Re: Policing
From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Tue May 16 2006 - 17:09:08 ART
Normal burst for a policer is the amount of data you can burst beyond CIR.
This does not enable you to maintain a transmission rate that is greater
than CIR over a long period, it is meant to enable teh policer to achieve
line rate when faced with a bursty traffic stream.
Think about it this way, policing does not queue packets as shaping does, so
the decision when a packet arrives has to be taken to transmit or police the
packet. If the offered load is below CIR for several packet delivery cycles,
then bursts above it, if there is no ability to temporarily burst above CIR
for a specific packet, the average rate will never reach CIR. Just think of
it as a way to enable the policer to average out a transmission rate that
equals CIR when fasct with bursty traffic.
There is no magical or correct formula for it, the magic figure of a
1.5multiplier is just a recommendation.
Chris
On 5/16/06, Julius Kinsler <jkinsler@harbortech.com> wrote:
>
> Chris/Petr or anyone else..
>
> When dealing in the MQC on a 3550, what exactly is this "Normal Burst
> Size"? What does it represent? how fast tokens replenish the bucket at an
> interval, the size of the bucket? What?
>
> Julius
>
> ------------------------------
> *From:* Chris Lewis [mailto:chrlewiscsco@gmail.com]
> *Sent:* Tuesday, May 16, 2006 3:14 PM
> *To:* Petr Lapukhov
>
> *Cc:* Julius Kinsler; ccielab@groupstudy.com
> *Subject:* Re: Policing
>
>
> Petr,
>
> Your test would indeed show that policing does not work in that
> configuration, however I would not classify it as the default class being
> useless.
>
> The issue is that for egress policing to work, you need to classify on
> ingress to set the internal dscp value. The internal DSCP value is the only
> thing that can be used to classify packets for egress policing on the 3550.
>
>
> There are lots of caveats with using MQC constructs on the 3550, it is
> quite limited in its support.
>
> Chris
>
> On 5/16/06, Petr Lapukhov <petrsoft@gmail.com> wrote:
> >
> > Julius,
> >
> > While I'm trying to get my mind in full sync with that topic,
> > let me note, that "class-default" is useless with catalyst 3550.
> >
> > You need to police within specific class, matching either
> > IP or non-IP traffic. If you need to police both types to a single
> > rate, you should use aggregate policer.
> >
> > Just try setting policer's rate/burst to minimal values within
> > "class-default", and do a simple ping test, to see that traffic
> > is not policed in that configuration.
> >
> > HTH
> > Petr
> >
> > 2006/5/16, Julius Kinsler <jkinsler@harbortech.com>:
> >
> > > This is the same article I was reading yesterday. It so happen to be
> > > that I was trying to do policing on a 3550.
> > > For example I created a policy-map and under the policy map, for the
> > > default class I put in the keyword
> > > police 1000000 <Normal Burst bytes> exceed action drop. I didnt
> > > completely understand the normal burst bytes I just wanted to police at
> > > 1Mbps.
> > > When I looked it up I came across the link below and was trying to
> > > interpret this Interval to come up with the normal burst bytes. I came
to
> > > believe that this can be an arbitrary number based on the specifications
in
> > > a practice lab.
> > > I was doing an IPExpert lab and the answer looked like this:
> > >
> > > mls qos
> > > policy-map MyPolice
> > > class class-default
> > > police 1000000 187500 exceed drop
> > >
> > > Now I was racking my brain trying to come up with the logic behind the
> > > number "187500" but I believe the number was made up after everything I
read
> > > about rate/intervals/and burst as stated below.
> > > Please tell me if I am wrong
> > >
> > > Julius
> > >
> > > ------------------------------
> > > *From:* Petr Lapukhov [mailto:petrsoft@gmail.com]
> > > *Sent:* Tuesday, May 16, 2006 1:17 AM
> > > *To:* Chris Lewis
> > > *Cc:* Julius Kinsler; ccielab@groupstudy.com
> > > *Subject:* Re: Policing
> > >
> > >
> > > Chris,
> > >
> > > There is an interesting thing they say about 3550 policing:
> > >
> > >
http://www.cisco.com/en/US/products/hw/switches/ps646/products_tech_note09186
a00800feff5.shtml
> > >
> > >
> > > Specifically:
> > >
> > > ---- quote
> > >
> > > These parameters control the operation of policing:
> > >
> > > - Rate - defines how many tokens are removed at each interval. This
> > > effectively sets
> > > the policing rate. All traffic below the rate is considered in
> > > profile. Supported rates
> > > range from 8 Kbps to 2 Gbps, and increment by 8 Kbps.
> > >
> > > - Interval�defines how often tokens are removed from the bucket. The
> > > interval is fixed
> > > at 0.125 milliseconds (or 8000 times per second). This interval
> > > cannot be changed.
> > >
> > > - Burst�defines the maximum amount of tokens the bucket can hold at
> > > any time.
> > > Supported bursts range from 8000 bytes to to 2000000 bytes, and
> > > increment by 64 bytes.
> > > ---- quote
> > >
> > > I wonder if they do actually use *leaky* bucket with 3550 policer and
> > > *token*
> > > bucket (metering) with CAR/IOS Policer..
> > >
> > > Petr
> > >
> > > 2006/5/16, Chris Lewis <chrlewiscsco@gmail.com>:
> > > >
> > > > Julius,
> > > >
> > > > You are mixing two concwpts here. There is no Tc in policing that
> > > > adheres to
> > > > the shaping formula quoted. Policing does not calculate things at
> > > > regular
> > > > intervals, it calculates tokens to be credited and removed from the
> > > > bucket
> > > > based off packet arrival times.
> > > >
> > > > Chris
> > > >
> > > >
> > > > On 5/15/06, Julius Kinsler < jkinsler@harbortech.com > wrote:
> > > > >
> > > > > Using the standard equation CIR = Bc / Tc where can I find the Tc
> > > > when
> > > > > trying to complete this formula?
> > > > >
> > > > > TIA
> > > > > Julius
> > > > >
> > > > >
> > > >
This archive was generated by hypermail 2.1.4
: Thu Jun 01 2006 - 06:33:21 ART