RFC 2698 Implemented

http://www.ietf.org/rfc/rfc2698.txt

The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either green, yellow, or red.
A packet is marked red if it exceeds the Peak Information Rate (PIR).

Marked either yellow or green depending on whether it exceeds or doesn’t exceed the Committed Information Rate (CIR).

The Meter operates in one of two modes.

In the Color-Blind mode, the Meter assumes that the packet stream is uncolored.

In the Color-Aware mode the Meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.

Router(config-pmap-c-police)#?
QoS Class Police configuration commands:
conform-action action when rate is less than conform burst
exceed-action action when rate is within conform and conform + exceed burst
exit Exit from Police configuration mode
no Negate or set default values of a command
violate-action action when rate is greater than conform + exceed burst

The trTCM is configured by setting its mode and by assigning values to four traffic parameters:

· Peak Information Rate (PIR)
· Peak Burst Size (PBS)
· Committed Information Rate (CIR)
· Committed Burst Size (CBS).

Router(config)#policy-map POLICER
Router(config-pmap)#class class-default
Router(config-pmap-c)#police ?
<8000-2000000000> Bits per second
cir Committed information rate
rate Specify police rate

Router(config-pmap-c)#police cir ?
<8000-2000000000> Bits per second
percent % of interface bandwidth for Committed information rate

Router(config-pmap-c)#police cir 8000 ?
<1000-512000000> Burst bytes
bc Conform burst
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc ?
<1000-512000000> Burst bytes
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 ?
<1000-512000000> Burst bytes
be Excess burst
conform-action action when rate is less than conform burst
pir Peak Information Rate
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir ?
<8000-2000000000> Bits per second

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 ?
be Excess burst
conform-action action when rate is less than conform burst
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be ?
<1000-512000000> Burst bytes

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be 8000 ?
conform-action action when rate is less than conform burst
<cr>

Router(config-pmap-c)#police cir 8000 bc 8000 pir 8000 be 8000

The PIR and CIR are measured in bytes of IP packets per second, i.e.,it includes the IP header, but not link specific headers. The PIR must be equal to or greater than the CIR.

Router(config-pmap-c)#police cir 9000 pir 8000
Inconsistent PIR value, should be greater than CIR: 9000

The PBS and the CBS and are measured in bytes and both of them must be configured to be greater than 0

Router(config-pmap-c)#police cir 9000 bc ?
<1000-512000000> Burst bytes === The min value here is 1000 BYTES

It is recommended that they be configured to be equal to or greater than the size of the largest possible IP packet in the stream.

The behavior of the Meter is specified in terms of its mode and two token buckets, P and C, with rates PIR and CIR, respectively. The maximum size of the token bucket P is PBS and the maximum size of the token bucket C is CBS.

The token buckets P and C are initially (at time 0) full, i.e., theoken count Tp(0) = PBS and the token count Tc(0) = CBS.

If BC and Be are not specified, the default BC in Bytes will be CIR/32 or 1500 Bytes whichever is higher. The Default BE in Bytes will be PIR/32 or 1500 Bytes which ever is higher

Router(config-if)#ser in POLICER
Router(config-if)#do show policy-map
Policy Map POLICER
Class class-default
police cir 32000 bc 1500 pir 64000 be 2000
conform-action transmit
exceed-action drop
violate-action drop

or
Router(config-pmap-c-police)#police cir 50000 pir 100000
Router(config-pmap-c-police)#do show policy-map
Policy Map POLICER
Class class-default
police cir 50000 bc 1562 pir 100000 be 3125
conform-action transmit
exceed-action drop
violate-action drop

50000/32 == 1562,5
100000/32 == 3125
So in this case Bucket P has 3125 Bytes and Bucket C has 1562 Bytes in Size

the token count Tp is incremented by one PIR times per second up to PBS and the token count Tc is incremented by one CIR times per second up to CBS.

When a packet of size B bytes arrives at time t, the following happens if the trTCM is configured to operate in the Color-Blind mode:

A.- If Tp(t)-B < 0, the packet is red

B.- if Tc(t)-B < 0, the packet is yellow and Tp is decremented by B

C.- the packet is green and both Tp and Tc are decremented by B.

