CIR or not to CIR?

Class Based Policing – With Cir without Cir Values, and general review

Class-based policing on Cisco Implementations conforms to the following two RFCs:
RFC 2697, “A Single Rate Three Color Marker”
RFC 2698, “A Two Rate Three Color Marker”

Class-based policing supports single- or dual-rate metering. Dual-rate metering allows metering of traffic based on two rates (the PIR and the CIR).

The command is router(config-pmap-c)#police avg-rate [BC [BE]] [conform-action action] [exceed-action action] [violate-action action]

HQ1(config-pmap-c)#police ?
8000-2000000000  Bits per second

avg-rate: Traffic rate in bps (8000 to 200,000,000)

HQ1(config-pmap-c)#police 9000 ?
1000-512000000  Burst bytes
bc                Conform burst
conform-action    action when rate is less than conform burst
pir               Peak Information Rate

BC: normal burst sets the size in bytes, the Ā  Default is 1500 bytes, or CIR / 32, whichever is higher

and HQ1(config-pmap-c)#police 9000 1500 ?
<1000-512000000>  Burst bytes
be                Excess burst
conform-action    action when rate is less than conform burst
pir               Peak Information Rate

BE: Excess burst sets the size in bytes

Class-based policing supports also multiaction policing (Available in Cisco IOS Release 12.2(8)T
Mainly used for setting Layer 2 and Layer 3 QoS fields) and these are the available options:

transmit (default conform action)
drop (default exceed and violate action)
set-prec-transmit ip-precedence
set-dscp-transmit dscp
set-qos-transmit qos-group
set-mpls-exp-transmit mple-exp
set frde-transmit
set-clp-transmit

Lets see how to configure the policer with a cir and with no cir,

HQ1#conf ter
Enter configuration commands, one per line.  End with CNTL/Z.
HQ1(config)#class-map ICMP
HQ1(config-cmap)#ma proto icmp
HQ1(config-cmap)#exit
HQ1(config)#policy-map WITHCIR
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police cir 9000
HQ1(config-pmap-c-police)#exit
HQ1(config-pmap-c)#policy-map WITHOUTCIR
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police 9000
HQ1(config-pmap-c-police)#exit
HQ1(config-pmap-c)#do show run policy-map
Building configuration...

Current configuration : 108 bytes
!
policy-map WITHOUTCIR
class ICMP
police 9000
policy-map WITHCIR
class ICMP
police cir 9000
!
end

HQ1(config-pmap-c)#do show policy-map
Policy Map WITHOUTCIR
Class ICMP
police cir 9000 bc 1500
conform-action transmit
exceed-action drop

Policy Map WITHCIR
Class ICMP
police cir 9000 bc 1500
conform-action transmit
exceed-action drop

The Test:

HQ1(config)#int f0/1
HQ1(config-if)#ser out WITHCIR
HQ1(config-if)#do ping  10.6.6.1 size 1400 time 0 rep 7

Type escape sequence to abort.
Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds:
.......
Success rate is 0 percent (0/7)
HQ1(config-if)#do show policy-map int f0/1
FastEthernet0/1

Service-policy output: WITHCIR

Class-map: ICMP (match-all)
7 packets, 9898 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 9000 bps, bc 1500 bytes
conformed 1 packets, 1414 bytes; actions:
transmit
exceeded 6 packets, 8484 bytes; actions:
drop
conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)
5 packets, 342 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
HQ1(config-if)#

And now with the other policy map

HQ1(config-if)#ser out WITHOUTCIR
Policy map WITHCIR is already attached
HQ1(config-if)#no ser out WITHCIR
HQ1(config-if)#ser out WITHOUTCIR
HQ1(config-if)#do show policy-map int f0/1
FastEthernet0/1

Service-policy output: WITHOUTCIR

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 9000 bps, bc 1500 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)
1 packets, 74 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

The Result:

HQ1(config-if)#do ping 10.6.6.1 size 1400 time 0 rep 7</pre>
Type escape sequence to abort.
Sending 7, 1400-byte ICMP Echos to 10.6.6.1, timeout is 0 seconds:
.......
Success rate is 0 percent (0/7)
HQ1(config-if)#do show policy-map int f0/1
FastEthernet0/1

Service-policy output: WITHOUTCIR

Class-map: ICMP (match-all)
7 packets, 9898 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 9000 bps, bc 1500 bytes
conformed 1 packets, 1414 bytes; actions:
transmit
exceeded 6 packets, 8484 bytes; actions:
drop
conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)
8 packets, 564 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
HQ1(config-if)#policy-map WITHOUT
HQ1(config-pmap)#class ICMP
HQ1(config-pmap-c)#police 9000 ?
1000-512000000    Burst bytes
bc                Conform burst
conform-action    action when rate is less than conform burst
pir               Peak Information Rate
<cr>

HQ1(config-pmap-c)#police 9000
HQ1(config-pmap-c-police)#?
QoS Class Police configuration commands:
conform-action  action when rate is less than conform burst
exceed-action   action when rate is within conform and conform + exceed burst
exit            Exit from Police configuration mode
no              Negate or set default values of a command
violate-action  action when rate is greater than conform + exceed burst

They both work in the same way!

A Networker Blog

Advertisements

3 thoughts on “CIR or not to CIR?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s