Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentWS-X6148-FE-SFP= - Classic Interface Module Switch
51525354555657585960
White Paper
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 53 of 89
8.9 A Simple Policing Example
Lets start with a simple example and assume a policing policy has been made. For a given Fast Ethernet interface
(100Mb) the traffic is to be limited to 10Mbps. The definition of this policy implies the use of an Aggregate Policer.
The following example steps through the process of building a policing policy on the Catalyst 6500 running Native
IOS.
The first step is to define a class map. A class-map is used to build a set of classification criteria that will determine
what data will have this policer applied to it. The class-map uses a match statement that points to a pre defined
access list (in our case access list 101). This access list defines an Access Control Entry (ACE) to match any traffic
heading to host 10.1.1.1. This class map is shown below.
6500(config)# access-list 101 permit ip any host 10.1.1.1
6500(config)# class-map identify-server-traffic
6500(config-cmap)# match access-group 101
Once the class-map is defined, the policy map can then be built as follows.
6500(config)# policy-map police-to-10
6500(config-pmap)# class identify-server-traffic
6500(config-pmap-c)# police 10000000 5000 confirm-action transmit exceed-action drop
This configuration set defines a policy map named “police-to-10”. Within this policy map is a class map (defined in
the previous step), which is used to provide the classification criteria. Up to 255 class maps can exist within a single
policy map. Within the class map is the policer statement. This policer configures a normal rate of 10,000,000 bits
per second (this equates to 10Mbps). The Burst defines a token bucket with a depth of 5,000 bytes (5000 bytes x 8
bits = 40,000 tokens). If a burst value is set that is lower than what can be sustained via the rate, an error message
will be generated, and the system will reset the burst to the minimum allowed for that rate. An example of this is
shown below.
6500(config-pmap-c)# police 10000000 1000 confirm-action transmit exceed-action drop
Info: Illegal normal burst size, increased to 5000
The “conform-action” defines the action to take for traffic that is within the normal rate (10Mbps). In this case, the
action is configured to forward the traffic. The “exceed-action” defines what happens to data that is in excess of the
normal rate. Data that exceeds the 10Mbps rate will be dropped.
After the policer has been created within the policy map, it needs to be applied to an interface. This is achieved
using the service policy command as shown in the following example.
6500(config)# interface F3/1
6500(config-if)# service-policy input police-to-10
The keyword “input” defines the direction that the policer will be applied. In the example above, an input policer has
been defined. If an egress policer were to be configured, then the “output” keyword would be used in place of “input”.
To see how this policer works, a table will be used to better explain what happens when the policer starts. The
Policer assumes the following environment.
Single Ingress Aggregate Policer applied to a Fast Ethernet Interface.
Traffic arrives at a rate of 100Mb/sec (fully utilizing the FE interface).
100Mb arrival rate equates to 25,000 bits per interval (10,000,000 / 4,000)
Policer is set to rate limit traffic to 10Mb/sec