From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Tue Jun 27 2006 - 01:20:04 ART
Navin,
are you absolutely sure about that? I just made a quick test, let me
show results. But first, some DocCD quotation:
<DocCD>
The *police* command can be used with the Traffic Policing feature. The
Traffic Policing feature works with a token bucket algorithm. Two types of
token bucket algorithms are in Cisco IOS Release 12.1(5)T: a single-token
bucket algorithm and a two-token bucket algorithm. A single-token bucket
system is used when the *violate-action* option is not specified, and a
two-token bucket system is used when the *violate-action* option is
specified.
</DocCD>
Case 1: Bc set, Be not set
!
policy-map TEST
class class-default
police 8000 1000 conform-action transmit exceed-action transmit
Rack1R4#ping 139.1.45.5 size 1200 repeat 100
Type escape sequence to abort.
Sending 100, 1200-byte ICMP Echos to 139.1.45.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 304/305/312
ms
Rack1R4#show policy-map interface serial 0/1
Serial0/1
Service-policy output: TEST
Class-map: class-default (match-any)
255 packets, 234802 bytes
5 minute offered rate 8000 bps, drop rate 0 bps
Match: any
police:
cir 8000 bps, bc 1000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 200 packets, 220800 bytes; actions:
transmit
conformed 0 bps, exceed 8000 bps
Case 2: Bc, Be set, no violate action
Rack1R4#show policy-map TEST
Policy Map TEST
Class class-default
police cir 8000 bc 1000 be 1200
conform-action transmit
exceed-action transmit
Rack1R4#ping 139.1.45.5 size 1200 repeat 100
Type escape sequence to abort.
Sending 100, 1200-byte ICMP Echos to 139.1.45.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 304/305/324
ms
Rack1R4#show policy-map interface serial 0/1
Serial0/1
Service-policy output: TEST
Class-map: class-default (match-any)
432 packets, 374596 bytes
5 minute offered rate 8000 bps, drop rate 0 bps
Match: any
police:
cir 8000 bps, bc 1000 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 100 packets, 120400 bytes; actions:
transmit
conformed 0 bps, exceed 8000 bps
Case 3: Bc, Be set, violate action set.
Rack1R4#show policy-map TEST
Policy Map TEST
Class class-default
police cir 8000 bc 1000 be 1200
conform-action transmit
exceed-action transmit
violate-action transmit
Rack1R4#ping 139.1.45.5 size 1200 repeat 100
Type escape sequence to abort.
Sending 100, 1200-byte ICMP Echos to 139.1.45.5, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 304/305/316
ms
Rack1R4#show policy-map interface serial 0/1
Serial0/1
Service-policy output: TEST
Class-map: class-default (match-any)
595 packets, 511046 bytes
5 minute offered rate 5000 bps, drop rate 0 bps
Match: any
police:
cir 8000 bps, bc 1000 bytes, be 1200 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
transmit
violated 100 packets, 120400 bytes; actions:
transmit
conformed 0 bps, exceed 0 bps, violate 4000 bps
HTH
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
2006/6/27, Navin MS <navin_ms07@yahoo.com>: > > I have always seen that violate-action defaults to "drop" if nothing is > specified under MQC, > irrespective of whether Be is specified or not. I had made sure of this by > running some traffic > end-to-end. > > Naveen. > > > --- Petr Lapukhov <petr@internetworkexpert.com> wrote: > > > Here, > > > > check this link, it explains how actually CAR treats Be value :) > > It's totally different from MQC policer behavior :) > > > > > > http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part20/qchpolsh.htm#wp1000944 > > > > HTH > > -- > > Petr Lapukhov, CCIE #16379 > > petr@internetworkexpert.com > > > > Internetwork Expert, Inc. > > http://www.InternetworkExpert.com > > Toll Free: 877-224-8987 > > Outside US: 775-826-4344 > > > > 2006/6/26, allboutcisco <frenzeus@streamyx.com>: > > > > > > Hi Petr, > > > > > > Thanks for the reply. What do u mean when u say for CAR ""exceed" > action > > > is > > > somewhat "random", to simulate RED behavior, and depends on Be-Bc > > > "margin"." > > > > > > Thanks. > > > > > > K > > > > > > ----- Original Message ----- > > > From: "Petr Lapukhov" <petr@internetworkexpert.com> > > > To: "allboutcisco" <frenzeus@streamyx.com> > > > Cc: "Cisco certification" <ccielab@groupstudy.com> > > > Sent: Monday, June 26, 2006 7:43 PM > > > Subject: Re: Policing - what happens to violate packets? > > > > > > > > > > Hmm, since no *violate* action has been defined, Be value is NOT > used > > > > actually. All your traffic that exceeds Bc falls under exceed > action. > > > > > > > > This behavior is unlike CAR, where you "exceed" action is somewhat > > > > "random", to simulate RED behavior, and depends on Be-Bc "margin". > > > > > > > > HTH > > > > > > > > -- > > > > Petr Lapukhov, CCIE #16379 > > > > petr@internetworkexpert.com > > > > > > > > Internetwork Expert, Inc. > > > > http://www.InternetworkExpert.com > > > > Toll Free: 877-224-8987 > > > > Outside US: 775-826-4344 > > > > > > > > 2006/6/26, allboutcisco <frenzeus@streamyx.com>: > > > >> > > > >> Hi Group, > > > >> > > > >> Looking at the config below: > > > >> > > > >> Rack1R2#sh run | b policy-map > > > >> policy-map QOS_IN > > > >> class UDP > > > >> police cir 128000 bc 2000 be 2000 > > > >> conform-action transmit > > > >> exceed-action set-prec-transmit 0 > > > >> class TCP > > > >> police cir 256000 bc 4000 be 8000 > > > >> conform-action transmit > > > >> exceed-action set-prec-transmit 0 > > > >> > > > >> Taking class UDP as an example, policing rate for UDP is 128000bps, > > > with > > > >> a > > > >> Bc bucket depth of 2000 bytes & a Be bucket depth of 2000 bytes as > > > well. > > > >> A > > > >> bunch of packets arrive, assuming Bc bucket tokens are all used up > to > > > >> transmit & excess packets used up all of Be bucket tokens as well > where > > > >> the > > > >> excess action is to set prec to 0 then transmit. Now assuming that > > > there > > > >> are > > > >> still packets & since no action has been defined for violate - what > > > >> happens > > > >> to those packets? > > > >> > > > >> Appreciate if someone could advise on this? > > > >> > > > >> Thanks. > > > >> > > > >> Cheers, > > > >> K > > > >> > > > >> > _______________________________________________________________________ > > > >> Subscription information may be found at: > > > >> http://www.groupstudy.com/list/CCIELab.html > > > > > > > > > _______________________________________________________________________ > > > > Subscription information may be found at: > > > > http://www.groupstudy.com/list/CCIELab.html > > > > > > > _______________________________________________________________________ > > > Subscription information may be found at: > > > http://www.groupstudy.com/list/CCIELab.html > > > > _______________________________________________________________________ > > Subscription information may be found at: > > http://www.groupstudy.com/list/CCIELab.html > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:33 ART