QoS Percentage-Based Policing

Last Updated: August 14, 2011

The QoS Percentage-Based Policing feature allows you to configure traffic policing and traffic shaping on the basis of a percentage of bandwidth available on the interface. This feature also allows you to specify the committed burst (bc) size and the excess burst (be) size (used for configuring traffic policing) in milliseconds (ms). Configuring traffic policing in this manner enables you to use the same policy map for multiple interfaces with differing amounts of bandwidth.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for QoS Percentage-Based Policing

  • For input traffic policing on a Cisco 7500 series router, verify that distributed Cisco Express Forwarding (dCEF) is enabled on the interface on which traffic policing is configured.
  • For output traffic policing on a Cisco 7500 series router, ensure that the incoming traffic is dCEF-switched. Traffic policing cannot be used on the switching path unless dCEF switching is enabled.

Restrictions for QoS Percentage-Based Policing

The shape (percent) command, when used in "child" (nested) policy maps, is not supported on the Cisco 7500, the Cisco 7200, or lower series routers. Therefore, the shape (percent) command cannot be configured for use in nested policy maps on these routers.

Information About QoS Percentage-Based Policing

Benefits for QoS Percentage-Based Policing

This feature provides the ability to configure traffic policing and traffic shaping on the basis of a percentage of bandwidth available on an interface, and it allows you to specify burst sizes in milliseconds. Configuring traffic policing and traffic shaping in this manner enables you to use the same policy map for multiple interfaces with differing amounts of bandwidth. That is, you do not have to recalculate the bandwidth for each interface or configure a different policy map for each type of interface.

Defining Class and Policy Maps for QoS Percentage-Based Policing

To configure the QoS Percentage-Based Policing feature, you must define a traffic class, configure a policy map, and then attach that policy map to the appropriate interface. These three tasks can be accomplished by using the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC).

The MQC is a command-line interface that allows you to define traffic classes, create and configure traffic policies (policy maps), and then attach these traffic policies to interfaces.

In the MQC, the class-map command is used to define a traffic class (which is then associated with a traffic policy). The purpose of a traffic class is to classify traffic.

The MQC consists of the following three processes:

  • Defining a traffic class with the class-map command.
  • Creating a traffic policy by associating the traffic class with one or more QoS features (using the policy-map command).
  • Attaching the traffic policy to the interface with the service-policy command.

A traffic class contains three major elements: a name, a series of match commands, and, if more than one match command exists in the traffic class, an instruction on how to evaluate these match commands (that is, match-all or match-any). The traffic class is named in the class-map command line; for example, if you enter the class-map cisco command while configuring the traffic class in the CLI, the traffic class would be named "cisco".

The match commands are used to specify various criteria for classifying packets. Packets are checked to determine whether they match the criteria specified in the match commands. If a packet matches the specified criteria, that packet is considered a member of the class and is forwarded according to the QoS specifications set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the default traffic class.

Traffic Regulation Mechanisms and Bandwidth Percentages

Cisco IOS quality of service (QoS) offers two kinds of traffic regulation mechanisms--traffic policing and traffic shaping. A traffic policer typically drops traffic that violates a specific rate. A traffic shaper typically delays excess traffic using a buffer to hold packets and shapes the flow when the data rate to a queue is higher than expected.

Traffic shaping and traffic policing can work in tandem and can be configured in a class map. Class maps organize data packets into specific categories ("classes") that can, in turn, receive a user-defined QoS treatment when used in policy maps (sometimes referred to as "service policies").

Before this feature, traffic policing and traffic shaping were configured on the basis of a user-specified amount of bandwidth available on the interface. Policy maps were then configured on the basis of that specific amount of bandwidth, meaning that separate policy maps were required for each interface.

This feature provides the ability to configure traffic policing and traffic shaping on the basis of a percentage of bandwidth available on the interface. Configuring traffic policing and traffic shaping in this manner enables customers to use the same policy map for multiple interfaces with differing amounts of bandwidth.

