Class-based Policing

CB-WFQ bandwidth statements guarantee a minimum amount of bandwidth resources to an application class. If a traffic class is to be limited to a maximum amount of bandwidth, policing or shaping is used to limit the application class. Policing and shaping are very different in their approach to limiting bandwidth. The differences of these two limiting technologies include the following: • Policing technology can be performed on routers or switches, while shaping is only supported on routers. • Policing technology is supported on router ingress (input) and egress (output) interfaces, while shaping is only supported on router egress. • Policing technology is capable of marking, while shaping does not support marking. • Policing drops out of profile packets, while shaping buffers packets exceeding the output interface. The police command is one of the most confusing commands used in the MQC because of the myriad of options following the police command. We will first take a look at the single rate – three color marker (SRTCM) option that has been in Cisco router IOS for a long time as the interface level rate-limit command, before the release of the modular QoS CLI. The policing command syntax is as follows: • Police 1000000 1500 conform-action transmit exceed-action drop This command polices traffic to 1Mbps (configured in kbps), while allowing a committed burst (Bc) of up to 1500 bytes. Bc can be converted to kbps to figure out the exact amount of bursting which will be allowed by the policy over time: 1500 bytes * 8 bits/byte = 12000bps (12kbps). All traffic within the rate of 1Mbps + 12kbps takes the conforming condition which is configured to transmit the packet with the existing marking (if present). Any traffic above 1Mbps + Bc is considered to be exceeding the policy and dropped. The following command uses the SRTCM, with some additional configuration: • Police 1000000 1500 1500 conform-action transmit exceed-action set-dscp-transmit cs1 violate-action drop This policing statement is near identical to the last policing statement, but exceeding traffic is being written (marked) down into the scavenger class (class selector 1). Exceeding traffic in the SRTCM model can only use Bc (excess burst) which is configured to be 1500 bytes (12kbps) similar to the Bc. This policy has added 12kbps of additional burst, but all traffic above the additional 12kbps is dropped by the violate condition. Notice that we did not need to configure a Be in the first policy because the exceed action was configured to drop the packet. If Bc is not explicitly configured, it will default to CIR / 32 or 1500 bytes (whichever value is higher). CIR/32 is normally much higher than 1500 bytes, but 1500 bytes becomes 9000 bytes if the MTU size of the interface is using Ethernet jumbo frames. Be will always default to Bc (or 1500 bytes) unless configured otherwise. The previous policy following result in a Bc and Be of 31,250bytes (250kbps) if Bc and Be were not explicitly configured to be 1500 bytes. Now that you’re familiar with the SRTCM model, we can proceed onto a different policing approach called the two rate – three color marker (TRTCM). In the TRTCM, both a CIR (committed information rate) and PIR (peak information rate) can be configured. The PIR addition is very important to metropolitan Ethernet service providers which connect customers with Fast Ethernet (100Mbps) or Gigabit Ethernet (1000Mbps). Service providers sell services to customers in which the customer can buy bandwidth in increments of 1Mbps. In the following example, we will investigate an example where a customer has purchased a Metro E Fast Ethernet handoff with a CIR of 5Mbps and a PIR of 20Mbps. Traffic up to 5Mbps (+Bc) is guaranteed and transmitted as marked, but traffic above 5Mbps (+Be) is marked down to CS1 (scavenger class). Although these types of bursting services are rare with Metro E providers, the two rate mechanism allows wide bandwidth ranges between the conform and exceed action, while the single rate model did not. • Police cir 5000000 pir 20000000 conform-action transmit exceed-action set-dscp-transmit cs1 violate-action drop The default Bc of this policy will allow the traffic to burst over 5Mbps without having their traffic marked down to CS1. The Bc of CIR/32 results in 156,250bytes or 1.25Mbps. Traffic above CIR + Bc (6.25Mbps) will be marked down to CS1 until the PIR + Be threshold has been reached. Traffic over CIR + Bc, but under PIR + Be (21.25Mbps) will be marked down into the scavenger class. Traffic over 21.25Mbps will be dropped. The next and last policing option we will talk about is the percent option. Using the previous example, we will re-configure the policy using the percent keyword. The percent keyword allocates a percentage of the interface bandwidth in which the policy is attached. • Police cir percent 5 pir percent 20 conform-action transmit exceed-action set-dscp-transmit cs1 violate-action drop The next blog will investigate the shaping options in the MQC. Feel free to ask questions. REFERENCES Cisco QoS www.cisco.com/go/qos