
>
> This would be solved with a poice cir configuration in a policy map for
> a class identifying voice traffic as follows.
>
> Router1(config)#class-map match-all voice Router1(config-cmap)#match ip
> dscp ef Router1(config-cmap)#match input-interface serial 3/0
> Router1(config-cmap)#exit Router1(config)#policy-map pm1
> Router1(config-pmap)#class voice Router1(config-pmap-c)#police cir 64000
> pir 96000 conform transmit exceed set-dscp 1 violate drop
> Router1(config-pmap-c-police)#int s2/0
>
> Router1(config-if)#service-pol out pm1
> Router1(config-if)#do sho policy-map int Serial2/0
>
>
> Service-policy output: pm1
>
> Class-map: voice (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: ip dscp ef
>
> Match: input-interface Serial3/0
> police:
> cir 64000 bps, bc 2000 bytes
> pir 96000 bps, be 3000 bytes
> conformed 0 packets, 0 bytes; actions:
> transmit
>
> exceeded 0 packets, 0 bytes; actions:
> set-dscp-transmit 1
> violated 0 packets, 0 bytes; actions:
> drop
>
> conformed 0 bps, exceed 0 bps, violate 0 bps
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
> The config generated looks like this
>
> policy-map pm1
> class voice
> police cir 64000 pir 96000
> conform-action transmit
>
> exceed-action set-dscp-transmit 1
> violate-action drop
>
>
> If I tried to do this with a single rate policer, it would not work as
> the treatment of a series of packets leaving serial 2/0 depends on the
> size of the packet and the number of bytes remaining in the conform and
> exceed token buckets. For furher detail on this, the 12.3 command
> reference is good, however just for completeness consider the following
> config, creating a second policy-map and just applying it at random to
> e0/0 to look at what the policy does
>
> Router1(config)#policy-map pm2
> Router1(config-pmap)#class voice
> Router1(config-pmap-c)#police 64000 bc 8000 be 16000 conf transmit
> exceed set-dscp 1 violate drop Router1(config-pmap-c-police)#int e0/0
> Router1(config-if)#service-pol out pm2 Router1(config-if)#do sho
> policy-map int e0/0 Ethernet0/0
>
>
> Service-policy output: pm2
>
> Class-map: voice (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: ip dscp ef
>
> Match: input-interface Serial3/0
> police:
> cir 64000 bps, bc 8000 bytes, be 16000 bytes
> conformed 0 packets, 0 bytes; actions:
> transmit
>
> exceeded 0 packets, 0 bytes; actions:
> set-dscp-transmit 1
> violated 0 packets, 0 bytes; actions:
> drop
>
> conformed 0 bps, exceed 0 bps, violate 0 bps
>
> Class-map: class-default (match-any)
> 1 packets, 60 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
> As you can see although there is a violate action in effect, it is not
> based off a specific rate, it is based off the non rate specific burst
> parameters which depend upon the profile of the offered load.
>
> Chris
>
> -----Original Message-----
> From: kumara.shunmugam@wipro.com [mailto:kumara.shunmugam@wipro.com]
>
> Sent: Monday, August 22, 2005 1:38 AM
> To: Chris Lewis (chrlewis); beokim@comcast.net; ccielab@groupstudy.com
> Subject: RE: CB Policing - police vs police cir
>
>
> Chris
>
>
> Good one. Can you explain with an example ..pls ?. In exam, we normally
> have to use the single rate system only I believe...?? ..How will we
> differentiate between the these two if we get a question to configure a
> Police.
>
>
>
>
> Regards
> Shunmugam
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Chris Lewis (chrlewis)
> Sent: Wednesday, July 27, 2005 8:52 AM
> To: B Kim; CCIE Study Group
> Subject: RE: CB Policing - police vs police cir
>
> To get the Doc CD explanation, you need to lookup the 12.3 command
> reference for both police and police (two rates)
>
> Policing can take multiple forms.
> One rate two color or three color (RFC 2697) Two rate three color (RFC
> 2698)
>
> Two color refers to confrm and exceed actions as a result of policing,
> Three color means there is confrom, exceed and violate actions.
>
> The straight police command refers to the single rate system, the police
> cir to the two rate system
>
> Single rate 3 color is configured with police cir Bc Be conform exceed
> violate For single rate, Be need not be specified if there is no violate
> action.
> When you configure the violate action, separate Bc and Be buckets are
> used.
>
> Two rate three color config: police cir Bc pir Be conform exceed violate
> Policing is enforced according to 2 separate rates. Default Bc and Be
> value is (configured rate/8)*1.5 The idea here is that there is a normal
> rate under which packets conform, which is the CIR, above that rate and
> up to the PIR, packets have the exceed action, and abover the PIR,
> packets take the violate action.
>
> If police percent is required, the reference bandwidth that is used to
> form the basis of percent is important. For example if there is a police
> percent in a child policy, and the parent is shaped to 512, 512 is the
> rate that percent uses. If bandwidth is used instead of shape in the
> parent policy, there is no upper limit on the amount of traffic the
> class can send if there is no congestion, so the operation is to look
> one level higher to the interface level bandwidth command.
>
> This is a very short summary, it takes lots of practice to become
> anywhere near familiar with this topic IMHO.
>
> Chris
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> B Kim
> Sent: Wednesday, July 27, 2005 10:14 AM
> To: 'CCIE Study Group'
> Subject: CB Policing - police vs police cir
>
> Hi Group,
>
>
> I was puzzled by the difference between police command and police cir
> command.
>
>
> I would appreciate if anyone clearly explains what the cir keyword does.
>
>
> Thanks
> B. Kim
>
> _______________________________________________________________________
> Subscription information may be found at:
>
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
>
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
> Confidentiality Notice
>
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s)
> and may contain confidential or privileged information. If you are not
> the intended recipient, please notify the sender at Wipro or
> Mailadmin@wipro.com immediately and destroy all copies of this message
> and any attachments.
>
>
>
> Confidentiality Notice
>
>
> The information contained in this electronic message and any attachments
> to this message are intended for the exclusive use of the addressee(s)
> and may contain confidential or privileged information. If you are not
> the intended recipient, please notify the sender at Wipro or
> Mailadmin@wipro.com immediately and destroy all copies of this message
> and any attachments.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:20 GMT-3