05-17-2012 09:08 AM - edited 03-07-2019 06:45 AM
policy-map police1
class policeclass
police 1000000 31250 31250 conform-action transmit exceed-action drop
If this command is used on a 6500, what exactly is it doing?
On the 3750s, the general idea is
police rate-bps burst-byte [exceed-action {drop|policed-dscp-transmit}]
so in this instance, it looks like traffic that exceeds a burst rate will be dropped, etc., depending on what you want to do
but on the 6500 we have 3 fields (1000000 31520 31250) not 2
Why 3? Is this in bps (bits per second), Bytes per second?
On a typical 100mbs link, what would I set these values to in order to prevent congestion?
Any help here would be appreciated
Solved! Go to Solution.
05-18-2012 08:53 AM
What task are you trying to solve? Policing is a very specific tool. May be you need something else...
05-17-2012 11:54 AM
On 3750 you have only simple 1-rate 2-color policer that does not allow you set Be value. There you may only use two colors of trafiic - conformed and exceeded. Using Be value means that you using 1-rate 3-color policer (conformed, exceeded and violated). And for each "color" you probably may choose different policy (transmit, drop, police-dscp etc)
Bc/Be values may be expressed in different ways (Bps or bps) - you need to check this during configuration with a context help. These values and policer itself are not for interface, they are created for a some type of traffic (Voice, Data, something else) and therefore Bc/Be depend on type of traffic they police. There are some recommendations from Cisco and others but they are also for tipical types of traffic.
05-18-2012 06:53 AM
OK, so let's say I have the following
class-map match-all class1
match access-group 102
policy-map pol1
class class1
police 1000000 32000 exceed-action drop
access-list 102 permit ip any any
on a 3750
does this mean a burst that goes over 32000 "normal burst-bytes" will be dropped? (sent to the bit bucket)
what is the 3rd value on the 6500? (police 1000000 31250 31250)
05-18-2012 07:35 AM
does this mean a burst that goes over 32000 "normal burst-bytes" will be dropped? (sent to the bit bucket)
Yes, exactly. All traffic that goes over Bc (32000) during Tc time (CIR/Bc) will be dropped.
what is the 3rd value on the 6500? (police 1000000 31250 31250)
It is Be = Burst Exceed.
Cat6500(config-pmap-c)# police 1000000 32000 ?
<1000-512000000> Burst bytes
be Excess burst
conform-action action when rate is less than conform burst
pir Peak Information Rate
Value that show how much traffic is ALLOWED to burst over Bc. This traffic is no guaranteed but also not dropped automatically. You should also see additional policy for that traffic:
conform-action
exceed-action
violate-action
05-18-2012 07:52 AM
Ah, OK
Now I am wondering what these settings should be on a 100mbs link vs. 1Gbs, etc.
The example above is from 1GBs
Does Cisco have a document on this?
05-18-2012 08:53 AM
What task are you trying to solve? Policing is a very specific tool. May be you need something else...
05-18-2012 09:11 AM
I don't have a specific problem, but am simply attempting to understand the parameters and options involved.
It would be very difficult to determine a policing strategy based on a given application behavior if no documentation exists as to how much policing you need to do (limiting queue attention and bandwidth), etc. Maybe this is something that needs to come from a vendor. It also depends on the interface speed.
05-18-2012 09:38 AM
Policing is a specific tool but it has default values that you may use in many situations. It does not queue traffic, and is used primarily on inbound direction of interface. In it's basic it is an ISP tool for limiting customer's traffic. SLA usually contains a number of parameters (CIR, Bc, Be) and you use them directly here. For some reasons policing is used in LLQ and it is used in switches for inbound traffic limiting, when the switch has a blocked architecture. Different situations require different parameters.
05-18-2012 10:06 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Both policers (aka rate-limiters) and shapers allow you to restrict bandwidth utilization to less than physical capacity. For example, if you had 100 Mbps ingess port sending traffic to a 10 Mbps port, you might use a policer or shaper to "emulate" similar traffic forwarding behavior on a router with both 100 Mbps ingess and egress ports.
Assuming we want to emulate 10 Mbps egress on 100 Mbps, a 10 Mbps policer's traffic forwarding would behave much like a physical 10 Mbps interface with a shallow egress queue. I.e. too much traffic in too short an interval excess traffic gets dropped.
A 10 Mbps shaper's traffic forwarding would behave much like a physical 10 Mbps interface with a much deeper egress queue. I.e. too much traffic in too short an interval excess traffic gets queued.
Burst interval or burst sizes are somewhat like changing an interface's queue/buffer resources for drop management.
Policers, since they don't actually queue, can be used for ingress or egress. Policers can also be user to mark rather than drop.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: