|
rate-limit
To configure committed access rate (CAR) and distributed CAR (DCAR) policies, use the rate-limit interface configuration command. To remove the rate limit from the configuration, use the no form of this command.
rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action exceed-action
no rate-limit {input | output} [access-group [rate-limit] acl-index] bps burst-normal burst-max conform-action conform-action exceed-action conform-action
Syntax Description
input
| Applies this CAR traffic policy to packets received on this input interface.
| output
| Applies this CAR traffic policy to packets sent on this output interface.
| access-group
| (Optional) Applies this CAR traffic policy to the specified access list.
| rate-limit
| (Optional) The access list is a rate-limit access list.
| acl-index
| (Optional) Access list number.
| bps
| Average rate, in bits per second (bps). The value must be in increments of 8 kbps.
| burst-normal
| Normal burst size, in bytes. The minimum value is bps divided by 2000.
| burst-max
| Excess burst size, in bytes.
| conform-action conform-action
| Action to take on packets that conform to the specified rate limit. Specify one of the following keywords:
- continue—Evaluates the next rate-limit command.
- drop—Drops the packet.
- set-dscp-continue—Sets the differentiated services code point (DSCP) (0 to 63) and evaluate the next rate-limit command.
- set-dscp-transmit—Sends the DSCP and transmit the packet.
- set-mpls-exp-continue—Sets the MPLS experimental bits (0 to 7) and evaluates the next rate-limit command.
- set-mpls-exp-transmit—Sets the MPLS experimental bits (0 to 7) and sends the packet.
- set-prec-continue—Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.
- set-prec-transmit—Sets the IP precedence (0 to 7) and sends the packet.
- set-qos-continue—Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.
- set-qos-transmit—Sets the QoS group ID (1 to 99) and sends the packet.
- transmit—Sends the packet.
| exceed-action exceed-action
| Action to take on packets that exceed the specified rate limit. Specify one of the following keywords:
- continue—Evaluates the next rate-limit command.
- drop—Drops the packet.
- set-dscp-continue—Sets the DSCP (0 to 63) and evaluates the next rate-limit command.
- set-dscp-transmit—Sends the DSCP and sends the packet.
- set-mpls-exp-continue—Sets the MPLS experimental bits (0 to 7) and evaluates the next rate-limit command.
- set-mpls-exp-transmit—Sets the MPLS experimental bits (0 to 7) and sends the packet.
- set-prec-continue—Sets the IP precedence (0 to 7) and evaluates the next rate-limit command.
- set-prec-transmit—Sets the IP precedence (0 to 7) and sends the packet.
- set-qos-continue—Sets the QoS group ID (1 to 99) and evaluates the next rate-limit command.
- set-qos-transmit—Sets the QoS group ID (1 to 99) and sends the packet.
- transmit—Sends the packet.
| Class-Based Weighted Fair Queueing Configuration Task List
To configure CBWFQ, perform the tasks described in the following sections. The tasks in the first three sections are required; the tasks in the remaining sections are optional.
- Defining Class Maps (Required)
- Configuring Class Policy in the Policy Map (Required)
- Attaching the Service Policy and Enabling CBWFQ (Required)
- Modifying the Bandwidth for an Existing Policy Map Class (Optional)
- Modifying the Queue Limit for an Existing Policy Map Class (Optional)
- Configuring the Bandwidth Limiting Factor (Optional)
- Deleting Classes (Optional)
- Deleting Policy Maps (Optional)
- Verifying Configuration of Policy Maps and Their Classes (Optional)
CBWFQ is supported on VBR and ABR ATM connections. It is not supported on UBR connections.
See the end of this chapter for the section "CBWFQ Configuration Examples."
For information on how to configure per-VC WFQ and CBWFQ, see the chapter "Configuring IP to ATM Class of Service" in this book.
Defining Class Maps
To create a class map containing match criteria against which a packet is checked to determine if it belongs to a class—and to effectively create the class whose policy can be specified in one or more policy maps—use the first command in global configuration mode to specify the class map name, then use one of the following commands in class-map configuration mode, as needed:
| Command
| Purpose
| Step 1
| Router(config)# class-map class-map-name
| Specifies the name of the class map to be created.
| Step 2
| Router(config-cmap)# match access-group {access-group |name access-group-name}
or
Router(config-cmap)# match input-interface interface-name
or
Router(config-cmap)# match protocol protocol
or
Router(config-cmap)# match mpls experimental number
| Specifies the name of the access control list (ACL) against whose contents packets are checked to determine if they belong to the class. CBWFQ supports numbered and named ACLs.
Specifies the name of the input interface used as a match criterion against which packets are checked to determine if they belong to the class.
Specifies the name of the protocol used as a match criterion against which packets are checked to determine if they belong to the class.
Specifies the value of the EXP field to be used as a match criterion against which packets are checked to determine if they belong to the class.
| Other match criteria can be used when defining class maps. For additional match criteria, see the section "Creating a Traffic Class" in the chapter "Configuring the Modular Quality of Service Command-Line Interface" in this book.
Configuring Class Policy in the Policy Map
To configure a policy map and create class policies that make up the service policy, use the policy-map command to specify the policy map name, then use one or more of the following commands to configure policy for a standard class or the default class:
- class
- bandwidth (policy-map class)
- fair-queue (for class-default class only)
- queue-limit or random-detect
For each class that you define, you can use one or more of the listed commands to configure class policy. For example, you might specify bandwidth for one class and both bandwidth and queue limit for another class.
The default class of the policy map (commonly known as the class-default class) is the class to which traffic is directed if that traffic does not satisfy the match criteria of other classes whose policy is defined in the policy map.
You can configure class policies for as many classes as are defined on the router, up to the maximum of 64. However, the total amount of bandwidth allocated for all classes included in a policy map must not exceed 75 percent of the available bandwidth on the interface. The other 25 percent is used for control and routing traffic. (To override the 75 percent limitation, use the max-reserved bandwidth command.) If not all of the bandwidth is allocated, the remaining bandwidth is proportionally allocated among the classes, based on their configured bandwidth.
To configure class policies in a policy map, perform the optional tasks described in the following sections. If you do not perform the steps in these sections, the default actions are used.
- Configuring Class Policy Using Tail Drop (Optional)
- Configuring Class Policy Using WRED Packet Drop (Optional)
- Configuring the Class-Default Class Policy (Optional)
Configuring Class Policy Using Tail Drop
To configure a policy map and create class policies that make up the service policy, use the first command in global configuration mode to specify the policy map name, then use the following commands in policy-map class configuration mode, as needed, to configure policy for a standard class. To configure policy for the default class, see the section "Configuring the Class-Default Class Policy" in this chapter.
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map to be created or modified.
| Step 2
| Router(config-pmap)# class class-name
| Specifies the name of a class to be created and included in the service policy.
| Step 3
| Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}
| Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth, to be assigned to the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
| Step 4
| Router(config-pmap-c)# queue-limit number-of-packets
| Specifies the maximum number of packets that can be queued for the class.
| To configure policy for more than one class in the same policy map, repeat Step 2 through Step 4. Note that because this set of commands uses the queue-limit command, the policy map uses tail drop, not Weighted Random Early Detection (WRED) packet drop.
Configuring Class Policy Using WRED Packet Drop
To configure a policy map and create class policies comprising the service policy, use the first command in global configuration mode, as needed, to specify the policy map name, then use the following commands in policy-map class configuration mode, as needed, to configure policy for a standard class. To configure policy for the default class, see the section "Configuring the Class-Default Class Policy" in this chapter.
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map to be created or modified.
| Step 2
| Router(config-pmap)# class class-name
| Specifies the name of a class to be created and included in the service policy.
| Step 3
| Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}
| Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth to be assigned to the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
| Step 4
| Router(config-pmap-c)# random-detect
| Enables WRED. The class policy will drop packets using WRED instead of tail drop.
| Step 5
| Router(config-pmap-c)# random-detect exponential-weighting-constant exponent
or
Router(config-pmap-c)# random-detect precedence precedence min-threshold max-threshold mark-prob-denominator
| Configures the exponential weight factor used in calculating the average queue length.
Configures WRED parameters for packets with a specific IP precedence. Repeat this command for each precedence.
| To configure policy for more than one class in the same policy map, repeat Step 2 through Step 5. Note that this set of commands uses WRED packet drop, not tail drop.
| Note If you configure a class in a policy map to use WRED for packet drop instead of tail drop, you must ensure that WRED is not configured on the interface to which you intend to attach that service policy.
|
Configuring the Class-Default Class Policy
The class-default class is used to classify traffic that does not fall into one of the defined classes. Once a packet is classified, all of the standard mechanisms that can be used to differentiate service among the classes apply. The class-default class was predefined when you created the policy map, but you must configure it. If no default class is configured, then by default the traffic that does not match any of the configured classes is flow classified and given best-effort treatment.
By default, the class-default class is defined as flow-based WFQ. However, configuring the default class with the bandwidth policy-map class configuration command disqualifies the default class as flow-based WFQ.
To configure a policy map and configure the class-default class to use tail drop, use the first command in global configuration mode to specify the policy map name, then to configure policy for the default class use the following commands in policy-map class configuration mode:
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map to be created or modified.
| Step 2
| Router(config-pmap)# class class-default default-class-name
| Specifies the default class so that you can configure or modify its policy.
| Step 3
| Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}
or
Router(config-pmap-c)# fair-queue [number-of-dynamic-queues]
| Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth to be assigned to the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
Specifies the number of dynamic queues to be reserved for use by flow-based WFQ running on the default class. The number of dynamic queues is derived from the bandwidth of the interface. Refer to the tables accompanying the description of the fair-queue (WFQ) command in the Cisco IOS Quality of Service Solutions Command Reference for the default number of dynamic queues that WFQ and CBWFQ use when they are enabled on an interface or ATM VC.
| Step 4
| Router(config-pmap-c)# queue-limit number-of-packets
| Specifies the maximum number of packets that the queue for the default class can accumulate.
| To configure a policy map and configure the class-default class to use WRED packet drop, use the first command in global configuration mode to specify the policy map name, then to configure policy for the default class use the following commands in policy-map class configuration mode:
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map to be created or modified.
| Step 2
| Router(config-pmap)# class class-default default-class-name
| Specifies the default class so that you can configure or modify its policy.
| Step 3
| Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}
or
Router(config-pmap-c)# fair-queue [number-of-dynamic-queues]
| Specifies the amount of bandwidth, in kbps, or percentage of available bandwidth to be assigned to the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
Specifies the number of dynamic queues to be reserved for use by flow-based WFQ running on the default class The number of dynamic queues is derived from the bandwidth of the interface. Refer to the tables accompanying the description of the fair-queue (WFQ) command in the Cisco IOS Quality of Service Solutions Command Reference for the default number of dynamic queues that WFQ and CBWFQ use when they are enabled on an interface or ATM VC.
| Step 4
| Router(config-pmap-c)# random-detect
| Enables WRED. The class policy will drop packets using WRED instead of tail drop.
| Step 5
| Router(config-pmap-c)# random-detect exponential-weighting-constant exponent
or
Router(config-pmap-c)# random-detect precedence precedence min-threshold max-threshold mark-prob-denominator
| Configures the exponential weight factor used in calculating the average queue length.
Configures WRED parameters for packets with a specific IP precedence. Repeat this command for each precedence.
| Attaching the Service Policy and Enabling CBWFQ
To attach a service policy to the output interface and enable CBWFQ on the interface, use the following command in interface configuration mode. When CBWFQ is enabled, all classes configured as part of the service policy map are installed in the fair queueing system.
Command
| Purpose
| Router(config-if)# service-policy output policy-map
| Enables CBWFQ and attaches the specified service policy map to the output interface.
| Configuring CBWFQ on a physical interface is only possible if the interface is in the default queueing mode. Serial interfaces at E1 (2.048 Mbps) and below use WFQ by default—other interfaces use FIFO by default. Enabling CBWFQ on a physical interface overrides the default interface queueing method. Enabling CBWFQ on an ATM permanent virtual circuit (PVC) does not override the default queueing method.
Modifying the Bandwidth for an Existing Policy Map Class
To change the amount of bandwidth allocated for an existing class, use the following commands beginning in global configuration mode:
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map containing the class to be modified.
| Step 2
| Router(config-pmap)# class class-name
| Specifies the name of a class whose bandwidth you want to modify.
| Step 3
| Router(config-pmap-c)# bandwidth {bandwidth-kbps | percent percent}
| Specifies the new amount of bandwidth, in kbps, or percentage of available bandwidth to be used to reconfigure the class. The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
| Modifying the Queue Limit for an Existing Policy Map Class
To change the maximum number of packets that can accrue in a queue reserved for an existing class, use the following commands beginning in global configuration mode:
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map containing the class to be modified.
| Step 2
| Router(config-pmap)# class class-name
| Specifies the name of a class whose queue limit you want to modify.
| Step 3
| Router(config-pmap-c)# queue-limit number-of-packets
| Specifies the new maximum number of packets that can be queued for the class to be reconfigured. The default and maximum number of packets is 64.
| Configuring the Bandwidth Limiting Factor
To change the maximum reserved bandwidth allocated for Resource Reservation Protocol (RSVP), CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PVC Interface Priority Queueing (PIPQ), use the following command in interface configuration mode:
Command
| Purpose
| Router(config-if)# max-reserved-bandwidth percent
| Changes the maximum configurable bandwidth for RSVP, CBWFQ, LLQ, IP RTP Priority, Frame Relay IP RTP Priority, and Frame Relay PVC Interface Priority Queueing. The default is 75 percent.
