here is my go an explanation...
police rate is for control plane from the doccd from 12.3 but the example i
give below is from the 12.4 configuration guide so it does seem to give
confusion
it does state that if you do not specific that "If the *police rate* command
is issued, but the a rate is not specified, traffic that is destined for the
control plane will be policed on the basis of bps." and the standard
'police' from my example is in bps change it to 'police rate' and specify
pps and see the different output in the 'show policy-map control-plane'
http://www.cisco.com/en/US/docs/ios/12_3t/qos/command/reference/qos_o1gt.html
#wp1090915
also a note on using NBAR as to acls for this control-plane policing that i
think is important:
Features that require Network-Based Application Recognition (NBAR)
classification may not work well at the control plane level. The following
classification (match) criteria are supported on all platforms:
�Standard and extended IP access lists (ACLs).
�In class-map configuration mode: *match ip dscp*, *match ip precedence*,
and *match protocol arp, *and* match protocol pppoe *commands.
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_policn
g_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027265
I came up with this, might need to do some work with the class-default
class, i left it at default, like the example in the doccd, but might limit
that to the 10kb also to meet the requirements...
ip access-list extended DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
deny ospf any any
deny tcp any eq bgp any
deny tcp any any eq bgp
permit ip any any
class-map CONTROL_PLANE_CM
match access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
policy-map CONTROL_PLANE_PM
class CONTROL_PLANE_CM
police 10000 conform transmit exceed drop
control-plane
service-policy input CONTROL_PLANE_PM
Rack1R1#sh policy-map control-plane
Control Plane
Service-policy input: CONTROL_PLANE_PM
Class-map: CONTROL_PLANE_PM (match-all)
22 packets, 1364 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
police:
cir 10000 bps, bc 1500 bytes, be 1500 bytes
conformed 22 packets, 1364 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
10 packets, 959 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
WITH POLICE RATE see pps instead of bps:
Rack1R1#sh policy-map control-plane
Control Plane
Service-policy input: CONTROL_PLANE_CM
Class-map: CONTROL_PLANE_CM (match-all)
2 packets, 124 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name ALLOW_OSPF_BGP_CONTROL_PLANE
police:
rate 10000 pps, burst 2 packets
conformed 2 packets; actions:
transmit
exceeded 0 packets; actions:
drop
conformed 0 pps, exceed 0 pps
Class-map: class-default (match-any)
4 packets, 214 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
--
Garry L. Baker
On Sun, Mar 13, 2011 at 11:36 AM, imran ali <immrccie_at_gmail.com> wrote:
> Hi all
>
>
> i wanted to know what is the difference between the following
>
> policy-map POLICE
> class class-default
> -> police 10000 conform transmit exceed drop
>
>
> --> police rate 10000
>
> are both actions same ??
>
> 2) i want to exclude " routing protocol traffic " from rate limiting but
> all other control plane traffic should be rate limited to 10kbps.
>
> is this solution correct ?
>
> class-map match-any PROTOCOLS
> match protocol ospf
> match protocol bgp
>
> policy-map RATE
> class PROTOCOLS
> class class-default
> policy rate 10000
>
> control-plane
> service-policy input RATE
>
> thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Mar 13 2011 - 18:10:17 ART