Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4
Policer Enhancement---Multiple Actions
Download this chapter
Policer Enhancement---Multiple ActionsPolicer Enhancement---Multiple Actions
Download the complete book
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.4 (PDF - 5 MB)
give_us_feedback

Table Of Contents

Policer Enhancement — Multiple Actions

Feature Overview

Benefits

Restrictions

Related Features and Technologies

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring Multiple Policer Actions

Verifying the Multiple Policer Actions Configuration

Troubleshooting Tips

Monitoring and Maintaining the Multiple Policer Actions

Configuration Examples

Multiple Actions in a Two-Rate Policer: Example

Verifying the Multiple Policer Actions: Example

Command Reference


Policer Enhancement — Multiple Actions

Feature History

Release
Modification

12.2(8)T

This feature was introduced.


This document describes the Policer Enhancement — Multiple Actions feature in Cisco IOS Release 12.2(8)T. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Monitoring and Maintaining the Multiple Policer Actions

Configuration Examples

Command Reference

Feature Overview

This feature further extends the functionality of the Cisco IOS Traffic Policing feature (a single-rate policer) and the Two-Rate Policer feature. The Traffic Policing and Two-Rate Policer features are traffic policing mechanisms that allow you to control the maximum rate of traffic sent or received on an interface. Both of these traffic policing mechanisms mark packets as either conforming to, exceeding, or violating a specified rate. After a packet is marked, you can specify an action to be taken on the packet based on that marking.

With both the Traffic Policing feature and the Two-Rate Policer feature, you can specify only one conform action, one exceed action, and one violate action. Now with the new Policer Enhancement — Multiple Actions feature, you can specify multiple conform, exceed, and violate actions for the marked packets.

You specify the multiple actions by using the action argument of the police command. The resulting actions are listed in Table 1.

Table 1 police Command Action Arguments

Specified Action
Result

drop

Drops the packet.

set-clp-transmit

Sets the ATM Cell Loss Priority (CLP) bit from 0 to 1 on the ATM cell and transmits the packet.

set-dscp-transmit new-dscp

Sets the IP differentiated services code point (DSCP) value and transmits the packet with the ATM CLP bit set to 1.

set-frde-transmit

Sets the Frame Relay Discard Eligibility (DE) bit from 0 to 1 on the Frame Relay frame and transmits the packet.

set-mpls-exp-transmit

Sets the Multiprotocol Label Switching (MPLS) experimental (EXP) bits from 0 to 7 and transmits the packet.

set-prec-transmit new-prec

Sets the IP Precedence level and transmits the packet.

set-qos-transmit new-qos

Sets the Quality of Service (QoS) group value and transmits the packet.

transmit

Transmits the packet.


For more information about the police command, see the Cisco IOS Quality of Service Solutions Command Reference.

For more information about traffic policing, see the "Policing and Shaping Overview" module. For more information about the Two-Rate Policer feature, see the "Two-Rate Policer" module.

Benefits

Before this feature, you could specify only one marking action for a packet, in addition to transmitting the packet. This feature provides enhanced flexibility by allowing you to specify multiple marking actions for a packet, as required. For example, if you know the packet will be transmitted through both a TCP/IP and a Frame Relay environment, you can change the DSCP value of the exceeding or violating packet, and also set the Frame Relay Discard Eligibility (DE) bit from 0 to 1 to indicate lower priority.

Restrictions

On a Cisco 7500 series router, traffic policing can monitor Cisco Express Forwarding (CEF) or distributed CEF (dCEF) switching paths only. To use the Two-Rate Policer, CEF or dCEF must be configured on both the interface receiving the packet and the interface sending the packet.

On a Cisco 7500 series router, traffic policing cannot be applied to packets that originated from or are destined to a router.

Multiple policer actions can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC) only.

When using this feature, you can specify a maximum of four actions at one time.

Multiple policer actions are not supported on the following interfaces:

Fast EtherChannel

PRI

Any interface on a Cisco 7500 series router that does not support CEF or dCEF

Related Features and Technologies

Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC)

Class-Based Weighted Fair Queueing (CBWFQ)

Class-Based Packet Marking

Traffic Policing

Two-Rate Policing

Related Documents

"Applying QoS Features Using the MQC" module

"Configuring Weighted Fair Queueing" module

"Marking Network Traffic" module

"Policing and Shaping Overview" module

"Traffic Policing" module

"Two-Rate Policer" module

Cisco IOS Quality of Service Solutions Command Reference.

RFC 2697, A Single Rate Three Color Marker

RFC 2698, A Two Rate Three Color Marker

Supported Platforms

Cisco 1700 series

Cisco 2600 series

Cisco 3620

Cisco 3640

Cisco 3660

Cisco 7100 series

Cisco 7200 series

Cisco 7500 series (VIP-based platform only)

Cisco MC3810

Note To use the set-clp-transmit action available with this feature, the Enhanced ATM Port Adapter (PA-A3) is required. Therefore, the set-clp-transmit action is not supported on any platform that does not support the PA-A3 adapter (such as the Cisco 2600 series router and the Cisco 3640 router). For more information, refer to the documentation for your specific router.

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

CISCO-CLASS-BASED-QOS-MIB

CISCO-CLASS-BASED-QOS-CAPABILITY-MIB

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFC 2697, A Single Rate Three Color Marker

RFC 2698, A Two Rate Three Color Marker

Prerequisites

Before configuring the Policer Enhancement — Multiple Actions feature, you should read and be familiar with the information in the following modules:

"Policing and Shaping Overview" module

"Traffic Policing" module

"Two-Rate Policer" module

On a Cisco 7500 series router, CEF or dCEF must be configured on the interface before you can use the Policer Enhancement — Multiple Actions feature. For additional information on CEF or dCEF, see the "Cisco Express Forwarding Overview" module.

To configure the Policer Enhancement — Multiple Actions feature, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface. These tasks are performed using the MQC. For about the MQC, see the "Applying QoS Features Using the MQC" module.

Configuration Tasks

See the following sections for configuration tasks for the Police Enhancement — Multiple Actions feature. Each task in the list is identified as either required or optional.

Configuring Multiple Policer Actions (required)

Verifying the Multiple Policer Actions Configuration (optional)

Configuring Multiple Policer Actions

To configure multiple policer actions, use the following commands beginning in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)# policy-map policy-map-name

Creates a policy map. Enters policy-map configuration mode.

Step 2 

Router(config-pmap)# class class-default

Specifies the default traffic class for a service policy. Enters policy-map class configuration mode.

Step 3 

Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst] [conform-action action [exceed-action action [violate-action action]]]

Configures traffic policing and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode.

Verifying the Multiple Policer Actions Configuration

To verify that the multiple policer actions have been configured on the interface, use the following command in EXEC or privileged EXEC mode:

Command
Purpose

Router# show policy-map interface

Displays statistics and configurations of all input and output policies attached to an interface.


Troubleshooting Tips

Check the interface type. Verify that your interface is not listed as a nonsupported interface in the "Restrictions" section of this document.

For input traffic policing on a Cisco 7500 series router, verify that CEF or dCEF is configured on the interface on which traffic policing is configured.

For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is CEF-switched or dCEF-switched. Traffic policing cannot be used on the switching path unless CEF or dCEF switching is enabled.

Monitoring and Maintaining the Multiple Policer Actions

To monitor and maintain the multiple policer actions, use the following EXEC or privileged EXEC mode commands, as needed:

Command
Purpose

Router# show policy-map

Displays all configured policy maps.

Router# show policy-map policy-map-name

Displays the user-specified policy map.

Router# show policy-map interface

Displays statistics and configurations of all input and output policies that are attached to an interface.


Configuration Examples

This section provides the following configuration examples:

Multiple Actions in a Two-Rate Policer: Example

Verifying the Multiple Policer Actions: Example

Multiple Actions in a Two-Rate Policer: Example

In the following example, a policy map called police is configured to use a two-rate policer to police traffic leaving an interface. Two rates, a committed information rate (CIR) of 1 Mbps and a peak information rate (PIR) of 2 Mbps, have been specified. 

Router(config)# policy-map police

Router(config-pmap)# class class-default

Router(config-pmap-c)# police cir 1000000 pir 2000000 

Router(config-pmap-c-police)# conform-action transmit

Router(config-pmap-c-police)# exceed-action set-prec-transmit 4

Router(config-pmap-c-police)# exceed-action set-frde

Router(config-pmap-c-police)# violate-action set-prec-transmit 2

Router(config-pmap-c-police)# violate-action set-frde-transmit 

Router(config-pmap-c-police)# end

The following actions will be performed on packets associated with the policy map called police:

All packets marked as conforming to these rates (that is, packets conforming to the CIR) will be transmitted unaltered.

All packets marked as exceeding these rates (that is, packets exceeding the CIR but not exceeding the PIR) will be assigned an IP Precedence level of 4, the DE bit will be set to 1, and then transmitted.

All packets marked as violating the rate (that is, exceeding the PIR) will be assigned an IP Precedence level of 2, the DE bit will be set to 1, and then transmitted.

Verifying the Multiple Policer Actions: Example

The following sample output of the show policy-map command displays the configuration for a service policy called police. In this service policy, multiple actions for packets marked as exceeding the specified CIR rate have been configured. For those packets, the IP Precedence level is set to 4, the DE bit is set to 1, and the packet is transmitted. Multiple actions for packets marked as violating the specified PIR rate have also been configured. For those packets, the IP Precedence level is set to 2, the DE bit is set to 1, and the packet is transmitted. 

Router# show policy-map police


  Policy Map police

    Class class-default

     police cir 1000000 bc 31250 pir 2000000 be 31250

       conform-action transmit 

       exceed-action set-prec-transmit 4

       exceed-action set-frde-transmit 

       violate-action set-prec-transmit 2

       violate-action set-frde-transmit

Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Quality of Service Solutions Command Reference at http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_book.html. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or a Cisco IOS master commands list.

police

show policy-map

show policy-map interface

CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2007 Cisco Systems, Inc. All rights reserved.