Re: Help On MQC POLICE command

From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Sat Feb 03 2007 - 04:16:15 ART

• Next message: nhatphuc: "NAT Load Balancing"
• Previous message: Elliott Reyes: "RE: RE: ccie lab for tax deduction"
• Maybe in reply to: Shamin: "Help On MQC POLICE command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

First of all, strictly speaking, one can not simulate "rate-limit" (RL)
behavior
with MQC "police" command, in accordance to facts i have mentioned before.

However, just to translate the math, you may use simple formulas:

MQC_Be = RL_Be - RL_Bc
MQC_Bc = RL_Bc

Now, due to the fact that MQC policer it three-color, when you set MQC_Be
value you need to define the 'third-color' i.e. violate-action for MQC
policer.

Here's where fun comes to play actually... If you set it to value that
differs from
 'exceed-action' you are no longer simulating the 'two-color' bahavior of
RL. With
rate-limit, Be is not used to estimate the condition for 'third-color'
(violate-action),
rather to introduce random 'exceed-action'.

If you set 'violate-action' = 'exceed-action' then you actually not using Be
to
introduce any new marking behavior (the same color).

Therefore, strangely enough, when converting RL to MQC you may just forget
about the MQC Be value, since you cant use it for 'random' mark action!!
Weird, isn't it? :)

Now to clarify the original task: it was just about the numbers, actually.
So all
you had to do is to set Be and Bc values according to convestion formulas,
and add 'violate-action' equal to 'exceed-action'. Nothing but simple
arithmetics
test :)

HTH

-- 
Petr Lapukhov, CCIE #16379 (R&S/Security)
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
2007/2/3, Shamin <ccie.xpert@gmail.com>:
>
> Petr,
>
> Thanks for the reply.
> The task will be familiar indeed. Its IEWB Lab 13 ,Task 8.1
>
>
> Can you explain the answer in the Solution guide as to how, the arguments
> in
> the police command are acheived. I find that, for both UDP & TCP traffic
> you
> have taken all except the Be value from the rate-limit command.
>
> regards
> shamin
>
>
>
>
> On 2/2/07, Petr Lapukhov <petr@internetworkexpert.com> wrote:
> >
> > Hi guys,
> >
> > the task looks really familiar ;)
> >
> > Just a quick note: there some interesting differences between the
> > 'rate-limit' and 'police'  commands, both in configuration syntax and
> > functionality:
> >
> > 1) MQC commands implement RFC-compliant two or single-rate three-color
> > policer
> >
> > 2) Rate-limit implements single-rate two-color policer with 'RED-Like'
> > drop
> > behavior, which is not RFC-compliant in strict sense.
> >
> > 3) With MQC, Be sets the 'absolute' extended bucket size, while with
> > rate-limit
> > it's 'relative' to Bc, i.e. excess burst with Rate-Limit is Be-Bc.
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part20/qchpolsh.htm#wp1000920
> >
> >
> > <qoute>
> > Extended burst is configured by setting the extended burst value greater
> > than the normal burst value. Setting the extended burst value equal to
> the
> > normal burst value excludes the extended burst capability. If extended
> burst
> > is not configured, the exceed action of CAR takes effect because a
> > sufficient number of tokens are not available.
> > </quote>
> >
> > Therefore, strictly speaking it's not correct just to 'copy' rate-limit
> Be
> > to MQC Be.
> >
> > Also, if you'd look at 'drop behavoir' of rate-limit you'll find it
> pretty
> > funny indeed :)
> >
> > --
> > Petr Lapukhov, CCIE #16379 (R&S/Security)
> > petr@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> >
> > 2007/2/2, Sergey Golovanov <sergey.golovanov@iementor.com >:
> > >
> > > Shamin,
> > >
> > > MQC police commands are identical to rate-limit. Just create your
> three
> > > class-maps matching on each ACL (101, 102, 103). And then under
> policy-map
> > > you can use the same keywords:
> > >
> > > class-map ACL100
> > > match access-group 100
> > > class-map ACL101
> > > match access-group 101
> > > class-map ACL102
> > > match access-group 102
> > >
> > > policy-map test
> > >   class ACL100
> > >    police  8000 2000 2000 confirm-action drop exceed-action drop
> > >   class ACL101
> > >    police 128000 2000 2000 conform-action transmit exceed-action
> > > set-prec-transmit 0
> > >   class ACL102
> > >    police 256000 4000 8000 conform-action transmit exceed-action
> > > set-prec-transmit 0
> > >
> > > --------------------------------------------------------------------
> > > Sergey Golovanov, CCIEx5 (R&S/Security/Voice/Service Provider/Storage)
> > > "Please, don't ask me for my ccie #, there are reasons why I can't
> > > release it"
> > > ieMentor Instructor and Content Developer
> > > sergey.golovanov@iementor.com
> > > http://www.iementor.com
> > >
> > >
> > > >  -------Original Message-------
> > > >  From: Shamin <ccie.xpert@gmail.com>
> > > >  Subject: Help On MQC POLICE command
> > > >  Sent: Feb 02 '07 14:12
> > > >
> > > >  Hi Friends,
> > > >
> > > >  I have a Task which requires to convert the following configuration
> > > in
> > > >  legacy CAR to MQC
> > > >
> > > >
> > > >  Interface FastEthernet 0/0
> > > >    rate-limit input access-group 100 8000 2000 2000 confirm-action
> > > drop
> > > >  exceed-action drop
> > > >  !
> > > >    rate-limit input access-group 101 128000 2000 2000 conform-action
> > > >  transmit  exceed-action set-prec-transmit 0
> > > >  !
> > > >  rate-limit input access-group 102 256000 4000 8000 conform-action
> > > transmit
> > > >  exceed-action set-prec-transmit 0
> > > >
> > > >  access-list 100 permit icmp any any
> > > >  access-list 101 permit udp any any
> > > >  access-list 102 permit tcp any any
> > > >
> > > >
> > > >  My understanding of Police command is not very good. Can anyone
> help
> > > me in
> > > >  this with explanation as to which values will match the values
> above
> > > in the
> > > >  policy-map MQC police command.
> > > >
> > > >  Your help is highly appreciated, and will help me understand one of
> > > the few
> > > >  misunderstood topic of mine
> > > >
> > > >  regards
> > > >  Shamin
> > > >
> > >
> > >
> >  _______________________________________________________________________
> > > >  Subscription information may be found at:
> > > >  http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: nhatphuc: "NAT Load Balancing"
• Previous message: Elliott Reyes: "RE: RE: ccie lab for tax deduction"
• Maybe in reply to: Shamin: "Help On MQC POLICE command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:45 ART