03-20-2009 08:14 AM - edited 03-06-2019 04:43 AM
I need to police ingress traffic on a layer2 ("switchport") interface.
Traffic is raw ethernet, so only L2 policying is usable.
Cat6500
Sup 720
Native mode
IOS 12.2(18)SXF13 adv enterprise
Already read config guides, but it takes a while to understand all concepts.
Any sample config, to make me understand better the concepts?
TIA
Ivan
Solved! Go to Solution.
03-20-2009 09:13 AM
Yep - but I suggest you review the numbers:-
50000000 - 50 megabits per second
1562500 - 1.4 megabits per second
The burst size should be x 2 the CIR - otherwise you will never reach the CIR and you will experiance TCP global synchronization.
HTH>
03-20-2009 08:24 AM
From the URL:-
This is the modified IPPHONE-PC policy map, which includes the police command:
policy-map IPPHONE-PC
class CLASSIFY-OTHER
police 50000000 1562500 conform-action set-dscp-transmit default exceed-action drop
These are the police command parameters:
â¢The 50000000 parameter defines the committed information rate (CIR) for traffic allowed in this traffic class. This example configures the CIR to be 50 Mbps.
â¢The 1562500 parameter defines the CIR burst size for traffic in this traffic class; this example uses a default maximum burst size. Set the CIR burst size to the maximum TCP window size used on the network.
â¢The conform action keywords define what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is below the 50-Mbps rate. In this example, set-dscp-transmit default applies DSCP 0 to those packets.
â¢The exceed action defines what the policer does with CLASSIFY-OTHER packets transmitted when the traffic level is above the 50 Mbps CIR. In this example, exceed action drop drops those packets.
03-20-2009 08:46 AM
The MQC is quite clear, and I used to apply on routed traffic.
My problem is with definition of class-map.
How can I set "match everything" clause?
the outlined class use an acl matching "IP any any", but I'm not sure the traffic is all pure IPv4 (maybe some IPv6, or some pure ether frames).
any hint?
03-20-2009 08:51 AM
That is the "class default"
Anything else that has not been defined and does not match a class = class default.
03-20-2009 09:08 AM
then, using the standard MQC syntax:
policy-map IPPHONE-PC
class class-default
police 50000000 1562500 conform-action transmit exceed-action drop
and then apply to interface.
right?
03-20-2009 09:13 AM
Yep - but I suggest you review the numbers:-
50000000 - 50 megabits per second
1562500 - 1.4 megabits per second
The burst size should be x 2 the CIR - otherwise you will never reach the CIR and you will experiance TCP global synchronization.
HTH>
03-20-2009 09:24 AM
ok.
this is a good start.
will play with the aggregate policers at later stage.
Thank you.
Ivan
03-20-2009 04:19 PM
np - glad to help
03-23-2009 08:50 AM
according to Cisco docs, the second parameter is in bytes, not bits.
as a rule of the thumb, I usually set the burst BYTE value as 1.5 bits value, so I have a quite big burst cache.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: