Re: Policing and CIR,PIR,BC,BE

Quick Edit:

"If we are over the policed rate, but still within the max burst (Be in
bytes) then we do something else based on the exceed action (usually drop or
mark down)."

What I meant to say was if we are over the max burst rate (Be) then we do
something else entirely... So exceed with the single rate 2 color policer is
"I went over Be". Sorry.

On Fri, Dec 11, 2009 at 3:33 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:

> Hi!
>
> This is certainly one of the more confusing topics : )
>
> 1) The plain vanilla "police <bps>" command implements EITHER what we call
> a single-rate two-color policer or a single rate three-color policer
> depending on if you specify a violate action or not. In other words, with
> no violate action defined we police based on only ONE rate, which would be
> what you specify in bps in the command, and we can do certain things -- if
> we are within the rate we "conform" and do some action (usually transmit).
> If we are over the policed rate, but still within the max burst (Be in
> bytes) then we do something else based on the exceed action (usually drop or
> mark down). IF you choose to specify a violate action you are now
> implementing a single-rate three-color policer. This is essentially the
> same thing but more granular. Now you can say if I am within the policed
> rate then I conform and do this thing...if I am over the rate but still less
> than the Be that do something else (you went over the rate, but you are
> still somewhere between the normal burst Bc and the max burst Be) and
> finally if I am over the max burst do something else entirely. So you have
> three options instead of two, hence the three colors.
>
> 2) The command "police cir" gets more "interesting" : ) When you do police
> cir you are implementing a DUAL-rate three-color policer. This introduces
> the whole concept of PIR. You are actually policing based on TWO entirely
> different rates, as you actually have two separate token buckets involved,
> Tc and Tp and you have different actions for each bucket being policed.
> Essentially, you still have your three options (conform, exceed, violate)
> but now exceed means "I went over the policed CIR rate but I am still under
> the peak rate." The burst rate here would be related to the first token
> bucket. Every Tc time interval you get Bc tokens in the first bucket to
> play with. So essentially exceed means that you went over your allotted Bc
> tokens per Tc and you need to wait for Bc to refill if you want to send at
> that rate. The violate action here relates to the PIR and means "I went
> over the policed CIR rate, AND I went over the PIR rate too...now I'm
> screwed". The PIR rate relates to the 2nd token bucket you are policing
> which gets Bc + Be tokens every Tc interval.
>
> 3) Remember that with policing your Bc and Be are specified in terms of
> BYTES usually. Be careful.
>
> So in summary:
>
> police <bps> -- single rate two color OR single rate three color depending
> on options. conform means within the bps rate. Exceed means you went over
> the Bc rate and Violate means you are over Bc + Be.
> police <cir> -- dual rate three color policer. conform means within the CIR
> rate. Exceed means you went over policed rate of the FIRST bucket (Be).
> Violate means you are over the policed rate of the SECOND bucket (PIR)
>
> HTH!!!
>
>
> On Fri, Dec 11, 2009 at 3:04 PM, karim jamali <karim.jamali_at_gmail.com>wrote:
>
>> Dear Amr,
>>
>> The link brings a good understanding of Policing:
>>
>> http://wiki.nil.com/QoS_Policing_in_Cisco_IOS
>>
>> Petr's Policing vs Shaping article on INE Blog:
>>
>>
>> http://blog.internetworkexpert.com/2008/07/03/at-a-glance-the-difference-between-shaping-and-policing/
>>
>>
>> I do believe in some sort or the other the values do correspond to each
>> other (I mean shaping & policing values).
>> The way it is explained is the token bucket; tokens are always added to
>> the
>> bucket in case of policing at the rate of the cir, when a packet comes, if
>> enough tokens in the bucket exist to send the packet it is sent; otherwise
>> it is discarded.
>>
>> Then the concept of PIR is introduced, it comes with some ISPs which will
>> allow you to go above the CIR; filling the regular token bucket with the
>> rate of CIR and an additional excess token bucket with the PIR rate. So
>> now
>> if a packet comes we will check if enough tokens (CIR+PIR) are available
>> to
>> send the packet otherwise it will be dropped. When both CIR & PIR are
>> specified this is a dual token bucket where three actions can take place
>> (Conform/Exceed/Violate).
>>
>> Police & Police cir as far as i believe do the same function. However
>> police
>> rate is used for control-plane policing(traffic destined to the control
>> plane).
>>
>> Check this link for the difference between Police commands:
>>
>>
>> http://www.cisco.com/en/US/docs/ios/12_3t/qos/command/reference/qos_o1gt.html#wp1090915
>>
>> Best Regards,
>>
>> --
>> KJ
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Regards,
>
> Joe Astorino CCIE #24347 (R&S)
> Sr. Technical Instructor - IPexpert
> Mailto: jastorino_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
> Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
> Provider) Certification Training with locations throughout the United
> States, Europe and Australia. Be sure to check out our online communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
>

-- 
Regards,
Joe Astorino CCIE #24347 (R&S)
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
Blogs and organic groups at http://www.ccie.net