The Marker reflects the metering result by setting the DS field of the packet to a particular codepoint. In case of the AF PHBthe color can be coded as the drop precedence of the packet.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ft2rtplc.htm#1015363
Router(config-pmap-c)# police {cir cir} [bc conform-burst] {pir pir} [be peak-burst]

Setting up a Quick Lab, using Dynamips

start “R1” /MIN D:\Dyn\dynamips-wxp.exe -i 1 -t npe-400 -r 128 -t npe-400 -r 128 -p 1:PA-4T+ -p 2:PA-4T+ -p 3:PA-FE-TX -p 4:PA-FE-TX -k 40 –idle-pc=0x608bad8c -A 3001 -s 1:0:udp:1101010:127.0.0.1:1011010 -s 1:1:udp:131112:127.0.0.1:311211 -s 3:0:udp:173001:127.0.0.1:710130 D:\Dyn\C7200-IK.bin

start “R3” /MIN D:\Dyn\dynamips-wxp.exe -i 3 -t npe-400 -r 128 -t npe-400 -r 128 -p 1:PA-4T+ -p 2:PA-4T+ -p 3:PA-FE-TX -p 4:PA-FE-TX -k 40 –idle-pc=0x608bad8c -A 3003 -s 1:0:udp:3101012:127.0.0.1:1031210 -s 1:1:udp:3101113:127.0.0.1:1031311 -s 1:2:udp:311211:127.0.0.1:131112 -s 1:3:udp:321311:127.0.0.1:231113 -s 3:0:udp:473003:127.0.0.1:730330 -s 4:0:udp:384003:127.0.0.1:830340 D:\Dyn\C7200-IK.bin

R1#show ip ospf neigh

Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ – 00:00:37 1.1.13.3 Serial1/1

R1#show ip ospf data

OSPF Router with ID (1.1.13.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.13.1 1.1.13.1 12 0x80000002 0x008DCA 2
3.3.3.3 3.3.3.3 17 0x80000002 0x005AE2 3

R1#show ip route 3.3.3.3
Routing entry for 3.3.3.3/32
Known via “ospf 1”, distance 110, metric 65, type intra area
Last update from 1.1.13.3 on Serial1/1, 00:00:05 ago
Routing Descriptor Blocks:
* 1.1.13.3, from 3.3.3.3, 00:00:05 ago, via Serial1/1
Route metric is 65, traffic share count is 1

R1(config)#class-map ICMP
R1(config-cmap)#ma proto icmp
R1(config-cmap)#exit
R1(config)#policy-map POLICER
R1(config-pmap)#class ICMP
R1(config-pmap-c)#police cir 10000 pir 20000
R1(config-pmap-c-police)#conform-action ?
drop drop packet
set-clp-transmit set atm clp and send it
set-discard-class-transmit set discard-class and send it
set-dscp-transmit set dscp and send it
set-frde-transmit set FR DE and send it
set-mpls-exp-imposition-transmit set exp at tag imposition and send it
set-mpls-exp-topmost-transmit set exp on topmost label and send it
set-prec-transmit rewrite packet precedence and send it
set-qos-transmit set qos-group and send it
transmit transmit packet

This router can remark to DSCP or to IPPrec, we are using IPPrec in this example, by default it would drop all traffic entering in exceeded or violation setions.

R1(config-pmap-c-police)#conform-action set-dscp-transmit ?
<0-63> Differentiated services codepoint value
af11 Match packets with AF11 dscp (001010)
af12 Match packets with AF12 dscp (001100)
af13 Match packets with AF13 dscp (001110)
af21 Match packets with AF21 dscp (010010)
af22 Match packets with AF22 dscp (010100)
af23 Match packets with AF23 dscp (010110)
af31 Match packets with AF31 dscp (011010)
af32 Match packets with AF32 dscp (011100)
af33 Match packets with AF33 dscp (011110)
af41 Match packets with AF41 dscp (100010)
af42 Match packets with AF42 dscp (100100)
af43 Match packets with AF43 dscp (100110)
cs1 Match packets with CS1(precedence 1) dscp (001000)
cs2 Match packets with CS2(precedence 2) dscp (010000)
cs3 Match packets with CS3(precedence 3) dscp (011000)
cs4 Match packets with CS4(precedence 4) dscp (100000)
cs5 Match packets with CS5(precedence 5) dscp (101000)
cs6 Match packets with CS6(precedence 6) dscp (110000)
cs7 Match packets with CS7(precedence 7) dscp (111000)
default Match packets with default dscp (000000)
ef Match packets with EF dscp (101110)

