350 Chapter 9: QoS Support on the Catalyst 6500 MSFC and FlexWAN
to be matched against a predetermined list or assigned value. The specified rate is measured
in bits per seconds, and the burst values are measured in bytes. The conform-action and
exceed-action determine what actions are taken for conforming and nonconforming
packets, respectively. The following output displays the configurable actions. The
keywords shown are available for both conform-action and exceed-action.
If the intent is to use CAR to mark packets, as opposed to police, the drop keyword is not
used. Instead, a set action is specified to modify the ToS field in the IP header, or set the
local QoS group value for a packet. The transmit keyword is yet another option, which
allows a packet to be forwarded without modifying any existing settings. One additional
feature with CAR is the flexibility to configure multiple rate-limit statements on the same
interface. By using the continue keyword, independently or within a set action, packets can
be processed through multiple rate-limit statements until a match is found. In the event a
match is not found, the default action is to transmit. Therefore, in the absence of a match,
the packet is just forwarded. Example 9-8 demonstrates configuring CAR to mark traffic.
In the example, an extended ACL is configured specifying the traffic to be considered. In
this instance, secure web traffic is being forwarded to the serial interface noted in the
example. However, the traffic is not marked with a value that conforms to the QoS policy
in place. The intent is to mark all secure web traffic conforming to the configured 1-Mbps
rate with DSCP 8. Any traffic exceeding this rate is marked with DSCP 0.
Example 9-7 Configurable Options for the rate-limit Command
MSFC(config-if)#rate-limit input 1000000 187500 375000 conform-action ?
continue scan other rate limits
drop drop packet
set-dscp-continue set dscp, scan other rate limits
set-dscp-transmit set dscp and send it
set-prec-continue rewrite packet precedence, scan other rate limits
set-prec-transmit rewrite packet precedence and send it
set-qos-continue set qos-group, scan other rate limits
set-qos-transmit set qos-group and send it
transmit transmit packet
Example 9-8 Marking Secure Web Traffic with CAR
MSFC#configure terminal
MSFC(config)#access-list 101 permit tcp any any eq 443
MSFC(config)#interface serial 3/0/0
MSFC(config-if)#rate-limit input access-group 101 1000000 187500 375000 conform-
action set-dscp-transmit 8 exceed-action set-dscp-transmit 0
MSFC(config-if)#end
MSFC#show interface serial 3/0/0 rate-limit
Serial3/0/0
Input
matches: access-group 101
params: 1000000 bps, 187500 limit, 375000 extended limit
conformed 115046 packets, 46018400 bytes; action: set-dscp-transmit 8
exceeded 56927 packets, 22770800 bytes; action: set-dscp-transmit 0
last packet: 4ms ago, current burst: 281100 bytes
last cleared 00:06:12 ago, conformed 988000 bps, exceeded 489000 bps