I have the following topology set on AWS where there are 4 CSR 1000v Routers deployed and Segment Routing enabled in which the Segment Routing Headend is R1 and the destination is R3.

I aim to send perf traffic from Endpoint1(Client) to Endpoint2 (Server) with the following:

 SR path = { R1, R2, R3, R4, R3, R2, R1, R2, and R3 }. 

First of all, the traffic generated by iperf from Endpoint1 a linearly increasing UDP traffic until I stop manually. Using SNMP and Cacti I could get throughput across the links (GRE Tunnels) which are summarized below.

I set all tunnels' bandwidth as 10Mbps , I was expecting to see packet loss but I didn't. It is obvious from the plots that the throughput has exceeded the tunnels' bandwidth. However, no packet loss is recorded.

here's the tunnels' configuration:

interface Tunnel0
bandwidth 10000
tunnel bandwidth transmit 10000
tunnel bandwidth receive 10000
ip address 10.10.2.1 255.255.255.252
ip router isis aws
load-interval 30
mpls traffic-eng tunnels
keepalive 2 3
tunnel source GigabitEthernet1
tunnel destination 52.27.173.12
tunnel path-mtu-discovery
isis metric 1

After such gib amount of traffic, the `txload` is reached the overload which supposed to happen seeing drops on the tunnel. However, there are no losses `0 output errors`.

ip-172-1-1-13#sh int t0 
Tunnel0 is up, line protocol is up 
Hardware is Tunnel
Internet address is 10.10.2.1/30
MTU 9976 bytes, BW 10000 Kbit/sec, DLY 50000 usec, 
reliability 255/255, txload 255/255, rxload 200/255
Encapsulation TUNNEL, loopback not set
Keepalive set (2 sec), retries 3
Tunnel linestate evaluation up
Tunnel source 172.1.1.13 (GigabitEthernet1), destination 52.38.167.137
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with GigabitEthernet1
Set of tunnels with source GigabitEthernet1, 2 members (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Path MTU Discovery, ager 10 mins, min MTU 92
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 10000 (kbps)
Tunnel receive bandwidth 10000 (kbps)
Last input 00:00:05, output 00:00:00, output hang never
Last clearing of "show interface" counters 01:18:49
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
30 second input rate 32000 bits/sec, 5 packets/sec
30 second output rate 59000 bits/sec, 8 packets/sec
1221047 packets input, 936187461 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles 
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
2938865 packets output, 2309121792 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

I tried to configure a Policing bandwidth on the interface's tunnel which is the following:

policy-map police
 description Police above 10 Mbps
  class class-default
    police cir 10000 conform-action transmit exceed-action drop
!
interface Tunnel0
 service-policy output police
!
interface Tunnel1 
  service-policy output police 
!

and have it enabled on the tunnels interfaces ` service-policy input police`. 

The problem I am facing is that, I could see drops on the tunnels, but those drops are recorded even before the tunnels reach the maximum throughput which is defined as 10Mb which is around 2-3Mbps as maximum throughput.  I really don't understand why the policy-map is dropping. I want to policy map to drop packet when exactly/above the throughput is 10Mbps.

Is there any way to see drops without using policy-map? Or another way to fix the problem.