- Policing and Shaping Overview
- Distribution of Remaining Bandwidth Using Ratio
- QoS Percentage-Based Shaping
- Ethernet Overhead Accounting
- MQC Traffic Shaping Overhead Accounting for ATM
- PPP Session Queueing on ATM VCs
- Traffic Policing
- Policer Enhancement - Multiple Actions
- Control Plane Policing
- Class-Based Policing
- QoS Percentage-Based Policing
- Two-Rate Policer
Two-Rate Policer
This module describes the Two-Rate Policer feature and explains how to configure it.
History for the Two-Rate Policer Feature
| Release |
Modification |
|---|---|
| Cisco IOS XE Release 2.1 |
This feature was implemented on Cisco ASR 1000 Series Routers. |
Finding Support Information for Cisco IOS XE Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE Software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn . An account on Cisco.com is not required.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Overview
Networks police traffic by limiting the input or output transmission rate of a class of traffic based on user-defined criteria. Policing traffic allows you to control the maximum rate of traffic sent or received on an interface and to partition a network into multiple priority levels or class of service (CoS).
The Two-Rate Policer performs the following functions:
- Limits the input or output transmission rate of a class of traffic based on user-defined criteria.
- Marks packets by setting the IP precedence value, IP differentiated services code point (DSCP) value, Multiprotocol Label Switching (MPLS) experimental value, Quality of Service (QoS) group, ATM Cell Loss Priority (CLP) bit, and the Frame Relay Discard Eligibility (DE) bit.
With the Two-Rate Policer, you can enforce traffic policing according to two separate rates--committed information rate (CIR) and peak information rate (PIR). You can specify the use of these two rates, along with their corresponding values, by using two keywords, cir and pir, of the police command.
The Two-Rate Policer manages the maximum rate of traffic through a token bucket algorithm. The token bucket algorithm can use the user-configured values to determine the maximum rate of traffic allowed on an interface at a given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface (depending on the location of the interface on which the Two-Rate Policer is configured) and is useful in managing network bandwidth in cases where several large packets are sent in the same traffic stream.
Three Policing Actions
The token bucket algorithm provides users with three actions for each packet: a conform action, an exceed action, and a violate action. Traffic entering the interface with Two-Rate Policer configured is placed in to one of these categories. Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be sent, packets that exceed can be configured to be sent with a decreased priority, and packets that violate can be configured to be dropped.
The Two-Rate Policer is often configured on interfaces at the edge of a network to limit the rate of traffic entering or leaving the network. In the most common configurations, traffic that conforms is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these configuration options to suit their network needs.
 Note |
Additionally, the Two-Rate Policer enables you to implement Differentiated Services (DiffServ) Assured Forwarding (AF) Per-Hop Behavior (PHB) traffic conditioning. |
Replenishment Functionality
The conforming bucket is replenished at the CIR and the exceeding bucket is replenished at the PIR. The PIR must be greater than the CIR.
When a packet arrives, the system checks to see if there are enough tokens in the conforming and the exceeding bucket to cover that packet. If there are enough tokens in both buckets, the conforming action is taken and the amount of tokens required to transmit a conforming packet is removed from both the conforming and exceeding buckets.
If the conforming bucket does not contain enough tokens to cover the packet, but the exceeding bucket does contain enough tokens, the exceeding action is taken. In this case, the system removes the appropriate number of tokens from the exceeding bucket only.
If there are not enough tokens in the exceeding bucket to cover the packet, the violating action is taken.
Benefits of Two-Rate Policing
Bandwidth Management Through Rate Limiting
This feature provides improved bandwidth management through rate limiting. Before this feature was available, you could police traffic with the single-rate Traffic Policing feature. The Traffic Policing feature provided a certain amount of bandwidth management by allowing you to set the peak burst size (be). The Two-Rate Policer supports a higher level of bandwidth management and supports a sustained excess rate. With the Two-Rate Policer, you can enforce traffic policing according to two separate rates--CIR and PIR--specified in bits per second (bps).
Packet Marking Through the Precedence, the DSCP Value, the MPLS Experimental Value, and the QoS Group Setting
In addition to rate-limiting, the Two-Rate Policer allows you to independently mark the packet according to whether the packet conforms, exceeds, or violates a specified rate. Packet marking also allows you to partition your network into multiple priority levels or classes of service (CoS).
- Use the Two-Rate Policer to set the IP precedence value, the IP DSCP value, or the MPLS experimental value for packets that enter the network. Then networking devices within your network can use the this setting to determine how the traffic should be treated. For example, the Weighted Random Early Detection (WRED) feature uses the IP precedence value to determine the probability that a packet will be dropped.
- Use the Two-Rate Policer to assign packets to a QoS group. The router uses the QoS group to determine how to prioritize packets within the router.
If you want to mark traffic but do not want to use the Two-Rate Policer, see the "Marking Network Traffic" module.
Packet Marking for Frame Relay Frames
The Two-Rate Policer allows users to mark the Frame Relay DE bit of the Frame Relay frame. The Frame Relay DE bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, frames that have the DE bit set to 1 are discarded before frames that have the DE bit set to 0.
Packet Marking for ATM Cells
The Two-Rate Policer allows users to mark the ATM CLP bit in ATM cells. The ATM CLP bit is used to prioritize packets in ATM networks. The ATM CLP bit is one bit and, therefore, can be set to either 0 or 1. In congested environments, cells that have the ATM CLP bit set to 1 are discarded before cells that have the ATM CLP bit set to 0.
Restrictions for Two-Rate Policing
The following restrictions apply to the Two-Rate Policer:
- Two-rate policing can be configured on an interface, a subinterface, a Frame Relay data-link connection identifier (DLCI), and an ATM permanent virtual circuit (PVC).
- Two-rate policing is not supported on EtherChannel or tunnel interfaces.
Prerequisites for Two-Rate Traffic Policing
To configure the Two-Rate Policer, a traffic class and a service policy must be created, and the service policy must be attached to a specified interface.
Configuration Tasks
See the following sections for configuration tasks for the Two-Rate Policer feature.
Configuring the Two-Rate Policer
| Command |
Purpose |
|---|---|
Router(config-pmap-c)# police cir cir [bcconform-burst ] pir pir [bepeak-burst ] [conform-action action [exceed-action action [violate-action action]]] |
Specifies that both the CIR and the PIR are to be used for two-rate traffic policing, and specifies multiple actions applied to packets marked as conforming to, exceeding, or violating a specific rate. Use one line per action that you want to specify. Enters policy-map class police configuration mode. The bc and be keywords and their associated arguments (conform-burst and peak-burst , respectively) are optional. |
Although not required for configuring the Two-Rate Policer, the command syntax of the police command also allows you to specify the action to be taken on a packet when you enable an optional action argument. The resulting action corresponding to the keyword choices are listed in Table 1 .
| Table 1 | police Command Action Keywords |
| Keyword |
Resulting Action |
|---|---|
| drop |
Drops the packet. |
| set-clp-transmit |
Sets the ATM CLP bit from 0 to 1 on the ATM cell and sends the packet with the ATM CLP bit set to 1. |
| set-dscp-transmit new-dscp |
Sets the IP DSCP value and sends the packet with the new IP DSCP value setting. |
| set-frde-transmit |
Sets the Frame Relay DE bit from 0 to 1 on the Frame Relay frame and sends the packet with the DE bit set to 1. |
| set-mpls-exp-transmit |
Sets the MPLS experimental bits from 0 to 7 and sends the packet with the new MPLS experimental bit value setting. |
| set-prec-transmit new-prec |
Sets the IP precedence and sends the packet with the new IP precedence value setting. |
| set-qos-transmit new-qos |
Sets the QoS group value and sends the packet with the new QoS group value setting. |
| transmit |
Sends the packet with no alteration. |
Verifying the Two-Rate Policer Configuration
| Command |
Purpose |
|---|---|
Router# show policy-map interface |
Displays statistics and configurations of all input and output policies attached to an interface. |
Troubleshooting Tips
Monitoring and Maintaining the Two-Rate Policer
| Command |
Purpose |
|---|---|
Router#
show policy-map |
Displays all configured policy maps. |
Router# show policy-mappolicy-map-name
|
Displays the user-specified policy map. |
Router#
show policy-map interface |
Displays statistics and configurations of all input and output policies that are attached to an interface. |
Configuration Examples
This section provides the following configuration example:
Example Limiting the Traffic Using a Policer Class
In this example, the Two-Rate Policer is configured on a class to limit traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps.
Router(config)# class-map police Router(config-cmap)# match access-group 101 Router(config-cmap)# policy-map policy1 Router(config-pmap)# class police Router(config-pmap-c)# police cir 500000 bc 10000 pir 1000000 be 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop Router(config)# interface serial3/0/0 Router(config-if)# service-policy output policy1 Router(config-if)# end Router# show policy-map policy1 Policy Map policy1 Class police police cir 500000 conform-burst 10000 pir 1000000 peak-burst 10000 conform-action transmit exceed-action set-prec-transmit 2 violate-action drop
Traffic marked as conforming to the average committed rate (500 kbps) will be sent as is. Traffic marked as exceeding 500 kbps, but not exceeding 1 Mbps, will be marked with IP Precedence 2 and then sent. All traffic exceeding 1 Mbps will be dropped. The burst parameters are set to 10,000 bytes.
In the following example, 1.25 Mbps of traffic is sent ("offered") to a policer class.
Router# show policy-map interface serial3/0/0
Serial3/0/0
Service-policy output: policy1
Class-map: police (match all)
148803 packets, 36605538 bytes
30 second offered rate 1249000 bps, drop rate 249000 bps
Match: access-group 101
police:
cir 500000 bps, conform-burst 10000, pir 1000000, peak-burst 100000
conformed 59538 packets, 14646348 bytes; action: transmit
exceeded 59538 packets, 14646348 bytes; action: set-prec-transmit 2
violated 29731 packets, 7313826 bytes; action: drop
conformed 499000 bps, exceed 500000 bps violate 249000 bps
Class-map: class-default (match-any)
19 packets, 1990 bytes
30 seconds offered rate 0 bps, drop rate 0 bps
Match: any
The Two-Rate Policer marks 500 kbps of traffic as conforming, 500 kbps of traffic as exceeding, and 250 kbps of traffic as violating the specified rate. Packets marked as conforming will be sent as is, and packets marked as exceeding will be marked with IP Precedence 2 and then sent. Packets marked as violating the specified rate are dropped.
Additional References
Related Documents
Standards
| Standard |
Title |
|---|---|
| None |
-- |
MIBs
| MIB |
MIBs Link |
|---|---|
| To locate and download MIBs for selected platforms, Cisco IOS XE Software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
| RFC |
Title |
|---|---|
| RFC 2698 |
A Two Rate Three Color Marker |
Technical Assistance
| Description |
Link |
|---|---|
| The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Feedback