R1(config-pmap-c-police)#conform-action SET-PREc-transmit ?
<0-7> new precedence

R1(config-pmap-c-police)#conform-action set-prec-transmit 1
R1(config-pmap-c-police)#exceed-action set-prec-transmit 2
R1(config-pmap-c-police)#violate-action set-prec-transmit 3
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#int s01/1
R1(config-if)#ser out POLICER
R1(config-if)#do show policy-map int s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
13 packets, 984 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

Ok

R1#ping 3.3.3.3 time 0 size 400 rep 2

Type escape sequence to abort.
Sending 2, 400-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:
..
Success rate is 0 percent (0/2)

We are sending 2 – 400 Bytes Packets, at the same time.

R1#show policy-map int s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
2 packets, 808 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
police:
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes
conformed 2 packets, 808 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
4 packets, 216 bytes
5 minute offered rate 0 bps, drop rate 0 bps

Match: any
R1#

R1#show policy-map int s1/1 | in actions
conformed 2 packets, 808 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
violated 0 packets, 0 bytes; actions:

From the following link http://www.cisco.com/univercd/illus/6/15/60515.gif

If B > Tp then packets are marked as violating
If B > Tc then packets are marked as exceeding, Tp = Tp – B
If Tp = Tp – B and Tc = Tc – B then the packet is market as conforming

R1#show policy-map int s1/1 | in cir|pir
cir 10000 bps, bc 1500 bytes
pir 20000 bps, be 1500 bytes

So Tp Size is 1500 and Tc Size is 1500 as well

Lets modify a little bit the TP and TC Sizes

R1(config-pmap-c)#class ICMP
R1(config-pmap-c)#police cir 10000 bc 1000 pir 20000 be 2000
R1(config-pmap-c-police)#

R1#show policy-map interface s1/1
Serial1/1

Service-policy output: POLICER

Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 101
police:
cir 10000 bps, bc 1000 bytes
pir 20000 bps, be 2000 bytes
conformed 0 packets, 0 bytes; actions:
set-prec-transmit 1
exceeded 0 packets, 0 bytes; actions:
set-prec-transmit 2
violated 0 packets, 0 bytes; actions:
set-prec-transmit 3
conformed 0 bps, exceed 0 bps, violate 0 bps

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

R1#ping 3.3.3.3 time 0 size 1000 rep 3

Type escape sequence to abort.
Sending 3, 1000-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 0 packets, 0 bytes; actions:
exceeded 1 packets, 1004 bytes; actions:
violated 2 packets, 2008 bytes; actions:
R1#!This is because L2 Header 4 Bytes more

R1#clea count
Clear “show interface” counters on all interfaces [confirm]
R1#show policy-map interface s1/1 | in actio
*Dec 22 22:44:25.447: %CLEAR-5-COUNTERS: Clear counter on all interfaces by cons
ole
R1#show policy-map interface s1/1 | in actio
conformed 0 packets, 0 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
violated 0 packets, 0 bytes; actions:
R1#ping 3.3.3.3 time 0 size 900 rep 3

Type escape sequence to abort.
Sending 3, 900-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 1 packets, 904 bytes; actions:
exceeded 1 packets, 904 bytes; actions:
violated 1 packets, 904 bytes; actions:

Three (B == 904 Bytes) Packets coming In at the same time

R1#ping 3.3.3.3 time 0 size 996 rep 3

Type escape sequence to abort.
Sending 3, 996-byte ICMP Echos to 3.3.3.3, timeout is 0 seconds:

Success rate is 0 percent (0/3)
R1#show policy-map interface s1/1 | in actio
conformed 1 packets, 1000 bytes; actions:
exceeded 1 packets, 1000 bytes; actions:
violated 1 packets, 1000 bytes; actions:

in this case we are sending 1000 Bytes exactly (with L2 Overhead)
This is Tc(0) == 1000 and Tp(0) == 2000

1 st Packet 1000 > 2000 no then 1000 > 1000 no Conform
Tc == 0
2 nd Packet 1000 > 2000 no then 1000 > 0 yes Exceed, TP = 2000 – 1000 = 1000
3 er Packet 1000 > 1000 yes violate

A Networker Blog

Advertisements

3 thoughts on “RFC 2698 Implemented

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s