Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2055
Views
4
Helpful
3
Replies

cisco ASA QoS traffic policing - how to count conform burst

jan.diblik
Level 1
Level 1

‎10-28-2014 02:35 AM - edited ‎03-11-2019 09:59 PM

hi,

I have cisco ASA 8.4(5). I will do configuration for QoS traffic policing. Maximum output/input rate will be 850 Mbits/s.

I am not sure if I need to do configuration also for conform burst ? if yes, can I count suitable value for it ? I must admit that I dont understand difference between conform rate and conform burst.

 

 

access-list acl_qos_policing_admin extended permit ip any any
 
 
class-map class_qos_policing_admin
 match access-list acl_qos_policing_admin
 
policy-map policy_qos_policing_admin
 class  class_qos_policing_admin
 police output 850000000 xxxxxxx
 police input 850000000 xxxxxxx
 

service-policy policy_qos_policing_admin interface

inside_ADM

Labels:
0 Helpful
3 Replies 3

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-28-2014 04:47 AM

Hi,

If as per your requirement , you want to police the traffic upto 850 Mbps for Both Upload/Download , then you have the correct configuration.

Conform Burst can be left blank and it will use the default value automatically.

This is in Bytes and will define the amount of Bytes allowed by the ASA in a burst.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/p2.html#pgfId-2133826

Thanks and Regards,

Vibhor Amrodia

jan.diblik
Level 1
Level 1
In response to Vibhor Amrodia

‎10-28-2014 05:55 AM

thanks for reply. how can I check default value for Conform Burst ?

0 Helpful

jan.diblik
Level 1
Level 1
In response to Vibhor Amrodia

‎11-04-2014 11:47 AM

Hi, I already have done configuration on production firewall. Bandwidth test worked very good for 200Mbps or 300 Mbps. But I got little strange results for bigger rate limits such 600Mbps or 850 Mbps. I could not see any dropped packets. I did test via http://www.speedtest.net. Maybe because

I need to set conform-burst? there is now only default value (If you set bigger conform-rate then you get bigger conform-burst with default value).

 

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
Interface inside_EDU:
  Service-policy: policy_qos_policing_edu
    Class-map: class_qos_policing_edu
      Output police Interface inside_EDU:
        cir 200000000 bps, bc 6250000 bytes
      Input police Interface inside_EDU:
        cir 200000000 bps, bc 6250000 bytes

Interface inside_EDU:
  Service-policy: policy_qos_policing_edu
    Class-map: class_qos_policing_edu
      Output police Interface inside_EDU:
        cir 600000000 bps, bc 18750000 bytes
      Input police Interface inside_EDU:
        cir 600000000 bps, bc 18750000 bytes

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
 
Interface inside_ADM:
  Service-policy: policy_qos_policing_admin
    Class-map: class_qos_policing_admin
      Output police Interface inside_ADM:
        cir 300000000 bps, bc 9375000 bytes
      Input police Interface inside_ADM:
        cir 300000000 bps, bc 9375000 bytes
  
Interface inside_ADM:
  Service-policy: policy_qos_policing_admin
    Class-map: class_qos_policing_admin
      Output police Interface inside_ADM:
        cir 850000000 bps, bc 26562500 bytes
      Input police Interface inside_ADM:
        cir 850000000 bps, bc 26562500 bytes
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card