2-352
Catalyst 3750 Metro Switch Command Reference
OL-9645-10
Chapter 2 Catalyst 3750 Metro Switch Cisco IOS Commands
police cir
Command History
Usage Guidelines
Use the
police cir
policy-map class configuration command only in a hierarchical policy map attached
to an ES port. This command is valid in policy maps at any level of the hierarchy.
You enforce traffic policing on a port at the edge of a network by limiting the transmission rate of a traffic
class and by marking actions for each packet (conform, exceed, and violate). Within these categories,
you decide packet treatments. In the most common configurations, you can configure packets that
conform to be sent, packets that exceed to be sent with a decreased priority, and packets that violate to
be dropped. You can decrease the priority of the CoS, the DSCP, the IP precedence, or the MPLS
experimental bits.
The two-rate policer manages the maximum rate of traffic through a token-bucket algorithm, which uses
the configured values to control the maximum rate of traffic allowed on a port at a given moment in time.
The token-bucket algorithm is affected by all traffic leaving the port and manages network bandwidth
when several large packets are sent in the same traffic stream.
A token bucket is provided for the CIR and the PIR. You configure the CIR and PIR rates in bps,
controlling how fast the bucket fills (is updated) with tokens. The conform burst size and the peak burst
size represent the depth of the CIR and PIR buckets in bytes. This depth limits the number of tokens that
the bucket can accumulate. If the bucket fills to capacity, newly arriving tokens are discarded.
Each token is permission for the source to send a certain number of bits into the network. To send a
packet, the number of tokens equal to the packet size must be drained from the bucket. If there are
enough tokens in the bucket, the packet conforms and can pass to the next stage. Otherwise, the exceed
action associated with the bucket is applied to the packet. The packet might be dropped, or its priority
value might be marked down.
In this token-bucket example, if the CIR rate is 2 kbps, 2000 tokens are added to the bucket every second
(for this example, consider each token to represent a single bit of information). If a 1500-byte packet
arrives, 12000 tokens (1500 bytes x 8 bits per byte) must be in the bucket for the packet to pass to the
next state without triggering the exceed action. If enough tokens are in the bucket, they are drained, and
the packet conforms and passes to the next stage. If there are less than 12000 tokens in the bucket, the
exceed action is applied to the packet. The deeper the bucket, the more data can burst through at a rate
greater than the rate at which the bucket is filling. For example, if the CIR bucket holds 6000 tokens, 750
bytes of traffic can instantaneously burst without draining the bucket (and without triggering an exceed
action), even though the instantaneous burst is at a greater rate than the CIR rate of 2000 bps.
If the burst sizes approach the system maximum transmission unit (MTU), the policer strictly enforces the
CIR and PIR. Normal traffic jitter can cause some percentage of inbound traffic to be flagged as
nonconforming even if the average inbound rate appears to conform. If the burst size is very large, on the other
hand, large traffic bursts at nonconforming data rates can be passed through the policer and flagged as
conforming. Setting the burst sizes too low can result in less traffic than expected, and setting them too
high can result in more traffic than expected.
For packet marking actions, if the CIR is 100 kbps, the PIR is 200 kbps, and a data stream with a rate of
250 kbps arrives at the two-rate policer, this is the packet marking:
•
100 kbps is marked as conforming to the rate.
•
100 kbps is marked as exceeding the rate.
•
50 kbps is marked as violating the rate.
Release
Modification
12.1(14)AX
This command was introduced.
12.2(25)EY
Hierarchical service policies can be attached to inbound traffic received on
an ES port.