Configuring traffic policing and shaping on the basis of a percentage of bandwidth is accomplished by using the police (percent) and shape (percent) commands.

Burst Size in Milliseconds Option

The purpose of the burst parameters (bc and be) is to drop packets gradually, as is done with Weighted Random Early Detection (WRED), and to avoid tail drop. Setting sufficiently high burst values helps to ensure good throughput.

This feature allows you the option of specifying the committed burst (bc) size and the extended burst (be) as milliseconds (ms) of the class bandwidth when you configure traffic policing. The number of milliseconds is used to calculate the number of bytes that will be used by the QoS Percentage-Based Policing feature.

Specifying these burst sizes in milliseconds is accomplished by using the bc and be keywords (and their associated arguments) of the police (percent) and shape (percent) commands.

How to Configure QoS Percentage-Based Policing

Configuring a Class and Policy Map for Percentage-Based Policing

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    policy-map policy-name

4.    class {class-name class-default}

5.    police cir percent percentage [burst-in-ms] [bc conform-burst-in-msec ms] [be peak-burst-in-msec ms] [ pir percent percent]

6.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
policy-map policy-name


Example:

Router(config)# policy-map policy1

 

Specifies the name of the policy map to be created. Enters policy-map configuration mode.

  • Enter the policy map name.
 
Step 4
class {class-name class-default}


Example:

Router(config-pmap)# class class1

 

Specifies the class so that you can configure or modify its policy. Enters policy-map class configuration mode.

  • Enter the class name or specify the default class (class-default).
 
Step 5
police cir percent percentage [burst-in-ms] [bc conform-burst-in-msec ms] [be peak-burst-in-msec ms] [ pir percent percent]


Example:

Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40

 

Configures traffic policing on the basis of the specified bandwidth percentage and optional burst sizes. Enters policy-map class police configuration mode.

  • Enter the bandwidth percentage and optional burst sizes.
 
Step 6
exit


Example:

Router(config-pmap-c-police)# exit

 

Exits policy-map class police configuration mode.

 

Attaching the Policy Map to an Interface for Percentage-Based Policing

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface type number

4.    pvc [name] vpi / vci [ilmi | qsaal | smds]

5.    service-policy {input| output} policy-map-name

6.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
interface type number


Example:

Router(config)# interface serial4/0

 

Configures an interface (or subinterface) type and enters interface configuration mode.

  • Enter the interface type number.
Note    Depending on the needs of your network, you may need to attach the policy map to a subinterface, an ATM PVC, a Frame Relay DLCI, or other type of interface.
 
Step 4
pvc [name] vpi / vci [ilmi | qsaal | smds]


Example:

Router(config-if)# pvc cisco 0/16 ilmi

 

(Optional) Creates or assigns a name to an ATM PVC and specifies the encapsulation type on an ATM PVC. Enters ATM VC configuration mode.

Note    This step is required only if you are attaching the policy map to an ATM PVC. If you are not attaching the policy map to an ATM PVC, skip this step and proceed with Step 5 .
 
Step 5
service-policy {input| output} policy-map-name


Example:

Router(config-if)# service-policy input policy1



Example:

 

Specifies the name of the policy map to be attached to the input or output direction of the interface.

Note    Policy maps can be configured on ingress or egress routers. They can also be attached in the input or output direction of an interface. The direction (input or output) and the router (ingress or egress) to which the policy map should be attached varies according your network configuration. When using the service-policy command to attach the policy map to an interface, be sure to choose the router and the interface direction that are appropriate for your network configuration.
  • Enter the policy map name.
 
Step 6
exit


Example:

Router(config-if)# exit

 

(Optional) Exits interface configuration mode.

 

Verifying the Percentage-Based Policing Configuration

SUMMARY STEPS

1.    enable

2.    show class-map [class-map-name]

3.    show policy-map interface interface-name

4.    exit


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
show class-map [class-map-name]


Example:

Router# show class-map class1

 

Displays all information about a class map, including the match criterion.

  • Enter class map name.
 
