CIR or not to CIR?
Class Based Policing – With Cir without Cir Values, and general review
Class-based policing on Cisco Implementations conforms to the following two RFCs:
RFC 2697, “A Single Rate Three Color Marker”
RFC 2698, “A Two Rate Three Color Marker”
Class-based policing supports single- or dual-rate metering. Dual-rate metering allows metering of traffic based on two rates (the PIR and the CIR).
The command is router(config-pmap-c)#police avg-rate [BC [BE]] [conform-action action] [exceed-action action] [violate-action action]
HQ1(config-pmap-c)#police ? 8000-2000000000 Bits per second
avg-rate: Traffic rate in bps (8000 to 200,000,000)
HQ1(config-pmap-c)#police 9000 ? 1000-512000000 Burst bytes bc Conform burst conform-action action when rate is less than conform burst pir Peak Information Rate
BC: normal burst sets the size in bytes, the Default is 1500 bytes, or CIR / 32, whichever is higher
and HQ1(config-pmap-c)#police 9000 1500 ? <1000-512000000> Burst bytes be Excess burst conform-action action when rate is less than conform burst pir Peak Information Rate
BE: Excess burst sets the size in bytes
Class-based policing supports also multiaction policing (Available in Cisco IOS Release 12.2(8)T
Mainly used for setting Layer 2 and Layer 3 QoS fields) and these are the available options:
transmit (default conform action) drop (default exceed and violate action) set-prec-transmit ip-precedence set-dscp-transmit dscp set-qos-transmit qos-group set-mpls-exp-transmit mple-exp set frde-transmit set-clp-transmit
Lets see how to configure the policer with a cir and with no cir,
HQ1#conf ter Enter configuration commands, one per line. End with CNTL/Z. HQ1(config)#class-map ICMP HQ1(config-cmap)#ma proto icmp HQ1(config-cmap)#exit HQ1(config)#policy-map WITHCIR HQ1(config-pmap)#class ICMP HQ1(config-pmap-c)#police cir 9000 HQ1(config-pmap-c-police)#exit HQ1(config-pmap-c)#policy-map WITHOUTCIR HQ1(config-pmap)#class ICMP HQ1(config-pmap-c)#police 9000 HQ1(config-pmap-c-police)#exit HQ1(config-pmap-c)#do show run policy-map Building configuration... Current configuration : 108 bytes ! policy-map WITHOUTCIR class ICMP police 9000 policy-map WITHCIR class ICMP police cir 9000 ! end HQ1(config-pmap-c)#do show policy-map Policy Map WITHOUTCIR Class ICMP police cir 9000 bc 1500 conform-action transmit exceed-action drop Policy Map WITHCIR Class ICMP police cir 9000 bc 1500 conform-action transmit exceed-action drop
The Test:
HQ1(config)#int f0/1 HQ1(config-if)#ser out WITHCIR HQ1(config-if)#do ping 10.6.6.1 size 1400 time 0 rep 7 Type escape sequence to abort. Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds: ....... Success rate is 0 percent (0/7)
HQ1(config-if)#do show policy-map int f0/1 FastEthernet0/1 Service-policy output: WITHCIR Class-map: ICMP (match-all) 7 packets, 9898 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol icmp police: cir 9000 bps, bc 1500 bytes conformed 1 packets, 1414 bytes; actions: transmit exceeded 6 packets, 8484 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 5 packets, 342 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any HQ1(config-if)#
And now with the other policy map
HQ1(config-if)#ser out WITHOUTCIR Policy map WITHCIR is already attached HQ1(config-if)#no ser out WITHCIR HQ1(config-if)#ser out WITHOUTCIR HQ1(config-if)#do show policy-map int f0/1 FastEthernet0/1 Service-policy output: WITHOUTCIR Class-map: ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol icmp police: cir 9000 bps, bc 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 1 packets, 74 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any
The Result:
HQ1(config-if)#do ping 10.6.6.1 size 1400 time 0 rep 7</pre> Type escape sequence to abort. Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds: ....... Success rate is 0 percent (0/7) HQ1(config-if)#do show policy-map int f0/1 FastEthernet0/1 Service-policy output: WITHOUTCIR Class-map: ICMP (match-all) 7 packets, 9898 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol icmp police: cir 9000 bps, bc 1500 bytes conformed 1 packets, 1414 bytes; actions: transmit exceeded 6 packets, 8484 bytes; actions: drop conformed 0 bps, exceed 0 bps Class-map: class-default (match-any) 8 packets, 564 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any HQ1(config-if)#policy-map WITHOUT HQ1(config-pmap)#class ICMP HQ1(config-pmap-c)#police 9000 ? 1000-512000000 Burst bytes bc Conform burst conform-action action when rate is less than conform burst pir Peak Information Rate <cr> HQ1(config-pmap-c)#police 9000 HQ1(config-pmap-c-police)#? QoS Class Police configuration commands: conform-action action when rate is less than conform burst exceed-action action when rate is within conform and conform + exceed burst exit Exit from Police configuration mode no Negate or set default values of a command violate-action action when rate is greater than conform + exceed burst
They both work in the same way!
Advertisement
What is your advice .. CIR or no CIR
awesome! you did a great job. IOS confusion.