Configuring Shared Policers

Shared Policers

QoS applies the bandwidth limits specified in a shared policer cumulatively to all flows in the matched traffic. A shared policer applies the same policer to more than one interface simultaneously.

For example, if you configure a shared policer to allow 1 Mbps for all Trivial File Transfer Protocol (TFTP) traffic flows on VLAN 1 and VLAN 3, the device limits the TFTP traffic for all flows combined on VLAN 1 and VLAN 3 to 1 Mbps.

The following are guidelines for configuring shared policers:

  • You create named shared policers by entering the qos shared-policer command. If you create a shared policer and create a policy using that shared policer and attach the policy to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.

  • You define shared policers in a policy map class within the police command. If you attach a named shared policer to multiple ingress ports, the device polices the matched traffic from all the ingress ports to which it is attached.

  • Shared policing works independently on each module.

Guidelines and Limitations

The following are guidelines and limitations for shared policers:

  • When the shared policer is applied on interfaces or VLANs with member ports that are across different cores or instances, the rate becomes two times the configured cir rate.

Configuring Shared Policers

The shared policer feature allows you to apply the same policing parameters to several interfaces simultaneously. You create a shared policer by assigning a name to a policer, and then applying that policer to a policy map that you attach to the specified interfaces. The shared policer is also referred to as the named aggregate policer in other Cisco documentation.

To configure shared policer:

  1. Create the class map.

  2. Create a policy map.

  3. Reference the shared policer to the policy map as described in this section.

  4. Apply the service policy to the interfaces.


Note

The rates specified in the shared policer are shared by the number of interfaces to which you apply the service policy. Each interface does not have its own dedicated rate as specified in the shared policer.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# qos shared-policer [type qos] shared-policer-name [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {{conform conform-action [exceed {drop | set dscp dscp table cir-markdown-map} [violate {drop | set dscp dscp table pir-markdown-map}]]}}
  3. switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic}
  4. switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name]
  5. switch(config-pmap-c-qos)# police aggregate shared-policer-name
  6. switch(config-pmap-c-qos)# exit
  7. switch(config-pmap-qos)# exit
  8. (Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic]
  9. (Optional) switch(config)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# qos shared-policer [type qos] shared-policer-name [cir] {committed-rate [data-rate] | percent cir-link-percent} [bc committed-burst-rate [link-speed]] [pir] {peak-rate [data-rate] | percent cir-link-percent} [be peak-burst-rate [link-speed]] {{conform conform-action [exceed {drop | set dscp dscp table cir-markdown-map} [violate {drop | set dscp dscp table pir-markdown-map}]]}}

Creates or accesses the shared policer. The shared-policer-name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters. Polices cir in bits or as a percentage of the link rate. The conform action is taken if the data rate is ≤ cir. If be and pir are not specified, all other traffic takes the violate action. If be or violate are specified, the exceed action is taken if the data rate ≤ pir, and the violate action is taken otherwise.

Note

 

A 64 byte packet size is used for the case of cir pps .This results in a 64*8 pps to bps conversion.

Step 3

switch(config)# policy-map [type qos] [match-first] {qos-policy-map-name | qos-dynamic}

Creates or accesses the policy map named qos-policy-map-name , and then enters policy-map mode. The policy-map name can contain alphabetic, hyphen, or underscore characters, is case sensitive, and can be up to 40 characters.

Step 4

switch(config-pmap-qos)# class [type qos] {class-map-name | qos-dynamic | class-default} [insert-before before-class-map-name]

Creates a reference to class-map-name , and enters policy-map class configuration mode. The class is added to the end of the policy map unless insert-before is used to specify the class to insert before. Use the class-default keyword to select all traffic that is not currently matched by classes in the policy map.

Step 5

switch(config-pmap-c-qos)# police aggregate shared-policer-name

Creates a reference in the policy map to shared-policer-name .

Step 6

switch(config-pmap-c-qos)# exit

Exits policy-map class configuration mode and enters policy-map mode.

Step 7

switch(config-pmap-qos)# exit

Exits policy-map mode and enters global configuration mode.

Step 8

(Optional) switch(config)# show policy-map [type qos] [policy-map-name | qos-dynamic]

(Optional)

Displays information about all configured policy maps or a selected policy map of type qos.

Step 9

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves the running configuration to the startup configuration.

Example

This example shows how to display the test1 shared-policer configurations: 


switch# show qos shared-policer test1

Verifying the Policing Configuration

To display the policing configuration information, perform one of these tasks:

show policy-map

Displays information about policy maps and policing.

show qos shared-policer [type qos] [policer-name]

Displays information about all shared policers.

Configuration Example for Shared Policer

The following example shows how to configure policing for a shared policer: 


configure terminal
 qos shared-policer type qos udp_10mbps cir 10 mbps pir 20 mbps conform transmit exceed
set dscp dscp table cir-markdown-map violate drop
 policy-map type qos udp_policy
  class type qos udp_qos
   police aggregate udp_10mbps