Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1318
Views
0
Helpful
4
Replies

QOS Policy in Cisco ASR9k

Go to solution
Inthiyaz
Level 1
Level 1

‎01-11-2023 09:58 PM - edited ‎01-11-2023 10:10 PM 

policy-map SUBS_IN
 class class-default
  set dscp default
  police rate 150 mbps 
   exceed-action transmit
   violate-action drop
  ! 
 ! 
 end-policy-map
! 
policy-map SUBS_OUT
 class class-default
  set dscp default
  police rate 150 mbps 
   exceed-action transmit
   violate-action drop
  !
policy-map 2gig
class class-default
police rate 2 gbps
conform-action transmit
exceed-action drop
!

I have a question with regarding the above config. 
exceed-action transmit --> it's often used to mark over rate packets. It can also be used to accumulate stats on over rate packets?
violate-action drop --> Configures the action to take on packets that violate the rate limit?
when should I use conform-action/exceed-action drop vs violate-action drop?


 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Inthiyaz
Level 1
Level 1
In response to smilstea

‎01-13-2023 08:32 AM

Perfect! Thanks for your time! 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
smilstea
Cisco Employee
Cisco Employee

‎01-12-2023 09:09 AM

Let's look at 4 examples:

 

Marking based on Policing state

ASR9K supports setting a field based on the policer result. Consider the following policy-map,

 

Policy-map parent

    Class class-default

              Police rate 10 Mbps peak-rate 20 mbps

                      conform-action set dscp af12

                      conform-action set cos 2

                      exceed-action set dscp af13

                      exceed-action set cos 3

 

If the traffic rate is 0-10 Mbps the conform-action of setting dscp to af12 & cos 2 is executed. If the traffic rate is 10-20 Mbps, then the exceed-action of setting dscp to af13 and cos 3 is executed.

 

 

Marking and hierarchical policy-map

This section explains when using marking and policing based marking on a hierarchical policy-map what the expected behavior is. Note in ASR9K, in a 3 level explicit MQC policy hierarchy set/mark action is supported on only the bottom two levels in hierarchy. MQC describing ordering of feature-execution and indicates the following

 

  1. Set/Mark actions independent of policer would be executed first from TOP of the hierarchy to bottom.
  2. Set/Mark actions based on policer would be executed next from bottom of the hierarchy to the top.

 

Policy-map parent

    Class class-default

              Set cos 1

              Set dscp AF11

              Police rate 10 Mbps peak-rate 20 Mbps

                      conform-action set dscp af12

                      conform-action set cos 2

                      exceed-action set dscp af13

                      exceed-action set cos 3

                      violate-action drop

              service-policy child

 

policy-map child

    Class c1

              Set cos 4

              Set qos-group 1

              Police rate 5 Mbps peak-rate 10 Mbps

                      conform-action set qos-group 2

                      conform-action set cos 5

                      exceed-action set qos-group 3

                      exceed-action set cos 6

                      violate-action drop

    class class-default

!

 

For e.g. in the above policy-map hierarchy let’s consider the traffic is in conform state on both parent and child policer, then the order of execution is as follows

 

  1. set cos 1 (parent policy)
  2. set dscp AF11 (parent policy)
  3. set cos 4 (child policy – overrides step 1)
  4. set qos-group 1 (child policy)
  5. set qos-group 2 (child policy, policer conform state, overrides step 4)
  6. set cos 5 (child policy, policer conform state overrides step 3)
  7. set dscp af12 (parent policy, policer conform state, overrides step 2)
  8. set cos 2 (parent policy, policer conform state overrides step 6)

 

End result for such a flow is to set

  • cos 2
  • dscp af12
  • qos-group 2

 

Similarly for other traffic effective mark actions can be derived as shown below.

 

Packet belonging to

Child policer state

Parent policer state

Marking actions performed

Child-C1

Conform

conform

Cos 2

Dscp af12

Qos-group 2

Child-C1

Conform

Exceed

Cos 3

Qos-group 2

Dscp af13

Child-C1

Conform

Violate

Drop

Child-class-default

X

Conform

Set cos 2

Set dscp AF12

 

Child-class-default

X

exceed

Set cos 3

Set dscp AF13

 

Child-class-default

X

violate

Drop

 

Child-c1

Exceed

Conform

Set cos 2

Set dscp AF12            Set qos-group 3

Child-c1

Exceed

Exceed

Set cos 3             Set dscp AF13

Set qos-group 3

Child-c1

Exceed

violate

Drop

Child-c1

Violate

Don’t Care

Drop

 

 

Single Rate policer (1R2C)

ASR9K would instantiate a single Rate 2 color policer when user configures just one rate associated to a policer in the policy-map. For e.g.

 

Policy-map policer

     Class class-default

          Police rate 10 Mbps

             Conform-action transmit

             Exceed-action drop

 

For the above policy-map if the traffic is <=10 Mbps, the policer would take any action configured under “conform-action” sub-mode. In this case if traffic is <=10, it would be transmitted, if > 10 Mbps it would be dropped.

 

Note an optional burst size can be configured for the rate, to limit the length of burst in addition to the rate. If this optional burst size is not specified, then a 100ms burst size of the rate specified is used internally.

 

Policy-map policer

     Class class-default

          Police rate 10 Mbps burst 100 kbytes

             Conform-action transmit

             Exceed-action drop

 

 

 

Dual Rate policer (2R3C)

When a peak-rate needs to be enforced separately from a committed rate, a 2R3C policer can be utilized. In ASR9K when user specifies two rates (rate & peak-rate) a 2R3C policer would be instantiated. For e.g.

 

 

Policy-map policer

     Class class-default

          Police rate 10 Mbps peak-rate 20 Mbps

             Conform-action transmit

             Exceed-action set cos 0

             Violate-action drop

 

In the above policy-map, if traffic is <=10 Mbps it is transmitted. If 10Mbps< traffic <= 20 Mbps then the cos is remarked as 0 and packets are transmitted. If the traffic is > peak-rate then it is dropped.

 

Note once again optional burst size can be configured for the rate as well as peak-rate, to limit the length of burst in addition to the rate. If this optional burst size is not specified, then a 200ms burst size of the rate specified is used internally.

 

Policy-map 2R3C_policer

     Class class-default

          Police rate 10 Mbps burst 10 kbytes peak-rate 20 Mbps peak-burst 20 Kbytes

             Conform-action transmit

             Exceed-action set cos 0

             Violate-action drop

 

 

Let me know if you have any further questions.

 

Sam

 

0 Helpful

Go to solution
Inthiyaz
Level 1
Level 1
In response to smilstea

‎01-12-2023 05:13 PM

Sam

Thanks for the detailed explanation. 

I assume 

policy-map SUBS_OUT
 class class-default
  set dscp default
  police rate 150 mbps 
   exceed-action drop
   If the exceed-action set to drop, then I do not have to add "violate-action drop". I believe it's by default violation drop. 
0 Helpful

Go to solution
smilstea
Cisco Employee
Cisco Employee
In response to Inthiyaz

‎01-13-2023 07:54 AM

The wording in the configuration guide for the two is confusing, but based on the examples I have seen your example above would work. But even without it by default the exceed action is to drop the packet when a policer has no burst settings configured.

 

Sam

 

0 Helpful

Go to solution
Inthiyaz
Level 1
Level 1
In response to smilstea

‎01-13-2023 08:32 AM

Perfect! Thanks for your time! 

0 Helpful
Customers Also Viewed These Support Documents