Two-Rate Policer

This module describes the Two-Rate Policer feature and explains how to configure it.

History for the Two-Rate Policer Feature

Release

Modification

Cisco IOS XE Release 2.1

This feature was implemented on Cisco ASR 1000 Series Routers.

Finding Support Information for Cisco IOS XE Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE Software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn . An account on Cisco.com is not required.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Feature Overview

When configured, an ATM switch at the network side of a user-to-network (UNI) interface polices the flow of cells in the forward (into the network) direction of a virtual connection. These traffic policing mechanisms are known as usage parameter control (UPC). With UPC, the switch determines whether received cells comply with the negotiated traffic management values and takes one of the following actions on violating cells:

  • Pass the cell without changing the cell loss priority (CLP) bit in the cell header.

  • Tag the cell with a CLP bit value of 1.

  • Drop (discard) the cell.

The SVC/SoftPVC feature enables you to specify which traffic to police, based on service category, on switched virtual circuits (SVCs) or terminating VCs on the destination end of a soft VC.

Benefits

Bandwidth Management Through Rate Limiting

Traffic policing allows you to control the maximum rate of traffic transmitted or received on an interface. Traffic policing is often configured on interfaces at the edge of a network to limit traffic into or out of the network. In most Traffic Policing configurations, traffic that falls within the rate parameters is transmitted, whereas traffic that exceeds the parameters is dropped or transmitted with a different priority.

Packet Marking

Packet marking allows you to partition your network into multiple priority levels or classes of service (CoS). A packet is marked and these markings can be used to identify and classify traffic for downstream devices. In some cases, such as ATM Cell Loss Priority (CLP) marking or Frame Relay Discard Eligibility (DE) marking, the marking is used to classify traffic.

  • Use traffic policing to set the IP precedence or DSCP values for packets entering the network. Networking devices within your network can then use the adjusted IP precedence values to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence values to determine the probability that a packet will be dropped.

  • Use traffic policing to assign packets to a QoS group. The router uses the QoS group to determine how to prioritize packets within the router.

Traffic can be marked without using the Traffic Policing feature. If you want to mark traffic but do not want to use Traffic Policing, see the "Marking Network Traffic" module.

Packet Prioritization for Frame Relay Frames

The Traffic Policing feature allows users to mark the Frame Relay DE bit of the Frame Relay frame. The Frame Relay DE bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, frames with the DE bit set to 1 are discarded before frames with the DE bit set to 0.

Packet Prioritization for ATM Cells

The Traffic Policing feature allows users to mark the ATM CLP bit in ATM cells. The ATM CLP bit is used to prioritize packets in ATM networks. The ATM CLP bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, cells with the ATM CLP bit set to 1 are discarded before cells with the ATM CLP bit set to 0.

Restrictions for Two-Rate Policing

The following restrictions apply to the Two-Rate Policer:

  • Two-rate policing can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC).

  • Two-rate policing is not supported on EtherChannel or tunnel interfaces.

Prerequisites for Two-Rate Traffic Policing

To configure the Two-Rate Policer, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface.

Configuration Tasks

See the following sections for configuration tasks for the Two-Rate Policer feature.

Configuring the Two-Rate Policer

Command

Purpose

 
Router(config-pmap-c)# 
police cir 
cir [bcconform-burst
] pir pir
 
[bepeak-burst
] 
[conform-action action 
[exceed-action action 
[violate-action  action]]]


            



              

Specifies that both the CIR and the PIR are to be used for two-rate traffic policing, and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode.


              

The bc and be keywords and their associated arguments (conform-burst
 and peak-burst
, respectively) are optional.


            		









Although not required for configuring the Two-Rate Policer, the command syntax of the police command also allows you to specify the action to be taken on a packet when you enable an optional action
 argument. The resulting action corresponding to the keyword choices are listed in 
Table 1
.



Table 1 police Command Action Keywords 

              

Keyword


            		

              

Resulting Action


            		





              

                
                  drop
                
              


            		

              

Drops the packet.


            		




              

                
                  set-clp-transmit
                
              


            		

              

Sets the ATM CLP bit from 0 to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1.


            		




              

                
                  set-dscp-transmit
                
                new-dscp
              


            		

              

Sets the IP DSCP value and sends the packet with the new IP DSCP value setting.


            		




              

                
                  set-frde-transmit
                
              


            		

              

Sets the Frame Relay DE bit from 0 to 1 on the Frame Relay frame and sends the packet with the DE bit set to 1.


            		




              

                
                  set-mpls-exp-transmit
                
              


            		

              

Sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting.


            		




              

                
                  set-prec-transmit
                
                new-prec
              


            		

              

Sets the IP precedence and sends the packet with the new IP precedence value setting.


            		




              

                
                  set-qos-transmit
                
                new-qos
              


            		

              

Sets the QoS group value and sends the packet with the new QoS group value setting.


            		




              

                
                  transmit
                
              


            		

              

Sends the packet with no alteration.


            		












Verifying the Two-Rate Policer Configuration





              

Command


            		

              

Purpose


            		





              
Router#
 
show  policy-map interface


            



              

Displays statistics and configurations of all input and output policies attached to an interface.


            		












Troubleshooting Tips








Monitoring and Maintaining the Two-Rate Policer





              

Command


            		

              

Purpose


            		





              
Router# 
show  policy-map


            



              

Displays all configured policy maps.


            		




              
Router# show  policy-map policy-map-name


            



              

Displays the user-specified policy map.


            		




              
Router# 
show  policy-map interface


            



              

Displays statistics and configurations of all input and output policies that are attached to an interface.


            		












Configuration Examples


 
	 




Example  Limiting the Traffic Using a Policer Class



      

In this example, the Two-Rate Policer is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps. 


      
Router(config)# class-map police
Router(config-cmap)# match access-group 101
Router(config-cmap)# policy-map policy1
Router(config-pmap)# class police
Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action
 transmit exceed-action set-prec-transmit 2 violate-action drop
Router(config)# interface serial3/0/0
Router(config-if)# service-policy output policy1
Router(config-if)# end
Router# show policy-map policy1
 Policy Map policy1
  Class police
   police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop



      

Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10,000 bytes. 


      

In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer
 class.


      
Router# show policy-map interface serial3/0/0
 Serial3/0/0
  Service-policy output: policy1
   Class-map: police (match all)
    148803 packets, 36605538 bytes
    30 second offered rate 1249000 bps, drop rate 249000 bps
    Match: access-group 101
    police:
     cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
     conformed 59538 packets, 14646348 bytes; action: transmit
     exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2
     violated 29731 packets, 7313826 bytes; action: drop
     conformed 499000 bps, exceed 500000 bps violate 249000 bps
   Class-map: class-default (match-any)
    19 packets, 1990 bytes
    30 seconds offered rate 0 bps, drop rate 0 bps
    Match: any



      

The Two-Rate Policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is, and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as violating the specified rate are dropped.


    








Additional References


 
	 


Related Documents
 
		 
		

 
					 
 Related Topic
					 

 
				  		
 
					 
 Document Title
					 

 
				  		




 
					 
 QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples
					 

 
				  		
 
					 
Cisco IOS Quality of Service Solutions Command Reference 
					 

 
				  		



 
					 
 Token bucket mechanisms
					 

 
				  		
 
					 
 "Policing and Shaping Overview" module
					 

 
				  		



 
					 
 MQC
					 

 
				  		
 
					 
 "Applying QoS Features Using the MQC" module 
					 

 
				  		



 
					 
 QoS features such traffic marking, and traffic policing
					 

 
				  		

 
					 
  •  "Marking Network Traffic" module
						
    

    • 

  •  "Traffic Policing" module 
						
    

    • 


 
				  









 
	 


Standards
 
		 
		

 
					 
 Standard
					 

 
				  		
 
					 
 Title
					 

 
				  		




 
					 
 None
					 

 
				  		
 
					 
 --
					 

 
				  		







 
	 


MIBs
 
		 
		

 
					 
 MIB
					 

 
				  		
 
					 
 MIBs Link
					 

 
				  		




 
					 
  •  CISCO-CLASS-BASED-QOS-MIB 
						
    

    • 

  •  CISCO-CLASS-BASED-QOS-CAPABILITY-MIB 
						
    

    • 


 
				  


 
					 
 To locate and download MIBs for selected platforms, Cisco IOS XE Software releases, and feature sets, use Cisco MIB Locator found at the following URL:
					 

 
					 
 
						http:/​/​www.cisco.com/​go/​mibs 
					 

 
				  		







 
	 


RFCs
 
		 
		

 
					 
 RFC
					 

 
				  		
 
					 
 Title
					 

 
				  		




 
					 
 RFC 2698
					 

 
				  		
 
					 
 
						A Two Rate Three Color Marker 
					 

 
				  		







 
	 


Technical Assistance
 
		 
		

 
					 
 Description
					 

 
				  		
 
					 
 Link
					 

 
				  		




 
					 
 The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. 
					 

 
				  		
 
					 
 
						http:/​/​www.cisco.com/​cisco/​web/​support/​index.html 
					 

 
				  		







 Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at 
		www.cisco.com/​go/​trademarks . Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) 
	 






Feature Information for Two-Rate Policer



			
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. 

 Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required. 


 
		
 
		

 
		

Table 2 Feature Information for Two-Rate Policer 
 
				  
 Feature Name 
				  

 
						
 
				  
 Releases 
				  

 
						
 
				  
 Feature Information 
				  

 
						




 
				  
 Two-Rate Policer 
				  

 
						
 
				  
 12.2(4)T 
				  

 
				  
 12.2(4)T3 
				  

 
				  
 12.0(26)S 
				  

 
				  
 12.2(28)SB 
				  

 
				  
 12.2(33)SRA 
				  

 
				  
 12.2(33)SXH 
				  


				  
Cisco IOS XE Release 2.1 
				  

 
				  
 Cisco IOS XE 3.1.0 SG 
				  


						
 
				  
 This feature was introduced. 
				  

 
				  
 Support for the Cisco 7500 series routers was added. 
				  

 
				  
 This feature was integrated into Cisco IOS Release 12.0(26)S for the Cisco 7200 and 7500 series routers. 
				  

 
				  
 This feature was integrated into Cisco IOS Release 12.2(28)SB. 
				  

 
				  
 This feature was integrated into Cisco IOS Release 12.2(33)SRA. 
				  

 
				  
 This feature was integrated into Cisco IOS Release 12.2(33)SXH. 
				  


				  
This feature was implemented on Cisco ASR 1000 Series Routers. 
				  

 
				  
 This feature was integrated into Cisco IOS XE 3.1.0 SG.