Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

SP ASR9000 Policing


I am trying to design a policing strategy/implementation for circuits we provide as a Service Provider, be it internet circuits or EoMPLS circuits (in the future I will have the requirement to do the same for VPLS and L3 IPVPN circuits).

All of the customer circuits come into ASR 9001's on bundle-ethernet interfaces and I am looking to police on the subinterface (or whatever anyone else can suggest as a better solution, what do other SP's do to throttle customer circuits to the CIR/CDR?).

I have tried to do some tersting using the below policy-map:

policy-map 10mbps-POLICY

class class-default

  police rate 10485760 bps burst 104858 bytes peak-burst 209716 bytes

   conform-action transmit

   exceed-action drop




After applying this to a subinterface in the inbound direction I run speedtests (to multiple different servers) and I get around 8.5 - 9 mbps most of the time, on a couple of occasions I got 10 mbps

After applying this same policy-map to the same subinterface in the outbound direction I run speedtests (to multiple different servers) and I get between 20 and 21 mbps.

Can someone please help to explain why this is happening and if this is the right approach?

Thanks a lot in advance.


SP ASR9000 Policing

Can anyone comment on this?

New Member

Hello,I have the same problem


I have the same problem as you mention, I've tried to set policy on the outbond direction with "shape" first and after also with "police rate" and I can't have a correct speed for the outbound direction. I've tried to play with the burst by decreasing it, but the results are not contant.

Did you find a solution?

Thanks for your replay.


New Member

Hi all. I remember that i

Hi all. I remember that i read something about a similar thing, when creating configs for ASR9006. Sorry to say, i can't remember why or were i read this. I was looking for BCP for IOS XR and ASR9k. There were something with traffic and shaping on the outbound. Here's the workaround that was presented. Don't know if this has anything to do with your presented problem, but maybe it's worth trying.

policy-map DUMMY
 class class-default
  bandwidth percent 100
policy-map BW_OUT
 class class-default
  service-policy DUMMY
   shape average 600 mbps

Cisco Employee

There are 2 possible

There are 2 possible explanations for this:

First of all it is important to understand that when you have bundles, the qos policy or features are individually applied to all members. So with 2 members in a bundle, and assuming perfect loadbalancing you could see twice the assigned BW applied. That because each member is policed at the rate defined.

When the policer is not reaching its defined rate, that generally is caused by the burst setting size of the policer. If you have a 2 rate 2 color policer which is what you have here, then either the traffic conforms or it doesnt. and if it doesnt it is dropped. this gives you a very sawtooth like behavior.

It is generally nicer, maybe, to set up for a 3 color policer with confirm, exceed and violate.

Allow packets within the rate to be marked green and burst traffic marked yellow and still transmit where the violate action will indeed be drop.

Have a look at the asr9000 quality of service architecture guide on the forums with some details on the policer and config. Also the cisco live 2904 from 2013 and 2014 have some additional details on the QOS archi that you may like.

As for the bundle doubling the bw etc, there are few options, vlan or destination based loadbalancing or reducing the BW to configure "half" of what you want to assign when you have 2 members so that the total agg is the desired bw.

This percentage based approach is nice also in case a member disappears so all services degrade equally by ratio properly.



Xander Thuijs CCIE #6775 Principal Engineer ASR9000, CRS, NCS6000 & IOS-XR