OK, so let's say I have the following

class-map match-all class1

match access-group 102

policy-map pol1

class class1

police 1000000 32000 exceed-action drop

access-list 102 permit ip any any

on a 3750

does this mean a burst that goes over 32000 "normal burst-bytes" will be dropped? (sent to the bit bucket)

what is the 3rd value on the 6500? (police 1000000 31250 31250)

does this mean a burst that goes over 32000 "normal burst-bytes" will be dropped? (sent to the bit bucket)

Yes, exactly. All traffic that goes over Bc (32000) during Tc time (CIR/Bc) will be dropped.

what is the 3rd value on the 6500? (police 1000000 31250 31250)

It is Be = Burst Exceed.

Cat6500(config-pmap-c)# police 1000000 32000 ?

  <1000-512000000>  Burst bytes

  be                Excess burst

  conform-action    action when rate is less than conform burst

  pir               Peak Information Rate

Value that show how much traffic is ALLOWED to burst over Bc. This traffic is no guaranteed but also not dropped automatically. You should also see additional policy for that traffic:

conform-action

exceed-action - THIS IS ABOUT THAT TRAFFIC

violate-action

Ah, OK

Now I am wondering what these settings should be on a 100mbs link vs. 1Gbs, etc.

The example above is from 1GBs

Does Cisco have a document on this?

I don't have a specific problem, but am simply attempting to understand the parameters and options involved.

It would be very difficult to determine a policing strategy based on a given application behavior if no documentation exists as to how much policing you need to do (limiting queue attention and bandwidth), etc. Maybe this is something that needs to come from a vendor. It also depends on the interface speed.

Policing is a specific tool but it has default values that you may use in many situations. It does not queue traffic, and is used primarily on inbound direction of interface. In it's basic it is an ISP tool for limiting customer's traffic. SLA usually contains a number of parameters (CIR, Bc, Be) and you use them directly here. For some reasons policing is used in LLQ and it is used in switches for inbound traffic limiting, when the switch has a blocked architecture. Different situations require different parameters.

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

Both policers (aka rate-limiters) and shapers allow you to restrict bandwidth utilization to less than physical capacity.  For example, if you had 100 Mbps ingess port sending traffic to a 10 Mbps port, you might use a policer or shaper to "emulate" similar traffic forwarding behavior on a router with both 100 Mbps ingess and egress ports.

Assuming we want to emulate 10 Mbps egress on 100 Mbps, a 10 Mbps policer's traffic forwarding would behave much like a physical 10 Mbps interface with a shallow egress queue.  I.e. too much traffic in too short an interval excess traffic gets dropped.

A 10 Mbps shaper's traffic forwarding would behave much like a physical 10 Mbps interface with a much deeper egress queue.  I.e. too much traffic in too short an interval excess traffic gets queued.

Burst interval or burst sizes are somewhat like changing an interface's queue/buffer resources for drop management.

Policers, since they don't actually queue, can be used for ingress or egress.  Policers can also be user to mark rather than drop.