Step 3
show policy-map interface interface-name


Example:

Router# show policy-map interface serial4/0

 

Displays the packet statistics of all classes that are configured for all service policies either on the specified interface or subinterface or on a specific PVC on the interface.

  • Enter the interface name.
 
Step 4
exit


Example:

Router# exit

 

(Optional) Exits privileged EXEC mode.

 

Troubleshooting Tips for Percentage-Based Policing

The commands in the Verifying the Percentage-Based Policing Configuration section allow you to verify that you achieved the intended configuration and that the feature is functioning correctly. If, after using the show commands listed above, you find that the configuration is not correct or the feature is not functioning as expected, perform these operations:

If the configuration is not the one you intended, complete the following procedures:

  1. Use the show running-config command and analyze the output of the command.
  2. If the policy map does not appear in the output of the show running-config command, enable the logging console command.
  3. Attach the policy map to the interface again.

If the packets are not being matched correctly (for example, the packet counters are not incrementing correctly), complete the following procedures:

  1. Run the show policy-mapcommand and analyze the output of the command.
  2. Run the show running-config command and analyze the output of the command.
  3. Use the show policy-map interface command and analyze the output of the command. Check the the following findings:
    1. If a policy map applies queueing, and the packets are matching the correct class, but you see unexpected results, compare the number of the packets in the queue with the number of the packets matched.
    2. If the interface is congested, and only a small number of the packets are being matched, check the tuning of the transmission (tx) ring, and evaluate whether the queueing is happening on the tx ring. To do this, use the show controllers command, and look at the value of the tx count in the output of the command.

Configuration Examples for QoS Percentage-Based Policing

Specifying Traffic Policing on the Basis of a Bandwidth Percentage Example

The following example configures traffic policing using a committed information rate (CIR) and a peak information rate (PIR) on the basis of a percentage of bandwidth. In this example, a CIR of 20 percent and a PIR of 40 percent have been specified. Additionally, an optional bc value and be value (300 ms and 400 ms, respectively) have been specified.

Router> enable
Router# configure terminal
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# police cir percent 20 bc 300 ms be 400 ms pir percent 40
 
Router(config-pmap-c-police)# exit

After the policy map and class maps are configured, the policy map is attached to interface as shown in the following example.

Router> enable
Router# configure terminal
Router(config-if)#
 
interface serial4/0 
Router(config-if)#
 
service-policy input policy1
Router(config-if)# exit

Verifying the Percentage-Based Policing Configuration Example

This section contains sample output from the show policy-map interface command and the show policy-map command. The output from these commands can be used to verify and monitor the feature configuration on your network.

The following is sample output from the show policy-map command. This sample output displays the contents of a policy map called "policy1." In policy 1, traffic policing on the basis of a CIR of 20 percent has been configured, and the bc and be have been specified in milliseconds. As part of the traffic policing configuration, optional conform, exceed, and violate actions have been specified.

Router# show policy-map policy1
  Policy Map policy1
    Class class1
     police cir percent 20 bc 300 ms pir percent 40 be 400 ms
       conform-action transmit 
       exceed-action drop 
       violate-action drop 

The following is sample output from the show policy-map interface command. This sample displays the statistics for the serial 2/0 interface on which traffic policing has been enabled. The committed burst (bc) and excess burst (be) are specified in milliseconds (ms).

Router# show policy-map interface serial2/0
 Serial2/0 
  Service-policy output: policy1 (1050)
    Class-map: class1 (match-all) (1051/1)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: ip precedence 0  (1052)
      police:
          cir 20 % bc 300 ms
          cir 409500 bps, bc 15360 bytes
          pir 40 % be 400 ms
          pir 819000 bps, be 40960 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit 
        exceeded 0 packets, 0 bytes; actions:
          drop 
        violated 0 packets, 0 bytes; actions:
          drop 
        conformed 0 bps, exceed 0 bps, violate 0 bps
    Class-map: class-default (match-any) (1054/0)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any  (1055)
        0 packets, 0 bytes
        5 minute rate 0 bps

In this example, the CIR and PIR are displayed in bps, and both the committed burst (bc) and excess burst (be) are displayed in bits.

