cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
650
Views
0
Helpful
7
Replies

police and prioritize traffic

cmcglone
Level 1
Level 1

i have an mpls service from provider that provides a guaranteed bandwidth of 200 mbps (total) to traffic marked af11 or af12 and best effort for unmarked traffic.

i want to create a marking / policing policy that allows customer to prioritize af11 over af12 in ce facing provider.

ce device should transmit af11 traffic up to 200 mbps and if it exceeds 200 mbps mark down before sending to provider.
if no af11 traffic is present ce device should transmit af12 traffic up to 200 mbps and if it exceeds 200 mbps mark down
before sending to provider.

If both af11 and af12 traffic are present however, af11 should be prioritised over af12 traffic.

i.e. if af11 traffic is at 150 mbps and af12 at 50 mbps and af11 traffic increases to 160 mbps this should now cause af12
traffic in excess of 40 mbps to be marked down before sending to provider.

Not sure if this is possible but would really appreciate your input.

7 Replies 7

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Hmm, I'm unable to see how that might be accomplished.

You could police AF11 and AF12, mark down excess over 200 Mbps and at a botteneck prefer AF11 over AF12, but I don't see a way to shift markings between the two AF markings from a common bandwidth allocation.

You could also set aside a fix amount of bandwidth for each marking, e.g. 150 for AF11 and 50 for AF12, and police each with mark downs if they exceed their individual limits, yet this doesn't allow them to take advantage of the others "unused" bandwidth.

You can remark AF11 to BE when it exceeds 200Mb and do the same for AF12 and use priority levels to tell which one has better priority, for example:
policy-map Global

class af11

police 200000000 conform-action transmit  exceed-action set-dscp-transmit default violate-action set-dscp-transmit default

priority level 1

class af12

police 200000000 conform-action transmit  exceed-action set-dscp-transmit default violate-action set-dscp-transmit default

priority level 2

 

What the above does is prioritize with level 1 (higher priority) AF11 and allow it to reach 200Mb, when it reaches 200Mb it is re-marked as "default" which is BestEffort 0, the same is done for AF12 but with a lower priority level "2".

many thanks Ruggero ..one thing that may be an issue with this is if both af11 and af12 were at say 150mb they would not be policed and MPLS provider only allows 200 mbps total.

Not an issue, you can size the BW and shaping on the parent policy map to prevent them to oversubscribe the line at 200Mb:

policy-map Child

class af11

police 200000000 conform-action transmit  exceed-action set-dscp-transmit default violate-action set-dscp-transmit default

priority level 1

class af12

police 200000000 conform-action transmit  exceed-action set-dscp-transmit default violate-action set-dscp-transmit default

priority level 2

!

policy-map Parent

shape-average 200000000

bandwidth 200000

service-policy Child

 

If they run both at 150Mb the child classes knows that the BW is 200Mb and it will prevent them to run over the 200Mb limit, at the same time AF11 gets more prioritized because it runs on "priority level 1"

thanks Joseph ..i have had a look at the legacy technology CAR which might be an option though i have yet to lab test. Somethink like this:

CE

interface FastEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 rate-limit output access-group 101 200000000 1500 2000 conform-action transmit exceed-action continue
 rate-limit output access-group 102 8000 1500 2000 conform-action transmit exceed-action set-dscp-transmit 0

rate-limit output access-group 101 200000000 1500 2000 conform-action transmit exceed-action set-dscp-transmit 0

 

access-list 101 permit ip any any dscp af11
access-list 101 permit ip any any dscp af12
access-list 102 permit ip any any dscp af12

Where acl 101 looks for both af11 and af12 whereas acl 102 only marks down af12.

Will update post after lab tests.

 

sorry should also be acl 103:

interface FastEthernet0/1
 ip address 192.168.2.1 255.255.255.0
 rate-limit output access-group 101 200000000 1500 2000 conform-action transmit exceed-action continue
 rate-limit output access-group 102 8000 1500 2000 conform-action transmit exceed-action set-dscp-transmit 0

rate-limit output access-group 103 200000000 1500 2000 conform-action transmit exceed-action set-dscp-transmit 0
 

access-list 101 permit ip any any dscp af11
access-list 101 permit ip any any dscp af12


access-list 102 permit ip any any dscp af12

access-list 103 permit ip any any dscp af11

 

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I think you'll find the matching rate-limit will "win", i.e. it's not recursive.

I believe I understand what you want to accomplish, but still don't see a way to accomplish it, even across multiple devices.

Also, I cannot see how it can be done with "stock" QoS features, because to do this, a process really needs to analyze a packet stream before it's transmitted.  Basically given a set of packets with the AF11 and AF12 markings, you need to "look" ahead at the packets that will "fit" in the Tc for the physical egress rate.  Once that's determined, you can allow up to Bc of AF11 packets.  If Bc isn't fully consumed by AF11 packets, you allow what's left over to AF12 packets.

Policers/rate-limiters don't look ahead.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: