172 Chapter 6: QoS Features Available on the Catalyst 2950 and 3550 Family of Switches
Use the following commands to configure the rate and burst of a class map policer and an
aggregate policer on a Catalyst 3550 switch, respectively:
police
rate burst
[exceed-action {drop | policed-DSCP-transmit}]]
mls qos aggregate-policer
policer_name rate burst
[
exceed-action
{transmit | drop |
policed-DSCP-transmit}]
rate defines the actually policing rate. For the Catalyst 2950 Family of switches, the
supported rates are 1 Mbps to 100 Mbps in 1-Mbps increments for Fast Ethernet interfaces
and 8 Mbps to 1 Gbps for Gigabit-capable interfaces. For the Catalyst 3550 Family of
switches, the supported rates are 8 kbps to 2 Gbps in 1-bps increments for all interfaces.
The switch may adjust the configured rate to a hardware supported rate.
burst defines the burst size in bytes. The burst size needs to be at least the maximum packet
size of frames touched by the policer for accurate policing. The following sections discuss
determining the applicable burst size. For the Catalyst 2950 Family of switches, the
supported burst sizes are 4096, 8192, 16384, 32768, and 65536 bytes for Fast Ethernet ports
and 4096, 8192, 16348, 32768, 65536, 131072, and 262144 bytes for Gigabit Ethernet-
capable interfaces. For the Catalyst 3550 Family of switches, the switches support config-
uring the burst size in the range of 8 MB to 2 GB. Example 6-22 illustrates a Catalyst 3550
configured for policing traffic at 100 Mbps with a burst size 16000 bytes.
Example 6-22 Sample Configuration of Rate Policing as a Policing Action
Switch#show running-config
mls qos
!
class-map match-all MATCH_ACL_100
match access-group 100
!
!
policy-map RATE_RESTRICT
class MATCH_ALL_PCKTS
police 100000000 16000 exceed-action drop
!
(text deleted)
!
interface FastEthernet0/1
switchport access vlan 2
switchport voice vlan 700
no ip address
duplex full
speed 100
service-policy input Mark_Frames
spanning-tree portfast
!
(text deleted)
!
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
!
(text deleted)
end
Policing 173
The traffic-rate policer supports two actions for traffic exceeding the configured rate. These
actions are to drop the packet or mark down the DSCP value of the frame. Marking down
the frame actually occurs on an internal DSCP value.
For the Catalyst 2950 Family of switches, use the follow command to configure the exceed-
action of a traffic-rate policer:
police
rate-bps burst-byte
[exceed-action {drop | dscp
dscp-value
}]
dscp-value indicates the DSCP value used to mark down the frame. Example 6-23 illus-
trates a sample configuration of marking down the DSCP value for traffic exceeding the rate
specified in the policer.
For the Catalyst 3550 Family of switches, the switch uses a DSCP-policed transmit
mapping table to determine the DSCP value used for marking down the packet. By default,
the policed DSCP mapping table maps packet DSCP values directly to the marked-down
DSCP. As a result, the default behavior for the DSCP-policed transmit table is to not mark
down the DSCP value associated with the packet. Use the following command to configure
the policed DSCP mapping table:
mls qos map policed-dscp
dscp-list
to
mark-down-dscp
Example 6-23 Sample Configuration of Marking Down for the Exceeding Action of a Rate Policing
Switch#show running-config
Building configuration...
mls qos
!
class-map match-all MATCH_ACL_100
match access-group 100
!
!
policy-map RATE_RESTRICT
class MATCH_ALL_PCKTS
police 100000000 16000 exceed-action dscp 35
!
(text deleted)
!
interface FastEthernet0/1
switchport access vlan 2
switchport voice vlan 700
no ip address
duplex full
speed 100
service-policy input Mark_Frames
spanning-tree portfast
!
(text deleted)
!
access-list 100 permit ip 10.1.1.0 0.0.0.255 10.2.1.0 0.0.0.255
!
(text deleted)
end
174 Chapter 6: QoS Features Available on the Catalyst 2950 and 3550 Family of Switches
dscp-list represents up to eight DSCP values. The switch marks down frames with these
DSCPS to the DSCP value specified by the mark-down-dscp value when exceeding the
configured rate. To configure the exceed-action of the traffic-rate policer, use the following
command:
police
rate-bps burst-byte
[exceed-action {drop | policed-dscp-transmit}]
Example 6-24 illustrates a user configuring and verifying the policed DSCP mapping table.
Burst Size
Because of the behavior of TCP/IP and UDP applications, packet drops due to policing may
significantly impact traffic throughput and may result in a packet-per-second throughput far
below the configured policer rate. The burst parameter of policing attempts to handle this
behavior by allowing periodic surges of traffic into the bucket.
Configuration of the burst size follows several other Catalyst platform recommendations.
For TCP applications, use the following formula to calculate the burst size parameter used
for policing:
<Burst> = 2 * <RTT> * <Rate>
RTT defines the approximate round-trip time for a TCP session. If RTT is unknown, use a
RTT value of 1 ms to 1 second depending on estimated latency. The burst calculation for a
rate of 64 kbps and an RTT of 100 ms is as follows
<Burst> = 2 * <.100 sec> * <64000 bits/sec>
<Burst> = 12800 bits = 1600 bytes
Nevertheless, from an application standpoint, rate policing always results in actual rates
less than the configured rate regardless of the burst size. UDP applications react closer to
the configured rate in bits per second; nevertheless, some UDP applications retransmit
heavily upon packet loss resulting in performance far less than the configured rate. In brief,
carefully consider burst rate and its effects on application before applying policers.
Example 6-24 User Configuring and Verifying the Policed DSCP Mapping Table
Switch#configure terminal
Switch(config)#mls qos map policed-dscp 30 31 32 33 34 35 to 20
Switch(config)#end
Switch#show mls qos map policed-dscp
Policed-dscp map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 20 20 20 20 20 20 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.