Re: Help On MQC POLICE command

From: Shamin (ccie.xpert@gmail.com)
Date: Fri Feb 02 2007 - 18:44:01 ART

• Next message: anthony.sequeira@thomson.com: "CCIE Certification Question of the Week - FEB0207"
• Previous message: Patrick Laidlaw: "RE: ccie lab for tax deduction"
• Maybe in reply to: Shamin: "Help On MQC POLICE command"
• Next in thread: Petr Lapukhov: "Re: Help On MQC POLICE command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Petr,

Thanks for the reply.
The task will be familiar indeed. Its IEWB Lab 13 ,Task 8.1

Can you explain the answer in the Solution guide as to how, the arguments in
the police command are acheived. I find that, for both UDP & TCP traffic you
have taken all except the Be value from the rate-limit command.

regards
shamin

On 2/2/07, Petr Lapukhov <petr@internetworkexpert.com> wrote:
>
> Hi guys,
>
> the task looks really familiar ;)
>
> Just a quick note: there some interesting differences between the
> 'rate-limit' and 'police' commands, both in configuration syntax and
> functionality:
>
> 1) MQC commands implement RFC-compliant two or single-rate three-color
> policer
>
> 2) Rate-limit implements single-rate two-color policer with 'RED-Like'
> drop
> behavior, which is not RFC-compliant in strict sense.
>
> 3) With MQC, Be sets the 'absolute' extended bucket size, while with
> rate-limit
> it's 'relative' to Bc, i.e. excess burst with Rate-Limit is Be-Bc.
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part20/qchpolsh.htm#wp1000920
>
>
> <qoute>
> Extended burst is configured by setting the extended burst value greater
> than the normal burst value. Setting the extended burst value equal to the
> normal burst value excludes the extended burst capability. If extended burst
> is not configured, the exceed action of CAR takes effect because a
> sufficient number of tokens are not available.
> </quote>
>
> Therefore, strictly speaking it's not correct just to 'copy' rate-limit Be
> to MQC Be.
>
> Also, if you'd look at 'drop behavoir' of rate-limit you'll find it pretty
> funny indeed :)
>
> --
> Petr Lapukhov, CCIE #16379 (R&S/Security)
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
>
> 2007/2/2, Sergey Golovanov <sergey.golovanov@iementor.com >:
> >
> > Shamin,
> >
> > MQC police commands are identical to rate-limit. Just create your three
> > class-maps matching on each ACL (101, 102, 103). And then under policy-map
> > you can use the same keywords:
> >
> > class-map ACL100
> > match access-group 100
> > class-map ACL101
> > match access-group 101
> > class-map ACL102
> > match access-group 102
> >
> > policy-map test
> > class ACL100
> > police 8000 2000 2000 confirm-action drop exceed-action drop
> > class ACL101
> > police 128000 2000 2000 conform-action transmit exceed-action
> > set-prec-transmit 0
> > class ACL102
> > police 256000 4000 8000 conform-action transmit exceed-action
> > set-prec-transmit 0
> >
> > --------------------------------------------------------------------
> > Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
> > "Please, don't ask me for my ccie #, there are reasons why I can't
> > release it"
> > ieMentor Instructor and Content Developer
> > sergey.golovanov@iementor.com
> > http://www.iementor.com
> >
> >
> > > -------Original Message-------
> > > From: Shamin <ccie.xpert@gmail.com>
> > > Subject: Help On MQC POLICE command
> > > Sent: Feb 02 '07 14:12
> > >
> > > Hi Friends,
> > >
> > > I have a Task which requires to convert the following configuration
> > in
> > > legacy CAR to MQC
> > >
> > >
> > > Interface FastEthernet 0/0
> > > rate-limit input access-group 100 8000 2000 2000 confirm-action
> > drop
> > > exceed-action drop
> > > !
> > > rate-limit input access-group 101 128000 2000 2000 conform-action
> > > transmit exceed-action set-prec-transmit 0
> > > !
> > > rate-limit input access-group 102 256000 4000 8000 conform-action
> > transmit
> > > exceed-action set-prec-transmit 0
> > >
> > > access-list 100 permit icmp any any
> > > access-list 101 permit udp any any
> > > access-list 102 permit tcp any any
> > >
> > >
> > > My understanding of Police command is not very good. Can anyone help
> > me in
> > > this with explanation as to which values will match the values above
> > in the
> > > policy-map MQC police command.
> > >
> > > Your help is highly appreciated, and will help me understand one of
> > the few
> > > misunderstood topic of mine
> > >
> > > regards
> > > Shamin
> > >
> >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: anthony.sequeira@thomson.com: "CCIE Certification Question of the Week - FEB0207"
• Previous message: Patrick Laidlaw: "RE: ccie lab for tax deduction"
• Maybe in reply to: Shamin: "Help On MQC POLICE command"
• Next in thread: Petr Lapukhov: "Re: Help On MQC POLICE command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:45 ART