| Deleting Classes
To delete one or more class maps from a service policy map, use the following commands beginning in global configuration mode:
| Command
| Purpose
| Step 1
| Router(config)# policy-map policy-map
| Specifies the name of the policy map containing the classes to be deleted.
| Step 2
| Router(config-pmap)# no class class-name
| Specifies the name of the classes to be deleted.
| Step 3
| Router(config-pmap-c)# no class class-default
| Deletes the default class.
| Deleting Policy Maps
To delete a policy map, use the following command in global configuration mode:
Command
| Purpose
| Router(config)# no policy-map policy-map
| Specifies the name of the policy map to be deleted.
| Verifying Configuration of Policy Maps and Their Classes
To display the contents of a specific policy map, a specific class from a specific policy map, or all policy maps configured on an interface, use the following commands in EXEC mode, as needed:
Command
| Purpose
| Router# show policy-map policy-map
| Displays the configuration of all classes that make up the specified policy map.
| Router# show policy-map policy-map class class-name
| Displays the configuration of the specified class of the specified policy map.
| Router# show policy-map interface interface-name
| Displays the configuration of all classes configured for all policy maps on the specified interface.
| Router# show queue interface-type interface-number
| Displays queueing configuration and statistics for a particular interface.
| The counters displayed after issuing the show policy-map interface command are updated only if congestion is present on the interface.
===================================================================
service-policy
To attach a policy map to an input interface or virtual circuit (VC), or an output interface or VC, to be used as the service policy for that interface or VC, use the service-policy interface configuration command. To remove a service policy from an input or output interface or input or output VC, use the no form of this command.
service-policy {input | output} policy-map-name
no service-policy {input | output} policy-map-name
Syntax Description
input
| Attaches the specified policy map to the input interface or input VC.
| output
| Attaches the specified policy map to the output interface or output VC.
| policy-map-name
| The name of a service policy map (created using the policy-map command) to be attached.
| service-policy (class-map)
To attach a policy map to a class, use the service-policy class-map configuration command. To remove a service policy from a class, use the no form of this command.
service-policy policy-map
no service-policy
Syntax Description
policy-map
| The name of a service policy map (created using the policy-map command) to be attached.
| service-policy (policy-map class)
To use a service policy as a QoS policy within a policy map (called a hierarchical service policy), use the service-policy policy-map class configuration command. To disable a particular service policy as a QoS policy within a policy map, use the no form of this command.
service-policy policy-map-name
no service-policy policy-map-name
Syntax Description
policy-map-name
| Specifies the name of the predefined policy map to be used as a QoS policy
|
set ip precedence (policy-map)
To set the precedence value in the IP header, use the set ip precedence policy-map configuration command. To leave the precedence value at the current setting, use the no form of this command.
set ip precedence ip-precedence-value
no set ip precedence
Syntax Description
ip-precedence-value
| A number from 0 to 7 that sets the precedence bit in the IP header.
| set ip precedence (route-map)
To set the precedence value (and an optional IP number or IP name) in the IP header, use the set ip precedence route-map configuration command. To leave the precedence value unchanged, use the no form of this command.
set ip precedence [number | name]
no set ip precedence
Syntax
Rack02R1(config-route-map)#set ip precedence ?
Precedence value
critical Set critical precedence (5)
flash Set flash precedence (3)
flash-override Set flash override precedence (4)
immediate Set immediate precedence (2)
internet Set internetwork control precedence (6)
network Set network control precedence (7)
priority Set priority precedence (1)
routine Set routine precedence (0)scription
number | name
| (Optional) A number or name that sets the precedence bits in the IP header. The values for the number argument and the corresponding name argument are listed in Table 16, from least to most important.
| set ip qos-group
To set a group ID that can be used later to classify packets, use the set ip qos-group route-map configuration command. To remove the group ID, use the no form of this command.
set ip qos-group group-id
noset ip qos-group group-id
Syntax Description
group-id
| Group ID number in the range from 0 to 99.
| set qos-group
To set a group ID that can be used later to classify packets, use the set qos-group policy-map configuration command. To remove the group ID, use the no form of this command.
set qos-group group-id
noset qos-group group-id
Syntax Description
group-id
| Group ID number in the range from 0 to 99.
|
Configuring Traffic Policing
This chapter describes the tasks for configuring the Traffic Policing feature.
