310 Chapter 8: QoS Support on the Catalyst 6500
Example 8-32 Configuring a Single-Rate Microflow Policer in Native Mode with a PFC2 (Continued)
Pkts Bytes Age LastSeen Attributes
---------------------------------------------------
62605 30426030 273 15:07:31 L3 - Dynamic
62675 30460050 273 15:07:31 L2 - Dynamic
62677 30461022 273 15:07:31 L2 - Dynamic
QoS Police Count Threshold Leak Drop Bucket Use-Tbl Use-Enable
-----------+------------+---------+-----------+----+-------+-------+----------+
0x0 60278 0 0 NO 1798 NO NO
0x0 60207 0 0 NO 1857 NO NO
0x0 60206 0 0 NO 1640 NO NO
Two-Rate Policing
The PFC2 provides additional policing enhancements beyond the capabilities of the PFC1.
The PFC2 is capable of aggregate policing at dual rates. Dual-rate aggregate policing was
introduced for the Catalyst 6500 in CatOS Software Release 6.1(1) and in Cisco IOS
Release 12.1(8a)E. In addition to the traditional normal rate and normal burst size, the
PFC2 introduces an excess rate and an excess burst for the policer. With this configuration,
the drop indication applies to the excess rate, as opposed to the normal rate. Packets
exceeding the normal rate are always marked down, unless they also exceed the excess rate.
If they exceed the excess rate, the packets are either marked down or dropped, depending on the
administratively defined policy. Figure 8-11 shows the operation of the two-rate policer.
Figure 8-11 Two-Rate Policer
PIA CIR
BcBe
No No
B>TcB>Tp
Ye s Ye s
Packet of Size B
Conform
Action
Exceed
Action Action
Violate
Policing 311
To complement the policing enhancements offered by the PFC2, there are now two policed
DSCP map tables corresponding to each rate for marking down out-of-profile packets, as
demonstrated in the previous mapping section. Operation of the two-rate policer on the
Catalyst 6500 is analogous to the “two-rate three-color marker” described in IETF RFC
2698. As depicted in Figure 8-11, the two-rate policer adds a second bucket to the
operation. Similar to the single-rate policer, both buckets use a token bucket mechanism;
however, each bucket operates independently of the other. The following commands are used to
configure and verify operation for the two-rate policer on the Catalyst 6500 with a PFC2:
(Hybrid)
set qos policer aggregate {
name
} rate {
rate normal
} policed-dscp erate {
rate excess
}
{policed-dscp | drop} burst {
burst normal
} eburst {
burst excess
}
show qos policer {config | runtime} {{aggregate [
name
]} | all}
show qos statistics { l3stats | {aggregate-policer [
name
]}}
64
(Native)
mls qos aggregate-policer {
name
} {
rate CIR
} [
burst CIR
] [
burst PIR
] pir {
rate PIR
}
[[conform-action {drop | set-dscp-transmit {
DSCP
} | set-prec-transmit {
prec
} |
transmit}] [exceed-action{drop | policed-dscp-transmit | transmit}] [violate-action
{drop | policed-dscp-transmit |transmit}]]
police aggregate {
name
}
police {
rate CIR
} [[
burst CIR
] [
burst PIR
]] pir {
rate PIR
} [[conform-action {drop |
set-dscp-transmit {
DSCP
} | set-prec-transmit {
prec
} | transmit}] [exceed-action {
drop | set-dscp-transmit {
DSCP
} | set-prec-transmit {
prec
} | policed-dscp-transmit |
transmit}] [violate-action {drop | policed-dscp-transmit | transmit}]]
ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
ll
ll
ss
ss
qq
qq
oo
oo
ss
ss
show mls qos aggregate-policer [
name
]
show mls qos ip {
type num
}
For Native mode, two aggregate policers are depicted. Recall from configuring the single-
rate policer, mls qos aggregate-policer, when applied to multiple ports through a policy
map class, polices all ports to the specified rate. The alternative aggregate policer polices
traffic to the configured rate on a per-port basis. Within either aggregate policer, the normal
rate, or committed information rate (CIR), determines how many tokens are placed in the
bucket every .25 ms. The excess rate, or peak information rate (PIR), determines how many
tokens are placed into the excess bucket based on the same frequency. Both token buckets
operate independently of each other.
Unlike the single-rate policer, which offers two policing actions, the two-rate policer
provides support for a third policing action. These three policing actions correspond to the
green, yellow, and red transactions detailed in RFC 2698.
The first policing action matches all traffic conforming to the normal and excess policing
rates. Because the packets conform to both rates, no action is required from the switch. In
Hybrid, the switch maintains the existing QoS parameters assigned to the packet, which is
forwarded to the egress scheduler. In Native mode, the option exists to transmit the
conforming packet, assign a new IP precedence or DSCP value, or drop the packet. If the
drop keyword is specified for the conform-action, the exceed-action and violate-action
are automatically configured to drop.
312 Chapter 8: QoS Support on the Catalyst 6500
The second policing action adheres to traffic exceeding the normal rate, but conforming to
the excess rate. In Hybrid mode, packets exceeding the normal rate, but conforming to the
excess, rate are marked down based on the normal rate policed DSCP table. In Native mode,
the administrator can instruct the policing logic to drop, mark down, or forward traffic
matching the criteria for the second policing action. In addition, in Native mode, the per-
port aggregate policer also allows a new DSCP or IP precedence value to be assigned. The
drop keyword is not available in Hybrid for traffic conforming to the excess rate, but
violating the normal rate. In Native mode, however, if the drop keyword is specified, the
resulting behavior can be compared to the single-rate policer.
The third policing action defines the policy applied to all traffic violating the normal and
excess rates. For Hybrid and Native modes, packets can either be dropped or marked and
forwarded with a policed DSCP value. In addition, Native mode provides the transmit
keyword as an option for violating traffic. When defining the policing policies for the three
different policing levels, subsequent policing policies cannot be less stringent than previ-
ously defined policies. If the policed-dscp-transmit keyword is specified for the exceed-
action, for example, transmit cannot be specified for the violate-action. The configured
action must be equal or more severe.
With the release of CatOS 7.2 and later versions, the eburst parameter is configured
independently of the burst parameter. This provides additional autonomy when config-
uring the burst parameters. Prior to the 7.2 release, the administrator is limited to only
configuring the burst option. The eburst value is derived from the burst value. The burst
and eburst values define the bucket depth for the respective token buckets. The two token
buckets, controlled by the policing ASIC on the PFC, operate independently of each other.
Tokens configured for the normal bucket are only allocated to packets conforming to the
normal rate, whereas tokens configured for the excess bucket are only allocated to packets
conforming to the excess rate. Tokens from the two buckets cannot be combined to service
a packet. Enough tokens must be present in either bucket to service an entire packet. If the
optional eburst value is not explicitly configured, the burst size is set to the same value for
both normal and excess rate policers.
When configuring the two-rate policer, ensure the configured burst values are at least equal
to the average or largest serviced packet size. In addition, set the excess rate value to be
greater than or equal to the normal rate. If the two policing rates are configured equally, the
resulting behavior is a single-rate policer. In this situation, although there are two separate
token buckets, one for normal rate and the other for excess rate, both buckets are charged
for a successfully transmitted packet. Therefore, if a packet arrives, which does not exceed
the normal rate, and the normal rate equals the excess rate, tokens amounting to the size of
the packet are depleted from both buckets. The following examples demonstrate config-
uring an aggregate two-rate policer in Hybrid and Native modes.
Example 8-33 Configuring an Aggregate Two-Rate Policer in Hybrid Mode
hybrid (enable) set qos policer aggregate HTTP-police rate 1000 policed-dscp erate
2000 drop burst 13 eburst 13
QoS policer for aggregate HTTP-police updated successfully.
Rate is set to 992, erate is set to 1984 burst is set to 13 and eburst is set to 13
in hardware due to hardware granularity.
Policing 313
hybrid (enable) set qos acl ip HTTP-traffic dscp 0 aggregate HTTP-police tcp any any
eq www
HTTP-traffic editbuffer modified. Use ’commit’ command to apply changes.
hybrid (enable) commit qos acl HTTP-traffic
QoS ACL ’HTTP-traffic’ successfully committed.
hybrid (enable) set qos acl map HTTP-traffic 5/10
ACL HTTP-traffic is successfully mapped to port 5/10.
hybrid (enable) show qos info config 5/10
QoS setting in NVRAM:
QoS is enabled
Policy Source of port 5/10: COPS
Tx port type of port 5/10 : 2q2t
Rx port type of port 5/10 : 1q4t
Interface type: port-based
ACL attached: HTTP-traffic
The qos trust type is set to untrusted.
Default CoS = 1
(text omitted)
hybrid (enable) show qos policer config aggregate HTTP-police
QoS aggregate policers:
Aggregate name Avg. rate (kbps) Burst size (kb) Normal action
------------------------------- ---------------- --------------- -------------
HTTP-police 1000 13 policed-dscp
Excess rate (kbps) Excess burst size (kb) Excess action
------------------ ---------------------- -------------
2000 13 drop
ACL attached
------------------------------------
HTTP-traffic
hybrid (enable) show qos statistics l3stats
Packets dropped due to policing: 212586
IP packets with ToS changed: 1276
IP packets with CoS changed: 150636
Non-IP packets with CoS changed: 0
hybrid (enable) show qos statistics aggregate-policer HTTP-police
QoS aggregate-policer statistics:
Aggregate policer Allowed packet Packets exceed Packets exceed
count normal rate excess rate
------------------------------- -------------- -------------- --------------
HTTP-police 109443 205768 212586
Example 8-34 Configuring an Aggregate Two-Rate Policer in Native Mode
native(config)# access-list 101 permit tcp any any eq www
native(config)# class-map HTTP-traffic
native(config-cmap)# match access-group 101
native(config)# policy-map HTTP-police
native(config-pmap)# class HTTP-traffic
native(config-pmap-c)# police 1000000 2000 2000 pir 2000000 conform-action transmit
exceed-action policed-dscp-transmit violate-action drop
native# show mls qos
Example 8-33 Configuring an Aggregate Two-Rate Policer in Hybrid Mode (Continued)
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.