The CIR, PIR bc, and be are calculated on the basis of the formulas described below.

Formula for Calculating the CIR

When calculating the CIR, the following formula is used:

  • CIR percentage specified (as shown in the output of the show policy-mapcommand) * bandwidth (BW) of the interface (as shown in the output of the show interfaces command) = total bits per second

On serial interface 2/0, the bandwidth (BW) is 2048 kbps. To see the bandwidth of the interface, use the show interfaces command. A sample is shown below:

Router# show interfaces serial2/0
Serial2/0 is administratively down, line protocol is down 
  Hardware is M4T
  MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, rely 255/255, load 1/255 

The following values are used for calculating the CI:.

20 % * 2048 kbps = 409600 bps

Formula for Calculating the PIR

When calculating the PIR, the following formula is used:

  • PIR percentage specified (as shown in the output of the show policy-mapcommand) * bandwidth (BW) of the interface (as shown in the output of the show interfaces command) = total bits per second

On serial interface 2/0, the bandwidth (BW) is 2048 kbps. To see the bandwidth of the interface, use the show interfaces command. A sample is shown below:

Router# show interfaces serial2/0
Serial2/0 is administratively down, line protocol is down 
  Hardware is M4T
  MTU 1500 bytes, BW 2048 Kbit, DLY 20000 usec, rely 255/255, load 1/255 

The following values are used for calculating the PIR:

40 % * 2048 kbps = 819200 bps


Note


Discrepancies between this total and the total shown in the output of the show policy-map interface command can be attributed to a rounding calculation or to differences associated with the specific interface configuration.

Formula for Calculating the Committed Burst (bc)

When calculating the bc, the following formula is used:

  • The bc in milliseconds (as shown in the show policy-map command) * the CIR in bits per seconds = total number bytes

The following values are used for calculating the bc:

300 ms * 409600 bps = 15360 bytes

Formula for Calculating the Excess Burst (be)

When calculating the bc and the be, the following formula is used:

  • The be in milliseconds (as shown in the show policy-map command) * the PIR in bits per seconds = total number bytes

The following values are used for calculating the be:

400 ms * 819200 bps = 40960 bytes

Additional References

The following sections provide references related to the QoS Percentage-Based Policing feature.

Related Documents

Related Topic

Document Title

QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS Quality of Service Solutions Command Reference

Modular QoS Command-Line Interface (CLI) (MQC), including information about attaching policy maps

"Applying QoS Features Using the MQC" module

Traffic shaping and traffic policing

"Policing and Shaping Overview" module

Commands related to dCEF

Cisco IOS Switching Command Reference

Standard

Standard

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIB

MIB

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFC

Title

RFC 2697

A Single Rate Three Color Marker

RFC 2698

A Two Rate Three Color Marker

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for QoS Percentage-Based Policing

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1 Feature Information for QoS Percentage-Based Policing

Feature Name

Releases

Feature Information

QoS Percentage-Based Policing

12.2(13)T 12.0(28)S 12.2(28)SB 15.0(1)S

The QoS Percentage-Based Policing feature allows you to configure traffic policing and traffic shaping on the basis of a percentage of bandwidth available on the interface. This feature also allows you to specify the committed burst (bc) size and the excess burst (be) size (used for configuring traffic policing) in milliseconds (ms). Configuring traffic policing in this manner enables you to use the same policy map for multiple interfaces with differing amounts of bandwidth.

In Release 12.2(13)T, this feature was introduced.

In Release 12.0(28)S, the option of specifying committed (conform) burst (bc) and excess (peak) burst (be) sizes in milliseconds was added.

In Release 12.2(28)SB, this feature was integrated in Cisco IOS Release 12.2(28)SB.

In Release 15.0(1)S, this feature was integrated in Cisco IOS Release 15.0(1)S.

The following commands were introduced or modified: police (percent), shape (percent), show policy-map, show policy-map interface.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.