41-22
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 41 Configuring PFC QoS
Understanding How PFC QoS Works
Microflow Policers
PFC QoS applies the bandwidth limit specified in a microflow policer separately to each flow in matched
traffic. For example, if you configure a microflow policer to limit the TFTP traffic to 1 Mbps on VLAN
1 and VLAN 3, then 1 Mbps is allowed for each flow in VLAN 1 and 1 Mbps for each flow in VLAN 3.
In other words, if there are three flows in VLAN 1 and four flows in VLAN 3, the microflow policer
allows each of these flows 1 Mbps.
You can configure PFC QoS to apply the bandwidth limits in a microflow policer as follows:
•
You can create microflow policers with up to 63 different rate and burst parameter combinations.
•
You create microflow policers in a policy map class with the
police flow
command.
•
You can configure a microflow policer to use only source addresses, which applies the microflow
policer to all traffic from a source address regardless of the destination addresses.
•
You can configure a microflow policer to use only destination addresses, which applies the
microflow policer to all traffic to a destination address regardless of the source addresses.
•
For MAC-Layer microflow policing, PFC QoS considers MAC-Layer traffic with the same protocol
and the same source and destination MAC-Layer addresses to be part of the same flow, including
traffic with different EtherTypes. With a PFC3, you can configure MAC ACLs to filter IPX traffic.
•
With a PFC2, you can configure IPX ACLs to filter IPX traffic. For IPX microflow policing,
PFC QoS considers IPX traffic with the same source network, destination network, and destination
node to be part of the same flow, including traffic with different source nodes or source sockets.
•
By default, microflow policers only affect traffic routed by the MSFC. To enable microflow policing
of other traffic, including traffic in bridge groups, enter the
mls qos bridged
command. With a
PFC2, you must enable bridged mircoflow policing for routed traffic as well.
•
With a PFC3, you cannot apply microflow policing to ARP traffic.
•
You cannot apply microflow policing to IPv6 multicast traffic.
You can include both an aggregate policer and a microflow policer in each policy map class to police a
flow based on both its own bandwidth utilization and on its bandwidth utilization combined with that of
other flows.
Note
If traffic is both aggregate and microflow policed, then the aggregate and microflow policers must both
be in the same policy-map class and each must use the same
conform-action
and
exceed-action
keyword option:
drop
,
set-dscp-transmit
,
set-prec-transmit
, or
transmit
.
For example, you could create a microflow policer with a bandwidth limit suitable for individuals in a
group, and you could create a named aggregate policer with bandwidth limits suitable for the group as a
whole. You could include both policers in policy map classes that match the group’s traffic. The
combination would affect individual flows separately and the group aggregately.
For policy map classes that include both an aggregate and a microflow policer, PFC QoS responds to an
out-of-profile status from either policer and, as specified by the policer, applies a new DSCP value or
drops the packet. If both policers return an out-of-profile status, then if either policer specifies that the
packet is to be dropped, it is dropped; otherwise, PFC QoS applies a marked-down DSCP value.
Note
To avoid inconsistent results, ensure that all traffic policed by the same aggregate policer has the same
trust state.