Marking 351
The output verifies traffic conforming to the configured contract is marked with DSCP 8,
whereas traffic violating the contract is marked with DSCP 0. The following section
demonstrates using the class-based policer to accomplish the same results provided in
Example 9-8.
Marking Using a Class-Based Policer
Similar to CAR, but preferred for new deployments, the class-based policer marks traffic
without enforcing any policing actions. However, the class-based policer has three different
actions it enforces on traffic. Like CAR, it has a conform- and an exceed-action, however
the class-based policer also has a third action, violate. The violate-action applies an
additional set of actions to traffic violating the configured rate and exceeding the assigned
conform and excess burst values. Class-based policer operation is discussed in further detail
in the “Policing and Shaping” section of this chapter.
Similar to classification, marking is not a mechanism used independently. As demonstrated
in one of the previous examples, NBAR can be a classification method used in conjunction
Example 9-9 Configuring the Distributed Class-Based Policer for Marking
MSFC#configure terminal
MSFC(config)#class-map match-all Secure-Web
MSFC(config-cmap)#match protocol secure-http
MSFC(config)#policy-map Marking-policy
MSFC(config-pmap)#class Secure-Web
MSFC(config-pmap-c)#police 1000000 1500 1500 conform-action set-dscp-transmit 1
exceed-action set-dscp-transmit 0 violate-action set-dscp-transmit 0
MSFC(config)#interface serial 3/0/0
MSFC(config-if)#service-policy input Marking-policy
MSFC(config-if)#end
MSFC#show policy-map interface serial 3/0/0
Serial3/0/0
service-policy input: Marking-policy
class-map: Secure-Web (match-all)
89929 packets, 35971600 bytes
30 second offered rate 1497000 bps, drop rate 0 bps
match: protocol secure-http
police:
1000000 bps, 1500 limit, 1500 extended limit
conformed 59733 packets, 23893200 bytes; action: set-dscp-transmit 1
exceeded 41 packets, 16400 bytes; action: set-dscp-transmit 0
violated 30155 packets, 12062000 bytes; action: set-dscp-transmit 0
conformed 994000 bps, exceed 0 bps violate 500000 bps
class-map: class-default (match-any)
91 packets, 5764 bytes
30 second offered rate 0 bps, drop rate 0 bps
match: any
91 packets, 5764 bytes
30 second rate 0 bps
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset