thanks for very informative explanation Garry baker,
i think if in lab they ask to rate limit to 10 kbps , we need to go with
just " police " command that will be most accurate.
with police rate , ios will consider pps . assuming an avg of 64kb per
packet ,
it will be 10000/ 64 = result pps . This value should be used with " police
rapte " command.
can some one plz confirm that my logic is correct ?
thanks
On Sun, Mar 13, 2011 at 6:10 PM, garry baker <baker.garry_at_gmail.com> wrote:
> here is my go an explanation...
>
> police rate is for control plane from the doccd from 12.3 but the example i
> give below is from the 12.4 configuration guide so it does seem to give
> confusion
>
> it does state that if you do not specific that "If the *police rate*command
is issued, but the a rate is not specified, traffic that is destined
> for the control plane will be policed on the basis of bps." and the
> standard 'police' from my example is in bps change it to 'police rate' and
> specify pps and see the different output in the 'show policy-map
> control-plane'
>
>
>
http://www.cisco.com/en/US/docs/ios/12_3t/qos/command/reference/qos_o1gt.html
#wp1090915
>
> also a note on using NBAR as to acls for this control-plane policing that i
> think is important:
>
> Features that require Network-Based Application Recognition (NBAR)
> classification may not work well at the control plane level. The following
> classification (match) criteria are supported on all platforms:
>
> �Standard and extended IP access lists (ACLs).
>
> �In class-map configuration mode: *match ip dscp*, *match ip precedence*,
> and *match protocol arp, *and* match protocol pppoe *commands.
>
>
>
>
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_policn
g_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027265
>
> I came up with this, might need to do some work with the class-default
> class, i left it at default, like the example in the doccd, but might limit
> that to the 10kb also to meet the requirements...
>
> ip access-list extended DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
> deny ospf any any
> deny tcp any eq bgp any
> deny tcp any any eq bgp
> permit ip any any
>
> class-map CONTROL_PLANE_CM
> match access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
>
> policy-map CONTROL_PLANE_PM
> class CONTROL_PLANE_CM
>
> police 10000 conform transmit exceed drop
>
> control-plane
> service-policy input CONTROL_PLANE_PM
>
>
> Rack1R1#sh policy-map control-plane
> Control Plane
>
> Service-policy input: CONTROL_PLANE_PM
>
> Class-map: CONTROL_PLANE_PM (match-all)
> 22 packets, 1364 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
> police:
> cir 10000 bps, bc 1500 bytes, be 1500 bytes
> conformed 22 packets, 1364 bytes; actions:
> transmit
> exceeded 0 packets, 0 bytes; actions:
> drop
> violated 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps, violate 0 bps
>
> Class-map: class-default (match-any)
> 10 packets, 959 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
> WITH POLICE RATE see pps instead of bps:
>
> Rack1R1#sh policy-map control-plane
> Control Plane
>
> Service-policy input: CONTROL_PLANE_CM
>
> Class-map: CONTROL_PLANE_CM (match-all)
> 2 packets, 124 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: access-group name ALLOW_OSPF_BGP_CONTROL_PLANE
> police:
> rate 10000 pps, burst 2 packets
> conformed 2 packets; actions:
> transmit
> exceeded 0 packets; actions:
> drop
> conformed 0 pps, exceed 0 pps
>
> Class-map: class-default (match-any)
> 4 packets, 214 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
>
>
>
>
>
>
>
>
>
> --
> Garry L. Baker
>
>
>
> On Sun, Mar 13, 2011 at 11:36 AM, imran ali <immrccie_at_gmail.com> wrote:
>
>> Hi all
>>
>>
>> i wanted to know what is the difference between the following
>>
>> policy-map POLICE
>> class class-default
>> -> police 10000 conform transmit exceed drop
>>
>>
>> --> police rate 10000
>>
>> are both actions same ??
>>
>> 2) i want to exclude " routing protocol traffic " from rate limiting but
>> all other control plane traffic should be rate limited to 10kbps.
>>
>> is this solution correct ?
>>
>> class-map match-any PROTOCOLS
>> match protocol ospf
>> match protocol bgp
>>
>> policy-map RATE
>> class PROTOCOLS
>> class class-default
>> policy rate 10000
>>
>> control-plane
>> service-policy input RATE
>>
>> thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Mar 13 2011 - 19:26:17 ART