Re: copp from Maulik Parekh on 2011-03-14 (Ccielab archives 03/2011)

From: Maulik Parekh <maulik2parekh_at_gmail.com>
Date: Mon, 14 Mar 2011 14:51:38 +0530

Consider the below : Police rate can be applied with bps as well as pps. So
I *think* you should for "police rate".

police rate (control-plane)

To configure traffic policing for traffic that is destined for the control
plane, use the *police rate *command in policy-map class configuration mode.
To remove traffic policing from the configuration, use the *no* form of this
command.

Syntax for Packets Per Seconds

*police rate* *units* *pps* [*burst* *burst-in-packets* packets] [*peak-rate
**peak-rate-in-pps* pps] [*pack-burst* *peak-burst-in-packets* packets]

*no police rate* *units* *pps* [*burst* *burst-in-packets* packets] [*peak-rate
**peak-rate-in-pps* pps] [*pack-burst* *peak-burst-in-packets* packets]

Syntax for Bytes Per Seconds

*police rate* *units* *bps* [*burst **burst-in-bytes* *bytes*] [*peak-rate*
*peak-rate-in-bps* *bps*] [*peak-burst **peak-burst-in-bytes* *bytes*]

*no* *police rate* *units* *bps* [*burst **burst-in-bytes* *bytes*] [*
peak-rate* *peak-rate-in-bps* *bps*] [*peak-burst **peak-burst-in-bytes* *
bytes*]

Syntax for Percent

*police rate percent* *percentage* [*burst* *ms *ms] [*peak-rate percent* *
percentage*] [*peak-burst **ms *ms]

*no* *police rate percent* *percentage* [*burst* *ms* *ms*] [*peak-rate
percent* *percentage*] [*peak-burst **ms* *ms*]
Regards,
Maulik Parekh

On Sun, Mar 13, 2011 at 9:56 PM, imran ali <immrccie_at_gmail.com> wrote:

> thanks for very informative explanation Garry baker,
>
> i think if in lab they ask to rate limit to 10 kbps , we need to go with
> just " police " command that will be most accurate.
>
> with police rate , ios will consider pps . assuming an avg of 64kb per
> packet ,
> it will be 10000/ 64 = result pps . This value should be used with " police
> rapte " command.
>
> can some one plz confirm that my logic is correct ?
>
> thanks
>
> On Sun, Mar 13, 2011 at 6:10 PM, garry baker <baker.garry_at_gmail.com>
> wrote:
>
> > here is my go an explanation...
> >
> > police rate is for control plane from the doccd from 12.3 but the example
> i
> > give below is from the 12.4 configuration guide so it does seem to give
> > confusion
> >
> > it does state that if you do not specific that "If the *police
> rate*command
> is issued, but the a rate is not specified, traffic that is destined
> > for the control plane will be policed on the basis of bps." and the
> > standard 'police' from my example is in bps change it to 'police rate'
> and
> > specify pps and see the different output in the 'show policy-map
> > control-plane'
> >
> >
> >
>
> http://www.cisco.com/en/US/docs/ios/12_3t/qos/command/reference/qos_o1gt.html
> #wp1090915
> >
> > also a note on using NBAR as to acls for this control-plane policing that
> i
> > think is important:
> >
> > Features that require Network-Based Application Recognition (NBAR)
> > classification may not work well at the control plane level. The
> following
> > classification (match) criteria are supported on all platforms:
> >
> > Standard and extended IP access lists (ACLs).
> >
> > In class-map configuration mode: *match ip dscp*, *match ip precedence*,
> > and *match protocol arp, *and* match protocol pppoe *commands.
> >
> >
> >
> >
>
> http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/ctrl_plane_policn
> g_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027265
> >
> > I came up with this, might need to do some work with the class-default
> > class, i left it at default, like the example in the doccd, but might
> limit
> > that to the 10kb also to meet the requirements...
> >
> > ip access-list extended DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
> > deny ospf any any
> > deny tcp any eq bgp any
> > deny tcp any any eq bgp
> > permit ip any any
> >
> > class-map CONTROL_PLANE_CM
> > match access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
> >
> > policy-map CONTROL_PLANE_PM
> > class CONTROL_PLANE_CM
> >
> > police 10000 conform transmit exceed drop
> >
> > control-plane
> > service-policy input CONTROL_PLANE_PM
> >
> >
> > Rack1R1#sh policy-map control-plane
> > Control Plane
> >
> > Service-policy input: CONTROL_PLANE_PM
> >
> > Class-map: CONTROL_PLANE_PM (match-all)
> > 22 packets, 1364 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: access-group name DONT_LIMIT_OSPF_BGP_CONTROL_PLANE
> > police:
> > cir 10000 bps, bc 1500 bytes, be 1500 bytes
> > conformed 22 packets, 1364 bytes; actions:
> > transmit
> > exceeded 0 packets, 0 bytes; actions:
> > drop
> > violated 0 packets, 0 bytes; actions:
> > drop
> > conformed 0 bps, exceed 0 bps, violate 0 bps
> >
> > Class-map: class-default (match-any)
> > 10 packets, 959 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: any
> >
> > WITH POLICE RATE see pps instead of bps:
> >
> > Rack1R1#sh policy-map control-plane
> > Control Plane
> >
> > Service-policy input: CONTROL_PLANE_CM
> >
> > Class-map: CONTROL_PLANE_CM (match-all)
> > 2 packets, 124 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: access-group name ALLOW_OSPF_BGP_CONTROL_PLANE
> > police:
> > rate 10000 pps, burst 2 packets
> > conformed 2 packets; actions:
> > transmit
> > exceeded 0 packets; actions:
> > drop
> > conformed 0 pps, exceed 0 pps
> >
> > Class-map: class-default (match-any)
> > 4 packets, 214 bytes
> > 5 minute offered rate 0 bps, drop rate 0 bps
> > Match: any
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > --
> > Garry L. Baker
> >
> >
> >
> > On Sun, Mar 13, 2011 at 11:36 AM, imran ali <immrccie_at_gmail.com> wrote:
> >
> >> Hi all
> >>
> >>
> >> i wanted to know what is the difference between the following
> >>
> >> policy-map POLICE
> >> class class-default
> >> -> police 10000 conform transmit exceed drop
> >>
> >>
> >> --> police rate 10000
> >>
> >> are both actions same ??
> >>
> >> 2) i want to exclude " routing protocol traffic " from rate limiting
> but
> >> all other control plane traffic should be rate limited to 10kbps.
> >>
> >> is this solution correct ?
> >>
> >> class-map match-any PROTOCOLS
> >> match protocol ospf
> >> match protocol bgp
> >>
> >> policy-map RATE
> >> class PROTOCOLS
> >> class class-default
> >> policy rate 10000
> >>
> >> control-plane
> >> service-policy input RATE
> >>
> >> thanks
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Mon Mar 14 2011 - 14:51:38 ART

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART