To configure traffic
policing and enter policy map police configuration mode, use the
police
rate
command in policy map class configuration mode. To remove
traffic policing from the configuration, use the
no form of
this command.
police rate {value [units] | percent percentage | per-thousand value | per-million value} [burst burst-size [burst-units] ] [peak-rate {value [units] | percent percentage}] [peak-burst peak-burst [burst-units] ]
no police rate {value [units] | percent percentage | per-thousand value | per-million value} [burst burst-size [burst-units] ] [peak-rate {value [units] | percent percentage}] [peak-burst peak-burst [burst-units] ]
Syntax Description
value
|
Committed
information rate (CIR). Range is from 1 to 4294967295.
|
units
|
(Optional)
Unit of measurement for the CIR. Values can be:
-
bps
—bits per second (default)
-
gbps
—gigabits per second
-
kbps
—kilobits per second
-
mbps
—megabits per second
-
pps
—packets per second
Note
|
QOS offload on satellite feature does not
support
pps
unit.
|
|
percent
percentage
|
Specifies
the police rate as a percentage of the CIR. Range is from 1 to 100. See the
Usage Guidelines for information on how to use this keyword.
|
per-thousand
value
|
Specifies
the committed information rate in per thousand of the link bandwidth.
|
per-million
value
|
Specifies
the committed information rate in per million of the link bandwidth.
|
burst
burst-size
|
(Optional)
Specifies the burst size (in the specified
burst-units
). Range is from 1 to 4294967295.
|
burst-units
|
(Optional)
Unit of measurement for the burst values. Values can be:
-
bytes
—bytes (default)
-
gbytes
—gigabytes
-
kbytes
—kilobytes
-
mbytes
—megabytes
-
ms
—milliseconds
-
us
—microseconds
-
packets
—packets
|
peak-rate
value
|
(Optional)
Specifies the Peak Information Rate (PIR) in the specified
units . Range is from 1 to 4294967295.
|
peak-burst
peak-burst
|
(Optional)
Specifies the peak burst size in the specified
burst-units .
The range is from 1 to 4294967295.
|
Command Default
No restrictions on
the flow of data are applied to any interface.
Command Modes
Policy map class configuration
Command History
Release
|
Modification
|
Release 3.7.2
|
This
command was introduced.
|
Release 4.0.1
|
The
pps
and
packets
keywords were added.
|
Usage Guidelines
The
police rate
can set the DSCP, the precedence, or the discard class for IP packets, and
experimental and discard-class values for MPLS packets.
Policing can be
applied in both ingress and egress directions.
The parameters set
by the action keywords are rounded by the hardware. To check the actual values
programmed in the hardware use the
show qos
interface
command.
For
police rate
commands, interpret the
percent
keyword in this way:
-
For a
one-level policy, the
percent
keyword specifies the CIR as a percentage of the link rate. For example, the
command
police rate percent
35 configures the CIR as 35% of the link rate.
-
For a
two-level policy, in the parent policy, the
percent
keyword specifies the parent CIR as a percentage of the link rate. In the child
policy, the percent keyword specifies the child CIR as a percentage of the
maximum policing or shaping rate of the parent. If traffic policing or shaping
is not configured on the parent, the parent inherits the interface policing or
shaping rate.
Hierarchical
policing is also supported. In such a configuration, both parent and child
policies have class-maps containing policing statements, as in this example:
!
policy-map child
class gold
police rate percent 50
conform-action set precedence immediate
exceed-action drop
!
!
policy-map parent
class match_all
police rate 10000 kbps burst 15000
exceed-action drop
service-policy child
!
The router supports
hierarchical ingress policing, which consists of a two-level hierarchical
policy-map. The two levels are:
- Parent level: Consists of a
class-default or match-vlan class (in nCmD model) only and has policing with
only transmit/drop actions.
- Child level: Consists of a
flat policy that can be configured with any action other than the queuing
action. This level does not contain configurations that require a continuous
bit support.
You can police the ingress
interface while applying different classification submodels on the ingress
interfaces. The order of the actions within the hierarchical policy-map is from
child to parent as specified by the Modular Quality of Service command-line
interface (MQC). This is with the exception of the queuing action (shape),
which is executed after any police/set actions. If a police action is
configured in a child policy, the child police action is executed before the
parent police action.
The police action is
invoked with only transmit/drop actions under the conform-action and
exceed-action options specified for class-default traffic.
This example explains a
hierarchical policer configuration:
!
policy-map parent
class class-default
service-policy child
police rate percent 50
conform-action transmit
exceed-action drop
!
Note
|
If you use conform-action drop in the class default of the input qos policy, then it can lead to dropping of DHCP packets.
Therefore, there should be a separate class for DHCP packets. You can use the following ACL configuration in the class-map:
|
ipv4 access-list test-ipv4
10 permit udp any host 255.255.255.255 eq bootps
!
Note
|
Configured
values take into account the Layer 2 encapsulation applied to traffic. This
applies to both ingress and egress policing. For Ethernet transmission, the
encapsulation is considered to be 14 bytes, whereas for IEEE 802.1Q, the
encapsulation is 18 bytes.
|
The policer uses an incremental step size of 64 kbps. The
configured value is rounded down to the nearest 64 kbps. The value shown in the
output of the running-configuration shows the configured value as entered by
the user.
If the burst value is not configured, it is automatically set
to 100 msec-worth of the CIR value. For example, if a CIR value of 1,000,000
kbps is entered, the burst value is calculated to be 12,500,000 bytes. The
maximum burst value supported depends on the line card (LC) on which the QoS
policy is applied:
-
For ASR 9000
Enhanced Ethernet Line Card, the maximum allowed burst value is 4294967295.
-
For
A9K-SIP-700 Line Card, the maximum allowed burst value is 4294967295.
-
For ASR 9000
Ethernet Line Card, the maximum supported burst value is dependent on the
Policer rate and is calculated by the formula:
Maximum
supported burst value = ((16 * Policer rate in Bytes Per Second) * 67108864 ) /
(250 * 1000000))
However, if
no Policer rate is specified, the maximum supported burst value is taken as
2147483647.
When you define policers, for optimum performance use these
formulas to calculate the burst values:
Committed Burst (Bc) = CIR bps * (1 byte / 8 bits) * 1.5 seconds
Excess Burst (Be) =2 * Bc
For example, if CIR = 2,000,000 bps, the calculated burst value
is 2,000,000 * (1/8) * 1.5 = 375,000 bytes.
For more
information, see the "Committed Bursts and Excess Bursts" section in the
Modular QoS Configuration Guide for Cisco ASR 9000 Series Routers.
Note
|
- Set the peak-burst value
according to the formula peak-burst = 2 * burst.
- A police rate minimum of 8
pps and a granularity of 8 pps is supported.
|
Task ID
Task ID
|
Operations
|
qos
|
read,
write
|
Examples
In this example
for MPLS, traffic policing is configured with the average rate at 250 kbps, and
the normal burst size at 50 bytes for all packets leaving
GigabitEthernet interface
0/1/0/9:
RP/0/RSP0/CPU0:router(config)# class-map class1
RP/0/RSP0/CPU0:router(config-cmap)# match mpls experimental topmost 0
RP/0/RSP0/CPU0:router(config-cmap)# exit
RP/0/RSP0/CPU0:router(config)# policy-map policy1
RP/0/RSP0/CPU0:router(config-pmap)# class class1
RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 250 kbps burst 50
RP/0/RSP0/CPU0:router(config-pmap-c-police)#conform-action set mpls experimental topmost 4
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
RP/0/RSP0/CPU0:router(config-pmap)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/1/0/9
RP/0/RSP0/CPU0:router(config-if) service-policy input policy1
In this example, traffic policing is configured with an average
rate of 200 pps, and a normal burst size of 50 packets, for all packets in
class-map class1, leaving GigabitEthernet interface 0/1/0/9:
RP/0/RSP0/CPU0:router(config)# policy-map pps-1r2c
RP/0/RSP0/CPU0:router(config-pmap)# class class1
RP/0/RSP0/CPU0:router(config-pmap-c)# police rate 200 pps burst 50 packets
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
RP/0/RSP0/CPU0:router(config-pmap)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitethernet 0/1/0/9
RP/0/RSP0/CPU0:router(config-if) service-policy output policy1