From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Tue Dec 02 2008 - 02:56:36 ARST
As to the basic question of whether or not the implicit policer is invoked
in the absence of congestion, here is a little test I just threw together
after dinner on my little c877 router here at the house:
c877#sh run | sec class-map
class-map match-any ICMP
match protocol icmp
c877#sh run | sec policy-map
policy-map TEST_PRIORITY
class ICMP
priority 10
c877#sh run int dot0 | inc service-policy
service-policy output TEST_PRIORITY
(kicks off some large pings around the network that will traverse this
interface and waits for at least 1000 packets)
c877#sh policy-map int dot0
Dot11Radio0
Service-policy output: TEST_PRIORITY
Class-map: ICMP (match-any)
1003 packets, 1446522 bytes
5 minute offered rate 23000 bps, drop rate 0 bps
Match: protocol icmp
1003 packets, 1446522 bytes
5 minute rate 23000 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 10 (kbps) Burst 250 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: class-default (match-any)
6573 packets, 3261356 bytes
5 minute offered rate 41000 bps, drop rate 0 bps
Match: any
(clears counters and changes configs as follows)
c877#sh run | sec policy-map
policy-map TEST_PRIORITY
class ICMP
priority 10
police 10000
(kicks off identical large pings around the network that will traverse this
interface and waits for at least another 1000 packets)
c877#sh policy-map int dot0
Dot11Radio0
Service-policy output: TEST_PRIORITY
Class-map: ICMP (match-any)
1002 packets, 1335683 bytes
5 minute offered rate 16000 bps, drop rate 8000 bps
Match: protocol icmp
1002 packets, 1335683 bytes
5 minute rate 16000 bps
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 10 (kbps) Burst 250 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
police:
cir 10000 bps, bc 1500 bytes
conformed 383 packets, 493857 bytes; actions:
transmit
exceeded 619 packets, 841874 bytes; actions:
drop
conformed 7000 bps, exceed 7000 bps
Class-map: class-default (match-any)
6920 packets, 2396819 bytes
5 minute offered rate 7000 bps, drop rate 0 bps
Match: any
So I think that makes pretty clear that the explicit policer was dropping
traffic that the implicit policer wasn't. As for why the "5 minute offered
rate" was a bit lower in the second scenario, I think that had to do with
the end hosts generating the echo requests waiting for timeouts when packets
were dropped by the explicit policer, thus their overall output was slightly
lower. Some of the other counters just don't exactly add up and I really
have no explanation for that. Just different measurement intervals for
different sections of the output? Regardless, this is fairly compelling
IMHO...
(HOPING LIKE HELL THAT THE FORMATTING DOESN'T GET HOSED!!)
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:07 ARST