Re: police X versos police cir X

From: Victor Cappuccio (vcappuccio@gmail.com)
Date: Mon Dec 03 2007 - 16:59:47 ART

• Next message: Narbik Kocharians: "Re: Best way to draw own Diagram...."
• Previous message: Tarun Pahuja: "Re: Frame PVC, LMI and Map Show Commands - Point Verification"
• Maybe in reply to: Mohammad Tawfiq Dawod: "police X versos police cir X"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Mohammad,

Class-based policing on Cisco Implementations conforms to the following two
RFCs:
RFC 2697, "A Single Rate Three Color Marker"
RFC 2698, "A Two Rate Three Color Marker"

Class-based policing supports single- or dual-rate metering. Dual-rate
metering allows metering of traffic based on two rates (the PIR and the
CIR).

The command is router(config-pmap-c)#police avg-rate [BC [BE]]
[conform-action action] [exceed-action action] [violate-action action]

HQ1(config-pmap-c)#police ?
  <8000-2000000000> Bits per second

avg-rate: Traffic rate in bps (8000 to 200,000,000)

HQ1(config-pmap-c)#police 9000 ?
  <1000-512000000> Burst bytes
  bc Conform burst
  conform-action action when rate is less than conform burst
  pir Peak Information Rate
  <cr>

BC: normal burst sets the size in bytes
Default is 1500 bytes, or CIR / 32, whichever is higher

and HQ1(config-pmap-c)#police 9000 1500 ?
  <1000-512000000> Burst bytes
  be Excess burst
  conform-action action when rate is less than conform burst
  pir Peak Information Rate
  <cr>

BE: Excess burst sets the size in bytes

Class-based policing supports also multiaction policing (Available in Cisco
IOS Release 12.2(8)T
Mainly used for setting Layer 2 and Layer 3 QoS fields) and these are the
available options:

transmit (default conform action)
drop (default exceed and violate action)
set-prec-transmit ip-precedence
set-dscp-transmit dscp
set-qos-transmit qos-group
set-mpls-exp-transmit mple-exp
set frde-transmit
set-clp-transmit

For you question, you can bring a Router and type the following for
verification:

HQ1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
HQ1(config)#class-map ICMP
HQ1(config-cmap)#ma proto icmp
HQ1(config-cmap)#exit
HQ1(config)#policy-map WITHCIR
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police cir 9000
HQ1(config-pmap-c-police)#exit
HQ1(config-pmap-c)#policy-map WITHOUTCIR
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police 9000
HQ1(config-pmap-c-police)#exit
HQ1(config-pmap-c)#do show run policy-map
Building configuration...

Current configuration : 108 bytes
!
policy-map WITHOUTCIR
 class ICMP
   police 9000
policy-map WITHCIR
 class ICMP
  police cir 9000
!
end

HQ1(config-pmap-c)#do show policy-map
  Policy Map WITHOUTCIR
    Class ICMP
     police cir 9000 bc 1500
       conform-action transmit
       exceed-action drop

  Policy Map WITHCIR
    Class ICMP
     police cir 9000 bc 1500
       conform-action transmit
       exceed-action drop

HQ1(config-pmap-c)#!They Both look the same
HQ1(config-pmap-c)#exit
HQ1(config)#int f0/1
HQ1(config-if)#ser out WITHCIR
HQ1(config-if)#do ping 10.6.6.1 size 1400 time 0 rep 7

Type escape sequence to abort.
Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds:
.......
Success rate is 0 percent (0/7)
HQ1(config-if)#do show policy-map int f0/1
 FastEthernet0/1

  Service-policy output: WITHCIR

    Class-map: ICMP (match-all)
      7 packets, 9898 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol icmp
      police:
          cir 9000 bps, bc 1500 bytes
        conformed 1 packets, 1414 bytes; actions:
          transmit
        exceeded 6 packets, 8484 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
      5 packets, 342 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
HQ1(config-if)#

And now with the other policy map

HQ1(config-if)#ser out WITHOUTCIR
 Policy map WITHCIR is already attached
HQ1(config-if)#no ser out WITHCIR
HQ1(config-if)#ser out WITHOUTCIR
HQ1(config-if)#do show policy-map int f0/1
 FastEthernet0/1

  Service-policy output: WITHOUTCIR

    Class-map: ICMP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol icmp
      police:
          cir 9000 bps, bc 1500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
      1 packets, 74 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
HQ1(config-if)#
HQ1(config-if)#do ping 10.6.6.1 size 1400 time 0 rep 7

Type escape sequence to abort.
Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds:
.......
Success rate is 0 percent (0/7)
HQ1(config-if)#do show policy-map int f0/1
 FastEthernet0/1

  Service-policy output: WITHOUTCIR

    Class-map: ICMP (match-all)
      7 packets, 9898 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol icmp
      police:
          cir 9000 bps, bc 1500 bytes
        conformed 1 packets, 1414 bytes; actions:
          transmit
        exceeded 6 packets, 8484 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

    Class-map: class-default (match-any)
      8 packets, 564 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
HQ1(config-if)#policy-map WITHOUT
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police 9000 ?
  <1000-512000000> Burst bytes
  bc Conform burst
  conform-action action when rate is less than conform burst
  pir Peak Information Rate
  <cr>

HQ1(config-pmap-c)#police 9000
HQ1(config-pmap-c-police)#?
QoS Class Police configuration commands:
  conform-action action when rate is less than conform burst
  exceed-action action when rate is within conform and conform + exceed
burst
  exit Exit from Police configuration mode
  no Negate or set default values of a command
  violate-action action when rate is greater than conform + exceed burst

HTH

-- 
Victor Cappuccio
www.vcappuccio.wordpress.com
On Dec 3, 2007 9:23 AM, Asim Zafar <asim.mz@gmail.com> wrote:
> Please if you can write a 3 or 4 liner that will be gr8.
>
> On 12/2/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> >
> > Mohammad,
> >                      These two are very different from each other. If
> > you do a search on GS, you will find very good articles comparing the
> > two.
> > I have also included a link that has a lot of examples:
> >
> >
> >
> http://www.cisco.com/en/US/docs/switches/metro/me2400/software/release/12.2_25_seg_seg1/configuration/guide/swqos.html#wp1420121
> >
> > If you still have difficulty, please let me know and I will explain in
> > detail.
> >
> > HTH,
> > Tarun
> >
> >
> > On Dec 2, 2007 9:51 AM, Mohammad Tawfiq Dawod <www.engineer@gmail.com>
> > wrote:
> > > Gents,
> > >
> > > In a policy-map when using the command : " police 64000" is it
> > equivalent to
> > > "police cir 64000"?
> > > --
> > > Best Regards,
> > > Mohammad
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Thanks & Regards,
>
> Asim Zafar
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Narbik Kocharians: "Re: Best way to draw own Diagram...."
• Previous message: Tarun Pahuja: "Re: Frame PVC, LMI and Map Show Commands - Point Verification"
• Maybe in reply to: Mohammad Tawfiq Dawod: "police X versos police cir X"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jan 01 2008 - 12:04:29 ARST