For complete conceptual information, see the section "Traffic Policing" in the "Policing and Shaping Overview" chapter of this book.
For a complete description of the Traffic Policing commands mentioned in this chapter, refer to the Cisco IOS Quality of Service Solutions Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.
To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the "Identifying Supported Platforms" section in the "Using Cisco IOS Software" chapter in this book.
Traffic Policing Configuration Task List
To configure the Traffic Policing feature, perform the tasks described in the following sections. The task in the first section is required; the tasks in the remaining section are optional.
- Configuring Traffic Policing (Required)
- Verifying the Traffic Policing Configuration (Optional)
- Monitoring and Maintaining Traffic Policing (Optional)
See the end of this chapter for the section "Traffic Policing Configuration Examples."
Configuring Traffic Policing
To successfully configure the Traffic Policing feature, a traffic class and a traffic policy must be created, and the traffic policy must be attached to a specified interface. These tasks are performed using the Modular QoS Command-Line Interface (CLI). For information on the Modular QoS CLI, see the chapter "Configuring the Modular Quality of Service Command-Line Interface" in this book.
The Traffic Policing feature is configured in the traffic policy. To configure the Traffic Policing feature, use the following command in policy-map class configuration mode:
The command syntax of the police command allows you to specify the action to be taken on a packet when you enable the action keyword. The resulting action corresponding to the keyword choices are listed in Table 12.
For more information about the police command, refer to the Cisco IOS Quality of Service Solutions Command Reference.
The Traffic Policing feature works with a token bucket mechanism. There are currently two types of token bucket algorithms: a single token bucket algorithm and a two token bucket algorithm. A single token bucket system is used when the violate-action option is not specified, and a two token bucket system is used when the violate-action option is specified.
For a description of a single token bucket algorithm and an explanation of how it works, see the "What Is a Token Bucket?" section of the"Policing and Shaping Overview" chapter of this book.
Verifying the Traffic Policing Configuration
To verify that the Traffic Policing feature is configured on your interface, use the following command in EXEC mode:
Monitoring and Maintaining Traffic Policing
To monitor and maintain the Traffic Policing feature, use the following commands in EXEC mode, as needed:
Traffic Policing Configuration Examples
The following sections provide Traffic Policing configuration examples:
- Traffic Policy that Includes Traffic Policing Example
- Verifying the Configuration Example
For information on how to configure the Traffic Policing feature, see the section "Traffic Policing Configuration Task List" in this chapter.
Traffic Policy that Includes Traffic Policing Example
The following configuration example shows how to define a traffic class (with the class-map command) and associate that traffic class with a traffic policy (with the policy-map command). Traffic policing is applied in the traffic policy. The service-policy command is then used to attach the traffic policy to the interface.
For additional information on configuring traffic classes and traffic policies, see the chapter "Configuring the Modular Quality of Service Command-Line Interface" in this book.
In this particular example, traffic policing is configured with the average rate at 8000 bits per second, the normal burst size at 2000 bytes, and the excess burst size at 4000 bytes. Packets coming into Fast Ethernet interface 0/0 are evaluated by the token bucket algorithm to analyze whether packets conform exceed, or violate the specified parameters. Packets that conform are sent, packets that exceed are assigned a QoS group value of 4 and are sent, and packets that violate are dropped.
For a description of a token bucket and an explanation of how a token bucket works, see the "What Is a Token Bucket?" section of the "Policing and Shaping Overview" chapter of this book.
7200-uut(config)# class-map acgroup2
7200-uut(config-cmap)# match access-group 2
7200-uut(config-cmap)# exit
7200-uut(config)# policy-map police
7200-uut(config-pmap)# class acgroup2
7200-uut(config-pmap-c)# police 8000 2000 4000 conform-action transmit exceed-action set-qos-transmit 4 violate-action drop
7200-uut(config-pmap-c)# exit
7200-uut(config-pmap)# exit
7200-uut(config)# interface fastethernet 0/0
7200-uut(config-if)# service-policy input police
Verifying the Configuration Example
The following example verifies that the Traffic Policing feature is configured on your interface. If the feature is configured on your interface, the show policy-map interface command output displays policing statistics.
Router# show policy-map interface
Ethernet1/7
service-policy output: x
class-map: a (match-all)
0 packets, 0 bytes
5 minute rate 0 bps
match: ip precedence 0
police:
1000000 bps, 10000 limit, 10000 extended limit
conformed 0 packets, 0 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
conformed 0 bps, exceed 0 bps, violate 0 bps |
|